aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* mac80211: backport MBSSID/EMA support patchesFelix Fietkau2022-02-031-98/+32
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iptables: add ip{,6}tables-legacy{,-restore,-save} symlinksEtienne Champetier2022-02-031-0/+2
| | | | | | | Now that we can have both legacy and nft iptables variants installed at the same time, install the legacy symlinks Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iptables: use ALTERNATIVES for ip(6)tables(-nft)Etienne Champetier2022-02-031-2/+16
| | | | | | | | | As nftables is now the default, ip(6)tables-nft gets higher priority The removed symlinks ("$(CP)" line) will now be installed by the ALTERNATIVES mechanism Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iptables: rework ip(6)tables-nft dependenciesEtienne Champetier2022-02-031-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | according to iptables-nft man page, "These tools use the libxtables framework extensions and hook to the nf_tables kernel subsystem using the nft_compat module." This means that to work, iptables-nft needs the same modules as iptables legacy except the ip(6)table-{filter,mangle,nat,raw} ip_tables, ip6tables. When those modules are loaded iptables-nft-save output contains "# Warning: iptables-legacy tables present, use iptables-legacy-save to see them" But as long as it's empty it should not be a problem. To have nft properly display the rules created by ip(6)tables-nft we need all iptables targets and matches to be built as extension and not built-in (/usr/lib/iptables/libip(6)t_*.so) When switching a package to iptables-nft, you need to keep the iptables-mod-* dependencies This patch does minimal changes: - remove the direct iptables-nft -> iptables dependency - and more important add nft-compat dependency The rule iptables-nft -A OUTPUT -d 8.8.8.8 -m comment --comment "aaa" -j REJECT becomes table ip filter { chain OUTPUT { type filter hook output priority filter; policy accept; ip daddr 8.8.8.8 # xt_comment counter packets 0 bytes 0 # xt_REJECT } } Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iptables: fix ip6tables-nft descriptionEtienne Champetier2022-02-021-5/+5
| | | | | | ip6tables-nft packages ip6tables* utils not iptables* Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iptables: fix ip6tables-extra descriptionEtienne Champetier2022-02-021-1/+1
| | | | | | The define was referencing ip6tables-mod-extra instead of ip6tables-extra Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* uqmi: update to git HEADDaniel Golle2022-02-021-3/+3
| | | | | | f254fc5 uqmi: add support for get operating mode Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ethtool: Update to version 5.16Hauke Mehrtens2022-02-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 795f420 cmis: Rename CMIS parsing functions 369b43a cmis: Initialize CMIS memory map da16288 cmis: Use memory map during parsing 6acaeb9 cmis: Consolidate code between IOCTL and netlink paths d7d15f7 sff-8636: Rename SFF-8636 parsing functions 4230597 sff-8636: Initialize SFF-8636 memory map b74c040 sff-8636: Use memory map during parsing 799572f sff-8636: Consolidate code between IOCTL and netlink paths 9fdf45c sff-8079: Split SFF-8079 parsing function 2ccda25 netlink: eeprom: Export a function to request an EEPROM page 86792db cmis: Request specific pages for parsing in netlink path 6e2b32a sff-8636: Request specific pages for parsing in netlink path c2170d4 sff-8079: Request specific pages for parsing in netlink path 9538f38 netlink: eeprom: Defer page requests to individual parsers 664586e Merge branch 'review/next/module-mem-map' into master 50fdaec ethtool: Set mask correctly for dumping advertised FEC modes c5e7133 cable-test: Fix premature process termination 73091cd sff-8636: Use an SFF-8636 specific define for maximum number of channels 837c166 sff-common: Move OFFSET_TO_U16_PTR() to common header file 8658852 cmis: Initialize Page 02h in memory map 27b42a9 cmis: Initialize Banked Page 11h in memory map 340d88e cmis: Parse and print diagnostic information eae6a99 cmis: Print Module State and Fault Cause 82012f2 cmis: Print Module-Level Controls d7b1007 sff-8636: Print Power set and Power override bits 429f2fc Merge branch 'review/cmis-diag' into master 32457a9 monitor: do not show duplicate options in help text c01963e Release version 5.16. The sizes of the ipk changed on MIPS 24Kc like this: 34317 ethtool_5.15-1_mips_24kc.ipk 34311 ethtool_5.16-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-01-281-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | 16a1070 fw4.uc: handle zone masq6 option 5f61dbf ruleset: fix chain selection for mark and dscp targets 0bc844b ruleset: properly deal with wildcards in zone device selectors 101988d fw4: fix family comparisons 127dbc0 ruleset: emit AF specific rules for DSCP matches d63cb89 fw4: fix parsing inverted numeric DSCP values 8c8a867 fw4: fix wrong `parse_network()` return value on `parse_subnet()` failure f85bb2d ruleset: consolidate zone matches for raw_prerouting and raw_output chains 5669bc7 fw4: consolidate device grouping logic 94f03e0 ruleset: properly render redirect targets without port fff9779 fw4: fix family selection logic for redirect rules ca88fcd tests: update interface dump mock data e60bb4b ruleset: support non-contiguous address masks 8fec51a fw4: fix potential crashes when parsing invalid redirect sections c08eb44 fw4: fix redirect destination zone resolving 0df6ba0 fw4: fix address selection logic for DNAT reflection rules 60a2518 tests: add test coverage for redirect rules e479eff fw4: add RFC-8622 'Least Effort' (LE) DSCP mark ac8a737 ruleset: remove redundant syn check bd5dc4b tests: run testcases in strict mode 3ee6a5c ruleset: fix undeclared variable access uncovered by strict mode Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to git HEADHans Dedecker2022-01-231-3/+3
| | | | | | ed71876 iprule: add support for uidrange Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ipip: add 'nohostroute' optionMatthew Hagan2022-01-192-3/+6
| | | | | | | | Add the nohostroute option as available for gre and wg tunnels to allow the user to prevent explicit creation of a route to the peer address. Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
* hostapd: add op-class to get_status outputDavid Bauer2022-01-141-2/+9
| | | | | | Include the current operation class to hostapd get_status interface. Signed-off-by: David Bauer <mail@david-bauer.net>
* netifd: update to git HEADHans Dedecker2022-01-141-3/+3
| | | | | | 3043206 system: fix compilation with glibc 2.34 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iptables: enable nftable support by defaultPaul Spooren2022-01-141-2/+2
| | | | | | | | | | | | | | OpenWrt plans to move over to firewall4 which uses nftables under the hood. To allow a smooth migration the package `iptables-nft` offer a transparent wrapper to apply iptables rules to nftables. Without the config option for nftables the package isn't installed and therefore can't be tested. This commit enabled it and therefore provides the wrapper. The size of the iptables package increases from 25436 to 26500 Bytes. Signed-off-by: Paul Spooren <mail@aparcar.org>
* netifd: update to git HEADHans Dedecker2022-01-121-3/+3
| | | | | | | | 96902e8 Revert "netifd: add devtype to ubus call" 29e6acf netifd: add devtype to ubus call 7ccbf08 netifd: add devtype to ubus call Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: update to latest HEADKevin Darbyshire-Bryant2022-01-101-3/+3
| | | | | | | | | 0f16ea5 options.c: add DSCP code LE Least Effort 24ba465 firewall3: remove redundant syn check df1306a firewall3: fix locking issue 3624c37 firewall3: support table load on access on Linux 5.15+ Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* firewall4: bump to git HEADStijn Tintel2022-01-091-3/+3
| | | | | | | | | | | | 9a509d4 ruleset.uc: consolidate ip and ip6 offload 21f311d ruleset.uc: don't trim newline before comment sign f121383 tests: enable flow offloading in tests 550df40 tests: add test for unknown defaults option 47c5a5b tests: add test for deprecated rule option 69a89d6 tests: add test for unknown rule option 07579df fw4.uc: handle interface zone option Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ltq-vdsl: move to the default device name /dev/dsl_cpe_api/0Andre Heider2022-01-082-12/+1
| | | | | | | This makes patching it for ltq-vdsl-app unnecessary and paves the way for VRX518 support. Signed-off-by: Andre Heider <a.heider@gmail.com>
* firewall4: bump to git HEADStijn Tintel2022-01-061-2/+2
| | | | | | main.uc: fix device gathering Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* firewall4: fix syntax error in dependency specJo-Philipp Wich2022-01-061-1/+1
| | | | | Fixes: ae60af8572 ("firewall4: order DEPENDS alphabetically") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall/firewall4: provide uci-firewallStijn Tintel2022-01-062-2/+4
| | | | | | | | | | | | | | | | Provide uci-firewall via PROVIDES in both firewall and firewall4. This will allow us to change the dependency of luci-app-firewall to uci-firewall, making it possible to use it with either implementation. Move CONFLICTS from firewall4 to firewall, to solve this recursive dependency problem: tmp/.config-package.in:307:error: recursive dependency detected! tmp/.config-package.in:307: symbol PACKAGE_firewall is selected by PACKAGE_firewall4 tmp/.config-package.in:328: symbol PACKAGE_firewall4 depends on PACKAGE_firewall Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: bump to git HEADStijn Tintel2022-01-061-4/+4
| | | | | | | | | | | | | | | | 4ead2a6 treewide: move executables to /sbin 9ebc2f4 fw4.uc: filter duplicates in fw4.set 85b74f3 treewide: support flow offloading be3b4e6 treewide: support hardware flow offloading 38889b7 treewide: support set timeout 31c7550 fw4.uc: do not skip defaults with invalid option 334a127 fw4.uc: introduce DEPRECATED flag 7a0d38f fw4.uc: add _name as deprecated option 5e7ad3b fw4.uc: don't fail on unknown options be5f4e3 fw4.uc: allow use of cidr in ipsets Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: order DEPENDS alphabeticallyStijn Tintel2022-01-061-1/+5
| | | | | | | Add some line breaks while at at, to improve readability. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: drop kmod-ipt-nat from CONFLICTSStijn Tintel2022-01-061-1/+1
| | | | | | | | The limitation of not being able to use iptables and nft nat at the same time exists only in kernels before 4.18. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: refresh patchsetNick Hainke2021-12-314-11/+11
| | | | | | | | | | | | | | Recently the hostapd has undergone many changes. The patches were not refreshed. Refreshed with make package/hostapd/{clean,refresh} Refreshed: - 380-disable_ctrl_iface_mib.patch - 600-ubus_support.patch - 700-wifi-reload.patch - 720-iface_max_num_sta.patch Signed-off-by: Nick Hainke <vincent@systemli.org>
* nftables: allow quoted string in flowtable_expr_memberStijn Tintel2021-12-312-1/+45
| | | | | | | This is required to be able to use flow offloading on devices with ifnames that start with a digit, like 6in4-wan6. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* layerscape: restool: Remove build of manpagesHauke Mehrtens2021-12-281-0/+18
| | | | | | | | The build of the manpages needs the pandoc tool, this is not in the minimal requirements of OpenWrt, just remove the build of the restool manpage. This fixes the build on systems without pandoc like the OpenWrt build bots. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: add fallback for WPS on stationsRaphaël Mélotte2021-12-271-7/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Up to now the WPS script triggered WPS on the stations only if it could not trigger it successfully on any hostapd instance. In a Multi-AP context, there can be a need (to establish a new wireless backhaul link) to trigger WPS on the stations, regardless of whether there is already a hostapd instance configured or not. The current script makes it impossible, as if hostapd is running and configured, WPS would always be triggered on hostapd only. To allow both possibilities, the following changes are made: - Change the "pressed" action to "release", so that we can make use of the "$SEEN" variables (to know for how long the button was pressed). - If the button is pressed for less than 3 seconds, keep the original behavior. - If the button is pressed for 3 seconds or more, trigger WPS on the stations, regardless of the status of any running hostapd instance. - Add comments explaining both behaviors. - While at it, replace the usage of '-a' with a '[] && []' construct (see [1]). This gives users a "fallback" mechanism to onboard a device to a Multi-AP network, even if the device already has a configured hostapd instance running. [1]: https://github.com/koalaman/shellcheck/wiki/SC2166 Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
* umbim: add missing json_close_object callMartin Schiller2021-12-271-0/+1
| | | | | | | | Otherwise, connection setup may fail due to JSON parse error in netifd. Signed-off-by: Martin Schiller <ms@dev.tdt.de> [Updated commit description] Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
* umbim: explicitly check for PIN1 stateMartin Schiller2021-12-271-1/+2
| | | | | | | | | | | PIN2 is used only to restrict changing of fixed dialling feature, does not affect network registration. Therefore explicitly check for PIN1 state during connection setup, which is required for network registration. Signed-off-by: Martin Schiller <ms@dev.tdt.de> [Updated commit description] Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
* umbim: call umbim disconnect in error caseMartin Schiller2021-12-271-1/+13
| | | | | | | | This is needed to properly close the control channel. Otherwise, on the next try the caps call may fail. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* hostapd: add missing function declarationDavid Bauer2021-12-271-0/+10
| | | | Signed-off-by: David Bauer <mail@david-bauer.net>
* tcpdump: libpcap: Remove http://www.us.tcpdump.org mirrorHauke Mehrtens2021-12-271-2/+1
| | | | | | | | The http://www.us.tcpdump.org mirror will go offline soon, only use the normal download URL. Reported-by: Denis Ovsienko <denis@ovsienko.info> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: only attempt to set qos map if supported by the driverFelix Fietkau2021-12-231-0/+12
| | | | | | Fixes issues with brcmfmac Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: keep HE capability after channel switch in AP+STA/MeshArnout Vandecappelle (Essensium/Mind)2021-12-211-1/+2
| | | | | | | The auto-ht option already kept HT and VHT support, but wasn't updated to support HE (11ax). Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* hostapd: make OpenWrt statistics per-BSSDavid Bauer2021-12-202-20/+20
| | | | | | | WNM and RRM statistics were incorrectly per-PHY, leading to shared statistic counters per BSS. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: provide BSS-transition-queries to ubus subscribersDavid Bauer2021-12-202-10/+69
| | | | | | | | | | | | | | | Provide incoming BSS transition queries to ubus subscribers. This allows external steering daemons to provide clients with an optimal list of transition candidates. This commit has no functional state in case no ubus subscriber is present or it does not handle this ubus message. To prevent hostapd from sending out a generic response by itself, a subscribing daemon has to return a non-zero response code to hostapd. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: WNM: allow specifying dialog-tokenDavid Bauer2021-12-202-4/+110
| | | | | | | | | | Backport a patch to allow extending the ubus BSS-transition method for specifying individual dialog tokens for BSS transition management requests. This is required for handling BSS transition queries in the future. Signed-off-by: David Bauer <mail@david-bauer.net>
* odhcp6c: update to latest git HEADHans Dedecker2021-12-171-3/+3
| | | | | | | | 39b584b Revert "dhcpv6: add a minimum valid lifetime for IA_PD updates" c9578e1 dhcpv6: add support for null IA_PD valid lifetime ca43ea3 dhcpv6: add a minimum valid lifetime for IA_PD updates Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHans Dedecker2021-12-171-3/+3
| | | | | | | | | 5ca5e0b netifd: allow disabling rule/rule6 config sections 8875960 interface-ip: add support for IPv6 prefix invalidation e589c05 interface-ip: use metric when looking for a route b54ffde main: fix hotplug script usage message Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: close correct blobmsg tableDavid Bauer2021-12-161-1/+1
| | | | Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: add OpenWrt specific statistic countersDavid Bauer2021-12-152-1/+105
| | | | | | | | | | This adds a new struct for storing statistics not (yet) tracked by hostapd regarding RRM and WNM activity. These statistics can be read using the get_status hostapd interface ubus method. Signed-off-by: David Bauer <mail@david-bauer.net>
* iw: Update to version 5.16Hauke Mehrtens2021-12-144-367/+260
| | | | | | | | | | | Revert a commit to allow providing CFLAGS and LIBS from OpenWrt package Makefile. This downgrades the nl80211.h to kernel 5.15 and removes FILS_CRYPTO_OFFLOAD. This is needed to make it compatible with our patched mac80211 from kernel 5.15 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* restool: bump to LSDK-21.08Martin Schiller2021-12-131-3/+3
| | | | | | Update restool to latest LSDK-21.08. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* hostapd: add support for specifying the FILS DHCP serverFelix Fietkau2021-12-103-1/+18
| | | | | | | | The 'fils_dhcp' option can be set to '*' in order to autodetect the DHCP server For proto=dhcp networks, the discovered dhcp server will be used For all other networks, udhcpc is called to discover the address Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: on dhcp interfaces, store the dhcp server in interface dataFelix Fietkau2021-12-101-0/+1
| | | | | | | | Among other things, this can be used to auto-configure the DHCP server address for wireless APs using FILS, if the bridged interface is configured to DHCP Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for enabling FILS on AP and client interfacesFelix Fietkau2021-12-101-4/+37
| | | | | | This is only supported with WPA-enterprise Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: enable FILS support in the full config and add build feature discoveryFelix Fietkau2021-12-109-18/+42
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: make hostapd/supplicant/wpad packages depend on a specific version ↵Felix Fietkau2021-12-011-0/+3
| | | | | | | | | of hostapd-commoon This avoids potential version mismatch between packages when upgraded individually Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: remove bulk flow detection from default portsFelix Fietkau2021-12-011-3/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>