aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* linux-atm: add missing br2684ctl patch chunkFelix Fietkau2016-01-231-0/+9
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48458
* ltq-vdsl-app: mask out VDSL bits when ATM is selected, fixes compatibility ↵Felix Fietkau2016-01-231-2/+5
| | | | | | | | issues with some DSLAMs Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48457
* qos-scripts: bump versionFelix Fietkau2016-01-221-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48455
* qos-scripts: Add IPv6 supportFelix Fietkau2016-01-222-28/+64
| | | | | | | | | | | | | | | This adds IPv6 support to qos-scripts for both tc/qdisc and the iptables classification rules. The tc/qdisc part is accomplished by removing "protocol ip" from the tc command line, causing the rule to be applied to all protocols. The iptables part is accomplished by adding each rule using both iptables and ip6tables. This patch is based on previous work by Ilkka Ollakka and Dominique Martinet. Signed-off-by: Michael Marley <michael@michaelmarley.com> SVN-Revision: 48452
* qos-scripts: Allow classification by the traffic's source interfaceFelix Fietkau2016-01-211-0/+3
| | | | | | | | | | | This adds a "srciface" option that can be used on classification rules in /etc/config/qos. This is useful to allow prioritization based on the local network from which the traffic originates, for example to deprioritize traffic from a guest network. Signed-off-by: Michael Marley <michael@michaelmarley.com> SVN-Revision: 48446
* qos-scripts: stop overriding tx queue lengthFelix Fietkau2016-01-211-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48445
* netifd: update to the latest version, adds a cosmetic fix for a wpa related ↵Felix Fietkau2016-01-201-2/+2
| | | | | | | | variable Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48397
* 6in4: use uclient-fetch instead of wget/curlFelix Fietkau2016-01-202-24/+7
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48391
* qos-scripts: Fix classification of ingress trafficFelix Fietkau2016-01-191-1/+1
| | | | | | | | | | | Set the save-mark mask for the qos_${cg} chain to 0xff instead of 0xf0. With the old value, the nibble that was saved would be masked during the restore, preventing ingress traffic from being classified. Thanks to nbd for recommending the fix. Signed-off-by: Michael Marley <michael@michaelmarley.com> SVN-Revision: 48388
* uhttpd: fix typo in default config for px5gFelix Fietkau2016-01-191-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48385
* Revert "6in4: Corrected tunnelbroker tunnel update URL"Jo-Philipp Wich2016-01-192-2/+2
| | | | | | | | | The auth change appears to break the endpoint update for most users and with my local tests the old update url works just fine. This reverts commit 99c03a88cb6fed0519efdfaac305794653a12542. SVN-Revision: 48384
* wpa_supplicant: add support for EAP-TLS phase2Felix Fietkau2016-01-191-2/+12
| | | | | | | | | Introduce config options client_cert2, priv_key2 and priv_key2_pwd used for EAP-TLS phase2 authentication in WPA-EAP client mode. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48345
* hostap/wpa_supplicant: enable EAP-FAST in -full buildsFelix Fietkau2016-01-192-0/+6
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48344
* uhttpd: add option for mbedtlsFelix Fietkau2016-01-191-0/+4
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48343
* br2684ctl: resolve a boot time race condition with nas0 bringup by using ↵Felix Fietkau2016-01-183-13/+7
| | | | | | | | explicit notification when init is done Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48321
* br2684ctl: add support for notifying nas* bringup via a scriptFelix Fietkau2016-01-181-0/+54
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48320
* firewall: add CONFIG_IPV6 to PKG_CONFIG_DEPENDS to fix a rebuild errorFelix Fietkau2016-01-181-0/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48315
* iptables: fix rebuild errors on configuration changesFelix Fietkau2016-01-181-0/+14
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48314
* wpa_supplicant: improve generating phase2 config line for WPA-EAPFelix Fietkau2016-01-181-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WPA-EAP supports several phase2 (=inner) authentication methods when using EAP-TTLS, EAP-PEAP or EAP-FAST (the latter is added as a first step towards the UCI model supporting EAP-FAST by this commit) The value of the auth config variable was previously expected to be directly parseable as the content of the 'phase2' option of wpa_supplicant. This exposed wpa_supplicant's internals, leaving it to view-level to set the value properly. Unfortunately, this is currently not the case, as LuCI currently allows values like 'PAP', 'CHAP', 'MSCHAPV2'. Users thus probably diverged and set auth to values like 'auth=MSCHAPV2' as a work-around. This behaviour isn't explicitely documented anywhere and is not quite intuitive... The phase2-string is now generated according to $eap_type and $auth, following the scheme also found in hostap's test-cases: http://w1.fi/cgit/hostap/tree/tests/hwsim/test_ap_eap.py The old behaviour is also still supported for the sake of not breaking existing, working configurations. Examples: eap_type auth 'ttls' 'EAP-MSCHAPV2' -> phase2="autheap=MSCHAPV2" 'ttls' 'MSCHAPV2' -> phase2="auth=MSCHAPV2" 'peap' 'EAP-GTC' -> phase2="auth=GTC" Deprecated syntax supported for compatibility: 'ttls' 'autheap=MSCHAPV2' -> phase2="autheap=MSCHAPV2" I will suggest a patch to LuCI adding EAP-MSCHAPV2, EAP-GTC, ... to the list of Authentication methods available. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48309
* iproute2: remove odd conffiles generationFelix Fietkau2016-01-171-4/+0
| | | | | | | | | This was generating a conffiles list that included the binary and CONTROL/ files. Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net> SVN-Revision: 48296
* netifd: fix PKG_VERSION (#21630)Jo-Philipp Wich2016-01-171-1/+1
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48280
* network: add virtual tunnel interface (VTI) supportFelix Fietkau2016-01-172-0/+216
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support for configuring VTI interfaces within /etc/config/network. VTI interfaces are used to create IPsec tunnel interfaces. These interfaces may be used for routing and other purposes. Example config: config interface 'vti1' option proto 'vti' option mtu '1500' option tunlink 'wan' option peeraddr '192.168.5.16' option zone 'VPN' option ikey 2 option okey 2 config interface 'vti1_static' option proto 'static' option ifname '@vti1' option ipaddr '192.168.7.2/24' The options ikey and okey correspond to the fwmark value of a ipsec policy. The may be null if you do not want fwmarks. Also peeraddr may be 0.0.0 if you want all ESP packets go through the interface. Example strongswan config: conn vti left=%any leftcert=peer2.test.der leftid=@peer2.test right=192.168.5.16 rightid=@peer3.test leftsubnet=0.0.0.0/0 rightsubnet=0.0.0.0/0 mark=2 auto=route Signed-off-by: André Valentin <avalentin@marcant.net> SVN-Revision: 48274
* netifd: update to the latest version, adds VTI support and a policy routing fixFelix Fietkau2016-01-171-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48273
* dnsmasq: Add option --min-portFelix Fietkau2016-01-152-1/+2
| | | | | | | | | | | By default dnsmasq uses random ports for outbound dns queries; when the minport UCI option is specified the ports used will always be larger than the specified value. This is usefull for systems behind firewalls. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> SVN-Revision: 48244
* dropbear: update version to 2015.71Felix Fietkau2016-01-155-10/+10
| | | | | | | | | Update dropbear to version 2015.71, released on 3 Dec 2015. Refresh patches. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> SVN-Revision: 48243
* dnsmasq: add local hostname record for own lan ula address as wellJo-Philipp Wich2016-01-122-4/+18
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48214
* hostapd: fix disassociation with FullMAC drivers and multi-BSSRafał Miłecki2016-01-111-0/+67
| | | | | | Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 48202
* openvpn: update to version 2.3.10Felix Fietkau2016-01-115-276/+5
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48201
* dropbear: enable curve25519 support by default, increases compressed binary ↵Felix Fietkau2016-01-101-1/+1
| | | | | | | | size by ~5 kb Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48196
* dropbear: split out curve25519 support into a separate config optionFelix Fietkau2016-01-102-4/+19
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48195
* hostapd: fix post v2.4 security issuesFelix Fietkau2016-01-1011-0/+554
| | | | | | | | | | | | | | | | | | | | | | | - WPS: Fix HTTP chunked transfer encoding parser (CVE-2015-4141) - EAP-pwd peer: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd server: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd peer: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd server: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd peer: Fix asymmetric fragmentation behavior (CVE-2015-4146) - NFC: Fix payload length validation in NDEF record parser (CVE-2015-8041) - WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use (CVE-2015-5310) - EAP-pwd peer: Fix last fragment length validation (CVE-2015-5315) - EAP-pwd server: Fix last fragment length validation (CVE-2015-5314) - EAP-pwd peer: Fix error path for unexpected Confirm message (CVE-2015-5316) Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> SVN-Revision: 48185
* openvpn: added service_triggers() to init scriptFelix Fietkau2016-01-071-0/+4
| | | | | | | | | Follow up of #21469 This patch enables autoreloading openvpn via procd. Signed-off-by: Federico Capoano <nemesis@ninux.org> SVN-Revision: 48150
* swconfig: support sending SWITCH_TYPE_LINK to kernelRafał Miłecki2016-01-061-0/+28
| | | | | | Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 48141
* samba36: add three CVE patches from 2015-12-16Felix Fietkau2016-01-054-1/+253
| | | | | | | | | This is a patch for CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299. A patchset for these vulnerabilities was published on 16th December 2015. Signed-off-by: Jan Čermák <jan.cermak@nic.cz> SVN-Revision: 48133
* relayd: move to git.openwrt.orgFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48129
* firewall: move to git.openwrt.orgFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48128
* uqmi: move to git.openwrt.orgFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48124
* uhttpd: move to git.openwrt.orgFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48122
* packages: use OPENWRT_GIT to point at the main openwrt git repoFelix Fietkau2016-01-044-4/+4
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48118
* package/network/config/gre: ipv6 gre kmod package name was wrongFelix Fietkau2016-01-031-1/+1
| | | | | | | | | | Source package gre was depending on kmod-ip6-gre, however the actual kernel module package that is created is kmod-gre6. Therefore update (source) package gre for ipv6 gre support. Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com> SVN-Revision: 48100
* wpa_supplicant: set regulatory domain the same way as hostapdFelix Fietkau2016-01-031-0/+6
| | | | | | | | | | | | | In sta-only configuration, wpa_supplicant needs correct regulatory domain because otherwise it may skip channel of its AP during scan. Another alternative is to fix "iw reg set" in mac80211 netifd script. Currently it fails if some phy has private regulatory domain which matches configured one. Signed-off-by: Dmitry Ivanov <dima@ubnt.com> SVN-Revision: 48099
* iproute2: update to 4.3.0Felix Fietkau2016-01-038-120/+68
| | | | | | | | | | | | iproute2-4.0 had connmark support added by nbd. This does not work with 4.x kernels. iproute2-4.3 is the latest version and has his changes mainlined. This patch updates the package to iproute2-4.3 and fixes the patches so that it compiles. This should resolve ticket #21374. Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net> SVN-Revision: 48098
* ltq-vdsl-app: re-add lowlevel settingsJohn Crispin2016-01-011-0/+88
| | | | | | | | | | | | | | | | Add back a slightly modified version of the lowlevel settings which where removed with r46920. In compare to the old lowlevel settings, the B43c tone is added to tone_adsl_b and tone_adsl_bv. If an unsupported tone value is used, the auto probing mode is used, in compare to the fallback to tone_adsl_av and tone_vdsl_av with the old lowlevel settings. Signed-off-by: Mathias Kresin <openwrt@kresin.me> SVN-Revision: 48054
* ltq-vdsl-app: enable G.993.5 XTSE bit by defaultJohn Crispin2016-01-011-3/+7
| | | | | | | | | | | | | According to ITU-T G.997.1 Amendment 2 (04/2013) section 2.1, bit 3 of XTSE octet 8 either allow or denies the initialization of G.993.5. Even if the current redistributable xDSL firmware doesn't include G.993.5 vectoring support, enable this bit by default to allow people to get their G.993.5 line working using a custom xDSL firmware. Signed-off-by: Mathias Kresin <openwrt@kresin.me> SVN-Revision: 48053
* ltq-vdsl-app: let the driver/app probe the xtse on missing annexJohn Crispin2016-01-011-3/+0
| | | | | | | | | | | r47933 revealed that the driver/app in combination with the chosen firmware does a good job in selecting a working xtse. Use this probing mode if no annex is specified. Signed-off-by: Mathias Kresin <openwrt@kresin.me> SVN-Revision: 48052
* ltq-vdsl-app: add/enable missing G.993.2 XTSE bitsJohn Crispin2016-01-011-10/+9
| | | | | | | | | | | | | | | | | This patch adds the missing VDSL2 bits to the annex specific XTSE (like it should be according to the comments above the XTSE bits). Since r47933 it's mandatory to remove the annex option to switch to VDSL2 (only) operation mode. As shown by ticket #21436 and a few mails I received personally, even experienced users are not aware that they have to remove the annex option to get their VDSL2 line working and as shown by this patch it doesn't need to be that "complicated". Signed-off-by: Mathias Kresin <openwrt@kresin.me> SVN-Revision: 48051
* ltq-vdsl-app: use the final xtse formatJohn Crispin2016-01-011-5/+5
| | | | | | | | This way we can drop the call to sed. Signed-off-by: Mathias Kresin <openwrt@kresin.me> SVN-Revision: 48050
* dante: fix MD5SUMNicolas Thill2015-12-311-1/+1
| | | | | | | | | | MD5SUM is wrong, it was not updated during last update to v1.4.1. Thanks to Daniel Dickinson <openwrt@daniel.thecshore.com> for reporting it. Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 48017
* 6in4: Corrected tunnelbroker tunnel update URLHauke Mehrtens2015-12-272-2/+2
| | | | | | | | | | | | | | Changed the tunnel update URL into format tunnelbrokers example has, that made it work again. Current method gives "Username/Password Authentication Failed." when I tried the wget line manually and logread eventually says also "6in4: update failed". With corrected URL it works fine: "good 111.222.333.444" or "nochg 111.222.333.444" and logread concurs with success, and tunnel actually updates. Tested-by: Vaasa Hacklab <info@vaasa.hacklab.fi> Signed-off-by: Sami Olmari <sami@olmari.fi> SVN-Revision: 48006
* swconfig: support receiving SWITCH_TYPE_LINK from kernelJohn Crispin2015-12-233-0/+92
| | | | | | | | | When using cli, print link state the same way kernel used to do it. This will allow kernel switching PORT_LINK from SWITCH_TYPE_STRING. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 47998