| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Having it in a directory it more friendly for mount-bind.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a backport from the dnsmasq master which should fix a bug which
could cause a crash in dnsmasq.
I saw the following crashes in my log:
[522413.117215] do_page_fault(): sending SIGSEGV to dnsmasq for invalid read access from 2a001450
[522413.124464] epc = 004197f1 in dnsmasq[400000+23000]
[522413.129459] ra = 004197ef in dnsmasq[400000+23000]
This is happening in blockdata_write() when block->next is
dereferenced, but I am not sure if this is related to this problem or if
this is a different problem. I am unable to reproduce this problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
| |
bf2c106 nl80211: add htmode to iwinfo_ops
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
| |
Add call to fclose for file pointer fp in function t_openpw.
The resource leak could happen during an error handling.
Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
78cd384 Update README and patchlevel.h for 2.4.8 release
5d03403 pppd: Avoid use of strnlen (and strlen) in vslprintf
a1e950a pppd: Fix IPv6 default route code for Solaris
ca5e61b plugins/rp-pppoe: Make tag parsing loop condition more accurate
c10c3c7 pppd: Make sure word read from options file is null-terminated
b311e98 pppd: Limit memory accessed by string formats with max length specified
3ea9de9 pppd: Eliminate some more compiler warnings
57edb1a pppd: Include time.h header before using time_t
09f695f pppd: Don't free static string
03104ba pppd.h: Add missing headers
388597e pppd: Add defaultroute6 and related options
66ce4ba pppd: Avoid declarations within statements in main.c
5637180 pppd: Fix `ifname` option in case of multilink (#105)
d00f8a0 pppd: Fix variable reference syntax in Makefile.linux
b6b4d28 pppd: Check tdb pointer before closing
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
|
| |
|
|
|
|
|
|
|
|
| |
If CONFIG_DROPBEAR_ZLIB is set, building fails at the packaging stage
due to an undeclared dependency on libz.so.1.
As is already done for the main dropbear package, conditionally add a
dependency on zlib.
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
|
| |
|
|
|
|
| |
Upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
| |
iperf2 is useful for testing UDP over multicast, add an option to permit
the enabling/disabling of multicast support.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 10cbc896c0a26aecff37261450c21f29fb5b99db.
The updated iptables package does not build due to the following error
encountered on the buildbots:
cp: cannot stat '.../iptables-1.8.4/ipkg-install/usr/lib/libiptc.so.*': No such file or directory
The changelog mentions "build: remove -Wl,--no-as-needed and libiptc.so" so
it appears as if further packaging changes are needed beyond a simple
version bump.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
| |
Update iptables to 1.8.4
ChangeLog:
https://netfilter.org/projects/iptables/files/changes-iptables-1.8.4.txt
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
|
| |
|
|
|
|
|
| |
a6f6c05 nl80211: properly handle netdev names starting with "radio"
31dcef3 iwinfo: add several QC/A device ids
Signed-off-by: David Bauer <mail@david-bauer.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
| |
The old name was dropped and no longer works.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
edad0d6 version: bump snapshot
0e38a3c compat: ipv6_dst_lookup_flow was backported to 5.3 and 5.4
2e52c41 wg-quick: linux: use already configured addresses instead of in-memory
3721521 tools: adjust wg.8 syntax for consistency in COMMANDS section
21a1498 wg-quick: linux: try both iptables(8) and nft(8) on teardown
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
| |
Avoids redefining bool.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
| |
5f9ae57 client: fix invalid data access through invalid content-length values
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
| |
Backport two upstream commits that allow building
openvpn-openssl without OpenSSLs deprecated APIs.
Full changelog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
iputils has moved from the master tree to the packages feed, and is
switching from the abandoned skbuff.net upstream to
github.com/iputils/iputils.
Ref: https://git.openwrt.org/556698cedf9e86a0ffe9f148d4e8e733676c26f6
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
1ec6ece version: bump snapshot
e13de91 main: remove unused include <linux/version.h>
72eb17c wg-quick: linux: support older nft(8)
1d8e978 global: fix up spelling
e02713e wg-quick: linux: add support for nft and prefer it
b4e3a83 compat: support building for RHEL-8.1 instead of RHEL-8.0
f29e3ac socket: convert to ipv6_dst_lookup_flow for 5.5
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
| |
d60f0a6 treewide: optimize syslog priority values
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Before commit 60fb4c92b6 ("hostapd: add ubus reload") netifd was
tracking hostapd/wpa_supplicant and restarting wifi in case of a
process crash. Restore this behaviour by tracking the PIDs of
hostapd and wpa_supplicant.
Also make sure hostapd and/or wpa_supplicant have been started before
emmitting ubus calls to them using ubus wait_for.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
Allows graceful restart of crashing hostapd/wpa_supplicant instances
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: attempt to launch only present services]
|
| |
|
|
|
|
|
| |
Fixes: 60fb4c92b6 ("hostapd: add ubus reload")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: polish commit message]
|
| |
|
|
|
|
|
|
| |
This enables the CTRL_IFACE_MIB symbol for wpad-full and hostapd-full.
If it is not enabled, statistic outputs such as "hostapd_cli all_sta"
are empty.
Signed-off-by: David Bauer <mail@david-bauer.net>
|
| |
|
|
|
|
|
| |
Update iproute2 to latest stable version, see https://lwn.net/Articles/805654/
for the changes in 5.4.0
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* wg-quick: linux: suppress error when finding unused table
This fixes a spurious warning messages seen with recent versions of iproute2
and kernels.
* wg-quick: linux: ensure postdown hooks execute
* wg-quick: linux: have remove_iptables return true
* wg-quick: linux: iptables-* -w is not widely supported
Adding in iptables had some hiccups. For the record, I'm very unhappy about
having to put any firewalling code into wg-quick(8). We'll of course need to
support nftables too at some point if this continues. I'm investigating with
upstream the possibility of adding a sysctl to patch the issue that iptables
is handling now, so hopefully at somepoint down the line we'll be able to shed
this dependency once again.
* send: use kfree_skb_list
* device: prepare skb_list_walk_safe for upstreaming
* send: avoid touching skb->{next,prev} directly
Suggestions from LKML.
* ipc: make sure userspace communication frees wgdevice
Free things properly on error paths.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
| |
IPv6 protocol is enabled on all gre interfaces, but gre(v6)tap
interfaces are usually added to a bridge interface, in which case
IPv6 should be enabled only on the bridge interface.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
|
| |
|
|
|
|
| |
For changes in 7.67.0; see https://curl.haxx.se/changes.html#7_67_0
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
e45b140 interface: warn if ip6hint is truncated
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
* messages: recalculate rekey max based on a one minute flood
* allowedips: safely dereference rcu roots
* socket: remove redundant check of new4
* allowedips: avoid double lock in selftest error case
* tools: add syncconf command
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
dnsmasq v2.80 made 'dnssec-check-unsigned' the default, thus the uci
option was rendered ineffectual: we checked unsigned zones no matter the
setting.
Disabling the checking of unsigned zones is now achieve with the
"--dnssec-check-unsigned=no" dnsmasq option.
Update init script to pass required option in the disabled case.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
| |
8174814 utils: persist effective extra_src and extra_dest options in state file
72a486f zones: fix emitting match rules for zones with only "extra" options
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
| |
Change dhcp no/release on shutdown to 'norelease' uci option to match
existing proto dhcpv6 usage.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add ubus interface to hostapd and wpa_supplicant to allow dynamically
reloading wiface configuration without having to restart the hostapd
process.
As a consequence, both hostapd and wpa_supplicant are now started
persistently on boot for each wifi device in the system and then
receive ubus calls adding, modifying or removing interface
configuration.
At a later stage it would be desirable to reduce the services to one
single instance managing all radios.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
7a723d0 wireless: add ubus method for reloading configuration
e15147c wireless: make reconf opt-in and allow serializing configuration
Set new option 'reconf' in 'wifi-device' section to enable dynamic
re-configuration on that radio.
If necessary, also set option 'serialize' which forced netifd to
configure interfaces of wireless devices one-by-one.
Both options are disabled by default.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
| |
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This decreases the size of the swconfig application by 25% on MIPS BE.
old:
16,916 /sbin/swconfig
new:
12,565 /sbin/swconfig
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This decreases the binary size when PIE ASLR is activated by 8% on MIPS BE.
old:
202,020 /usr/sbin/dnsmasq
new:
185,676 /usr/sbin/dnsmasq
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This enables PMKSA and opportunistic key caching by default for
WPA2/WPA3-Personal, WPA3-Personal and OWE auth types.
Otherwise, Apple devices won't connect to the WPA3 network.
This should not degrade security, as there's no external authentication
provider.
Tested with OCEDO Koala and iPhone 7 (iOS 13.1).
Signed-off-by: David Bauer <mail@david-bauer.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Enables radio resource management to be reported by hostapd to clients.
Ref: https://github.com/lede-project/source/pull/1430
Co-developed-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
|
| |
|
|
|
|
|
|
|
|
|
| |
When ASLR_PIE was activated globally these drivers failed to build
because the user space LDFLAGS leaked into the kernel build process.
This was fixed in upstream Linux kernel commit ce99d0bf312d ("kbuild:
clear LDFLAGS in the top Makefile") which went into Linux 4.17. The
lantiq target is now on Linux 4.19 only and these exceptions are not
needed any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
| |
Required as dependency on dropbear config headers is not tracked in
dropbear build system
Fixes FS#2275
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This updates mac80211 to backports based on kernel 5.4-rc2
ath10k-ct was updated to match the API changes and iw now uses the new
nl80211.h header file.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
| |
Fix some shellcheck warnings.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
| |
Add ec25 to database.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
| |
Add mc7304 to database.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If system has more then one and different wwan interface (modem). Then the
wwan protohandler will always take the modem which is discovered first.
The protohandler will always setup the same interface. To fix this add a
new usb "bus" option which is associated with wwan device and so will set
the specified interface up. With this change more then one interface
could be mananged by the wwan protohandler.
If the "bus" option is not set in the uci network config then the protohandler
behaves as before the change. The protohanldler will take the first
interface which he founds.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a precursor to adding proper support for multiple
6in4 tunnels with the already programmed tunlink parameter.
This is an essential sanity check so as to not break existing
and working behind NAT setups.
Signed-off-by: Sean Kenny <skenny@wfap.ca>
6in4: add myip he.net api parameter logic
This is to add proper support for multiple 6in4 tunnels
with the already programmed tunlink parameter.
As it stands before this commit, if there is a multi wan setup that
consists of dynamic ips, there is no way to use the
dynamic update feature as the he.net api is implicitly using
the ip address of the caller. This will explicitly use the
ipaddr specified in the interface config OR the ip of the
tunlink interface specified in the dynamic update api call instead
ONLY if the final resolved ipaddr variable is not an rfc1918 address.
Signed-off-by: Sean Kenny <skenny@wfap.ca>
|
| |
|
|
|
|
|
|
|
|
|
| |
8eb8443 version: bump snapshot
be09cf5 wg-quick: android: use Binder for setting DNS on Android 10
4716f85 noise: recompare stamps after taking write lock
54db197 netlink: allow preventing creation of new peers when updating
f1b87d1 netns: add test for failing 5.3 FIB changes
a3539c4 qemu: bump default version
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
