aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* ltq-vdsl: move to the default device name /dev/dsl_cpe_api/0Andre Heider2022-01-082-12/+1
| | | | | | | This makes patching it for ltq-vdsl-app unnecessary and paves the way for VRX518 support. Signed-off-by: Andre Heider <a.heider@gmail.com>
* firewall4: bump to git HEADStijn Tintel2022-01-061-2/+2
| | | | | | main.uc: fix device gathering Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* firewall4: fix syntax error in dependency specJo-Philipp Wich2022-01-061-1/+1
| | | | | Fixes: ae60af8572 ("firewall4: order DEPENDS alphabetically") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall/firewall4: provide uci-firewallStijn Tintel2022-01-062-2/+4
| | | | | | | | | | | | | | | | Provide uci-firewall via PROVIDES in both firewall and firewall4. This will allow us to change the dependency of luci-app-firewall to uci-firewall, making it possible to use it with either implementation. Move CONFLICTS from firewall4 to firewall, to solve this recursive dependency problem: tmp/.config-package.in:307:error: recursive dependency detected! tmp/.config-package.in:307: symbol PACKAGE_firewall is selected by PACKAGE_firewall4 tmp/.config-package.in:328: symbol PACKAGE_firewall4 depends on PACKAGE_firewall Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: bump to git HEADStijn Tintel2022-01-061-4/+4
| | | | | | | | | | | | | | | | 4ead2a6 treewide: move executables to /sbin 9ebc2f4 fw4.uc: filter duplicates in fw4.set 85b74f3 treewide: support flow offloading be3b4e6 treewide: support hardware flow offloading 38889b7 treewide: support set timeout 31c7550 fw4.uc: do not skip defaults with invalid option 334a127 fw4.uc: introduce DEPRECATED flag 7a0d38f fw4.uc: add _name as deprecated option 5e7ad3b fw4.uc: don't fail on unknown options be5f4e3 fw4.uc: allow use of cidr in ipsets Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: order DEPENDS alphabeticallyStijn Tintel2022-01-061-1/+5
| | | | | | | Add some line breaks while at at, to improve readability. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: drop kmod-ipt-nat from CONFLICTSStijn Tintel2022-01-061-1/+1
| | | | | | | | The limitation of not being able to use iptables and nft nat at the same time exists only in kernels before 4.18. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: refresh patchsetNick Hainke2021-12-314-11/+11
| | | | | | | | | | | | | | Recently the hostapd has undergone many changes. The patches were not refreshed. Refreshed with make package/hostapd/{clean,refresh} Refreshed: - 380-disable_ctrl_iface_mib.patch - 600-ubus_support.patch - 700-wifi-reload.patch - 720-iface_max_num_sta.patch Signed-off-by: Nick Hainke <vincent@systemli.org>
* nftables: allow quoted string in flowtable_expr_memberStijn Tintel2021-12-312-1/+45
| | | | | | | This is required to be able to use flow offloading on devices with ifnames that start with a digit, like 6in4-wan6. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* layerscape: restool: Remove build of manpagesHauke Mehrtens2021-12-281-0/+18
| | | | | | | | The build of the manpages needs the pandoc tool, this is not in the minimal requirements of OpenWrt, just remove the build of the restool manpage. This fixes the build on systems without pandoc like the OpenWrt build bots. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: add fallback for WPS on stationsRaphaël Mélotte2021-12-271-7/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Up to now the WPS script triggered WPS on the stations only if it could not trigger it successfully on any hostapd instance. In a Multi-AP context, there can be a need (to establish a new wireless backhaul link) to trigger WPS on the stations, regardless of whether there is already a hostapd instance configured or not. The current script makes it impossible, as if hostapd is running and configured, WPS would always be triggered on hostapd only. To allow both possibilities, the following changes are made: - Change the "pressed" action to "release", so that we can make use of the "$SEEN" variables (to know for how long the button was pressed). - If the button is pressed for less than 3 seconds, keep the original behavior. - If the button is pressed for 3 seconds or more, trigger WPS on the stations, regardless of the status of any running hostapd instance. - Add comments explaining both behaviors. - While at it, replace the usage of '-a' with a '[] && []' construct (see [1]). This gives users a "fallback" mechanism to onboard a device to a Multi-AP network, even if the device already has a configured hostapd instance running. [1]: https://github.com/koalaman/shellcheck/wiki/SC2166 Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
* umbim: add missing json_close_object callMartin Schiller2021-12-271-0/+1
| | | | | | | | Otherwise, connection setup may fail due to JSON parse error in netifd. Signed-off-by: Martin Schiller <ms@dev.tdt.de> [Updated commit description] Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
* umbim: explicitly check for PIN1 stateMartin Schiller2021-12-271-1/+2
| | | | | | | | | | | PIN2 is used only to restrict changing of fixed dialling feature, does not affect network registration. Therefore explicitly check for PIN1 state during connection setup, which is required for network registration. Signed-off-by: Martin Schiller <ms@dev.tdt.de> [Updated commit description] Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
* umbim: call umbim disconnect in error caseMartin Schiller2021-12-271-1/+13
| | | | | | | | This is needed to properly close the control channel. Otherwise, on the next try the caps call may fail. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* hostapd: add missing function declarationDavid Bauer2021-12-271-0/+10
| | | | Signed-off-by: David Bauer <mail@david-bauer.net>
* tcpdump: libpcap: Remove http://www.us.tcpdump.org mirrorHauke Mehrtens2021-12-271-2/+1
| | | | | | | | The http://www.us.tcpdump.org mirror will go offline soon, only use the normal download URL. Reported-by: Denis Ovsienko <denis@ovsienko.info> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: only attempt to set qos map if supported by the driverFelix Fietkau2021-12-231-0/+12
| | | | | | Fixes issues with brcmfmac Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: keep HE capability after channel switch in AP+STA/MeshArnout Vandecappelle (Essensium/Mind)2021-12-211-1/+2
| | | | | | | The auto-ht option already kept HT and VHT support, but wasn't updated to support HE (11ax). Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* hostapd: make OpenWrt statistics per-BSSDavid Bauer2021-12-202-20/+20
| | | | | | | WNM and RRM statistics were incorrectly per-PHY, leading to shared statistic counters per BSS. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: provide BSS-transition-queries to ubus subscribersDavid Bauer2021-12-202-10/+69
| | | | | | | | | | | | | | | Provide incoming BSS transition queries to ubus subscribers. This allows external steering daemons to provide clients with an optimal list of transition candidates. This commit has no functional state in case no ubus subscriber is present or it does not handle this ubus message. To prevent hostapd from sending out a generic response by itself, a subscribing daemon has to return a non-zero response code to hostapd. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: WNM: allow specifying dialog-tokenDavid Bauer2021-12-202-4/+110
| | | | | | | | | | Backport a patch to allow extending the ubus BSS-transition method for specifying individual dialog tokens for BSS transition management requests. This is required for handling BSS transition queries in the future. Signed-off-by: David Bauer <mail@david-bauer.net>
* odhcp6c: update to latest git HEADHans Dedecker2021-12-171-3/+3
| | | | | | | | 39b584b Revert "dhcpv6: add a minimum valid lifetime for IA_PD updates" c9578e1 dhcpv6: add support for null IA_PD valid lifetime ca43ea3 dhcpv6: add a minimum valid lifetime for IA_PD updates Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHans Dedecker2021-12-171-3/+3
| | | | | | | | | 5ca5e0b netifd: allow disabling rule/rule6 config sections 8875960 interface-ip: add support for IPv6 prefix invalidation e589c05 interface-ip: use metric when looking for a route b54ffde main: fix hotplug script usage message Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: close correct blobmsg tableDavid Bauer2021-12-161-1/+1
| | | | Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: add OpenWrt specific statistic countersDavid Bauer2021-12-152-1/+105
| | | | | | | | | | This adds a new struct for storing statistics not (yet) tracked by hostapd regarding RRM and WNM activity. These statistics can be read using the get_status hostapd interface ubus method. Signed-off-by: David Bauer <mail@david-bauer.net>
* iw: Update to version 5.16Hauke Mehrtens2021-12-144-367/+260
| | | | | | | | | | | Revert a commit to allow providing CFLAGS and LIBS from OpenWrt package Makefile. This downgrades the nl80211.h to kernel 5.15 and removes FILS_CRYPTO_OFFLOAD. This is needed to make it compatible with our patched mac80211 from kernel 5.15 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* restool: bump to LSDK-21.08Martin Schiller2021-12-131-3/+3
| | | | | | Update restool to latest LSDK-21.08. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* hostapd: add support for specifying the FILS DHCP serverFelix Fietkau2021-12-103-1/+18
| | | | | | | | The 'fils_dhcp' option can be set to '*' in order to autodetect the DHCP server For proto=dhcp networks, the discovered dhcp server will be used For all other networks, udhcpc is called to discover the address Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: on dhcp interfaces, store the dhcp server in interface dataFelix Fietkau2021-12-101-0/+1
| | | | | | | | Among other things, this can be used to auto-configure the DHCP server address for wireless APs using FILS, if the bridged interface is configured to DHCP Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for enabling FILS on AP and client interfacesFelix Fietkau2021-12-101-4/+37
| | | | | | This is only supported with WPA-enterprise Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: enable FILS support in the full config and add build feature discoveryFelix Fietkau2021-12-109-18/+42
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: make hostapd/supplicant/wpad packages depend on a specific version ↵Felix Fietkau2021-12-011-0/+3
| | | | | | | | | of hostapd-commoon This avoids potential version mismatch between packages when upgraded individually Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: remove bulk flow detection from default portsFelix Fietkau2021-12-011-3/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: add besteffort class and switch all default classifications to class ↵Felix Fietkau2021-12-012-13/+17
| | | | | | names Signed-off-by: Felix Fietkau <nbd@nbd.name>
* nftables: bump to 1.0.1Stijn Tintel2021-12-011-3/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* nftables: install package fileKevin Darbyshire-Bryant2021-11-301-0/+3
| | | | | | Install pc file so dnsmasq can find libnftables Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: add beacon_interval to get_status ubus outputDavid Bauer2021-11-251-0/+1
| | | | | | | | | | Add the beacon interval to hostapd status output. This allows external services to discover the beacon interval for a specific VAP. This way, external wireless management daemons can correctly calculate fields containing TBTT value from absolute time-values. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: add a patch that allows processing auth requests for peers in ↵Felix Fietkau2021-11-243-6/+40
| | | | | | | | | | | | | | | blocked state If authentication fails repeatedly e.g. because of a weak signal, the link can end up in blocked state. If one of the nodes tries to establish a link again before it is unblocked on the other side, it will block the link to that other side. The same happens on the other side when it unblocks the link. In that scenario, the link never recovers on its own. To fix this, allow restarting authentication even if the link is in blocked state, but don't initiate the attempt until the blocked period is over. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: allow hostapd under ujail to communicate with hostapd_cliMark Mentovai2021-11-231-0/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When procd-ujail is available, 1f785383875a runs hostapd as user "network", with only limited additional capabilities (CAP_NET_ADMIN and CAP_NET_RAW). hostapd_cli (CONFIG_PACKAGE_hostapd-utils) communicates with hostapd over a named UNIX-domain socket. hostapd_cli is responsible for creating this socket at /tmp/wpa_ctrl_$pid_$counter. Since it typically runs as root, this endpoint is normally created with uid root, gid root, mode 0755. As a result, hostapd running as uid network is able to receive control messages sent through this interface, but is not able to respond to them. If debug-level logging is enabled (CONFIG_WPA_MSG_MIN_PRIORITY <= 2 at build, and log_level <= 2 in /etc/config/wireless wifi-device), this message will appear from hostapd: CTRL: sendto failed: Permission denied As a fix, hostapd_cli should create the socket node in the filesystem with uid network, gid network, mode 0770. This borrows the presently Android-only strategy already in hostapd intended to solve the same problem on Android. If procd-ujail is not available and hostapd falls back to running as root, it will still be able to read from and write to the socket even if the node in the filesystem has been restricted to the network user and group. This matches the logic in package/network/services/hostapd/files/wpad.init, which sets the uid and gid of /var/run/hostapd to network regardless of whether procd-ujail is available. As it appears that the "network" user and group are statically allocated uid 101 and gid 101, respectively, per package/base-files/files/etc/passwd and USERID in package/network/services/hostapd/Makefile, this patch also uses a constant 101 for the uid and gid. Signed-off-by: Mark Mentovai <mark@moxienet.com> [refreshed patch] Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: fix ismounted checkOldřich Jedlička2021-11-231-2/+2
| | | | | | | | Fix the return value, shell return codes should be 0 to indicate success (i.e. mount point found), 1 should be failure (i.e. mount point not-found). Fixes: ac4e8aa ("dnsmasq: fix more dnsmasq jail issues") Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
* qosify: update to the latest versionFelix Fietkau2021-11-221-3/+3
| | | | | | 06872673c10f map: allow referring to a class index directly in tcp/udp default entries Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: install hotplug handler into /etc/hotplug.d/iface as wellFelix Fietkau2021-11-221-1/+9
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uqmi: update to git HEADDaniel Golle2021-11-221-3/+3
| | | | | | | 20cd907 uqmi: use unmodified upstream JSON files b2c53dc command-nas: fix out-of-bounds read Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* qosify: add support for configuring overheadFelix Fietkau2021-11-212-1/+41
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: update to the latest versionFelix Fietkau2021-11-211-3/+3
| | | | | | 2743e58741b3 bpf: work around a verifier issue Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ethtool: update to version 5.15Hans Dedecker2021-11-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | cef54c4 Release version 5.15. 23beb39 update UAPI header copies fd7db64 netlink: settings: Correct duplicate condition 88892ec Merge branch 'review/module-fixes-2-v2' 79cb4ab sff-8636: Remove extra blank lines 128e97c sff-8636: Convert if statement to switch-case 7ff603b sff-8636: Fix incorrect function name 86e9784 sff-8636: Remove incorrect comment 001aecd cmis: Correct comment 1bad83c cmis: Fix wrong define name 2c2fa88 cmis: Fix CLEI code parsing d007b49 Merge branch 'review/module-fixes' into master a7431bc netlink: eeprom: Fix compilation when pretty dump is disabled d02409c ethtool: Fix compilation warning when pretty dump is disabled 2ddb1a1 netlink: eeprom: Fallback to IOCTL when a complete hex/raw dump is requested 7e153a7 cmis: Fix invalid memory access in IOCTL path 769a50e sff-8636: Fix parsing of Page 03h in IOCTL path Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* nftables: install libnftables to staging dirDaniel Danzberger2021-11-201-1/+7
| | | | | | Makes libnftables library and headers available for other packages. Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
* qosify: add qosify-status scriptFelix Fietkau2021-11-192-1/+74
| | | | | | This will show detailed status for all devices/interfaces Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: add class specific bulk flow detection example to voice classFelix Fietkau2021-11-191-0/+3
| | | | | | | With the new version, priority/bulk flow detection can be selectively enabled and configured per class Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: update to the latest versionFelix Fietkau2021-11-193-16/+24
| | | | | | | | | | | | | 68961a555e42 ubus: drop dnsmasq check for dns_result method 1ca3e26b8169 bpf: refactor code to support explicit opt-in for bulk+prio detection 3f0acf039f41 bpf: move flow prio/bulk detection config into a separate data structure bc54c97e3333 map, bpf: create a separate map for configured dscp classes 46cf3eae2d99 bpf: fix bulk flow detaction 88f1db7dd611 bpf: fix priority flow detection b5dec7874373 bpf: remove access to skb->gso_size e728a319a9a5 interface: unify status, always include ifname, ingress, egress Signed-off-by: Felix Fietkau <nbd@nbd.name>