aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
* uhttpd: update to the latest masterRafał Miłecki2020-09-181-3/+3
| | | | | | 47c34bd ubus: add ACL support for "subscribe" request Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* uhttpd: update to the latest masterRafał Miłecki2020-09-151-3/+3
| | | | | | | | 1172357 ubus: add new RESTful API fe1888f ubus: fix blob_buf initialization Fixes: 3d167ed805a9 ("uhttpd: update to the latest master") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* hostapd: add support for per-BSS airtime configurationDavid Bauer2020-09-113-4/+14
| | | | | | | | | | | | Add support for per-BSS airtime weight configuration. This allows to set a airtime weight per BSS as well as a ratio limit based on the weight. Support for this feature is only enabled in the full flavors of hostapd. Consult the hostapd.conf documentation (Airtime policy configuration) for more information on the inner workings of the exposed settings. Signed-off-by: David Bauer <mail@david-bauer.net>
* openvpn: fix shell compare operator in openvpn.initMartin Schiller2020-09-092-2/+2
| | | | | | | | Don't use bash syntax, because /bin/sh is used here. Signed-off-by: Martin Schiller <ms@dev.tdt.de> [bump PKG_RELEASE] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* wireguard: bump to 1.0.20200908Jason A. Donenfeld2020-09-091-2/+2
| | | | | | | | | | | | | | | * compat: backport kfree_sensitive and switch to it * netlink: consistently use NLA_POLICY_EXACT_LEN() * netlink: consistently use NLA_POLICY_MIN_LEN() * compat: backport NLA policy macros Backports from upstream changes. * peerlookup: take lock before checking hash in replace operation A fix for a race condition caught by syzkaller. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: add UCI support for Hotspot 2.0Daniel Golle2020-09-083-3/+107
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dropbear: Enable Ed25519 for normal devicesPaul Spooren2020-09-062-3/+4
| | | | | | | | | | | | | | | | | | | | The Ed25519 key pairs are much shorter than RSA pairs and are supported by default in OpenSSH. Looking at websites explaining how to create new SSH keys, many suggest using Ed25519 rather than RSA, however consider the former as not yet widely established. OpenWrt likely has a positive influence on that development. As enabling Ed25519 is a compile time option, it is currently not possible to install the feature via `opkg` nor select that option in an ImageBuilder. Due to the size impact of **12kB** the option should only be enabled for devices with `!SMALL_FLASH`. This approach seems cleaner than splitting `dropbear` into two packages like `dropbear` and `dropbear-ed25519`. Signed-off-by: Paul Spooren <mail@aparcar.org>
* ppp: update to latest git HEADHans Dedecker2020-09-051-3/+3
| | | | | | | af30be0 Fix setting prefix for IPv6 link-local addresss 0314df4 Disable asking password again when prompt program returns 128 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: add hs20 variantDaniel Golle2020-09-011-1/+21
| | | | | | Add hostapd variant compiled with support for Hotspot 2.0 AP features. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: Fix compile errors after wolfssl updateHauke Mehrtens2020-08-271-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following compile errors after the wolfssl 4.5.0 update: LD wpa_cli ../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject': ../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'? type = GEN_EMAIL; ^~~~~~~~~ ENAVAIL ../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in ../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function) type = GEN_DNS; ^~~~~~~ ../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function) type = GEN_URI; ^~~~~~~ ../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event': ../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'? if (gen->type != GEN_EMAIL && ^~~~~~~~~ ENAVAIL ../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function) gen->type != GEN_DNS && ^~~~~~~ ../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function) gen->type != GEN_URI) ^~~~~~~ Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed Fixes: 00722a720c77 ("wolfssl: Update to version 4.5.0") Reported-by: Andre Heider <a.heider@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dnsmasq: abort dhcp_check on interface stateDavid Bauer2020-08-201-2/+2
| | | | | | | | | Abort the dhcp-check based on the interface instead of the carrier state. In cases where the interface is up but the carrier is down, netifd won't cause a dnsmasq reload, thus dhcp won't become active on this interface. Signed-off-by: David Bauer <mail@david-bauer.net>
* dropbear: allow disabling support for scpRui Salvaterra2020-08-152-4/+10
| | | | | | | | | | | | | If not needed, disabling scp allows for a nice size reduction. Dropbear executable size comparison: 153621 bytes (baseline) 133077 bytes (without scp) In other words, we trim a total of 20544 bytes. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* dropbear: fix ssh alternative when dbclient isn't builtRui Salvaterra2020-08-121-3/+3
| | | | | | | The ssh symlink was still being created even when dbclient was disabled in the build configuration. Fix this annoyance. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* ppp: update to latest git HEADHans Dedecker2020-08-115-9/+9
| | | | | | | | | | | | 677aa53 Fix -W option for pppoe-discovery utility (#157) 115c419 Accept Malformed Windows Success Message (#156) 5bdb148 pppd: Add documentation of stop-bits option to pppd man page (#154) 2a7981f Add ipv6cp-accept-remote option 0678d3b pppd: Fix the default value for ipv6cp-accept-local to false Refresh patches Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: recognize option "key" as alias for "auth_secret"Jo-Philipp Wich2020-08-072-2/+2
| | | | | | | | | | | | | | The hostapd configuration logic is supposed to accept "option key" as legacy alias for "option auth_secret". This particular fallback option failed to work though because "key" was not a registered configuration variable. Fix this issue by registering the "key" option as well, similar to the existing "server" nad "port" options. Ref: https://github.com/openwrt/openwrt/pull/3282 Suggested-by: Michael Jones <mike@meshplusplus.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: make "key" option optional if "wpa_psk_file" is providedJo-Philipp Wich2020-08-071-5/+5
| | | | | | | | | | | | | If an existing "wpa_psk_file" is passed to hostapd, the "key" option may be omitted. While we're at it, also improve the passphrase length checking to ensure that it is either exactly 64 bytes or 8 to 63 bytes. Fixes: FS#2689 Ref: https://github.com/openwrt/openwrt/pull/3283 Suggested-by: Michael Jones <mike@meshplusplus.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: add wpad-basic-wolfssl variantPetr Štetiar2020-08-072-0/+16
| | | | | | | | | Add package which provides size optimized wpad with support for just WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w. Signed-off-by: Petr Štetiar <ynezz@true.cz> [adapt to recent changes, add dependency for WPA_WOLFSSL config] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* dnsmasq: abort when dnssec requested but not availableYousong Zhou2020-08-072-3/+7
| | | | | | | | | | | | | | | | | | | | | | Before this commit, if uci option "dnssec" was set, we pass "--dnssec" and friends to dnsmasq, let it start and decide whether to quit and whether to emit message for diagnosis # dnsmasq --dnssec; echo $? dnsmasq: DNSSEC not available: set HAVE_DNSSEC in src/config.h 1 DNSSEC as a feature is different from others like dhcp, tftp in that it's a security feature. Better be explicit. With this change committed, we make it so by not allowing it in the first in the initscript, should dnsmasq later decides to not quit (not likely) or quit without above explicit error (unlikely but less so ;) So this is just being proactive. on/off choices with uci option "dnssec" are still available like before Link: https://github.com/openwrt/openwrt/pull/3265#issuecomment-667795302 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openvpn: fix arguments passing to wrapped up and down scriptsJo-Philipp Wich2020-08-062-2/+3
| | | | | | | | | | | | | With the introduction of the generic OpenVPN hotplug mechanism, wrapped --up and --down scripts got the wrong amount and order of arguments passed, breaking existing configurations and functionality. Fix this issue by passing the same amount of arguments in the same expected order as if the scripts were executed by the OpenVPN daemon directly. Ref: https://github.com/openwrt/openwrt/pull/1596#issuecomment-668935156 Fixes: 8fe9940db6 ("openvpn: add generic hotplug mechanism") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: update to the latest masterRafał Miłecki2020-08-051-3/+3
| | | | | | | | | | 212f836 ubus: rename JSON-RPC format related functions 628341f ubus: use local "blob_buf" in uh_ubus_handle_request_object() 9d663e7 ubus: use BLOBMSG_TYPE_UNSPEC for "params" JSON attribute 77d345e ubus: drop unused "obj" arguments 8d9e1fc ubus: parse "call" method params only for relevant call Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* wireguard: bump to 1.0.20200729Jason A. Donenfeld2020-08-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | * compat: rhel 8.3 beta removed nf_nat_core.h * compat: ipv6_dst_lookup_flow was ported to rhel 7.9 beta This compat tag adds support for RHEL 8.3 beta and RHEL 7.9 beta, in addition to RHEL 8.2 and RHEL 7.8. It also marks the first time that <https://www.wireguard.com/build-status/> is all green for all RHEL kernels. After quite a bit of trickery, we've finally got the RHEL kernels building automatically. * compat: allow override of depmod basedir When building in an environment with a different modules install path, it's not possible to override the depmod basedir flag by setting the DEPMODBASEDIR environment variable. * compat: add missing headers for ip_tunnel_parse_protocol This fixes compilation with some unusual configurations. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* openvpn: revise sample configurationMagnus Kroken2020-08-011-8/+75
| | | | | | | | | | | | | | Update the openvpn sample configurations to use modern options in favor of deprecated ones, suggest more sane default settings and add some warnings. * Add tls_crypt and ncp_disable to the sample configuration * Replace nsCertType with remote_cert_tls in client sample configuration * Comment out "option compress", compression should not be preferred * Advise 2048-bit Diffie-Hellman parameters by default * Add warnings about compression and use of Blowfish (BF-CBC) Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* hostapd: fix incorrect service nameDavid Bauer2020-07-311-1/+1
| | | | | | | | | | | | | | When retrieving the PID for hostapd and wpa_supplicant via ubus the wrong service name is currently used. This leads to the following error in the log: netifd: radio0 (1409): WARNING (wireless_add_process): executable path /usr/sbin/wpad does not match process path (/proc/exe) Fixing the service name retrieves the correct PID and therefore the warning won't occur. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: reorganize config selection hierarchy for WPA3Adrian Schmutzler2020-07-311-16/+18
| | | | | | | | | | | | | | | | | | The current selection of DRIVER_MAKEOPTS and TARGET_LDFLAGS is exceptionally hard to read. This tries to make things a little easier by inverting the hierarchy of the conditions, so SSL_VARIANT is checked first and LOCAL_VARIANT is checked second. This exploits the fact that some of the previous conditions were unnecessary, e.g. there is no hostapd-mesh*, so we don't need to exclude this combination. It also should make it a little easier to see which options are actually switched by SSL_VARIANT and which by LOCAL_VARIANT. The patch is supposed to be cosmetic. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* hostapd: improve TITLE for packagesAdrian Schmutzler2020-07-301-27/+33
| | | | | | | | | | | | | | For a few packages, the current TITLE is too long, so it is not displayed at all when running make menuconfig. Despite, there is no indication of OpenSSL vs. wolfSSL in the titles. Thus, this patch adjusts titles to be generally shorter, and adds the SSL variant to it. While at it, make things easier by creating a shared definition for eapol-test like it's done already for all the other flavors. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* hostapd: update mesh DFS patches and add mesh HE supportDaniel Golle2020-07-3034-190/+1440
| | | | | | | | | | | | | | | | Drop outdated and by now broken patchset originally supplied by Peter Oh in August 2018 but never merged upstream. Instead add the more promissing rework recently submitted by Markus Theil who picked up Peter's patchset, fixed and completed it and added support for HE (802.11ax) in mesh mode. This is only compile tested and needs some real-life testing. Fixes: FS#3214 Fixes: 167028b750 ("hostapd: Update to version 2.9 (2019-08-08)") Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed") Fixes: 017320ead3 ("hostapd: bring back mesh patches") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* openvpn: Allow override of interface nameMichal Hrusecky2020-07-232-2/+37
| | | | | | | | | | | If using a configuration file for OpenVPN, allow overriding name of the interface. The reason is that then people could use configuration file provided by VPN provider directly and override the name of the interface to include it in correct firewall zone without need to alter the configuration file. Signed-off-by: Michal Hrusecky <michal@hrusecky.net> (cherry picked from commit c93667358515ec078ef4ac96393623ac084e5c9e)
* openpvn: Split out config parsing code for reuseMichal Hrusecky2020-07-233-13/+23
| | | | | | | | Split out code that parses openvpn configuration file into separate file that can be later included in various scripts and reused. Signed-off-by: Michal Hrusecky <michal@hrusecky.net> (cherry picked from commit 86d8467c8ab792c79809a08c223dd9d40da6da2e)
* umdns: fix compiling using gcc 10Kevin Darbyshire-Bryant2020-07-221-3/+3
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: enter DFS state if no available channel is foundDavid Bauer2020-07-201-0/+37
| | | | | | | | | | | Previously hostapd would not stop transmitting when a DFS event was detected and no available channel to switch to was available. Disable and re-enable the interface to enter DFS state. This way, TX does not happen until the kernel notifies hostapd about the NOP expiring. Signed-off-by: David Bauer <mail@david-bauer.net>
* dnsmasq: bump to 2.82Kevin Darbyshire-Bryant2020-07-202-13/+13
| | | | | | | | | This fixes a nasty problem introduced in 2.81 which causes random crashes on systems where there's significant DNS activity over TCP. It also fixes DNSSEC validation problems with zero-TTL DNSKEY and DS records. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* wireguard: bump to 1.0.20200712Jason A. Donenfeld2020-07-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This release brings parity with the commits Linus released a few hours ago into 5.8-rc5. * receive: account for napi_gro_receive never returning GRO_DROP The napi_gro_receive function no longer returns GRO_DROP ever, making handling GRO_DROP dead code. This commit removes that dead code. Further, it's not even clear that device drivers have any business in taking action after passing off received packets; that's arguably out of their hands. * device: implement header_ops->parse_protocol for AF_PACKET WireGuard uses skb->protocol to determine packet type, and bails out if it's not set or set to something it's not expecting. For AF_PACKET injection, we need to support its call chain of: packet_sendmsg -> packet_snd -> packet_parse_headers -> dev_parse_header_protocol -> parse_protocol Without a valid parse_protocol, this returns zero, and wireguard then rejects the skb. So, this wires up the ip_tunnel handler for layer 3 packets for that case. * queueing: make use of ip_tunnel_parse_protocol Now that wg_examine_packet_protocol has been added for general consumption as ip_tunnel_parse_protocol, it's possible to remove wg_examine_packet_protocol and simply use the new ip_tunnel_parse_protocol function directly. * compat: backport ip_tunnel_parse_protocol and ip_tunnel_header_ops These are required for moving wg_examine_packet_protocol out of wireguard and into upstream. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* dropbear: make rsa-sha2-256 pubkeys usable againPetr Štetiar2020-07-071-0/+40
| | | | | | | | | | | | | Upstream in commit 972d723484d8 ("split signkey_type and signature_type for RSA sha1 vs sha256") has added strict checking of pubkey algorithms which made keys with SHA-256 hashing algorithm unusable as they still reuse the `ssh-rsa` public key format. So fix this by disabling the check for `rsa-sha2-256` pubkeys. Ref: https://tools.ietf.org/html/rfc8332#section-3 Fixes: d4c80f5b172e ("dropbear: bump to 2020.80") Tested-by: Russell Senior <russell@personaltelco.net> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* odhcpd: bump to latest git HEADHans Dedecker2020-07-021-3/+3
| | | | | | 5da5299 odhcpd: fix compilation with GCC10 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: bump to 2020.80Hans Dedecker2020-06-304-78/+2
| | | | | | | | | - drop patches (applied upstream) * 001-backport_GNU_SOURCE-for-random.patch * 002-backport-move-GNU_SOURCE-earlier.patch * 010-backport-disable-toom-and-karatsuba.patch Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: init: replace backticks with $()Rui Salvaterra2020-06-301-3/+3
| | | | | | | | This replaces deprecated backticks by more versatile $(...) syntax. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> [add commit description] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* dropbear: fix compilation for uClibcHans Dedecker2020-06-242-0/+59
| | | | | | | | | | | | | | | Backport patches which fix compile issue for uClibc-ng : dbrandom.c:174:8: warning: implicit declaration of function 'getrandom'; did you mean 'genrandom'? [-Wimplicit-function-declaration] ret = getrandom(buf, sizeof(buf), GRND_NONBLOCK); ^~~~~~~~~ genrandom dbrandom.c:174:36: error: 'GRND_NONBLOCK' undeclared (first use in this function); did you mean 'SOCK_NONBLOCK'? ret = getrandom(buf, sizeof(buf), GRND_NONBLOCK); ^~~~~~~~~~~~~ SOCK_NONBLOCK Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wireguard: bump to 1.0.20200623Jason A. Donenfeld2020-06-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | * compat: drop centos 8.1 support as 8.2 is now out Of note, as well, is that we now have both RHEL7 and RHEL8 in our CI at <https://www.wireguard.com/build-status/>. * Kbuild: remove -fvisibility=hidden from cflags This fixes an issue when compiling wireguard as a module for ARM kernels in THUMB2 mode without the JUMP11 workaround. * noise: do not assign initiation time in if condition Style fix. * device: avoid circular netns references Fixes a circular reference issue with network namespaces. * netns: workaround bad 5.2.y backport This works around a back backport in the 5.2.y series. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* igmpproxy: remove some bashismSven Roederer2020-06-231-3/+5
| | | | | | | | | | | | "[[" is a bash extension for test. As the ash-implementation is not fully compatible we drop its usage. This follows up 3519bf4976b41c As a result, we also need to move the and/or out of the test brackets. Signed-off-by: Sven Roederer <devel-sven@geroedel.de> [squash from two patches, adjust commit message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* dropbear: bump to 2020.79Konstantin Demin2020-06-219-3722/+36
| | | | | | | | | | | | | | | | | | | | | - drop patches (applied upstream): * 010-backport-change-address-logging.patch * 020-backport-ed25519-support.patch * 021-backport-chacha20-poly1305-support.patch - backport patches: * 010-backport-disable-toom-and-karatsuba.patch: reduce dropbear binary size (about ~8Kb). - refresh patches. - don't bother anymore with following config options because they are disabled in upstream too: * DROPBEAR_3DES * DROPBEAR_ENABLE_CBC_MODE * DROPBEAR_SHA1_96_HMAC - explicitly disable DO_MOTD as it was before commit a1099ed: upstream has (accidentally) switched it to 0 in release 2019.77, but reverted back in release 2020.79. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* hostapd: fix compilation of wpa_supplicantKarel Kočí2020-06-181-4/+4
| | | | | | | | | | | | | Ubus patch as it seems have been broken by some rebase in the past as the location of line that adds ubus object file was in condition for CONFIG_MACSEC. That condition was adding object files that are not touched by ubus patch. This means ubus.o does not have to be included in that case. When it has to be and when build fails is when CONFIG_AP is set. All files included in wpa_supplicant that are touched by this patch are in this condition. This means that this is for sure the original place for it. Signed-off-by: Karel Kočí <karel.koci@nic.cz>
* openvpn: add generic hotplug mechanismFlorian Eckert2020-06-176-8/+81
| | | | | | | | | | | | | | | | | | | Pass a default --up and --down executable to each started OpenVPN instance which triggers /etc/hotplug.d/openvpn/ scripts whenever an instance goes up or down. User-configured up and down scripts are invoked by the default shipped 01-user hotplug handler to ensure that existing setups continue to work as before. As a consequence of this change, the up, down and script_security OpenVPN options are removed from the option file, since we're always passing them via the command line, they do not need to get included into the generated configuration. Signed-off-by: Florian Eckert <fe@dev.tdt.de> [reword commit message, move hotplug executable to /usr/libexec] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: hostapd_set_psk_file: fix defaut value for macJohann Neuhauser2020-06-131-1/+1
| | | | | | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Bringing up of station vlan fails if the optional mac entry isn't set. The default mac "00:00:00:00:00:00", which should match all stations, is mistakenly set to the non used variable "isolate". This results in a wrong formatted .psk file which has to be "vlan_id mac key". fixes: 5aa2ddd0: hostapd: add support for wifi-station and wifi-vlan sections Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
* odhcpd: remove bogus IPKG_INSTROOT referenceKevin Darbyshire-Bryant2020-06-112-2/+2
| | | | | | | | | IPKG_INSTROOT is only set under image builder and we won't be running this script at build time either, so remove the reference before it gets cargo-culted into other scripts. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: add config symbol for allowing drivers to enable 802.11ax supportFelix Fietkau2020-06-103-0/+14
| | | | | | Also expose a build feature for it Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to latest Git hostap_2_9-1331-g5a8b366233f5Petr Štetiar2020-06-0923-113/+113
| | | | | | | | | | | | | Bump to latest Git and refresh all patches in order to get fix for "UPnP SUBSCRIBE misbehavior in hostapd WPS AP" (CVE-2020-12695). General security vulnerability in the way the callback URLs in the UPnP SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695). Some of the described issues may be applicable to the use of UPnP in WPS AP mode functionality for supporting external registrars. Ref: https://w1.fi/security/2020-1/ Signed-off-by: Petr Štetiar <ynezz@true.cz>
* umdnsd: update to latest git HEADKevin Darbyshire-Bryant2020-06-081-3/+3
| | | | | | | | d13290b Fix advertised IPv6 addresses Don't just serve link-local addresses via mdns, offer all. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: silence rmStijn Tintel2020-06-081-2/+2
| | | | | | | | | | | | When bringing up wifi the first time after boot, these warnings appear: netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.psk': No such file or directory netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.vlan': No such file or directory Silence them by adding the "-f" option to rm. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: John Crispin <john@phrozen.org>
* hostapd: add support for wifi-station and wifi-vlan sectionsJohn Crispin2020-06-041-0/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds support for 2 new uci sections. config wifi-vlan # iface is optional. if it is not defined the vlan will apply # to all interfaces option iface default_radio0 option name guest option vid 100 option network guest config wifi-station # iface is optional. if it is not defined the station will apply # to all interfaces option iface default_radio0 # mac is optional. if it is not defined it will be a catch all # for any sta using this key option mac '00:11:22:33:44:55' # vid is optional. if it is not defined, the sta will be part of # the primary iface. option vid 100 option key testtest With this patch applied it is possible to use multiple PSKs on a single BSS. Signed-off-by: John Crispin <john@phrozen.org>
* dnsmasq: add /etc/dnsmasq.d/ to conffilesSven Roederer2020-06-031-1/+2
| | | | | | This directory can hold configuration-snippets which should also included in the backup. Signed-off-by: Sven Roederer <devel-sven@geroedel.de>