aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* dnsmasq: add support for filter-AAAA/AChen Minqiang2022-11-122-0/+5
| | | | | | | | This add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6 addresses from DNS answers. these options is supported since version 2.87. Co-authored-by: NueXini <nuexini@alumni.tongji.edu.cn> Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
* hostapd: remove invalid dtim_period option processingFelix Fietkau2022-11-101-2/+1
| | | | | | | | dtim_period is a bss property, not a device one. It is already handled properly in mac80211.sh Fixes: 30c64825c7ed ("hostapd: add dtim_period, local_pwr_constraint, spectrum_mgmt_required") Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: remove backported CVE patchKevin Darbyshire-Bryant2022-11-061-179/+0
| | | | | | Patch no longer applies/required since bump to v2.87 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: Support nftables nftsetsKevin Darbyshire-Bryant2022-11-062-11/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add build option for nftables sets. By default disable iptables ipset support. By default enable nftable nftset support since this is what fw4 uses. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> dnsmasq: nftset: serve from ipset config Use existing ipset configs as source for nftsets to be compatible with existing configs. As the OS can either have iptables XOR nftables support, it's fine to provide both to dnsmasq. dnsmasq will silently fail for the present one. Depending on the dnsmasq compile time options, the ipsets or nftsets option will not be added to the dnsmasq config file. dnsmasq will try to add the IP addresses to all sets, regardless of the IP version defined for the set. Adding an IPv6 to an IPv4 set and vice versa will silently fail. Signed-off-by: Mathias Kresin <dev@kresin.me> dnsmasq: support populating nftsets in addition to ipsets Tell dnsmasq to populate nftsets instead of ipsets, if firewall4 is present in the system. Keep the same configuration syntax in /etc/config/dhcp, for compatibility purposes. Huge thanks to Jo-Philipp Wich for basically writing the function. Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> dnsmasq: obtain nftset ip family from nft Unfortunately dnsmasq nft is noisy if an attempt to add a mismatched ip address family to an nft set is made. Heuristic to guess which ip family a nft set might belong by inferring from the set name. In order of preference: If setname ends with standalone '4' or '6' use that, else if setname has '4' or '6' delimited by '-' or '_' use that (eg foo-4-bar) else If setname begins with '4' or '6' standalone use that. By standalone I mean not as part of a larger number eg. 24 If the above fails then use the existing nft set query mechanism and if that fails, well you're stuffed! With-thanks-to: Jo-Philipp Wich <jo@mein.io> who improved my regexp knowledge. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> dnsmasq: specify firewall table for nftset Permit ipsets to specify an nftables table for the set. New config parameter is 'table'. If not specified the default of 'fw4' is used. config ipset list name 'BK_4,BK_6' option table 'dscpclassify' option table_family 'ip' option family '4' list domain 'ms-acdc.office.com' list domain 'windowsupdate.com' list domain 'update.microsoft.com' list domain 'graph.microsoft.com' list domain '1drv.ms' list domain '1drv.com' The table family can also be specified, usually 'ip' or 'ip6' else the default 'inet' capable of both ipv4 & ipv6 is used. If the table family is not specified then finally a family option is available to specify either '4' or '6' for ipv4 or ipv6 respectively. This is all in addition to the existing heuristic that will look in the nftset name for an ip family clue, or in total desperation, query the value from the nftset itself. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: add uci-defaults script for ipset migrationMathias Kresin2022-11-062-0/+33
| | | | | | | | When running sysupgrade from an existing configuration, move existing ipset definitions to a dedicated config section. Later on, it will allow to serve ipset as well as nftable sets from the same configuration. Signed-off-by: Mathias Kresin <dev@kresin.me>
* dnsmasq: bump to 2.87Kevin Darbyshire-Bryant2022-11-063-10/+10
| | | | | | Bump dnsmasq to 2.87 & refresh patches Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: Backport DHCPv6 server fix (CVE-2022-0934)Hauke Mehrtens2022-11-051-0/+179
| | | | | | | | | | | This backports a commit from upstream dnsmasq to fix CVE-2022-0934. CVE-2022-0934 description: A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uhttpd: use procd to reload on acme renewGlen Huang2022-11-043-6/+2
| | | | | | | Calling /etc/init.d/uhttpd reload directly in the acme hotplug script can inadvertently start a stopped instance. Signed-off-by: Glen Huang <i@glenhuang.com>
* firewall: config: drop input traffic by defaultBaptiste Jonglez2022-11-011-1/+1
| | | | | | | | | | | | | | | | | | | This is necessary with firewall4 to avoid a hard-to-diagnose race condition during boot, causing DNAT rules not to be taken into account correctly. The root cause is that, during boot, the ruleset is mostly empty, and interface-related rules (including DNAT rules) are added incrementally. If a packet hits the input chain before the DNAT rules are setup, it can create buggy conntrack entries that will persist indefinitely. This new default should be safe because firewall4 explicitly accepts authorized traffic and rejects the rest. Thus, in normal operations, the default policy is not used. Fixes: #10749 Ref: https://github.com/openwrt/openwrt/issues/10749 Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* iwinfo: update to the latest versionHauke Mehrtens2022-11-011-3/+3
| | | | | | 00aab87 Correctly identify key management algorithms starting with "FT-" Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* odhcpd: update to git HEADHans Dedecker2022-10-311-3/+3
| | | | | | | | a92c0a7 dhcpv6-ia: make tmp lease file hidden 4a673e1 fix null pointer dereference for INFORM messages 860ca90 odhcpd: Support for Option NTP and SNTP Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ltq-vdsl-vr9-app: extend ubus call to provide DSL statisticsRoland Barenbrug2022-10-301-2/+130
| | | | | | | | | Adding a new method to `ubus call dsl` to retrieve DSL statistics used to feed the DSL charts (bit allocation, SNR, QLN and HLOG) Signed-off-by: Roland Barenbrug <roland@treslong.com> [fix pointer error, clean up] Signed-off-by: Andre Heider <a.heider@gmail.com>
* ltq-vdsl-vr9-app: skip invalid line status valuesRoland Barenbrug2022-10-301-7/+9
| | | | | | | | | DSL_G997_LineStatusData_t defines special invalid values, skip these metrics. Signed-off-by: Roland Barenbrug <roland@treslong.com> [split patch] Signed-off-by: Andre Heider <a.heider@gmail.com>
* iproute2: update to 6.0.0Nick Hainke2022-10-2210-34/+11
| | | | | | | | | | | | | | | | | | | | Release Notes: https://lore.kernel.org/netdev/20221004082610.56b04719@hermes.local/t/ Remove upstreamed patch: - 010-ipstats-Add-param.h-for-musl.patch Refreshed: - 140-keep_libmnl_optional.patch - 145-keep_libelf_optional.patch - 150-keep_libcap_optional.patch - 155-keep_tirpc_optional.patch - 170-ip_tiny.patch - 190-fix-nls-rpath-link.patch - 200-drop_libbsd_dependency.patch - 300-selinux-configurable.patch Signed-off-by: Nick Hainke <vincent@systemli.org>
* thc-ipv6: update to 3.8Nick Hainke2022-10-223-14/+14
| | | | | | | | | | | | | | | | | | Remove upstreamed patches: - 000-cflags_override.patch Manually refresh patches: - 100-no-ssl.patch Add patches: - 101-remove-march-native.patch Add THC_APPLETS: - toobigsniff6 - flood_unreach6 - connect6 Signed-off-by: Nick Hainke <vincent@systemli.org>
* wireless-tools: add package CPE IDPetr Štetiar2022-10-191-0/+1
| | | | | | | | Common Platform Enumeration (CPE) is a structured naming scheme for information technology systems, software, and packages. Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ethtool: update to 6.0Nick Hainke2022-10-181-2/+2
| | | | | | | Release Notes: https://lwn.net/Articles/910841/ Signed-off-by: Nick Hainke <vincent@systemli.org>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-10-181-3/+3
| | | | | | 7ae5e14 fw4: gracefully handle `null` return values from `fd.read("line")` Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: use acme hotplugGlen Huang2022-10-182-1/+6
| | | | | | | Reload uhttpd after certificates are renewed with acme. Reviewed-by: Toke Høiland-Jørgensen <toke@toke.dk> Signed-off-by: Glen Huang <i@glenhuang.com>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-10-151-3/+3
| | | | | | | | | | | | | | | 4fbf6d7 ruleset.uc: log forwarded traffic not matched by zone policies c7201a3 main.uc: reintroduce set reload restriction 756f1e2 ruleset: fix emitting set_mark/set_xmark rules with masks 3db4741 ruleset: properly handle zone names starting with a digit 43d8ef5 fw4: fix formatting of default log prefix 592ba45 main.uc: remove uneeded/wrong set reload restrictions b0a6bff tests: fix testcases 145e159 fw4: recognize `option log` and `option counter` in `config nat` sections ce050a8 fw4: fall back to device if l3_device is not available in ifstatus Fixes: #10639, #10965 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iwinfo: update to the latest versionFelix Fietkau2022-10-141-3/+3
| | | | | | 0496c722f1d7 nl80211: fix issues with renamed wiphy and multiple phy per device Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add measurement report value for beacon reportsNick Hainke2022-10-131-0/+1
| | | | | | | | | | | | | | | | | Add the measurement report value to the beacon reports send via ubus. It is possible to derive from the measurement report if a station refused to do a beacon report and why. It is important to know why a station refuses to do a beacon-report. In particular, we should not request a beacon report from a station again that refused a beacon-report before. The rejection reasons can be found by looking at the bits defined by: - MEASUREMENT_REPORT_MODE_ACCEPT - MEASUREMENT_REPORT_MODE_REJECT_LATE - MEASUREMENT_REPORT_MODE_REJECT_INCAPABLE - MEASUREMENT_REPORT_MODE_REJECT_REFUSED Suggested-by: Ian Clowes <clowes_ian@hotmail.com> Signed-off-by: Nick Hainke <vincent@systemli.org>
* odhcp6c: respect 'delegate' option for 464XLAT sub-interfaceLech Perczak2022-10-092-1/+2
| | | | | | | | | dhcpv6.script contained support for disabling prefix delegation of 464XLAT sub-interface, but netifd protocol handler was missing the required export to disable this. Add missing export, akin to DS-Lite and MAP. Signed-off-by: Lech Perczak <lech.perczak@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* build: prefer HTTPS if available (for packages)Daniel Cousens2022-10-055-5/+5
| | | | | | | | Changes PKG_SOURCE_URL's for arptables, bsdiff, dnsmasq, fortify-headers, ipset, ipset-dns, libaudit, libpcap, libressl, lua, lua5.3, tcpdump and valgrind, to HTTPS Signed-off-by: Daniel Cousens <github@dcousens.com>
* treewide: fix security issues by bumping all packages using libwolfsslPetr Štetiar2022-10-031-1/+1
| | | | | | | | | | | | | | | | | As wolfSSL is having hard time maintaining ABI compatibility between releases, we need to manually force rebuild of packages depending on libwolfssl and thus force their upgrade. Otherwise due to the ABI handling we would endup with possibly two libwolfssl libraries in the system, including the patched libwolfssl-5.5.1, but still have vulnerable services running using the vulnerable libwolfssl-5.4.0. So in order to propagate update of libwolfssl to latest stable release done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages using wolfSSL library. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* qos-scripts: fix trailing whitespace in config filesManas Sambhus2022-09-274-8/+7
| | | | Signed-off-by: Manas Sambhus <manas.sambhus+github@gmail.com>
* qos-scripts: replace modprobe by rmmodManas Sambhus2022-09-271-2/+1
| | | | | | modprobe -r is not available on all platforms, hence use rmmod Signed-off-by: Manas Sambhus <manas.sambhus+github@gmail.com>
* ppp: use modprobe in place of insmodManas Sambhus2022-09-272-15/+5
| | | | | | | This will prevent `module is already loaded` lines from appearing in the logs when a PPP connection is reconnecting Signed-off-by: Manas Sambhus <manas.sambhus+github@gmail.com>
* nftables: backport fix to interval based rulesKevin Darbyshire-Bryant2022-09-262-1/+24
| | | | | | | | | 'rule inet dscpclassify dscp_match meta l4proto { udp } th dport { 3478 } th sport { 3478-3497, 16384-16387 } goto ct_set_ef' works with 'nft add', but not 'nft insert', the latter yields: "BUG: unhandled op 4". Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iwinfo: update to the latest versionFelix Fietkau2022-09-221-3/+3
| | | | | | | | | | 46f04f3808e8 devices: add MediaTek MT7986 WiSoC b3e08c8b5a8f ops: make support for wireless extensions optional 1f695d9c7f82 nl80211: allow phy names that don't start with 'phy' b7f9f06e1594 nl80211: fix phy/netdev index lookup 4a43b0d40ba5 nl80211: look up the phy name instead of assuming name == phy<idx> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add ubus notification on sta authorizedFelix Fietkau2022-09-223-2/+79
| | | | | | | Also include the station auth_type in the ubus and log message in order to detect, if clients used FT or FILS to associate Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: disable wireless extensions only when neededFelix Fietkau2022-09-221-0/+1
| | | | | | They are only needed by a few very old drivers Signed-off-by: Felix Fietkau <nbd@nbd.name>
* xdp-tools: update to version 1.2.8Daniel Golle2022-09-201-2/+2
| | | | | | | | | | | | | 82628d8 libxdp: Fix resource leaks 7fb0af0 libxdp: always clone program fd before taking ownership of it d8cd007 headers: Update kernel btf.h header file 2265125 (tag: v1.2.7) xdp-filter: Update examples in documentation 2b65008 libxdp: Fix libxdp compilation error 2387514 xsk: remove unused variable outstanding_tx 00b5a95 Fix section names in xsk programs d4ff1f9 (tag: v1.2.8) Bump TOOLS_VERSION to 1.2.8 Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: update to 2022-07-29David Bauer2022-09-2042-266/+242
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | b704dc72e tests: sigma_dut and updated ConfResult value for Configurator failures 89de431f2 DPP: Add config response status value to DPP-CONF-SENT 10104915a tests: sigma_dut and DPP PB session overlap 80d5e264c Enhance QCA vendor roam event to indicate MLO links after reassociation 662249306 Update copyright notices for the QCA vendor definitions 8adcdd659 tests: Temporary workaround for dpp_chirp_ap_5g ddcd15c2d tests: Fix fuzzing/sae build 7fa67861a tests: Fix p2p_channel_avoid3 ee3567d65 tests: Add more time for scan/connection 1d08b238c nl80211: Allow more time for the initial scan with 6 GHz ac9e6a2ab tests: Allow 6 GHz opclasses in MBO checks faf9c04cb Remove a host of unnecessary OPENSSL_IS_BORINGSSL ifdefs b9cd5a82f Always process pending QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH data ef4cd8e33 QoS: Use common classifier_mask for ipv4/ipv6 93be02592 Add fixed FDD mode to qca_btc_chain_mode QCA vendor attribute e7cbfa1c1 tests: sigma_dut and DPP Enrollee unsupported curves 5565fbee2 DPP: Check Enrollee supported curves when building Config Response ceae05cec tests: sigma_dut and DPP MUDURL setting for hostapd 4cfb484e9 DPP: Allow dpp_controller_start without arguments in CLIs c97000933 Fix ifdef condition for imsi_privacy_cert 2a9a61d6c tests: SAE with extended key AKM e35f6ed1d tests: More detailed report on SAE PMKSA caching error case f70db167a SAE: Derive a variable length PMK with the new AKM suites 91010e6f6 SAE: Indicate AKM suite selector in commit for new AKM suites e81ec0962 SAE: Use H2E unconditionally with the new AKM suites f8eed2e8b SAE: Store PMK length and AKM in SAE data 9dc4e9d13 SAE: EAPOL-Key and key/MIC length information for the new AKM suites a32ef3cfb SAE: Driver capability flags for the new SAE AKM suites 91df8c9c6 SAE: Internal WPA_KEY_MGMT_* defines for extended key AKMs 5c8a714b1 SAE: Use wpa_key_mgmt_sae() helper 5456b0f26 Define new RSN AKM suite selector values def33101c DPP: Clear push button announcement state on wpa_supplicant FLUSH 35587fa8f tests: DPP Controller/Relay with need to discover Controller d22dfe918 DPP: Event message for indicating when Relay would need a Controller ca7892e98 tests: DPP Relay and adding/removing connection to a Controller bfe3cfc38 DPP: Allow Relay connections to Controllers to be added and removed 808834b18 Add a comparison function for hostapd_ip_addr f7763880b DPP: Advertise Configurator connectivity on Relay automatically ff7cc1d49 tests: DPP Relay and dynamic Controller addition ca682f80a DPP: Dynamic Controller initiated connection on Relay d2388bcca DPP: Strict validation of PKEX peer bootstrapping key during auth a7b8cef8b DPP3: Fix push button boostrapping key passing through PKEX 69d7c8e6b DPP: Add peer=id entry for PKEX-over-TCP case b607d2723 tests: sigma_dut and DPP PB Configurator in wpa_supplicant 1ff9251a8 DPP3: Push button Configurator in wpa_supplicant b94e46bc7 tests: PB Configurator in wpa_supplicant ca4e82cbf tests: sigma_dut DPP/PKEX initiator as Configurator over TCP and Wi-Fi e9137950f DPP: Recognize own PKEX Exchange Request if it ends up being received 692956446 DPP: Note PKEX code/identifier deletion in debug log dfa9183b1 tests: DPP reconfig after Controller-initiated operation through Relay ae4a3a6f6 DPP: Add DPP-CONF-REQ-RX event for Controller 17216b524 tests: sigma_dut DPP/PKEX initiator as Configurator (TCP) through Relay fb2937b85 DPP: Allow Controller to initiate PKEX through Relay 15af83cf1 DPP: Delete PKEX code and identifier on success completion of PKEX d86ed5b72 tests: Allow DPP_PKEX_REMOVE success in dpp_pkex_hostapd_errors 0a4f391b1 tests: sigma_dut and DPP Connector Privacy 479e412a6 DPP3: Default value for dpp_connector_privacy 7d12871ba test: DPP Private Peer Introduction protocol 148de3e0d DPP3: Private Peer Introduction protocol 786ea402b HPKE base mode with single-shot API f0273bc81 OpenSSL: Remove a forgotten debug print f2bb0839f test: DPP 3rd party config information 68209ddbe DPP: Allow 3rd party information to be added into config object 0e2217c95 DPP: Allow 3rd party information to be added into config request obj 3d82fbe05 Add QCA vendor subcommand and attributes for SCS rule configuration 16b62ddfa QCA vendor attribute for DBAM configuration 004b1ff47 tests: DPP Controller initiating through Relay 451ede2c3 DPP: Allow AP/Relay to be configured to listed for new TCP connections 248654d36 tests: sigma_dut DPP PB test cases 697b7d7ec tests: DPP push button 7bbe85987 DPP3: Allow external configuration to be specified on AP for PB 8db786a43 DPP3: Testing functionality for push button announcements 37bccfcab DPP3: Push button bootstrap mechanism a0054fe7c Add AP and STA specific P802.11az security capabilities (vendor command) 159e63613 QCA vendor command for CoAP offload processing 3b7bb17f6 Add QCA vendor attribute for TIM beacon statistics 09a281e52 Add QCA vendor interface for PASN offload to userspace 809fb96fa Add a vendor attribute to configure concurrency policy for AP interface a5754f531 Rename QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY 085a3fc76 EHT: Add 320 channel width support bafe35df0 Move CHANWIDTH_* definitions from ieee80211_defs.h to defs.h 92f549901 tests: Remove the 80+80 vs. 160 part from wpa2_ocv_ap_vht160_mismatch c580c2aec tests: Make OCV negative test error cases more robust 3c2ba98ad Add QCA vendor event to indicate driver recovery after internal failures 6b461f68c Set current_ssid before changing state to ASSOCIATING 8dd826741 QCA vendor attribute to configure direct data path for audio traffic 504be2f9d QCA vendor command support to get WLAN radio combinations d5905dbc8 OCV: Check the Frequency Segment 1 Channel Number only on 80+80 MHz Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: don't select indoor channel on outdoor operationDavid Bauer2022-09-181-0/+58
| | | | | | | Don't select channels designated for exclusive-indoor use when the country3 element is set on outdoor operation. Signed-off-by: David Bauer <mail@david-bauer.net>
* ltq-[a|v]dsl-app: provide ltq-dsl-appAndre Heider2022-09-172-0/+2
| | | | | | | This makes it easier for packages to depend on any lantiq/intel/maxlinear compatible dsl daemon. Signed-off-by: Andre Heider <a.heider@gmail.com>
* ltq-vdsl-app: rename to ltq-vdsl-vr9-appAndre Heider2022-09-1713-9/+9
| | | | | | | This matches the scheme used by other target packages and will avoid confusion with any future version. Signed-off-by: Andre Heider <a.heider@gmail.com>
* lantiq: rename ltq-vdsl folder to ltq-vdsl-vr9Andre Heider2022-09-171-1/+1
| | | | | | | Now PKG_NAME matches the folder name, and this will avoid confusion with any future version. Signed-off-by: Andre Heider <a.heider@gmail.com>
* unetd: add missing init scriptFelix Fietkau2022-09-161-0/+24
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* unetd: update to the latest versionFelix Fietkau2022-09-161-3/+3
| | | | | | | e065a7627a46 pex: update last query sent timestamp 6c888f897862 unet-cli: add stun server list editing support Signed-off-by: Felix Fietkau <nbd@nbd.name>
* unetd: update to the latest versionFelix Fietkau2022-09-163-5/+23
| | | | | | | | | | | | | | | | | | | | | | | 21360a1b1ce6 cli: fix typo abfebece0af1 wg-linux: ship a copy of linux/wireguard.h 1cbb1a543cb3 pex: reduce unnecessary ping traffic 0c2f39e52d5d pex: remove pex event debug spam dcf1362c2104 pex: add support for sending/receiving global PEX messages via unix socket df5f70b8858c ubus: notify on network updates e58a56697131 add DHT discovery service be175767bc67 pex: keep active pex hosts after the specified timeout 543e4a3d2ed7 pex: move rx header check to callback function 395659b9c415 pex: move raw ip send code to sendto_rawudp() in utils.c dda15ea8b3b2 pex: add utility function to get the sockets based on type / address family e88f2cd4d3f0 utils: add support for passings address family to network_get_endpoint() 639cdcdf6eda pex: add support for figuring out the external data port via STUN servers 9144339ebe1f pex: improve handling of a longer list of PEX hosts 38212218ecdd unet-cli: add DHT support 0d37ca75434d pex: automatically create host entries from incoming endpoint port notifications 035fcc56ef60 host: keep multiple endpoint candidates, one for each type a089e8ae7504 pex: avoid sending a query to a host more than once every 15 seconds Signed-off-by: Felix Fietkau <nbd@nbd.name>
* unetd: select unetd from unet-cli instead of depending on itFelix Fietkau2022-09-161-1/+1
| | | | | | Some people may explicitly want to select unet-cli for admin purposes Signed-off-by: Felix Fietkau <nbd@nbd.name>
* unetd: only depend on bpf-headers if BPF toolchain support is availableFelix Fietkau2022-09-121-1/+1
| | | | | | If BPF is unavailable, unetd can be built without it (by disabling VXLAN support). Signed-off-by: Felix Fietkau <nbd@nbd.name>
* xdp-tools: don't rely on host bpf headersDaniel Golle2022-09-121-1/+5
| | | | | | | | | | xdp-tools build currently breaks on build hosts which do not have libbpf headers installed because the build system wrongly tries to use the host's include path. Properly pass path to libbpf headers to xdp-tools build system to fix build e.g. on the buildbots. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* lldpd: update to 1.0.15Nick Hainke2022-09-111-2/+2
| | | | | | | Release Notes: https://github.com/lldpd/lldpd/releases/tag/1.0.15 Signed-off-by: Nick Hainke <vincent@systemli.org>
* iproute2: add missing libbpf dependencyKien Truong2022-09-111-1/+1
| | | | | | | | | | | | | | | | | | This patch adds libbpf to the dependencies of tc-mod-iptables. The package tc-mod-iptables is missing libbpf as a dependency, which leads to the build failure described in bug #9491 LIBBPF_FORCE=on set, but couldn't find a usable libbpf The build dependency is already automatically added because some other packages from iproute2 depend on libbpf, but bpftools has multiple build variants. With multiple build variants none gets build by default and the build system will not build bpftools before iproute2. Fixes: #9491 Signed-off-by: Kien Truong <duckientruong@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* xdp-tools: update to v1.2.6Nick Hainke2022-09-071-2/+2
| | | | | | | | | Release Notes: https://github.com/xdp-project/xdp-tools/releases/tag/v1.2.6 The update contains important fixes for cross-compilation. Signed-off-by: Nick Hainke <vincent@systemli.org>
* lldpd: add PKG_CPE_IDNick Hainke2022-09-061-0/+1
| | | | | | Add CPE ID for tracking CVEs. Signed-off-by: Nick Hainke <vincent@systemli.org>
* ethtool: add PKG_CPE_IDNick Hainke2022-09-061-0/+1
| | | | | | Add CPE ID for tracking CVEs. Signed-off-by: Nick Hainke <vincent@systemli.org>
* hostapd: rename hostapd multicast_to_unicast option to multicast_to_unicast_allFelix Fietkau2022-09-061-5/+5
| | | | | | | | | | | | | | | | | | | | There are two feature currently altered by the multicast_to_unicast option. 1. bridge level multicast_to_unicast via IGMP snooping 2. hostapd/mac80211 config multicast_to_unicast setting The hostapd/mac80211 setting has the side effect of converting *all* multicast or broadcast traffic into per-station duplicated unicast traffic, which can in some cases break expectations of various protocols. It also has been observed to cause ARP lookup failure between stations connected to the same interface. The bridge level feature is much more useful, since it only covers actual multicast traffic managed by IGMP, and it implicitly defaults to 1 already. Renaming the hostapd/mac80211 option to multicast_to_unicast_all should avoid unintentionally enabling this feature Signed-off-by: Felix Fietkau <nbd@nbd.name>