aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* dnsmasq: fix handling ignore condition for dnssecYousong Zhou2020-09-252-1/+2
| | | | | | | | | | It should return false to indicate that the option should not be ignored Fixes 064dc1e8 ("dnsmasq: abort when dnssec requested but not available") Reported-by: Sami Olmari <sami@olmari.fi> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* dnsmasq: support tftp_unique_root in /etc/config/dhcpW. Michael Petullo2020-09-242-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | The TFTP server provided by dnsmasq supports serving a select boot image based on the client's MAC or IP address. This allows an administrator to activate this feature in /etc/config/dhcp. Here is an example /etc/config/dhcp that configures dnsmasq with --tftp-unique-root=mac: ... config dnsmasq option enable_tftp 1 option tftp_root /usr/libexec/tftpboot option tftp_unique_root mac config boot router option serveraddress 192.168.1.1 option servername tftp.example.com option filename openwrt-initramfs-kernel.bin ... With this configuration, dnsmasq will serve /usr/libexec/tftpboot/00-11-22-33-44-55/openwrt-initramfs-kernel.bin to the client with MAC address 00:11:22:33:44:55. Signed-off-by: W. Michael Petullo <mike@flyn.org>
* vxlan: fix rsc config optionHans Dedecker2020-09-242-3/+3
| | | | | | Fix route short circuit config option; fixes commit 036221ce5a899eb99ef1c1623fc9460af00a69e7 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* vxlan: add extra config optionsHans Dedecker2020-09-232-3/+25
| | | | | | | | | | | | | | | | | Add config options: srcportmin/srcportmax : range of port numbers to use as UDP source ports to communicate to the remote VXLAN tunnel endpoint ageing : lifetime in seconds of FDB entries learnt by the kernel maxaddress : maximum number of FDB entries learning : enable/disable entering unknown source link layer addresses and IP addresses into the VXLAN device FDB. rsc : enable/disable route short circuit proxy : enable/disable ARP proxy l2miss : enable/disable netlink LLADDR miss notifications l3miss : enable/disable netlink IP ADDR miss notifications gbp : enable/disable the Group Policy extension Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: ubus: make (B)SSID optional for neighbor reportDavid Bauer2020-09-222-10/+25
| | | | | | | | | | | Make the BSSID and SSID fields optional when configuring a neighbor report into hostapd. Both options can now be an empty string. For the BSSID, the first 6 byte are copied from the neighbor report. For the SSID, the SSID for the affected hostapd BSS is used. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: ubus: send notification instead of eventDavid Bauer2020-09-222-12/+13
| | | | | | | | | | | Rafal Milecki pointed out that ubus events are meant for low-level ubus events only (e.g. addition or removal of an object). Higher level events should happen as notifications on the ubus object itself. Dispatch BSS events on the main hostapd ubus object instead of publishing them as ubus events. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: ubus: fix infinite loop when configuring RRM NRDavid Bauer2020-09-212-3/+2
| | | | | | | The return-code was set, however it was never returned, nor was the loop interrupted. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: send procd event on BSS updateDavid Bauer2020-09-212-4/+36
| | | | | | | Dispatch ubus events also to procd in order to trigger service reloads on hostapd updates. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: send ubus event on BSS updateDavid Bauer2020-09-212-2/+24
| | | | | | | | | | | hostapd will emit a ubus event with the eventname hostapd.<ifname>.<event> when adding, removing or reloading a BSS. This way, services which install state (for example the RMM neighbor list) can on-demand reinstall this information for the BSS without polling this state. Signed-off-by: David Bauer <mail@david-bauer.net>
* odhcpd: number UCI defaults scriptStijn Segers2020-09-211-1/+1
| | | | | | | | | UCI defaults scripts are supposed to be numbered, but odhcpd's lacked numbering, which turned out to mess up my custom scripts numbered 9[0-9]_*. The idea is to have high number (custom) scripts executed last. Jow confirmed numbering is the default case, not the exception (thanks). Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* bpftools: support NLS, fix ppc build and update to 5.8.9Tony Ambardar2020-09-186-33/+72
| | | | | | | | | | | | | | | | | With global NLS support enabled (CONFIG_BUILD_NLS), the linked libelf.so and libbfd.so libraries will depend on libintl.so. Import the nls.mk helper to set library prefixes and flags accordingly, and also conditionally add "-lintl" as link-time library. Fix a build error on ppc due to a EDEADLOCK redefinition in errno.h. Use upstream stable kernel 5.8.9, and fix overriding of feature detection to only allow/hide detected features. Also refresh existing patches. Fixes: 2f0d672088 ("bpftools: add utility and library packages supporting eBPF usage") Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* uhttpd: update to the latest masterRafał Miłecki2020-09-181-3/+3
| | | | | | 47c34bd ubus: add ACL support for "subscribe" request Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* uhttpd: update to the latest masterRafał Miłecki2020-09-151-3/+3
| | | | | | | | 1172357 ubus: add new RESTful API fe1888f ubus: fix blob_buf initialization Fixes: 3d167ed805a9 ("uhttpd: update to the latest master") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* netifd: update to latest git HEADHans Dedecker2020-09-121-3/+3
| | | | | | | | | 55a7b6b netifd: vxlan: add aging and maxaddress options 11223f5 netifd: vxlan: add most missing boolean options 226566b netifd: vxlan: refactor mapping of boolean attrs a3c033e netifd: vxlan: handle srcport range Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: add support for per-BSS airtime configurationDavid Bauer2020-09-113-4/+14
| | | | | | | | | | | | Add support for per-BSS airtime weight configuration. This allows to set a airtime weight per BSS as well as a ratio limit based on the weight. Support for this feature is only enabled in the full flavors of hostapd. Consult the hostapd.conf documentation (Airtime policy configuration) for more information on the inner workings of the exposed settings. Signed-off-by: David Bauer <mail@david-bauer.net>
* rssileds: update maintainer email addressDaniel Golle2020-09-101-1/+1
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wireguard-tools: bump to 1.0.20200827Jason A. Donenfeld2020-09-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | * ipc: split into separate files per-platform This is in preparation for FreeBSD support, which I had hoped to have this release, but we're still waiting on some tooling fixes, so hopefully next wg(8) will support that. Either way, the code base is now a lot more amenable to adding more kernel platform support. * man: wg-quick: use syncconf instead of addconf for strip example Simple documentation fix. * pubkey: isblank is a subset of isspace * ctype: use non-locale-specific ctype.h In addition to ensuring that isalpha() and such isn't locale-specific, we also make these constant time, even though we're never distinguishing between bits of a secret using them. From that perspective, though, this is markedly better than the locale-specific table lookups in glibc, even though base64 characters span two cache lines and valid private keys must hit both. This may be useful for other projects too: https://git.zx2c4.com/wireguard-tools/tree/src/ctype.h Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* openvpn: fix shell compare operator in openvpn.initMartin Schiller2020-09-092-2/+2
| | | | | | | | Don't use bash syntax, because /bin/sh is used here. Signed-off-by: Martin Schiller <ms@dev.tdt.de> [bump PKG_RELEASE] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* wireguard: bump to 1.0.20200908Jason A. Donenfeld2020-09-091-2/+2
| | | | | | | | | | | | | | | * compat: backport kfree_sensitive and switch to it * netlink: consistently use NLA_POLICY_EXACT_LEN() * netlink: consistently use NLA_POLICY_MIN_LEN() * compat: backport NLA policy macros Backports from upstream changes. * peerlookup: take lock before checking hash in replace operation A fix for a race condition caught by syzkaller. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: add UCI support for Hotspot 2.0Daniel Golle2020-09-083-3/+107
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* netifd: update to git HEADDaniel Golle2020-09-081-3/+3
| | | | | | | | | | | | | | | | | 3d9bd73 utils: fix check_pid_path to work with deleted file as well 330f403 vlan: initialize device ifname earlier at creation time c057e71 device: do not check state from within device_init cb0c07b system-dummy: fix resolving ifindex ccd9ddc bridge: add support for turning on vlan_filtering 82bcb64 bridge: add support for adding vlans to a bridge 0e8cea0 bridge: add support for VLAN filtering 6086b63 config: enable bridge vlan filtering by default for bridges that define VLANs ac0710b device: look up full device name before traversing vlan chain e32e21e bridge: flush vlan list on bridge free 645ceed interface-ip: clear host bits of the device prefix d7b614a netifd-wireless: parse 'osen' encryption Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dropbear: Enable Ed25519 for normal devicesPaul Spooren2020-09-062-3/+4
| | | | | | | | | | | | | | | | | | | | The Ed25519 key pairs are much shorter than RSA pairs and are supported by default in OpenSSH. Looking at websites explaining how to create new SSH keys, many suggest using Ed25519 rather than RSA, however consider the former as not yet widely established. OpenWrt likely has a positive influence on that development. As enabling Ed25519 is a compile time option, it is currently not possible to install the feature via `opkg` nor select that option in an ImageBuilder. Due to the size impact of **12kB** the option should only be enabled for devices with `!SMALL_FLASH`. This approach seems cleaner than splitting `dropbear` into two packages like `dropbear` and `dropbear-ed25519`. Signed-off-by: Paul Spooren <mail@aparcar.org>
* iw: Update to version 5.8Hauke Mehrtens2020-09-063-723/+53
| | | | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: iw_5.4-1_mips_24kc.ipk 35.767 iw-full_5.4-1_mips_24kc.ipk 68.423 new: iw_5.8-1_mips_24kc.ipk 36.883 iw-full_5.8-1_mips_24kc.ipk 71.992 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* nftables: Activate link time optimization (LTO)Hauke Mehrtens2020-09-061-1/+4
| | | | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: nftables-json_0.9.6-1_mips_24kc.ipk 231.968 nftables-nojson_0.9.6-1_mips_24kc.ipk 204.731 new: nftables-json_0.9.6-2_mips_24kc.ipk 221.894 nftables-nojson_0.9.6-2_mips_24kc.ipk 193.932 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* nftables: Update to version 0.9.6Hauke Mehrtens2020-09-061-2/+2
| | | | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: nftables-json_0.9.3-1_mips_24kc.ipk 220.262 nftables-nojson_0.9.3-1_mips_24kc.ipk 192.937 new: nftables-json_0.9.6-1_mips_24kc.ipk 231.968 nftables-nojson_0.9.6-1_mips_24kc.ipk 204.731 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ppp: update to latest git HEADHans Dedecker2020-09-051-3/+3
| | | | | | | af30be0 Fix setting prefix for IPv6 link-local addresss 0314df4 Disable asking password again when prompt program returns 128 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: bump to latest HEADDavid Bauer2020-09-051-3/+3
| | | | | | | 8c2f9fa fw3: zones: limit zone names to 11 bytes 78d52a2 options: fix parsing of boolean attributes Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: add hs20 variantDaniel Golle2020-09-011-1/+21
| | | | | | Add hostapd variant compiled with support for Hotspot 2.0 AP features. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* bpftools: add utility and library packages supporting eBPF usageTony Ambardar2020-08-315-0/+508
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for building bpftool and libbpf from the latest 5.8.3 kernel sources, ensuring up-to-date functionality and fixes. Both are written to be backwards compatible, which simplfies build and usage across different OpenWRT image kernels. 'bpftool' is the primary userspace tool widely used for introspection and manipulation of eBPF programs and maps. Two variants are built: a 'full' version which supports object disassembly and depends on libbfd/libopcodes (total ~500KB); and a 'minimal' version without disassembly functions and dependencies. The default 'minimal' variant is otherwise fully functional, and both are compiled using LTO for further (~30KB) size reductions. 'libbpf' provides shared/static libraries and dev files needed for building userspace programs that perform eBPF interaction. Several cross-compilation and build-failure problems are addressed by new patches and ones backported from farther upstream: * 001-libbpf-ensure-no-local-symbols-counted-in-ABI-check.patch * 002-libbpf-fix-build-failure-from-uninitialized-variable.patch * 003-bpftool-allow-passing-BPFTOOL_VERSION-to-make.patch * 004-v5.9-bpftool-use-only-ftw-for-file-tree-parsing.patch Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* ethtool: Update to version 5.8Hauke Mehrtens2020-08-301-2/+4
| | | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: ethtool_5.4-1_mips_24kc.ipk 101.909 new: ethtool_5.8-1_mips_24kc.ipk 109.699 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Tested-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: Update to version 5.8Hauke Mehrtens2020-08-306-89/+12
| | | | | | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: ip-full_5.7.0-2_mips_24kc.ipk 165.786 ip-tiny_5.7.0-2_mips_24kc.ipk 117.730 tc_5.7.0-2_mips_24kc.ipk 144.405 new: ip-full_5.8.0-1_mips_24kc.ipk 169.775 ip-tiny_5.8.0-1_mips_24kc.ipk 119.808 tc_5.8.0-1_mips_24kc.ipk 149.053 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wireguard-tools: add tunlink option for hostrouteAaron Goodman2020-08-302-2/+3
| | | | | | | | | | In a multi-wan setup, netifd may need guidance on which wan device to use to create the route to the remote peer. This commit adds a 'tunlink' option similar to other tunneling interfaces such as 6in4, 6rd, gre, etc. Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
* curl: move package to packages.gitPaul Spooren2020-08-274-402/+0
| | | | | | | | curl is replaced by uclient-fetch within the OpenWrt build system and we can therefore move curl to packages.git. This is based on the Hamburg 2019 decision that non essential packages should move outside base. Signed-off-by: Paul Spooren <mail@aparcar.org>
* hostapd: Fix compile errors after wolfssl updateHauke Mehrtens2020-08-271-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following compile errors after the wolfssl 4.5.0 update: LD wpa_cli ../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject': ../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'? type = GEN_EMAIL; ^~~~~~~~~ ENAVAIL ../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in ../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function) type = GEN_DNS; ^~~~~~~ ../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function) type = GEN_URI; ^~~~~~~ ../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event': ../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'? if (gen->type != GEN_EMAIL && ^~~~~~~~~ ENAVAIL ../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function) gen->type != GEN_DNS && ^~~~~~~ ../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function) gen->type != GEN_URI) ^~~~~~~ Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed Fixes: 00722a720c77 ("wolfssl: Update to version 4.5.0") Reported-by: Andre Heider <a.heider@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* curl: Use wolfssl by defaultHauke Mehrtens2020-08-261-1/+1
| | | | | | | | Instead of using mbedtls by default use wolfssl. We now integrate wolfssl in the default build so use it also as default ssl library for curl. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* curl: Fix build with wolfsslHauke Mehrtens2020-08-261-0/+31
| | | | | | | | | Backport a commit from upstream curl to fix a problem in configure with wolfssl. checking size of time_t... configure: error: cannot determine a size for time_t Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* firewall: Fix PKG_MIRROR_HASHHauke Mehrtens2020-08-241-1/+1
| | | | | Fixes: 6c57fb7aa93d ("firewall: bump to version 2020-07-05") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ipset: update to version 7.6Josef Schlehofer2020-08-241-2/+2
| | | | | | | Changelog: https://ipset.netfilter.org/changelog.html Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* curl: disable zstd supportHans Dedecker2020-08-231-1/+2
| | | | | | | | | | Fixes package libcurl build issue : Package libcurl is missing dependencies for the following libraries: libzstd.so.1 Suggested-by: Syrone Wong <wong.syrone@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* curl: update to version 7.72.0Josef Schlehofer2020-08-211-2/+2
| | | | | | | Changes in this version can be found here: https://curl.haxx.se/changes.html#7_72_0 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* dnsmasq: abort dhcp_check on interface stateDavid Bauer2020-08-201-2/+2
| | | | | | | | | Abort the dhcp-check based on the interface instead of the carrier state. In cases where the interface is up but the carrier is down, netifd won't cause a dnsmasq reload, thus dhcp won't become active on this interface. Signed-off-by: David Bauer <mail@david-bauer.net>
* map: rename type to maptype (FS#3287)Remi NGUYEN VAN2020-08-192-14/+19
| | | | | | | | | | | | | | | | "type" is already used as a common option for all protocols types, so using the same option name for the map type makes the configuration ambiguous. Luci in particular adds controls for both options and sees errors when reading the resulting configuration. Use "maptype" instead, but still fallback to "type" if "maptype" is not set. This allows configurations to migrate without breaking old configurations. This addresses FS#3287. Signed-off-by: Remi NGUYEN VAN <remi.nguyenvan+openwrt@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* ltq-dsl-base: remove useless echos in lantiq_dsl.shAdrian Schmutzler2020-08-172-3/+3
| | | | | | | | The is no reason to catch the output by $() and then echo it again. Remove the useless echos. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* map: add a legacymap optionRemi NGUYEN VAN2020-08-152-8/+6
| | | | | | | | | | | | | | The legacy map version based on the IPv6 Interface Identifier in draft-ietf-softwire-map-03 was typically used by uncommenting the LEGACY variable in the map.sh file, which is not ideal. A proper configuration option is needed instead. The IPv6 Interface Identifier format described in the draft was eventually changed in RFC7597, but is still used by some major ISPs, including in Japan. Signed-off-by: Remi NGUYEN VAN <remi.nguyenvan+openwrt@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* dropbear: allow disabling support for scpRui Salvaterra2020-08-152-4/+10
| | | | | | | | | | | | | If not needed, disabling scp allows for a nice size reduction. Dropbear executable size comparison: 153621 bytes (baseline) 133077 bytes (without scp) In other words, we trim a total of 20544 bytes. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* iproute2: disable SELinux for nowDaniel Golle2020-08-131-0/+11
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dropbear: fix ssh alternative when dbclient isn't builtRui Salvaterra2020-08-121-3/+3
| | | | | | | The ssh symlink was still being created even when dbclient was disabled in the build configuration. Fix this annoyance. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* ppp: update to latest git HEADHans Dedecker2020-08-115-9/+9
| | | | | | | | | | | | 677aa53 Fix -W option for pppoe-discovery utility (#157) 115c419 Accept Malformed Windows Success Message (#156) 5bdb148 pppd: Add documentation of stop-bits option to pppd man page (#154) 2a7981f Add ipv6cp-accept-remote option 0678d3b pppd: Fix the default value for ipv6cp-accept-local to false Refresh patches Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: recognize option "key" as alias for "auth_secret"Jo-Philipp Wich2020-08-072-2/+2
| | | | | | | | | | | | | | The hostapd configuration logic is supposed to accept "option key" as legacy alias for "option auth_secret". This particular fallback option failed to work though because "key" was not a registered configuration variable. Fix this issue by registering the "key" option as well, similar to the existing "server" nad "port" options. Ref: https://github.com/openwrt/openwrt/pull/3282 Suggested-by: Michael Jones <mike@meshplusplus.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: make "key" option optional if "wpa_psk_file" is providedJo-Philipp Wich2020-08-071-5/+5
| | | | | | | | | | | | | If an existing "wpa_psk_file" is passed to hostapd, the "key" option may be omitted. While we're at it, also improve the passphrase length checking to ensure that it is either exactly 64 bytes or 8 to 63 bytes. Fixes: FS#2689 Ref: https://github.com/openwrt/openwrt/pull/3283 Suggested-by: Michael Jones <mike@meshplusplus.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io>