| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds libbpf to the dependencies of tc-mod-iptables.
The package tc-mod-iptables is missing libbpf as a dependency,
which leads to the build failure described in bug #9491
LIBBPF_FORCE=on set, but couldn't find a usable libbpf
The build dependency is already automatically added because some other
packages from iproute2 depend on libbpf, but bpftools has multiple build
variants. With multiple build variants none gets build by default and
the build system will not build bpftools before iproute2.
Fixes: #9491
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit fa468d4bcdc7e6eb84ea51d9b05368ed87c43aae)
|
| |
|
|
|
|
|
| |
Fixes bogus errors on ubus calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit cf992ca862f271936f61367236378378f0d91b6d)
|
| |
|
|
|
|
|
|
| |
The dhcphostsfile must be mounted into the (ujail) sandbox.
The file can not be accessed without this mount.
Signed-off-by: Ruben Jenster <rjenster@gmail.com>
(cherry picked from commit 936df715de3d33947ce38ca232b05c2bd3ef58f1)
|
| |
|
|
|
|
|
|
| |
ipaddr option can be in CIDR notation,
but udhcp wants just an IP address
Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com>
(cherry picked from commit 506bb436c678779e8ee54e83a7fb3e4e880037ec)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Mikrotik R11e-LTE6 modem is similar to ZTE MF286R modem, added
earlier: it has a Marvel chip, able to work in ACM+RNDIS mode, knows ZTE
specific commands, runs OpenWrt Barrier Breaker fork.
While the modem is able to offer IPv6 address, the RNDIS setup is unable
to complete if there is an IPv6 adress.
While it works in ACM+RNDIS mode, the user experience isn't as good as
with "proto 3g": the modem happily serves a local IP (192.168.1.xxx)
without internet access. Of course, if the modem has enough time
(for example at the second dialup), it will serve a public IP.
Modifing the DHCP Lease (to a short interval before connect and back to
default while finalizing) is a workaround to get a public IP at the
first try.
A safe workaround for this is to excercise an offline script of the
pingcheck program: simply restart (ifdown - ifup) the connection.
Another pitfall is that the modem writes a few messages at startup,
which confuses the manufacturer detection algorithm and got disabled.
daemon.notice netifd: Interface 'mikrotik' is setting up now
daemon.notice netifd: mikrotik (2366): Failed to parse message data
daemon.notice netifd: mikrotik (2366): WARNING: Variable 'ok' does not exist or is not an array/object
daemon.notice netifd: mikrotik (2366): Unsupported modem
daemon.notice netifd: mikrotik (2426): Stopping network mikrotik
daemon.notice netifd: mikrotik (2426): Failed to parse message data
daemon.notice netifd: mikrotik (2426): WARNING: Variable '*simdetec:1,sim' does not exist or is not an array/object
daemon.notice netifd: mikrotik (2426): Unsupported modem
daemon.notice netifd: Interface 'mikrotik' is now down
A workaround for this is to use the "delay" option in the interface
configuration.
I want to thank Forum members dchard (in topic Adding support for
MikroTik hAP ac3 LTE6 kit (D53GR_5HacD2HnD)) [1]
and mrhaav (in topic OpenWrt X86_64 + Mikrotik R11e-LTE6) [2]
for sharing their experiments and works.
Another information page was found at eko.one.pl [3].
[1]: https://forum.openwrt.org/t/137555
[2]: https://forum.openwrt.org/t/151743
[3]: https://eko.one.pl/?p=modem-r11elte
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit dbd6ebd6d84b35599a0446559576df41f487200e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The MikroTik R11e-LTE6 modem goes into flight mode (CFUN=4) at startup
and the radio is off (*RADIOPOWER: 0):
AT+RESET
OK
OK
*SIMDETEC:2,NOS
*SIMDETEC:1,SIM
*ICCID: 8936500119010596302
*EUICC: 1
+MSTK: 11, D025....74F3
*ADMINDATA: 0, 2, 0
+CPIN: READY
*EUICC: 1
*ECCLIST: 5, 0, 112, 0, 000, 0, 08, 0, 118, 0, 911
+CREG: 0
$CREG: 0
+CESQ: 99,99,255,255,255,255
*CESQ: 99,99,255,255,255,255,0
+CGREG: 0
+CEREG: 0
+CESQ: 99,99,255,255,255,255
*CESQ: 99,99,255,255,255,255,0
*RADIOPOWER: 0
+MMSG: 0, 0
+MMSG: 0, 0
+MMSG: 1, 0
+MPBK: 1
While the chat script is able to establish the PPP connection,
it's closed instantly by the modem: LCP terminated by peer.
local2.info chat[7000]: send (ATD*99***1#^M)
local2.info chat[7000]: expect (CONNECT)
local2.info chat[7000]: ^M
local2.info chat[7000]: ATD*99***1#^M^M
local2.info chat[7000]: CONNECT
local2.info chat[7000]: -- got it
local2.info chat[7000]: send ( ^M)
daemon.info pppd[6997]: Serial connection established.
kern.info kernel: [ 453.659146] 3g-mikrotik: renamed from ppp0
daemon.info pppd[6997]: Renamed interface ppp0 to 3g-mikrotik
daemon.info pppd[6997]: Using interface 3g-mikrotik
daemon.notice pppd[6997]: Connect: 3g-mikrotik <--> /dev/ttyACM0
daemon.info pppd[6997]: LCP terminated by peer
daemon.notice pppd[6997]: Connection terminated.
daemon.notice pppd[6997]: Modem hangup
daemon.info pppd[6997]: Exit.
daemon.notice netifd: Interface 'mikrotik' is now down
Sending "AT+CFUN=1" to modem deactivates the flight mode and
solves the issue:
daemon.notice netifd: Interface 'mikrotik' is setting up now
daemon.notice netifd: mikrotik (7051): sending -> AT+CFUN=1
daemon.notice pppd[7137]: pppd 2.4.9 started by root, uid 0
local2.info chat[7140]: abort on (BUSY)
local2.info chat[7140]: abort on (NO CARRIER)
local2.info chat[7140]: abort on (ERROR)
local2.info chat[7140]: report (CONNECT)
local2.info chat[7140]: timeout set to 10 seconds
local2.info chat[7140]: send (AT&F^M)
local2.info chat[7140]: expect (OK)
local2.info chat[7140]: ^M
local2.info chat[7140]: +CESQ: 99,99,255,255,255,255^M
local2.info chat[7140]: ^M
local2.info chat[7140]: *CESQ: 99,99,255,255,255,255,0^M
local2.info chat[7140]: AT&F^MAT&F^M^M
local2.info chat[7140]: OK
local2.info chat[7140]: -- got it
...
local2.info chat[7140]: send (ATD*99***1#^M)
local2.info chat[7140]: expect (CONNECT)
local2.info chat[7140]: ^M
local2.info chat[7140]: ATD*99***1#^M^M
local2.info chat[7140]: CONNECT
local2.info chat[7140]: -- got it
local2.info chat[7140]: send ( ^M)
daemon.info pppd[7137]: Serial connection established.
kern.info kernel: [ 463.094254] 3g-mikrotik: renamed from ppp0
daemon.info pppd[7137]: Renamed interface ppp0 to 3g-mikrotik
daemon.info pppd[7137]: Using interface 3g-mikrotik
daemon.notice pppd[7137]: Connect: 3g-mikrotik <--> /dev/ttyACM0
daemon.warn pppd[7137]: Could not determine remote IP address: defaulting to 10.64.64.64
daemon.notice pppd[7137]: local IP address 100.112.63.62
daemon.notice pppd[7137]: remote IP address 10.64.64.64
daemon.notice pppd[7137]: primary DNS address 185.29.83.64
daemon.notice pppd[7137]: secondary DNS address 185.62.131.64
daemon.notice netifd: Network device '3g-mikrotik' link is up
daemon.notice netifd: Interface 'mikrotik' is now up
To send this AT command to the modem the "runcommand.gcom" script
dependency is moved from comgt-ncm to comgt.
As the comgt-ncm package depends on comgt already, this change
is a NOOP from that point of view.
But from the modem's point it is a low hanging fruit as the modem
is usable with installing comgt and kmod-usb-ncm packages.
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit 91eca7b04ff1309c7408baa1f1631d7623ce50cf)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch solves the problem of receiving "error" responses when
initially calling gcom. This avoids unnecessary NO_DEVICE failures.
A retry loop retries the call after an "error" response within the
specified delay. A successful response will continue with the connection
immediately without waiting for max specified delay, bringing the
interface up sooner.
Signed-off-by: Mike Wilson <mikewse@hotmail.com>
(cherry picked from commit 8f27093ce784daad5a9b1c89f51d0a76a8bbb07b)
|
| |
|
|
|
|
| |
4a673e1 fix null pointer dereference for INFORM messages
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The ABI of the wolfssl library changed a bit between version 5.5.3 and
5.5.4. This release update will trigger a rebuild of all packages which
are using wolfssl to make sure they are adapted to the new ABI.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ee47a28cec01c7943238bae45f65a98e4fc9abbe)
|
| |
|
|
|
|
|
| |
2397755 client: fix incorrectly emitting HTTP 413 for certain content lengths
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 73dca49f355fe10d1d5e629b0df584b03a1849b3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
8d15809 cli: print current HT mode
8f86dd6 cli: use IWINFO_HTMODE_COUNT
f36b72b cli: use IWINFO_KMGMT_NAMES
91be7e0 cli: use IWINFO_CIPHER_NAMES
49b6ec9 cli: fix printing the scan channel width
b1c8873 cli: fix marking the active channel
9e14e64 utils: add iwinfo_band2ghz() and iwinfo_ghz2band() helpers
e084781 utils: add helper functions to get names by values
d09a77a utils: add iwinfo_htmode_is_{ht|vht|he} helpers
8752977 utils: add and use iwinfo_format_hwmodes()
02f433e lib: add IWINFO_80211_COUNT and IWINFO_80211_NAMES
1d30df1 lib: add IWINFO_BAND_COUNT and IWINFO_BAND_NAMES
aefd0ef lib: use common IWINFO_CIPHER_NAMES strings
a5b30de lib: add IWINFO_OPMODE_COUNT and use it for IWINFO_OPMODE_NAMES
9f29e79 lib: constify and fixup the string array definitions
fddc015 nl80211: mark frequencies where HE operation in not allowed
6d50a7c nl80211: add support for HE htmodes
4ba5713 nl80211: properly get available bands for the hwmode
91b2ada nl80211: update the kernel header nl80211.h
3f619a5 nl80211: fix frequency/channel conversion for the 6G band
a77d915 nl80211: don't guess if a name is an ifname
c27ce71 devices: add usb device MediaTek MT7921AU
14f864e nl80211: add ability to describe USB devices
a5a75fd nl80211: remove ancient wpa_supplicant ctrl socket path
dd4e1ff nl80211: fix wpa supplicant ctrl socket permissions
d638163 fix -Wdangling-else warnings
4aa6c5a fix -Wreturn-type warning
3112726 fix -Wpointer-sign warning
ebd5f84 fix -Wmaybe-uninitialized warning
5469898 fix -Wunused-variable warnings
462b679 fix -Wduplicate-decl-specifier warnings
ccaabb4 fix -Wformat-truncation warnings
50380db enable useful compiler warnings via -Wall
Fixes: https://github.com/openwrt/openwrt/issues/10158
Fixes: https://github.com/openwrt/openwrt/issues/10687
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 4a4d0bf78ddbbf17508891c5c837e5eb00420b5c)
|
| |
|
|
|
|
|
| |
00aab87 Correctly identify key management algorithms starting with "FT-"
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5c70b19c425896625f891c70910a96cdf9f61345)
|
| |
|
|
|
|
|
| |
0496c722f1d7 nl80211: fix issues with renamed wiphy and multiple phy per device
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 735f5f18ddbcb5c4e2033f1c08be0113369d2b79)
|
| |
|
|
|
|
|
|
|
|
|
| |
46f04f3808e8 devices: add MediaTek MT7986 WiSoC
b3e08c8b5a8f ops: make support for wireless extensions optional
1f695d9c7f82 nl80211: allow phy names that don't start with 'phy'
b7f9f06e1594 nl80211: fix phy/netdev index lookup
4a43b0d40ba5 nl80211: look up the phy name instead of assuming name == phy<idx>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit c787962e1d5016cab637cf8857bc6aa3afdda001)
|
| |
|
|
|
|
|
|
|
|
|
| |
Allow registration if the SIM is roaming or partner mode, by adding two
new options to the protocol.
Until now, such registration failed because umbim returns exit codes 4 and
5 for such situations.
Signed-off-by: Julio Gonzalez Gil <git@juliogonzalez.es>
(cherry picked from commit 840ce0a65bbb7ba13a547f90cb94452b290475ef)
|
| |
|
|
|
|
|
|
|
|
| |
context_type is an integer mapping of pdptype:
1: IPV4
2: IPV6
3: IPV4V6
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
(cherry picked from commit 13f82ce264ed2d02c66cb2cae8f013c8f64a979f)
|
| |
|
|
|
|
|
|
|
| |
dtim_period is a bss property, not a device one.
It is already handled properly in mac80211.sh
Fixes: 30c64825c7ed ("hostapd: add dtim_period, local_pwr_constraint, spectrum_mgmt_required")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit ddf736e543d4a214f563dc008b6fb5ee5e0d1b66)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This backports a commit from upstream dnsmasq to fix CVE-2022-0934.
CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 002a99eccd75fb653163bae0a1132bd4f494e7ad)
|
| |
|
|
|
|
|
|
|
| |
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit a80e198cd383593da7f41857a6122f28ed6354a1)
|
| |
|
|
|
|
|
| |
7ae5e14 fw4: gracefully handle `null` return values from `fd.read("line")`
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 5e2e048c0e7c16d7967ec7a0cd8a9c01aa0f12b1)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
4fbf6d7 ruleset.uc: log forwarded traffic not matched by zone policies
c7201a3 main.uc: reintroduce set reload restriction
756f1e2 ruleset: fix emitting set_mark/set_xmark rules with masks
3db4741 ruleset: properly handle zone names starting with a digit
43d8ef5 fw4: fix formatting of default log prefix
592ba45 main.uc: remove uneeded/wrong set reload restrictions
b0a6bff tests: fix testcases
145e159 fw4: recognize `option log` and `option counter` in `config nat` sections
ce050a8 fw4: fall back to device if l3_device is not available in ifstatus
Fixes: #10639, #10965
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit fdfa9d8f7469626d2dc8e4b46a6ad56a3b27c16b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all
packages using wolfSSL library.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f1b7e1434f66a3cb09cb9e70b40add354a22e458)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two feature currently altered by the multicast_to_unicast option.
1. bridge level multicast_to_unicast via IGMP snooping
2. hostapd/mac80211 config multicast_to_unicast setting
The hostapd/mac80211 setting has the side effect of converting *all* multicast
or broadcast traffic into per-station duplicated unicast traffic, which can
in some cases break expectations of various protocols.
It also has been observed to cause ARP lookup failure between stations
connected to the same interface.
The bridge level feature is much more useful, since it only covers actual
multicast traffic managed by IGMP, and it implicitly defaults to 1 already.
Renaming the hostapd/mac80211 option to multicast_to_unicast_all should avoid
unintentionally enabling this feature
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 09ea1db93b53d2c1e4a081f20fbbddd4bffd451d)
|
| |
|
|
|
|
|
|
|
| |
f5fcdcf cli: introduce test mode and refuse firewall restart on errors
a540f6d fw4: fix cosmetic issue with per-ruleset and per-table include paths
695e821 doc: fix swapped include positions in nftables.d README
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit ab31ffc425b59afc102f8a3275791c153f39c8f4)
|
| |
|
|
|
|
|
|
|
| |
Testing has shown it to be very unreliable in variety of configurations.
It is not mandatory, so let's disable it by default until we have a better
solution.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 2984a0420649733662ff95b0aff720b8c2c19f8a)
|
| |
|
|
|
|
|
|
|
| |
35fec487e30f05c81bd135326a993dad7f861812 fixed opkg usage,
but when using buildroot we were still defaulting to
ip(6)tables-legacy
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 0c8d7e34ab35f6b41f034fd94fec740970e0125b)
|
| |
|
|
|
|
|
|
|
| |
WPA3 enterprise requires group_mgmt_cipher=BIP-GMAC-256 and if 802.11r is
active also wpa_key_mgmt FT-EAP-SHA384. This commit also requires
corresponding changes in netifd.
Signed-off-by: Joerg Werner <schreibubi@gmail.com>
(cherry picked from commit 9fbb76c0470fd54f1f34909b1098d0f76078878f)
|
| |
|
|
|
|
|
| |
0dad3e6 Add support for CCMP-256 and GCMP-256 ciphers
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cc6a323e2328176b732b13f1f09745354270cd39)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the SDK the folder $(LINUX_DIR)/user_headers/include does not exist,
but it more or less contains the same content as
$(LINUX_DIR)/include/uapi which also exists in the SDK.
Since iproute2 commit 1d819dcc741e ("configure: fix parsing issue on
include_dir option") it checks if this folder exists and aborts the
build if it does not exists.
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1d819dcc741e25958190e31f8186c940713fa0a8
With this commit the KERNEL_INCLUDE variable points to a valid folder
with the kernel include headers. I am not sure if they are actually
needed because the build worked before even with an invalid path.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 60738fedede1746922a8b227f24ad5c733661585)
|
| |
|
|
|
|
|
| |
146bc77 umbim: fix invalid mbim message string encoding
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 90bedc411b1e98e9adf668dde09f8eafe4490344)
|
| |
|
|
|
|
|
| |
76d2d41b7355 interface: fix use-after-free bug when rewriting resolv.conf
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 31648c4b59add5b1cb441073a46c80ab768b588c)
|
| |
|
|
|
|
|
|
| |
87fbefd interface: support "zone" config option
bfa039c netifd: fix WPA3 enterprise ciphers
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry-picked from commit 8008816a2ceeb7e66d27d9882685933bb9df4c76)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
e3395cd ucode: initialize search path before VM init
8cb3f85 ucode: initialize default library search path
188dea2 utils: accept '?' as path terminator in uh_path_match()
c5eac5d file: support using dynamic script handlers as error pages
290ff88 relay: trigger close if in header read state with pending data
f9db538 ucode: ignore exit exceptions
8ba0b64 cmake: use variables and find_library for dependency
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 4ee77cfcfadcd2b28678a1f3e8e78383b0b21963)
|
| |
|
|
|
|
|
|
|
| |
Musl libc does not support the non-POSIX "%F" format for strptime() so
replace all occurrences of it with an equivalent "%Y-%m-%d" format.
Fixes: #10419
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit e6e4f979999393825370e9db9fe04d75cb01acf2)
|
| |
|
|
|
|
|
|
|
|
| |
a4484d4 fw4: support automatic includes
ca7e3a1 fw4: honour enabled option of include sections
5a02f74 tests: add missing fs.stat) mock data for `nf_conntrack_dummy`
111a7f7 fw4: don't inherit zone family from ct helpers
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit fe86b2ffaaf6059250e3ba0a9e1436312415e23f)
|
| |
|
|
|
|
|
| |
7d21e8d dhcpv6: add option to ignore stateless advertise
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit a23d132cff541210b281ac60de619e7ce7ec3ba0)
|
| |
|
|
|
|
|
| |
705d3b5 iwinfo: Add missing auth_suites mappings for WPA3
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cc2dfc5e4dc2e480203b826749186c73021795df)
|
| |
|
|
|
|
|
|
| |
The ulog iptables target was removed with kernel 3.17, remove the kernel
and also the iptables package in OpenWrt too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2a0284fb0325f07e79b9b4c58a7d280ba9999a39)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The nft NAT packages for IPv4 and IPv6 were merged into the common
packages with kernel 5.1. The kmod-nft-nat6 package was empty in our
build, remove it.
Multiple kernel configuration options were also removed, remove them
from our generic kernel configuration too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b75425370d8de747457c137463bc4d15f6f44d00)
|
| |
|
|
|
|
|
|
| |
Fix 'serversfile' option not being jail_mounted by the init script.
Signed-off-by: Bruno Victal <brunovictal@outlook.com>
(cherry picked from commit 0276fab64933dc42bad865974dc224e2672f99fe)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
| |
860ca90 odhcpd: Support for Option NTP and SNTP
83e14f4 router: advertise removed addresses as invalid in 3 consecutive RAs
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 73c6d8fd046298face0e8aea8e52cc0faca67324)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is some syscall missing:
'getdents64'
'getrandom'
'statx'
'newfstatat'
Found with:
'mkdir /etc/umdns; ln -s /tmp/1.json /etc/umdns/; utrace /usr/sbin/umdns'
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
(cherry picked from commit 31cca8f8d3f6218965812c46de35ba30c4ba83ab)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The re-transmit counters can overflow the 32 bit representation resulting
in negative values being displayed. Background being that the numbers are
treated at some point as signed INT rather than unsigned INT.
Change the counters from 32 bit to 64 bit, should provide sufficient room
to avoid any overflow. Not the nicest solution but it works
Fixes: #10077
Signed-off-by: Roland Barenbrug <roland@treslong.com>
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
(cherry picked from commit 456b9029d764e69f390ee26bca24883b12eb83c2)
|
| |
|
|
|
|
|
| |
9212bfc odhcp6c: fix IA discard when T1 > 0 and T2 = 0
Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
(cherry picked from commit f9209086264a5c5c55f1eb3cbd2399cf47e29f22)
|
| |
|
|
|
|
|
|
|
| |
the hash and timestamp of the remote copy of the archive
has changed since last bump
meaning the remote archive copy was recreated
Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit ba7da7368086d0721da7cd4d627209dffda5c1d6)
|
| |
|
|
|
|
|
|
|
|
|
| |
The change of the PKG_VERSION caused the hash of the package to
change. This is because the PKG_VERSION is present in the
internal directory structure of the archive.
Fixes: 038d5bdab117 ("layerscape: use semantic versions for LSDK")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit e879cccaa21563a7cdf47797b18fb86723720158)
(cherry picked from commit d4391ef073825f5817cdbcc3fc215311f1bbb461)
|
| |
|
|
|
|
|
|
|
| |
4cd7d4f Revert "firewall3: support table load on access on Linux 5.15+"
50979cc firewall3: remove unnecessary fw3_has_table
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry-picked from commit 435d7a052bf1b6a3a01cb3ad6cda6ba4b25b1879)
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
11f5c7b fw4.uc: fix zone helper assignment
b9d35ff fw4.uc: don't skip zone for unavailable helper
e35e26b tests: add test for zone helpers
a063317 ruleset: fix conntrack helpers
e1cb763 ruleset: reuse zone-jump.uc template for notrack and helper chain jumps
11410b8 ruleset: reorder declarations & output tweaks
880dd31 fw4: fix skipping invalid IPv6 ipset entries
5994466 fw4: simplify `is_loopback_dev()`
53886e5 fw4: fix crash in parse_cthelper() if no helpers are present
11256ff fw4: add support for configurable includes
3b5a033 tests: add test coverage for firewall includes
d79911c fw4: support sets with timeout capability but without default expiry
15c3831 fw4: add support for `option log` in rule and redirect sections
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit e8433fb4336b72e44a40cb667ee2eb06e0a31109)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenWrt now uses firewall4 (nft) by default,
so iptables should also default to nftables backend.
When multiple packages provide the same virtual package,
opkg pick the first one by alphabetical order,
so we rename iptables-legacy to iptables-zz-legacy and add
iptables-legacy in PROVIDES.
We also need to remove IPTABLES_NFTABLES config as
this cause recursive dependencies.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 35fec487e30f05c81bd135326a993dad7f861812)
|
| |
|
|
|
|
|
|
| |
Resolves #10081
Reported-By: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit f98bb1ffe5327d7309f11a3647efd8116d637b33)
|
