aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* openvpn-easy-rsa: update to 3.0.4Luiz Angelo Daros de Luca2018-07-302-6/+31
| | | | | | | | | | | | | | Upstream renamed openssl-1.0.cnf to openssl-easyrsa.cnf. However, pkg kept using openssl-1.0.cnf. Upstream easyrsa searchs for vars, openssl-*, x509-types in the same directory as easyrsa script. This was patched to revert back to static /etc/easy-rsa/ directory (as does OpenSUSE). EASYRSA_PKI still depends on $PWD. Move easyrsa from /usr/sbin to /usr/bin as root is not needed. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* iptables: add ip[6|]tables-compat packages + libxtables-compat depends on ↵Martin Strobel2018-07-301-0/+59
| | | | | | | | | IPTABLES_NFTABLES allows iptables-compat to use nft packet filtering allows to translate iptables-style to nft-style Signed-off-by: Martin Strobel <arctus@crza.de>
* igmpproxy: drop SSDP packetsDmitry Tunin2018-07-302-1/+13
| | | | | | | It is insecure to let this type of packets inside They can e.g. open ports on some other routers with UPnP, etc Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
* iwinfo: update to version 2018-07-24Nick Hainke2018-07-301-4/+4
| | | | | | | | | Update to new iwinfo version. Adds support for channel survey. Adds ubus support. Etc. Signed-off-by: Nick Hainke <vincent@systemli.org>
* treewide: Bump PKG_RELEASE due to mbedtls updateDaniel Engberg2018-07-302-2/+2
| | | | | | | Bump PKG_RELEASE on packages that depends on (lib)mbedtls to avoid library mismatch. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* thc-ipv6: Update URLsRosen Penev2018-07-291-2/+2
| | | | | | Development has moved to GitHub. Found using UScan. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* igmpproxy: add a silent logging optionDmitry Tunin2018-07-283-5/+6
| | | | | | | | [0-3](none, minimal[default], more, maximum) It is not 100% backward compatible, because now 0 disables logging Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
* dnsmasq: bump to dnsmasq v2.80test3Kevin Darbyshire-Bryant2018-07-2820-1565/+6
| | | | | | | | | | | | | | | | | Refresh patches Upstream commits since last bump: 3b6eb19 Log DNSSEC trust anchors at startup. f3e5787 Trivial comment change. c851c69 Log failure to confirm an address in DHCPv6. a3bd7e7 Fix missing fatal errors when parsing some command-line/config options. ab5ceaf Document the --help option in the french manual 1f2f69d Fix recurrent minor spelling mistake in french manual f361b39 Fix some mistakes in french translation of the manual eb1fe15 When replacing cache entries, preserve CNAMES which target them. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* wwan: Fix teardown for sierra_net driverMasashi Honma2018-07-271-1/+1
| | | | | | | The sierra_net driver is using proto_directip_setup for setup. So use proto_directip_teardown for teardown. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* ead: use new protocol setting API since libpcap 1.9.0Syrone Wong2018-07-271-3/+1
| | | | | | | Dropped the protocol API specific symbol: HAS_PROTO_EXTENSION and switch to the official API Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
* odhcpd: update to latest git HEADJo-Philipp Wich2018-07-261-4/+4
| | | | | | 44cce31 ubus: avoid dumping interface state with NULL message Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall: update to latest git HEADJo-Philipp Wich2018-07-261-3/+3
| | | | | | aa8846b ubus: avoid dumping interface state with NULL message Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* utils/curl: Disable libpslDaniel Engberg2018-07-241-1/+2
| | | | | | | | | Disabled libpsl to fix build issue reported by buildbots Package libcurl is missing dependencies for the following libraries: libpsl.so.5 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* wireguard-tools: add wireguard_watchdog scriptAleksandr V. Piskunov2018-07-222-2/+63
| | | | | | | | | | | | This watchdog script tries to re-resolve hostnames for inactive WireGuard peers. Use it for peers with a frequently changing dynamic IP. persistent_keepalive must be set, recommended value is 25 seconds. Run this script from cron every minute: echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com> [bump the package release] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* wireguard: bump to 0.0.20180718Jason A. Donenfeld2018-07-221-2/+2
| | | | | | | | | | | | | | 80b41cd version: bump snapshot fe5f0f6 recieve: disable NAPI busy polling e863f40 device: destroy workqueue before freeing queue 81a2e7e wg-quick: allow link local default gateway 95951af receive: use gro call instead of plain call d9501f1 receive: account for zero or negative budget e80799b tools: only error on wg show if all interfaces failk Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> [Added commit log to commit description] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: remove unused struct hostapd_ubus_ifaceFelix Fietkau2018-07-222-16/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iproute2: tc: backport canonical cake supportKevin Darbyshire-Bryant2018-07-212-150/+154
| | | | | | | | | | | | | | | | | | | iproute2's tc was updated to support the recently upstreamed cake qdisc. Backport this canonical support from upstream into iproute2 v4.17 There is no kernel kmod/userspace tc ABI change in this release from the previous package bump, so everyone can breath a sigh of relief. This is largely a code style change, the exception to prove the rule: option 'autorate_ingress' has been changed to 'autorate-ingress' to fit in with upstream option naming expectations. No openwrt package (e.g. sqm-scripts) has knowledge of 'autorate_ingress' thus only users who made their own scripts or used it within the 'dangerous configuration' options of sqm-scripts will be affected. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: fix conflicts hellMathias Kresin2018-07-181-95/+47
| | | | | | | | | | | | | Add each variant to the matching PROVIDERS variables after evaluating the respective hostapd*, wpad* and wpa* variant. Each package providing the same feature will automatically conflict with all prior packages providing the same feature. This way we can handle the conflicts automatically without introducing recursive dependencies. Signed-off-by: Mathias Kresin <dev@kresin.me>
* hostapd: cleanup package definitionMathias Kresin2018-07-181-46/+48
| | | | | | | | | | | | Move common variables and/or values to the package (variant) default. Add additional values in variant packages if necessary. Remove further duplicates by introducing new templates. Remove the ANY_[HOSTAPD|SUPPLICANT_PROVIDERS]_PROVIDERS. The are the same as the variables without the any prefix. No need to maintain both variables. Signed-off-by: Mathias Kresin <dev@kresin.me>
* igmpproxy: run in foreground for procdKevin Darbyshire-Bryant2018-07-182-2/+2
| | | | | | | | | procd needs processes to stay in foreground to remain under its gaze and control. Failure to do so means service stop commands fail to actually stop the process (procd doesn't think it's running 'cos the process has exited already as part of its forking routing) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* firewall3: update to latest git HEADHans Dedecker2018-07-171-3/+3
| | | | | | d2bbeb7 firewall3: make reject types selectable by user Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: don't use network functions at boottime (FS#1542)Hans Dedecker2018-07-172-6/+15
| | | | | | | | | | | | As dnsmasq is started earlier than netifd usage of network.sh functions at boottime will fail; therefore don't call at boottime the functions which construct the dhcp pool/relay info. As interface triggers are installed the dhcp pool/relay info will be constructed when the interface gets reported as up by netifd. At the same time also register interface triggers based on DHCP relay config. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ppp: fix building pptp pluginJo-Philipp Wich2018-07-172-1/+12
| | | | | | | | | The pptp.so plugin needs to be built with -fPIC as well in order to be linkable again. Fixes 888a15ff83 ("ppp: add missing -fPIC to rp-pppoe.so CFLAGS") Fixes e7397eef69 ("ppp: compile with LTO enabled") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: increase procd termination timeout to 15sJo-Philipp Wich2018-07-172-1/+2
| | | | | | | | | Increase the termination timeout to 15s to let OpenVPN properly tear down its connections, especially when weak links or complex down scripts are involved. Fixes FS#859. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dropbear: close all active clients on shutdownChristian Schoenebeck2018-07-161-0/+5
| | | | | | | | | | | | | | | | | | | | Override the default shutdown action (stop) and close all processes of dropbear Since commit 498fe85, the stop action only closes the process that's listening for new connections, maintaining the ones with existing clients. This poses a problem when restarting or shutting-down a device, because the connections with existing SSH clients, like OpenSSH, are not properly closed, causing them to hang. This situation can be avoided by closing all dropbear processes when shutting-down the system, which closes properly the connections with current clients. Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> [Luis: Rework commit message] Signed-off-by: Luis Araneda <luaraneda@gmail.com>
* curl: Update to 7.61.0Daniel Engberg2018-07-151-5/+5
| | | | | | Update curl to 7.61.0 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* odhcp6c: add noserverunicast config option for broken DHCPv6 serversHans Dedecker2018-07-152-6/+9
| | | | | | | | | Fix broken DHCPv6 servers which provide the server unicast option but do not reply on DHCPv6 renew messages directed to the IPv6 address contained in the server unicast option whihc results in broken IPv6 connectivity. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ppp: add missing -fPIC to rp-pppoe.so CFLAGSFelix Fietkau2018-07-141-0/+11
| | | | | | Fixes build error with LTO Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: compile with LTO enabledFelix Fietkau2018-07-132-2/+35
| | | | | | Reduces size of the .ipk on MIPS from 87k to 84k Signed-off-by: Felix Fietkau <nbd@nbd.name>
* firewall: compile with LTO enabledFelix Fietkau2018-07-131-2/+2
| | | | | | Reduces .ipk size on MIPS from 41.6k to 41.1k Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iw: compile with LTO enabledFelix Fietkau2018-07-131-2/+3
| | | | | | Reduces .ipk size on MIPS from 34k to 33k Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ppp: compile with LTO enabledFelix Fietkau2018-07-131-2/+2
| | | | | | Reduces .ipk size on MIPS from 98.5k to 98k Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ppp: fix linker flags for the radius pluginFelix Fietkau2018-07-131-3/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: compile with LTO enabledFelix Fietkau2018-07-131-1/+4
| | | | | | Reduces .ipk size from 65k to 63k on MIPS Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to latest git HEADHans Dedecker2018-07-111-3/+3
| | | | | | | 5cf7975 iprule: rework interface based rules to handle dynamic interfaces 57f87ad Introduce new interface event "create" (IFEV_CREATE) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to the latest versionFelix Fietkau2018-07-111-3/+3
| | | | | | | | | c1f6a82 system-linux: add autoneg and link-partner output e9eff34 system-linux: extend link mode speed definitions d1251e1 system-linux: adjust bridge isolate mode for upstream attribute naming 03785fb system-linux: fix build error on older kernels Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qos-scripts: fix indentationMoritz Warning2018-07-113-15/+16
| | | | Signed-off-by: Moritz Warning <moritzwarning@web.de>
* wireguard: bump to 0.0.20180708Jason A. Donenfeld2018-07-111-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | * device: print daddr not saddr in missing peer error * receive: style Debug messages now make sense again. * wg-quick: android: support excluding applications Android now supports excluding certain apps (uids) from the tunnel. * selftest: ratelimiter: improve chance of success via retry * qemu: bump default kernel version * qemu: decide debug kernel based on KERNEL_VERSION Some improvements to our testing infrastructure. * receive: use NAPI on the receive path This is a big change that should both improve preemption latency (by not disabling it unconditionally) and vastly improve rx performance on most systems by using NAPI. The main purpose of this snapshot is to test out this technique. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* iproute2: update to 4.17.0Hans Dedecker2018-07-1014-310/+48
| | | | | | | | | | | | Update to the latest version of iproute2; see https://lwn.net/Articles/756991/ for a full overview of the changes in 4.17. Remove upstream patch 002-json_print-fix-hidden-64-bit-type-promotion. Backport upstream patch 001-rdma-sync-some-IP-headers-with-glibc fixing rdma compile issue. At the same time re-organize patch numbering so the OpenWRT specific patches start at 100. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: build with LTO enabled (using jobserver for parallel build)Felix Fietkau2018-07-102-3/+54
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* odhcpd: update to latest git HEADHans Dedecker2018-07-091-4/+4
| | | | | | | 345bba0 dhcpv4: improve error checking in handle_dhcpv4() c0f6390 odhcpd: Check if open the ioctl socket failed Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* mbedtls: Update to 2.11.0Daniel Engberg2018-07-072-2/+2
| | | | | | | | | | | | | | | | Update mbed TLS to 2.11.0 Disable OFB block mode and XTS block cipher mode, added in 2.11.0. The soVersion of mbedtls changed, bump PKG_RELEASE for packages that use mbedTLS This is to avoid having a mismatch between packages when upgrading. The size of mbedtls increased a little bit: ipkg for mips_24kc before: 163.846 Bytes ipkg for mips_24kc after: 164.382 Bytes Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* dnsmasq: bump to latest patches on 2.80rc2Kevin Darbyshire-Bryant2018-07-0319-11/+406
| | | | | | | | | | | | | | | Refresh patches and backport upstream to current HEAD: a997ca0 Fix sometimes missing DNSSEC RRs when DNSSEC validation not enabled. 51e4eee Fix address-dependent domains for IPv6. 05ff659 Fix stupid infinite loop introduced by preceding commit. db0f488 Handle some corner cases in RA contructed interfaces with addresses changing interface. 7dcca6c Warn about the impact of cache-size on performance. 090856c Allow zone transfer in authoritative mode whenever auth-peer is specified. cc5cc8f Sane error message when pcap file header is wrong. c488b68 Handle standard and contructed dhcp-ranges on the same interface. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iproute2: tc: update support for cakeKevin Darbyshire-Bryant2018-07-031-28/+83
| | | | | | | | | Bump iproute2/tc support of cake. Add support for cake's change to u64 attribute passing for certain attributes (rate & byte counts) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* uhttpd: update to latest Git headJo-Philipp Wich2018-07-031-3/+3
| | | | | | | | | | db86175 lua: honour size argument in recv() function d3b9560 utils: add uh_htmlescape() helper 8109b95 file: escape strings in HTML output 393b59e proc: expose HTTP Origin header in process environment 796d42b client: flush buffered SSL output when tearing down client ustream Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ebtables: update to latest git 2018-06-27Hans Dedecker2018-07-023-5/+5
| | | | | | | 48cff25 build: drop install -o/-g root 53d7e7a extensions: ebt_string: take action if snprintf discards data Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* fw3: update to latest git HEADJohn Crispin2018-07-021-3/+3
| | | | | | 72684e5 firewall3: Fix GCC8 warnings by replacing sprintf with snprintf Signed-off-by: John Crispin <john@phrozen.org>
* samba36: Disable external libtdb and libteventRosen Penev2018-07-021-1/+3
| | | | | | | This was causing issues recently as samba36 is not API compatible with the libtdb in the packages repo. It shouldn't be using it anyway. Nor tevent. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* swconfig: swlib_map_settings(): change return type to voidAlexander Couzens2018-06-291-1/+1
| | | | | | | | The return value of the function isn't used anywhere. Fixes missing return value, CID 1329717. Found-by: Coverity Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* swconfig: fix un-initialized return valueAlexander Couzens2018-06-291-2/+3
| | | | | | | Fix CID 1330844 Found-by: Coverity Signed-off-by: Alexander Couzens <lynxis@fe80.eu>