aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* odhcpd: update to version 2017-03-29 (FS#635)Hans Dedecker2017-04-131-3/+3
| | | | | | | | | | 3d9f406 rework IPv6 dns address selection (FS#635) bc6c3ac ndp: keep an exact copy of IPv6 interface addresses 6eb1e01 ndp: code cleanup eea7d03 rework IPv6 address dump logic 24d21c7 ndp: add syslog debug tracing Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to version 2017-02-28Florian Fainelli2017-04-131-3/+3
| | | | | | | | Brings in the following change: 9eac2a896341 dhcpv6-ia: Check lockf return value Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* odhcpd: update to version 2017-02-21Hans Dedecker2017-04-131-3/+3
| | | | | | | | | | | | | | | | | | 1b630f8 router: don't announce prefixes with valid lifetime equal to 0 ba0cac0 router: fix arithmetic exception fault 3495f17 router: allow RA prefix lifetime being set to leasetime value (FS#397) e437ce9 treewide: simplify dhcp leasetime checking 942fb33 router: support ra_mininterval and ra_lifetime uci parameters (FS#397) f913337 router.h: fix alignment style 4dc7edb Revert "odhcpd.h: fix alignment style" 62ea54f odhcpd.h: fix alignment style a898ee5 config: make loglevel configurable via uci (FS#481) 51c756c odhcpd: display correct default log level in usage text 68ee0b5 treewide: define and use macro IN6_IS_ADDR_ULA fa57225 ndp: deregister netlink event socket for non recoverable errors ac70d28 odhcpd: fix white space errors Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: fix sha256 sumHauke Mehrtens2017-03-301-1/+1
| | | | | | | | The sha256sum added in commit b8567cb44e9e4f ("odhcpd: update to git HEAD version (FS#396)") does not match the sha256sum of the file on the mirror or when I clone it. Update the sha256 sum to the correct value. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* firewall: document rules for IPSec ESP/ISAKMP with 'name' optionYousong Zhou2017-03-282-15/+16
| | | | | | | | | | These are recommended practices by REC-22 and REC-24 of RFC6092: "Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service" Fixes FS#640 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* iw: enable MESH ID in scan outputMatthias Schiffer2017-03-251-4/+5
| | | | | | | | Make scan output useful for 802.11s meshes. The common print_ssid function is used, so this doesn't add any additional code. Based-on-patch-by: Jan-Tarek Butt <tarek@ring0.de> Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* umdns: update to the version 2017-03-21Rafał Miłecki2017-03-241-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | This includes following changes: 480d7bc Fix sending unicast questions on cache expire a0403cd Keep source sockaddr for every cached DNS record 1478293 Fix code freeing cached non-A(AAA) records too early 9f1cc22 Fix replying to "QU" questions received on unicast interface 943bedb Fix reading port of incoming packets c725494 Use MCAST_PORT define for port 5353 ce7e9e9 Use one define for DNS-Based Service Discovery service name e1bacef Drop entries cached for interface we're going to delete 496aeba Fix comment typo in cache_gc_timer f89986b Fix refreshing cached A(AAA) records that expire Previous updates made umdns work as expected on startup but there were still many bugs. They were mostly related to runtime - cache management and requests + responses. E.g. umdns was never able to send question on DNS record expire. It was also ignoring all incoming unicast questions. Since these issues are quite serious it makes sense to backport this update to the stable branch. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* umdns: update to the version 2017-03-14Rafał Miłecki2017-03-241-3/+3
| | | | | | | | | This includes 3 cleanups: fd5a160 Don't cache hosts as services 80dd246 Refresh DNS records A and AAAA directly 6515101 Access cached records (instead of services) to read list of hosts Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* iproute2: fix ip monitor can't work when NET_NS is not enabledYousong Zhou2017-03-192-1/+41
| | | | | | | | The bug appeared in v4.1.0 and was fixed since v4.8.0 Fixes FS#620 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* curl: fix CVE-2017-2629 SSL_VERIFYSTATUS ignoredHauke Mehrtens2017-03-133-5/+36
| | | | | | | This fixes the following security problem: https://curl.haxx.se/docs/adv_20170222.html Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* umdns: update to the 2017-03-10 versionRafał Miłecki2017-03-101-3/+3
| | | | | | | This fixes crash in interface_start caused by freeing interface in interface_free without stopping a timeout. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ppp: propagate master peerdns setting to dynamic slave interfaceJo-Philipp Wich2017-03-073-2/+4
| | | | | | | | | | Honour the parent interfaces peerdns option when spawning a virtual DHCPv6 interface in order to avoid pulling in IPv6 DNS servers when the user opted to inhibit peer DNS servers in the configuration. Fixes #597. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wireless-tools: Change download url to githubHsing-Wang Liao2017-03-011-1/+1
| | | | Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
* iftop: bump to latest upstreamKevin Darbyshire-Bryant2017-03-012-73/+8
| | | | | | | | | Drops a LEDE carried patch now upstream. Convert to autotools. A number of nits fixed upstream (dns & short packet handling most notable) Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* swconfig: Bugfix switch_port uci option parsingBen Kelly2017-03-011-2/+2
| | | | | | | | When not defining 'device' or 'vlan' in relevant switch_port uci sections, behaviour is inconsistent due to *devn, *port and *vlan pointers not being zero initialized. Signed-off-by: Ben Kelly <ben@benjii.net>
* netifd: fix stopping netifd + interfacesFelix Fietkau2017-03-011-10/+3
| | | | | | | stop() is overwritten by rc.common, so implement stop_service instead. While at it, remove the now unnecessary restart() override Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ebtables: update to last commitAnsuel Smith2017-03-013-183/+12
| | | | | | Refreshed patches Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* hostapd: mv netifd.sh hostapd.shDaniel Albers2017-03-012-1/+1
| | | | | | same name for the file on the host and target Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
* ppp: honor ip6table for IPv6 PPP interfacesUlrich Weber2017-03-012-1/+3
| | | | | | | | as we do for IPv4 PPP interfaces. When we create the dynamic IPv6 interface we should inherit ip6table from main interface. Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
* ppp: add pppoe-discovery to an independent packageFlorian Eckert2017-03-011-0/+17
| | | | | | | | pppoe-discovery performs the same discovery process as pppoe, but does not initiate a session Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* 6in4: add missing colon when setting default ca_pathDaniel Golle2017-03-011-1/+1
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: fix feature indicationJo-Philipp Wich2017-03-011-2/+14
| | | | | | | | - Fix eap test to work with standalone hostapd builds - Fix 11n test to check the correct define - Add 11ac, 11r and 11w tests Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* relayd: fix making incomplete instance json dataYousong Zhou2017-02-262-7/+14
| | | | | | | | Defer procd_open_instance only after validity check passed. Fixes FS#541 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* relayd: remove old start-stop-service related codeYousong Zhou2017-02-261-15/+0
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* ppp: ppp6-up: add executable permission bitYousong Zhou2017-02-261-0/+0
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openvpn: adding key_direction to append_params.Brandon Koepke2017-02-261-2/+2
| | | | | | | | key_direction shows up as an openvpn option in the user-interface but does not end up in the /var/etc/openvpn*.conf file. Adding it to the list here fixed the issue for me. Signed-off-by: Brandon Koepke <bdkoepke@fastmail.com> [Fixes FS#537] Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* iw: sync nl80211.h with mac80211 packageFelix Fietkau2017-02-241-5/+289
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: Add upstream patch fixing SERVFAIL issues with multiple serversBaptiste Jonglez2017-02-201-0/+130
| | | | | | This fixes FS#391 for lede-17.01 Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* uhttpd: use sha256 when generating certificates with openssl (FS#512)Felix Fietkau2017-02-171-1/+1
| | | | | | Patch from attachment to FS#512 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: bump PKG_RELEASEStijn Tintel2017-02-171-1/+1
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 27040dbf89fb45dd9b5cc663e23bb19afc294d29)
* dropbear: enable SHA256 HMACsJoseph C. Sible2017-02-171-3/+2
| | | | | | | | | The only HMACs currently available use MD5 and SHA1, both of which have known weaknesses. We already compile in the SHA256 code since we use Curve25519 by default, so there's no significant size penalty to enabling this. Signed-off-by: Joseph C. Sible <josephcsible@users.noreply.github.com> (cherry picked from commit 0bf85ef04806e0fd5a6f78ac9f6a32aabb1e7fdc)
* qos-scripts: fix module load commands (FS#438)Felix Fietkau2017-02-151-2/+1
| | | | | | | fq_codel is built-in, and xt_CONNMARK is provided by the xt_connmark module Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mdns: update and rename package to the umdnsRafał Miłecki2017-02-154-24/+24
| | | | | | | | | | | | | | This update includes numerous small fixes for: 1) Interfaces setup 2) Packets parsing 3) Sending replies Without this there were multiple problems with exchanging information between (u)mdns and other implementations (including (u)mdns as well). This also follows project rename to umdns which was required to avoid confusion with Apple's mdnsd from mDNSResponder project. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* odhcpd: update to git HEAD version (FS#396)Hans Dedecker2017-02-091-3/+3
| | | | | | | | | 8df4253 ndp: harden netlink event socket error handling b02f3e6 ndp: close proc file descriptor also during error handling 8a615ad npd: rework IPv6 relay logic (FS#396) 0129f79 config: restore interface defaults when cleaning interface Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to git HEAD version (FS#388)Hans Dedecker2017-02-091-5/+5
| | | | | | | | 3317c86 dhcpv6-ia: apply lease delete based on assignment bound state df50429 odhcpd: properly handle netlink messages (FS#388) 83d72cf odhcpd: fix coding style Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* tcpdump: update to version 4.9.0Hauke Mehrtens2017-02-064-81/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following 41 security problems: + CVE-2016-7922: buffer overflow in print-ah.c:ah_print(). + CVE-2016-7923: buffer overflow in print-arp.c:arp_print(). + CVE-2016-7924: buffer overflow in print-atm.c:oam_print(). + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print(). + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print(). + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print(). + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print(). + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header(). + CVE-2016-7930: buffer overflow in print-llc.c:llc_print(). + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print(). + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum(). + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print(). + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print(). + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print(). + CVE-2016-7936: buffer overflow in print-udp.c:udp_print(). + CVE-2016-7937: buffer overflow in print-udp.c:vat_print(). + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame(). + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions. + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions. + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions. + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions. + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print(). + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print(). + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print(). + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print(). + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions. + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print(). + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print(). + CVE-2016-8575: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print(). + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print(). + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print(). + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print(). + CVE-2017-5341: buffer overflow in print-otv.c:otv_print(). + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). + CVE-2017-5482: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse(). + CVE-2017-5484: buffer overflow in print-atm.c:sig_print(). + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap(). + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print(). The size of the package is only incread very little: new size: 306430 tcpdump_4.9.0-1_mips_24kc.ipk 130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk old size: 302782 tcpdump_4.8.1-1_mips_24kc.ipk 129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: enable support for logging wpa_printf messages to syslogRafał Miłecki2017-02-052-0/+6
| | | | | | | This will allow starting hostapd with the new -s parameter and finally read all (error) messages from the syslog. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* hostapd: backport support for sending debug messages to the syslogRafał Miłecki2017-02-056-24/+169
| | | | | | | | | | | | | | | | | It wasn't possible to read hostapd wpa_printf messages unless running hostapd manually. It was because hostapd was printing them using vprintf and not directly to the syslog. We were trying to workaround this problem by redirecting STDIN_FILENO and STDOUT_FILENO but it was working only for the initialization phase. As soon as hostapd did os_daemonize our solution stopped working. Please note despite the subject this change doesn't affect debug level messages only but just everything printed by hostapd with wpa_printf including MSG_ERROR-s. This makes it even more important as reading error messages can be quite useful for debugging. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ccache, samba36: fix samba.org addresses to use httpsHannu Nyman2017-02-022-5/+5
| | | | | | | | | | | | samba.org has started to enforce https and currently plain http downloads with curl/wget fail, so convert samba.org download links to use https. Modernise links at the same time. Also convert samba.org URL fields to have https. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* Fix dependency for hostapdWilco Baan Hofman2017-02-011-1/+1
| | | | Signed-off-by: Wilco Baan Hofman <wilco@baanhofman.nl>
* iproute2: cake: update cake supportKevin Darbyshire-Bryant2017-02-012-11/+24
| | | | | | | Updated cake's tc patch to match the official cake repository formatting. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* odhcp6c: use LEDE_GIT in package source urlHans Dedecker2017-02-011-1/+1
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: update to git HEAD versionHans Dedecker2017-02-011-3/+3
| | | | | | | | | | c13b6a0 dhcpv6: fix white space error e9d80cc dhcpv6: trigger restart of DHCPv6 state machine when not receiving statefull options c7122ec update README 419fb63 dhcpv6: server unicast option support Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: use LEDE_GIT in package source urlHans Dedecker2017-02-011-1/+1
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to git HEAD versionHans Dedecker2017-02-011-3/+3
| | | | | | | | c4f9ace odhcpd: decrease default log level to LOG_INFO a6eadd7 odhcpd: rework IPv6 interface address dump 44965f1 odhcpd: extra syslog tracing Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to git HEAD versionHans Dedecker2017-02-011-3/+3
| | | | | | e447ff9 router: fix compile issue on 64 bit systems Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to git HEAD versionHans Dedecker2017-02-011-3/+3
| | | | | | | | | | | | 237f1f4 router: convert syslog lifetime traces into LOG_INFO prio da660c7 treewide: rework prio of syslog messages 0485580 ndp: code cleanup c5040fe router: add syslog debug tracing for trouble shooting df023ad treewide: use RELAYD_MAX_ADDRS as address array size c8ac572 ndp: don't scan netlink attributes in case of netlink route event Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to git HEAD versionHans Dedecker2017-02-011-3/+3
| | | | | | 650758b interface-ip: route proto config support (FS#170) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openvpn: ssl-enabled variants also provide a virtual openvpn-crypto packageSven Roederer2017-02-011-1/+5
| | | | | | | | | | When relying on x.509 certs for auth and / or encryption of traffic you can't use package openvpn-nossl. Just have your package depend on openvpn-crypto to have SSL-encryption and X.509-support enabled in OpenVPN. If encryption / X.509 is not a must, use virtual packge openvpn, which is provided by all OpenVPN-variants. Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* iproute2: cake: add 'mpu' minimum packet length supportKevin Darbyshire-Bryant2017-02-012-4/+28
| | | | | | | Add 'mpu' minimum length packet size parameter for scheduling/bandwidth accounting. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>