aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* uhttpd: update to latest Git HEADJo-Philipp Wich2019-12-221-4/+4
| | | | | | | | | 5f9ae57 client: fix invalid data access through invalid content-length values 6b03f96 ubus: increase maximum ubus request size to 64KB 91fcac3 uhttpd: Fix multiple format string problems Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit f34f9a414dd32311bda950776eb77e63c0c772cb)
* netifd: add support for suppressing the DHCP request hostname by setting it to *Felix Fietkau2019-12-221-0/+2
| | | | | | | | | | dnsmasq (and probably other DHCP servers as well) does not like to hand out leases with duplicate host names. Adding support for skipping the hostname makes it easier to deploy setups where it is not guaranteed to be unique Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit fd8ca8deb3197a2867d85fc3513f5aa70912ee40)
* iptables: bump PKG_RELEASEYousong Zhou2019-10-241-1/+1
| | | | | | | | | Package content changed with the previous two cherry-picks dff0b2104d kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6} a2fe698a40 kernel: Added required dependencies for socket match. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* tcpdump: update to 4.9.3DENG Qingfang2019-10-194-19/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed CVEs: CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 CVE-2019-15167 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit 394273c066b8f4317b77f3ede216cfcdd45250c1)
* hostapd: Fix AP mode PMF disconnection protection bypassHauke Mehrtens2019-09-214-6/+72
| | | | | | | | | This fixes * CVE-2019-16275 AP mode PMF disconnection protection bypass https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit a6981604b30bc1ddc1713b368fe853d89c2ba40d)
* hostapd: SAE/EAP-pwd side-channel attack updateHauke Mehrtens2019-09-219-1/+397
| | | | | | | | | Fixes this security problem: * SAE/EAP-pwd side-channel attack update https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 7bed9bf10fc8d05df34c7efc66e8b4ade37a1a0c)
* iptables: patch CVE-2019-11360 (security fix)Jan Pavlinec2019-08-172-1/+14
| | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* nftables: Fix compilation with uClibc-ngRosen Penev2019-08-142-1/+29
| | | | | | | | | Missing header for va_list. Signed-off-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> [updated with upstream version of the patch] (cherry picked from commit 2f977974714468e1a0ee20e4cce233da63d06dd0)
* omcproxy: fix compilation on little-endian CPUsEneas U de Queiroz2019-07-232-1/+36
| | | | | | | | | | | | | | | | | Don't use cpu_to_be32 outside of a function. In file included from /omcproxy-2017-02-14-1fe6f48f/src/omcproxy.h:51:0, from omcproxy-2017-02-14-1fe6f48f/src/mrib.c:39: omcproxy-2017-02-14-1fe6f48f/src/mrib.c:57:34: error: braced-group within expression allowed only inside a function static uint32_t ipv4_rtr_alert = cpu_to_be32(0x94040000); ^ cc1: warning: unrecognized command line option '-Wno-gnu' Ref: https://downloads.openwrt.org/releases/faillogs-18.06/arm_cortex-a9_vfpv3/base/omcproxy/compile.txt Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> [more verbose commit message] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit cb4d00d1841ef6269114f2bd3880800dbdfba3b1)
* wireguard: bump to 0.0.20190601Jason A. Donenfeld2019-07-011-2/+2
| | | | | | | | | | | | | | | There was an issue with the backport compat layer in yesterday's snapshot, causing issues on certain (mostly Atom) Intel chips on kernels older than 4.2, due to the use of xgetbv without checking cpu flags for xsave support. This manifested itself simply at module load time. Indeed it's somewhat tricky to support 33 different kernel versions (3.10+), plus weird distro frankenkernels. If OpenWRT doesn't support < 4.2, you probably don't need to apply this. But it also can't hurt, and probably best to stay updated. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (cherry picked from commit 593b487538079f2a22300f3f22ffb21b20da36a0)
* uqmi: bump to latest git HEADKoen Vandeputte2019-06-271-4/+4
| | | | | | | | 1965c7139374 uqmi: add explicit check for message type when expecting a response 01944dd7089b uqmi_add_command: fixed command argument assignment Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 47986dc6ea1d643cd348501da09cd2e3ee2f9ee1)
* uqmi: inherit firewall zone membership to virtual sub interfacesJo-Philipp Wich2019-06-272-0/+20
| | | | | | | | | | Fix an issue where subinterfaces were not added to the same firewall zone as their parent. Fixes: FS#2122 Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 64bb88841fbc2d9a9dfee12775a18e5dc89ac16e)
* uqmi: fix PIN_STATUS_FAILED error with MC7455 WCDMA/LTE modemDaniel Golle2019-06-272-2/+2
| | | | | | | | | | | | Apparently this modem replies differently to attempted --get-pin-status which makes the script fail if a pincode is set. Fix this. Manufacturer: Sierra Wireless, Incorporated Model: MC7455 Revision: SWI9X30C_02.24.05.06 r7040 CARMD-EV-FRMWR2 2017/05/19 06:23:09 Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 0b373bf4d6a1a7a53e06946972ebb812b4cc2f0f)
* hostapd: fix multiple security problemsHauke Mehrtens2019-06-2119-1/+2352
| | | | | | | | | | | | | | | | This fixes the following security problems: * CVE-2019-9494: cache attack against SAE * CVE-2019-9495: cache attack against EAP-pwd * CVE-2019-9496: SAE confirm missing state validation in hostapd/AP * CVE-2019-9497: EAP-pwd server not checking for reflection attack) * CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element * CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element * CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment Most of these problems are not relevant for normal users, SAE is only used in ieee80211s mesh mode and EAP-pwd is normally not activated. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* curl: Fix multiple security problemsHauke Mehrtens2019-05-308-1/+222
| | | | | | | | | | | | | This fixes the following security problems: * CVE-2018-14618: NTLM password overflow via integer overflow * CVE-2018-16839: SASL password overflow via integer overflow * CVE-2018-16840: use-after-free in handle close * CVE-2018-16842: warning message out-of-buffer read * CVE-2019-3823: SMTP end-of-response out-of-bounds read * CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow * CVE-2018-16890: NTLM type-2 out-of-bounds buffer read Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Revert "uhttpd: disable concurrent requests by default"Jo-Philipp Wich2019-04-242-2/+2
| | | | | | | | | | | This reverts commit c6aa9ff38870a30dbe6da17e4edad6039fe10ddf. Further testing has revealed that we will need to allow concurrent requests after all, especially for situations where CGI processes initiate further HTTP requests to the local host. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit f00a4ae6e0b1f7b3d84e11e8dc4dd562088584e0)
* dnsmasq: prefer localuse over resolvfile guessworkYousong Zhou2019-02-242-5/+5
| | | | | | | | | | | | | This makes it clear that localuse when explicitly specified in the config will have its final say on whether or not the initscript should touch /etc/resolv.conf, no matter whatever the result of previous guesswork would be (cherry picked from c17a68cc61a0f8a28e19c7f60b24beaf1a1a402d) Tested-by: Paul Oranje <por@oranjevos.nl> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> Acked-by: Hans Dedecker <dedeckeh@gmail.com> Acked-by: Paul Oranje <por@oranjevos.nl>
* dnsmasq: allow using dnsmasq as the sole resolverYousong Zhou2019-02-242-16/+16
| | | | | | | | | | | | | | | | | | | | | | | Currently it seems impossible to configure /etc/config/dhcp to achieve the following use case - run dnsmasq with no-resolv - re-generate /etc/resolv.conf with "nameserver 127.0.0.1" Before this change, we have to set resolvfile to /tmp/resolv.conf.auto to achive the 2nd effect above, but setting resolvfile requires noresolv being false. A new boolean option "localuse" is added to indicate that we intend to use dnsmasq as the local dns resolver. It's false by default and to align with old behaviour it will be true automatically if resolvfile is set to /tmp/resolv.conf.auto (cherry picked from 2aea1ada65f050d74a064e74466bbe4e8d) Tested-by: Paul Oranje <por@oranjevos.nl> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> Acked-by: Hans Dedecker <dedeckeh@gmail.com> Acked-by: Paul Oranje <por@oranjevos.nl>
* netifd: handle hotplug event socket errorsHans Dedecker2019-02-021-4/+4
| | | | | | a2aba5c system-linux: handle hotplug event socket ENOBUFS errors Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: backport missing braces fixJo-Philipp Wich2019-01-302-3/+6
| | | | | | | | Fold upstream fix d2d4990 ("Fix missing braces in 8eac67c0a15b673c8d27002c248651b308093e4") into the already existing static lease fix patch. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: backport upstream static lease fixJo-Philipp Wich2019-01-302-1/+55
| | | | | | | Backport and rebase upstream fix 18eac67 ("Fix entries in /etc/hosts disabling static leases.") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wireguard: bump to 0.0.20190123Jason A. Donenfeld2019-01-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tools: curve25519: handle unaligned loads/stores safely This should fix sporadic crashes with `wg pubkey` on certain architectures. * netlink: auth socket changes against namespace of socket In WireGuard, the underlying UDP socket lives in the namespace where the interface was created and doesn't move if the interface is moved. This allows one to create the interface in some privileged place that has Internet access, and then move it into a container namespace that only has the WireGuard interface for egress. Consider the following situation: 1. Interface created in namespace A. Socket therefore lives in namespace A. 2. Interface moved to namespace B. Socket remains in namespace A. 3. Namespace B now has access to the interface and changes the listen port and/or fwmark of socket. Change is reflected in namespace A. This behavior is arguably _fine_ and perhaps even expected or acceptable. But there's also an argument to be made that B should have A's cred to do so. So, this patch adds a simple ns_capable check. * ratelimiter: build tests with !IPV6 Should reenable building in debug mode for systems without IPv6. * noise: replace getnstimeofday64 with ktime_get_real_ts64 * ratelimiter: totalram_pages is now a function * qemu: enable FP on MIPS Linux 5.0 support. * keygen-html: bring back pure javascript implementation Benoît Viguier has proofs that values will stay well within 2^53. We also have an improved carry function that's much simpler. Probably more constant time than emscripten's 64-bit integers. * contrib: introduce simple highlighter library This is the highlighter library being used in: - https://twitter.com/EdgeSecurity/status/1085294681003454465 - https://twitter.com/EdgeSecurity/status/1081953278248796165 It's included here as a contrib example, so that others can paste it into their own GUI clients for having the same strictly validating highlighting. * netlink: use __kernel_timespec for handshake time This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (cherry picked from commit bbcd0634f8c9769a336386f8df471231d24a27cc)
* wireguard: Update to snapshot 0.0.20181218Daniel Engberg2019-01-301-2/+2
| | | | | | | Update WireGuard to 0.0.20181218 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit 9a37c95431b5401c309b7731920daa964842bdee)
* uhttpd: disable concurrent requests by defaultJo-Philipp Wich2019-01-302-2/+2
| | | | | | | | | In order to avoid straining CPU and memory resources on lower end devices, avoid running multiple CGI requests in parallel. Ref: https://forum.openwrt.org/t/high-load-fix-on-openwrt-luci/29006 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit c6aa9ff38870a30dbe6da17e4edad6039fe10ddf)
* odhcpd: fix onlink IA check (FS#2060)Hans Dedecker2019-01-161-4/+4
| | | | | | | ae16950 dhcpv6-ia: fix compiler warning c70d5cf dhcpv6-ia: fix onlink IA check (FS#2060) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: noop to fix PKG_SOURCE_DATEHans Dedecker2019-01-051-1/+1
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: filter routes based on prefix_filterHans Dedecker2019-01-041-4/+4
| | | | | | 96694ab router: filter route information option Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: backport prefix filter/NETEV_ADDR6LIST_CHANGE event fixesHans Dedecker2018-12-311-4/+4
| | | | | | | | d404c7e netlink: fix triggering of NETEV_ADDR6LIST_CHANGE event ae6cf80 config: correctly break string for prefix filter Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 493c1d17663dbfdaf23304994e71280400493fc2)
* dropbear: fix dropbear startup issueHans Dedecker2018-12-212-2/+10
| | | | | | | | | | | | | | | Interface triggers are installed by the dropbear init script in case an interface is configured for a given dropbear uci section. As dropbear is started after network the interface trigger event can be missed during a small window; this is especially the case if lan is specified as interface. Fix this by starting dropbear before network so no interface trigger is missed. As dropbear is started earlier than netifd add a boot function to avoid the usage of network.sh functions as call to such functions will fail at boottime. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Acked-by: Jo-Philipp Wich <jo@mein.io>
* wireguard: bump to 0.0.20181119Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | * chacha20,poly1305: fix up for win64 * poly1305: only export neon symbols when in use * poly1305: cleanup leftover debugging changes * crypto: resolve target prefix on buggy kernels * chacha20,poly1305: don't do compiler testing in generator and remove xor helper * crypto: better path resolution and more specific generated .S * poly1305: make frame pointers for auxiliary calls * chacha20,poly1305: do not use xlate This should fix up the various build errors, warnings, and insertion errors introduced by the previous snapshot, where we added some significant refactoring. In short, we're trying to port to using Andy Polyakov's original perlasm files, and this means quite a lot of work to re-do that had stableized in our old .S. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from 48d8d46d331cd866ad5717cc5b090223a1856a4a)
* wireguard: bump to 0.0.20181115Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Zinc no longer ships generated assembly code. Rather, we now bundle in the original perlasm generator for it. The primary purpose of this snapshot is to get testing of this. * Clarify the peer removal logic and make lifetimes more precise. * Use READ_ONCE for is_valid and is_dead. * No need to use atomic when the recounter is mutex protected. * Fix up macros and annotations in allowedips. * Increment drop counter when staged packets are dropped. * Use static constants instead of enums for 64-bit values in selftest. * Mark large constants as ULL in poly1305-donna64. * Fix sparse warnings in allowedips debugging code. * Do not use wg_peer_get_maybe_zero in timer callbacks, since we now can carefully control the lifetime of these functions and ensure they never execute after dropping the last reference. * Cleanup hashing in ratelimiter. * Do not guard timer removals, since del_timer is always okay. * We now check for PM_AUTOSLEEP, which makes the clear*on-suspend decision a bit more general. * Set csum_level to ~0, since the poly1305 authenticator certainly means that no data was modified in transit. * Use CHECKSUM_PARTIAL check for skb_checksum_help instead of skb_checksum_setup check. * wg.8: specify that wg(8) shows runtime info too * wg.8: AllowedIPs isn't actually required * keygen-html: add missing glue macro * wg-quick: android: do not choke on empty allowed-ips Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from bf52c968e863768494e79731550c62610dd3cf78)
* wireguard: bump to 0.0.20181018Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | ba2ab5d version: bump snapshot 5f59c76 tools: wg-quick: wait for interface to disappear on freebsd ac7e7a3 tools: don't fail if a netlink interface dump is inconsistent 8432585 main: get rid of unloaded debug message 139e57c tools: compile on gnu99 d65817c tools: use libc's endianness macro if no compiler macro f985de2 global: give if statements brackets and other cleanups b3a5d8a main: change module description 296d505 device: use textual error labels always 8bde328 allowedips: swap endianness early on a650d49 timers: avoid using control statements in macro db4dd93 allowedips: remove control statement from macro by rewriting 780a597 global: more nits 06b1236 global: rename struct wireguard_ to struct wg_ 205dd46 netlink: do not stuff index into nla type 2c6b57b qemu: kill after 20 minutes 6f2953d compat: look in Kbuild and Makefile since they differ based on arch a93d7e4 create-patch: blacklist instead of whitelist 8d53657 global: prefix functions used in callbacks with wg_ 123f85c compat: don't output for grep errors Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from 4653818dabe6d2f6e99b483ec256e4374dbb2c77)
* wireguard: bump to 0.0.20181007Kevin Darbyshire-Bryant2018-12-181-2/+2
| | | | | | | | | | | | | | | | 64750c1 version: bump snapshot f11a2b8 global: style nits 4b34b6a crypto: clean up remaining .h->.c 06d9fc8 allowedips: document additional nobs c32b5f9 makefile: do more generic wildcard so as to avoid rename issues 20f48d8 crypto: use BIT(i) & bitmap instead of (bitmap >> i) & 1 b6e09f6 crypto: disable broken implementations in selftests fd50f77 compat: clang cannot handle __builtin_constant_p bddaca7 compat: make asm/simd.h conditional on its existence b4ba33e compat: account for ancient ARM assembler Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (backported from 3925298f3ca9bcd854571367d98bb6ca07f4e66e)
* wireguard: bump to 0.0.20181006Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Account for big-endian 2^26 conversion in Poly1305. * Account for big-endian NEON in Curve25519. * Fix macros in big-endian AArch64 code so that this will actually run there at all. * Prefer if (IS_ENABLED(...)) over ifdef mazes when possible. * Call simd_relax() within any preempt-disabling glue code every once in a while so as not to increase latency if folks pass in super long buffers. * Prefer compiler-defined architecture macros in assembly code, which puts us in closer alignment with upstream CRYPTOGAMS code, and is cleaner. * Non-static symbols are prefixed with wg_ to avoid polluting the global namespace. * Return a bool from simd_relax() indicating whether or not we were rescheduled. * Reflect the proper simd conditions on arm. * Do not reorder lines in Kbuild files for the simd asm-generic addition, since we don't want to cause merge conflicts. * WARN() if the selftests fail in Zinc, since if this is an initcall, it won't block module loading, so we want to be loud. * Document some interdependencies beside include statements. * Add missing static statement to fpu init functions. * Use union in chacha to access state words as a flat matrix, instead of casting a struct to a u8 and hoping all goes well. Then, by passing around that array as a struct for as long as possible, we can update counter[0] instead of state[12] in the generic blocks, which makes it clearer what's happening. * Remove __aligned(32) for chacha20_ctx since we no longer use vmovdqa on x86, and the other implementations do not require that kind of alignment either. * Submit patch to ARM tree for adjusting RiscPC's cflags to be -march=armv3 so that we can build code that uses umull. * Allow CONFIG_ARM[64] to imply [!]CONFIG_64BIT, and use zinc arch config variables consistently throughout. * Document rationale for the 2^26->2^64/32 conversion in code comments. * Convert all of remaining BUG_ON to WARN_ON. * Replace `bxeq lr` with `reteq lr` in ARM assembler to be compatible with old ISAs via the macro in <asm/assembler.h>. * Do not allow WireGuard to be a built-in if IPv6 is a module. * Writeback the base register and reorder multiplications in the NEON x25519 implementation. * Try all combinations of different implementations in selftests, so that potential bugs are more immediately unearthed. * Self tests and SIMD glue code work with #include, which lets the compiler optimize these. Previously these files were .h, because they were included, but a simple grep of the kernel tree shows 259 other files that carry out this same pattern. Only they prefer to instead name the files with a .c instead of a .h, so we now follow the convention. * Support many more platforms in QEMU, especially big endian ones. * Kernels < 3.17 don't have read_cpuid_part, so fix building there. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from b6658564505e1f9a582ac63bd06cdf4b423818be)
* ethtool: update to 4.19Hans Dedecker2018-12-181-2/+2
| | | | | | | | | | 8a1ad80 Release version 4.19. ecdf295 ethtool: Fix uninitialized variable use at qsfp dump 98c148e ethtool: better syntax for combinations of FEC modes d4b9f3f ethtool: support combinations of FEC modes Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (backported from 5617e138bdaff94587d700def3d74e81c5b2db19)
* ethtool: Update to 4.18Robert Marko2018-12-181-2/+2
| | | | | | | | | | | | Tested on 8devices Jalapeno(ipq40xx) Introduces following changes: Feature: Add support for WAKE_FILTER (WoL using filters) Feature: Add support for action value -2 (wake-up filter) Fix: document WoL filters option also in help message Feature: ixgbe dump strings for security registers Signed-off-by: Robert Marko <robimarko@gmail.com> (backported from a9d73531921ef4755e2cbd6e9e7e36c59b00655c)
* ethtool: Update to 4.17Robert Marko2018-12-181-2/+2
| | | | | | | | | | | | | | | | | Tested on 8devices Jalapeno(ipq40xx) Introduces following changes * Fix: In ethtool.8, remove superfluous and incorrect \ * Fix: fix uninitialized return value * Fix: fix RING_VF assignment * Fix: remove unused global variable * Fix: several fixes in do_gregs() * Fix: correctly free hkey when get_stringset() fails * Fix: remove unreachable code * Fix: fix stack clash in do_get_phy_tunable and do_set_phy_tunable * Feature: Add register dump support for MICROCHIP LAN78xx Signed-off-by: Robert Marko <robimarko@gmail.com> (backported from 4bb2532ec1d4f30ad44037331130daffa687eb3d)
* ethtool: Update to 4.16Rosen Penev2018-12-181-2/+2
| | | | | | | Tested on Turris Omnia (mvebu). Signed-off-by: Rosen Penev <rosenp@gmail.com> (backported from 2737cea0bb117013875ee33916bb4b9deae9ea47)
* Revert "iptables: fix dependency for libip6tc on IPV6"Petr Štetiar2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch reverts commit 2dc1f54b1205094e7c6036cae6275d2c326bad3e as it breaks the build for me on x86-64 if I've IPV6 support disabled. Same config builds fine on `openwrt-18.06` branch at 55d078b2. $ grep IPV6 .config # CONFIG_KERNEL_IPV6 is not set # CONFIG_IPV6 is not set Build errors out on: Package libiptc is missing dependencies for the following libraries: libip6tc.so.0 Looking at iptables-1.6.2/libiptc/Makefile.am: libiptc_la_LIBADD = libip4tc.la libip6tc.la and to iptables-1.6.2/libiptc/libiptc.pc.in: Requires: libip4tc libip6tc It seems that libiptc needs v4/v6 libs, so v6 isn't optional. Cc: Rosy Song <rosysong@rosinson.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> (backported from 1b4b942bcef8638a040788ab9ae94c66e38fd960)
* uqmi: update PKG_RELEASE versionFlorian Eckert2018-12-181-1/+1
| | | | | | | update PKG_RELEASE Signed-off-by: Florian Eckert <fe@dev.tdt.de> (backported from 4cabda8b7ddb0efea23e2aa044ea8bf18e03d199)
* uqmi: stop proto handler if verify pin count is not 3Florian Eckert2018-12-181-0/+7
| | | | | | | | | Check pin count value from pin status and stop verification the pin if the value is less then 3. This should prevent the proto-handler to lock the SIM. If SIM is locked then the PUK is needed. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (backported from 0c9d06b5b243334123eafaf2e26a15ec2757767e)
* uqmi: evaluate pin-status output in qmi_setup functionFlorian Eckert2018-12-181-7/+49
| | | | | | | | | | | | | | | | | | | | | | | Load the json output from uqmi --get-pin-status command and evaluate the "pin1_status" value. The following uqmi "pin1_status" values are evaluated: - disabled Do not verify PIN because SIM verification is disabled on this SIM - blocked Stop qmi_setup because SIM is locked and a PUK is required - not_verified SIM is not yet verified. Do a uqmi --verify-pin1 command if a SIM is specified - verified: Do not verify the PIN because this was already done before Signed-off-by: Florian Eckert <fe@dev.tdt.de> (backported from 4b80bd878d0fcb520f4811097900ebb5478a74fd)
* uqmi: do not block proto handler if SIM is uninitializedFlorian Eckert2018-12-181-1/+9
| | | | | | | | | QMI proto setup-handler will wait forever if SIM does not get initialized. To fix this stop polling pin status and notify netifd. Netifd will generate then a "ifup-failed" ACTION. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (backported from f171a86d064ac3fcfff05d286becae87c2e26b5f)
* uqmi: do not block proto handler if modem is unable to registrateFlorian Eckert2018-12-181-1/+10
| | | | | | | | | QMI proto setup-handler will wait forever if it is unable to registrate to the mobile network. To fix this stop polling network registration status and notify netifd. Netifd will generate then a "ifup-failed" ACTION. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (backported from dec1bfa0f48d43174921d1a1357a4842f9ba0cf6)
* uqmi: fix variable initilization for timeout handlingFlorian Eckert2018-12-181-0/+2
| | | | | | | Also add logging output for SIM initilization. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (backported from 71865200c95d5ccebe01980c88ee44a15888bcaf)
* uqmi: add timeout option valueFlorian Eckert2018-12-181-2/+5
| | | | | | | | | | | | This value will be used for now during following situations: * Ask the sim with the uqmi --get-pin-status command. * Wait for network registration with the uqmi --get-serving-system command. This two commands wait forever in a while loop. Add a timeout to stop waiting and so inform netifd. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (backported from dee93def394c9bf10d2cc3eb64d9e190ca461a67)
* uqmi: redirect uqmi commands output to /dev/nullFlorian Eckert2018-12-181-12/+12
| | | | | | | | Move uqmi std and error output on commands without using them to /dev/null. This will remove useless outputs in the syslog. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (backported from 2d57aa9c4c852e847e66a3bb5c775910d0cb8d77)
* uqmi: fix indentingFlorian Eckert2018-12-181-16/+16
| | | | | | | fix indenting Signed-off-by: Florian Eckert <fe@dev.tdt.de> (backported from 692c6d9a5dbb955d00516b465271fd8a053af206)
* gre: make encaplimit support configurableHans Dedecker2018-12-182-2/+4
| | | | | | | | | | | | Make inclusion of the destination option header containing the tunnel encapsulation limit configurable for IPv6 GRE packets. Setting the uci parameter encaplimit to ignore; allows to disable the insertion of the destination option header in the IPv6 GRE packets. Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255 by setting the encaplimit uci parameter accordingly. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (backported from 3d015e971f5e3f0df8e8ab149fda1270c5c72507)
* odhcpd: update to latest git HEAD (FS#1853)Hans Dedecker2018-12-181-4/+4
| | | | | | | | | 57f639e (HEAD -> master, origin/master, origin/HEAD) odhcpd: make DHCPv6/RA/NDP support optional 402c274 dhcpv6: check return code of dhcpv6_ia_init() ee7472a router: don't leak RA message in relay mode (FS#1853) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (backported from af78e90d4cdb3c944d9c4f3d4d4648dd67886c4d)