aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: backport BSSID black/whitelistsJohn Crispin2015-02-133-0/+687
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds the configuration options "bssid_whitelist" and "bssid_blacklist" used to limit the AP selection of a network to a specified (finite) set or discard certain APs. This can be useful for environments where multiple networks operate using the same SSID and roaming between those is not desired. It is also useful to ignore a faulty or otherwise unwanted AP. In many applications it is useful not just to enumerate a group of well known access points, but to use a address/mask notation to match an entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00). This is especially useful if an OpenWrt device with two radios is used to retransmit the same network (one in AP mode for other clients, one as STA for the uplink); the following configuration prevents the device from associating with itself, given that the own AP to be avoided is using the bssid 'C0:FF:EE:D0:0D:42': config wifi-iface option device 'radio2' option network 'uplink' option mode 'sta' option ssid 'MyNetwork' option encryption 'none' list bssid_blacklist 'C0:FF:EE:D0:0D:42/00:FF:FF:FF:FF:FF' This change consists of the following cherry-picked upstream commits: b3d6a0a8259002448a29f14855d58fe0a624ab76 b83e455451a875ba233b3b8ac29aff8b62f064f2 79cd993a623e101952b81fa6a29c674cd858504f (squashed to implement bssid_{white,black}lists) 0047306bc9ab7d46e8cc22ff9a3e876c47626473 (Add os_snprintf_error() helper) Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de> SVN-Revision: 44438
* ebtables: disable rpathNicolas Thill2015-02-112-2/+32
| | | | | | Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 44396
* relayd: update to the latest version, adds fixes by Alejandro EnriqueFelix Fietkau2015-02-111-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 44389
* netifd: fix device config handling and add some config optionsSteven Barth2015-02-091-2/+2
| | | | | | | | Thanks to Hans Dedecker Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 44331
* 6in4: fix update timeoutJo-Philipp Wich2015-02-082-8/+28
| | | | | | | | | The recent rework of the 6in4 endpoint update broke the retry mechanism. Rework the timeout handling and make the update status more verbose. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44327
* openvpn: autostart openvpn instances for each .conf file in /etc/openvpnJo-Philipp Wich2015-02-072-4/+32
| | | | | | | | | | | | | | | Align init behaviour with other distros by starting an OpenVPN instance for each config file found in /etc/openvpn/. This removes the additional requirement to "register" the configs with uci and thus simplifies the setup. Make sure to respect the disabled state in uci to not suddenly autostart instances which have been previously set to disabled, also skip configs which are already started due to uci configuration. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44310
* 6in4: don't use /dev/stdout for wget callsJo-Philipp Wich2015-02-072-5/+5
| | | | | | | | | Busybox ash does not implement /dev/stdout, therfore any wget output is written into a file /dev/stdout instead of onto the standard output. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44301
* map: Fix white space errorsJohn Crispin2015-02-031-3/+3
| | | | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> SVN-Revision: 44246
* cURL: implement new functionality with cleanup and fixesJohn Crispin2015-02-022-96/+155
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remove obsolete configuration settings --disable-thread --enable-nonblocking --without-krb4 remove SSPI support only supported on windows correct --with/without-ca-path handling only supported with OpenSSL and PolarSSL correct LDAP/LDAPS protocol add dependency libopenldap added SCP/SFTP protocol default "No" depends on libssh2 added IDN support default "No" depends on libidn added SMB protocol (new in 7.40) default "No" require 'cryptographic authentication' and either 'GnuTLS' or 'OpenSSL' selected added Unix sockets support (new in 7.40) default "No" added error verbose messages default "No" changes to Makefile Increase PKG_RELEASE PKG_CONFIG_DEPENDS and CONFIGURE_ARGS extended for new functionality use "autoconf_bool" for all --enable/--disable options restructure for easier reading changes to Config.in extended for new functionality implement dependencies restructure and grouping for easier reading build tested on XUbuntu 14.10 x86 for x86 (generic) and ar71xx (WNDR3800) Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> SVN-Revision: 44243
* curl: fix build with --disable-crypto-auth (#18838)Jo-Philipp Wich2015-01-291-0/+25
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44192
* curl: fix typo in 2 config symbolsNicolas Thill2015-01-291-4/+4
| | | | | | Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 44191
* comgt-ncm: Fix NCM protocolJohn Crispin2015-01-284-36/+61
| | | | | | | | | | | | | | | | | | | This patch fixes the NCM protocol by adding the missing ifname to the netifd script and changing one unintended "send" statement to "print" in runcommand.gcom. It also cleans up logging and makes the manufacturer names case-insensitive. Furthermore, comgt-ncm should not depend on the USB-serial-related kernel modules, as the cdc-wdm control device works without them. There is also no need to depend on kmod-huawei-cdc-ncm, since other manufacturers (like Sony-Ericsson and Samsung) which use other kernel modules should also be supported. I'd appreciate if someone with Samsung or Sony-Ericsson modems could test this, I was only able to test it with Huawei E3276, E3372 and E353. Signed-off-by: Matti Laakso <malaakso@elisanet.fi> SVN-Revision: 44182
* cURL: Update to version 7.40.0John Crispin2015-01-284-17/+10
| | | | | | | | | | | * Update to version 7.40.0 * remove non existing config options around enable/disable HTTPS protocoll * remove --with-ca-path if ssl support disabled * set proxy support as default like all versions before CC did Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> SVN-Revision: 44176
* uhttpd: fix another remaining relro issue in the Lua pluginJo-Philipp Wich2015-01-251-2/+2
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44143
* uhttpd: fix time_t type mismatch on 32bit systemsJo-Philipp Wich2015-01-251-2/+2
| | | | | | | | | | | | The previous update introducing LFS support unconditionally changed the sprintf() pattern used to print the file modification time to use PRIx64. Explicitely convert the st_mtime member of the stat struct to uint64_t in order to avoid type mismatch errors when building for non-64bit targets. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44138
* uhttpd: fix crash with enabled relro, memory leak in dirlists and lfsJo-Philipp Wich2015-01-251-3/+3
| | | | | | | | | | | | * Fix the ubus plugin to not make its uhttpd_plugin entry symbol constant as uhttpd needs to modify its list_head member * Make sure that uhttpd supports large files by using 64bit ints where appropriate and by passing _FILE_OFFSET_BITS=64 to the build * Plug a possible memleak in the directory listing code Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44135
* uhttpd: fix exit code of mod-ubus postinstall scriptJo-Philipp Wich2015-01-251-0/+2
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44132
* build: drop obsolete kernel version dependenciesFelix Fietkau2015-01-242-2/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 44110
* mac80211/hostapd: fix HT mode setup for RSN ad-hoc networksFelix Fietkau2015-01-241-1/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 44100
* relayd: prevent start for disabled interfacesFelix Fietkau2015-01-241-0/+3
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 44099
* netifd: fix a regression with some VLAN configurations introduced in the ↵Felix Fietkau2015-01-241-2/+2
| | | | | | | | last update Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 44098
* ppp: on PPPoE, always send PADT when shutting down the connectionFelix Fietkau2015-01-241-0/+11
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 44097
* netifd: do not stop service on shutdown, only call ifdownFelix Fietkau2015-01-241-1/+1
| | | | | | | | Also add a small delay, like on restart Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 44096
* ppp: rework host-uniq support to take hex encoded stringsJo-Philipp Wich2015-01-243-49/+149
| | | | | | | | | | | The previous implementation of the "host-uniq" option used plain strings for passing the value to pppd which made it impossible to specify binary data. Switch the format to a hex encoded string to support binary data. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44094
* netifd: update to the latest version, fixes bridge reload (#18351) and ↵Felix Fietkau2015-01-241-2/+2
| | | | | | | | device config issues Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 44093
* netifd: store additional DHCP lease informationJo-Philipp Wich2015-01-231-7/+7
| | | | | | | | | Extend the DHCPv4 handler script to store additional information from the DHCP lease in the per-interface data object. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 44092
* nftables: bump for minor fixesSteven Barth2015-01-201-3/+3
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 44062
* comgt: Allow using non-TTY devicesJohn Crispin2015-01-201-0/+68
| | | | | | | | | | | | | Some Huawei mobile broadband sticks utilizing the NCM protocol expose the control channel as a cdc-wdm device node instead of a virtual TTY. This device node does not support the terminal ioctls. This patch adds a check whether the provided device is a TTY or not and does not attempt to use the terminal ioctls if they are not supported. v2: reduce diffstat by simplifying code a little Signed-off-by: Matti Laakso <malaakso@elisanet.fi> SVN-Revision: 44054
* netifd: add option to customize IPv6 interface identifiers (thx Hans Dedecker)Steven Barth2015-01-191-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 44050
* igmpproxy: add patch to silence unnecessary logging of downstream igmp trafficFelix Fietkau2015-01-181-0/+19
| | | | | | | | | | | | | This patch adds a simple check to silence logging of messages about unrecognized igmp packets which originate from devices in local network. Without this patch igmpproxy floods openwrt syslog with messages such as: user.warn igmpproxy[19818]: The source address 192.168.1.175 for group 239.255.250.250, is not in any valid net for upstream VIF. Signed-off-by: Antti Seppälä <a.seppala@gmail.com> SVN-Revision: 44020
* dnsmasq: add option --quiet-dhcpJohn Crispin2015-01-171-0/+1
| | | | | | | | The --quiet-dhcp setting increases privacy by omitting DHCP lease logs including MAC addresses. Signed-off-by: Lars Kruse <devel@sumpfralle.de> SVN-Revision: 44006
* Support for building an hardened OpenWRTJohn Crispin2015-01-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Introduce configuration options to build an "hardened" OpenWRT. Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO have been introduced. uClibc makefile now automatically detects if SSP support is necessary. hostapd makefile has been fixed to use "^" as sed separator since using a comma was problematic when using "-Wl,-z,now" and the like in TARGET_CFLAGS. Currently enabling SSP on user space depends on enabling SSP kernel side, this is due to the fact that TARGET_CFLAGS are used to build kernel modules (at least). Suggestions on how to avoid this are welcome. Using "select" instead of "depends on" doesn't seem to work with choice entries. Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of the available packages. Needs to be tested with GCC 4.9 and the remaining packages. PIE not currently included. Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me> SVN-Revision: 44005
* curl: allow enabling https protocolJohn Crispin2015-01-172-0/+6
| | | | | | | | Provide optional --enable-https flag for curl. Signed-off-by: Lars Kruse <devel@sumpfralle.de> SVN-Revision: 43997
* add iperf3, a new and smaller version of iperfFelix Fietkau2015-01-171-0/+49
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 43996
* iproute2: add package for bridge programSteven Barth2015-01-171-0/+11
| | | | | | | | | | | | | The 'bridge' program has been part of iproute2 for a while, and it was once declared[1] to the the intended longterm replacement for bridge-utils, but its features are still mostly distinct[2] from the venerable brctl. [1] http://lwn.net/Articles/435845/ [2] http://sgros-students.blogspot.com/2013/11/comparison-of-brctl-and-bridge-commands.html Signed-off-by: Russell Senior <russell@personaltelco.net> SVN-Revision: 43993
* iproute2: fix header problem for muslSteven Barth2015-01-171-0/+10
| | | | | | | | | | iproute2 includes "sanitized" linux kernel headers, which work fine for uClibc, however with musl there is some header conflict, principally some ipv6 structure redefinition. This patch removes <linux/in6.h> from include/linux/if_bridge.h to solve the problem. Signed-off-by: Russell Senior <russell@personaltelco.net> SVN-Revision: 43992
* iproute2: bump version to 3.18.0Steven Barth2015-01-172-10/+11
| | | | | | Signed-off-by: Russell Senior <russell@personaltelco.net> SVN-Revision: 43991
* dnsmasq: support and use local-service by default (#14951)Jo-Philipp Wich2015-01-163-2/+4
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 43982
* mdns: install uci package as configLuka Perkov2015-01-141-1/+1
| | | | | | Signed-off-by: Alexander Couzens <lynxis@fe80.eu> SVN-Revision: 43967
* map: export calculated ruleset to /tmpSteven Barth2015-01-132-1/+4
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43961
* hostapd: backport patch fixing handling new stationsRafał Miłecki2015-01-121-0/+37
| | | | | | | | | This patch fixes adding new stations for some specific drivers when using more than 1 BSS. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 43951
* nftables: add missing patchSteven Barth2015-01-121-0/+8
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43949
* nftables: bump again and disable building docsSteven Barth2015-01-121-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43948
* map: ignore psid and psidlen if psidlen is 0Steven Barth2015-01-122-4/+6
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43946
* nftables: bump to latest and enable debuggingSteven Barth2015-01-121-3/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43944
* thc-ipv6: update to v2.7Jo-Philipp Wich2015-01-092-15/+14
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 43894
* lldpd: update to v0.7.13Jo-Philipp Wich2015-01-092-5/+5
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 43891
* openvpn: procd_set_param respawnJohn Crispin2015-01-081-0/+1
| | | | | | | | | | | Makes sure that the openvpn instance gets restarted in case of a crash. Intentional stops using /etc/init.d/openvpn stop will not result in respawning. Anything else will, e.g. killall openvpn. Signed-off-by: Lars Gierth <larsg@systemli.org> SVN-Revision: 43886
* firewall: respect src_dip option for reflection (#18544)Jo-Philipp Wich2015-01-081-3/+3
| | | | | | | | Also fix wrong IPv4 netmask calculation on x86-64, thanks Ulrich Weber. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 43874
* nftables: bump to latest git / all patches upstreamedSteven Barth2015-01-086-5030/+4
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43870