aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: properly package wpa-supplicant-meshAlexis Green2016-10-311-1/+2
| | | | | | | | | Ensure that selecting the wpa-supplicant-mesh package actually packages the wpa_supplicant binary with SAE support and add missing dependency on OpenSSL. Signed-off-by: Alexis Green <alexis@cessp.it> [Jo-Philipp Wich: slightly reword commit message for clarity] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd support for VLANs through a file in addition to Radius.Petr Konecny2016-10-311-18/+25
| | | | Signed-off-by: Petr Konecny <pekon@google.com>
* uhttpd: Add Basic Auth configDaniel Dickinson2016-10-312-1/+38
| | | | | | | | | | | | | | | | | We add an 'httpauth' section type that contains the options: prefix: What virtual or real URL is being protected username: The username for the Basic Auth dialogue password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue httpauth section names are given included as list items to the instances to which they are to be applied. Further any existing httpd.conf file (really whatever is configured in the instance, but default of /etc/httpd.conf) is appended to the per-instance httpd.conf Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
* lldpd: freeze execution of lldpd during reloadAlexandru Ardelean2016-10-311-1/+5
| | | | | | | | | | During reload, we could send invalid information to the other side and confuse it. That's why, during reload we'll pause execution, do the reconfig and resume + update when reload is done. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* lldpd: fix reload function for when interfaces changeAlexandru Ardelean2016-10-312-20/+44
| | | | | | | | | | | | | | | | The problem is that interfaces are specified at start as command line arguments, making them unchange-able via reload. That means, we have to move (since lldpd allows this) the interfaces-match-pattern option to be in a config file and reload the configuration. It's either that, or do a 'restart'. Since we're generating the lldpd.conf file, we'll have to move the 'sysconfdir' of lldpd to /tmp, where the files will get written ; this will prevent any unncessary flash writes. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* openvpn: cacert does not existJohn Crispin2016-10-271-2/+2
| | | | | | cacert is really called ca and already in the script Signed-off-by: John Crispin <john@phrozen.org>
* openvpn: add handling for capath and cafileJohn Crispin2016-10-271-1/+1
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* package/network/utils/ipset: Update to 6.30Daniel Engberg2016-10-271-2/+2
| | | | | | Updates to 6.30 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* netifd: update to latest git HEADJohn Crispin2016-10-271-3/+3
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* dnsmasq: Multiple dnsmasq instances supportHans Dedecker2016-10-261-185/+270
| | | | | | | | | | | | | | | | | | | Adds support in uci for configuring multiple dnsmasq instances via multiple dnsmasq sections. The uci sections host, boot, mac, tag, vendorclass, userclass, circuitid, ... will refer to a dnsmasq instance via the instance parameter defined in the section; if the instance parameter is not specified backwards compatibility is preserved. Start/Stopping a dnsmasq instance can be achieved by passing the dnsmasq instance name as argument to start/stop via the init script. Multiple dnsmasq instances is usefull in scenarios where you want to bind a dnsmasq instance to an interface in order to isolate networks. This patch is a rework of a multiple dnsmasq instance patch by Daniel Dickinson Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ipip: Support fqdn as remote tunnel endpointHans Dedecker2016-10-262-3/+16
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* uhttpd: create self-signed certificates with unique subjectsHannu Nyman2016-10-261-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | Add a partially random O= item to the certificate subject in order to make the automatically generated certificates' subjects unique. Firefox has problems when several self-signed certificates with CA:true attribute and identical subjects have been seen (and stored) by the browser. Reference to upstream bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=1147544 https://bugzilla.mozilla.org/show_bug.cgi?id=1056341 https://bugzilla.redhat.com/show_bug.cgi?id=1204670#c34 Certificates created by the OpenSSL one-liner fall into that category. Avoid identical certificate subjects by including a new 'O=' item with CommonName + a random part (8 chars). Example: /CN=LEDE/O=LEDEb986be0b/L=Unknown/ST=Somewhere/C=ZZ That ensures that the browser properly sees the accumulating certificates as separate items and does not spend time trying to form a trust chain from them. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* uhttpd: prefer px5g for certificate creationHannu Nyman2016-10-261-2/+2
| | | | | | | Prefer the old default 'px5g' for certificate creation as Firefox seems to dislike OpenSSL-created certs. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* netifd: Request DHCP option 121 (classless route) by defaultBaptiste Jonglez2016-10-261-2/+5
| | | | | | | | | | | | | | | | | | | This option, defined by RFC3442, allows a DHCP server to send static routes to a client. But the client has to request this option explicitely. Static routes are useful when the gateway configured by DHCP cannot be in the same subnet as the client. This happens, for instance, when using DHCP to hand out addresses in /32 subnets. A new configuration option "classlessroute" is available, allowing users to disable this feature (the option defaults to true). Other DHCP clients already request this option by default (dhcpcd, for instance, and possibly Windows). If a DHCP server does not support this option, it will simply ignore it. Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* wwan: rename data filesSimon Hailes2016-10-26348-0/+10
| | | | | | This is to ensure that git can be cloned onto a windows drive without failing. Signed-off-by: Simon Hailes <btsimonh@googlemail.com>
* qmi: add metric, defaultroute and peerdns options for qmi protocolMarcin Jurkowski2016-10-261-8/+10
| | | | | | | | | | | | | Adds generic network options for qmi protocol dynamic interfaces as suggested by Felix in https://lists.openwrt.org/pipermail/openwrt-devel/2016-February/039794.html. IPv6-related code taken from Bruno's patch https://patchwork.ozlabs.org/patch/584816. This depends on netifd patch https://patchwork.ozlabs.org/patch/686820/. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com> Signed-off-by: Bruno Randolf <br1@einfach.org>
* mbim: add metric, defaultroute and peerdns options for mbim protocolMarcin Jurkowski2016-10-261-2/+5
| | | | | | | | | | Adds generic network options for mbim protocol dynamic interfaces as suggested by Felix in https://lists.openwrt.org/pipermail/openwrt-devel/2016-February/039794.html. This depends on netifd patch https://patchwork.ozlabs.org/patch/686820/. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* comgt: add metric, defaultroute and peerdns options for directip protocolMarcin Jurkowski2016-10-261-2/+5
| | | | | | | | | | Adds generic network options for directip protocol dynamic interfaces as suggested by Felix in https://lists.openwrt.org/pipermail/openwrt-devel/2016-February/039794.html. This depends on netifd patch https://patchwork.ozlabs.org/patch/686820/. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* comgt: add metric, defaultroute and peerdns options for ncm protocolMarcin Jurkowski2016-10-261-2/+5
| | | | | | | | | | Adds generic network options for ncm protocol dynamic interfaces as suggested by Felix in http://lists.openwrt.org/pipermail/openwrt-devel/2016-February/039794.html. This depends on netifd patch https://patchwork.ozlabs.org/patch/686820/. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* uhttpd: fix handling of special "/" prefix when matching handlersJo-Philipp Wich2016-10-251-3/+3
| | | | | | | | | | The special prefix of "/" should match any url by definition but the final assertion which ensures that the matched prefix ends in '\0' or '/' is causing matches against the "/" prefix to fail. Update to current HEAD in order to fix this particular case. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iperf: used an updated renamed tarball instead of main upstream URLFelix Fietkau2016-10-171-3/+8
| | | | | | | | | | iperf upstream added some bugfixes to the already released 2.0.9 version without changing the filename. This conflicts with old mirrored files and the hash that we previously used. To avoid conflict, use a renamed tarball from mirror2.openwrt.org containing the new upstream changes Signed-off-by: Felix Fietkau <nbd@nbd.name>
* network/utils/maccalc: drop Build/Prepare rule in favor of default oneAlexandru Ardelean2016-10-151-5/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* network/utils/rssileds: drop Build/Prepare rule in favor of default oneAlexandru Ardelean2016-10-151-5/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* network/utils/resolveip: drop Build/Prepare rule in favor of default oneAlexandru Ardelean2016-10-151-5/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* network/utils/owipcalc: drop Build/Prepare rule in favor of default oneAlexandru Ardelean2016-10-151-6/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* network/ipv6/map: drop Build/Prepare rule in favor of default oneAlexandru Ardelean2016-10-151-5/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* network/utils/iwcap: drop Build/Prepare rule in favor of default oneAlexandru Ardelean2016-10-151-5/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* network/services/ead: drop Build/Prepare rule in favor of default oneAlexandru Ardelean2016-10-151-5/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* network/ipv6/6rd: drop Build/Prepare rule in favor of default oneAlexandru Ardelean2016-10-151-5/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* network/config/swconfig: drop Build/Prepare rule in favor of default oneAlexandru Ardelean2016-10-151-5/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* network/services/hostapd: move whole files outside of patches and drop ↵Alexandru Ardelean2016-10-155-640/+631
| | | | | | | | | | Build/Prepare rule in favor of default one This more of a demo for the previous commit that comes with this one, where I added support for copying source from 'src' to the build dir(s). Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* package/network/services/lldpd: Update to 0.9.5Daniel Engberg2016-10-151-2/+2
| | | | | | Updates lldpd to 0.9.5 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* packages/network/utils/wpan-tools: Update to 0.7Daniel Engberg2016-10-151-3/+3
| | | | | | | * Updates to 0.7 * Switches tarball to xz Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* package/network/utils/ipset: Update to 6.29Daniel Engberg2016-10-151-2/+2
| | | | | | Updates to 6.29 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* odhcpd: Upstep to git HEAD versionHans Dedecker2016-10-131-3/+3
| | | | | | | | | | | Adds per-host leasetime support Various bugfixes : -Prioritize ifname resolving via ubus -Free interface if ifindex cannot be resolved -... Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [update mirror sha256]
* uqmi: re-enable autoconnect which was dropped without explanationFelix Fietkau2016-10-121-14/+24
| | | | | | | Fixes a regression in commit 8f24ee638275: "uqmi: Add proper IPv6 support" Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uqmi: always use DHCP for IPv4Felix Fietkau2016-10-121-54/+30
| | | | | | | | | | | Commit 8f24ee638275 ("uqmi: Add proper IPv6 support") changed the code to fetch the IPv4 address via QMI by default instead of using DHCP to make it consistent with the IPv6 codepath. This breaks on at least some Sierra Wireless cards, where data exchanges fail to work until the host has fetched a DHCP lease. Leave v6 as it is, but always use DHCP for v4. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uhttpd: update to the latest version, adds a small json handler fixFelix Fietkau2016-10-081-3/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* source: Switch to xz for packages and tools where possibleDaniel Engberg2016-10-0616-21/+32
| | | | | | | | | | | * Change git packages to xz * Update mirror checksums in packages where they are used * Change a few source tarballs to xz if available upstream * Remove unused lines in packages we're touching, requested by jow- and blogic * We're relying more on xz-utils so add official mirror as primary source, master site as secondary. * Add SHA256 checksums to multiple git tarball packages Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* dslite: Quote resolveip hostname argumentHans Dedecker2016-10-062-4/+8
| | | | | | | | | Quote resolveip hostname argument to avoid bad shell injections. While at it fix pattern match logic in case multiple IPv6 addresses are returned for a hostname as they're seperated by newline by resolveip and not a white space Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* uhttpd: rename certificate defaults sectionJo-Philipp Wich2016-10-061-2/+2
| | | | | | | Now that the uhttpd init script can generate certificates using openssl as well, update the section name and related comment to be more generic. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: make -mesh and -p2p variants depend on the cfg80211 symbolFelix Fietkau2016-10-051-3/+3
| | | | | | Avoids build failures when the nl80211 driver is disabled Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uhttpd: support using OpenSSL for certificate generationHannu Nyman2016-10-052-3/+8
| | | | | | | | | | | | | | | | | | Support the usage of the OpenSSL command-line tool for generating the SSL certificate for uhttpd. Traditionally 'px5g' based on PolarSSL (or mbedTLS in LEDE), has been used for the creation. uhttpd init script is enhanced by adding detection of an installed openssl command-line binary (provided by 'openssl-util' package), and if found, the tool is used for certificate generation. Note: After this patch the script prefers to use the OpenSSL tool if both it and px5g are installed. This enables creating a truly OpenSSL-only version of LuCI without dependency to PolarSSL/mbedTLS based px5g. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* gre: Support fqdn as remote tunnel endpointHans Dedecker2016-10-042-5/+31
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: tc cake qdisc add nat, docsis & ptm modesKevin Darbyshire-Bryant2016-10-042-13/+57
| | | | | | | | | Add cake nat de-masquerading mode: nat, nonat. Also docsis & ptm overhead related keywords: nat, nonat, ptm, docsis-downstream-ip, docsis-downstream, docsis-upstream-ip & docsis-upstream. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* iproute2: fix no fortify build failureKevin Darbyshire-Bryant2016-09-301-0/+10
| | | | | | | | | | Fix rt_names build failure when FORTIFY_SOURCE disabled. Include limits.h which otherwise gets automatically included by fortify headers. Solves FS #194 Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* netifd: update to the latest version, adds various fixesFelix Fietkau2016-09-281-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iwinfo: fix WPA cipher reportingJo-Philipp Wich2016-09-271-2/+2
| | | | | | | | | | | Within the Lua binding, use the same logic as the command line interface for reporting the used WPA ciphers. Instead of printing the intersection of pairwise and group ciphers, report both group and pairwise ciphers. This fixes a case where a connection which uses CCMP for pairwise and TKIP as groupwise cipher is getting reported as using the NONE cipher. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* 6in4: fix invalid local variable declaration (FS#188)Jo-Philipp Wich2016-09-272-3/+3
| | | | | | | | Remove an invalid local variable declaration in the tunnel update subshell invocation. Local declarations outside of function scopes are illegal since the Busybox update to version 1.25.0 . Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* config: enable shadow passwords unconditionallyMatthias Schiffer2016-09-261-1/+0
| | | | | | | | | | | | | Configurations without shadow passwords have been broken since the removal of telnet: as the default entry in /etc/passwd is not empty (but rather unset), there will be no way to log onto such a system by default. As disabling shadow passwords is not useful anyways, remove this configuration option. The config symbol is kept (for a while), as packages from feeds depend on it. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>