aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
...
* odhcpd: remove invalid call to free()Steven Barth2015-05-111-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45675
* ppp: remove the persist option, netifd handles reconnectsFelix Fietkau2015-05-091-1/+1
| | | | | | | | Significantly reduces reconnect delay Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45654
* netifd-dhcp: supply parameters to user-scriptFelix Fietkau2015-05-081-1/+1
| | | | | | | | | hand over parameters to user-script e.g. $1=deconfig Signed-off-by: Leon George <leon@georgemail.de> Signed-off-by: Christian Mehlis <christian@m3hlis.de> SVN-Revision: 45626
* hostapd: fix remote denial of service vulnerability in WMM action frame parsingFelix Fietkau2015-05-061-0/+36
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45619
* iptables: disable unused xml support to save some spaceFelix Fietkau2015-05-061-0/+13
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45617
* hostapd: enable 802.11w only for the full variantsFelix Fietkau2015-05-061-1/+4
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45616
* firewall: Allow IGMP and MLD input on WANSteven Barth2015-05-051-0/+19
| | | | | | | | | | | | The WAN port should at least respond to IGMP and MLD queries as otherwise a snooping bridge/switch might drop traffic. RFC4890 recommends to leave IGMP and MLD unfiltered as they are always link-scoped anyways. Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue> SVN-Revision: 45613
* curl: replace polarssl run-time version check with a compile-time oneFelix Fietkau2015-05-051-0/+11
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45609
* openvpn: replace polarssl run-time version check with a compile-time oneFelix Fietkau2015-05-051-0/+11
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45608
* openvpn: disable CBC record splitting in PolarSSL/mbedTLS (#19101)Jo-Philipp Wich2015-05-042-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | OpenVPN assumes that its control channel messages are sent and received unfragmented, this assumption is broken when CBC record splitting is enabled in mbedTLS. The record splitting is intended as countermeasure against BEAST attacks which do not apply to OpenVPN, therefore we simply disable it until upstream OpenVPN gains the ability to process fragmented control messages. Disabling the splitting also works around a (not remotely triggerable) segmentation fault in mbedTLS. References: * https://dev.openwrt.org/ticket/19101 * https://community.openvpn.net/openvpn/ticket/524 * https://github.com/ARMmbed/mbedtls/pull/185 Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45602
* dhcp: add option specifying overriding custom-routesSteven Barth2015-05-023-3/+9
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45594
* map: shorten autogenerated sub-interface names to account for limitsSteven Barth2015-04-302-3/+3
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45590
* dnsmasq: bump to 2.73rc7Steven Barth2015-04-291-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45587
* odhcpd: Remove prefix class config option as not supported anymore by odhcpdSteven Barth2015-04-281-8/+0
| | | | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> SVN-Revision: 45586
* odhcp6c: Fix white space errorsSteven Barth2015-04-281-8/+8
| | | | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> SVN-Revision: 45585
* dnsmasq: bump to 2.73rc6Steven Barth2015-04-234-161/+5
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45572
* hostapd: backport fix for CVE-2015-1863, refresh patchesFelix Fietkau2015-04-235-5/+42
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45567
* hostapd: mark wpa-supplicant & wpad-mesh as broken on umlNicolas Thill2015-04-221-2/+2
| | | | | | Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 45561
* uqmi: auto retry when bringup failsJohn Crispin2015-04-211-1/+15
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 45556
* umbim: auto retry when bringup failsJohn Crispin2015-04-211-1/+15
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 45555
* netifd: update to the latest version, fixes retry when proto handlers exit ↵Felix Fietkau2015-04-211-2/+2
| | | | | | | | without changing the state Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45550
* odhcpd: minor fixesSteven Barth2015-04-211-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45539
* hostapd/netifd: encrypted mesh with wpa_supplicantFelix Fietkau2015-04-201-18/+29
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 45519
* odhcp6c: fix SOL_MAX_RT to match RFC 3315Steven Barth2015-04-201-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45514
* nftables: bump versionSteven Barth2015-04-201-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45513
* iproute2: update to v4.0.0Steven Barth2015-04-205-25/+9
| | | | | | | | | | | | The most significant change from the previous version is the trimming of the 300-ip_tiny.patch to lib/utils.c where a section previously patched had vanished. That section of the patch was removed. Built and lightly tested on ar71xx against uClibc and musl. Signed-off-by: Russell Senior <russell@personaltelco.net> SVN-Revision: 45512
* netifd: update to the latest version, fixes more interface device config ↵Felix Fietkau2015-04-191-2/+2
| | | | | | | | handling issues Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45503
* netifd: update to the latest version, fixes more device config handling issuesFelix Fietkau2015-04-181-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45497
* iptables: remove obsolete filesFelix Fietkau2015-04-1816-454/+0
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45494
* dropbear: update to 2015.67Steven Barth2015-04-187-414/+16
| | | | | | | | | | | fixes dbclient login into OpenSSH 6.8p1 error: "Bad hostkey signature" reported on irc, replicated with Arch Linux Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> SVN-Revision: 45493
* hostapd: Fix wps button hotplug script to handle multiple radiosJohn Crispin2015-04-181-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hostapd's control file location was changed in 2013, and that has apparently broken the wps button hotplug script in cases where there are multiple radios and wps is possibly configured also for the second radio. The current wps button hotplug script always handles only the first radio. https://dev.openwrt.org/browser/trunk/package/network/services/hostapd/files/wps-hotplug.sh The reason is that the button hotplug script seeks directories like /var/run/hostapd*, as the hostapd-phy0.conf files were earlier in per-interface subdirectories. Currently the *.conf files are directly in /var/run and the control sockets are in /var/run/hostapd, but there is no subdirectory for each radio. root@OpenWrt:/# ls /var/run/hostapd* /var/run/hostapd-phy0.conf /var/run/hostapd-phy1.conf /var/run/hostapd: wlan0 wlan1 The hotplug script was attempted to be fixed after the hostapd change by r38986 in Dec2013, but that change only unbroke the script for the first radio, but left it broken for multiple radios. https://dev.openwrt.org/changeset/38986/ The script fails to find subdirectories with [ -d "$dir" ], and passes just the only found directory /var/run/hostapd, leading into activating only the first radio, as hostapd_cli defaults to first socket found inthe passed directory: root@OpenWrt:/# hostapd_cli -? ... usage: hostapd_cli [-p<path>] [-i<ifname>] [-hvB] [-a<path>] \ [-G<ping interval>] [command..] ... -p<path> path to find control sockets (default: /var/run/hostapd) ... -i<ifname> Interface to listen on (default: first interface found in the socket path) Below is a run with the default script and with my proposed solution. Default script (with logging added): ================================== root@OpenWrt:/# cat /etc/rc.button/wps #!/bin/sh if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then for dir in /var/run/hostapd*; do [ -d "$dir" ] || continue logger "WPS activated for: $dir" hostapd_cli -p "$dir" wps_pbc done fi >>>> WPS BUTTON PRESSED <<<<< root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status PBC Status: Active Last WPS result: None root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status PBC Status: Timed-out Last WPS result: None root@OpenWrt:/# logread | grep WPS Tue Apr 14 18:38:50 2015 user.notice root: WPS activated for: /var/run/hostapd wlan0 got WPS activated, while wlan1 remained inactive. I have modified the script to search for sockets instead of directories and to use the "-i" option with hostapd_cli, and now the script properly activates wps for both radios. As "-i" needs the interface name instead of the full path, the script first changes dir to /var/run/hostapd to get simply the interface names. Modified script (with logging): =============================== root@OpenWrt:/# cat /etc/rc.button/wps #!/bin/sh if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then cd /var/run/hostapd for dir in *; do [ -S "$socket" ] || continue logger "WPS activated for: $socket" hostapd_cli -i "$socket" wps_pbc done fi >>>> WPS BUTTON PRESSED <<<<< root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status PBC Status: Active Last WPS result: None root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status PBC Status: Active Last WPS result: None root@OpenWrt:/# logread | grep WPS Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan0 Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan1 Both radios got their WPS activated properly. I am not sure if my solution is optimal, but it seems to work. WPS button is maybe not that often used functionality, but it might be fixed in any case. Routers with multiple radios are common now, so the bug is maybe more prominent than earlier. The modified script has been in a slightly different format in my community build since r42420 in September 2014. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> SVN-Revision: 45492
* netifd: update to the latest version, fixes issues in handling device config ↵Felix Fietkau2015-04-171-1/+1
| | | | | | | | from interfaces Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45483
* qos-scripts: drop obsolete depdendency on iptabes-mod-filter (#19506)Felix Fietkau2015-04-171-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45482
* iptables: remove layer7 leftovers (#19506)Felix Fietkau2015-04-171-6/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45481
* network: also shorten virtual interface names of ppp and 3g/4g connectionsSteven Barth2015-04-175-9/+9
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45479
* network: shorten names of generated interfacesSteven Barth2015-04-176-9/+9
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45476
* odhcp6c: silence "bad number" warningsSteven Barth2015-04-151-4/+4
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45449
* odhcp6c: avoid saving empty RA search domainsSteven Barth2015-04-151-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45448
* odhcpd: fix accidental logic inversionSteven Barth2015-04-141-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45435
* odhcp6c: fix some issue discovered by scan-buildSteven Barth2015-04-141-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45429
* odhcpd: avoid illegal memory access in some corner casesSteven Barth2015-04-143-14/+13
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45428
* qos-scripts: remove layer7 supportFelix Fietkau2015-04-131-5/+0
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45425
* iptables: remove layer7 supportFelix Fietkau2015-04-132-372/+0
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45424
* dnsmasq: fix dnssec timestamp logic, backport crashfixSteven Barth2015-04-134-6/+174
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45410
* netifd: fix ieee80211r 'sh: bad number' in mac80211 setup (bug #19345)Felix Fietkau2015-04-111-0/+1
| | | | | | | | | | | | | | | | | | | Two errors "netifd: radio0: sh: bad number" have recently surfaced in system log in trunk when wifi interfaces come up. I tracked the errors to checking numerical values of some config options without ensuring that the option has any value. The errors I see have apparently been introduced by r45051 (ieee80211r in hostapd) and r45326 (start_disabled in mac80211). My patches fix two instances of "bad number", but there may be a third one, as the original report in bug 19345 pre-dates r45326 and already has two "bad number" errors for radio0. https://dev.openwrt.org/ticket/19345 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> SVN-Revision: 45380
* odhcpd: send current hop-limit by default in RAsSteven Barth2015-04-101-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45359
* odhcp6c: move IPv6 /proc config to userspace and sanitizeSteven Barth2015-04-102-2/+9
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45358
* dnsmasq: bump to 2.73rc4Steven Barth2015-04-107-351/+49
| | | | | | | | | Fix crash caused by malformed DNS requests Improved DNSSEC handling Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 45354
* hostapd: remove unused asprintf parameterJohn Crispin2015-04-101-1/+1
| | | | | | | | | | r45270 removed ieee80211n=%d from the format string but didn't remove the parameter itself. Though this probably doesn't cause any harm, it's quite confusing and unneeded. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 45351
* iptables: revert r40916John Crispin2015-04-101-1/+1
| | | | | | | | it causes problems with newer iptables when ipv6 is disabled as iptc uncoditionally links ip6tc Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 45350