aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* mac80211, hostapd: always explicitly set beacon intervalMatthias Schiffer2017-05-132-4/+3
| | | | | | | | | | | | | | | | One of the latest mac80211 updates added sanity checks, requiring the beacon intervals of all VIFs of the same radio to match. This often broke AP+11s setups, as these modes use different default intervals, at least in some configurations (observed on ath9k). Instead of relying on driver or hostapd defaults, change the scripts to always explicitly set the beacon interval, defaulting to 100. This also applies the beacon interval to 11s interfaces, which had been forgotten before. VIF-specific beacon_int setting is removed from hostapd.sh. Fixes FS#619. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* hostapd: remove unused variable declarations in hostapd.shMatthias Schiffer2017-05-131-1/+0
| | | | | | | None of the variables in this "local" declaration are actually set in wpa_supplicant_add_network(). Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* dnsmasq: bump to 2.77rc3Kevin Darbyshire-Bryant2017-05-122-10/+10
| | | | | | Fix [FS#766] Intermittent SIGSEGV crash of dnsmasq-full Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* openvpn: update to v2.4.2Jo-Philipp Wich2017-05-121-2/+2
| | | | | | | | | | | | | Update to version 2.4.2 in order to address two potential Denial-of-Service vectors in OpenVPN. CVE-2017-7478 - Don't assert out on receiving too-large control packets CVE-2017-7479 - Drop packets instead of assert out if packet id rolls over Ref: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.2 Ref: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: don't propagate DUID from one host to anotherArjen de Korte2017-05-111-1/+1
| | | | | | If no DUID is set for a host, it should be empty, not the last one set for a previous host. Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
* dnsmasq: use append_interface_name when using option --interface-nameHans Dedecker2017-05-092-4/+4
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: add interface-name uci list.Daniel Danzberger2017-05-092-1/+7
| | | | | | | | | | | | | | | | | | This patch adds the interface-name option for each dhcp config in /etc/config/dhcp. With the interface_name option users can define a DNS name for each dhcp section that will be resolved by dnsmasq with the underlaying interface address. For example: config dhcp 'lan' option interface 'lan' ... list interface_name 'home.lan' ... Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* dnsmasq: make tftp root if not existingAlberto Bursi2017-05-041-1/+1
| | | | | | | | | | If there's a TFTP root directory configured, create it with mkdir -p (which does not throw an error if the folder exists already) before starting dnsmasq. This is useful for TFTP roots in /tmp, for example. Originally submitted by nfw user aka Nathaniel Wesley Filardo Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
* dnsmasq: fix dhcp_option usage warningHans Dedecker2017-05-041-1/+2
| | | | | | | Don't display unnecessary dhcp_option usage warning in case dhcp_option is empty Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: add legacy_rates option to disable 802.11b data rates.Nick Lowe2017-05-031-8/+20
| | | | | | | | | | | | | | | | | | Setting legacy_rates to 0 disables 802.11b data rates. Setting legacy_rates to 1 enables 802.11b data rates. (Default) The basic_rate option and supported_rates option are filtered based on this. The rationale for the change, stronger now than in 2014, can be found in: https://mentor.ieee.org/802.11/dcn/14/11-14-0099-00-000m-renewing-2-4ghz-band.pptx The balance of equities between compatibility with b clients and the detriment to the 2.4 GHz ecosystem as a whole strongly favors disabling b rates by default. Signed-off-by: Nick Lowe <nick.lowe@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, defaults change]
* hostapd: fix reload frequency change patchAbhilash Tuse2017-05-032-7/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When sta is configured, hostapd receives 'stop' and 'update' command from wpa_supplicant. In the update command, hostapd gets sta parameters with which it configures ap. Problem is, with the default wireless configuration: mode:11g freq:2.4GHz channel:1 If sta is connected to 5GHz network, then ap does not work. Ideally with 340-reload_freq_change.patch hostapd should reload the frequency changes and start ap in 5GHz, but ap becomes invisible in the network. This issue can be reproduced with following /etc/config/wireless: config wifi-device radio0 option type mac80211 option channel 1 option hwmode 11g option path 'virtual/uccp420/uccwlan' option htmode 'none' config wifi-iface 'ap' option device 'radio0' option encryption 'none' option mode 'ap' option network 'ap' option ssid 'MyTestNet' option encryption none config wifi-iface 'sta' option device radio0 option network sta option mode sta option ssid TestNet-5G option encryption psk2 option key 12345 This change updates current_mode structure based on configured hw_mode received from wpa_supplicant. Also prepare rates table after frequency selection. Signed-off-by: Abhilash Tuse <Abhilash.Tuse@imgtec.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, patch refresh]
* dnsmasq: bump to 2.77test5Kevin Darbyshire-Bryant2017-05-021-2/+2
| | | | | | | | | | | A number of small tweaks & improvements on the way to a final release. Most notable: Improve DHCPv4 address-in-use check. Remove the recently introduced RFC-6842 (Client-ids in DHCP replies) support as it turns out some clients are getting upset. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* iproute2: bump PKG_RELEASEYousong Zhou2017-05-021-1/+1
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* iproute2: add ip-tiny, ip-full as alternatives of /sbin/ipYousong Zhou2017-05-021-10/+16
| | | | | | They will not be in conflict anymore ;) Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* odhcpd: update to git HEAD version (FS#656,FS#595)Hans Dedecker2017-04-281-3/+3
| | | | | | | | | | 9268ca6 ndp: don't trigger IPv6 ping when neighbor entry is invalid 2b3355f ndp: fix adding proxy neighbor entries 7dff5b4 ndp: fix wrong interface name in syslog message a54afb5 dhcpv6-ia: Fix segfault when writing DHCPv4 leases in state file c0e9dbf ubus: don't segfault when there're no leases Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: support dhcp_option config as a listHans Dedecker2017-04-271-4/+21
| | | | | | | | | | Configuring dhcp_option as an option does not allow the usage of white spaces in the option value; fix this by supporting dhcp_option as a list config while still supporting the option config to maintain backwards compatibility Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: fix procd interface trigger installHans Dedecker2017-04-261-1/+3
| | | | | | | | Install procd interface triggers only for interfaces which are enabled so dropbear instances running on (an) enabled interface(s) are not restarted due to an interface trigger of an interface which is disabled. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: return error status in reload_serviceHans Dedecker2017-04-241-1/+4
| | | | | | | | Based on a patch by Alexandru Ardelean. netifd ubus reload call returns the actual reload error status; return error status as well in reload_service Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to git HEAD versionHans Dedecker2017-04-241-3/+3
| | | | | | | | | 11cb9cf ubus: add interface method to trigger renew event 4375d1b system-linux: allow "throw" route type 5fbd904 netifd: propagate error code on netifd_reload() 6e0acec interface-ip: fix device name for IPv6 link-local DNS server Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to git HEAD versionHans Dedecker2017-04-241-3/+3
| | | | | | | 570069d ubus: rework dumping IPv6 and IPv4 leases 4e579c4 dhcpv6-ia: simplify logic to write statefile and dhcpv6 logging Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iptables: fix wrong depends for nftables support (FS#707)Ansuel Smith2017-04-221-1/+1
| | | | | | | The dep for the nftables support was wrong, if someone actually enable that option gain a compilation error. This fix this problem. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* dnsmasq: fix uninitialized varname in init-scriptBastian Bittorf2017-04-171-1/+1
| | | | | | | | | minor/cosmetic: fixes the following misleading message: root@box:~ /etc/init.d/dnsmasq restart sh: out of range Signed-off-by: Bastian Bittorf <bb@npl.de>
* iptables: set ABI_VERSION to force rebuild of dependent packagesFelix Fietkau2017-04-121-0/+4
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iptables: bump to 1.6.1Ansuel Smith2017-04-129-304/+103
| | | | | | | | | Switch to git repo Removed musl patch Refreshed existing patch Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
* openvpn: add myself as maintainerFelix Fietkau2017-04-121-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* OpenVPN: Update to 2.4.1Daniel Engberg2017-04-124-20/+12
| | | | | | | | | Update OpenVPN to 2.4.1 Remove 200-small_build_enable_occ.patch as it's included upstream. Refresh patches Add mirror and switch to HTTPS Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* iproute2: add libgenl.h and ll_map.h to InstallDev sectionHans Dedecker2017-04-081-1/+1
| | | | | | | | Commit f4e312ddf855375667f43c842c7187934b8aca92 adds libnetlink to staging dir but did not add the header files libgenl.h and ll_map.h which define functions belonging to libnetlink lib Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: peacefully coexist with ISC DHCPdDaniel Golle2017-04-081-0/+9
| | | | | | | | Similar to odhcpd, allow using ISC DHCPd instead of dnsmasq. Disable DHCP and/or DHCP6 in case ISC DHCP is present and enabled. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* netifd: fix fw3 warnings in dhcp scriptHans Dedecker2017-04-031-1/+1
| | | | | | Fix fw3 warnings in dhcp script in case fw3 is not enabled Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to git HEAD version (FS#635)Hans Dedecker2017-04-011-3/+3
| | | | | | | | | | 3d9f406 rework IPv6 dns address selection (FS#635) bc6c3ac ndp: keep an exact copy of IPv6 interface addresses 6eb1e01 ndp: code cleanup eea7d03 rework IPv6 address dump logic 24d21c7 ndp: add syslog debug tracing Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: use logical interface name for dhcp relay configKarl Vogel2017-03-291-1/+2
| | | | | | | | | The relay section should use the logical interface name and not the linux network device name directly. This to be consistent with other sections of the dnsmasq config where 'interface' means the logical interface. Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
* firewall: document rules for IPSec ESP/ISAKMP with 'name' optionYousong Zhou2017-03-282-15/+16
| | | | | | | | | | These are recommended practices by REC-22 and REC-24 of RFC6092: "Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service" Fixes FS#640 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* iw: enable MESH ID in scan outputMatthias Schiffer2017-03-251-4/+5
| | | | | | | | Make scan output useful for 802.11s meshes. The common print_ssid function is used, so this doesn't add any additional code. Based-on-patch-by: Jan-Tarek Butt <tarek@ring0.de> Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* odhcp6c: update to git HEAD versionHans Dedecker2017-03-221-3/+3
| | | | | | | | | | | 0463b05 dhcpv6: rebind capability support in reconfigure message (rfc6644) 53767fc dhcpv6: respect renew end point when handling reconfigure message dd892e2 dhcpv6: calculate T1, T2 and T3 in a more sane manner 8a6ca6e md5: use libubox md5 library as local implementation 89822de dhcpv6: don't return renew msg in case of invalid msg type in reconfigure msg 4160c0e treewide: align coding style Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openvpn: add extra respawn parametersMartin Schiller2017-03-221-0/+3
| | | | | | | | | | | | | | | This change protects the openvpn instances to be marked as "in a crash loop" and thereby the connection retries will run infinitely. When the remote site of an openvpn connection goes down for some time (network failure etc.) the openvpn instance in an openwrt/lede device should not stop retrying to establish the connection. With the current limit of 5 retries, there is a user interaction required, which isn't really what you want when the device should simply do everything to keep the vpn connection up. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* utils/tcpdump: Rework URLsDaniel Engberg2017-03-221-2/+2
| | | | | | | Add actual mirror and use main site as last resport Source: http://www.tcpdump.org/mirrors.html Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* umdns: update to the version 2017-03-21Rafał Miłecki2017-03-211-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | This includes following changes: 480d7bc Fix sending unicast questions on cache expire a0403cd Keep source sockaddr for every cached DNS record 1478293 Fix code freeing cached non-A(AAA) records too early 9f1cc22 Fix replying to "QU" questions received on unicast interface 943bedb Fix reading port of incoming packets c725494 Use MCAST_PORT define for port 5353 ce7e9e9 Use one define for DNS-Based Service Discovery service name e1bacef Drop entries cached for interface we're going to delete 496aeba Fix comment typo in cache_gc_timer f89986b Fix refreshing cached A(AAA) records that expire Previous updates made umdns work as expected on startup but there were still many bugs. They were mostly related to runtime - cache management and requests + responses. E.g. umdns was never able to send question on DNS record expire. It was also ignoring all incoming unicast questions. Since these issues are quite serious it makes sense to backport this update to the stable branch. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* netifd: update to git HEAD versionHans Dedecker2017-03-211-3/+3
| | | | | | | | a032166 interface-ip: set prefix indicator flag when IPv6 prefix lifetime changes b4f8984 system-linux: parse vti specific settings as nested json data object 7e3b89a system-linux: parse gre specific settings as nested json data object Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* vti: add vti specific settings as nested json objectHans Dedecker2017-03-212-2/+7
| | | | | | Add vti specific settings ikey and okey as a nested data json object Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* gre: add gre specific settings as nested json objectHans Dedecker2017-03-212-2/+11
| | | | | | | Add gre specific settings ikey, okey, iseqno, oseqno, icsum and ocsum as a nested data json object Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iperf3: Update to 3.1.7Daniel Engberg2017-03-201-2/+2
| | | | | | Update iperf3 to 3.1.7 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* iproute2: fix ip monitor can't work when NET_NS is not enabledYousong Zhou2017-03-192-1/+41
| | | | | | | | The bug appeared in v4.1.0 and was fixed since v4.8.0 Fixes FS#620 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* dnsmasq: don't point --resolv-file to default location unconditionallyPhilip Prindeville2017-03-181-3/+3
| | | | | | | If noresolv is set, we should not generate a --resolv-file parameter. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [minor cleanup]
* lldpd: bump to 0.9.6Stijn Tintel2017-03-181-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* odhcp6c: update to git HEAD versionHans Dedecker2017-03-161-3/+6
| | | | | | 7e0d8b8 CMakeLists: don't enable libubox md5 implementation by default Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* curl: Adjust URLsDaniel Engberg2017-03-151-6/+4
| | | | | | | Update mirror list, add main site as last resort Source: https://github.com/curl/curl-www/blob/master/latest.pl Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* iwcap: fix handling kill signal during dumpFelix Fietkau2017-03-141-13/+13
| | | | | | Do not run another loop iteration before checking the stop flag Signed-off-by: Felix Fietkau <nbd@nbd.name>
* umdns: update to the version 2017-03-14Rafał Miłecki2017-03-141-3/+3
| | | | | | | | | This includes 3 cleanups: fd5a160 Don't cache hosts as services 80dd246 Refresh DNS records A and AAAA directly 6515101 Access cached records (instead of services) to read list of hosts Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* curl: update to version 7.53.1Hauke Mehrtens2017-03-134-42/+6
| | | | | | | This fixes the following security problem: * CVE-2017-2629 SSL_VERIFYSTATUS ignored Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* xtables-addons: fix build error on ARCFelix Fietkau2017-03-121-0/+11
| | | | | | | The kernel unconditionally pulls in a header file that defines 'current', which conflicts with the lua extension code. Signed-off-by: Felix Fietkau <nbd@nbd.name>