| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
| |
|
|
|
|
|
| |
Use the wdev config with the generated MAC address
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 0c43a48735959245f18d79a6e908d3b45cff0a94)
|
| |
|
|
|
|
|
|
| |
Ensure that the iface disable in uc_hostapd_iface_start also clears the ACS
state.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f1bb528ae7631c60b95499b7e8a1948c3e6a42f0)
|
| |
|
|
|
|
|
|
|
| |
The patch refresh accidentally moved the hostapd_ucode_free_iface call to
the wrong function
Fixes: e9722aef9e84 ("hostapd: fix a crash when disabling an interface during channel list update")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3a5ad6e3d74da713c0fc7d63b8026a56d16e198b)
|
| |
|
|
|
|
|
| |
Needed for wired 802.1x
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit fd6d7aafb2c3d335a3d192c308ffdace8d292e9f)
|
| |
|
|
|
|
|
| |
Avoid crashing if the interface has already been removed
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 4145ff4d8a29c1c7a1569bb06fa4d1fe9808c94f)
|
| |
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit e9722aef9e84110331706f74f7de0942c8d657ed)
|
| |
|
|
|
|
|
| |
7a58b995fdbe wireless: update prev_config on SET_DATA notify
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f52e008d045302976d2ff40f35e91b84a5678d12)
|
| |
|
|
|
|
|
| |
Improves reliability in error handling
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a511480368a03f754aa6ce7887633247a07ea166)
|
| |
|
|
|
|
|
|
|
|
|
| |
f429bd94f99e system-linux: switch to new ETHTOOL_xLINKSETTINGS API
1a07f1dff32b make_ethtool_modes_h.sh: apply anti-bashism
3d425f16d6a6 wireless: rework and fix vlan/station config reload handling
88a3a9e2be07 wireless: clean up prev_config handling
afcd3825dad9 wireless: dynamically enable/disable virtual interfaces base on network interface autostart
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a33f1d35155cf9579065ed76bd17e991d165170e)
|
| |
|
|
|
|
|
| |
Without it, a lot of authentication modes fail without obvious error messages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 560965d5826626e3be8c1f1db194db43cc7002cf)
|
| |
|
|
|
|
|
| |
It is no longer used
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b0501d380f65ae9f82173b35b820c9c6adb92493)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
db3934d2f740 scripts/netifd-wireless.sh: properly fix WPA3 Enterprise support
Support the following values for the different WPA3 Enterprise modes:
- wpa3-mixed: WPA3 Enterprise transitional mode
This supports EAP with both SHA1 and SHA-256, with optional MFP
- wpa3: WPA3 Enterprise only mode
This supports only SHA256 with mandatory MFP
- wpa3-192: WPA3 Enterprise with mandatory 192 bit support
This uses only GCMP-256 ciphers
Disable 192 bit support and GCMP-256 ciphers for the regular "wpa3" mode.
It seems that even leaving in optional 192 bit support breaks auth on some
clients, including iOS devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 8c03dc962f8e10f9fef0877a0f8d8235f619ef7d)
|
| |
|
|
|
|
|
|
| |
WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256
WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b63df6ce5d0639e6106967fd445c96518da52afb)
|
| |
|
|
|
|
|
| |
Use the SHA384 variant to account for longer keys with more security
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f0d1349b52983400e7526f3ab57dc6a0f2cc771a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
077e05f2b129 vlan/vlandev: pass through extra vlan information passed via hotplug
40fad91eb5be wireless: add network_vlan config attribute
1571e18e4a69 bridge: add support for configuring extra tagged vlans on member devices
b719f189f243 bridge: make hotplug-added vlans default to tagged
edf3aced9f9a bridge: add support for adding vlan ranges via hotplug
493e1589bc8b bridge: fix coverity false positive report
03a619947717 bridge: add support for configuring extra vlans for the bridge itself
4bea6d21a9ab wireless: fix changing reconf/serialize options in configuration
255b4d5c472e wireless: fix handling config reload with reconf=1
1ab992a74b43 wireless: fix another reconf issue
e94f7a81a039 bridge: fix config reload on 32 bit systems
8c2758b4fbbb wireless: add support for replacing data blobs at runtime
0ff22a6a68ce wireless: enable dynamic reconfiguration by default
4711f74479e2 netifd: fix disabling radio via config if reconf is being used
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 09fd59938b673ca10d4b3c46d32f18164bcdb21a)
|
| |
|
|
|
|
|
| |
This significantly improves config reload behavior and also fixes some
corner cases related to running AP + mesh interfaces at the same time.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Commit e978072baaca ("Do prune_association only after the STA is
authorized") causes issues when an STA roams from one interface to
another interface on the same PHY. The mt7915 driver is not able to
handle this properly. While the commits fixes a DoS, there are other
devices and drivers with the same limitation, so revert to the orginal
behavior for now, until we have a better solution in place.
Fixes: #13156
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 324673914d42f5fb9b70cc73e955117828b99f3b)
|
| |
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit adfeda849198b33ffa7a7ef233ae8a4df22bbc2d)
|
| |
|
|
|
|
|
|
|
|
|
| |
d1f07cf devices: add device id for Atheros AR9287 and AR9380
65ea345 nl80211: constify a few arrays
ca79f64 lib: report byte counters as 64 bit values
This contains an ABI change, increase the ABI version too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a226153067766db6d733aa3e330742c9da40c4f6)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
At least Fedora and RHEL 9 set RSAMinSize=2048, so when trying to use
failsafe, we get 'Bad server host key: Invalid key length'
To workaround the issue, we can use: ssh -o RSAMinSize=1024 ...
Generating 2048 bits RSA is extremely slow, so add ed25519.
We keep RSA 1024 to be as compatible as possible.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 6ac61dead99ff6b9df00c29b7a858772449718b2)
|
| |
|
|
|
|
|
|
|
| |
If dual-stack configuration is in use, and dhcpv6 option is set, do not start
464xlat sub-interface for dhcpv6 sub-interace , as the configuration already
provides IPv4 connectivty, be it through single or dual APN configuration.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit a9237c1af9c2eee0a49d96f2588be85d24489f20)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add two new "v6apn" and "v6profile" properties, to support split-APN
dual-stack onfiguration. This extends the existing ipv4v6 PDP type,
allowing simultaneous connection to two distinct APNs,
one for IPv4 and one for IPv6.
The parameters override existing 'apn' and 'profile' respectively,
if set, but only for IPv6 part of the connection.
If unset, they default to their original values, constituting a standard
IPv4v6 setup.
If a different APN is set for IPv6, a corresponding profile MUST also be
configured, with a different ID, than the IPv4 profile, for example,
profile 2.
Both APNs must match ones configured through QMI or through 'AT+CGDCONT'
command.
Example configuration in UCI:
config interface 'wan'
option proto 'qmi'
option device '/dev/cdc-wdm0'
option autoconnect '1'
option pdptype 'ipv4v6'
option apn 'internet'
option v6apn 'internetipv6'
option profile '1'
option v6profile '2'
Corresponding profile configuration:
AT+CGDCONT?
+CGDCONT: 1,"IP","internet","0.0.0.0",0,0,0,0
+CGDCONT: 2,"IPV6","internetipv6","0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0",0,0,0,0
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 48e8bf1b8f3d2750f215765f583c847ff02deca2)
|
| |
|
|
|
|
|
|
| |
ChangeLog:
https://www.netfilter.org/projects/nftables/files/changes-nftables-1.0.8.txt
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 58c498247b3d06c0ff1967d2f48ba84084a6cf25)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed, merged upstream:
- 170-wpa_supplicant-fix-compiling-without-IEEE8021X_EAPOL.patch
Manually refreshed:
- 040-mesh-allow-processing-authentication-frames-in-block.patch
- 600-ubus_support.patch
- 761-shared_das_port.patch
Fixes: #12661
Fixes: 304423a4 ("hostapd: update to 2023-03-29")
Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit cd804c1ebb34c9740f8ad9fe393a81f3efb7b009)
|
| |
|
|
|
|
|
| |
34a8a74 uhttpd/file: fix string out of buffer range on uh_defer_script
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7a6f6b812632a5983cd34ab5c41271d5d4de5fbf)
|
| |
|
|
|
|
|
|
| |
5211264 odhcpd: add support for dhcpv6_pd_min_len parameter
c6bff6f router: Add PREF64 (RFC 8781) support
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit acd9981b4ef750544202df9d9e2d0143a6dfd478)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
412d03012f13 network: prevent adding endpoint routes for addresses on the network
faaf9cee6ef4 utils: fix ipv4 checksum issue
0e1c2fad3540 pex-msg: fix memory leak on fread fail in pex_msg_update_request_init
51be0ed659d0 host: fix crash parsing gateway when no endpoint is specified
ca17601dc24e wg-linux: add support for splitting netlink messages for allowed ips
7d3986b7a5a2 wg-linux: increase default messages size
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 7b1e8983365746876034534ef22004d423c390e0)
|
| |
|
|
|
|
|
|
|
| |
source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the repository
link to the new location.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0a1ee5323549bfce30b4d42be2dcc461f694881c)
|
| |
|
|
|
|
|
| |
ec9dba721245 system-linux: fix memory leak in system_bridge_vlan_check
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 20ce21866e482c132df7085061f28dfdafc8a48a)
|
| |
|
|
|
|
|
|
| |
Fix the PKG_MIRROR_HASH value for netifd.
Fixes: d2ecaaca3404 ("netifd: update to version 2023-05-31")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 21f713d5abf86fc5639b41d7f4e7535a5538d63a)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Contains following changes:
* bridge: bridge_dump_info: add dumping of bridge attributes
* bridge: make it more clear why the config was applied
* cmake: fix build by reordering the cflags definitions
* treewide: fix multiple compiler warnings
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d2ecaaca3404a05ba65bb6756bc5fbd05389ed2f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
My original bpftools package made "variant" builds of bpftool and libbpf
as a convenience, since both used the same local kernel sources with the
same versioning. This is no longer the case, since the commit below
switched to using an out-of-tree build mirror hosting repos for each.
Replace bpftools with separate bpftool and libbpf packages, each simplified
and correctly versioned. Also fix the broken libbpf ABI introduced in the
same commit. Existing build .config files are not impacted.
Fixes: 00cbf6f6ab1d ("bpftools: update to standalone bpftools + libbpf, use the latest version")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit afe1bf11f2539f75e30ab3206891dbe6f8c43bd5)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
Release Notes:
https://github.com/lldpd/lldpd/releases/tag/1.0.17
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 17fbbafdcbc55d6ab3d357012f336941fa27d43e)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
adds ForceCommand option. If the command is specified,
it forces users to execute the command when they log in.
Signed-off-by: Nozomi Miyamori <inspc43313@yahoo.co.jp>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Update to umdns HEAD to include latest enhancements for browse method
filtering, return of TXT records as an array, dumping IPv4/6 as an
array, and including the interface name in a browse reply.
Signed-off-by: Mark Baker <mark@vpost.net>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> #ipq807x, mt7621, x86_64
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TOZED TL70-C is an LTE CAT6 cellular modem based on UNISOC SL8563. UNISOC
was formerly called Spreadtrum hence the manufacturer name detected on the
modem is spreadtrum.
The connect and disconnect commands bring up and down the usb0 interface.
They are Base64 encoded as that's what the AT command accepts. The modem
can do up to 4 APNs by bringing the USB interfaces, usb0 to usb3, up.
Setting the USB interfaces up:
connmanctl ndisdial AT^NDISDUN="usb0",1,1
connmanctl ndisdial AT^NDISDUN="usb1",1,2
connmanctl ndisdial AT^NDISDUN="usb2",1,3
connmanctl ndisdial AT^NDISDUN="usb3",1,4
Setting the USB interfaces down:
connmanctl ndisdial AT^NDISDUN="usb0",0,1
connmanctl ndisdial AT^NDISDUN="usb1",0,2
connmanctl ndisdial AT^NDISDUN="usb2",0,3
connmanctl ndisdial AT^NDISDUN="usb3",0,4
Co-developed-by: Andre Cruz <me@1conan.com>
Signed-off-by: Andre Cruz <me@1conan.com>
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
|
| |
|
|
|
|
|
|
| |
add description for medion usb lte webstick
Signed-off-by: Joe Cooper <highjagger+github@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Based on Paul Fertser <fercerpav@gmail.com>'s guidance:
Change AUTORELEASE in rules.mk to:
```
AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile))
```
then update all affected packages by:
```
for i in $(git grep -l PKG_RELEASE:=.*AUTORELEASE | sed 's^.*/\([^/]*\)/Makefile^\1^';);
do
make package/$i/clean
done
```
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
|
|
|
| |
c9f5c3f devices: add MediaTek MT7981 WMAC compatible
b3888b2 devices: add compatible strings for Ralink WiSoCs
Signed-off-by: David Bauer <mail@david-bauer.net>
|
| |
|
|
|
|
|
| |
Release Notes:
https://lore.kernel.org/netdev/20230508213111.z4vjg6gyrm7nwz4r@lion.mk-sys.cz/
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
d4f56f0e6971 add support for handling traffic to/from the bridge device
3ea579064c00 nl: add separate socket for netlink commands
4ec5a51c6d01 nl: fetch packet stats for offloaded flows
0319fd080bf5 add support for configuring a fixed output port for a bridge member port
5b730f0c2cf5 bridger-bpf: fix build on older kernels
00af6c6e8350 nl: process IFLA_MASTER in any nl events, but skip wireless events
a2794f95756e bridger-bpf: add bpf_skb_pull_data call
6974093eb036 nl: rework vlan code to use the iflink API
d0f79a16c749 nl: do not attempt to enable flow offload on older kernels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allowing the (kernel) packet priority to be set through UCI.
This makes it straightforward to set some VLAN priority for DHCP
requests through a simple egress qos map. (Avoiding the need for
firewall matching and marking through iptables, which prevents using
flow offloading).
(Such priority tag is a hard requirement for some ISPs, such as Orange
in France).
Depends on: https://github.com/openwrt/odhcp6c/pull/74
Signed-off-by: Pacien TRAN-GIRARD <pacien.trangirard@pacien.net>
|
| |
|
|
|
|
| |
bcd2836 odhcp6c: add -K option to set packet kernel priority
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
To support the widest variety of modems, allow restoring previous
behaviour of configuring the link throug means of DHCP(v6) exclusively.
Change the default value of "dhcp" and "dhcpv6" UCI options to "auto",
while keeping the default behaviour of "prefer out-of-band configuration",
intact. Setting "dhcp" or "dhcpv6" to boolean 1 will now force using
DHCP and DHCPv6, respectively.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
|
| |
|
|
|
|
|
| |
Release Notes:
https://lore.kernel.org/netdev/20230427090253.7a92616b@hermes.local/T/
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
|
|
|
|
| |
In MBIM interfaces, DNS servers may be provided out-of-band regardless
whether DHCP is used for configuration, or not. Move the DNS
configuration outside "if" blocks to support that.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
|
| |
|
|
|
|
|
| |
Beginnings and endings of sub-interface creation procedure were
literally duplicates - extract them outside if "if" blocks
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Allow setting interface MTU through UCI. If this is not set,
use MBIM-provided MTU, if provided through control channel.
If separate MTUs are provided for IPv4 and IPv6, apply larger of them.
This is very unlikely and possible only for IPv4v6 dual-stack configuration.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
|
| |
|
|
|
|
|
| |
Delegate prefixes received through MBIM control channel the same way, as
would be done through DHCP, according to RFC7278.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
|
