| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
One of the latest mac80211 updates added sanity checks, requiring the
beacon intervals of all VIFs of the same radio to match. This often broke
AP+11s setups, as these modes use different default intervals, at least in
some configurations (observed on ath9k).
Instead of relying on driver or hostapd defaults, change the scripts to
always explicitly set the beacon interval, defaulting to 100. This also
applies the beacon interval to 11s interfaces, which had been forgotten
before. VIF-specific beacon_int setting is removed from hostapd.sh.
Fixes FS#619.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
| |
|
|
|
|
|
| |
None of the variables in this "local" declaration are actually set in
wpa_supplicant_add_network().
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
| |
|
|
|
|
| |
Fix [FS#766] Intermittent SIGSEGV crash of dnsmasq-full
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update to version 2.4.2 in order to address two potential Denial-of-Service
vectors in OpenVPN.
CVE-2017-7478 - Don't assert out on receiving too-large control packets
CVE-2017-7479 - Drop packets instead of assert out if packet id rolls over
Ref: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.2
Ref: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
| |
If no DUID is set for a host, it should be empty, not the last one set for a previous host.
Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the interface-name option for each dhcp config
in /etc/config/dhcp.
With the interface_name option users can define a DNS name for each dhcp section
that will be resolved by dnsmasq with the underlaying interface address.
For example:
config dhcp 'lan'
option interface 'lan'
...
list interface_name 'home.lan'
...
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
|
| |
|
|
|
|
|
|
|
|
| |
If there's a TFTP root directory configured, create it with mkdir -p
(which does not throw an error if the folder exists already)
before starting dnsmasq. This is useful for TFTP roots in /tmp, for example.
Originally submitted by nfw user aka Nathaniel Wesley Filardo
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
|
| |
|
|
|
|
|
| |
Don't display unnecessary dhcp_option usage warning in case
dhcp_option is empty
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setting legacy_rates to 0 disables 802.11b data rates.
Setting legacy_rates to 1 enables 802.11b data rates. (Default)
The basic_rate option and supported_rates option are filtered based on this.
The rationale for the change, stronger now than in 2014, can be found in:
https://mentor.ieee.org/802.11/dcn/14/11-14-0099-00-000m-renewing-2-4ghz-band.pptx
The balance of equities between compatibility with b clients and the
detriment to the 2.4 GHz ecosystem as a whole strongly favors disabling b
rates by default.
Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, defaults change]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When sta is configured, hostapd receives 'stop' and 'update' command from
wpa_supplicant. In the update command, hostapd gets sta parameters with
which it configures ap.
Problem is, with the default wireless configuration:
mode:11g freq:2.4GHz channel:1
If sta is connected to 5GHz network, then ap does not work. Ideally with
340-reload_freq_change.patch hostapd should reload the frequency changes
and start ap in 5GHz, but ap becomes invisible in the network.
This issue can be reproduced with following /etc/config/wireless:
config wifi-device radio0
option type mac80211
option channel 1
option hwmode 11g
option path 'virtual/uccp420/uccwlan'
option htmode 'none'
config wifi-iface 'ap'
option device 'radio0'
option encryption 'none'
option mode 'ap'
option network 'ap'
option ssid 'MyTestNet'
option encryption none
config wifi-iface 'sta'
option device radio0
option network sta
option mode sta
option ssid TestNet-5G
option encryption psk2
option key 12345
This change updates current_mode structure based on configured hw_mode
received from wpa_supplicant. Also prepare rates table after frequency
selection.
Signed-off-by: Abhilash Tuse <Abhilash.Tuse@imgtec.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, patch refresh]
|
| |
|
|
|
|
|
|
|
|
|
| |
A number of small tweaks & improvements on the way to a final release.
Most notable:
Improve DHCPv4 address-in-use check.
Remove the recently introduced RFC-6842 (Client-ids in DHCP replies)
support as it turns out some clients are getting upset.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
| |
9268ca6 ndp: don't trigger IPv6 ping when neighbor entry is invalid
2b3355f ndp: fix adding proxy neighbor entries
7dff5b4 ndp: fix wrong interface name in syslog message
a54afb5 dhcpv6-ia: Fix segfault when writing DHCPv4 leases in state file
c0e9dbf ubus: don't segfault when there're no leases
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Configuring dhcp_option as an option does not allow the usage of white
spaces in the option value; fix this by supporting dhcp_option as a list
config while still supporting the option config to maintain backwards
compatibility
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
Install procd interface triggers only for interfaces which are enabled
so dropbear instances running on (an) enabled interface(s) are not
restarted due to an interface trigger of an interface which is disabled.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
| |
570069d ubus: rework dumping IPv6 and IPv4 leases
4e579c4 dhcpv6-ia: simplify logic to write statefile and dhcpv6 logging
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
minor/cosmetic: fixes the following misleading message:
root@box:~ /etc/init.d/dnsmasq restart
sh: out of range
Signed-off-by: Bastian Bittorf <bb@npl.de>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
| |
Update OpenVPN to 2.4.1
Remove 200-small_build_enable_occ.patch as it's included upstream.
Refresh patches
Add mirror and switch to HTTPS
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
| |
|
|
|
|
|
|
| |
Similar to odhcpd, allow using ISC DHCPd instead of dnsmasq.
Disable DHCP and/or DHCP6 in case ISC DHCP is present and
enabled.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
| |
3d9f406 rework IPv6 dns address selection (FS#635)
bc6c3ac ndp: keep an exact copy of IPv6 interface addresses
6eb1e01 ndp: code cleanup
eea7d03 rework IPv6 address dump logic
24d21c7 ndp: add syslog debug tracing
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The relay section should use the logical interface name and
not the linux network device name directly. This to be
consistent with other sections of the dnsmasq config where
'interface' means the logical interface.
Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change protects the openvpn instances to be marked as "in a crash
loop" and thereby the connection retries will run infinitely.
When the remote site of an openvpn connection goes down for some time
(network failure etc.) the openvpn instance in an openwrt/lede device
should not stop retrying to establish the connection.
With the current limit of 5 retries, there is a user interaction
required, which isn't really what you want when the device should
simply do everything to keep the vpn connection up.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes following changes:
480d7bc Fix sending unicast questions on cache expire
a0403cd Keep source sockaddr for every cached DNS record
1478293 Fix code freeing cached non-A(AAA) records too early
9f1cc22 Fix replying to "QU" questions received on unicast interface
943bedb Fix reading port of incoming packets
c725494 Use MCAST_PORT define for port 5353
ce7e9e9 Use one define for DNS-Based Service Discovery service name
e1bacef Drop entries cached for interface we're going to delete
496aeba Fix comment typo in cache_gc_timer
f89986b Fix refreshing cached A(AAA) records that expire
Previous updates made umdns work as expected on startup but there were
still many bugs. They were mostly related to runtime - cache management
and requests + responses. E.g. umdns was never able to send question on
DNS record expire. It was also ignoring all incoming unicast questions.
Since these issues are quite serious it makes sense to backport this
update to the stable branch.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
|
| |
If noresolv is set, we should not generate a --resolv-file parameter.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [minor cleanup]
|
| |
|
|
| |
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
|
|
| |
This includes 3 cleanups:
fd5a160 Don't cache hosts as services
80dd246 Refresh DNS records A and AAAA directly
6515101 Access cached records (instead of services) to read list of hosts
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
|
| |
This fixes crash in interface_start caused by freeing interface in
interface_free without stopping a timeout.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RFC 6761 defines a number of top level domains should not be forwarded
to the Internet's domain servers since they are not responsible for
those domains.
This change adds a list of domains that will be blocked when 'boguspriv'
is used and augments that which is already blocked by dnsmasq's notion
of 'local service' using '--bogus-priv' i.e. RFC 1918 private addresses
and IPv6 prefixes as defined in RFC 6303.
To make this configurable rather than hard coded in dnsmasq's init
script, a new file /usr/share/dnsmasq/rfc6761.conf is conditionally
included.
The default file matches the RFC 6761 recommendation along with a few
other top level domains that should not be forwarded to the Internet.
Compile & run tested Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
| |
So that future patches for addition/removal of them can be more
readable
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Honour the parent interfaces peerdns option when spawning a virtual DHCPv6
interface in order to avoid pulling in IPv6 DNS servers when the user opted
to inhibit peer DNS servers in the configuration.
Fixes #597.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
Brings in the following change:
9eac2a896341 dhcpv6-ia: Check lockf return value
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
| |
|
|
|
|
|
| |
Brings the following change:
1fe6f48f8a50 Cmake: Find libubox/list.h
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
| |
|
|
|
|
|
|
| |
Defer procd_open_instance only after validity check passed.
Fixes FS#541
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1b630f8 router: don't announce prefixes with valid lifetime equal to 0
ba0cac0 router: fix arithmetic exception fault
3495f17 router: allow RA prefix lifetime being set to leasetime value (FS#397)
e437ce9 treewide: simplify dhcp leasetime checking
942fb33 router: support ra_mininterval and ra_lifetime uci parameters (FS#397)
f913337 router.h: fix alignment style
4dc7edb Revert "odhcpd.h: fix alignment style"
62ea54f odhcpd.h: fix alignment style
a898ee5 config: make loglevel configurable via uci (FS#481)
51c756c odhcpd: display correct default log level in usage text
68ee0b5 treewide: define and use macro IN6_IS_ADDR_ULA
fa57225 ndp: deregister netlink event socket for non recoverable errors
ac70d28 odhcpd: fix white space errors
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
--bogus-priv now applies to IPv6 prefixes as specified in RFC6303 - this
is significantly friendlier to upstream servers.
CNAME fix in auth mode - A domain can only have a CNAME if it has no
other records
Drop 2 patches now included upstream.
Compile & run tested Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
| |
- Fix eap test to work with standalone hostapd builds
- Fix 11n test to check the correct define
- Add 11ac, 11r and 11w tests
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New test release (since test1) includes 2 LEDE patches that are
upstream and may be dropped, along with many spelling fixes.
Add forthcoming 2017 root zone trust anchor to trust-anchors.conf.
Backport 2 patches that just missed test3:
Reduce logspam of those domains handled locally 'local addresses only'
Implement RFC-6842 (Client-ids in DHCP replies)
Compile & run tested Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
| |
Patch from attachment to FS#512
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This update includes numerous small fixes for:
1) Interfaces setup
2) Packets parsing
3) Sending replies
Without this there were multiple problems with exchanging information
between (u)mdns and other implementations (including (u)mdns as well).
This also follows project rename to umdns which was required to avoid
confusion with Apple's mdnsd from mDNSResponder project.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
| |
same name for the file on the host and target
Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
|
| |
|
|
|
|
|
|
| |
as we do for IPv4 PPP interfaces. When we create the
dynamic IPv6 interface we should inherit ip6table from
main interface.
Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
|
| |
|
|
|
|
|
|
| |
pppoe-discovery performs the same discovery process as pppoe, but does
not initiate a session
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
The only HMACs currently available use MD5 and SHA1, both of which have known
weaknesses. We already compile in the SHA256 code since we use Curve25519
by default, so there's no significant size penalty to enabling this.
Signed-off-by: Joseph C. Sible <josephcsible@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
| |
8df4253 ndp: harden netlink event socket error handling
b02f3e6 ndp: close proc file descriptor also during error handling
8a615ad npd: rework IPv6 relay logic (FS#396)
0129f79 config: restore interface defaults when cleaning interface
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
