aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* lldpd: Fix compilation without fortify-headersRosen Penev2020-01-053-4/+23
| | | | | | Upstream backport. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* iperf: Allow enabling multicast supportFlorian Fainelli2020-01-031-0/+13
| | | | | | | iperf2 is useful for testing UDP over multicast, add an option to permit the enabling/disabling of multicast support. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* Revert "iptables: update to 1.8.4"Jo-Philipp Wich2019-12-303-14/+14
| | | | | | | | | | | | | | | This reverts commit 10cbc896c0a26aecff37261450c21f29fb5b99db. The updated iptables package does not build due to the following error encountered on the buildbots: cp: cannot stat '.../iptables-1.8.4/ipkg-install/usr/lib/libiptc.so.*': No such file or directory The changelog mentions "build: remove -Wl,--no-as-needed and libiptc.so" so it appears as if further packaging changes are needed beyond a simple version bump. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iptables: update to 1.8.4DENG Qingfang2019-12-303-14/+14
| | | | | | | | | Update iptables to 1.8.4 ChangeLog: https://netfilter.org/projects/iptables/files/changes-iptables-1.8.4.txt Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* iwinfo: update to 2019-12-27David Bauer2019-12-301-3/+3
| | | | | | | a6f6c05 nl80211: properly handle netdev names starting with "radio" 31dcef3 iwinfo: add several QC/A device ids Signed-off-by: David Bauer <mail@david-bauer.net>
* wireguard: bump to 20191226Jason A. Donenfeld2019-12-274-34/+61
| | | | | | | | | | | | | | | | As announced on the mailing list, WireGuard will be in Linux 5.6. As a result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is moving to its own wireguard-tools repo. Meanwhile, the out-of-tree kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux- compat repo. Yesterday, releases were cut out of these repos, so this commit bumps packages to match. Since wg(8) and the compat kernel module are versioned and released separately, we create a wireguard-tools Makefile to contain the source for the new tools repo. Later, when OpenWRT moves permanently to Linux 5.6, we'll drop the original module package, leaving only the tools. So this commit shuffles the build definition around a bit but is basically the same idea as before. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* curl: rename cyassl->wolfsslEneas U de Queiroz2019-12-261-2/+2
| | | | | | The old name was dropped and no longer works. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wireguard: bump to 20191219Kevin Darbyshire-Bryant2019-12-241-4/+3
| | | | | | | | | | edad0d6 version: bump snapshot 0e38a3c compat: ipv6_dst_lookup_flow was backported to 5.3 and 5.4 2e52c41 wg-quick: linux: use already configured addresses instead of in-memory 3721521 tools: adjust wg.8 syntax for consistency in COMMANDS section 21a1498 wg-quick: linux: try both iptables(8) and nft(8) on teardown Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iperf: Fix compilation with libcxxRosen Penev2019-12-232-1/+13
| | | | | | Avoids redefining bool. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* uhttpd: reset PKG_RELEASEJo-Philipp Wich2019-12-221-1/+1
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: update to latest Git HEADJo-Philipp Wich2019-12-221-3/+3
| | | | | | 5f9ae57 client: fix invalid data access through invalid content-length values Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: update to 2.4.8Magnus Kroken2019-12-225-6/+129
| | | | | | | | | | Backport two upstream commits that allow building openvpn-openssl without OpenSSLs deprecated APIs. Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* iputils: move iputils tools to packages feedPetr Štetiar2019-12-197-510/+0
| | | | | | | | | iputils has moved from the master tree to the packages feed, and is switching from the abandoned skbuff.net upstream to github.com/iputils/iputils. Ref: https://git.openwrt.org/556698cedf9e86a0ffe9f148d4e8e733676c26f6 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wireguard: bump to 0.0.20191212Kevin Darbyshire-Bryant2019-12-171-2/+2
| | | | | | | | | | | | 1ec6ece version: bump snapshot e13de91 main: remove unused include <linux/version.h> 72eb17c wg-quick: linux: support older nft(8) 1d8e978 global: fix up spelling e02713e wg-quick: linux: add support for nft and prefer it b4e3a83 compat: support building for RHEL-8.1 instead of RHEL-8.0 f29e3ac socket: convert to ipv6_dst_lookup_flow for 5.5 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* odhcpd: update to latest git HEADHans Dedecker2019-12-151-3/+3
| | | | | | d60f0a6 treewide: optimize syslog priority values Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: re-introduce process trackingDaniel Golle2019-12-081-0/+4
| | | | | | | | | | | Before commit 60fb4c92b6 ("hostapd: add ubus reload") netifd was tracking hostapd/wpa_supplicant and restarting wifi in case of a process crash. Restore this behaviour by tracking the PIDs of hostapd and wpa_supplicant. Also make sure hostapd and/or wpa_supplicant have been started before emmitting ubus calls to them using ubus wait_for. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: manage instances via procd instead of pidfileFelix Fietkau2019-12-081-9/+41
| | | | | | | | Allows graceful restart of crashing hostapd/wpa_supplicant instances Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Daniel Golle <daniel@makrotopia.org> [daniel@makrotopia.org: attempt to launch only present services]
* hostapd: fix crash regression triggered by mesh modeFelix Fietkau2019-12-081-1/+1
| | | | | | | Fixes: 60fb4c92b6 ("hostapd: add ubus reload") Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Daniel Golle <daniel@makrotopia.org> [daniel@makrotopia.org: polish commit message]
* hostapd: enable CTRL_IFACE_MIB for hostapd-fullDavid Bauer2019-12-087-0/+35
| | | | | | | | This enables the CTRL_IFACE_MIB symbol for wpad-full and hostapd-full. If it is not enabled, statistic outputs such as "hostapd_cli all_sta" are empty. Signed-off-by: David Bauer <mail@david-bauer.net>
* iproute2: update to 5.4.0Hans Dedecker2019-12-063-7/+7
| | | | | | | Update iproute2 to latest stable version, see https://lwn.net/Articles/805654/ for the changes in 5.4.0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wireguard: bump to 0.0.20191205Jason A. Donenfeld2019-12-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * wg-quick: linux: suppress error when finding unused table This fixes a spurious warning messages seen with recent versions of iproute2 and kernels. * wg-quick: linux: ensure postdown hooks execute * wg-quick: linux: have remove_iptables return true * wg-quick: linux: iptables-* -w is not widely supported Adding in iptables had some hiccups. For the record, I'm very unhappy about having to put any firewalling code into wg-quick(8). We'll of course need to support nftables too at some point if this continues. I'm investigating with upstream the possibility of adding a sysctl to patch the issue that iptables is handling now, so hopefully at somepoint down the line we'll be able to shed this dependency once again. * send: use kfree_skb_list * device: prepare skb_list_walk_safe for upstreaming * send: avoid touching skb->{next,prev} directly Suggestions from LKML. * ipc: make sure userspace communication frees wgdevice Free things properly on error paths. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* gre: add ipv6 parameter to gre interfacesAlin Nastac2019-12-022-3/+5
| | | | | | | | | IPv6 protocol is enabled on all gre interfaces, but gre(v6)tap interfaces are usually added to a bridge interface, in which case IPv6 should be enabled only on the bridge interface. Signed-off-by: Alin Nastac <alin.nastac@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* curl: bump to 7.67.0Hans Dedecker2019-12-021-2/+2
| | | | | | For changes in 7.67.0; see https://curl.haxx.se/changes.html#7_67_0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to latest git HEADHans Dedecker2019-11-291-3/+3
| | | | | | e45b140 interface: warn if ip6hint is truncated Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wireguard: bump to 0.0.20191127Jason A. Donenfeld2019-11-271-2/+2
| | | | | | | | | | * messages: recalculate rekey max based on a one minute flood * allowedips: safely dereference rcu roots * socket: remove redundant check of new4 * allowedips: avoid double lock in selftest error case * tools: add syncconf command Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* dnsmasq: correct sense & usage of dnsseccheckunsignedKevin Darbyshire-Bryant2019-11-232-2/+3
| | | | | | | | | | | | | dnsmasq v2.80 made 'dnssec-check-unsigned' the default, thus the uci option was rendered ineffectual: we checked unsigned zones no matter the setting. Disabling the checking of unsigned zones is now achieve with the "--dnssec-check-unsigned=no" dnsmasq option. Update init script to pass required option in the disabled case. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* firewall: update to latest Git HEADJo-Philipp Wich2019-11-221-3/+3
| | | | | | | 8174814 utils: persist effective extra_src and extra_dest options in state file 72a486f zones: fix emitting match rules for zones with only "extra" options Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: dhcp proto convert release to noreleaseKevin Darbyshire-Bryant2019-11-203-6/+29
| | | | | | | | Change dhcp no/release on shutdown to 'norelease' uci option to match existing proto dhcpv6 usage. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: add ubus reloadJohn Crispin2019-11-129-20/+601
| | | | | | | | | | | | | | | Add ubus interface to hostapd and wpa_supplicant to allow dynamically reloading wiface configuration without having to restart the hostapd process. As a consequence, both hostapd and wpa_supplicant are now started persistently on boot for each wifi device in the system and then receive ubus calls adding, modifying or removing interface configuration. At a later stage it would be desirable to reduce the services to one single instance managing all radios. Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* netifd: add dynamic wireless reconfigurationDaniel Golle2019-11-121-3/+3
| | | | | | | | | | | | | 7a723d0 wireless: add ubus method for reloading configuration e15147c wireless: make reconf opt-in and allow serializing configuration Set new option 'reconf' in 'wifi-device' section to enable dynamic re-configuration on that radio. If necessary, also set option 'serialize' which forced netifd to configure interfaces of wireless devices one-by-one. Both options are disabled by default. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ipset: update to 7.4DENG Qingfang2019-11-091-2/+2
| | | | Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* swconfig: Activate LTO compile optionHauke Mehrtens2019-11-081-0/+3
| | | | | | | | | | | | This decreases the size of the swconfig application by 25% on MIPS BE. old: 16,916 /sbin/swconfig new: 12,565 /sbin/swconfig Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dnsmasq: Activate LTOHauke Mehrtens2019-11-081-2/+2
| | | | | | | | | | | | This decreases the binary size when PIE ASLR is activated by 8% on MIPS BE. old: 202,020 /usr/sbin/dnsmasq new: 185,676 /usr/sbin/dnsmasq Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: enable PMKSA and OK caching for WPA3-PersonalDavid Bauer2019-11-041-1/+8
| | | | | | | | | | | | | This enables PMKSA and opportunistic key caching by default for WPA2/WPA3-Personal, WPA3-Personal and OWE auth types. Otherwise, Apple devices won't connect to the WPA3 network. This should not degrade security, as there's no external authentication provider. Tested with OCEDO Koala and iPhone 7 (iOS 13.1). Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: add IEEE 802.11k supportKyle Copperfield2019-11-021-0/+13
| | | | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Enables radio resource management to be reported by hostapd to clients. Ref: https://github.com/lede-project/source/pull/1430 Co-developed-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
* lantiq: Allow PKG_ASLR_PIE for DSL and voice driversHauke Mehrtens2019-11-011-1/+0
| | | | | | | | | | | When ASLR_PIE was activated globally these drivers failed to build because the user space LDFLAGS leaked into the kernel build process. This was fixed in upstream Linux kernel commit ce99d0bf312d ("kbuild: clear LDFLAGS in the top Makefile") which went into Linux 4.17. The lantiq target is now on Linux 4.19 only and these exceptions are not needed any more. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dropbear: rebuild libs on config changeYousong Zhou2019-11-011-0/+4
| | | | | | | | | Required as dependency on dropbear config headers is not tracked in dropbear build system Fixes FS#2275 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* mac80211: Update to version 5.4-rc2Hauke Mehrtens2019-10-192-50/+89
| | | | | | | | | This updates mac80211 to backports based on kernel 5.4-rc2 ath10k-ct was updated to match the API changes and iw now uses the new nl80211.h header file. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wwan: Double quote to prevent globbing and word splittingFlorian Eckert2019-10-182-9/+9
| | | | | | | | Fix some shellcheck warnings. Signed-off-by: Florian Eckert <fe@dev.tdt.de> [bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wwan: add ec25 to databaseFlorian Eckert2019-10-182-1/+5
| | | | | | | | Add ec25 to database. Signed-off-by: Florian Eckert <fe@dev.tdt.de> [bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wwan: add mc7304 to databaseFlorian Eckert2019-10-182-1/+5
| | | | | | | | Add mc7304 to database. Signed-off-by: Florian Eckert <fe@dev.tdt.de> [bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wwan: check new uci bus option on proto setup eventFlorian Eckert2019-10-182-13/+40
| | | | | | | | | | | | | | | If system has more then one and different wwan interface (modem). Then the wwan protohandler will always take the modem which is discovered first. The protohandler will always setup the same interface. To fix this add a new usb "bus" option which is associated with wwan device and so will set the specified interface up. With this change more then one interface could be mananged by the wwan protohandler. If the "bus" option is not set in the uci network config then the protohandler behaves as before the change. The protohanldler will take the first interface which he founds. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* 6in4: add rfc1918 check functionSean Kenny2019-10-181-0/+19
| | | | | | | | | | | | | | | | | | | | | | | This is a precursor to adding proper support for multiple 6in4 tunnels with the already programmed tunlink parameter. This is an essential sanity check so as to not break existing and working behind NAT setups. Signed-off-by: Sean Kenny <skenny@wfap.ca> 6in4: add myip he.net api parameter logic This is to add proper support for multiple 6in4 tunnels with the already programmed tunlink parameter. As it stands before this commit, if there is a multi wan setup that consists of dynamic ips, there is no way to use the dynamic update feature as the he.net api is implicitly using the ip address of the caller. This will explicitly use the ipaddr specified in the interface config OR the ip of the tunlink interface specified in the dynamic update api call instead ONLY if the final resolved ipaddr variable is not an rfc1918 address. Signed-off-by: Sean Kenny <skenny@wfap.ca>
* wireguard: bump to latest snapshot 20191012Kevin Darbyshire-Bryant2019-10-161-2/+2
| | | | | | | | | | | 8eb8443 version: bump snapshot be09cf5 wg-quick: android: use Binder for setting DNS on Android 10 4716f85 noise: recompare stamps after taking write lock 54db197 netlink: allow preventing creation of new peers when updating f1b87d1 netns: add test for failing 5.3 FIB changes a3539c4 qemu: bump default version Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-10-161-3/+3
| | | | | | | 07315b6 nl80211: handle hidden SSIDs in wpa_supplicant scan results 3ac846e lua: fix string description of mixed WPA3 modes Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* lantiq: fix dsl_control status handling.Martin Schiller2019-10-154-8/+8
| | | | | | | | | | Commit 7519a36774ca ("base-files,procd: add generic service status") introduced the generic 'status' command which broke the previous dsl_control status output. To fix this, let's rename the "old" command to "dslstat". Fixes: 7519a36774ca ("base-files,procd: add generic service status") Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-10-151-3/+3
| | | | | | a29b7d4 nl80211: align path to phy mapping logic with mac80211.sh Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* odhcpd: update to latest git HEADHans Dedecker2019-10-141-3/+3
| | | | | | 9a4531a ndp: fix endian issue Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: adjust to removal of WOLFSSL_HAS_AES_GCMEneas U de Queiroz2019-10-121-1/+0
| | | | | | WolfSSL is always built with AES-GCM support now. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* tcpdump: update to 4.9.3DENG Qingfang2019-10-124-19/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed CVEs: CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 CVE-2019-15167 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 17:11:55 +0000