aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* openvpn: let all openvpn variants provide a virtual openvpn packageJo-Philipp Wich2017-01-211-1/+2
| | | | | | | | | | Add PROVIDES:=openvpn to the default recipe in order to let all build variants provide a virtual openvpn package. The advantage of this approach is that downstream packages can depend on just "openvpn" without having to require a specific flavor. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to git HEAD versionHans Dedecker2017-01-171-2/+2
| | | | | | a057f6e device: fix DEV_OPT_SENDREDIRECTS definition Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* curl: fix HTTPS network timeouts with OpenSSLStijn Segers2017-01-161-0/+36
| | | | | | | | | Backport an upstream change to fix HTTPS timeouts with OpenSSL. Upstream curl bug #1174. Signed-off-by: Stijn Segers <francesco.borromini@inventati.org> [Jo-Philipp Wich: reword commit message, rename patch to 001-*] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: fix passing jobserver to hostapd/supplicant build processesFelix Fietkau2017-01-151-3/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: backport a few upstream fixesFelix Fietkau2017-01-155-4/+163
| | | | | | | | Fixes reassoc issues with WDS mode Fixes reassoc issues in AP mode Fixes IBSS reauthentication issues Signed-off-by: Felix Fietkau <nbd@nbd.name>
* firewall: fix forwarding local subnet trafficJo-Philipp Wich2017-01-131-3/+3
| | | | | | | | | | | | | Packets which are merely forwarded by the router and which are neither involved in any DNAT/SNAT nor originate locally, are considered INVALID from a conntrack point of view, causing them to get dropped in the zone_*_dest_ACCEPT chains, since those only allow stream with state NEW or UNTRACKED. Remove the ctstate restriction on dest accept chains to properly pass- through unrelated 3rd party traffic. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: use ubus signalling in ntp hotplug scriptKevin Darbyshire-Bryant2017-01-131-3/+3
| | | | | | | Use ubus process signalling instead of 'kill pidof dnsmasq' for SIGHUP signalling to dnsmasq when ntp says time is valid. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* netifd: update to the latest versionFelix Fietkau2017-01-131-3/+3
| | | | | | | This disables IGMP snooping by default, which was causing various issues over time, like FS#95 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uqmi: mark as nonshared because of the usb dependenciesFelix Fietkau2017-01-131-0/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* umbim: mark as nonshared because of the usb dependenciesFelix Fietkau2017-01-131-0/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* comgt: mark as nonshared because of the usb dependenciesFelix Fietkau2017-01-131-0/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* map: take over maintainershipHans Dedecker2017-01-121-1/+1
| | | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Acked-by: Jo-Philipp Wich <jo@mein.io>
* odhcp6c: take over maintainershipHans Dedecker2017-01-121-1/+1
| | | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Acked-by: Jo-Philipp Wich <jo@mein.io>
* odhcpd: take over maintainershipHans Dedecker2017-01-121-1/+1
| | | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Acked-by: Jo-Philipp Wich <jo@mein.io>
* Revert "dnsmasq: change 'add_local_hostname' to use dnsmasq '--interface-name'"Hans Dedecker2017-01-122-31/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This causes problem when a FQDN is configured in /etc/config/system. The domain name will appear twice in reverse DNS. Next to that, there seems to be a bug in dnsmasq. From the manual page: --interface-name=<name>,<interface>[/4|/6] Return a DNS record associating the name with the primary address on the given interface. This flag specifies an A or AAAA record for the given name in the same way as an /etc/hosts line, except that the address is not constant, but taken from the given interface. The interface may be followed by "/4" or "/6" to specify that only IPv4 or IPv6 addresses of the interface should be used. If the interface is down, not configured or non-existent, an empty record is returned. The matching PTR record is also created, mapping the interface address to the name. More than one name may be associated with an interface address by repeating the flag; in that case the first instance is used for the reverse address-to-name mapping. It does not just create an A/AAAA record for the primary address, it creates one for all addresses. And what is worse, it seems to actually resolve to the non-primary address first. This is quite annoying when you use floating IP addresses (e.g. VRRP), because when the floating IP is on the other device, SSH failes due to incorrect entry in the known hosts file. I know that this is not a common setup, but it would be nice if there was an option to restore the previous behaviour, rather than just forcing this new feature on everybody. Reported-by: Stijn Tintel <stijn@linux-ipv6.be> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* map: delete map-t device when tearing down map interfaceHans Dedecker2017-01-122-2/+12
| | | | | | | | | | | | Delete the map-t device when tearing down the map-t interface; as such there's no conflict when the map-t interface comes up again when trying to add the map-t device as the map-t device was still present (Can not add: device 'map-wan6_4' already exists!). Only call ifdown in teardown for map-e and lw6o4 map interfaces types in order to suppress the trace "wan6_4 (6652): Interface wan6_4_ not found" Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert the recent dependency and metadata scanning reworkFelix Fietkau2017-01-113-3/+3
| | | | | | | | | | | | | | | This reverts the following commits: fbe522d1204149b6c128d55e360bfc15fa8258e1 278ad007ee03c4455c3507322e34b0e3e6ec050d 863888e44f7a1fb1675a2e7a2eaabfec3561d2a2 96daf6352f6e04bc22789466cb5409b93fbec191 cfd83555fc4f0bab18a26f6812da18e64df46ff3 This seems to trigger some mconf bugs when built with all feeds packages, so I will try to find a less intrusive solution before the release. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* comgt: allow build without USB_SUPPORTFelix Fietkau2017-01-111-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* umbim: allow build without USB_SUPPORTFelix Fietkau2017-01-111-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uqmi: allow build without USB_SUPPORTFelix Fietkau2017-01-111-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wpa_supplicant: Fix mesh encryption configSujith Manoharan2017-01-111-1/+4
| | | | | | | | | | | | | | | wpa_supplicant allows only SAE as the key management type for mesh mode. The recent key_mgmt rework unconditionally added WPA-PSK - this breaks interface bringup and wpa_s throws this error message: Line 10: key_mgmt for mesh network should be open or SAE Line 10: failed to parse network block. Failed to read or parse configuration '/var/run/wpa_supplicant-wlan0.conf Fix this by making sure that only SAE is used for mesh. Signed-off-by: Sujith Manoharan <m.sujith@gmail.com>
* lldpd: take over maintainershipStijn Tintel2017-01-101-1/+1
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Jo-Philipp Wich <jo@mein.io>
* lldpd: add Net-SNMP AgentX supportStijn Tintel2017-01-104-2/+15
| | | | | | | Enabling this makes it possible to query LLDP neighbors via SNMP. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Jo-Philipp Wich <jo@mein.io>
* iwinfo: drop references to madwifiStijn Tintel2017-01-101-3/+1
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Jo-Philipp Wich <jo@mein.io>
* odhcp6c: add option "keep_ra_dnslifetime"Hans Dedecker2017-01-092-5/+8
| | | | | | | | | | Add option keep_ra_dnslifetime which will preserve the received lifetime for RDNSS and DNSSL RA records and not overwrite it by the RA router lifetime as specified in RFC6106. This allows to accept RDNNS records from RAs that don't announce a default route by setting router lifetime to 0 in the RAs. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: bump to git HEADHans Dedecker2017-01-071-3/+3
| | | | | | | | | | ef3c563 dhcpv6-ia: filter out prefixes having invalid length 16cd87e dhcpv6-ia: fix dereference after freeing assignment d6b0c99 dhcpv6-ia: log only IPv6 addresses which are effectively assigned to a DHCPv6 client 08a9367 config: respect ignore uci option Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: change 'add_local_hostname' to use dnsmasq '--interface-name'Eric Luehrsen2017-01-052-23/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | 'add_local_hostname' previous implementation may drop some addresses. Soft addition of IP6 addresses may not cause a reload or restart event. dnsmasq '--interface-name' robustly applies DNS to all addresses per interface (except fe80::/10). Change UCI 'add_local_hostname' to expand during each interface assignement during add_dhcp(). Assign '<iface>.<host>.<domain>' as true name (reflexive A, AAAA, and PTR). Assign '<host>.<domain>' and '<host>' as convinience aliases (no PTR, not technically CNAME). This is accomplished with the '--interface-name' order, first is PTR. We could also assign each <ip4/6>.<iface>.<host>.<domain> to the respective dual stack on the interface. That seemed excessive so it was skipped (/4 or /6 suffix to the interface). Add UCI 'add_wan_hostname' similar to 'add_local_hostname' function for external WAN. WAN IP4 are less often named by the ISP and rarely WAN IP6 due to complexity. For logs, LuCI connection graph, and other uses assigning a WAN name is desired. 'add_local_hostname' only applies with DHCP and 'add_wam_hostname' only applies without DHCP. Common residential users will want to set both options TRUE. Businesses will probably have global DNS, static IP, and 'add_wan_hostname' FALSE. Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
* dnsmasq: clean up white space in dnsmasq.initEric Luehrsen2017-01-051-16/+16
| | | | Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
* build: use mkhash to replace various quirky md5sum/openssl callsFelix Fietkau2017-01-052-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: add DHCP Unique Identifier for DHCPv6Arjen de Korte2017-01-031-1/+2
| | | | | | | Add DHCPv6 matching by DHCP Unique Identifier (RFC-3315) in addition to existing MAC-address (RFC-6939). The latter is not widely supported yet. Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
* odhcpd: bump to git HEAD versionHans Dedecker2017-01-031-3/+3
| | | | | | | | | | | | | | | | | | | | | | 091d8a9 dhcpv6-ia: fix static assignment check 11ce6b5 dhcpv6-ia: coding style fixes 561890e dhcpv6-ia: update valid_until only for non static DHCPv6 leases 0b45fce dhcpv4: coding style fixes 95b76c2 README: Add host leasetime uci parameter 541219e dhcpv6-ia: fix invalid IPv6/hostname entries in statefile 13937ab dhcpv6-ia: fix delete logic of an assignment in reconf_timer 60c3969 dhcpv6-ia : code style fixes bf4ebc0 config: use free_lease to delete a lease c24782a config: coding style fixes 0572d1a config: Create statefile dir ec833f4 dhcpv6-ia: use free_dhcpv6_assignment where needed 1d55edb dhcpv6-ia: make free_dhcpv6_assignment static f01e538 dhcpv4: make dhcpv4_msg_to_string static 700f5ab dhcpv4: fix DHCPv4 hostname handling 4c89614 Limit lifetime of non-static leases in case of release and decline Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: bump to git HEAD versionHans Dedecker2017-01-031-5/+5
| | | | | | | | | 5d6fec3 Merge pull request #50 from sartura/libubox_md5_reuse 33a2ba1 odhcp6c: reuse md5 from libubox Switch PKG_SOURCE_URL to git.lede-project.org/project/odhcp6c.git Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: enable SHA256-based algorithmsStijn Tintel2017-01-031-2/+2
| | | | | | | | | | | Enable support for stronger SHA256-based algorithms in hostapd and wpa_supplicant when using WPA-EAP or WPA-PSK with 802.11w enabled. We cannot unconditionally enable it, as it requires hostapd to be compiled with 802.11w support, which is disabled in the -mini variants. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
* hostapd: add function to handle wpa_key_mgmtStijn Tintel2017-01-031-9/+10
| | | | | | | | Now that wpa_key_mgmt handling for hostapd and wpa_supplicant are consistent, we can move parts of it to a dedicated function. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
* wpa_supplicant: rework wpa_key_mgmt handlingStijn Tintel2017-01-031-8/+9
| | | | | | | | Rework wpa_key_mgmt handling for wpa_supplicant to be consistent with how it is done for hostapd. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
* gre: add different per-protocol prefixes to GRE-TAP IPv4/6 tunnel interfaces.Roger Pueyo Centelles2017-01-032-7/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit modifies the /lib/netifd/proto/gre.sh script so that, when GRE-TAP tunnels are created, either IPv4 or IPv6, the prefix before the chosen interface name contains the "tap" substring, to differentiate them from non-TAP GRE tunnels. Right now, both GRE and GRE-TAP tunnel (either IPv4 or IPv6) interfaces defined in /etc/config/network are named equally ("gre-"+$ifname or "grev6"+$ifname) upon creation. For instance, the following tunnels: config interface 'tuna' option peeraddr '172.30.22.1' option proto 'gre' config interface 'tunb' option peeraddr '192.168.233.4' option proto 'gretap' config interface 'tunc' option peer6addr 'fdc5:7c9e:e93d:45af::1' option proto 'grev6' config interface 'tund' option peer6addr 'fdc0:6071:1348:31ff::2' option proto 'grev6tap' are named, respectively, "gre-tuna", "gre-tunb", "grev6-tunc" and "grev6-tund". The current change makes that each GRE tunnel interface of the four different types available (gre, gretap, grev6 and grev6tap) gets a different prefix. Therefore, the abovementioned tunnels will be named, respectively: "gre4-tuna", "gre4t-tunb", "gre6-tunc" and "gre6t-tund". This is coherent with other types of virtual interfaces (i.e. PPP, PPPoE, PPPoA) where the whole protocol name is used. For instance, a PPPoA interface named "p1" and a PPPoE interface named "p2" will respectively appear as "pppoa-p1" and "pppoe-p2", not as "ppp-p1" and "ppp-p2"). Since Linux interfaces names are limited to 15 characters, these prefixes leave, for the worst case (TAP tunnels), 9 characters for the actual name. Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
* curl: Remove PolarSSL and adjust default to mbedTLSRosen Penev2017-01-034-30/+14
| | | | | | | luci-ssl has already made the switch since mainline support for PolarSSL is almost over (2016). Signed-off-by: Rosen Penev <rosenp@gmail.com>
* curl: update to version 7.52.1Hauke Mehrtens2017-01-022-4/+4
| | | | | | | | | | | This fixes the folowing security problems: CVE-2016-9586: printf floating point buffer overflow CVE-2016-9952: Win CE schannel cert wildcard matches too much CVE-2016-9953: Win CE schannel cert name out of buffer read CVE-2016-9594: unititialized random Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openvpn: update to 2.4.0Magnus Kroken2016-12-301-2/+2
| | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* relayd: fix expiry time handlingFelix Fietkau2016-12-271-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* relayd: fix reload / interface restart issuesFelix Fietkau2016-12-273-4/+2
| | | | | | | - replace the hotplug script with an interface trigger - add netdev params to procd to trigger restart Signed-off-by: Felix Fietkau <nbd@nbd.name>
* odhcpd: bump to git HEADStijn Tintel2016-12-271-3/+3
| | | | | | | 8dc2a59 Revert "Respect interface "ignore" settings as documented." 93ab25b router: skip parse_routes when ra_default > 1 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* odhcpd: Use procd_send_signal in reload_serviceHans Dedecker2016-12-261-1/+1
| | | | | | | Replace killall HUP by procd_send_signal in reload_service to trigger an odhcpd config reload Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: Upstep to git HEAD versionHans Dedecker2016-12-251-3/+3
| | | | | | | | | 64a655d proto: allow configuring deprecated static IPv6 addresses c99182e remove obsolete /opt/local prefix on Mac OS X 0249d5f system-linux: Don't set gre tunnel ttl by default to 64 (#FS312) edc15ca ubus: Display the IPv6 prefix assigned address Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* gre: Remove ttl default value assignment (FS#312)Hans Dedecker2016-12-252-2/+2
| | | | | | | Don't assign a default ttl of 64 for gre tunnels as netifd takes care of the default ttl assignment Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: add log facility optiondibdot2016-12-231-0/+1
| | | | | | add possibility to set the facility to which dnsmasq will send syslog entries, i.e. set it to '/dev/null' to mute dnsmasq output at all. Signed-off-by: Dirk Brenken dev@brenken.org
* uhttpd: drop uhttpd-mod-tls, it has been useless for yearsFelix Fietkau2016-12-221-39/+0
| | | | | | | | | Before the rewrite, uhttpd-mod-tls used to contain a tls plugin. Afterwards it was left in for compatibility reasons, but given how much has changed, and that we're about to change the default SSL implementation again, it's better to just drop this now Signed-off-by: Felix Fietkau <nbd@nbd.name>
* treewide: clean up and unify PKG_VERSION for git based downloadsFelix Fietkau2016-12-2217-83/+47
| | | | | | Also use default defintions for PKG_SOURCE_SUBDIR, PKG_SOURCE Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openvpn: use conditional dependencies to avoid pulling in unused ssl librariesFelix Fietkau2016-12-221-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openvpn: reduce binary size using --gc-sections on linkingFelix Fietkau2016-12-221-0/+3
| | | | | | Saves around 9kb gzipped on MIPS Signed-off-by: Felix Fietkau <nbd@nbd.name>