aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* samba36: Remove guest ok since LuCI configures it.Rosen Penev2017-08-301-2/+1
| | | | | | guest ok is set per share and as such, don't override it. also, fix an error introduced in the last commit. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* dnsmasq: forward.c: fix CVE-2017-13704Kevin Darbyshire-Bryant2017-08-302-1/+38
| | | | | | | | | | | | | | | | Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset() is called with header & limit pointing at the same address and thus tries to clear memory from before the buffer begins. answer_request() is called with an invalid edns packet size provided by the client. Ensure the udp_size provided by the client is bounded by 512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512 MUST be treated as equal to 512" The client that exposed the problem provided a payload udp size of 0. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to git HEAD versionHans Dedecker2017-08-291-3/+3
| | | | | | 7d94ede system-linux: parse map-e fmrs parameters as nested data json object Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* map: use nested json data object to store map-e fmrs parametersHans Dedecker2017-08-292-7/+11
| | | | | | | Replace the string array containing the fmrs parameters by a nested data json object holding an array of fmrs parameters Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* map: fix boolean argument passed to blobmsg_check_attr in mapcalcHans Dedecker2017-08-262-2/+2
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: fix indentationHans Dedecker2017-08-251-3/+3
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: add support for multiple tags for each host.Kuang Rufan2017-08-252-2/+7
| | | | | | | | | | | | | | | | | | | | | | | Currently, dnsmasq support assigning multiple tags to a host record (--dhcp-host), but we only support only 1 tag for a host. The commit makes the following config to be valid: config host option name 'computer' option mac '00:11:22:33:44:55' option ip '192.168.1.100' list tag 'vendor_class' list tag 'vendor_id' config tag 'vendor_class' list dhcp_option 'option:vendor-class,00:...<omitted>' config tag 'vendor_id' option force '1' list dhcp_option 'option:vendor-id-encap,00:...<omitted>' Signed-off-by: Kuang Rufan <kuangrufan@pset.suntec.net> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* map: add ealen as configurable uci parameterHans Dedecker2017-08-242-1/+2
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* xtables-addons: update to version 2.13Koen Vandeputte2017-08-241-2/+2
| | | | | | | | | | | | | | | | | Changes: 89d1b80 xt_condition: namespace support #2 c839e87 xt_geoip: check for allocation overflow a587f95 compat_xtables: use more accurate printf format for NIPQUAD 1874fcd xt_DNETMAP: fix a buffer overflow 21ea7b7 xt_LOGMARK: resolve new gcc7 warnings ee8da2b build: support for Linux 4.12 19a4359 xt_condition: add support for namespaces 1b37966 xt_psd: resolve compiler warning Tested on cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* Revert "iputils: switch to new upstream"John Crispin2017-08-248-101/+330
| | | | | | | This reverts commit 77d3ac8e3ecd7989a7cffb575c4a42bc68190b6c. This reverts commit e665b3df2a47ba5bb049d13358937ac67b860b70. Signed-off-by: John Crispin <john@phrozen.org>
* iperf3: add SSL variant for iperf_auth featurePhilip Prindeville2017-08-232-3/+74
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* iperf3: update to 3.2Philip Prindeville2017-08-232-3/+24
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* iputils: update sha256sumJohn Crispin2017-08-231-1/+1
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* iputils: switch to new upstreamJohn Crispin2017-08-238-329/+100
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* samba36-net: new packageAnsuel Smith2017-08-231-1/+14
| | | | | | Samba could also be usefull for sending commands to windows pc (like shoutdown command). This new package add the bin to include this kind of command to the samba package. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* iwinfo: update to the latest git HEADRafał Miłecki2017-08-231-3/+2
| | | | | | | | | | | | | c1a03e8 nl80211: request split information about frequencies 5638567 nl80211: store info about freq being not available for some bandwidths ce51cb8 Allow storing more info about each frequency 5c10efa nl80211: support receiving split frequencies 335967c nl80211: improve error handling ab089dd nl80211: propagate netlink errors to callers 7bba117 nl80211: handle netlink errors in nl80211_wait() d22c64c iwinfo: add device id for Ubiquiti NanoStation Loco M2 Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* Revert "xtables-addons: fix nathelper-rtsp dependencies"John Crispin2017-08-231-1/+1
| | | | | | This reverts commit e2ef80130e0c855df47b2e046aed2b3467845184. Signed-off-by: John Crispin <john@phrozen.org>
* xtables-addons: fix nathelper-rtsp dependenciesPhilip Prindeville2017-08-221-1/+1
| | | | | | Both nf_conntrack and nf_nat need to be called out. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* dnsmasq: add ubus notifications for new leasesJohn Crispin2017-08-223-2/+143
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* hostapd: add additional ubus notificationsJohn Crispin2017-08-223-2/+107
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* netifd: update to latest git HEADJohn Crispin2017-08-221-3/+3
| | | | | | | | | b5731bf allow setting rps/xps defualt values via uci 2a29d1a system: remove unused 6rd tunnel attributes e627542 netifd: allow negative neighlocktime values e41382c system-linux: parse ipv6 specific tunnel settings as nested data json object Signed-off-by: John Crispin <john@phrozen.org>
* odhcpd: update to latest git HEADHans Dedecker2017-08-161-3/+3
| | | | | | | 94e65ee ndp: use IPv4 address list when comparing IPv4 addresses ff5020d dhcpv6-ia: rework reconfigure accept logic Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wpa_supplicant: log to syslog instead of stdoutStijn Tintel2017-08-101-1/+1
| | | | | | | | While debugging an issue with a client device, wpa_supplicant did not seem to log anything at all. Make wpa_supplicant log to syslog instead of stdout, to make debugging easier and to be consistent with hostapd. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* nftables: remove date from versionHauke Mehrtens2017-08-091-1/+1
| | | | | | | We are using the normal 0.7 version of nftables, do not add an additional date to the version number. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ltq-vdsl-app: add support for auto xfer_mode and auto line_modeMartin Schiller2017-08-061-11/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If xfer_mode is set to auto the vdsl_cpe_control daemon assumes that ATM should be used for ADSL and PTM for VDSL. xfer_mode and line_mode can be set to fixed value independantly from each other. The syntax for the tc_layer argument of vdsl_cpe_control is as follow: -T<TcADSL>:<TcCfgUsADSL>:<TcCfgDsADSL>_<TcVDSL>:<TcCfgUsVDSL>:<TcCfgDsVDSL> where TcADSL and TcVDSL can be: 1=ATM, 2=PTM/EFM, 4=Auto TC-Layer and TcCfgUsADSL, TcCfgUsVDSL, TcCfgDsADSL, TcCfgDsVDSL can be: 1=64/65-octet encapsulation supported 2=64/65-octet encapsulation with pre-emption 3=64/65-octet encapsulation with short packets Default: In case of no '-T' option is given, ADSL will be configured in ATM and VDSL in PTM/EFM: -T1:0x1:0x1_2:0x1:0x1 The '-M' argument of dsl_cpe_control defines the initial DSL mode (NextMode) for ADSL/VDSL multimode handling. Possible Values: 0=API-default, 1=ADSL, 2=VDSL Default: In case of no '-M' option is given, '0' (API-default) will be selected. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* ltq-vdsl-app: mask out ADSL bits when VDSL is requestedMartin Schiller2017-08-061-1/+4
| | | | | | | If the line_mode is fixed configured to vdsl, than only G.993 VDSL should be used. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* ltq-vdsl-app: use notification based ATM/PTM driver loadMartin Schiller2017-08-065-20/+34
| | | | | | | This patch removes the fixed atm/ptm driver loading and switches to notification based driver loading. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* ltq-xdsl-app: drop esi callMathias Kresin2017-08-063-4/+1
| | | | | | | | | | | | | The esi call was added to workaround a race condition between applying a configured mac address to the wan interface and starting the protocol (handler) as it was observed in a DHCP over ATM bridge configuration. Martin Schiller, TDT GmbH was so kind to test with their local infrastructure if the race condition still exists. The provided package dumps captured behind the DSLAM shows that it doesn't. It was most likely fixed with adding carrier support to the lantiq ptm/atm driver. Signed-off-by: Mathias Kresin <dev@kresin.me>
* odhcpd: update to latest git HEAD (FS#402, FS#524)Hans Dedecker2017-08-031-3/+3
| | | | | | | 296b4a0 dhcpv6: assign all viable DHCPv6 addresses by default (FS#402, FS#524) f4d38e0 treewide: reflect managed mode is related to RA Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* tcpdump: Update to 4.9.1Daniel Engberg2017-07-281-2/+2
| | | | | | | | | Update tcpdump to 4.9.1 Fixes: * CVE-2017-11108: Fix bounds checking for STP. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* samba36: Remove legacy optionsRosen Penev2017-07-222-8/+3
| | | | | | | | | | | | | Browseable is now set through LuCI per share, so remove it. Same with writeable (inverted synonym for read only). domain master and preferred master seem to be legacy settings for Windows 9x. encrypt passwords defaults to yes. Probably should not be disabled either. Also reordered alphabetically. Signed-off-by: Rosen Penev <rosenp@gmail.com> [rewrap commit message, fix SoB, fix author, bump pkg revsion] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to git HEADStijn Tintel2017-07-211-3/+3
| | | | | | | d397e8c netifd: Fix printf calls + function declarations. 34afb76 system-linux: fix GRE ikey/okey endianness Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ipset: split libipset as a subpackageAlexandru Ardelean2017-07-211-6/+15
| | | | | | | | | | | Intent is to link against it, and have the option to not install the ipset utility (if needed). One example/use-case is keepalived (from package) feeds, where it would be nice to just depend on a `libipset` (sub)package. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* dnsmasq: introduce config support for forced DHCP optionsJo-Philipp Wich2017-07-211-5/+9
| | | | | | | | | | | Introduce a new UCI list setting `list dhcp_option_force` which is available in sections of type `dnsmasq` and `dhcp`. The `dhcp_option_force` setting has the same semantics as `dhcp_option` but generates `dhcp-option-force` directives instead of `dhcp-option` ones in emitted native configuration. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: backport remove ping check of configured dhcp addressHans Dedecker2017-07-182-1/+29
| | | | | | | Remove ping check in DHCPDISCOVER case as too many buggy clients leave an interface in configured state causing the ping check to fail. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* nftables: Update to 0.7Nick Brassel2017-07-152-3/+79
| | | | | | Updated nftables to latest. Signed-off-by: Nick Brassel <nick@tzarc.org>
* curl: bump to version 7.54.1Alif M. Ahmad2017-07-143-5/+5
| | | | | | Upgrade the curl package to latest version. Patches refreshed. Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
* netfilter: add iptables-mod-rpfilter packageAlin Nastac2017-07-111-0/+14
| | | | | | | | | Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw -I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to become full when a packet flood with randomly selected source IP addresses is received from the lan side. Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
* dnsmasq: restore ability to include/exclude raw device namesJo-Philipp Wich2017-07-102-3/+3
| | | | | | | | | | | | | Commit 5cd88f4 "dnsmasq: remove use of uci state for getting network ifname" broke the ability to specify unmanaged network device names for inclusion and exclusion in the uci configuration. Restore support for raw device names by falling back to the input value when "network_get_device" yields no result. Fixes FS#876. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* lantiq: set up DSL front-end GPIOs if they existThomas Nixon2017-07-071-0/+14
| | | | | | | This is necessary for devices using the PSB80108/VRX220LD front-end (currently only known on the Netgear DM200). Signed-off-by: Thomas Nixon <tom@tomn.co.uk>
* odhcpd: update to the latest versionHans Dedecker2017-07-061-3/+3
| | | | | | | | | | | | f0d78e7 ndp: optimize check_addr6_updates code 94afe3b ndp: fix syslog tracing for netlink neigbor and address events 18df6cc treewide: rework logic to retrieve IPv6 interface addresses 803b83e router: use enum to specify order and index of iov struct 5dad295 treewide: rework code to get rid of fixed IPv6 address arrays 3e4c8ad config: rework code to get rid of IFNAMSIZ usage ab7813e treewide: use angle-brackets to include libubox header files Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: dnsmasq --rev-server supportDUPONCHEEL Sébastien2017-07-032-1/+6
| | | | | | | | | | This is functionally the same as --server, but provides some syntactic sugar to make specifying address-to-name queries easier. For example --rev-server=1.2.3.0/24,192.168.0.1 is exactly equivalent to --server=/3.2.1.in-addr.arpa/192.168.0.1 Signed-off-by: DUPONCHEEL Sébastien <sebastien.duponcheel@corp.ovh.com>
* dhcpv6: add missing dollar sign in dhcpv6 script (FS#874)Hans Dedecker2017-06-292-2/+2
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: backport patch fixing DNS failover (FS#841)Hans Dedecker2017-06-281-0/+31
| | | | | | | Backport upstream dnsmasq patch fixing DNS failover when first servers returns REFUSED in strict mode; fixes issue FS#841. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: add option to set max auth triesStijn Tintel2017-06-282-2/+4
| | | | | | | Add a uci option to set the new max auth tries paramater in dropbear. Set the default to 3, as 10 seems excessive. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dropbear: server support option '-T' max auth triesKevin Darbyshire-Bryant2017-06-282-2/+132
| | | | | | | | | | | | Add support for '-T n' for a run-time specification for maximum number of authentication attempts where 'n' is between 1 and compile time option MAX_AUTH_TRIES. A default number of tries can be specified at compile time using 'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for backwards compatibility. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* hostapd: configure NAS ID regardless of encryptionYury Shvedov2017-06-281-3/+3
| | | | | | | | | | | RADIUS protocol could be used not only for authentication but for accounting too. Accounting could be configured for any type of networks. However there is no way to configure NAS Identifier for non-WPA networks without this patch. Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com> [cleanup commit message] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: add acct_interval optionYury Shvedov2017-06-281-2/+5
| | | | | | | | Make an ability to configure Accounting-Interim-Interval via UCI Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com> [add hostapd prefix, cleanup commit message] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dnsmasq: backport tweak ICMP ping logic for DHCPv4Hans Dedecker2017-06-262-1/+26
| | | | | | | | | | Don't start ping-check of address in DHCP discover if there already exists a lease for the address. It has been reported under some circumstances android and netbooted windows devices can reply to ICMP pings if they have a lease and thus block the allocation of the IP address the device already has during boot. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openvpn: update to 2.4.3Magnus Kroken2017-06-265-13/+14
| | | | | | | | | | | | | | | | | | | | Fixes for security and other issues. See security announcement for more details: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 * Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508) * Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520) * Potential double-free in --x509-alt-username (CVE-2017-7521) * Remote-triggerable memory leaks (CVE-2017-7512) * Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522) * Null-pointer dereference in establish_http_proxy_passthru() * Restrict --x509-alt-username extension types * Fix potential 1-byte overread in TCP option parsing * Fix mbedtls fingerprint calculation * openssl: fix overflow check for long --tls-cipher option * Ensure option array p[] is always NULL-terminated * Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6) Signed-off-by: Magnus Kroken <mkroken@gmail.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 00:02:49 +0000