aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: add support for specifying the FILS DHCP serverFelix Fietkau2021-12-103-1/+18
| | | | | | | | The 'fils_dhcp' option can be set to '*' in order to autodetect the DHCP server For proto=dhcp networks, the discovered dhcp server will be used For all other networks, udhcpc is called to discover the address Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: on dhcp interfaces, store the dhcp server in interface dataFelix Fietkau2021-12-101-0/+1
| | | | | | | | Among other things, this can be used to auto-configure the DHCP server address for wireless APs using FILS, if the bridged interface is configured to DHCP Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for enabling FILS on AP and client interfacesFelix Fietkau2021-12-101-4/+37
| | | | | | This is only supported with WPA-enterprise Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: enable FILS support in the full config and add build feature discoveryFelix Fietkau2021-12-109-18/+42
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: make hostapd/supplicant/wpad packages depend on a specific version ↵Felix Fietkau2021-12-011-0/+3
| | | | | | | | | of hostapd-commoon This avoids potential version mismatch between packages when upgraded individually Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: remove bulk flow detection from default portsFelix Fietkau2021-12-011-3/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: add besteffort class and switch all default classifications to class ↵Felix Fietkau2021-12-012-13/+17
| | | | | | names Signed-off-by: Felix Fietkau <nbd@nbd.name>
* nftables: bump to 1.0.1Stijn Tintel2021-12-011-3/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* nftables: install package fileKevin Darbyshire-Bryant2021-11-301-0/+3
| | | | | | Install pc file so dnsmasq can find libnftables Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: add beacon_interval to get_status ubus outputDavid Bauer2021-11-251-0/+1
| | | | | | | | | | Add the beacon interval to hostapd status output. This allows external services to discover the beacon interval for a specific VAP. This way, external wireless management daemons can correctly calculate fields containing TBTT value from absolute time-values. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: add a patch that allows processing auth requests for peers in ↵Felix Fietkau2021-11-243-6/+40
| | | | | | | | | | | | | | | blocked state If authentication fails repeatedly e.g. because of a weak signal, the link can end up in blocked state. If one of the nodes tries to establish a link again before it is unblocked on the other side, it will block the link to that other side. The same happens on the other side when it unblocks the link. In that scenario, the link never recovers on its own. To fix this, allow restarting authentication even if the link is in blocked state, but don't initiate the attempt until the blocked period is over. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: allow hostapd under ujail to communicate with hostapd_cliMark Mentovai2021-11-231-0/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When procd-ujail is available, 1f785383875a runs hostapd as user "network", with only limited additional capabilities (CAP_NET_ADMIN and CAP_NET_RAW). hostapd_cli (CONFIG_PACKAGE_hostapd-utils) communicates with hostapd over a named UNIX-domain socket. hostapd_cli is responsible for creating this socket at /tmp/wpa_ctrl_$pid_$counter. Since it typically runs as root, this endpoint is normally created with uid root, gid root, mode 0755. As a result, hostapd running as uid network is able to receive control messages sent through this interface, but is not able to respond to them. If debug-level logging is enabled (CONFIG_WPA_MSG_MIN_PRIORITY <= 2 at build, and log_level <= 2 in /etc/config/wireless wifi-device), this message will appear from hostapd: CTRL: sendto failed: Permission denied As a fix, hostapd_cli should create the socket node in the filesystem with uid network, gid network, mode 0770. This borrows the presently Android-only strategy already in hostapd intended to solve the same problem on Android. If procd-ujail is not available and hostapd falls back to running as root, it will still be able to read from and write to the socket even if the node in the filesystem has been restricted to the network user and group. This matches the logic in package/network/services/hostapd/files/wpad.init, which sets the uid and gid of /var/run/hostapd to network regardless of whether procd-ujail is available. As it appears that the "network" user and group are statically allocated uid 101 and gid 101, respectively, per package/base-files/files/etc/passwd and USERID in package/network/services/hostapd/Makefile, this patch also uses a constant 101 for the uid and gid. Signed-off-by: Mark Mentovai <mark@moxienet.com> [refreshed patch] Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: fix ismounted checkOldřich Jedlička2021-11-231-2/+2
| | | | | | | | Fix the return value, shell return codes should be 0 to indicate success (i.e. mount point found), 1 should be failure (i.e. mount point not-found). Fixes: ac4e8aa ("dnsmasq: fix more dnsmasq jail issues") Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
* qosify: update to the latest versionFelix Fietkau2021-11-221-3/+3
| | | | | | 06872673c10f map: allow referring to a class index directly in tcp/udp default entries Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: install hotplug handler into /etc/hotplug.d/iface as wellFelix Fietkau2021-11-221-1/+9
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uqmi: update to git HEADDaniel Golle2021-11-221-3/+3
| | | | | | | 20cd907 uqmi: use unmodified upstream JSON files b2c53dc command-nas: fix out-of-bounds read Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* qosify: add support for configuring overheadFelix Fietkau2021-11-212-1/+41
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: update to the latest versionFelix Fietkau2021-11-211-3/+3
| | | | | | 2743e58741b3 bpf: work around a verifier issue Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ethtool: update to version 5.15Hans Dedecker2021-11-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | cef54c4 Release version 5.15. 23beb39 update UAPI header copies fd7db64 netlink: settings: Correct duplicate condition 88892ec Merge branch 'review/module-fixes-2-v2' 79cb4ab sff-8636: Remove extra blank lines 128e97c sff-8636: Convert if statement to switch-case 7ff603b sff-8636: Fix incorrect function name 86e9784 sff-8636: Remove incorrect comment 001aecd cmis: Correct comment 1bad83c cmis: Fix wrong define name 2c2fa88 cmis: Fix CLEI code parsing d007b49 Merge branch 'review/module-fixes' into master a7431bc netlink: eeprom: Fix compilation when pretty dump is disabled d02409c ethtool: Fix compilation warning when pretty dump is disabled 2ddb1a1 netlink: eeprom: Fallback to IOCTL when a complete hex/raw dump is requested 7e153a7 cmis: Fix invalid memory access in IOCTL path 769a50e sff-8636: Fix parsing of Page 03h in IOCTL path Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* nftables: install libnftables to staging dirDaniel Danzberger2021-11-201-1/+7
| | | | | | Makes libnftables library and headers available for other packages. Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
* qosify: add qosify-status scriptFelix Fietkau2021-11-192-1/+74
| | | | | | This will show detailed status for all devices/interfaces Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: add class specific bulk flow detection example to voice classFelix Fietkau2021-11-191-0/+3
| | | | | | | With the new version, priority/bulk flow detection can be selectively enabled and configured per class Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: update to the latest versionFelix Fietkau2021-11-193-16/+24
| | | | | | | | | | | | | 68961a555e42 ubus: drop dnsmasq check for dns_result method 1ca3e26b8169 bpf: refactor code to support explicit opt-in for bulk+prio detection 3f0acf039f41 bpf: move flow prio/bulk detection config into a separate data structure bc54c97e3333 map, bpf: create a separate map for configured dscp classes 46cf3eae2d99 bpf: fix bulk flow detaction 88f1db7dd611 bpf: fix priority flow detection b5dec7874373 bpf: remove access to skb->gso_size e728a319a9a5 interface: unify status, always include ifname, ingress, egress Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: keep ICMP in the default best-effort classFelix Fietkau2021-11-191-1/+1
| | | | | | | Also preserve existing DSCP tags to make it easier to test latency for different DSCP values Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: move package to Base SystemRodrigo B. de Sousa Martins2021-11-191-2/+2
| | | | | | | | Since sqm-scripts and qos-scripts packages are in the same category as qosify, the firsts being in the Base System category, I find it understandable to move the latter to Base System instead of network section. Signed-off-by: Rodrigo B. de Sousa Martins <rodrigo.sousa.577@gmail.com>
* hostapd: fix use after free bugsDavid Bauer2021-11-191-6/+6
| | | | | | | Using a pointer one lifter after it freed is not the best idea. Let's not do that. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: set VARIANT=* for wpa-cli, hostapd-utilsEneas U de Queiroz2021-11-151-0/+2
| | | | | | | | | | | | | | | | | | | | 19aae94 [build: avoid rebuilds of unset VARIANT packages] builds packages defined without a VARIANT only once, using the first VARIANT defined in the Makefile. This caused problems with wpa-cli, as it is only built for variants that include supplicant support, and the first VARIANT defined may not build it. The same happens to hostapd-utils, which is not built for supplicant-only variants. To circumvent this, set VARIANT=* for both packages so that they get built for every defined variant. This should not cause spurious rebuilds, since tey are not a dependency of any other package defined in this Makefile. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* lldpd: add reload triggerStijn Tintel2021-11-142-1/+5
| | | | | | | This is needed to reload the service when calling reload_config, if the UCI config has changed. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* lldpd: consolidate procd command linesStijn Tintel2021-11-142-3/+2
| | | | | | There is no need to have multiple lines for this. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* lldpd: bump to 1.0.13Stijn Tintel2021-11-141-2/+2
| | | | | | Fixes CVE-2021-43612. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* qosify: add missing alias support in the init scriptFelix Fietkau2021-11-141-0/+18
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* firewall4: update to latest Git HEADPaul Spooren2021-11-131-4/+4
| | | | | | | | | eb0a3ee fw4.uc: Do not quote port ranges c5a8e3e tests: adapt test to new ICMP print logic Also start using $(AUTORELEASE) Signed-off-by: Paul Spooren <mail@aparcar.org>
* iproute2: update to 5.15Russell Senior2021-11-132-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | from https://git.kernel.org/pub/scm/network/iproute2/iproute2.git changes since 5.14.0: ad3a118f rdma: Fix SRQ resource tracking information json 7a235a10 man: devlink-port: fix pfnum for devlink port add 229eaba5 uapi: pickup fix for xfrm ABI breakage a500c5ac lib/bpf: fix map-in-map creation without prepopulation 7c032cac man: devlink-port: remove extra .br 04ee8e6f man: devlink-port: fix style 14802d84 man: devlink-port: fix the devlink port add synopsis 897772a7 cmd: use spaces instead of tabs for usage indentation e7a98a96 mptcp: unbreak JSON endpoint list 2f5825cb lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists d756c08a tc/f_flower: fix port range parsing 92e32f77 uapi: updates from 5.15-rc1 e7e0e2ce iptuntap: fix multi-queue flag display deef844b man: ip-link: remove double of a3272b93 configure: restore backward compatibility ceba5930 tree-wide: fix some typos found by Lintian 7a705242 ip: remove leftovers from IPX and DECnet 8ab1834e uapi: update headers from 5.15 merge 6d0d35ba ip/bond: add lacp active support 926ad641 Update kernel headers c730bd0b ip/tunnel: always print all known attributes df8912ed ipioam6: use print_nl instead of print_null 7e7270bb tc/skbmod: Introduce SKBMOD_F_ECN option 86c596ed IOAM man8 2d83c710 New IOAM6 encap type for routes f0b3808a Add, show, link, remove IOAM namespaces and schemas acbdef93 Import ioam6 uapi headers 2d6fa30b Update kernel headers 508ad89c ipneigh: add support to print brief output of neigh cache in tabular format * update patch 170-ip_tiny.patch to accomodate ioam. Signed-off-by: Russell Senior <russell@personaltelco.net>
* qosify: add default alias sectionsFelix Fietkau2021-11-121-1/+13
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: update to the latest versionFelix Fietkau2021-11-121-3/+3
| | | | | | | | 0750f2b4d329 README: dnsmasq integration is complete 8e48d0b0cbba bpf: add initial support for splitting map dscp value into ingress and egress bfc2cafe2a8c map: add support for defining aliases Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: fix the dynamic dns object names patchRui Salvaterra2021-11-121-7/+7
| | | | | | | | | We can't use booleans, since we're not including stdbool.h. Use integers instead. Fixes: 0b79e7c01e ("dnsmasq: generate the dns object name dynamically") Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* dnsmasq: add ubus acl to allow calls to hotplug.tftp objectDaniel Golle2021-11-121-0/+3
| | | | | | | | dnsmasq may call hotplug.dhcp, hotplug.neigh and hotplug.tftp. Only the first two callees were listed in the ACL, so add missing hotplug.tftp. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: generate the dns object name dynamicallyFelix Fietkau2021-11-101-5/+17
| | | | | | Fixes an issue with running multiple dnsmasq instances Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: add match_tag for --dhcp-hostPaul Fertser2021-11-091-3/+8
| | | | | | | | | | | | | | | | | | | A set of tags can be specified for --dhcp-host option to restrict the assignment to the requests which match all the tags. Example usage: config vendorclass option networkid 'udhcp' option vendorclass 'udhcp' config host option mac '*:*:*:*:*:*' list match_tag 'switch.10' list match_tag 'udhcp' option ip '192.168.25.10' Signed-off-by: Paul Fertser <fercerpav@gmail.com>
* qosify: mark as nonsharedFelix Fietkau2021-11-091-0/+1
| | | | | | The SDK does not have the LLVM toolchain yet Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: move files to /etc/qosifyFelix Fietkau2021-11-082-4/+4
| | | | | | | Now that wildcard matching is supported, this makes it easier for packages to supply their own qosify rules Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: update to the latest versionFelix Fietkau2021-11-081-3/+3
| | | | | | | | 737970946bc0 map: default to fnmatch matching for dns patterns. support regex via leading / b56b112e62e2 ubus: fix crash caused by missing static keyword 3a420e272c18 qosify: support wildcards in classifier filenames Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: add missing dependencyFelix Fietkau2021-11-081-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: update to the latest versionFelix Fietkau2021-11-081-3/+3
| | | | | | | | | | | | | | | | | | | | | | 2ca7352543da map: make a helper function for freeing entries 411432ec853b map: add support for adding dns regex patterns 14803cb559d8 ubus: remove unused enum a0740172eda6 ubus: add api for providing dns lookup results for dns regex rules 406fbf478e87 ubus: add support for dynamically adding dns based rules 5fc91183d60a README: mention dns regex entries 3ed8c3eb1a3b README: document mapping file syntax 91ce2e77d302 map: introduce low effort codepoint from RFC8622 5ff14acca0e7 interface: enable NAT on interfaces by default e70f70e496d7 README: fix typo f25ded617478 README: fix another typo 675238bc2ce5 loader: always reinitialize programs 010eea0d98c3 map: improve timeout handling of IP entries 7ef54a7f04a0 map: add DF codepoint 6f7fbe698555 map: increase active timeout to 300 60e06a579a13 qosify-bpf: inline check_flow() to ensure that it is jited f5ae89e8d869 ubus: subscribe to dnsmasq.dns for dns lookup results Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: add support for monitoring and modifying dns lookup results via ubusFelix Fietkau2021-11-081-0/+270
| | | | | | The monitoring functionality will be used for dns rule support in qosify Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uqmi: update to git HEAD and improve proto handler scriptDaniel Golle2021-11-062-7/+9
| | | | | | | | | | | | e303ba8 uqmi: update code generator 7880de8 uqmi: sync data from libqmi project d647f8d uqmi: add more diagnostics commands 6f95626 uim: add --uim-get-sim-state Use newly introduce --uim-get-sim-state command to query PIN status from modems which require using uim instead of dms command for that. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* omcproxy: bump to git HEADStijn Tintel2021-11-041-3/+3
| | | | | | bfba2aa groups: use uloop_timeout_remaining64 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: support qos_map_set without CONFIG_INTERWORKINGFelix Fietkau2021-11-041-0/+112
| | | | | | This feature is useful on its own even without full interworking support Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add wmm qos map set by defaultFelix Fietkau2021-11-031-1/+6
| | | | | | | | | | This implements the mapping recommendations from RFC8325, with an update from RFC8622. This ensures that DSCP marked packets are properly sorted into WMM classes. The map can be disabled by setting iw_qos_map_set to something invalid like 'none' Signed-off-by: Felix Fietkau <nbd@nbd.name>
* vti: squash vtiv4 and vtiv6 packages into vtiFlorian Eckert2021-11-031-36/+7
| | | | | | This change adds the same package behaviour as gre package. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-28 18:24:53 +0000