aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* network/uqmi: pipe the output off qmi_wds_stop to /dev/nullFlorian Eckert2018-04-191-3/+8
| | | | | | | | | | Pipe uqmi output from qmi_wds_stop function into /dev/null. This will supress the following output in proto teardown. netifd: wwan (x): "No effect" netifd: wwan (x): Command failed: Permission denied Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* hostapd: mesh: make forwarding configurableDaniel Golle2018-04-183-2/+245
| | | | | | | | | | | For unencrypted mesh networks our scripts take care of setting the various mesh_param values. wpa_supplicant changes somes of them when being used for SAE encrypted mesh and previously didn't allow configuring any of them. Add support for setting mesh_fwding (which has to be set to 0 when using other routing protocols on top of 802.11s) and update our script to pass the value to wpa_supplicant. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* curl: Deprecate idn(1) support and switch to xz tarballDaniel Engberg2018-04-162-8/+9
| | | | | | | libidn(1) is deprecated, add libidn2 support Switch to xz tarball (smaller size) Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* netifd: update to latest git HEAD (coverity fixes)Hans Dedecker2018-04-161-3/+3
| | | | | | | | | | | | 513eb27 system-linux: check ioctl return value in system_vlan() df1625d system-linux: check ioctl return value in system_if_flags() 209c508 system-linux: fix segfault on alloc failure in system_if_check() 4a8e20e system-linux: fix segfault on error in system_add_ip6_tunnel() 36e4700 handler: fix resource leak on error in netifd_init_script_handlers() 86a0e7c system-linux: remove unnecessary open call in system_if_dump_info() 1e2cf67 system-linux: fix memory leak on error in system_add_vxlan() Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* lldpd: bump to 1.0.1Stijn Tintel2018-04-151-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: fix compile of -mini variantsDaniel Golle2018-04-131-0/+23
| | | | | | Fixes commit d88934aa5a (hostapd: update to git snapshot of 2018-04-09) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: update to git snapshot of 2018-04-09Daniel Golle2018-04-1332-76/+1085
| | | | | | | | | And import patchset to allow 802.11s mesh on DFS channels, see also http://lists.infradead.org/pipermail/hostap/2018-April/038418.html Fix sae_password for encryption mesh (sent upstream as well). Also refreshed existing patches and fixed 463-add-mcast_rate-to-11s. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ebtables: update to latest git 2018-04-11Matthias Schiffer2018-04-122-5/+5
| | | | | | | | | | | 2e783b227766 ebt_ip: add support for matching IGMP type b5fbb8d786c9 ebt_ip: add support for matching ICMP type and code c5e5b784fd1a Move ICMP type handling functions from ebt_ip6 to useful_functions.c 11da52177196 include: sync linux/netfilter_bridge/ebt_ip.h with kernel Note: the new features require at least kernel 4.17 or backported patches. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* iptables: split physdev match out as a separate packageMatthias Schiffer2018-04-091-1/+10
| | | | | | | Split physdev match out of ipt-extra to allow installing ipt-extra without pulling in br-netfilter. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* dnsmasq: remove example domains from rfc6761.conf (FS#1447)Hans Dedecker2018-04-092-5/+1
| | | | | | | | | | | | RFC6771 does not exclude the forwarding of the example domain as it states : "Caching DNS servers SHOULD NOT recognize example names as special and SHOULD resolve them normally." Example domains cannot be assigned to any user or person by DNS registrars as they're registered in perpetuity to IANA meaning they can be resolved; therefore let's remove the example domains from the rfc6761.conf file. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to latest git HEADHans Dedecker2018-04-091-4/+4
| | | | | | 31f217f router: improve RFC7084 compliancy Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: update to latest git HEADHans Dedecker2018-04-051-4/+4
| | | | | | | | 74b5a3 script: fix possible negative delay 473f248 dhcpv6: always trigger script update in case of IA updates ea18935 ra: rework route information option handling Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: update to the latest version, adds hw flow offload supportFelix Fietkau2018-04-051-3/+3
| | | | | | 35b3e74 defaults: add support for setting --hw on the xt_FLOWOFFLOAD rule Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: add support for enabling hardware flow offload via iptablesFelix Fietkau2018-04-051-5/+82
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* samba36: fix some security problemsHauke Mehrtens2018-04-038-3/+322
| | | | | | | | | | This Adds fixes for the following security problems based on debians patches: CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms CVE-2017-12163: Server memory information leak over SMB1 CVE-2017-12150: SMB1/2/3 connections may not require signing where they should CVE-2018-1050: Denial of Service Attack on external print server. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* netifd: update to latest git HEADHans Dedecker2018-04-031-3/+3
| | | | | | 3dc8c91 interface-ip: fix memory leak in interface_ip_add_target_route() Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: update to latest git HEADHans Dedecker2018-03-311-3/+3
| | | | | | | | | | 5cbd305 odhcp6c: improve code readibility eb83b7e treewide: improve error handling b7b11cb dhcpv6: initialize ifreq struct f0469e2 ra: handle socket fail creation d573461 odhcp6c: fix file pointer leakage Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "iproute2: fix hidden uint to uin64_t promotion in json_print"Kevin Darbyshire-Bryant2018-03-312-66/+1
| | | | | | | | | | This reverts commit 745d0e7f4b6e8659cc967291acd33889035127f0. It looks like upstream don't want the patch so let's revert it here too. I hope a fix from upstream is forthcoming. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* map: fix psidlen becoming negative (FS#1430)Hans Dedecker2018-03-292-11/+17
| | | | | | | | | Fix psidlen becomes negative in case embedded address bit lenght is smaller than IPv4 suffix length. While at it improve parameter checking making the code more logical and easier to read. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "ppp: make ppp-multilink provide ppp"Felix Fietkau2018-03-291-10/+9
| | | | | | | | | | opkg currently has some issues with Provides and this change makes the image builder fail because of that. Revert the change for now until opkg is fixed This reverts commit 092d75aa3e86db8331fffdbd0a99987df9dc438b. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to git snapshot of 2018-03-26Daniel Golle2018-03-2735-1530/+153
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following patches were merged upstream: 000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch replaced by commit 0e3bd7ac6 001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch replaced by commit cb5132bb3 002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch replaced by commit 87e2db16b 003-Prevent-installation-of-an-all-zero-TK.patch replaced by commit 53bb18cc8 004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch replaced by commit 0adc9b28b 005-TDLS-Reject-TPK-TK-reconfiguration.patch replaced by commit ff89af96e 006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch replaced by commit adae51f8b 007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch replaced by commit 2a9c5217b 008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch replaced by commit a00e946c1 009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch replaced by commit b488a1294 010-Optional-AP-side-workaround-for-key-reinstallation-a.patch replaced by commit 6f234c1e2 011-Additional-consistentcy-checks-for-PTK-component-len.patch replaced by commit a6ea66530 012-Clear-BSSID-information-in-supplicant-state-machine-.patch replaced by commit c0fe5f125 013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch replaced by commit 114f2830d Some patches had to be modified to work with changed upstream source: 380-disable_ctrl_iface_mib.patch (adding more ifdef'ery) plus some minor knits needed for other patches to apply which are not worth being explicitely listed here. For SAE key management in mesh mode, use the newly introduce sae_password parameter instead of the psk parameter to also support SAE keys which would fail the checks applied on the psk field (ie. length and such). This fixes compatibility issues for users migrating from authsae. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* netifd: update to the latest version (fixes FS#1452)Felix Fietkau2018-03-271-4/+4
| | | | | | 9c8d781 netifd: return the interface for locally addressable host dependencies Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: improve init script portability (FS#1446)Hans Dedecker2018-03-242-2/+2
| | | | | | | | | | | | | Improve portability of init script by declaring resolvfile as local in dnsmasq_stop function. Fixes resolvfile being set for older busybox versions in dnsmasq_start in a multi dnsmasq instance config when doing restart; this happens when the last instance has a resolvfile configured while the first instance being started has noresolv set to 1. Base on a patch by "Phil" Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ethtool: Update to 4.15.Rosen Penev2018-03-231-2/+2
| | | | | | Contains kernel 4.14 updates. Compile tested on mvebu. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* iproute2: cake: support new overhead reporting & stats structuresKevin Darbyshire-Bryant2018-03-231-266/+969
| | | | | | | | | | | | | | | | | | | | | | Cake in kernel space now splits stats structure handling across netlink messages to reduce stack usage issue flagged by upstream kernel checks. Update user space (tc) qdisc handling to understand this new regime. Cake also reports packet overheads & compensation in a different way so add display code for this. e.g. 'tc -s qdisc show dev eth0' reports this extra detail: min/max transport layer size: 28 / 1500 min/max overhead-adjusted size: 65 / 1550 average transport hdr offset: 14 Cake also supports output in JSON format. Patch is bulkier than before because a (slightly out of date - see above stats) man page is included for reference. Better than nothing! Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* firewall: update to latest git HEADHans Dedecker2018-03-221-3/+3
| | | | | | | | | 5cdf15e helpers.conf: add CT rtsp helper d5923f1 Reword rule comments c1a295a defaults: add support for xt_FLOWOFFLOAD rule 41c2ab5 ipsets: add support for specifying entries Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openvpn: remove deprecated config optionsHans Dedecker2018-03-202-8/+1
| | | | | | | | Remove deprecated config options in 2.5 as described in [0] [0] https://community.openvpn.net/openvpn/wiki/DeprecatedOptions Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: fix hidden uint to uin64_t promotion in json_printKevin Darbyshire-Bryant2018-03-192-1/+66
| | | | | | | | | | | | | | | | | | | | | | | | | print_int used 'int' type internally, whereas print_uint used 'uint64_t' These helper functions eventually call vfprintf(fp, fmt, args) which is a variable argument list function and is dependent upon 'fmt' containing correct information about the length of the passed arguments. Unfortunately print_int v print_uint offered no clue to the programmer that internally passed ints to print_uint were being promoted to 64bits, thus the format passed in 'fmt' string vs the actual passed integer could be different lengths. This is even more interesting on big endian architectures where 'vfprintf' would be looking in the middle of an int64 type. Symptoms of this included tc qdisc showing bizarre values for a variety of fields across a variety of qdiscs (e.g. refcnt, flows, quantum) print_u/int now stick with native int size. A similar patch has been sent upstream. Fixes FS#1425 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: bump to 2.79 releaseKevin Darbyshire-Bryant2018-03-191-3/+3
| | | | | | | 94b6878 Tidy crypto.c of old library compat. Now need libnettle 3. 8b96552 Fix compiler warning. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* curl: Update to 7.59Rosen Penev2018-03-191-2/+2
| | | | | | Compile tested on ar71xx. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openvpn: add config param verify_client_certChristian Bayer2018-03-172-1/+2
| | | | | | | | | Option --client-cert-not-required DEPRECATED is deprecated in v2.4 and removed in OpenVPN 2.5. Replaced by param --verify-client-cert none|optional|require in v2.4 see https://community.openvpn.net/openvpn/wiki/ DeprecatedOptions#a--client-cert-not-required Signed-off-by: Christian Bayer <cave@cavebeat.org> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_ RELEASE increase]
* dnsmasq: bump to 2.79rc2Hans Dedecker2018-03-131-2/+2
| | | | | | | | | | | | | | | | | | ae29065 Fix debian/changelog syntax. 6b2b564 Enhance --synth-domain to allow names with sequential integers. 4f7bb57 Fix deletion of dhcp-options from inotify dynamic files. 56f0623 Allow trailing dot in CNAME. f3223fb Fix nettle_hash() function to avoid ABI incompatibilities. 4c4f4c2 Debian dependency tweaking for new dnsmasq-base-lua package. 773af30 Man page typo fix. 4cc944b Merge branch 'master' of ssh://thekelleys.org.uk/var/local/git/dnsmasq 87e00fe Compiler warning fixes. e7a4af8 Compiler warning fixes. 2d69d61 Add liblua-dev to Debian build-depends. 30e4a94 Debian package: add dnsmasq-base-lua binary package. 232a8f3 Merge messages for release. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* 6in4: support multiple additional user prefixesJo-Philipp Wich2018-03-132-6/+11
| | | | | | | | | | | | | | Support configuration in the form... list ip6prefix 2001:db8:1234::/64 list ip6prefix 2001:db8:5678::/64 ... to allow specifying multiple routed IPv6 prefixes. Implements feature request FS#1361. Signed-off-by: Jo-Philipp Wich <jo@mein.io> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to the latest version (fixes FS#1358)Felix Fietkau2018-03-131-3/+3
| | | | | | | | 1f5a29c ip: do not add local routes for host dependencies c06f842 device: add support for setting the isolate options for bridge ports 69aeaab interface-ip: fix route selection for host dependencies Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ppp: make ppp-multilink provide pppFelix Fietkau2018-03-121-9/+10
| | | | | | Fixes dependencies on ppp from other packages Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iperf3: update to 3.5Philip Prindeville2018-03-092-67/+2
| | | | | | Get rid of patches which are already upstream. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* openvpn: update to 2.4.5Magnus Kroken2018-03-094-24/+19
| | | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ebtables: update to latest git 2018-01-17Hans Dedecker2018-03-081-3/+3
| | | | | | 068ba95 Fix locking if LOCKDIR does not exist Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: bump to git HEADStijn Tintel2018-03-081-3/+5
| | | | | | | | | | | 392811a ubus: let fw3_ubus_address() return the number of resolved addresses 359adcf options: emit an empty address item when resolving networks fails 503db4a zones: disable masq when resolving of all masq_src or masq_dest items failed f50a524 helpers: implement explicit CT helper assignment support a3ef503 zones: allow per-table log control 8ef12cb iptables: fix possible NULL pointer access on constructing rule masks Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* wireguard: bump to 20180304Jason A. Donenfeld2018-03-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7c0d711 version: bump snapshot b6a5cc0 contrib: add extract-handshakes kprobe example 37dc953 wg-quick: if resolvconf/run/iface exists, use it 1f9be19 wg-quick: if resolvconf/interface-order exists, use it 4d2d395 noise: align static_identity keys 14395d2 compat: use correct -include path 38c6d8f noise: fix function prototype 302d0c0 global: in gnu code, use un-underscored asm ff4e06b messages: MESSAGE_TOTAL is unused ea81962 crypto: read only after init e35f409 Kconfig: require DST_CACHE explicitly 9d5baf7 Revert "contrib: keygen-html: rewrite in pure javascript" 6e09a46 contrib: keygen-html: rewrite in pure javascript e0af0f4 compat: workaround netlink refcount bug ec65415 contrib: embedded-wg-library: add key generation functions 06099b8 allowedips: fix comment style ce04251 contrib: embedded-wg-library: add ability to add and del interfaces 7403191 queueing: skb_reset: mark as xnet Changes: * queueing: skb_reset: mark as xnet This allows cgroups to classify packets. * contrib: embedded-wg-library: add ability to add and del interfaces * contrib: embedded-wg-library: add key generation functions The embeddable library gains a few extra tricks, for people implementing plugins for various network managers. * crypto: read only after init * allowedips: fix comment style * messages: MESSAGE_TOTAL is unused * global: in gnu code, use un-underscored asm * noise: fix function prototype Small cleanups. * compat: workaround netlink refcount bug An upstream refcounting bug meant that in certain situations it became impossible to unload the module. So, we work around it in the compat code. The problem has been fixed in 4.16. * contrib: keygen-html: rewrite in pure javascript * Revert "contrib: keygen-html: rewrite in pure javascript" We nearly moved away from emscripten'ing the fiat32 code, but the resultant floating point javascript was just too terrifying. * Kconfig: require DST_CACHE explicitly Required for certain frankenkernels. * compat: use correct -include path Fixes certain out-of-tree build systems. * noise: align static_identity keys Gives us better alignment of private keys. * wg-quick: if resolvconf/interface-order exists, use it * wg-quick: if resolvconf/run/iface exists, use it Better compatibility with Debian's resolvconf. * contrib: add extract-handshakes kprobe example Small utility for extracting ephemeral key data from the kernel's memory. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (git log --oneline description)
* lantiq: Deactivate ASLR support for some applicationsHauke Mehrtens2018-03-031-0/+1
| | | | | | | | | The lantiq components still leak some user space linker options into the kernel space. This breaks with build when ASLR is activated, deactivate it for now on these packages. Fixes: FS#1391 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* gre: squash grev4 and grev6 packages into gre (FS#1399)Hans Dedecker2018-03-021-34/+5
| | | | | | | | | The split-up into packages gre, grev4 and grev6 causes confusion for the users as reported in FS#1399. As IPv4 and IPv6 are considered now as bundled; squash the grev4 and grev6 packages into the gre package and let gre provide both grev4 and grev6. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: add udhcpc link check to dhcp shell handler scriptHans Dedecker2018-03-022-1/+3
| | | | | | | | Fixes the assumption the busybox udhcpc applet is always enabled; in case the symbolic link check fails the DHCP shell handler script will exit and as result the DHCP protocol handler will not be registered in netifd. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iw: update to version 4.14Felix Fietkau2018-02-284-676/+101
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest version, rewrite RPS/XPS handlingFelix Fietkau2018-02-282-3/+70
| | | | | | | | Remove RPS/XPS support from netifd core, move the logic to a hotplug script that uses a different policy which provides better performance and more fairness across flows Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: support DHCP sendopts as list optionsHans Dedecker2018-02-272-6/+8
| | | | | | | | | | | Support config in the form of .... add_list sendopts=router:10.10.10.2 add_list sendopts=nissrv:20.20.20.2 add_list sendopts=0x7D:abba This allows to configure sendopts having white spaces as option value Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iptables: fix compile with kernel 3.18Hauke Mehrtens2018-02-261-0/+40
| | | | | | This fixes a compile bug found by build bot with kernel 3.18 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: do not register ubus objects for mesh interfacesFelix Fietkau2018-02-241-0/+5
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* odhcp6c: rework sendopts handlingHans Dedecker2018-02-242-7/+6
| | | | | | Bring logic of sendopts handling in line with ip6prefix handling Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: support multiple additional user prefixesJo-Philipp Wich2018-02-243-6/+13
| | | | | | | | | | | | | Support configuration in the form... list ip6prefix 2001:db8:1234::/64 list ip6prefix 2001:db8:5678::/64 ... to allow specifying multiple additional IPv6 prefixes. Implements feature request FS#1361. Signed-off-by: Jo-Philipp Wich <jo@mein.io>