| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Automatically setup dhcpv4 server just like it's done for dhcpv6.
To select whether odhcpd or dnsmasq are serving DHCPv4 requests there
still is the 'maindhcp' option. To make things less confusing, make
sure things really work out-of-the-box in case dnsmasq is not even
installed at the time the uci-defaults script is being run.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
| |
The nl80211.h file is mostly matching kernel 5.10, so remove most of our
changes from the patch.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
| |
The removed patches were applied upstream.
This adapts ath10k-ct and mt76 to changed APIs.
nl80211.h in iw is updated to match the version from backports.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
| |
5a2dd18 iwinfo: add hardware description for MediaTek MT7622
4a32b33 iwinfo: add PCI ID for MediaTek MT7613BE
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
| |
This patch is required to be able to roam from one backhaul AP to
another one in the same ESS.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(daniel@makrotopia.org: PKG_REVISION bump and refreshed patches)
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a bug that prevents updating Multi-AP credentials
after hostapd has started.
It was sent to upstream hostapd here:
https://patchwork.ozlabs.org/bundle/rmelotte/hostapd:%20update%20WPS%20credentials%20on%20SIGHUP/
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch allows other applications to get events management
frames (for example: association requests).
This is useful in Multi-AP context to be able to save association
requests from stations.
It has been sent to upstream hostapd in this series:
https://patchwork.ozlabs.org/project/hostap/list/?series=217500
'700-wifi-reload.patch' is updated due to the introduction of
'110-notify-mgmt-frames.patch'.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
|
|
|
|
|
|
|
| |
All users have been converted to ubus.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
|
|
|
|
|
|
|
|
| |
luci now uses ubus directly, so remove 'lucistat'.
For manual usage just print the ubus output, use luci for a pretty
version.
Signed-off-by: Andre Heider <a.heider@gmail.com>
|
|
|
|
|
|
|
|
|
| |
luci now uses ubus directly, so remove 'lucistat'.
For manual usage just print the ubus output, use luci for a pretty
version.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
|
|
|
|
|
|
| |
As with ltq-vdsl-app, see previous commit.
Signed-off-by: Andre Heider <a.heider@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a 'dsl' ubus object with a 'metrics' function to replace the
expensive shell parsing done by /etc/init.d/dsl_control [dsl|luci]stat.
All metrics are gathered by using syscalls. An additional thread is started
to handle ubus events.
$ time /etc/init.d/dsl_control dslstat
real 0m 2.66s
user 0m 0.90s
sys 0m 1.76s
$ time ubus call dsl metrics
real 0m 0.02s
user 0m 0.00s
sys 0m 0.01s
Example output:
{
"api_version": "4.17.18.6",
"firmware_version": "5.8.1.5.0.7",
"chipset": "Lantiq-VRX200",
"driver_version": "1.5.17.6",
"state": "Showtime with TC-Layer sync",
"up": true,
"uptime": 3891,
"atu_c": {
"vendor_id": [
181,
0,
66,
68,
67,
77,
178,
26
],
"vendor": "Broadcom 178.26",
"system_vendor_id": [
181,
0,
66,
68,
67,
77,
0,
0
],
"system_vendor": "Broadcom",
"version": [
49,
57,
46,
48,
46,
51,
53,
46,
50,
32,
86,
69,
95,
49,
49,
95
],
"serial": [
65,
65,
49,
52,
52,
54,
70,
69,
48,
90,
87,
45,
48,
56,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0,
0
]
},
"power_state": "L0 - Synchronized",
"xtse": [
0,
0,
0,
0,
0,
0,
0,
2
],
"annex": "B",
"standard": "G.993.2",
"profile": "17a",
"mode": "G.993.2 (VDSL2, Profile 17a, with down- and upstream vectoring)",
"upstream": {
"vector": true,
"trellis": true,
"bitswap": true,
"retx": true,
"virtual_noise": false,
"interleave_delay": 0,
"data_rate": 31999000,
"latn": 8.500000,
"satn": 8.400000,
"snr": 12.700000,
"actps": -90.100000,
"actatp": 13.400000,
"attndr": 37180000
},
"downstream": {
"vector": true,
"trellis": true,
"bitswap": true,
"retx": true,
"virtual_noise": false,
"interleave_delay": 140,
"data_rate": 89998000,
"latn": 9.500000,
"satn": 9.600000,
"snr": 13.300000,
"actps": -90.100000,
"actatp": -1.600000,
"attndr": 116315372
},
"errors": {
"near": {
"es": 1,
"ses": 0,
"loss": 3,
"uas": 424,
"lofs": 0,
"fecs": 0,
"hec": 0,
"ibe": 0,
"crc_p": 0,
"crcp_p": 0,
"cv_p": 0,
"cvp_p": 0,
"rx_corrupted": 27740,
"rx_uncorrected_protected": 27010,
"rx_retransmitted": 0,
"rx_corrected": 730,
"tx_retransmitted": 16222
},
"far": {
"es": 242,
"ses": 71,
"loss": 0,
"uas": 424,
"lofs": 0,
"fecs": 22687,
"hec": 0,
"ibe": 0,
"crc_p": 0,
"crcp_p": 0,
"cv_p": 0,
"cvp_p": 0,
"rx_corrupted": 1383552,
"rx_uncorrected_protected": 1220215,
"rx_retransmitted": 0,
"rx_corrected": 163337,
"tx_retransmitted": 1574051
}
}
}
Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
|
|
|
|
|
|
|
|
|
|
| |
procd sends sigterm to stop daemons, hook it up.
This speeds up the shutdown sequence and gets rid of the following message:
daemon.info procd: Instance dsl_control::instance1 pid 15408 not stopped on SIGTERM, sending SIGKILL instead
Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
|
|
|
|
|
|
|
|
|
|
| |
dnsmasq v2.84rc2 has been promoted to release.
No functional difference between v2.83test3 and v2.84/v2.84rc2
Backport 2 patches to fix the version reporting
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
| |
Use new ubus-based hotplug call in dhcp-script.sh
As sysntpd now makes use of the new ubus-based hotplug calls, dnsmasq
no longer needs to ship ACL to cover ntpd-hotplug.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple sources are hosted on OpenWrts source server only. The source
URLs to point to the server vary based on different epochs in OpenWrts
history.
Replace all by @OPENWRT which is an "empty" mirror, therefore using the
fallback servers sources.cdn.openwrt.org and sources.openwrt.org.
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
|
|
|
|
|
|
|
| |
Commit 7c8c4f1be648 ("hostapd: fix P2P group information processing
vulnerability") was missing the actual patch for the vulnerability.
Fixes: 7c8c4f1be648 ("hostapd: fix P2P group information processing vulnerability")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners.
This issue was discovered by fuzz testing of wpa_supplicant by Google's
OSS-Fuzz.
https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog:
https://netfilter.org/projects/iptables/files/changes-iptables-1.8.7.txt
Refresh patch:
None required
Signed-off-by: Curtis Deptuck <curtdept@me.com>
|
|
|
|
|
|
| |
8d8a8cd dhcpv6-ia: apply prefix_filter on dhcpv6
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
| |
* i78aa36b umdns: fix 64-bit time format string
* start using $(AUTORELEASE)
* Update Copyright
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the latest stable kernel since the previous 5.8.x series is EOL.
Also drop the following patches recently accepted upstream:
* 001-libbpf-ensure-no-local-symbols-counted-in-ABI-check.patch
* 002-libbpf-fix-build-failure-from-uninitialized-variable.patch
* 003-bpftool-allow-passing-BPFTOOL_VERSION-to-make.patch
* 004-v5.9-bpftool-use-only-ftw-for-file-tree-parsing.patch
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dnsmasq v2.83 has a bug in handling duplicate queries which means it may
try to reply using the incorrect network socket. This is especially
noticeable in dual stack environments where replies may be mis-directed to
IPv4 addresses on an IPv6 socket or IPv6 addresses on an IPv4 socket.
This results in system log spam such as:
dnsmasq[16020]: failed to send packet: Network unreachable
dnsmasq[16020]: failed to send packet: Address family not supported by protocol
dnsmasq v2.84test3 resolves these issues.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
|
| |
This is a helpful utility, but it does not have any dependencies
in this repository. Move it to packages feed.
The package does not seem to have a maintainer.
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Nick Hainke <vincent@systemli.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
|
|
|
|
|
|
|
|
| |
This is a helpful utility, but it does not have any dependencies
in this repository. Move it to packages feed.
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Nick Hainke <vincent@systemli.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
|
|
|
|
|
|
| |
This package is not needed in base. It will be imported in the packages
feed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
|
|
|
|
|
| |
This package is not needed in base. It will be imported in the packages
feed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
|
|
|
|
|
|
|
|
|
| |
The "cidr_contains6" functions clones the given cidr. The contains4
does not clone the cidr. Both functions do not behave the same.
I see no reason to push the cidr. I think that we get only a negligible
performance gain, but it makes ipv4 and ipv6 equal again.
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
overflow in sort_rrset() when DNSSEC is used. This can allow a remote
attacker to write arbitrary data into target device's memory that can
lead to memory corruption and other unexpected behaviors on the target
device.
* CVE-2020-25682:
Dnsmasq versions before 2.83 is susceptible to buffer overflow in
extract_name() function due to missing length check, when DNSSEC is
enabled. This can allow a remote attacker to cause memory corruption
on the target device.
* CVE-2020-25683:
Dnsmasq version before 2.83 is susceptible to a heap-based buffer
overflow when DNSSEC is enabled. A remote attacker, who can create
valid DNS replies, could use this flaw to cause an overflow in a heap-
allocated memory. This flaw is caused by the lack of length checks in
rtc1035.c:extract_name(), which could be abused to make the code
execute memcpy() with a negative size in get_rdata() and cause a crash
in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
A lack of proper address/port check implemented in Dnsmasq version <
2.83 reply_query function makes forging replies easier to an off-path
attacker.
* CVE-2020-25685:
A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
versions before 2.83 reply_query function allows remote attackers to
spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
Multiple DNS query requests for the same resource name (RRNAME) by
Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
traffic, using a birthday attack (RFC 5452), that can lead to DNS
cache poisoning.
* CVE-2020-25687:
Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
remote attacker, who can create valid DNS replies, could use this flaw
to cause an overflow in a heap-allocated memory. This flaw is caused
by the lack of length checks in rtc1035.c:extract_name(), which could
be abused to make the code execute memcpy() with a negative size in
sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
Service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
| |
c00c833 interface-ip: add unreachable route if address is offlink
e71909c interface-ip: coding style fixes
Tested-by: Karl Vogel <karl.vogel@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
| |
53f07e9 ra: fix routing loop on point to point links
2b6959d ra: align ifindex resolving
Tested-by: Karl Vogel <karl.vogel@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With encryption disabled, it was intended to set wpa_state=1 (enabled,
not configured) through the 'wps_not_configured' flag.
The flag is set appropriately but the condition using it is broken.
Instead, 'wps_configured' is checked and wpa_state is always 2 (enabled,
configured). Fix it by using the correct variable name.
Fixes: 498d84fc4e00 ("netifd: add wireless configuration support
and port mac80211 to the new framework")
Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit title/message improvements]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
|
|
|
|
|
|
|
|
|
|
| |
The cidr_parse6 function parses a string to an ipv6-address.
The cidr struct contains a union called buf for the ipv4 and ipv6
address. Since it is a char pointer and the struct is initialized with
the maximum size (so ipv6 string) it does not make any difference.
However, we should access the buffer using the v6 name, since it could
be confusing otherwise.
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The key_mgmt variable was mistyped when checking against "WPS", so
the if clause was never entered.
Fixes: f5753aae233f ("hostapd: add support for WPS pushbutton station")
Signed-off-by: Leon M. George <leon@georgemail.eu>
[add commit message, bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
|
|
|
| |
Signed-off-by: Leon M. George <leon@georgemail.eu>
|
|
|
|
|
|
|
|
|
| |
'base' was never used.
Fixes: 498d84fc4e00 ("netifd: add wireless configuration support
and port mac80211 to the new framework")
Signed-off-by: Leon M. George <leon@georgemail.eu>
|
|
|
|
|
|
|
|
|
| |
'enc_str' was never used.
Fixes: 498d84fc4e00 ("netifd: add wireless configuration support
and port mac80211 to the new framework")
Signed-off-by: Leon M. George <leon@georgemail.eu>
|
|
|
|
|
|
|
| |
Granting capabilities CAP_NET_ADMIN and CAP_NET_RAW allows running
hostapd and wpa_supplicant without root priviledges.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
| |
This allows configuration of multicast_to_unicast and per_sta_vif options.
- multicast_to_unicast requests multicast-to-unicast conversion.
- per_sta_vif assigns each station its own AP_VLAN interface.
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
|
|
|
|
|
|
|
|
|
|
| |
Currently PHY information obtained from "iw phy" lacks information about
a PHYs HE capabilities when using the by default installed iw-tiny.
As there are already 802.11ax supported devices, enabled printing this
information for the by-default installed iw variant.
Signed-off-by: David Bauer <mail@david-bauer.net>
|
|
|
|
|
|
|
|
|
| |
To simplify the way netifd acquires the PIDs of wpa_supplicant and
hostapd let the config_add method of both of them return the PID of the
called process. Use the returned PID instead of querying procd when
adding wpa_supplicant configuration.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update iptables to 1.8.6
ChangeLog:
https://netfilter.org/projects/iptables/files/changes-iptables-1.8.6.txt
Refresh patch:
101-remove-check-already.patch
Signed-off-by: Curtis Deptuck <curtdept@me.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patches]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Encode ABI version in compiled shared object file
- Only ship versioned shared library
a17f561 iwinfo: detect QCA IPQ4019 WiSoC from FDT
ea28dfb iwinfo: export ht and vht operation in scan results
4e22953 iwinfo: export center_chan info for local wifi
74d13fb cli: account for additional digit for frequencies above 10GHz
8bfd8d8 iwinfo: add support for GCMP cipher
618c1e8 iwinfo: add hardware description for QCA MIPS WiSoCs
0702f32 iwinfo: improve center channel handling
51c1336 iwinfo: set center chan unsupported for not-nl80211 driver
23d2722 build: add ability to specify shared object version
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit f1620630e9f3407780ddc554361841f05c996c49.
This update introduces potentially remote exploitable buffer overreads
in IE parsing logic.
It also breaks the ABI without introdcing SOVERSION library versioning.
Furthermore, HT information is incorrectly added for non-HT BSSes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
| |
a17f561 iwinfo: detect QCA IPQ4019 WiSoC from FDT
ea28dfb iwinfo: export ht and vht operation in scan results
4e22953 iwinfo: export center_chan info for local wifi
74d13fb cli: account for additional digit for frequencies above 10GHz
8bfd8d8 iwinfo: add support for GCMP cipher
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
| |
This patch enables hostapd.sh to properly configure wpa_supplicant
for when GCMP is used as cipher in station mode.
Without this wpa_supplicant will be unable to connect to AP.
This is needed for wil6210 as it does not support CCMP.
Signed-off-by: Robert Marko <robimarko@gmail.com>
|
|
|
|
|
|
| |
0c83439 netifd: wireless: default to GCMP WPA cipher on 802.11ad
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
| |
3bda900 odhcpd: add option for setting preferred lifetime
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds an option "hostapd_bss_options" that does the same as
"hostapd_options" but on a per-BSS level, instead of a per-device level.
This can be used, for example, to configure different per-devce sae_passwords
per BSS or to augment some of the existing per-BSS options.
Signed-off-by: Florian Beverborg <flo@beverb.org>
[remove whitespace errors, bump release]
Signed-off-by: Paul Spooren <mail@aparcar.org>
|