aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* nftables: remove date from versionHauke Mehrtens2017-08-091-1/+1
| | | | | | | We are using the normal 0.7 version of nftables, do not add an additional date to the version number. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ltq-vdsl-app: add support for auto xfer_mode and auto line_modeMartin Schiller2017-08-061-11/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If xfer_mode is set to auto the vdsl_cpe_control daemon assumes that ATM should be used for ADSL and PTM for VDSL. xfer_mode and line_mode can be set to fixed value independantly from each other. The syntax for the tc_layer argument of vdsl_cpe_control is as follow: -T<TcADSL>:<TcCfgUsADSL>:<TcCfgDsADSL>_<TcVDSL>:<TcCfgUsVDSL>:<TcCfgDsVDSL> where TcADSL and TcVDSL can be: 1=ATM, 2=PTM/EFM, 4=Auto TC-Layer and TcCfgUsADSL, TcCfgUsVDSL, TcCfgDsADSL, TcCfgDsVDSL can be: 1=64/65-octet encapsulation supported 2=64/65-octet encapsulation with pre-emption 3=64/65-octet encapsulation with short packets Default: In case of no '-T' option is given, ADSL will be configured in ATM and VDSL in PTM/EFM: -T1:0x1:0x1_2:0x1:0x1 The '-M' argument of dsl_cpe_control defines the initial DSL mode (NextMode) for ADSL/VDSL multimode handling. Possible Values: 0=API-default, 1=ADSL, 2=VDSL Default: In case of no '-M' option is given, '0' (API-default) will be selected. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* ltq-vdsl-app: mask out ADSL bits when VDSL is requestedMartin Schiller2017-08-061-1/+4
| | | | | | | If the line_mode is fixed configured to vdsl, than only G.993 VDSL should be used. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* ltq-vdsl-app: use notification based ATM/PTM driver loadMartin Schiller2017-08-065-20/+34
| | | | | | | This patch removes the fixed atm/ptm driver loading and switches to notification based driver loading. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* ltq-xdsl-app: drop esi callMathias Kresin2017-08-063-4/+1
| | | | | | | | | | | | | The esi call was added to workaround a race condition between applying a configured mac address to the wan interface and starting the protocol (handler) as it was observed in a DHCP over ATM bridge configuration. Martin Schiller, TDT GmbH was so kind to test with their local infrastructure if the race condition still exists. The provided package dumps captured behind the DSLAM shows that it doesn't. It was most likely fixed with adding carrier support to the lantiq ptm/atm driver. Signed-off-by: Mathias Kresin <dev@kresin.me>
* odhcpd: update to latest git HEAD (FS#402, FS#524)Hans Dedecker2017-08-031-3/+3
| | | | | | | 296b4a0 dhcpv6: assign all viable DHCPv6 addresses by default (FS#402, FS#524) f4d38e0 treewide: reflect managed mode is related to RA Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* tcpdump: Update to 4.9.1Daniel Engberg2017-07-281-2/+2
| | | | | | | | | Update tcpdump to 4.9.1 Fixes: * CVE-2017-11108: Fix bounds checking for STP. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* samba36: Remove legacy optionsRosen Penev2017-07-222-8/+3
| | | | | | | | | | | | | Browseable is now set through LuCI per share, so remove it. Same with writeable (inverted synonym for read only). domain master and preferred master seem to be legacy settings for Windows 9x. encrypt passwords defaults to yes. Probably should not be disabled either. Also reordered alphabetically. Signed-off-by: Rosen Penev <rosenp@gmail.com> [rewrap commit message, fix SoB, fix author, bump pkg revsion] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to git HEADStijn Tintel2017-07-211-3/+3
| | | | | | | d397e8c netifd: Fix printf calls + function declarations. 34afb76 system-linux: fix GRE ikey/okey endianness Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ipset: split libipset as a subpackageAlexandru Ardelean2017-07-211-6/+15
| | | | | | | | | | | Intent is to link against it, and have the option to not install the ipset utility (if needed). One example/use-case is keepalived (from package) feeds, where it would be nice to just depend on a `libipset` (sub)package. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* dnsmasq: introduce config support for forced DHCP optionsJo-Philipp Wich2017-07-211-5/+9
| | | | | | | | | | | Introduce a new UCI list setting `list dhcp_option_force` which is available in sections of type `dnsmasq` and `dhcp`. The `dhcp_option_force` setting has the same semantics as `dhcp_option` but generates `dhcp-option-force` directives instead of `dhcp-option` ones in emitted native configuration. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: backport remove ping check of configured dhcp addressHans Dedecker2017-07-182-1/+29
| | | | | | | Remove ping check in DHCPDISCOVER case as too many buggy clients leave an interface in configured state causing the ping check to fail. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* nftables: Update to 0.7Nick Brassel2017-07-152-3/+79
| | | | | | Updated nftables to latest. Signed-off-by: Nick Brassel <nick@tzarc.org>
* curl: bump to version 7.54.1Alif M. Ahmad2017-07-143-5/+5
| | | | | | Upgrade the curl package to latest version. Patches refreshed. Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
* netfilter: add iptables-mod-rpfilter packageAlin Nastac2017-07-111-0/+14
| | | | | | | | | Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw -I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to become full when a packet flood with randomly selected source IP addresses is received from the lan side. Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
* dnsmasq: restore ability to include/exclude raw device namesJo-Philipp Wich2017-07-102-3/+3
| | | | | | | | | | | | | Commit 5cd88f4 "dnsmasq: remove use of uci state for getting network ifname" broke the ability to specify unmanaged network device names for inclusion and exclusion in the uci configuration. Restore support for raw device names by falling back to the input value when "network_get_device" yields no result. Fixes FS#876. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* lantiq: set up DSL front-end GPIOs if they existThomas Nixon2017-07-071-0/+14
| | | | | | | This is necessary for devices using the PSB80108/VRX220LD front-end (currently only known on the Netgear DM200). Signed-off-by: Thomas Nixon <tom@tomn.co.uk>
* odhcpd: update to the latest versionHans Dedecker2017-07-061-3/+3
| | | | | | | | | | | | f0d78e7 ndp: optimize check_addr6_updates code 94afe3b ndp: fix syslog tracing for netlink neigbor and address events 18df6cc treewide: rework logic to retrieve IPv6 interface addresses 803b83e router: use enum to specify order and index of iov struct 5dad295 treewide: rework code to get rid of fixed IPv6 address arrays 3e4c8ad config: rework code to get rid of IFNAMSIZ usage ab7813e treewide: use angle-brackets to include libubox header files Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: dnsmasq --rev-server supportDUPONCHEEL Sébastien2017-07-032-1/+6
| | | | | | | | | | This is functionally the same as --server, but provides some syntactic sugar to make specifying address-to-name queries easier. For example --rev-server=1.2.3.0/24,192.168.0.1 is exactly equivalent to --server=/3.2.1.in-addr.arpa/192.168.0.1 Signed-off-by: DUPONCHEEL Sébastien <sebastien.duponcheel@corp.ovh.com>
* dhcpv6: add missing dollar sign in dhcpv6 script (FS#874)Hans Dedecker2017-06-292-2/+2
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: backport patch fixing DNS failover (FS#841)Hans Dedecker2017-06-281-0/+31
| | | | | | | Backport upstream dnsmasq patch fixing DNS failover when first servers returns REFUSED in strict mode; fixes issue FS#841. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: add option to set max auth triesStijn Tintel2017-06-282-2/+4
| | | | | | | Add a uci option to set the new max auth tries paramater in dropbear. Set the default to 3, as 10 seems excessive. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dropbear: server support option '-T' max auth triesKevin Darbyshire-Bryant2017-06-282-2/+132
| | | | | | | | | | | | Add support for '-T n' for a run-time specification for maximum number of authentication attempts where 'n' is between 1 and compile time option MAX_AUTH_TRIES. A default number of tries can be specified at compile time using 'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for backwards compatibility. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* hostapd: configure NAS ID regardless of encryptionYury Shvedov2017-06-281-3/+3
| | | | | | | | | | | RADIUS protocol could be used not only for authentication but for accounting too. Accounting could be configured for any type of networks. However there is no way to configure NAS Identifier for non-WPA networks without this patch. Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com> [cleanup commit message] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: add acct_interval optionYury Shvedov2017-06-281-2/+5
| | | | | | | | Make an ability to configure Accounting-Interim-Interval via UCI Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com> [add hostapd prefix, cleanup commit message] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dnsmasq: backport tweak ICMP ping logic for DHCPv4Hans Dedecker2017-06-262-1/+26
| | | | | | | | | | Don't start ping-check of address in DHCP discover if there already exists a lease for the address. It has been reported under some circumstances android and netbooted windows devices can reply to ICMP pings if they have a lease and thus block the allocation of the IP address the device already has during boot. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openvpn: update to 2.4.3Magnus Kroken2017-06-265-13/+14
| | | | | | | | | | | | | | | | | | | | Fixes for security and other issues. See security announcement for more details: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 * Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508) * Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520) * Potential double-free in --x509-alt-username (CVE-2017-7521) * Remote-triggerable memory leaks (CVE-2017-7512) * Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522) * Null-pointer dereference in establish_http_proxy_passthru() * Restrict --x509-alt-username extension types * Fix potential 1-byte overread in TCP option parsing * Fix mbedtls fingerprint calculation * openssl: fix overflow check for long --tls-cipher option * Ensure option array p[] is always NULL-terminated * Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6) Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* treewide: add license tagsFlorian Eckert2017-06-241-0/+1
| | | | | | Add licence tags where missing. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* hostapd: add support for acs_chan_bias optionKevin Darbyshire-Bryant2017-06-242-2/+6
| | | | | | | | | | During auto channel selection we may wish to prefer certain channels over others. e.g. we can just squeeze 4 channels into europe so '1:0.8 5:0.8 9:0.8 13:0.8' does that. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* dnsmasq: add dhcp-range tags configurationGrégoire Delattre2017-06-202-2/+9
| | | | | | | | | | | | | | | | | | | dnsmasq can match tags in its dhcp-range configuration, this commit adds the option to configure it in the dhcp section uci configuration: config dhcp 'lan' option interface 'lan' list tag 'blue' list tag '!red' option start '10' option limit '150' option leasetime '12h' generated dnsmasq configuration: dhcp-range=tag:blue,tag:!red,set:lan,192.168.1.10,192.168.1.159,255.255.255.0,12h Signed-off-by: Grégoire Delattre <gregoire.delattre@gmail.com>
* netifd: update to the latest versionHans Dedecker2017-06-181-3/+3
| | | | | | | | ef5f7a0 ubus: remove superfluous error check in netifd_add_dynamic 5a68693 iprule: coding style line up 90e2e2c iprule: Add option to suppress unspecific routing lookups Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: fix service trigger syntax errorKevin Darbyshire-Bryant2017-06-162-2/+2
| | | | | | The classic single '&' when double '&&' conditional was meant. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* Revert "dnsmasq: manage resolv.conf if when listening on 127.0.0.1#53"Hans Dedecker2017-06-142-36/+26
| | | | | | This reverts commit a53f8ba6771de64c9c82a2e6867791226f3003cb. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: manage resolv.conf if when listening on 127.0.0.1#53Paul Oranje2017-06-122-26/+36
| | | | | | | | | | With this patch the dnsmasq init script manages resolv.conf if and only if when dnsmasq will listen on 127.0.0.1#53 (is main resolver instance). Also, resolvfile is now set irrespective of the value of noresolv. Fixes (partially) FS#785 Signed-off-by: Paul Oranje <por@xs4all.nl>
* dnsmasq: make bind-dynamic 'non-wildcard' interfaces defaultKevin Darbyshire-Bryant2017-06-113-4/+6
| | | | | | | | | | | | | | | 'non-wildcard' interfaces enables dnsmasq's '--bind-dynamic' mode. This binds to interfaces rather than wildcard addresses *and* keeps track of interface comings/goings via a unique Linux api. Quoting dnsmasq's author "bind-dynamic (bind individual addresses, keep up with changes in interface config) ... On linux, there's actually no sane reason not to use --bind-dynamic, and it's only not the default for historical reasons." Let's change history, well on LEDE at least, and change the default! Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* dnsmasq: add dhcp-script hook conditionallyHans Dedecker2017-06-092-2/+14
| | | | | | | | | | | | Commit b32689afd6a661339861086c669e15c936293cf8 added support for dhcp-script hook. Adding dhcp-script config option results into two instances of dnsmasq being run which triggered oom issues on platforms having low memory. The dnsmasq dhcp-script config option will now only be added if at least one of the dhcp, tftp, neigh hotplug dirs has a regular hotplug file or if the dhcpscript uci config option is specified. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Lantiq: make possible to tweak DSL SRN from UCIAndrea Merello2017-06-031-1/+26
| | | | | | | | | | | | | | | | | | | | | This patch makes possible to tweak the downstream SNR margin on Lantiq DSL devices. The UCI parameter 'network.dsl.ds_snr_offset' is used to set the SNR margin offset. It accepts values in range -50 to +50 in 0.1 dB units. The SNR margin can thus be modified in range -5.0 to +5.0 dB in 0.1 dB steps. Currently this should only affect ADSL (not VDSL). It should be very easy to make this work also on VDSL lines, but since I couldn't test on VDSL lines this patch does not do that yet. I have also a patch for LUCI about this, that I could submit. Tested on FB3370 (Lantiq VR9) and Telecom Italia ADSL2+ line. Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
* umdns: remove superfluous include in init scriptJo-Philipp Wich2017-06-021-2/+0
| | | | | | | | | | | | | The umdns init script includes function/network.sh globally, outside of any service procedure. This causes init script activation to fail in buildroot and IB context if umdns is set to builtin. Additionally, the network.sh helper is not actually used. Drop the entire include in order to repair init script activation in build host context. Fixes FS#658. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: bump to 2.77Kevin Darbyshire-Bryant2017-06-011-4/+4
| | | | | | Bump to the 2.77 release after quite a few test & release candidates. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* ppp: propagate master firewall zone to dynamic slave interfaceHans Dedecker2017-05-312-1/+4
| | | | | | | | | | Assign the virtual DHCPv6 interface the firewall zone of the parent interface so fw3 knows the zone to which the virtual DHCPv6 interface belongs. This guarantees the firewall settings are applied correctly for the virtual DHCPv6 interface and allows to query the zone to which the virtual DHCPv6 interface belongs via the fw3 network option. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openvpn-easy-rsa: update to 3.0.1Luiz Angelo Daros de Luca2017-05-315-169/+26
| | | | | | | | | | | | | | | | | | | | | | easy-rsa v3 is now a single script. It expects a 'vars' configuration file which path can be set using easy-rsa options, environment variables or just looking in the current directory. The default usage would be: # cd /etc/easy-rsa # easy-rsa COMMAND [command-options] Following upstream changes, /etc/easy-rsa/pki replaces /etc/easy-rsa/keys directory. The default /etc/easy-rsa/pki dir is marked to be kept during upgrade (WARN: priv keys are saved in the system backup) /etc/easy-rsa/openssl.1.0.cnf is now marked as config file while index and serial got removed. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* iproute2: bump to 4.11Kevin Darbyshire-Bryant2017-05-3016-529/+228
| | | | Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* firewall: fix stray continue statementJo-Philipp Wich2017-05-271-4/+4
| | | | | | | The previous commit introduced a faulty continue statement which might lead to faulty rules not getting freed or reported. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: fix 6rd regression (FS#812)Hans Dedecker2017-05-271-3/+3
| | | | | | 08f1875 system-linux: fix 6rd regression Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: extend ubus support, exception handling, parse fixesJo-Philipp Wich2017-05-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | Update to latest Git HEAD in order to import a number of fixes and other improvements: 3d2c18a options: improve handling of negations when parsing space separated values 0e5dd73 iptables: support -i, -o, -s and -d in option extra 4cb06c7 ubus: increase ubus network interface dump timeout e5dfc82 iptables: add exception handling f625954 firewall3: add check_snat() function 7d3d9dc firewall3: display the section type for UBUS rules 53ef9f1 firewall3: add UBUS support for include scripts 5cd4af4 firewall3: add UBUS support for ipset sections 02d6832 firewall3: add UBUS support for forwarding sections 0a7d36d firewall3: add UBUS support for redirect sections d44f418 firewall3: add fw3_attr_parse_name_type() function e264c8e firewall3: replace warn_rule() by warn_section() 6039c7f firewall3: check the return value of fw3_parse_options() Fixes FS#548, FS#806, FS#811. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* samba: bump PKG_RELEASEJo-Philipp Wich2017-05-271-1/+1
| | | | | | | | | | | The previous CVE bugfix commit did not adjust PKG_RELEASE, therefor the fixed samba package does not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Ref: https://forum.lede-project.org/t/sambacry-are-lede-devices-affected/3972/4 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Move enablemodem from ramips to new package adb-enablemodem and make it used ↵Filip Moc2017-05-272-0/+90
| | | | | | also by TL-MR6400 Signed-off-by: Filip Moc <lede@moc6.cz>
* dnsmasq: add dhcp-script hook for other packagesNick Brassel2017-05-263-5/+59
| | | | | | | | | | | | | Adds a script which acts as a hook for when dnsmasq creates/destroys a lease, or completes a TFTP file transfer. The hook loops through scripts in appropriate directories inside '/etc/hotplug.d', executing each one with the same arguments supplied by dnsmasq. In case dnsmasq is jailed by ujail the dhcp-script hook will not work as expected as ujail does not yet support executing a script within a jail. Signed-off-by: Nick Brassel <nick@tzarc.org> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iptables: fix typos in 600-shared-libext.patch (FS#711)Felix Fietkau2017-05-251-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* DWR-512: adding wwan support for the dwr-512 3G modemGiuseppe Lippolis2017-05-253-15/+49
| | | | | | | | | This PR allow the 3G modem embedded in the DWR-512 to be managed by the wwan-ncm scripts. The modem will use the usb-option and usb-cdc-ether drivers. The DWR-512 DT is updated accordingly. Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 16:35:42 +0000