| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This makes patching it for ltq-vdsl-app unnecessary and paves the way
for VRX518 support.
Signed-off-by: Andre Heider <a.heider@gmail.com>
|
|
|
|
|
|
| |
main.uc: fix device gathering
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
| |
Fixes: ae60af8572 ("firewall4: order DEPENDS alphabetically")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide uci-firewall via PROVIDES in both firewall and firewall4. This
will allow us to change the dependency of luci-app-firewall to
uci-firewall, making it possible to use it with either implementation.
Move CONFLICTS from firewall4 to firewall, to solve this recursive
dependency problem:
tmp/.config-package.in:307:error: recursive dependency detected!
tmp/.config-package.in:307: symbol PACKAGE_firewall is selected by PACKAGE_firewall4
tmp/.config-package.in:328: symbol PACKAGE_firewall4 depends on PACKAGE_firewall
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
4ead2a6 treewide: move executables to /sbin
9ebc2f4 fw4.uc: filter duplicates in fw4.set
85b74f3 treewide: support flow offloading
be3b4e6 treewide: support hardware flow offloading
38889b7 treewide: support set timeout
31c7550 fw4.uc: do not skip defaults with invalid option
334a127 fw4.uc: introduce DEPRECATED flag
7a0d38f fw4.uc: add _name as deprecated option
5e7ad3b fw4.uc: don't fail on unknown options
be5f4e3 fw4.uc: allow use of cidr in ipsets
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
Add some line breaks while at at, to improve readability.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
| |
The limitation of not being able to use iptables and nft nat at the same
time exists only in kernels before 4.18.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recently the hostapd has undergone many changes. The patches were not refreshed.
Refreshed with
make package/hostapd/{clean,refresh}
Refreshed:
- 380-disable_ctrl_iface_mib.patch
- 600-ubus_support.patch
- 700-wifi-reload.patch
- 720-iface_max_num_sta.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
|
|
|
|
|
|
| |
This is required to be able to use flow offloading on devices with
ifnames that start with a digit, like 6in4-wan6.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
| |
The build of the manpages needs the pandoc tool, this is not in the
minimal requirements of OpenWrt, just remove the build of the restool
manpage. This fixes the build on systems without pandoc like the OpenWrt build bots.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Up to now the WPS script triggered WPS on the stations only if it
could not trigger it successfully on any hostapd instance.
In a Multi-AP context, there can be a need (to establish a new
wireless backhaul link) to trigger WPS on the stations, regardless of
whether there is already a hostapd instance configured or not. The
current script makes it impossible, as if hostapd is running and
configured, WPS would always be triggered on hostapd only.
To allow both possibilities, the following changes are made:
- Change the "pressed" action to "release", so that we can make use of
the "$SEEN" variables (to know for how long the button was pressed).
- If the button is pressed for less than 3 seconds, keep the original
behavior.
- If the button is pressed for 3 seconds or more, trigger WPS on the
stations, regardless of the status of any running hostapd instance.
- Add comments explaining both behaviors.
- While at it, replace the usage of '-a' with a '[] && []'
construct (see [1]).
This gives users a "fallback" mechanism to onboard a device to a
Multi-AP network, even if the device already has a configured hostapd
instance running.
[1]: https://github.com/koalaman/shellcheck/wiki/SC2166
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
|
|
|
|
|
|
|
|
| |
Otherwise, connection setup may fail due to JSON parse error in netifd.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Updated commit description]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
PIN2 is used only to restrict changing of fixed dialling feature,
does not affect network registration. Therefore explicitly check for
PIN1 state during connection setup, which is required for network
registration.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Updated commit description]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
|
|
|
|
|
|
|
|
| |
This is needed to properly close the control channel.
Otherwise, on the next try the caps call may fail.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
|
|
|
|
| |
Signed-off-by: David Bauer <mail@david-bauer.net>
|
|
|
|
|
|
|
|
| |
The http://www.us.tcpdump.org mirror will go offline soon, only use the
normal download URL.
Reported-by: Denis Ovsienko <denis@ovsienko.info>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
| |
Fixes issues with brcmfmac
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
The auto-ht option already kept HT and VHT support, but wasn't updated
to support HE (11ax).
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
|
|
|
|
|
|
|
| |
WNM and RRM statistics were incorrectly per-PHY, leading to shared
statistic counters per BSS.
Signed-off-by: David Bauer <mail@david-bauer.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide incoming BSS transition queries to ubus subscribers.
This allows external steering daemons to provide clients with
an optimal list of transition candidates.
This commit has no functional state in case no ubus subscriber is
present or it does not handle this ubus message.
To prevent hostapd from sending out a generic response by itself, a
subscribing daemon has to return a non-zero response code to hostapd.
Signed-off-by: David Bauer <mail@david-bauer.net>
|
|
|
|
|
|
|
|
|
|
| |
Backport a patch to allow extending the ubus BSS-transition method
for specifying individual dialog tokens for BSS transition
management requests.
This is required for handling BSS transition queries in the future.
Signed-off-by: David Bauer <mail@david-bauer.net>
|
|
|
|
|
|
|
|
| |
39b584b Revert "dhcpv6: add a minimum valid lifetime for IA_PD updates"
c9578e1 dhcpv6: add support for null IA_PD valid lifetime
ca43ea3 dhcpv6: add a minimum valid lifetime for IA_PD updates
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
| |
5ca5e0b netifd: allow disabling rule/rule6 config sections
8875960 interface-ip: add support for IPv6 prefix invalidation
e589c05 interface-ip: use metric when looking for a route
b54ffde main: fix hotplug script usage message
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
| |
Signed-off-by: David Bauer <mail@david-bauer.net>
|
|
|
|
|
|
|
|
|
|
| |
This adds a new struct for storing statistics not (yet) tracked by
hostapd regarding RRM and WNM activity.
These statistics can be read using the get_status hostapd interface ubus
method.
Signed-off-by: David Bauer <mail@david-bauer.net>
|
|
|
|
|
|
|
|
|
|
|
| |
Revert a commit to allow providing CFLAGS and LIBS from OpenWrt package
Makefile.
This downgrades the nl80211.h to kernel 5.15 and removes FILS_CRYPTO_OFFLOAD.
This is needed to make it compatible with our patched mac80211 from
kernel 5.15
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
| |
Update restool to latest LSDK-21.08.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
|
|
|
|
|
|
|
|
| |
The 'fils_dhcp' option can be set to '*' in order to autodetect the DHCP server
For proto=dhcp networks, the discovered dhcp server will be used
For all other networks, udhcpc is called to discover the address
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
Among other things, this can be used to auto-configure the DHCP server
address for wireless APs using FILS, if the bridged interface is
configured to DHCP
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
This is only supported with WPA-enterprise
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
of hostapd-commoon
This avoids potential version mismatch between packages when upgraded
individually
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
names
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
| |
Install pc file so dnsmasq can find libnftables
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
| |
Add the beacon interval to hostapd status output. This allows external
services to discover the beacon interval for a specific VAP.
This way, external wireless management daemons can correctly calculate
fields containing TBTT value from absolute time-values.
Signed-off-by: David Bauer <mail@david-bauer.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
blocked state
If authentication fails repeatedly e.g. because of a weak signal, the link
can end up in blocked state. If one of the nodes tries to establish a link
again before it is unblocked on the other side, it will block the link to
that other side. The same happens on the other side when it unblocks the
link. In that scenario, the link never recovers on its own.
To fix this, allow restarting authentication even if the link is in blocked
state, but don't initiate the attempt until the blocked period is over.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When procd-ujail is available, 1f785383875a runs hostapd as user
"network", with only limited additional capabilities (CAP_NET_ADMIN and
CAP_NET_RAW).
hostapd_cli (CONFIG_PACKAGE_hostapd-utils) communicates with hostapd
over a named UNIX-domain socket. hostapd_cli is responsible for creating
this socket at /tmp/wpa_ctrl_$pid_$counter. Since it typically runs as
root, this endpoint is normally created with uid root, gid root, mode
0755. As a result, hostapd running as uid network is able to receive
control messages sent through this interface, but is not able to respond
to them. If debug-level logging is enabled (CONFIG_WPA_MSG_MIN_PRIORITY
<= 2 at build, and log_level <= 2 in /etc/config/wireless wifi-device),
this message will appear from hostapd:
CTRL: sendto failed: Permission denied
As a fix, hostapd_cli should create the socket node in the filesystem
with uid network, gid network, mode 0770. This borrows the presently
Android-only strategy already in hostapd intended to solve the same
problem on Android.
If procd-ujail is not available and hostapd falls back to running as
root, it will still be able to read from and write to the socket even if
the node in the filesystem has been restricted to the network user and
group. This matches the logic in
package/network/services/hostapd/files/wpad.init, which sets the uid and
gid of /var/run/hostapd to network regardless of whether procd-ujail is
available.
As it appears that the "network" user and group are statically allocated
uid 101 and gid 101, respectively, per
package/base-files/files/etc/passwd and USERID in
package/network/services/hostapd/Makefile, this patch also uses a
constant 101 for the uid and gid.
Signed-off-by: Mark Mentovai <mark@moxienet.com>
[refreshed patch]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
| |
Fix the return value, shell return codes should be 0 to indicate success
(i.e. mount point found), 1 should be failure (i.e. mount point not-found).
Fixes: ac4e8aa ("dnsmasq: fix more dnsmasq jail issues")
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
|
|
|
|
|
|
| |
06872673c10f map: allow referring to a class index directly in tcp/udp default entries
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
20cd907 uqmi: use unmodified upstream JSON files
b2c53dc command-nas: fix out-of-bounds read
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
2743e58741b3 bpf: work around a verifier issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cef54c4 Release version 5.15.
23beb39 update UAPI header copies
fd7db64 netlink: settings: Correct duplicate condition
88892ec Merge branch 'review/module-fixes-2-v2'
79cb4ab sff-8636: Remove extra blank lines
128e97c sff-8636: Convert if statement to switch-case
7ff603b sff-8636: Fix incorrect function name
86e9784 sff-8636: Remove incorrect comment
001aecd cmis: Correct comment
1bad83c cmis: Fix wrong define name
2c2fa88 cmis: Fix CLEI code parsing
d007b49 Merge branch 'review/module-fixes' into master
a7431bc netlink: eeprom: Fix compilation when pretty dump is disabled
d02409c ethtool: Fix compilation warning when pretty dump is disabled
2ddb1a1 netlink: eeprom: Fallback to IOCTL when a complete hex/raw dump is requested
7e153a7 cmis: Fix invalid memory access in IOCTL path
769a50e sff-8636: Fix parsing of Page 03h in IOCTL path
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
| |
Makes libnftables library and headers available for other packages.
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
|
|
|
|
|
|
| |
This will show detailed status for all devices/interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
With the new version, priority/bulk flow detection can be selectively enabled
and configured per class
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
68961a555e42 ubus: drop dnsmasq check for dns_result method
1ca3e26b8169 bpf: refactor code to support explicit opt-in for bulk+prio detection
3f0acf039f41 bpf: move flow prio/bulk detection config into a separate data structure
bc54c97e3333 map, bpf: create a separate map for configured dscp classes
46cf3eae2d99 bpf: fix bulk flow detaction
88f1db7dd611 bpf: fix priority flow detection
b5dec7874373 bpf: remove access to skb->gso_size
e728a319a9a5 interface: unify status, always include ifname, ingress, egress
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|