aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* curl: rebuild when libopenssl config changesDENG Qingfang2020-03-291-1/+5
| | | | | | | | | | | | When some libopenssl options change curl will have to be rebuild to adapt to those changes, avoiding undefined reference errors or features disabled in curl. Add CONFIG_OPENSSL_ENGINE, CONFIG_OPENSSL_WITH_COMPRESSION and CONFIG_OPENSSL_WITH_NPN to PKG_CONFIG_DEPENDS so it will trigger rebuild every time the options are changed. Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* netifd: fix compilation with musl 1.2.0Hans Dedecker2020-03-261-3/+3
| | | | | | 1e8328 system-linux: fix compilation with musl 1.2.0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: fix compilation with musl 1.2.0Hans Dedecker2020-03-261-3/+3
| | | | | | 49305e6 odhcp6c: fix compilation with musl 1.2.0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: fix dnssec+ntp chicken-and-egg workaround (FS#2574)Henrique de Moraes Holschuh2020-03-252-4/+3
| | | | | | | | | | | | | | | | | | | | | | | Fix the test for an enabled sysntp initscript in dnsmasq.init, and get rid of "test -o" while at it. Issue reproduced on openwrt-19.07 with the help of pool.ntp.br and an RTC-less ath79 router. dnssec-no-timecheck would be clearly missing from /var/etc/dnsmasq.conf.* while the router was still a few days in the past due to non-working DNSSEC + DNS-based NTP server config. The fix was tested with the router in the "DNSSEC broken state": it properly started dnsmasq in dnssec-no-timecheck mode, and eventually ntp was able to resolve the server name to an IP address, and set the system time. DNSSEC was then enabled by SIGINT through the ntp hotplug hook, as expected. A missing system.ntp.enabled UCI node is required for the bug to show up. The reasons for why it would be missing in the first place were not investigated. Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* dnsmasq: init: get rid of test -a and test -oHenrique de Moraes Holschuh2020-03-251-17/+17
| | | | | | | Refer to shellcheck SC2166. There are just too many caveats that are shell-dependent on test -a and test -o to use them. Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
* uhttpd: bump to latest Git HEADJo-Philipp Wich2020-03-251-3/+3
| | | | | | | 5e9c23c client: allow keep-alive for POST requests 5fc551d tls: support specifying accepted TLS ciphers Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* nftables: bump to 0.9.3Kevin Darbyshire-Bryant2020-03-241-2/+2
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: add 'scriptarp' optionJordan Sokolic2020-03-222-1/+3
| | | | | | | | | | | Add option 'scriptarp' to uci dnsmasq config to enable --script-arp functions. The default setting is false, meaning any scripts in `/etc/hotplug.d/neigh` intended to be triggered by `/usr/lib/dnsmasq/dhcp-script.sh` will fail to execute. Also enable --script-arp if has_handlers returns true. Signed-off-by: Jordan Sokolic <oofnik@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* iwinfo: update to latest Git HEADDavid Bauer2020-03-222-12/+3
| | | | | | | | | | | | 9f5a7c4 iwinfo: add missing HT modename for HT-None 06a03c9 Revert "iwinfo: add BSS load element to scan result" 9a4bae8 iwinfo: add device id for Qualcomm Atheros QCA9990 eba5a20 iwinfo: add device id for BCM43602 a6914dc iwinfo: add BSS load element to scan result bb21698 iwinfo: add device id for Atheros AR9287 7483398 iwinfo: add device id for MediaTek MT7615E Signed-off-by: David Bauer <mail@david-bauer.net>
* samba36: log error if getting device info failedRafał Miłecki2020-03-212-4/+10
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* wireguard: bump to 0.0.20200318Jason A. Donenfeld2020-03-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WireGuard had a brief professional security audit. The auditors didn't find any vulnerabilities, but they did suggest one defense-in-depth suggestion to protect against potential API misuse down the road, mentioned below. This compat snapshot corresponds with the patches I just pushed to Dave for 5.6-rc7. * curve25519-x86_64: avoid use of r12 This buys us 100 extra cycles, which isn't much, but it winds up being even faster on PaX kernels, which use r12 as a RAP register. * wireguard: queueing: account for skb->protocol==0 This is the defense-in-depth change. We deal with skb->protocol==0 just fine, but the advice to deal explicitly with it seems like a good idea. * receive: remove dead code from default packet type case A default case of a particular switch statement should never be hit, so instead of printing a pretty debug message there, we full-on WARN(), so that we get bug reports. * noise: error out precomputed DH during handshake rather than config All peer keys will now be addable, even if they're low order. However, no handshake messages will be produced successfully. This is a more consistent behavior with other low order keys, where the handshake just won't complete if they're being used anywhere. * send: use normaler alignment formula from upstream We're trying to keep a minimal delta with upstream for the compat backport. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard-tools: bump to 1.0.20200319Jason A. Donenfeld2020-03-211-2/+2
| | | | | | | | | | | | | | | | * netlink: initialize mostly unused field * curve25519: squelch warnings on clang Code quality improvements. * man: fix grammar in wg(8) and wg-quick(8) * man: backlink wg-quick(8) in wg(8) * man: add a warning to the SaveConfig description Man page improvements. We hope to rewrite our man pages in mdocml at some point soon. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: fix segfault in wpa_supplicant ubusDaniel Golle2020-03-182-1/+3
| | | | | | | | | | | | | | When introducing ubus reload support, ubus initialization was moved to the service level instead of being carried out when adding a BSS configuration. While this works when using wpa_supplicant in that way, it breaks the ability to run wpa_supplicant on the command line, eg. for debugging purposes. Fix that by re-introducing ubus context intialization when adding configuration. Reported-by: @PolynomialDivision https://github.com/openwrt/openwrt/pull/2417 Fixes: 60fb4c92b6 ("hostapd: add ubus reload") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: fix pointer cast warningsLeon M. George2020-03-172-8/+15
| | | | Signed-off-by: Leon M. George <leon@georgemail.eu>
* hostapd: remove trailing whitespaceLeon M. George2020-03-171-2/+2
| | | | Signed-off-by: Leon M. George <leon@georgemail.eu>
* curl: bump to 7.69.1Hans Dedecker2020-03-161-2/+2
| | | | | | For changes in 7.69.1; see https://curl.haxx.se/changes.html#7_69_1 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wwan: fix hotplug event handlingRozhuk Ivan2020-03-162-2/+3
| | | | | | | | | Hotplug manager send: "remove" -> "add" -> "bind" events, script interpret bind as "not add" = "remove" and mark device as unavailable. Signed-off-by: Rozhuk Ivan <rozhuk.im@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* comgt: fix hotplug event handlingRozhuk Ivan2020-03-162-5/+5
| | | | | | | | | Hotplug manager send: "remove" -> "add" -> "bind" events, script interpret bind as "not add" = "remove" and mark device as unavailable. Signed-off-by: Rozhuk Ivan <rozhuk.im@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* netifd: update to latest git HEADHans Dedecker2020-03-161-3/+3
| | | | | | dbdef93 interface-ip: transfer prefix route ownership for deprecated ipv6addr to kernel Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: revert add libcap support, enabled in ip-fullMathias Kresin2020-03-151-9/+9
| | | | | | | | | | | | | This reverts commit a6da3f9ef746101b84a6f530f5a40de28341b69a. The libcap isn't as optional as the commit messages suggests. A hard dependency to the libcap package is added, which is only available in the external packages feed. Therefore it is impossible to package ip-full without having the external packages feed up and running, which is a regression to the former behaviour. Signed-off-by: Mathias Kresin <dev@kresin.me> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to latest git HEADHans Dedecker2020-03-151-3/+3
| | | | | | | | 6594c6b ubus: use dhcpv6 ia assignment flag a90cc2e dhcpv6-ia: avoid setting lifetime to infinite for static assignments bb07fa4 dhcpv4: avoid setting lifetime to infinite for static assignments Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iptables: update to 1.8.4Kevin Darbyshire-Bryant2020-03-153-29/+14
| | | | | | | | | | | | | | | | Bump to iptable 1.8.4 and address packaging issue as mentioned in the original bump/revert cycle. "This reverts commit 10cbc896c0a26aecff37261450c21f29fb5b99db. The updated iptables package does not build due to the following error encountered on the buildbots: cp: cannot stat '.../iptables-1.8.4/ipkg-install/usr/lib/libiptc.so.*': No such file or directory The changelog mentions "build: remove -Wl,--no-as-needed and libiptc.so" so it appears as if further packaging changes are needed beyond a simple version bump." Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* curl: bump to 7.69.0Hans Dedecker2020-03-101-2/+2
| | | | | | For changes in 7.69.0; see https://curl.haxx.se/changes.html#7_69_0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: bump to v2.81rc3Kevin Darbyshire-Bryant2020-03-103-79/+2
| | | | | | | Bump to latest release candidate and drop 2 local patches that have been upstreamed. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: bump to 2.81rc2 + 2 localKevin Darbyshire-Bryant2020-03-063-2/+79
| | | | | | | | | Bump to dnsmasq 2.81rc2. In the process discovered several compiler warnings one with a logical error. 2 relevant patches sent upstream, added as 2 local patches for OpenWrt Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: bump to v2.81rc1Kevin Darbyshire-Bryant2020-03-0435-8841/+5
| | | | | | | | | | 1st release candidate for v2.81 after 18 months. Refresh patches & remove all upstreamed leaving: 110-ipset-remove-old-kernel-support.patch Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* netifd: rename 20-smp-tune to 20-smp-packet-steeringAlan Swanson2020-03-031-0/+0
| | | | | | | Rename the script to be more obvious that this is for packet steering only. Signed-off-by: Alan Swanson <reiver@improbability.net>
* netifd: change RPS/XPS handling to all CPUs and disable by defaultAlan Swanson2020-03-031-9/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current implementation is significantly lowering lantiq performace [1][2] by using RPS with non-irq CPUs and XPS with alternating CPUs. The previous netifd implementation (by default but could be configured) simply used all CPUs and this patch essentially reverts to this behaviour. The only document suggesting using non-interrupt CPUs is Red Hat [3] where if the network interrupt rate is extremely high excluding the CPU that handles network interrupts *may* also improve performance. The original packet steering patches [4] advise that optimal settings for the CPU mask seems to depend on architectures and cache hierarcy so one size does not fit all. It also advises that the overhead in processing for a lightly loaded server can cause performance degradation. Ideally, proper IRQ balancing is a better option with the irqbalance daemon or manually. The kernel does not enable packet steering by default, so also disable in OpenWRT by default. (Though mvebu with its hardware scheduling issues [5] might want to enable packet steering by default.) Change undocumented "default_ps" parameter to clearer "packet_steering" parameter. The old parameter was only ever set in target/linux/mediatek/base-files/etc/uci-defaults/99-net-ps and matched the default. [1] https://forum.openwrt.org/t/18-06-4-speed-fix-for-bt-homehub-5a [2] https://openwrt.ebilan.co.uk/viewtopic.php?f=7&t=1105 [3] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/performance_tuning_guide/network-rps [4] https://marc.info/?l=linux-netdev&m=125792239522685&w=2 [5] https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=2e1f6f1682d3974d8ea52310e460f1bbe470390f Fixes: #1852 Fixes: #2573 Signed-off-by: Alan Swanson <reiver@improbability.net>
* ppp: activate PIE ASLR by defaultPetr Štetiar2020-03-011-0/+1
| | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on imx6: 112681 ppp_2.4.8-2_arm_cortex-a9_neon.ipk 121879 ppp_2.4.8-2_arm_cortex-a9_neon.ipk = 9198 diff Acked-by: Alexander Couzens <lynxis@fe80.eu> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ppp: backport security fixesPetr Štetiar2020-02-264-1/+129
| | | | | | | | | | 8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP 8d7970b8f3db pppd: Fix bounds check in EAP code 858976b1fc31 radius: Prevent buffer overflow in rc_mksid() Signed-off-by: Petr Štetiar <ynezz@true.cz> Fixes: CVE-2020-8597 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Revert "ppp: backport security fixes"Jo-Philipp Wich2020-02-264-129/+1
| | | | | | | | This reverts commit 215598fd03899c19a9cd26266221269dd5ec8cee since it didn't contain a reference to the CVE it addresses. The next commit will re-add the commit including a CVE reference in its commit message. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: enhance wifi reloadJohn Crispin2020-02-252-18/+134
| | | | | | | Add a radio_config_id property. If the radio config changes return an error upon receiving the reconf call. Signed-off-by: John Crispin <john@phrozen.org>
* hostapd: start hostapd/wpa_supplicant for all wiphy devicesPiotr Dymacz2020-02-242-2/+2
| | | | | | | | | | | | | | c888e17e06 ("hostapd: manage instances via procd instead of pidfile") added procd support for managing hostapd and wpa_supplicant daemons but at the same time limited wiphy names to 'phy*'. This brings back initial behaviour (introduced in 60fb4c92b6 ("hostapd: add ubus reload") and makes procd manage daemons for any wiphy device found in '/sys/class/ieee80211'. CC: Felix Fietkau <nbd@nbd.name> CC: Daniel Golle <daniel@makrotopia.org> Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* umbim: move package to 'WWAN' submenuPiotr Dymacz2020-02-241-0/+1
| | | | | | | 'uqmi' was moved to 'WWAN' submenu in 9abdeee0b7. Let's be consistent and do the same with 'umbim'. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* linux-atm: Fix compile warningHauke Mehrtens2020-02-241-1/+15
| | | | | | | | | | | | The function trace_on_exit() is given to atexit() as a parameter, but atexit() only takes a function pointer to a function with a void parameter. This problem was introduced when the on_exit() function was incompletely replaced by atexit(). Fixes: ba6c8bd6142f ("linux-atm: add portability fixes") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iw: update to 5.4DENG Qingfang2020-02-223-118/+43
| | | | | | | Update iw to 5.4 This increases the ipk size of iw-tiny/full by about 400 bytes Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* rssileds: add dependencies based on LDFLAGSAdrian Schmutzler2020-02-221-1/+1
| | | | | | | | | | | | | | | | | This adds the direct dependencies introduced by TARGET_LDFLAGS to the package's DEPENDS variable. This was found by accidentally building rssileds on octeon, which resulted in: "Package rssileds is missing dependencies for the following libraries: libnl-tiny.so" Though the dependencies are provided when building for the relevant targets ar71xx, ath79 and ramips, it seems more tidy to specify them explicitly. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* lldpd: bump to 1.0.5Stijn Tintel2020-02-223-23/+4
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ppp: backport security fixesPetr Štetiar2020-02-204-1/+129
| | | | | | | | 8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP 8d7970b8f3db pppd: Fix bounds check in EAP code 858976b1fc31 radius: Prevent buffer overflow in rc_mksid() Signed-off-by: Petr Štetiar <ynezz@true.cz>
* dnsmasq: fix uci-defaults script to exit 0 so it is cleaned upRussell Senior2020-02-191-0/+2
| | | | | | | | | | A file, package/network/services/dnsmasq/files/50-dnsmasq-migrate-resolv-conf-auto.sh, was added in commit 6a2855212096d2c486961a0841b037bae4b75de7, but it does not exit in a way that tells the uci-defaults mechanism that it succeeded, and so it is not cleaned up after running successfully. Add an exit 0 to the end to correct that. Signed-off-by: Russell Senior <russell@personaltelco.net>
* wireguard: bump to 0.0.20200215Jason A. Donenfeld2020-02-151-2/+2
| | | | | | | | | | * send: cleanup skb padding calculation * socket: remove useless synchronize_net Sorry for the back-to-back releases. This fixes a regression spotted by Eric Dumazet. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* iproute2: update to 5.5.0, enable LTODENG Qingfang2020-02-139-16/+16
| | | | | | | Update iproute2 to 5.5.0 Enable LTO to save several KB of size Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* uhttpd: update to latest Git HEADJo-Philipp Wich2020-02-121-4/+4
| | | | | | 2ee323c file: poke ustream after starting deferred program Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wireguard-tools: bump to 1.0.20200206Jason A. Donenfeld2020-02-091-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * wg-quick: android: split uids into multiple commands Newer android's ndc implementations have limits on uid size, so we have to break these into several lists. * man: document dynamic debug trick for Linux This comes up occasionally, so it may be useful to mention its possibility in the man page. At least the Arch Linux and Ubuntu kernels support dynamic debugging, so this advice will at least help somebody. So that you don't have to go digging into the commit, this adds this helpful tidbit to the man page for getting debug logs on Linux: # modprobe wireguard && echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control * extract-{handshakes,keys}: rework for upstream kernel These tools will now use the source code from the running kernel instead of from the old monolithic repo. Essential for the functioning of Wireshark. * netlink: remove libmnl requirement We no longer require libmnl. It turns out that inlining the small subset of libmnl that we actually use results in a smaller binary than the overhead of linking to the external library. And we intend to gradually morph this code into something domain specific as a libwg emerges. Performance has also increased, thanks to the inliner. On all platforms, wg(8) only needs a normal libc. Compile time on my system is still less than one second. So all in all we have: smaller binary, zero dependencies, faster performance. Packagers should no longer have their wireguard-tools package depend on libmnl. * embeddable-wg-library: use newer string_list * netlink: don't pretend that sysconf isn't a function Small cleanups. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: remove erroneous $(space) redefinitionJo-Philipp Wich2020-02-081-3/+0
| | | | | | | | | | | | | | | | The $(space) definition in the hostapd Makefile ceased to work with GNU Make 4.3 and later, leading to syntax errors in the generated Kconfig files. Drop the superfluous redefinition and reuse the working $(space) declaration from rules.mk to fix this issue. Fixes: GH#2713 Ref: https://github.com/openwrt/openwrt/pull/2713#issuecomment-583722469 Reported-by: Karel Kočí <cynerd@email.cz> Suggested-by: Jonas Gorski <jonas.gorski@gmail.com> Tested-by: Shaleen Jain <shaleen@jain.sh> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wireguard: bump to 0.0.20200205Jason A. Donenfeld2020-02-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | | * compat: support building for RHEL-8.2 * compat: remove RHEL-7.6 workaround Bleeding edge RHEL users should be content now (which includes the actual RedHat employees I've been talking to about getting this into the RHEL kernel itself). Also, we remove old hacks for versions we no longer support anyway. * allowedips: remove previously added list item when OOM fail * noise: reject peers with low order public keys With this now being upstream, we benefit from increased fuzzing coverage of the code, uncovering these two bugs. * netns: ensure non-addition of peers with failed precomputation * netns: tie socket waiting to target pid An added test to our test suite for the above and a small fix for high-load CI scenarios. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Revert "iwinfo: update to latest Git HEAD"Jo-Philipp Wich2020-02-052-3/+12
| | | | | | | | | This reverts commit 96424c143dd818b391d9b8da18249eca1d2e6c83. The commit changed libiwinfo's internal ABI which breaks a number of downstream projects, including LuCI and rpcd-mod-iwinfo. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iwinfo: update to latest Git HEADDavid Bauer2020-02-042-12/+3
| | | | | | | | | eba5a20 iwinfo: add device id for BCM43602 a6914dc iwinfo: add BSS load element to scan result bb21698 iwinfo: add device id for Atheros AR9287 7483398 iwinfo: add device id for MediaTek MT7615E Signed-off-by: David Bauer <mail@david-bauer.net>
* bcm4xxx: fix iwinfo behaviourJohn Crispin2020-02-041-0/+9
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* iptables: set-dscpmark follow upstreamimg attemptKevin Darbyshire-Bryant2020-01-313-215/+460
| | | | | | | | | | | I'm having another attempt at trying to getting the 'store dscp into conntrack connmark' functionality into upstream kernel, since the restore function (act_ctinfo) has been accepted. The syntax has changed from 'savedscp' to 'set-dscpmark' since that conforms more closely with existing functionality. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>