aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: rework frequency/ht/vht selection for ibss/meshFelix Fietkau2017-11-158-178/+55
| | | | | | | | | | - Remove obsolete patch chunks regarding fixed_freq - Instead of patching in custom HT40+/- parameters, use the standard config syntax as much as possible. - Use fixed_freq for mesh - Fix issues with disabling obss scan when using fixed_freq on mesh Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: explicitly set beacon interval for wpa_supplicantSven Eckelmann2017-11-151-0/+1
| | | | | | | | | | | | | | | The beacon_int is currently set explicitly for hostapd and when LEDE uses iw to join and IBSS/mesh. But it was not done when wpa_supplicant was used to join an encrypted IBSS or mesh. This configuration is required when an AP interface is configured together with an mesh interface. The beacon_int= line must therefore be re-added to the wpa_supplicant config. The value is retrieved from the the global variable. Fixes: 1a16cb9c67f0 ("mac80211, hostapd: always explicitly set beacon interval") Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Felix Fietkau <nbd@nbd.name> [rebase]
* hostapd: set mcast_rate in mesh modeSven Eckelmann2017-11-151-0/+68
| | | | | | | | | | | | | | | | | | The wpa_supplicant code for IBSS allows to set the mcast rate. It is recommended to increase this value from 1 or 6 Mbit/s to something higher when using a mesh protocol on top which uses the multicast packet loss as indicator for the link quality. This setting was unfortunately not applied for mesh mode. But it would be beneficial when wpa_supplicant would behave similar to IBSS mode and set this argument during mesh join like authsae already does. At least it is helpful for companies/projects which are currently switching to 802.11s (without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS because newer drivers seem to support 802.11s but not IBSS anymore. Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com> Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh]
* hostapd: refresh ubus patchFelix Fietkau2017-11-151-36/+18
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* igmpproxy: remove firewall rules when service is stoppedHans Dedecker2017-11-142-1/+5
| | | | | | | | | Remove multicast routing firewall rules when the igmpproxy is stopped by triggering a firewall config change. Keeping the firewall open from the wan for igmp and udp multicast is not desired when the igmpproxy service is inactive. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: fix swapped ubus args mac and ipJaroslav Safka2017-11-131-2/+2
| | | | | | | Fix swapped arguments "mac" and "ip" when calling function "ubus_event_bcast". Signed-off-by: Jaroslav Safka <devel@safka.org>
* openvpn: add support to start/stop single instancesMartin Schiller2017-11-132-18/+37
| | | | | Signed-off-by: Martin Schiller <ms@dev.tdt.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
* wireguard: fix portability issueFelix Fietkau2017-11-111-0/+18
| | | | | | | Check if the compiler defines __linux__, instead of assuming that the host OS is the same as the target OS. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wireguard: move to kernel build directoryFelix Fietkau2017-11-111-1/+1
| | | | | | It builds a kernel module, so its build dir should be target specific Signed-off-by: Felix Fietkau <nbd@nbd.name>
* layerscape: add restool packageYangbo Lu2017-11-1013-0/+794
| | | | | | | | restool is a user space application providing the ability to dynamically create and manage Layerscape DPAA2 containers and objects from Linux. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* firewall: update to latest git HEADHans Dedecker2017-11-071-3/+3
| | | | | | c430937 ubus: parse the firewall data within the service itself Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* uhttpd: fix query string handlingJo-Philipp Wich2017-11-071-3/+3
| | | | | | | | | | Update to latest Git in order to fix potential memory corruption and invalid memory access when handling query strings in conjunction with active basic authentication. a235636 2017-11-04 file: fix query string handling Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: fix PKG_MIRROR_HASHDaniel Golle2017-11-071-1/+1
| | | | | | | | | commit fbde9ac7184 set an incorrect sha256sum which doesn't match the file http://sources.lede-project.org/netifd-2017-10-31-0f96606b.tar.xz or a locally packaged checkout (which resulted in a file identical with the one referenced by the URL above). Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: remove default r1_key_holder generationYury Shvedov2017-11-061-2/+1
| | | | | | | | By default, hostapd assumes r1_key_holder equal to bssid. If LEDE configures the same static r1 key holder ID on two different APs (BSSes) the RRB exchanges fails behind them. Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
* netfilter, iptables: add optional CHECKSUM moduleDenis Osvald2017-11-061-0/+10
| | | | Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
* iwinfo: add "PKG_MIRROR_HASH" to the MakefileArjun AK2017-11-061-0/+1
| | | | | | | Defining it will let the build tool download the tarball file from a buildbot server, avoiding a clone of the source repo. Signed-off-by: Arjun AK <lede@arjunak.com>
* iperf3: update to 3.3 and refresh patchesPhilip Prindeville2017-10-314-60/+302
| | | | | | Taking the same patchset I've submitted upstream for inclusion. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* uqmi: replace legacy command invoke with newer typeKoen Vandeputte2017-10-241-7/+7
| | | | Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* uqmi: also try newer pin verificationKoen Vandeputte2017-10-241-1/+1
| | | | | | | | | Newer devices tend to only support the newer version of the pin verification command, so also try that one. Fixes PIN issues with modems like the Sierra Wireless MC7455 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* wireguard: version bump to 0.0.20171101Kevin Darbyshire-Bryant2017-11-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update wireguard to latest snapshot: 9fc5daf version: bump snapshot 748ca6b compat: unbreak unloading on kernels 4.6 through 4.9 7be9894 timers: switch to kees' new timer_list functions 6be9a66 wg-quick: save all hooks on save 752e7af version: bump snapshot 2cd9642 wg-quick: fsync the temporary file before renaming b139499 wg-quick: allow for saving existing interface 582c201 contrib: add reresolve-dns 8e04be1 tools: correct type for CTRL_ATTR_FAMILY_ID c138276 wg-quick: allow for the hatchet, but not by default d03f2a0 global: use fewer BUG_ONs 6d681ce timers: guard entire setting in block 4bf32ca curve25519: only enable int128 if compiler support is sound 86e06a3 device: expand scope of destruct lock e3661ab global: get rid of useless forward declarations bedc77a device: only take reference if netns is different 7c07e22 wg-quick: remember to rewind DNS settings on failure 2352ec0 wg-quick: allow specifiying multiple hooks 573cb19 qemu: test using four cores e09ec4d global: style nits 4d3deae qemu: work around ccache bugs 7491cd4 global: infuriating kernel iterator style 78e079c peer: store total number of peers instead of iterating d4e2752 peer: get rid of peer_for_each magic 6cf12d1 compat: be sure to include header before testing 3ea08d8 qemu: allow for cross compilation d467551 crypto/avx: make sure we can actually use ymm registers c786c46 blake2: include headers for macros 328e386 global: accept decent check_patch.pl suggestions a473592 compat: fix up stat calculation for udp tunnel 9d930f5 stats: more robust accounting 311ca62 selftest: initialize mutex in routingtable selftest 8a9a6d3 netns: use time-based test instead of quantity-based e480068 netns: use read built-in instead of ncat hack for dmesg Compile-tested-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* netifd: fix dns and domain variables pollution in dhcp.scriptTero Jänkä2017-11-022-5/+7
| | | | | | | Unmodified dns and domain variables could be needed in user script (/etc/udhcpc.user). Signed-off-by: Tero Jänkä <tero.janka@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cleanup)
* curl: bump to 7.56.1Hans Dedecker2017-10-293-41/+5
| | | | | | | | | | | Refresh patches Remove 320-curl-confopts.m4-fix-disable-threaded-resolver.patch as integrated upstream See https://curl.haxx.se/changes.html for the bugfixes in 7.56.0 and 7.56.1 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* build: use KERNEL_MAKE_FLAGS for kernel file compilationsKarl Vogel2017-10-291-4/+2
| | | | | | | The build system already defines KERNEL_CROSS which defaults to TARGET_CROSS. Make use of this variable for kernel makefiles. Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
* Revert "wpa_supplicant: log to syslog instead of stdout"Jo-Philipp Wich2017-10-272-2/+2
| | | | | | | | | | | | | | This reverts commit e7373e489d8a215402d6b0c408a26188342c7c17. Support of "-s" depends on the CONFIG_DEBUG_SYSLOG compile time flag which is not enabled for all build variants. Revert the change for now until we can properly examine the size impact of CONFIG_DEBUG_SYSLOG. Fixes FS#1117. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iptables: Fix target TRACE issueMartin Wetterwald2017-10-271-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | The package kmod-ipt-debug builds the module xt_TRACE, which allows users to use '-j TRACE' as target in the chain PREROUTING of the table raw in iptables. The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so that this feature which is implemented deep inside the linux IP stack (for example in sk_buff) is compiled. But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which fails as this dynamic library is not present on the system. I created the package iptables-mod-trace which takes care of that, and target TRACE now works! https://dev.openwrt.org/ticket/16694 https://dev.openwrt.org/ticket/19661 Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com> [Jo-Philipp Wich: also remove trace extension from builtin extension list and depend on kmod-ipt-raw since its required for rules] Signed-off-by: Jo-Philipp Wich <jo@mein.io> Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
* hostapd: fix up ubus supportJohn Crispin2017-10-252-23/+45
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* ltq-xdsl-app: script style nitKevin Darbyshire-Bryant2017-10-252-2/+2
| | | | | | Fix missing space style nit. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* ltq-adsl-app: add more script notificationsMathias Kresin2017-10-252-1/+43
| | | | | | | | Backport HANDSHAKE and TRAINING notification from ltq-vdsl-app. It unifies the dsl led blinking pattern accross all subtargets and allows to get the current line status from the dsl led. Signed-off-by: Mathias Kresin <dev@kresin.me>
* lantiq: xway: rename nas0/ptm0 to dsl0Mathias Kresin2017-10-252-3/+11
| | | | | | | | | | | This change makes it possible to configure the wan/dsl ppp interface settings independantly from the used TC-Layer (ATM/PTM). By using dsl0 as interface name as for the xrx200 we can get rid of a few conditionals which were introduced because of the different default TC-Layer in xway and xrx200. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ltq-adsl-app: use notification based ATM/PTM driver loadMathias Kresin2017-10-253-4/+64
| | | | | | | This patch removes the fixed atm/ptm driver loading and switches to notification based driver loading. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ltq-adsl-app: convert init script to procdMathias Kresin2017-10-251-6/+11
| | | | | | Use the procd features for the init script. Signed-off-by: Mathias Kresin <dev@kresin.me>
* netifd: bump to git HEAD version (FS#1037)Hans Dedecker2017-10-191-3/+3
| | | | | | | 0f96606 proto: add point-to-point IPv4 address config support (FS#1037) 1ee788d ubus: display the point-to-point IPv4 address Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: bump PKG_RELEASEStijn Tintel2017-10-181-1/+1
| | | | | | | | | | The previous commit did not adjust PKG_RELEASE, therefore the hostapd/wpad/wpa_supplicant packages containing the AP-side workaround for KRACK do not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* wireguard: version bump to 0.0.20171017Jason A. Donenfeld2017-10-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a simple version bump. Changes: * noise: handshake constants can be read-only after init * noise: no need to take the RCU lock if we're not dereferencing * send: improve dead packet control flow * receive: improve control flow * socket: eliminate dead code * device: our use of queues means this check is worthless * device: no need to take lock for integer comparison * blake2s: modernize API and have faster _final * compat: support READ_ONCE * compat: just make ro_after_init read_mostly Assorted cleanups to the module, including nice things like marking our precomputations as const. * Makefile: even prettier output * Makefile: do not clean before cloc * selftest: better test index for rate limiter * netns: disable accept_dad for all interfaces Fixes in our testing and build infrastructure. Now works on the 4.14 rc series. * qemu: add build-only target * qemu: work on ubuntu toolchain * qemu: add more debugging options to main makefile * qemu: simplify shutdown * qemu: open /dev/console if we're started early * qemu: phase out bitbanging * qemu: always create directory before untarring * qemu: newer packages * qemu: put hvc directive into configuration This is the beginning of working out a cross building test suite, so we do several tricks to be less platform independent. * tools: encoding: be more paranoid * tools: retry resolution except when fatal * tools: don't insist on having a private key * tools: add pass example to wg-quick man page * tools: style * tools: newline after warning * tools: account for padding being in zero attribute Several important tools fixes, one of which suppresses a needless warning. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: add wpa_disable_eapol_key_retries optionStijn Tintel2017-10-171-0/+5
| | | | | | | | | | | | | | Commit 2127425434046ae2b9f02fdbbdd37cac447af19c introduced an AP-side workaround for key reinstallation attacks. This option can be used to mitigate KRACK on the station side, in case those stations cannot be updated. Since many devices are out there will not receive an update anytime soon (if at all), it makes sense to include this workaround. Unfortunately this can cause interoperability issues and reduced robustness of key negotiation, so disable the workaround by default, and add an option to allow the user to enable it if he deems necessary. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: backport extra changes related to KRACKStijn Tintel2017-10-179-9/+442
| | | | | | | | While these changes are not included in the advisory, upstream encourages users to merge them. See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: bump PKG_RELEASEStijn Tintel2017-10-171-1/+1
| | | | | | | | | The previous CVE bugfix commit did not adjust PKG_RELEASE, therefore the fixed hostapd/wpad/wpa_supplicant packages do not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ppp: make the patches apply correctly againHauke Mehrtens2017-10-161-1/+1
| | | | | | | This fixes a compile problem recently introduced by me. Fixes: f40fd43ab2f ("ppp: fix compile warning") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wireguard: add wireguard to base packagesJason A. Donenfeld2017-10-162-0/+308
| | | | | | | | | | | | | | | | | | | | | | | Move wireguard from openwrt/packages to base a package. This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving experimental kernel module that many find essential and useful. The other is a VPN client. Both are inside of core. When you combine the two characteristics, you get WireGuard. Generally speaking, because of the extremely lightweight nature and "stateless" configuration of WireGuard, many view it as a core and essential utility, initiated at boot time and immediately configured by netifd, much like the use of things like GRE tunnels. WireGuard has a backwards and forwards compatible Netlink API, which means the userspace tools should work with both newer and older kernels as things change. There should be no versioning requirements, therefore, between kernel bumps and userspace package bumps. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Acked-by: Jo-Philipp Wich <jo@mein.io> Acked-by: Felix Fietkau <nbd@nbd.name>
* hostapd: merge fixes for WPA packet number reuse with replayed messages and ↵Felix Fietkau2017-10-1614-29/+965
| | | | | | | | | | | | | | | | | | | | | key reinstallation Fixes: - CERT case ID: VU#228519 - CVE-2017-13077 - CVE-2017-13078 - CVE-2017-13079 - CVE-2017-13080 - CVE-2017-13081 - CVE-2017-13082 - CVE-2017-13086 - CVE-2017-13087 - CVE-2017-13088 For more information see: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ppp: fix compile warningHauke Mehrtens2017-10-151-0/+1
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* lantiq: xrx200: rename nas0/ptm0 to dsl0Martin Schiller2017-10-152-2/+10
| | | | | | | | | | | | | This change makes it possible to configure the wan/dsl ppp interface settings independantly from the used TC-Layer (ATM/PTM). Now you can move a device from an ADSL/ATM port to an VDSL/PTM port without any configuration changes for example. Signed-off-by: Martin Schiller <ms@dev.tdt.de> [use the dsl0 interface name for the default netdev trigger in 01_led, add ip dependency] Signed-off-by: Mathias Kresin <dev@kresin.me>
* libs/libnl: Update to 3.3.0Daniel Engberg2017-10-151-0/+44
| | | | | | | | | | Update libnl to 3.3.0 Import patches to fix compilation Source: https://git.busybox.net/buildroot/tree/package/libnl Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287 Use more automatic toolchain logic Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* wpan-tools: add the wpan-ping to test the 6LoWPAN networkYunhui Fu2017-10-151-0/+1
| | | | | | | This patch adds the help tool wpan-ping to test the 6LoWPAN network to help the user debug network problem. Signed-off-by: Yunhui Fu <yhfudev@gmail.com>
* iproute2: bump to 4.13Hans Dedecker2017-10-1311-38/+51
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: add listen_address parameterChristian Lamparter2017-10-132-1/+6
| | | | | | | | | | | | | | | | | | | | | | | This patch adds a parser for the uci representation of dnsmasq's "-a | --listen-address" option. In summary, this option forces dnsmasq to listen on the given IP address(es). Both interface and listen-address options may be given, in which case the set of both interfaces and addresses is used. Note that if no interface option is given, but listen_address is, dnsmasq will not automatically listen on the loopback interface. To achieve this, the loopback IP addresses, 127.0.0.1 and/or ::1 must be explicitly added. This option is useful for ujailed dnsmasq instances, that would otherwise fail to work properly, because listening to the "This host on this network" address (aka 0.0.0.0 see rfc1700 page 4) may not be allowed. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
* net: uqmi: fix blocking in endless loops when unplugging deviceAlexandru Ardelean2017-10-091-0/+2
| | | | | | | | | | | If you unplug a QMI device, the /dev/cdc-wdmX device disappears but uqmi will continue to poll it endlessly. Then, when you plug it back, you have 2 uqmi processes, and that's bad, because 2 processes talking QMI to the same device [and the same time] doesn't seem to work well. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* conntrack-tools: switch to gitStijn Tintel2017-10-091-7/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There have been a number of interesting fixes in conntrack-tools since the current latest release. Most notable is that this fixes IPv6 conntrack table syncing when cross-compiling conntrack-tools. 7e7748d src/main: refresh help message fe32043 conntrackd.8: refresh file 47a4dda conntrackd.8: add reference to systemd 0cfe7ff doc/manual: include some bits about init systems 74a418b conntrackd: cthelper: ftp: Set match offset/len for PORT mangling d833bed conntrackd: cthelper: ftp: Fix debug print dd4b5a1 conntrackd: cthelper: Add new mdns helper 498d698 Link nfct and helper modules with `-z lazy` 9e94e85 sync-mode: print errno message on failure ab81c35 log: print messages to stdout/sderr if running in console mode 631d92b log: introduce a mechanism to know if log was initialized ccb1c8b conntrackd: replace error reporting in the config parser with dlog() bee121e conntrackd: replace fprintf calls with dlog() 5a51b04 conntrack-tools: update Arturo Borrero Gonzalez email address abb9984 helper: remove copy and paste from uapi kernel header a91a004 src: add log message when resync is requested by other node c2d8be1 systemd: fix missing log.h include f6ca216 config: drop old/obsolete/deprecated conntrackd.conf config options 8b83771 conntrack: send mark filter to kernel iff set 1ba5e76 conntrackd: cthelper: Don't leak nat_tuple 832166d conntrackd: cthelper: Free pktb after use ff843bc conntrackd: config: Do not strdup() tokens b61c454 conntrackd: cthelper: ssdp: Track UPnP eventing 8ea394e conntrackd: Remove obsolete rule to catch ambiguous Checksum option 39398cd conntrackd: CommitTimeout breaks DisableExternalCache set On 29b390a conntrack: Support IPv6 NAT 381827a conntrackd: factorice tx_queue functions 131df89 conntrackd: factorize resync operations d31bacc conntrackd: consolidate more code to use resync_send() 3d98496 conntrackd: request resync at startup ef410bf conntrackd: remove use of HAVE_INET_PTON_IPV6 9d38445 conntrackd: evaluate configuration earlier 6feded7 conntrackd: cleanup if failed forking dbfdea7 conntrackd: deprecate unix backlog configuration 210f542 conntrackd: make the daemon run in RT mode by default 37cc7f0 conntrackd: remove warning for -S d2849d1 conntrack: Show multiple CPUs stats from proc bc0b49a conntrackd: cthelper: ssdp: fix build with musl 0c77a25 tests: don't fail on modprobe since the driver might be built-in eefe649 conntrack.8: refresh manpage Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* treewide: switch git.netfilter.org to HTTPSStijn Tintel2017-10-083-3/+3
| | | | | | | As git.netfilter.org seems to support HTTPS, use that instead of HTTP which is insecure, or GIT which is blocked on many corporate networks. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ipset-dns: bump to git HEADStijn Tintel2017-10-082-60/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>