aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
...
* hostapd: don't set htmode for wpa_supplicantLeon M. George2017-11-211-2/+0
| | | | | | no longer supported Signed-off-by: Leon M. George <leon@georgemail.eu>
* odhcpd: update to latest git HEAD (make dhcpv4 support optional)Hans Dedecker2017-11-201-12/+25
| | | | | | | | | fd80621 dhcpv4: make DHCPv4 support compiletime configurable cf29925 treewide: rework handling of netlink events 24cdc1b treewide: add netlink file 5dfb716 treewide: align function naming Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: load instance-specific conf-file if existsEmerson Pinter2017-11-192-8/+8
| | | | | | | Without this change, the instance-specific conf-file is being added to procd_add_jail_mount, but not used by dnsmasq. Signed-off-by: Emerson Pinter <dev@pinter.com.br>
* netifd: update to latest git HEADHans Dedecker2017-11-171-3/+3
| | | | | | c92106e interface-ip: add missing IPv6 policy rule Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* add PKG_CPE_ID ids to package and toolsAlexander Couzens2017-11-1713-0/+13
| | | | | | | | | | | CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Thanks to swalker for CPE to package mapping and keep tracking CVEs. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* wireguard: bump to 0.0.20171111Kevin Darbyshire-Bryant2017-11-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | edaad55 (tag: 0.0.20171111) version: bump snapshot 7a989b3 tools: allow for NULL keys everywhere 46f8cbc curve25519: reject deriving from NULL private keys 9b43542 tools: remove ioctl cruft f6cea8e allowedips: rename from routingtable 23f553e wg-quick: allow for tabs in keys ab9befb netlink: make sure we reserve space for NLMSG_DONE 73405c0 compat: 4.4.0 has strange ECN function 868be0c wg-quick: stat the correct enclosing folder of config file ceb11ba qemu: bump kernel version 0a8e173 receive: hoist fpu outside of receive loop bee188a qemu: more debugging f1fdd8d device: wait for all peers to be freed before destroying 2188248 qemu: check for memory leaks c77a34e netlink: plug memory leak 0ac8efd device: please lockdep a51e196 global: revert checkpatch.pl changes 65c49d7 Kconfig: remove trailing whitespace Compile-tested-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: rework frequency/ht/vht selection for ibss/meshFelix Fietkau2017-11-158-178/+55
| | | | | | | | | | - Remove obsolete patch chunks regarding fixed_freq - Instead of patching in custom HT40+/- parameters, use the standard config syntax as much as possible. - Use fixed_freq for mesh - Fix issues with disabling obss scan when using fixed_freq on mesh Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: explicitly set beacon interval for wpa_supplicantSven Eckelmann2017-11-151-0/+1
| | | | | | | | | | | | | | | The beacon_int is currently set explicitly for hostapd and when LEDE uses iw to join and IBSS/mesh. But it was not done when wpa_supplicant was used to join an encrypted IBSS or mesh. This configuration is required when an AP interface is configured together with an mesh interface. The beacon_int= line must therefore be re-added to the wpa_supplicant config. The value is retrieved from the the global variable. Fixes: 1a16cb9c67f0 ("mac80211, hostapd: always explicitly set beacon interval") Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Felix Fietkau <nbd@nbd.name> [rebase]
* hostapd: set mcast_rate in mesh modeSven Eckelmann2017-11-151-0/+68
| | | | | | | | | | | | | | | | | | The wpa_supplicant code for IBSS allows to set the mcast rate. It is recommended to increase this value from 1 or 6 Mbit/s to something higher when using a mesh protocol on top which uses the multicast packet loss as indicator for the link quality. This setting was unfortunately not applied for mesh mode. But it would be beneficial when wpa_supplicant would behave similar to IBSS mode and set this argument during mesh join like authsae already does. At least it is helpful for companies/projects which are currently switching to 802.11s (without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS because newer drivers seem to support 802.11s but not IBSS anymore. Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com> Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh]
* hostapd: refresh ubus patchFelix Fietkau2017-11-151-36/+18
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* igmpproxy: remove firewall rules when service is stoppedHans Dedecker2017-11-142-1/+5
| | | | | | | | | Remove multicast routing firewall rules when the igmpproxy is stopped by triggering a firewall config change. Keeping the firewall open from the wan for igmp and udp multicast is not desired when the igmpproxy service is inactive. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: fix swapped ubus args mac and ipJaroslav Safka2017-11-131-2/+2
| | | | | | | Fix swapped arguments "mac" and "ip" when calling function "ubus_event_bcast". Signed-off-by: Jaroslav Safka <devel@safka.org>
* openvpn: add support to start/stop single instancesMartin Schiller2017-11-132-18/+37
| | | | | Signed-off-by: Martin Schiller <ms@dev.tdt.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
* wireguard: fix portability issueFelix Fietkau2017-11-111-0/+18
| | | | | | | Check if the compiler defines __linux__, instead of assuming that the host OS is the same as the target OS. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wireguard: move to kernel build directoryFelix Fietkau2017-11-111-1/+1
| | | | | | It builds a kernel module, so its build dir should be target specific Signed-off-by: Felix Fietkau <nbd@nbd.name>
* layerscape: add restool packageYangbo Lu2017-11-1013-0/+794
| | | | | | | | restool is a user space application providing the ability to dynamically create and manage Layerscape DPAA2 containers and objects from Linux. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* firewall: update to latest git HEADHans Dedecker2017-11-071-3/+3
| | | | | | c430937 ubus: parse the firewall data within the service itself Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* uhttpd: fix query string handlingJo-Philipp Wich2017-11-071-3/+3
| | | | | | | | | | Update to latest Git in order to fix potential memory corruption and invalid memory access when handling query strings in conjunction with active basic authentication. a235636 2017-11-04 file: fix query string handling Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: fix PKG_MIRROR_HASHDaniel Golle2017-11-071-1/+1
| | | | | | | | | commit fbde9ac7184 set an incorrect sha256sum which doesn't match the file http://sources.lede-project.org/netifd-2017-10-31-0f96606b.tar.xz or a locally packaged checkout (which resulted in a file identical with the one referenced by the URL above). Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: remove default r1_key_holder generationYury Shvedov2017-11-061-2/+1
| | | | | | | | By default, hostapd assumes r1_key_holder equal to bssid. If LEDE configures the same static r1 key holder ID on two different APs (BSSes) the RRB exchanges fails behind them. Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
* netfilter, iptables: add optional CHECKSUM moduleDenis Osvald2017-11-061-0/+10
| | | | Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
* iwinfo: add "PKG_MIRROR_HASH" to the MakefileArjun AK2017-11-061-0/+1
| | | | | | | Defining it will let the build tool download the tarball file from a buildbot server, avoiding a clone of the source repo. Signed-off-by: Arjun AK <lede@arjunak.com>
* iperf3: update to 3.3 and refresh patchesPhilip Prindeville2017-10-314-60/+302
| | | | | | Taking the same patchset I've submitted upstream for inclusion. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* uqmi: replace legacy command invoke with newer typeKoen Vandeputte2017-10-241-7/+7
| | | | Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* uqmi: also try newer pin verificationKoen Vandeputte2017-10-241-1/+1
| | | | | | | | | Newer devices tend to only support the newer version of the pin verification command, so also try that one. Fixes PIN issues with modems like the Sierra Wireless MC7455 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* wireguard: version bump to 0.0.20171101Kevin Darbyshire-Bryant2017-11-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update wireguard to latest snapshot: 9fc5daf version: bump snapshot 748ca6b compat: unbreak unloading on kernels 4.6 through 4.9 7be9894 timers: switch to kees' new timer_list functions 6be9a66 wg-quick: save all hooks on save 752e7af version: bump snapshot 2cd9642 wg-quick: fsync the temporary file before renaming b139499 wg-quick: allow for saving existing interface 582c201 contrib: add reresolve-dns 8e04be1 tools: correct type for CTRL_ATTR_FAMILY_ID c138276 wg-quick: allow for the hatchet, but not by default d03f2a0 global: use fewer BUG_ONs 6d681ce timers: guard entire setting in block 4bf32ca curve25519: only enable int128 if compiler support is sound 86e06a3 device: expand scope of destruct lock e3661ab global: get rid of useless forward declarations bedc77a device: only take reference if netns is different 7c07e22 wg-quick: remember to rewind DNS settings on failure 2352ec0 wg-quick: allow specifiying multiple hooks 573cb19 qemu: test using four cores e09ec4d global: style nits 4d3deae qemu: work around ccache bugs 7491cd4 global: infuriating kernel iterator style 78e079c peer: store total number of peers instead of iterating d4e2752 peer: get rid of peer_for_each magic 6cf12d1 compat: be sure to include header before testing 3ea08d8 qemu: allow for cross compilation d467551 crypto/avx: make sure we can actually use ymm registers c786c46 blake2: include headers for macros 328e386 global: accept decent check_patch.pl suggestions a473592 compat: fix up stat calculation for udp tunnel 9d930f5 stats: more robust accounting 311ca62 selftest: initialize mutex in routingtable selftest 8a9a6d3 netns: use time-based test instead of quantity-based e480068 netns: use read built-in instead of ncat hack for dmesg Compile-tested-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* netifd: fix dns and domain variables pollution in dhcp.scriptTero Jänkä2017-11-022-5/+7
| | | | | | | Unmodified dns and domain variables could be needed in user script (/etc/udhcpc.user). Signed-off-by: Tero Jänkä <tero.janka@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cleanup)
* curl: bump to 7.56.1Hans Dedecker2017-10-293-41/+5
| | | | | | | | | | | Refresh patches Remove 320-curl-confopts.m4-fix-disable-threaded-resolver.patch as integrated upstream See https://curl.haxx.se/changes.html for the bugfixes in 7.56.0 and 7.56.1 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* build: use KERNEL_MAKE_FLAGS for kernel file compilationsKarl Vogel2017-10-291-4/+2
| | | | | | | The build system already defines KERNEL_CROSS which defaults to TARGET_CROSS. Make use of this variable for kernel makefiles. Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
* Revert "wpa_supplicant: log to syslog instead of stdout"Jo-Philipp Wich2017-10-272-2/+2
| | | | | | | | | | | | | | This reverts commit e7373e489d8a215402d6b0c408a26188342c7c17. Support of "-s" depends on the CONFIG_DEBUG_SYSLOG compile time flag which is not enabled for all build variants. Revert the change for now until we can properly examine the size impact of CONFIG_DEBUG_SYSLOG. Fixes FS#1117. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iptables: Fix target TRACE issueMartin Wetterwald2017-10-271-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | The package kmod-ipt-debug builds the module xt_TRACE, which allows users to use '-j TRACE' as target in the chain PREROUTING of the table raw in iptables. The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so that this feature which is implemented deep inside the linux IP stack (for example in sk_buff) is compiled. But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which fails as this dynamic library is not present on the system. I created the package iptables-mod-trace which takes care of that, and target TRACE now works! https://dev.openwrt.org/ticket/16694 https://dev.openwrt.org/ticket/19661 Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com> [Jo-Philipp Wich: also remove trace extension from builtin extension list and depend on kmod-ipt-raw since its required for rules] Signed-off-by: Jo-Philipp Wich <jo@mein.io> Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
* hostapd: fix up ubus supportJohn Crispin2017-10-252-23/+45
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* ltq-xdsl-app: script style nitKevin Darbyshire-Bryant2017-10-252-2/+2
| | | | | | Fix missing space style nit. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* ltq-adsl-app: add more script notificationsMathias Kresin2017-10-252-1/+43
| | | | | | | | Backport HANDSHAKE and TRAINING notification from ltq-vdsl-app. It unifies the dsl led blinking pattern accross all subtargets and allows to get the current line status from the dsl led. Signed-off-by: Mathias Kresin <dev@kresin.me>
* lantiq: xway: rename nas0/ptm0 to dsl0Mathias Kresin2017-10-252-3/+11
| | | | | | | | | | | This change makes it possible to configure the wan/dsl ppp interface settings independantly from the used TC-Layer (ATM/PTM). By using dsl0 as interface name as for the xrx200 we can get rid of a few conditionals which were introduced because of the different default TC-Layer in xway and xrx200. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ltq-adsl-app: use notification based ATM/PTM driver loadMathias Kresin2017-10-253-4/+64
| | | | | | | This patch removes the fixed atm/ptm driver loading and switches to notification based driver loading. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ltq-adsl-app: convert init script to procdMathias Kresin2017-10-251-6/+11
| | | | | | Use the procd features for the init script. Signed-off-by: Mathias Kresin <dev@kresin.me>
* netifd: bump to git HEAD version (FS#1037)Hans Dedecker2017-10-191-3/+3
| | | | | | | 0f96606 proto: add point-to-point IPv4 address config support (FS#1037) 1ee788d ubus: display the point-to-point IPv4 address Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: bump PKG_RELEASEStijn Tintel2017-10-181-1/+1
| | | | | | | | | | The previous commit did not adjust PKG_RELEASE, therefore the hostapd/wpad/wpa_supplicant packages containing the AP-side workaround for KRACK do not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* wireguard: version bump to 0.0.20171017Jason A. Donenfeld2017-10-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a simple version bump. Changes: * noise: handshake constants can be read-only after init * noise: no need to take the RCU lock if we're not dereferencing * send: improve dead packet control flow * receive: improve control flow * socket: eliminate dead code * device: our use of queues means this check is worthless * device: no need to take lock for integer comparison * blake2s: modernize API and have faster _final * compat: support READ_ONCE * compat: just make ro_after_init read_mostly Assorted cleanups to the module, including nice things like marking our precomputations as const. * Makefile: even prettier output * Makefile: do not clean before cloc * selftest: better test index for rate limiter * netns: disable accept_dad for all interfaces Fixes in our testing and build infrastructure. Now works on the 4.14 rc series. * qemu: add build-only target * qemu: work on ubuntu toolchain * qemu: add more debugging options to main makefile * qemu: simplify shutdown * qemu: open /dev/console if we're started early * qemu: phase out bitbanging * qemu: always create directory before untarring * qemu: newer packages * qemu: put hvc directive into configuration This is the beginning of working out a cross building test suite, so we do several tricks to be less platform independent. * tools: encoding: be more paranoid * tools: retry resolution except when fatal * tools: don't insist on having a private key * tools: add pass example to wg-quick man page * tools: style * tools: newline after warning * tools: account for padding being in zero attribute Several important tools fixes, one of which suppresses a needless warning. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: add wpa_disable_eapol_key_retries optionStijn Tintel2017-10-171-0/+5
| | | | | | | | | | | | | | Commit 2127425434046ae2b9f02fdbbdd37cac447af19c introduced an AP-side workaround for key reinstallation attacks. This option can be used to mitigate KRACK on the station side, in case those stations cannot be updated. Since many devices are out there will not receive an update anytime soon (if at all), it makes sense to include this workaround. Unfortunately this can cause interoperability issues and reduced robustness of key negotiation, so disable the workaround by default, and add an option to allow the user to enable it if he deems necessary. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: backport extra changes related to KRACKStijn Tintel2017-10-179-9/+442
| | | | | | | | While these changes are not included in the advisory, upstream encourages users to merge them. See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: bump PKG_RELEASEStijn Tintel2017-10-171-1/+1
| | | | | | | | | The previous CVE bugfix commit did not adjust PKG_RELEASE, therefore the fixed hostapd/wpad/wpa_supplicant packages do not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ppp: make the patches apply correctly againHauke Mehrtens2017-10-161-1/+1
| | | | | | | This fixes a compile problem recently introduced by me. Fixes: f40fd43ab2f ("ppp: fix compile warning") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wireguard: add wireguard to base packagesJason A. Donenfeld2017-10-162-0/+308
| | | | | | | | | | | | | | | | | | | | | | | Move wireguard from openwrt/packages to base a package. This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving experimental kernel module that many find essential and useful. The other is a VPN client. Both are inside of core. When you combine the two characteristics, you get WireGuard. Generally speaking, because of the extremely lightweight nature and "stateless" configuration of WireGuard, many view it as a core and essential utility, initiated at boot time and immediately configured by netifd, much like the use of things like GRE tunnels. WireGuard has a backwards and forwards compatible Netlink API, which means the userspace tools should work with both newer and older kernels as things change. There should be no versioning requirements, therefore, between kernel bumps and userspace package bumps. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Acked-by: Jo-Philipp Wich <jo@mein.io> Acked-by: Felix Fietkau <nbd@nbd.name>
* hostapd: merge fixes for WPA packet number reuse with replayed messages and ↵Felix Fietkau2017-10-1614-29/+965
| | | | | | | | | | | | | | | | | | | | | key reinstallation Fixes: - CERT case ID: VU#228519 - CVE-2017-13077 - CVE-2017-13078 - CVE-2017-13079 - CVE-2017-13080 - CVE-2017-13081 - CVE-2017-13082 - CVE-2017-13086 - CVE-2017-13087 - CVE-2017-13088 For more information see: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ppp: fix compile warningHauke Mehrtens2017-10-151-0/+1
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* lantiq: xrx200: rename nas0/ptm0 to dsl0Martin Schiller2017-10-152-2/+10
| | | | | | | | | | | | | This change makes it possible to configure the wan/dsl ppp interface settings independantly from the used TC-Layer (ATM/PTM). Now you can move a device from an ADSL/ATM port to an VDSL/PTM port without any configuration changes for example. Signed-off-by: Martin Schiller <ms@dev.tdt.de> [use the dsl0 interface name for the default netdev trigger in 01_led, add ip dependency] Signed-off-by: Mathias Kresin <dev@kresin.me>
* libs/libnl: Update to 3.3.0Daniel Engberg2017-10-151-0/+44
| | | | | | | | | | Update libnl to 3.3.0 Import patches to fix compilation Source: https://git.busybox.net/buildroot/tree/package/libnl Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287 Use more automatic toolchain logic Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* wpan-tools: add the wpan-ping to test the 6LoWPAN networkYunhui Fu2017-10-151-0/+1
| | | | | | | This patch adds the help tool wpan-ping to test the 6LoWPAN network to help the user debug network problem. Signed-off-by: Yunhui Fu <yhfudev@gmail.com>