aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* dnsmasq: Change behavior when RD bit unset in queries.Kevin Darbyshire-Bryant2018-09-212-1/+55
| | | | | | | | | | | Backport upstream commit Change anti cache-snooping behaviour with queries with the recursion-desired bit unset. Instead to returning SERVFAIL, we now always forward, and never answer from the cache. This allows "dig +trace" command to work. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dropbear: Install /etc/config as 600Rosen Penev2018-09-191-3/+3
| | | | | | | | /etc/config/dropbear is used by the init script which only runs as root. Small whitespace change. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* lldpd: Install /etc/config file as 600Rosen Penev2018-09-191-6/+4
| | | | | | | | | | /etc/config/lldpd is only used by the init script, which only runs as root Adjusted homepage and download URLs to use HTTPS. -std=c99 is useful for GCC versions less than 6. Current OpenWrt uses 7. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* netifd: update to latest git HEADHans Dedecker2018-09-191-3/+3
| | | | | | 23941d7 system-linux: enable by default ignore encaplimit for ip6 tunnels Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* map: drop default encaplimit valueHans Dedecker2018-09-192-2/+2
| | | | | | | | | | | | | Setting encaplimit to a numerical value results into the value being included as tunnel encapsulation limit in the destination option header for tunneled packets. Several users have reported interop issues as not all ISPs support the destination option header containing the tunnel encapsulation limit resulting into broken map connectivity. Therefore drop the default encaplimit value for map tunnels so no destination option header is included by default. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ds-lite: drop default encaplimit valueHans Dedecker2018-09-192-2/+2
| | | | | | | | | | | | | Setting encaplimit to a numerical value results into the value being included as tunnel encapsulation limit in the destination option header for tunneled packets. Several users have reported interop issues as not all ISPs support the destination option header containing the tunnel encapsulation limit resulting into broken ds-lite connectivity. Therefore drop the default encaplimit value for ds-lite tunnels so no destination option header is included by default. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wireguard: bump to 0.0.20180918Jason A. Donenfeld2018-09-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * blake2s-x86_64: fix whitespace errors * crypto: do not use compound literals in selftests * crypto: make sure UML is properly disabled * kconfig: make NEON depend on CPU_V7 * poly1305: rename finish to final * chacha20: add constant for words in block * curve25519-x86_64: remove useless define * poly1305: precompute 5*r in init instead of blocks * chacha20-arm: swap scalar and neon functions * simd: add __must_check annotation * poly1305: do not require simd context for arch * chacha20-x86_64: cascade down implementations * crypto: pass simd by reference * chacha20-x86_64: don't activate simd for small blocks * poly1305-x86_64: don't activate simd for small blocks * crypto: do not use -include trick * crypto: turn Zinc into individual modules * chacha20poly1305: relax simd between sg chunks * chacha20-x86_64: more limited cascade * crypto: allow for disabling simd in zinc modules * poly1305-x86_64: show full struct for state * chacha20-x86_64: use correct cut off for avx512-vl * curve25519-arm: only compile if symbols will be used * chacha20poly1305: add __init to selftest helper functions * chacha20: add independent self test Tons of improvements all around the board to our cryptography library, including some performance boosts with how we handle SIMD for small packets. * send/receive: reduce number of sg entries This quells a powerpc stack usage warning. * global: remove non-essential inline annotations We now allow the compiler to determine whether or not to inline certain functions, while still manually choosing so for a few performance-critical sections. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* dnsmasq: Handle memory allocation failure in make_non_terminals()Kevin Darbyshire-Bryant2018-09-192-1/+46
| | | | | | | | Backport upstream commit: ea6cc33 Handle memory allocation failure in make_non_terminals() Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* uqmi: pass-through ipXtable to child interfacesDaniel Golle2018-09-152-2/+5
| | | | | | | | Allow setting specific routing tables via the ip4table and ip6table options also when ${ifname}_4 and ${ifname}_6 child interfaces are being created. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* iproute2: q_cake: Also print nonat, nowash and no-ack-filter keywordsKevin Darbyshire-Bryant2018-09-152-3/+7
| | | | | | | | Pull in latest upstream tweaks: Similar to the previous patch for no-split-gso, the negative keywords for 'nat', 'wash' and 'ack-filter' were not printed either. Add those as well. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* odhcpd: enable ipv6 server mode only when it is supportedRosy Song2018-09-122-2/+2
| | | | Signed-off-by: Rosy Song <rosysong@rosinson.com>
* iproute2: q_cake: Add printing of no-split-gso optionKevin Darbyshire-Bryant2018-09-122-2/+4
| | | | | | | | When the GSO splitting was turned into dual split-gso/no-split-gso options, the printing of the latter was left out. Add that, so output is consistent with the options passed Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* netifd: update to latest HEADFlorian Fainelli2018-09-111-3/+3
| | | | | | 0059335c5b60 CMakeList: Check that compiler supports -Wimplicit-fallthrough Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* wireguard: bump to 0.0.20180910Jason A. Donenfeld2018-09-111-2/+2
| | | | | | | | | | | | | | | | | | | | | | | * curve25519: arm: do not modify sp directly * compat: support neon.h on old kernels * compat: arch-namespace certain includes * compat: move simd.h from crypto to compat since it's going upstream This fixes a decent amount of compat breakage and thumb2-mode breakage introduced by our move to Zinc. * crypto: use CRYPTOGAMS license Rather than using code from OpenSSL, use code directly from AndyP. * poly1305: rewrite self tests from scratch * poly1305: switch to donna This makes our C Poly1305 implementation a bit more intensely tested and also faster, especially on 64-bit systems. It also sets the stage for moving to a HACL* implementation when that's ready. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: Fix compile with OpenSSL 1.1.0 + no deprecated APIsRosen Penev2018-09-101-0/+40
| | | | | | | | Patch was accepted upsteam: https://w1.fi/cgit/hostap/commit/?id=373c796948599a509bad71695b5b72eef003f661 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* dnsmasq: bump to dnsmasq 2.80test6Hans Dedecker2018-09-092-4/+4
| | | | | | | | | | | | | | | | Refresh patches Changes since latest bump: af3bd07 Man page typo. d682099 Picky changes to 47b45b2967c931fed3c89a2e6a8df9f9183a5789 47b45b2 Fix lengths of interface names 2b38e38 Minor improvements in lease-tools 282eab7 Mark die function as never returning c346f61 Handle ANY queries in context of da8b6517decdac593e7ce24bde2824dd841725c8 03212e5 Manpage typo. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* curl: Update to 7.61.1Daniel Engberg2018-09-091-3/+3
| | | | | | Update curl to 7.61.1 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* odhcp6c: add client fqdn and reconfigure optionspacien2018-09-082-3/+9
| | | | | | | | Allowing DHCPV6_CLIENT_FQDN and DHCPV6_ACCEPT_RECONFIGURE to be turned off. Defaulting to false, former behavior remains unchanged. Signed-off-by: pacien <pacien.trangirard@pacien.net> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* dnsmasq: allow dnsmasq variants to be included in imageHenrique de Moraes Holschuh2018-09-061-0/+2
| | | | | | | | | | | The dnsmasq variants should provide dnsmasq, otherwise it is impossible to include them in the image. This change allows one to have CONFIG_PACKAGE_dnsmasq=m and CONFIG_PACKAGE_dnsmasq-full=y, e.g. because you want DNSSEC support, or IPSETs suport on your 3000-devices fleet ;-) Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
* dnsmasq: bump to dnsmasq v2.80test5Hans Dedecker2018-09-064-132/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refresh patches Remove 240-ubus patch as upstream accepted. Add uci option ubus which allows to enable/disable ubus support (enabled by default) Upstream commits since last bump: da8b651 Implement --address=/example.com/# c5db8f9 Tidy 7f876b64c22b2b18412e2e3d8506ee33e42db7c 974a6d0 Add --caa-record b758b67 Improve logging of RRs from --dns-rr. 9bafdc6 Tidy up file parsing code. 97f876b Properly deal with unaligned addresses in DHCPv6 packets. cbfbd17 Fix broken DNSSEC records in previous. b6f926f Don't return NXDOMAIN to empty non-terminals. c822620 Add --dhcp-name-match 397c050 Handle case of --auth-zone but no --auth-server. 1682d15 Add missing EDNS0 section. EDNS0 section missing in replies to EDNS0-containing queries where answer generated from --local=/<domain>/ dd33e98 Fix crash parsing a --synth-domain with no prefix. Problem introduced in 2.79/6b2b564ac34cb3c862f168e6b1457f9f0b9ca69c c16d966 Add copyright to src/metrics.h 1dfed16 Remove C99 only code. 6f835ed Format fixes - ubus.c 9d6fd17 dnsmasq.c fix OPT_UBUS option usage 8c1b6a5 New metrics and ubus files. 8dcdb33 Add --enable-ubus option. aba8bbb Add collection of metrics caf4d57 Add OpenWRT ubus patch Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: bump to git HEAD (detect broken hostnames)Hans Dedecker2018-09-051-4/+4
| | | | | | | 881f66b odhcpd: detect broken hostnames 3e17fd9 config: fix odhcpd_attrs array size Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wireguard: bump to 0.0.20180904Jason A. Donenfeld2018-09-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Kconfig: use new-style help marker * global: run through clang-format * uapi: reformat * global: satisfy check_patch.pl errors * global: prefer sizeof(*pointer) when possible * global: always find OOM unlikely Tons of style cleanups. * crypto: use unaligned helpers We now avoid unaligned accesses for generic users of the crypto API. * crypto: import zinc More style cleanups and a rearrangement of the crypto routines to fit how this is going to work upstream. This required some fairly big changes to our build system, so there may be some build errors we'll have to address in subsequent snapshots. * compat: rng_is_initialized made it into 4.19 We therefore don't need it in the compat layer anymore. * curve25519-hacl64: use formally verified C for comparisons The previous code had been proved in Z3, but this new code from upstream KreMLin is directly generated from the F*, which is preferable. The assembly generated is identical. * curve25519-x86_64: let the compiler decide when/how to load constants Small performance boost. * curve25519-arm: reformat * curve25519-arm: cleanups from lkml * curve25519-arm: add spaces after commas * curve25519-arm: use ordinary prolog and epilogue * curve25519-arm: do not waste 32 bytes of stack * curve25519-arm: prefix immediates with # This incorporates ASM nits from upstream review. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: fix build of wpa-supplicant-p2pAlexander Couzens2018-09-031-0/+1
| | | | | | | VARIANT:= got removed by accident. Fixes: 3838b16943c6 ("hostapd: fix conflicts hell") Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* iproute2: update cake man pageKevin Darbyshire-Bryant2018-08-312-3/+81
| | | | | | | | | | | CAKE supports overriding of its internal classification of packets through the tc filter mechanism. Update the man page in our package, even though we don't build them. Someone may find the documentation useful. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 30598a05385b0ac2380dd4f30037a9f9d0318cf2)
* ppp: remove hardcoded lcp-echo-failure, lcp-echo-interval valuesJo-Philipp Wich2018-08-302-2/+2
| | | | | | | | | | | | | | | | | | | | | | OpenWrt used to ship hardcoded defaults for lcp-echo-failure and lcp-echo-interval in the non-uci /etc/ppp/options file. These values break uci support for *disabling* LCP echos through the use of "option keepalive 0" as either omitting the keepalive option or setting it to 0 will result in no lcp-echo-* flags getting passed to the pppd cmdline, causing the pppd process to revert to the defaults in /etc/ppp/options. Address this issue by letting the uci "keepalive" option default to the former hardcoded values "5, 1" and by removing the fixed lcp-echo-failure and lcp-echo-interval settings from the /etc/ppp/options files. Ref: https://github.com/openwrt/luci/issues/2112 Ref: https://dev.archive.openwrt.org/ticket/2373.html Ref: https://bugs.openwrt.org/index.php?do=details&task_id=854 Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1259 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uqmi: wait for the control device tooThomas Equeter2018-08-291-2/+2
| | | | | | | | | | | | | | | | The control device /dev/cdc-wdm0 is not available immediately on the D-Link DWR-921 Rev.C3, therefore the wwan interface fails to start at boot with a "The specified control device does not exist" error. This patch alters /lib/netifd/proto/qmi.sh to wait for network.wwan.delay earlier, before checking for the control device, instead of just before interacting with the modem. One still has to use network.wwan.proto='qmi', as the "wwan" proto performs that sort of check before any delay is possible, failing with a "No valid device was found" error. Signed-off-by: Thomas Equeter <tequeter@users.noreply.github.com>
* comgt: increase timeout on runcommandsGiuseppe Lippolis2018-08-291-1/+1
| | | | | | | | | Some combination of modem/wireless operator requires more time to execute the commands. Tested on DWR-512 embedded wwan modem and italian operator iliad (new virtual operator). Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
* ethtool: Update to 4.18Robert Marko2018-08-281-2/+2
| | | | | | | | | | | Tested on 8devices Jalapeno(ipq40xx) Introduces following changes: Feature: Add support for WAKE_FILTER (WoL using filters) Feature: Add support for action value -2 (wake-up filter) Fix: document WoL filters option also in help message Feature: ixgbe dump strings for security registers Signed-off-by: Robert Marko <robimarko@gmail.com>
* iproute2: update to 4.18.0Hans Dedecker2018-08-252-40/+3
| | | | | | | | Update to the latest version of iproute2; see https://lwn.net/Articles/762515/ for a full overview of the changes in 4.18. Remove upstream patch 001-rdma-sync-some-IP-headers-with-glibc Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: backport upstream fix for CVE-2018-15599Hans Dedecker2018-08-243-3/+224
| | | | | | | | | | CVE description : The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* uhttpd: support multiple Lua prefixesJo-Philipp Wich2018-08-233-21/+32
| | | | | | | | | | | | | | | | | | | Update to latest git HEAD in order to support configuring multiple concurrent Lua prefixes in a single uhttpd instance: b741dec lua: support multiple Lua prefixes Additionally rework the init script and update the default configuration example to treat the lua_prefix option as key=value uci list, similar to the interpreter extension mapping. Support for the old "option lua_prefix" plus "option lua_handler" notation is still present. Finally drop the sed postinstall hack in uhttpd-mod-lua to avoid mangling files belonging to other packages. Since Lua prefixes have precedence over CGI prefixes, simply register `/cgi-bin/luci` as Lua handler which will only become active if both luci-base and uhttpd-mod-lua is installed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* samba36: Enable umdnsd supportRosen Penev2018-08-222-1/+2
| | | | | | | | | | Allows discovery without having to use NetBIOS. Useful for mobile devices. Could eventually throw nbmd away. But that requires Windows 10... Tested on Fedora 28 with avahi-discover. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* iptables: make iptables-mod-conntrack-extra depend on kmod-ipt-rawJo-Philipp Wich2018-08-221-2/+2
| | | | | | | Since kernel 4.14 there is no auto assignment of conntrack helpers anymore so fw3 needs raw table support in order to stage ct helper assignment rules. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: remove creation of /etc/ethersHans Dedecker2018-08-212-4/+1
| | | | | | | | Remove creation of file /etc/ethers in dnsmasq init script as the file is now created by default in the base-files package by commit fa3301a28e Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* uhttpd: update to latest Git headJo-Philipp Wich2018-08-211-3/+3
| | | | | | | 952bf9d build: use _DEFAULT_SOURCE 30a18cb uhttpd: recognize PATCH, PUT and DELETE HTTP methods Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to latest git HEADHans Dedecker2018-08-201-3/+3
| | | | | | | | | 7454d12 interface: let interface_set_down() return void 32f11a8 interface: make __interface_set_down() static b9d5a8c interface: extend interface error messages in interface_set_up() de394b3 interface: ensure NO_DEVICE error is always reported Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: process all CSA parametersYury Shvedov2018-08-201-6/+31
| | | | | | | This adds processing of all CSA arguments from ubus switch_chan request in the same manner as in the control interface API. Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
* netifd: update to latest git HEADHans Dedecker2018-08-141-3/+3
| | | | | | 522456b device: gracefully handle device names exceeding IFNAMESIZ Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: bump to git HEADStijn Tintel2018-08-131-3/+3
| | | | | | | | 12a7cf9 Add support for DSCP matches and target 06fa692 defaults: use a generic check_kmod() function 1c4d5bc defaults: fix check_kmod() function Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* wireguard: bump to 0.0.20180809Jason A. Donenfeld2018-08-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * send: switch handshake stamp to an atomic Rather than abusing the handshake lock, we're much better off just using a boring atomic64 for this. It's simpler and performs better. Also, while we're at it, we set the handshake stamp both before and after the calculations, in case the calculations block for a really long time waiting for the RNG to initialize. * compat: better atomic acquire/release backport This should fix compilation and correctness on several platforms. * crypto: move simd context to specific type This was a suggestion from Andy Lutomirski on LKML. * chacha20poly1305: selftest: use arrays for test vectors We no longer have lines so long that they're rejected by SMTP servers. * qemu: add easy git harness This makes it a bit easier to use our qemu harness for testing our mainline integration tree. * curve25519-x86_64: avoid use of r12 This causes problems with RAP and KERNEXEC for PaX, as r12 is a reserved register. * chacha20: use memmove in case buffers overlap A small correctness fix that we never actually hit in WireGuard but is important especially for moving this into a general purpose library. * curve25519-hacl64: simplify u64_eq_mask * curve25519-hacl64: correct u64_gte_mask Two bitmath fixes from Samuel, which come complete with a z3 script proving their correctness. * timers: include header in right file This fixes compilation in some environments. * netlink: don't start over iteration on multipart non-first allowedips Matt Layher found a bug where a netlink dump of peers would never terminate in some circumstances, causing wg(8) to keep trying forever. We now have a fix as well as a unit test to mitigate this, and we'll be looking to create a fuzzer out of Matt's nice library. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wpa_supplicant: fix CVE-2018-14526John Crispin2018-08-101-0/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unauthenticated EAPOL-Key decryption in wpa_supplicant Published: August 8, 2018 Identifiers: - CVE-2018-14526 Latest version available from: https://w1.fi/security/2018-1/ Vulnerability A vulnerability was found in how wpa_supplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpa_supplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being authenticated. This has a potential issue in the case where WPA2/RSN style of EAPOL-Key construction is used with TKIP negotiated as the pairwise cipher. It should be noted that WPA2 is not supposed to be used with TKIP as the pairwise cipher. Instead, CCMP is expected to be used and with that pairwise cipher, this vulnerability is not applicable in practice. When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data field is encrypted using RC4. This vulnerability allows unauthenticated EAPOL-Key frames to be processed and due to the RC4 design, this makes it possible for an attacker to modify the plaintext version of the Key Data field with bitwise XOR operations without knowing the contents. This can be used to cause a denial of service attack by modifying GTK/IGTK on the station (without the attacker learning any of the keys) which would prevent the station from accepting received group-addressed frames. Furthermore, this might be abused by making wpa_supplicant act as a decryption oracle to try to recover some of the Key Data payload (GTK/IGTK) to get knowledge of the group encryption keys. Full recovery of the group encryption keys requires multiple attempts (128 connection attempts per octet) and each attempt results in disconnection due to a failure to complete the 4-way handshake. These failures can result in the AP/network getting disabled temporarily or even permanently (requiring user action to re-enable) which may make it impractical to perform the attack to recover the keys before the AP has already changes the group keys. By default, wpa_supplicant is enforcing at minimum a ten second wait time between each failed connection attempt, i.e., over 20 minutes waiting to recover each octet while hostapd AP implementation uses 10 minute default for GTK rekeying when using TKIP. With such timing behavior, practical attack would need large number of impacted stations to be trying to connect to the same AP to be able to recover sufficient information from the GTK to be able to determine the key before it gets changed. Vulnerable versions/configurations All wpa_supplicant versions. Acknowledgments Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU Leuven for discovering and reporting this issue. Possible mitigation steps - Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This can be done also on the AP side. - Merge the following commits to wpa_supplicant and rebuild: WPA: Ignore unauthenticated encrypted EAPOL-Key data This patch is available from https://w1.fi/security/2018-1/ - Update to wpa_supplicant v2.7 or newer, once available Signed-off-by: John Crispin <john@phrozen.org>
* odhcp6c: apply IPv6/ND configuration earlierHans Dedecker2018-08-092-8/+9
| | | | | | | | | | Apply IPv6/ND configuration before proto_send_update so that all config info is available when netifd is handling the notify_proto ubus call. In particular this fixes an issue when netifd is updating the downstream IPv6 mtu as netifd was still using the not yet updated upstream IPv6 mtu to set the downstream IPv6 mtu Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: remove libutil from InstallDev sectionHans Dedecker2018-08-091-3/+2
| | | | | | | | | | | Commit 4d961538f6 added libutil to the iproute2 InstallDev section but lead to compile issues with packages picking up the wrong libutil since libutil is quite a generic name ... Further libutil is rather meant for internal usage in iproute2 than a public API; therefore let's remove it from the InstallDev section together with ll_map.h Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHans Dedecker2018-08-091-3/+3
| | | | | | 115a694 interface-ip: always override downstream IPv6 mtu Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: add libutil to InstallDev sectionHans Dedecker2018-08-081-0/+1
| | | | | | | | In iproute2 v4.17 ll_map has been moved from the libnetlink to the libutil library; add libutil as well to the staging dir in order to keep support for ll_map Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wireguard: bump to 0.0.20180802Jason A. Donenfeld2018-08-041-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog taken from the version announcement > == Changes == > > * chacha20poly1305: selftest: split up test vector constants > > The test vectors are encoded as long strings -- really long strings -- and > apparently RFC821 doesn't like lines longer than 998. > https://cr.yp.to/smtp/message.html > > * queueing: keep reference to peer after setting atomic state bit > > This fixes a regression introduced when preparing the LKML submission. > > * allowedips: prevent double read in kref > * allowedips: avoid window of disappeared peer > * hashtables: document immediate zeroing semantics > * peer: ensure resources are freed when creation fails > * queueing: document double-adding and reference conditions > * queueing: ensure strictly ordered loads and stores > * cookie: returned keypair might disappear if rcu lock not held > * noise: free peer references on failure > * peer: ensure destruction doesn't race > > Various fixes, as well as lots of code comment documentation, for a > small variety of the less obvious aspects of object lifecycles, > focused on correctness. > > * allowedips: free root inside of RCU callback > * allowedips: use different macro names so as to avoid confusion > > These incorporate two suggestions from LKML. > > This snapshot contains commits from: Jason A. Donenfeld and Jann Horn. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* iproute2: cake: make gso/gro splitting configurableKevin Darbyshire-Bryant2018-08-022-2/+11
| | | | | | | | | | | | | | | | | | This patch makes sch_cake's gso/gro splitting configurable from userspace. To disable breaking apart superpackets in sch_cake: tc qdisc replace dev whatever root cake no-split-gso to enable: tc qdisc replace dev whatever root cake split-gso Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk> Signed-off-by: Dave Taht <dave.taht@gmail.com> [pulled from netdev list - no API/ABI change] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iperf: bump to 2.0.12Koen Vandeputte2018-08-021-2/+2
| | | | | | | | | | | | | | | | | | | Fixes the annoying 'feature' were TTL was set to "1" by default .. Users had to specify -T manually to test outside the own network. 2.0.12 change set (as of June 25th 2018) o Change the unicast TTL default value from 1 to the system default (to be compatable with previous versions.) Multicast still defaults to 1. o adpative formatting bug fix: crash occurs when values exceed 1 Tera. Add support for Tera and Peta and eliminate the potential crash condition o configure default compile to include isochronous support (use configure --disable-isochronous to remove support) o replace 2.0.11's --vary-load option with a more general -b option to include <mean>,<stdev>, e.g. -b 100m,40m, which will pull from a log normal distribution every 0.1 seconds o fixes for windows cross compile (using mingw32) o compile flags of -fPIE for android o configure --enable-checkprograms to compile ancillary binaries used to test things such as delay, isoch, pdf generation o compile tests when trying to use 64b seq numbers on a 32b platform o Fix GCC ver 8 warnings Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* nftables: allow to build with json supportRosy Song2018-08-011-1/+12
| | | | Signed-off-by: Rosy Song <rosysong@rosinson.com>
* iwinfo: update to latest Git HEADJo-Philipp Wich2018-07-311-3/+3
| | | | | | | | a514139 build: compile with -ffunction-sections, -fdata-sections and LTO 3c30b17 wl: only invoke nvram executable if it exists 65b8333 Revert "build: compile with -ffunction-sections, -fdata-sections and LTO" Signed-off-by: Jo-Philipp Wich <jo@mein.io>