aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: update to version 2016-12-15Koen Vandeputte2016-12-2020-169/+110
| | | | | | | | | | | | | Update to latest upstream HEAD: - Refreshed all - Delete patches and parts which made it upstream Compile tested Full & Mini configs Run-tested Mini config Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [another update, remove broken patch]
* iproute2: tc - update cake supportKevin Darbyshire-Bryant2016-12-202-11/+13
| | | | | | | | | | Update tc to track upstream cake changes: diffserv3 - a simple 3 tin classifier Also make diffserv3 and triple-isolate default Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* uqmi: Prevent 'POLICY MISMATH' error.Nickolay Ledovskikh2016-12-201-0/+1
| | | | | | | Add uqmi 'sync' command call to release stalled cid when preparing to setup new connection. As a result it prevents 'POLICY MISMATCH' errors. Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
* uqmi: bump to latest git HEADJohn Crispin2016-12-201-2/+2
| | | | | | | 8ceeab6 uqmi: Change returned value to QMI_CMD_REQUEST for 'sync' command. 1dc7be1 uqmi: Add sync command to release all cids. Signed-off-by: John Crispin <john@phrozen.org>
* uqmi: add support of using device symlinks.Nickolay Ledovskikh2016-12-201-0/+2
| | | | | | | It's useful when using multiple usb devices that should be bound to certain usb ports. Symlinks are created by hotplug handlers. Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
* comgt: add support of using device symlinks.Nickolay Ledovskikh2016-12-203-0/+5
| | | | | | | It's useful when using multiple usb devices that should be bound to certain usb ports. Symlinks are created by hotplug handlers. Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
* hostapd: remove never-used Package/<name>/DescriptionYousong Zhou2016-12-201-21/+1
| | | | | | | | The build system only accepts Package/<name>/description and since the typoed version virtually has the same content as the TITLE field, remove them altogether Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* mdns: bump to latest git HEADJohn Crispin2016-12-201-2/+2
| | | | | | | | be8ae8d cmake: Search for libjson-c 1fa9077 Fix IPv6 read 846369c Revert "mdnsd: interface: enable looped back messages" Signed-off-by: John Crispin <john@phrozen.org>
* odhcpd: Bump to git HEAD version (various fixes)Hans Dedecker2016-12-171-3/+3
| | | | | | | | | e055530 Don't print non bound assignments in the state file 3af23ad config: Fix RA interface config being overwritten 41b5268 dhcpv6-ia : Fix static DHCPv6 assignments becoming non static be6c515 dhcpv6-ia: Fix assignment of static DHCPv6 leases 374dc3f cmake: Find libubox/uloop.h 01c919c odhcpd: Display infinite valid lifetime as -1
* treewide: clean up download hashesFelix Fietkau2016-12-1646-46/+46
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* odhcp6c: Pass parameters to user dhcpv6 scriptHans Dedecker2016-12-162-3/+3
| | | | | | Pass all the parameters like device, dhcpv6 state to user script Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* map: Have cmake find libubus.hFlorian Fainelli2016-12-161-0/+3
| | | | | | Update CMakeList.txt to look for libubus.h since we depend on it. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* dnsmasq: fix service reloadJohn Crispin2016-12-161-2/+1
| | | | | | | | | | | The SIGHUP also got sent to the reload script making it bail out with an error Revert "dnsmasq: reload config if host name is modified" This reverts commit 854459a2f923376e0e509ebc0fb8ff90e9f13c02. Reported-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: John Crispin <john@phrozen.org>
* odhcpd: update sha256sumHauke Mehrtens2016-12-141-1/+1
| | | | | | | The sha256sum was not updated in the last commit. Fixes: a7c231027 [odhcpd: Fix dnsmasq re-reading hostfile] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* swconfig: replace the shared library with a static oneFelix Fietkau2016-12-142-5/+5
| | | | | | Reduces binary size Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ppp: use --gc-sections to save a tiny bit of spaceFelix Fietkau2016-12-141-0/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* comgt-ncm: Add support for specifying profile indexMatti Laakso2016-12-144-56/+51
| | | | | | | | | | | | | | | Add support for specifying a call profile index instead of APN. A specific index different from 1 must be used for some service provider and modem combinations. In addition, change the manufacturer detection to use the standard AT+CGMI command, which produces more predictable output than ATI, remove the redundant ipv6 option, since it is less ambiguous to directly specify the PDP context type with mobile connections, and fix missing device during teardown when using ncm through the wwan proto. Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
* uqmi: Add support for specifying profile indexMatti Laakso2016-12-142-82/+93
| | | | | | | | | | | | | | Update uqmi to latest version, which brings about support for specifying a call profile index instead of APN. A specific index different from 1 must be used for some service provider and modem combinations. Also change option dhcp to dhcpv6, since IPv4 now always uses DHCP, replace option ipv6 with pdptype, which is less ambiguous, and make autoconnect optional and default it to off for IPv6 due to it not working with statically configured IPv6. Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
* dropbear: clean up default PATH handling in makefileDario Ernst2016-12-142-14/+2
| | | | | | | | Harmonise handling of DEFAULT_PATH by removing the patch introducing #ifndef guards around the path, and only using one means to set the path in the makefile. Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>
* netfilter: drop proprietary xt_id matchJo-Philipp Wich2016-12-141-69/+0
| | | | | | | | The xt_id match was used by the firewall3 package to track its own rules but the approach has been changed to use xt_comment instead now, so we can drop this nonstandard extension. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall3: drop support for automatic NOTRACK rulesJo-Philipp Wich2016-12-141-3/+3
| | | | | | | | | | | | Update to current HEAD in order to drop automatic generation of per-zone NOTRACK rules. The NOTRACK rules used to provide a little performance improvement but the later introduction of the netfilter conntrack cache made those rules largely unnecessary. Additionally, those rules caused various issues which broke stateful firewalling in some scenarios. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* odhcpd: Fix dnsmasq re-reading hostfileHans Dedecker2016-12-132-2/+5
| | | | | | | | | Depending on the dhcp uci config pidof dnsmasq can return multiple pids. Fix re-reading of the hostfile by dnsmasq in such case by sending SIGHUP signal to each of the returned pids. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: Specify directory /tmp/hosts as argument for --addn-hostsHans Dedecker2016-12-132-2/+2
| | | | | | | Let dnsmasq read all hosts files in /tmp/hosts directory by specifying /tmp/hosts as argument of --addn-host Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: support latest cake & restore DSCP washingKevin Darbyshire-Bryant2016-12-121-55/+75
| | | | | | | Support new packet overhead passing paradigm in cake qdisc, also restore DSCP wash/nowash keywords. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* tcpdump: reduce size of -mini by removing more infrequently used protocolsFelix Fietkau2016-12-121-23/+25
| | | | | | | | | | | This removes: - BGP - CDP - SCTP MIPS binary .ipk size is reduced from ~150k to ~130k Signed-off-by: Felix Fietkau <nbd@nbd.name>
* net/utils/tcpdump: update to 4.8.1p-wassi2016-12-124-576/+700
| | | | | | Update tcpdump to upstream release 4.8.1 Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* openvpn: quote parameters to --push in openvpn config fileMagnus Kroken2016-12-121-1/+2
| | | | | | | | | | | | | | OpenVPN requires arguments to --push to be enclosed in double quotes. One set of quotes is stripped when the UCI config is parsed. Change append_params() of openvpn.init to enclose push parameters in double quotes. Unquoted push parameters do not cause errors in OpenVPN 2.3, but OpenVPN 2.4 fails to start with unquoted push parameters. Fixes: FS#290. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* dnsmasq: Fix splitting hostid for DHCPv6 static leasesArjen de Korte2016-12-061-1/+1
| | | | | | | | | Correct splitting the 32-bit 'hostid' value to two 16-bit hexadecimal values. Previously, the lower 16-bit value was truncated to an 8-bit value, which would result in hostid values 100 and 200 both to be set to [::0:0] instead of [::0:100] and [::0:200] respectively. Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
* dnsmasq: reload config if host name is modifiedFlorian Eckert2016-12-041-1/+2
| | | | | | | If the hostname in /etc/config/system is modified the dnsmasq will not reread the update host file under /tmp/hosts/dhcp.$cfg. Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
* ppp: Split the ppp-up for the IPv6 partPierre Lebleu2016-12-044-12/+29
| | | | Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
* curl: update to version 7.51.0Hauke Mehrtens2016-12-033-6/+6
| | | | | | | | | | | | | | | | | This fixes the following security problems: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curl_maprintf CVE-2016-8619: double-free in krb5 code CVE-2016-8620: glob parser write/read out of bounds CVE-2016-8621: curl_getdate read out of bounds CVE-2016-8622: URL unescape heap overflow via integer truncation CVE-2016-8623: Use-after-free via shared cookies CVE-2016-8624: invalid URL parsing with '#' CVE-2016-8625: IDNA 2003 makes curl use wrong host Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* xtables-addons: add CONFIG_NF_CONNTRACK_MARK=y to all kmod-* packagesFelix Fietkau2016-12-011-2/+2
| | | | | | | Not all kmod packages depends on kmod-ipt-compat-xtables, but this kernel config option is required for building the whole package Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iw: drop TX power patch that is part of upstream version nowRafał Miłecki2016-11-291-30/+0
| | | | | | | | | | | | | | | | Applying it again was resulting in duplicated TX info like: Interface wlan0 ifindex 6 wdev 0x1 addr 00:23:6a:a3:7d:00 ssid LEDE2 type AP wiphy 0 channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz txpower 31.00 dBm txpower 31.00 dBm Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ipset: Add InstallDev to provide libipset as libraryJulian Kornberger2016-11-261-1/+8
|
* netifd: update to the latest versionFelix Fietkau2016-11-221-3/+3
| | | | | | Fixes config reload on bridge MAC address changes Signed-off-by: Felix Fietkau <nbd@nbd.name>
* odhcpd: update to latest git HEADJohn Crispin2016-11-211-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* odhcpd: update to latest git HEADJohn Crispin2016-11-211-4/+4
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* openvpn: update to 2.3.13Magnus Kroken2016-11-211-2/+2
| | | | | | Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.13 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* hostapd: fix PKG_CONFIG_DEPENDS for CONFIG_WPA_SUPPLICANT_*Matthias Schiffer2016-11-161-1/+1
| | | | | | These symbols don't affect wpa-supplicant only, but also wpad. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* odhcpd: Add reload supportHans Dedecker2016-11-142-1/+5
| | | | | | | | odhcpd daemon has hitless config reload support by means of the sighup signal; add reload_service function which uses sighup signal to reload the config Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* arptables: bump to 2015-05-20Ralph Sennhauser2016-11-143-64/+13
| | | | | | | | | | | | | | | | | | This fixes building with musl and drops the dependency on the OpenWrt kernel-header patches: 270-uapi-kernel.h-glibc-specific-inclusion-of-sysinfo.h.patch 271-uapi-libc-compat.h-do-not-rely-on-__GLIBC__.patch 272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch Use the new upstream location at netfilter.org and use a define instead of a patch to "optimize". See also: https://git.netfilter.org/arptables/log/ Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com> [Jo-Philipp Wich: add mirror SHA256 sum] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* conntrack-tools: update to v1.4.4Jo-Philipp Wich2016-11-141-6/+2
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iw: fix build error caused by redeclaration of NL80211_ATTR_PADRafał Miłecki2016-11-121-6/+2
| | | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Fixes: 7aff00ab199 ("iw: update to version 4.9")
* iw: update to version 4.9Rafał Miłecki2016-11-125-88/+24
| | | | | | | This adds support for "channels" command which displays more details about channels. It includes e.g. info about available widths. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* iw: update to version 4.7Rafał Miłecki2016-11-128-634/+48
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* firewall: update to fix FS#31, FS#73, FS#154, FS#248Jo-Philipp Wich2016-11-081-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update to latest Git head in order to import several fixes and enhancements. - Disable drop invalid by default (FS#73, FS#154) Instead of dropping packets with conntrack state INVALID, only allow streams with explicit NEW or UNTRACKED conntrack state. This change gives user defined rules the chance to accept traffic like ICMPv6 multicast which would be filtered away by the very early ctstate INVALID drop rule otherwise. The old behaviour can be restored by explicitely setting "drop_invalid" to 1 in the global firewall config section. - Fix re-initialization of loadable iptables extensions on musl (FS#31) Since musl does not implement actual dlclose() semantics, it is impossible to re-run initializers on subsequent dlopen() calls. The firewall3 executable now intercepts the extension registration calls instead in order to be able to re-call them when needed. This also allowed us to switch to libxtables' builtin extension loader as a positive side-effect. - Fix masquerade rules for multiple negated IP addresses (FS#248) When building MASQUERADE rules for zones which specify multiple negated addresses in masq_src or masq_dest, emit -j RETURN rules which jump out of the masquerading chain instead of creating multiple rules with inverted "-s" arguments. - Tag own rules using comments Instead of relying on the nonstandard xt_id match, use the xt_comment match to mark own rules. Existing comments are prefixed with "!fw3: " while uncommented rules are marked with a sole "!fw3" string. This allows removing the xt_id match entirely in a later commit. - Make missing ubus connection nonfatal Technically, firewall3 is able to operate without ubus just fine as long as the zones are declared using "option device" or "option subnet" instead of "option network" so do not abort execution if ubus could not be connected or of no network namespace is exported in ubus. This allows running firewall3 on ordinary Linux systems. - Fix conntrack requirement detection for indirectly connected zones The current code fails to apply the conntrack requirement flag recursively to zones, leading to stray NOTRACK rules which break conntrack based traffic policing. Change the implementation to iteratively reapply the conntrack fixup logic until no more zones had been changed in order to ensure that all directly and indirectly connected zones receive the conntrack requirement flag. - Add support for iptables 1.6.x Adds support for the xtables version 11 api in order to allow building against iptables 1.6.x Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iperf3: update to version 3.1.4Christian Lamparter2016-11-081-2/+2
| | | | | | | | | "This release fixes a few minor bugs, including a (non-security-impacting) buffer overflow fix ported from upstream cjson." <http://software.es.net/iperf/news.html#iperf-3-1-4-released> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* dnsmasq: Support add-mac optionHans Dedecker2016-11-082-1/+7
| | | | | | | | | | | | | | | | Adds the mac address of the DNS requestor to DNS queries which are forwarded upstream and can be used to do filtering by the upstream servers. This only works if the requestor is on the same subnet as the dnsmasq server The addmac parameter can hold the following values: 0 : mac address is not added 1 : mac address is added in binary format base64 : mac address is added base64 encoded text: : mac address is added in human readable format as hex and colons Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* comgt: move to WWAN submenu, fixed linkAlberto Bursi2016-11-081-3/+4
| | | | | | | | moving comgt and its modules to WWAN submenu to join uqmi as both are tools for WWAN modems. I replaced the link with comgt's ubuntu manpage because the old link isn't working anymore. Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
* uqmi: moved to WWAN submenuAlberto Bursi2016-11-081-0/+1
| | | | | | Moving uqmi to WWAN submenu Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>