aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* swconfig: revert the portmapping patches, they seem to cause a segfaultJohn Crispin2016-08-163-0/+104
| | | | | | | | | | | | Revert "kernel/swconfig: remove obsolete portmapping feature from swconfig" This reverts commit 675407baa44a8700de20b6b2857009a552a807ba. Revert "swconfig: remove obsolete portmapping feature" This reverts commit fca1eb349ef31b133a62880cbd562d6bf17500aa. Signed-off-by: John Crispin <john@phrozen.org>
* swconfig: remove obsolete portmapping featureJohn Crispin2016-08-153-104/+0
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* samba: add file/interface reload triggers & filter interfacesConn O'Griofa2016-08-151-9/+10
| | | | | | | | | | | | | | | | * Only parse interfaces that are up during init_config (as the script depends on this to determine the proper IP/subnet range) * Add reload interface triggers for samba-designated interfaces * Force full service restart upon config change to ensure Samba binds to new interfaces (sending HUP signal doesn't work) * Rename "interface" variable to "samba_iface" and move into global scope Needed to fix Samba connectivity for clients connecting from a different LAN subnet (e.g. pseudobridge configurations) due to the 'bind interfaces only' setting. Signed-off-by: Conn O'Griofa <connogriofa@gmail.com>
* dropbear: security update to 2016.74Jo-Philipp Wich2016-08-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | - Security: Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system (validated by getpwnam()) then an attacker could run arbitrary code as root when connecting to Dropbear server. A dbclient user who can control username or host arguments could potentially run arbitrary code as the dbclient user. This could be a problem if scripts or webpages pass untrusted input to the dbclient program. - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files - Security: dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. This could be an issue where dbclient is used in scripts. - Security: dbclient or dropbear server could expose process memory to the running user if compiled with DEBUG_TRACE and running with -v The security issues were reported by an anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: Allow RADIUS accounting without 802.1xPetko Bordjukov2016-08-111-10/+9
| | | | | | | | RADIUS accounting can be used even when RADIUS authentication is not used. Move the accounting configuration outside of the EAP-exclusive sections. Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
* hostapd: remove unused hostapd-common-old packageFelix Fietkau2016-08-053-606/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: remove esfq qdiscFelix Fietkau2016-08-042-251/+2
| | | | | | It has been obsolete for years now Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uqmi: add metric option to interface configFlorian Eckert2016-07-261-2/+7
| | | | | | It is now possible to add an metric option for the qmi proto in dhcp mode. Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
* uqmi: fix option ipv6Florian Eckert2016-07-261-5/+1
| | | | | | | If option ist not set then ipv6 is still enabled on this Interface. Check if variable is zero will fix this issue. Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
* kernel: remove hostap driverFelix Fietkau2016-07-316-7/+5
| | | | | | | It has been marked as broken for well over a month now and nobody has complained. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: drop --interface and --except-interface options when the interface ↵Felix Fietkau2016-07-291-2/+2
| | | | | | cannot be found Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest version, adds an event handling fixFelix Fietkau2016-07-291-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: remove use of uci state for getting network ifnameFelix Fietkau2016-07-291-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: replace the iface hotplug script with a procd triggerFelix Fietkau2016-07-293-11/+8
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: make the check for existing DHCP servers more reliableFelix Fietkau2016-07-291-0/+6
| | | | | | If there is no carrier yet, wait for 2 seconds (STP forwarding delay) Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: write atomic config fileUlrich Weber2016-07-291-8/+10
| | | | | | | | | multiple invocation of dnsmasq script (e.g. by procd and hotplugd) might cause procd to restart dnsmasq with an incomplete config file. Config file generation might take quite a long time on larger configs due ubus calls for each listening interface... Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
* netifd: update to the latest versionFelix Fietkau2016-07-291-2/+2
| | | | | | | | Emits an initial event after the first link-up of a force_link interface. This is needed for making the dnsmasq dhcp check more reliable Signed-off-by: Felix Fietkau <nbd@nbd.name>
* igmpproxy: remove procd_open_trigger/procd_close_trigger callsFelix Fietkau2016-07-291-3/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: remove procd_open_trigger/procd_close_trigger callsFelix Fietkau2016-07-291-2/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: Use -x hostname:$hostname instead of -HMerlijn Wajer2016-07-241-1/+1
| | | | | | | | | | | | | | | | | | | | | Passing the hostname is currently broken in since the shipped busybox includes this commit: https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?id=2017d48c0d70bef8768efb42909e605ea8eb5a21 Before: Sun Jan 31 18:11:32 2016 daemon.notice netifd: Interface 'wan' is now down Sun Jan 31 18:11:32 2016 daemon.notice netifd: Interface 'wan' is setting up now Sun Jan 31 18:11:32 2016 daemon.notice netifd: wan (18158): udhcpc: option -h NAME is deprecated, use -x hostname:NAME Sun Jan 31 18:11:32 2016 daemon.notice netifd: wan (18158): udhcpc: malformed hex string 'WR150' After: Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): udhcpc (v1.23.2) started Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Sending discover... Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Sending select for xxx.yyy.zzz.xyz... Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Lease of xxx.yyy.zzz.xyz obtained, lease time 600 Signed-off-by: Merlijn Wajer <merlijn@wizzup.org>
* firewall3: update to latest git HEADJohn Crispin2016-07-241-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* hostapd: backport mesh/ibss HT20/HT40 related fixFelix Fietkau2016-07-276-8/+69
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iperf3: update to version 3.1.3Hauke Mehrtens2016-07-241-2/+2
| | | | | | | | | | old size: iperf3_3.0.11-1_mips_34kc_dsp.ipk 30147 new size: iperf3_3.1.3-1_mips_34kc_dsp.ipk 33640 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iperf: update to version 2.0.9Hauke Mehrtens2016-07-241-2/+2
| | | | | | | | | | old size: iperf_2.0.8-1_mips_34kc_dsp.ipk 27911 new size: iperf_2.0.9-1_mips_34kc_dsp.ipk 28681 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* curl: update to version 7.50.0Hauke Mehrtens2016-07-242-4/+4
| | | | | | | | | | | | | | Changelog: https://curl.haxx.se/changes.html old sizes: libcurl_7.49.0-1_mips_34kc_dsp.ipk 97569 curl_7.49.0-1_mips_34kc_dsp.ipk 37925 new sizes: libcurl_7.50.0-1_mips_34kc_dsp.ipk 97578 curl_7.50.0-1_mips_34kc_dsp.ipk 38017 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* samba36: avoid picking up a dependency on libunwind (fixes GH #212)Felix Fietkau2016-07-211-0/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix an error on parsing radius_das_clientFelix Fietkau2016-07-212-1/+11
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* samba36: disable local browse master by defaultFelix Fietkau2016-07-181-0/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix VLAN support in full wpad buildsFelix Fietkau2016-07-182-6/+16
| | | | | | Suppress -DCONFIG_NO_VLAN if CONFIG_IBSS_RSN is enabled Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: quote vendorid and hostname variables in dhcp scriptHans Dedecker2016-07-121-2/+2
| | | | | | | Quote hostname and vendorid variables in dhcp script so they can hold strings having white spaces Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* samba: update smb template socket options defaultsKevin Darbyshire-Bryant2016-07-111-1/+0
| | | | | | | | | | | | | | | | | | Removed socket options = TCP_NODELAY IPTOS_LOWDELAY TCP_NODELAY (disables Nagle algorithm) is default since samba2. IPTOS_LOWDELAY sets DSCP 0x10 coding (CS2) The alternate IPTOS_THROUGHPUT sets DSCP 0x08 coding (CS1) CS1 is a scavenger class, whilst CS2 is more OAM/interactive (SNMP,SSH,syslog) Using CS2 is definitely an abuse of DSCP classification, CS1 less so however even if the ISP takes note of DSCP codings having a default that sets traffic to CS2 is wrong. Better to use the default Best Effort class. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* iftop: fix mac address displayKevin Darbyshire-Bryant2016-07-112-1/+68
| | | | | | | iftop would display portions of mac address with large ffffff prefixes. Make if_hw_addr type consistent. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* igmpproxy: logging options - make work & improveKevin Darbyshire-Bryant2016-07-113-18/+9
| | | | | | | | | | Move logging command line option to uci: option verbose [0]/1/2 - mono-syllabic/verbose/noisy Previously handled as 'OPTIONS' in .init script however variable was ignored so never worked. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* hostapd: add a WDS AP fix for reconnecting clientsFelix Fietkau2016-07-061-0/+25
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* samba: Update smb.conf.templateneheb2016-07-051-8/+2
| | | | | | | | Removed some options which are default anyway and added bind interfaces only which causes the interfaces line to actually have an effect. Can be verified with netstat. Signed-off by: Rosen Penev <rosenp@gmail.com>
* umbim: update to latest git HEADJohn Crispin2016-07-051-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* iwinfo: fix nl80211 phy lookup without platform prefixJo-Philipp Wich2016-07-041-2/+2
| | | | | | | | | | | Commit d9b20a6f351c50d206fb6d2f965a16318c0cecf7 (SVN r48426) changed the mac80211 phy lookup logic to strip the platform/ directory component from the phy path specification. Fix iwinfo to follow that logic by trying to lookup phys both with and without "platform/" prefix. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* odhcp6c: Upstep to latest versionHans Dedecker2016-06-301-2/+2
| | | | | | | | | Following fixes are included in the latest version: -Script is launched with incorrect action -Possible buffer overflows -Lots of minor bugfixes Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: cake AQM prepare tc for COBALT algorithmKevin Darbyshire-Bryant2016-06-302-11/+14
| | | | | | | | Cake AQM is experimenting with a codel/blue hybrid AQM COBALT instead of just using codel alone. This patch updates tc to cope with some new stats produced by COBALT. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* dnsmasq: Add broken realtime clock build switch in full variantHans Dedecker2016-06-301-3/+8
| | | | | | | | | | | | | By default dnsmasq uses the time function; which returns the time since Epoch; to retrieve the current time. On boards which have no realtime clock this can lead to side effects when the time is synced via ntp as the "time wrap" forces dhcp leases to be considered as expired. By enabling the broken realtime clock build switch dnsmasq uses the times utility which returns the number of clock tick. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [Jo-Philipp Wich: change symbol name, add sym to PKG_CONFIG_DEPENDS] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: fix missing cipher list for polarssl in v2.3.11Jo-Philipp Wich2016-06-282-1/+43
| | | | | | | | | | | Upstream OpenSSL hardening work introduced a change in shared code that causes polarssl / mbedtls builds to break when no --tls-cipher is specified. Import the upstream fix commit as patch until the next OpenVPN release gets released and packaged. Reported-by: Sebastian Koch <seb@metafly.info> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* lldpd: Use /etc/os-release instead of /etc/openwrt_*Daniel Dickinson2016-06-272-43/+4
| | | | | | | | | With the addition of /etc/os-release patching lldpd to use /etc/openwrt_release and to have the initscript use /etc/openwrt_release and/or /etc/openwrt_version becomes unnecessary. Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
* ebtables: fix segmentation fault due to uninitialized extension dataJo-Philipp Wich2016-06-242-1/+250
| | | | | | | | | | | | | | | | | | | The ebtables code relies on the `-nostartfiles` linker argument to execute the extension modules' `_init()` functions automatically which is not working reliably across all supported targets and gcc versions. Running an ebtables executable linked this way just crashes with a segmentation fault at runtime on program startup, e.g. on ARM architectures. In order to fix the issue ... - remove the use of the -nostartfiles linker flag - rename the init procedures to a generic name without implicit semantics - explicitely annotate those init procedures as constructors The patch has been taken from the Alpine Linux distribution at http://git.alpinelinux.org/cgit/aports/tree/main/ebtables/fix-extension-init.patch Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: dnssec time handling uses ntpd hotplugKevin Darbyshire-Bryant2016-06-244-25/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change dnsmasq's dnssec time check handling to use time validity indicated by ntpd rather than maintaining a cross boot/upgrade /etc/dnsmasq.time timestamp file. This saves flash device wear. If ntpd client is configured in uci and you're using dnssec, then dnsmasq will not check dnssec timestamp validity until ntpd hotplug indicates sync via a stratum change. The ntpd hotplug leaves a status flag file to indicate to dnsmasq.init that time is valid and that it should now start in 'check dnssec timestamp valid' mode. If ntpd client is not configured and you're using dnssec, then it is presumed you're using an alternate time sync mechanism and that time is correct, thus dnsmasq checks dnssec timestamps are valid from 1st start. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> V2 - stratum & step ntp changes indicate time is valid V3 - on initial flag file step signal dnsmasq with SIGHUP if running V4 - only accept step ntp changes. Accepting both stratum & step could result in unpleasant script race conditions V5 - Actually only accepting stratum is the correct thing to do after further testing V6 - improve handling of non busybox ntpd if sysntpd not executable dnsmasq checks dnssec timestamps else sysntp script disabled - look for timestamp file - allows external mechanism to use hotplug flag file sysntp script enabled & uci ntp enabled - look for timestamp file sysntp script enabled & uci ntp disabled - dnsmasq checks dnssec timestamps fi
* packages: prefer http over git for git protocolHauke Mehrtens2016-06-223-3/+3
| | | | | | | | | In company networks everything except the http and https protocol is often causes problems, because the network administrators try to block everything else. To make it easier to use LEDE in company networks use the https/http protocol for git access when possible. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* lantiq: Correct ADSL race conditionDaniel Gimpelevich2016-06-221-1/+1
| | | | | | | puts br2684ctl init after ADSL init instead of before, so that the ESI is set at the right time, and for consistency with the PTM driver. Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
* uhttpd: update to the latest version, adds some extensions to handler script ↵Felix Fietkau2016-06-161-2/+2
| | | | | | support Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix breakage with non-nl80211 driversFelix Fietkau2016-06-152-15/+18
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix compilation error in wext backendJo-Philipp Wich2016-06-151-0/+10
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: implement fallback for incomplete survey dataFelix Fietkau2016-06-151-0/+45
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>