aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
* dnsmasq: distinct Ubus names for multiple instancesEtan Kissling2021-06-291-3/+29
| | | | | | | | | | | | | | | | | | | | | | | | Currently, when using multiple dnsmasq instances they are all assigned to the same Ubus instance name. This does not work, as only a single instance can register with Ubus at a time. In the log, this leads to `Cannot add object to UBus: Invalid argument` error messages. Furthermore, upstream 3c93e8eb41952a9c91699386132d6fe83050e9be changes behaviour so that instead of the log, dnsmasq exits at start instead. With this patch, all dnsmasq instances are assigned unique names so that they can register with Ubus concurrently. One of the enabled instances is always assigned the previous default name "dnsmasq" to avoid breaking backwards compatibility with other software relying on that default. Previously, a random instance got assigned that name (while the others produced error logs). Now, the first unnamed dnsmasq config section is assigned the default name. If there are no unnamed dnsmasq sections the first encountered named dnsmasq config section is assigned instead. A similar issue exists for Dbus and was similarly addressed. Signed-off-by: Etan Kissling <etan.kissling@gmail.com> [tweaked commit message] dnsmasq was not crashing it is exiting Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* Revert "dnsmasq: Update to version 2.86test3"Kevin Darbyshire-Bryant2021-06-262-5/+5
| | | | | | | | This reverts commit 3628870015ef46eacf2c936f36e3c1ed3b4c9855. dnsmasq v2.86test3 has some issues with ubus, so is being reverted. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* Revert "dnsmasq: add config option for connmark DNS filtering"Kevin Darbyshire-Bryant2021-06-261-12/+0
| | | | | | | | | This reverts commit dea4bae7c2b963af02e1e3e3bdb5cd656a5ea3d3. dnsmasq v2.86test3 has some issues with ubus and needs reverting, hence this needs reverting. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: add config option for connmark DNS filteringEtan Kissling2021-06-261-0/+12
| | | | | | | | This adds uci support to configure connmark based DNS filtering. Signed-off-by: Etan Kissling <etan_kissling@apple.com> (See https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/015151.html) Signed-off-by: Etan Kissling <etan.kissling@gmail.com>
* dnsmasq: Update to version 2.86test3Etan Kissling2021-06-262-5/+5
| | | | | | | | | | | | | | Need this version to add config option for connmark DNS filtering. Summary of upstream CHANGELOG: * Handle DHCPREBIND requests in the DHCPv6 server code. * Fix bug which caused dnsmasq to lose track of processes forked. * Major rewrite of the DNS server and domain handling code. * Revise resource handling for number of concurrent DNS queries. * Improve efficiency of DNSSEC. * Connection track mark based DNS query filtering. Signed-off-by: Etan Kissling <etan.kissling@gmail.com>
* hostapd: add support for providing vendor specific IE elementsFelix Fietkau2021-06-241-1/+4
| | | | | | They can be added as hex digit strings via the 'vendor_elements' option Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add default_disabled option to the supplicantRaphaël Mélotte2021-06-231-2/+8
| | | | | | | | | | | | | | | | | | | | | | | With the default configuration we generate, the supplicant starts scanning and tries to connect to any open network when the interface is enabled. In some cases it can be desirable to prevent the supplicant from scanning by itself. For example, if on the same radio an AP is configured and an unconfigured STA is added (to be configured with WPS), the AP might not be able to beacon until the STA stops scanning. In such a case, the STA configuration can still be required to set specific settings (e.g. multi_ap_backhaul_sta) so it can't be set to "disabled" in uci (because that would prevent the supplicant from being run at all). The alternative is to add the "disabled" parameter to the default network block in the supplicant configuration. This patch adds a "default_disabled" setting in UCI which, when set, adds the "disabled" parameter to the supplicant default network block. Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
* hostapd: make wnm_sleep_mode_no_keys configurableTimo Sigurdsson2021-06-221-3/+7
| | | | | | | | | | | | In the aftermath of the KRACK attacks, hostapd gained an AP-side workaround against WNM-Sleep Mode GTK/IGTK reinstallation attacks. WNM Sleep Mode is not enabled by default on OpenWrt, but it is configurable through the option wnm_sleep_mode. Thus, make the AP-side workaround configurable as well by exposing the option wnm_sleep_mode_no_keys. If you use the option wpa_disable_eapol_key_retries and have wnm_sleep_mode enabled, you might consider using this workaround. Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
* hostapd: fix handling of the channel utilization optionsTimo Sigurdsson2021-06-211-0/+2
| | | | | | | | | | | | Commit 0a7657c ("hostapd: add channel utilization as config option") added the two new uci options bss_load_update_period and chan_util_avg_period. However, the corresponding "config_add_int" calls for these options weren't added, so attempting to actually use these options and change their values is bound to fail - they always stay at their defaults. Add the missing code to actually make these options work. Fixes: 0a7657c ("hostapd: add channel utilization as config option") Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
* hostapd: make country3 option configurableTimo Sigurdsson2021-06-211-2/+3
| | | | | | | | | The country3 option in hostapd.conf allows the third octet of the country string to be set. It can be used e.g. to indicate indoor or outdoor use (see hostapd.conf for further details). Make this option configurable but optional in OpenWrt. Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
* hostapd: add support for setting sae_pweMichael Yartys2021-06-201-1/+3
| | | | | | | | | | | | | Make it possible to specify the SAE mechanism for PWE derivation. The following values are possible: 0 = hunting-and-pecking loop only 1 = hash-to-element only 2 = both hunting-and-pecking loop and hash-to-element enabled hostapd currently defaults to hunting-and-pecking loop only. Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
* hostapd: stop advertising 11w featureDobroslaw Kijowski2021-06-202-6/+2
| | | | | | | | | | | | | This is a follow up of 1a9b896d ("treewide: nuke DRIVER_11W_SUPPORT"). LuCI commit ab010406 ("luci-mod-network: skip check for 802.11w feature") skips check of the 11w feature [1]. Now advertising it in hostapd is superfluous so stop doing it. [1]: https://github.com/openwrt/luci/pull/4689 Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com> [remove outdated PKG_RELEASE bump and update to SPDX] Signed-off-by: Paul Spooren <mail@aparcar.org>
* uhttpd: make organization (O=) of the cert configurable via uciMartin Schiller2021-06-202-3/+4
| | | | | | | | Make the organization (O=) of the cert configurable via uci. If not configured, use a combination of "OpenWrt" and an unique id like it was done before. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* treewide: remove PKG_INSTALL from CMake packagesRosen Penev2021-06-191-1/+0
| | | | | | | | | | | | It's already default with cmake.mk Found with: git grep PKG_INSTALL\: | cut -d ':' -f 1 | sort -u > ins git grep cmake.mk | cut -d ':' -f 1 > cmake comm -1 -2 ins cmake Signed-off-by: Rosen Penev <rosenp@gmail.com>
* odhcpd: update to latest git HEADHans Dedecker2021-06-131-3/+3
| | | | | | 564d25e config: fix ra_flags none setting Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* package: fix cmake packages build with ninjaRosen Penev2021-06-121-1/+1
| | | | | | | | += is needed for CMAKE_OPTIONS. mt76 needs Ninja disabled as the kernel stuff uses normal make. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* hostapd: configure inter-AP communication interface for 802.11rFelix Fietkau2021-06-052-0/+39
| | | | | | | In setups using VLAN bridge filtering, hostapd may need to communicate using a VLAN interface on top of the bridge, instead of using the bridge directly Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix bringing up vlan interfaces with the no-bridge optionFelix Fietkau2021-06-041-7/+15
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* odhcpd: update to git HEADHans Dedecker2021-06-031-3/+3
| | | | | | | | a12fcb3 config: log config parse failures to syslog ebd4297 cmake: enforce additonal compiler checks 405da32 odhcpd: fix extra compiler warning Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: fix radius problem due to invalid attributesJohn Crispin2021-06-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | The offending commit caused the configuration file to contain: radius_auth_req_attr= radius_acct_req_attr= which cause hostapd to add an ATTR of type 0 into the messages. hostapd: RADIUS message: code=4 (Accounting-Request) identifier=0 length=93 hostapd: Attribute 40 (Acct-Status-Type) length=6 hostapd: Value: 7 hostapd: Attribute 30 (Called-Station-Id) length=28 hostapd: Value: 'C4-41-1E-F5-2D-55:OpenWifi' hostapd: Attribute 61 (NAS-Port-Type) length=6 hostapd: Value: 19 hostapd: Attribute 0 (?Unknown?) length=3 <---------------- hostapd: Attribute 55 (Event-Timestamp) length=6 hostapd: Value: 1622726457 hostapd: Attribute 41 (Acct-Delay-Time) length=6 hostapd: Value: 0 hostapd: Attribute 44 (Acct-Session-Id) length=18 hostapd: Value: '9B5961E7235AAEC6' Fixes: 3bd6c8c728e (hostapd: add additional radius options) Signed-off-by: John Crispin <john@phrozen.org>
* hostapd: add eap_server supportJohn Crispin2021-06-021-4/+21
| | | | | | | This makes it possible to avoid using a RADIUS server for WPA enterprise authentication Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add default values for r0kh/r1khFelix Fietkau2021-06-021-0/+7
| | | | | | | This allows WPA enterprise roaming in the same mobility domain without any manual key configuration (aside from radius credentials) Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for specifying the maxassoc parameter as a device optionFelix Fietkau2021-06-022-1/+85
| | | | | | | It allows enforcing a limit on associated stations to be enforced for the full device, e.g. in order to deal with hardware/driver limitations Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for configuring proxy ARPFelix Fietkau2021-06-021-2/+6
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add configurable rssi thresholds for rejecting assoc/probe requestsFelix Fietkau2021-06-021-1/+5
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for configuring the beacon rateFelix Fietkau2021-06-021-1/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to version 2021-05-22Adrian Schmutzler2021-05-291-4/+4
| | | | | | | | | | | This update only adds one commit: b102f19bcc53 tests: Opportunistic Wireless Encryption - SA Query The main reason for the bump is to have a newer PKG_SOURCE_DATE, so we can reset PKG_RELEASE to 1 (this has not been done for the most recent bump), and replace it with AUTORELEASE. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* hostapd: support verbose build using V=scFelix Fietkau2021-05-271-0/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: ACS: fix channel 100 frequencyDavid Bauer2021-05-262-1/+31
| | | | | | | | | | | Channel 100 is a valid channel to choose for 80MHz operation. However, it's assigned to 5500 MHz, not 5550MHz. In fact, there is no channel assigned to this frequency. Fix this obbvious typo to allow ACS to select channel 100 for 80 MHz operation again. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: fix adding back stations after a missed deauth/disassocFelix Fietkau2021-05-263-11/+37
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to version 2021-05-21Felix Fietkau2021-05-2653-2295/+238
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for configuring rts thresholdFelix Fietkau2021-05-261-1/+4
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix max_oper_chwidth setting for HEFelix Fietkau2021-05-261-3/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add additional radius optionsJohn Crispin2021-05-261-2/+17
| | | | | | | | | - add functionality to configure RADIUS NAS-Id and Operator-Name - add functionality to configure RADIUS accounting interval - enable RADIUS "Chargeable User Identity" Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add extra options for hotspot 2.0 / interworkingFelix Fietkau2021-05-261-4/+25
| | | | | Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: report radar detected events via ubusFelix Fietkau2021-05-263-0/+38
| | | | | | Events are reported on all BSS interfaces Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: improve channel switch supportFelix Fietkau2021-05-261-3/+9
| | | | | | | | Instead of requiring the user to call it on each BSS individually, run it on all BSSs internally. Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add missing inline stubs for ubus vlan event supportFelix Fietkau2021-05-261-0/+8
| | | | | | Only used when building without ubus support Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix civic location optionJohn Crispin2021-05-261-1/+1
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* hostapd: wolfssl: add RNG to EC keyDavid Bauer2021-05-212-1/+49
| | | | | | | | | | Since upstream commit 6467de5a8840 ("Randomize z ordinates in scalar mult when timing resistant") WolfSSL requires a RNG for the EC key when built hardened which is the default. Set the RNG for the EC key to fix connections for OWE clients. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: add patch for disabling automatic bridging of vlan interfacesFelix Fietkau2021-05-182-3/+40
| | | | | | | netifd is responsible for handling that, except if the vlan bridge was provided by the config Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add ubus notifications for adding/removing vlan interfacesFelix Fietkau2021-05-184-1/+78
| | | | | | | This can be used to handle network configuration of dynamically created vlan interfaces in a more flexible way Signed-off-by: Felix Fietkau <nbd@nbd.name>
* umdns: bump to git HEADStijn Tintel2021-05-161-3/+3
| | | | | | 777a0b service: fix compilation with GCC 10 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* build: introduce $(MKHASH)Leonardo Mörlein2021-05-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this commit, it was assumed that mkhash is in the PATH. While this was fine for the normal build workflow, this led to some issues if make TOPDIR="$(pwd)" -C "$pkgdir" compile was called manually. In most of the cases, I just saw warnings like this: make: Entering directory '/home/.../package/gluon-status-page' bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found [...] While these were only warnings and the package still compiled sucessfully, I also observed that some package even fail to build because of this. After applying this commit, the variable $(MKHASH) is introduced. This variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the correct path. Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
* dnsmasq: Update to version 2.85Alan Swanson2021-05-054-92/+6
| | | | | | | | | | | | | | | | | | | | | Fixes issue with merged DNS requests in 2.83/2.84 not being retried on the firsts failed request causing lookup failures. Also fixes the following security problem in dnsmasq: * CVE-2021-3448: If specifiying the source address or interface to be used when contacting upstream name servers such as: server=8.8.8.8@1.2.3.4, server=8.8.8.8@1.2.3.4#66 and server=8.8.8.8@eth0 then all would use the same socket bound to the explicitly configured port. Now only server=8.8.8.8@1.2.3.4#66 will use the explicitly configured port and the others random source ports. Remove upstreamed patches and update remaining patch. Signed-off-by: Alan Swanson <reiver@improbability.net> [refreshed old runtime support patch] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: add ignore hosts dir to dnsmasq init scriptJoão Henriques2021-04-241-1/+6
| | | | | | | | When running multiple instances of dnsmasq, for example one being for the lan and another for a guest network, it might not be desirable to have the same dns names configured in both networks Signed-off-by: João Henriques <joaoh88@gmail.com>
* umdns: add missing syscalls to seccomp filterDaniel Golle2021-04-101-27/+30
| | | | | | | | | | | | | | | Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due to changes on libraries used by umdns now using slightly different calls. Found using /etc/init.d/umdns trace now use umdns, ie. cover all ubus call etc., then /etc/init.d/umdns stop find list of syscalls traced in /tmp/umdns.*.json Fixes: FS#3355 ("UMDNS: does not start on master with seccomp") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* lldpd: further size reductionsStijn Tintel2021-04-051-2/+2
| | | | | | | | | | | Size difference on mips_4kec: Before: 120196 After: 120006 Closes https://github.com/openwrt/openwrt/pull/3823 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Suggested-by: Lucian Cristian <lucian.cristian@gmail.com>
* lldpd: enable LTOStijn Tintel2021-04-051-1/+4
| | | | | | | | | Size difference on mips_4kec: W/o LTO: 139674 W/ LTO: 120196 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Suggested-by: Lucian Cristian <lucian.cristian@gmail.com>
* lldpd: bump to 1.0.9Stijn Tintel2021-04-052-64/+3
| | | | | | Contains fixes related to CVE-2020-27827. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>