aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* tools: add iucode-toolZoltan HERPAI2018-03-041-0/+47
| | | | | | | | | | | | Add tool to "compile" Intel microcode files. The tool will be compiled for host (to split the microcode.dat) and for target (to forcibly reload the microcode if required). Instead of using the large microcode.bin/microcode-64.bin, the splitted ucode files (separate for CPU families) will be installed. Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* odhcpd: fix interop with wide DHCPv6 client (FS#1377)Hans Dedecker2018-03-021-4/+4
| | | | | | aedc154 dhcpv6-ia: don't always send reconf accept option (FS#1377) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files: fix off-by-one in counting seconds for factory resetRafał Miłecki2018-03-011-1/+1
| | | | | | | | | There was a mismatch between indicating factory reset and code actually starting it. After 5 seconds status LED started blinking rapidly letting user know it's ready to release reset button. In practice button had to stay pressed for another second in order to relly start the process. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mountd: update to the latest version from 2018-02-26Rafał Miłecki2018-02-261-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | This significantly improves mountd stability & reliability by: 1) Sending hotplug.d event when appropriate 2) Properly unmounting 3) Handling corner cases when unmounting fails 4) Improving log messages 5f2c419 mount: drop duplicated includes aaf2743 mount: call hotplug-call with ACTION=remove before trying to unmount 97da4ed mount: try lazy unmount if normal one fails 1b62489 mount: create not working symlink when unmounting fails e77dc6d mount: reorder deleting code in the mount_enum_drives() 76766ae mount: rename tmp variables in the mount_add_list() 04b897f mount: drop duplicated rmdir() call from the mount_enum_drives() a27ea3f mount: drop duplicated unlink() call from the mount_dev_del() bf7cc33 mount: fix/improve unmounting log messages 36f9197 mount: fix removing mount point if it's expired ed4270f mount: struct mount: replace "mounted" and "ignore" fileds with a "status" 1af9ca2 mount: change mount_dev_del() argument to struct mount * 7c8fea8 mount: rename /proc/mount parser to mount_update_mount_list() 7aadd1c mount: improve handling mounts table size Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* perf: restrict libunwind dependency to archs that actually support libunwindMatthias Schiffer2018-02-251-1/+1
| | | | | | | | | | Allow building perf on uncommon targets again. Depending on the kernel version, not all of these archs will actually use libunwind in perf. Still, it seems simpler and less error-prone to use the same list that is defined in the libunwind package. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* libunwind: fix build with musl on PPCMatthias Schiffer2018-02-251-0/+383
| | | | | | | | | | | Works around two incompatiblities between glibc and (POSIX-compliant) musl: - missing register definitions from asm/ptrace.h - non-POSIX-compliant ucontext_t on PPC32 with glibc Compile tested on mpc85xx. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* uqmi: ensure CID is a numeric value before proceedingKoen Vandeputte2018-02-201-4/+4
| | | | | | | | | | | The current implementation only checked if uqmi itself executed correctly which is also the case when the returned value is actually an error. Rework this, checking that CID is a numeric value, which can only be true if uqmi itself also executed correctly. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* uqmi: use built-in command for data-link verificationKoen Vandeputte2018-02-182-2/+20
| | | | | | | | | | | uqmi contains a command for directly querying the modem if there is a valid data connection, so let's use it. This avoids the cases were all previous tests are succesful, but the actual data link is not up for some reasons, leading to states were we thought the link was up when it actually wasn't .. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* uqmi: use correct value for connection checkingKoen Vandeputte2018-02-181-4/+8
| | | | | | | | | | | | | | Originally, the implementation only checked if uqmi command execution succeeded properly without actually checking it's returned data. This lead to a pass, even when the returned data was indicating an error. Rework the verification to actually check the returned data, which can only be correct if the uqmi command itself also executed correctly. On command execution success, value "pdh_" is a pure numeric value. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* uqmi: use general method for state cleaningKoen Vandeputte2018-02-181-10/+4
| | | | | | | | | | Debugging shows that using the general method properly cleans on each run, while the method specifying the client-ID shows "No effect" even while in connected state. Fixes several connectivity issues seen on specific modems. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* uqmi: silence error on pin verificationKoen Vandeputte2018-02-181-1/+1
| | | | | | | | | | | | If a device only supports the 2nd verification method (uim), the first method will fail as expected reporting an error: "Command not supported" Silence both separate methods and only report an error regarding pin verification if both fail. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* uqmi: fix raw-ip mode for newer lte modemsKoen Vandeputte2018-02-182-2/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some newer LTE modems, like the MC7455 or EC25-E do not support "802.3" mode, and will stay in "raw-ip" regardless of the mode being set. In this case, the driver must be informed that it should handle all packets in raw mode. [1] This commit fixes connectivity issues for these devices. Before: [ Node 5 ] udhcpc -i wwan0 udhcpc: started, v1.27.2 udhcpc: sending discover udhcpc: sending discover udhcpc: sending discover After: [ Node 5 ] udhcpc -i wwan0 udhcpc: started, v1.27.2 udhcpc: sending discover udhcpc: sending select for 100.66.245.226 udhcpc: lease of 100.66.245.226 obtained, lease time 7200 udhcpc: ifconfig wwan0 100.66.245.226 netmask 255.255.255.252 broadcast + udhcpc: setting default routers: 100.66.245.225 [1] https://lists.freedesktop.org/archives/libqmi- devel/2017-January/002064.html Tested on cns3xxx using a Sierra Wireless MC7455 LTE-A Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> [bumped PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* net: uqmi: fix blocking in endless loops when unplugging deviceAlexandru Ardelean2018-02-181-0/+2
| | | | | | | | | | | If you unplug a QMI device, the /dev/cdc-wdmX device disappears but uqmi will continue to poll it endlessly. Then, when you plug it back, you have 2 uqmi processes, and that's bad, because 2 processes talking QMI to the same device [and the same time] doesn't seem to work well. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* base-files: don't evaluate block-device ueventDaniel Golle2018-02-151-5/+8
| | | | | | | | | | Backport commits fixing the detection of GPT partition names during preinit and sysupgrade, closing a shell-injection vulnerability. da52dd0c83 ("base-files: quote values when evaluating uevent") 267873ac9b ("base-files: don't evaluate block-device uevent") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* perf: use libunwindMaxim Gorbachyov2018-02-131-1/+1
| | | | | | | Without libunwind perf does not show userspace stack frames. Tested on mvebu. Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
* libunwind: enable build for armMaxim Gorbachyov2018-02-131-1/+1
| | | | | | Tested with perf on mvebu. Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
* procd: update to latest git HEADHans Dedecker2018-02-091-3/+3
| | | | | | 9a4036f trace: add missing limits.h include Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iptables: make kmod-ipt-debug part of default ALL buildYousong Zhou2018-01-262-4/+3
| | | | | | | | | The iptables TRACE target is only available in raw table that's why the dependency was moved from iptables-mod-trace into kmod-ipt-debug Fixes FS#1219 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* iptables: Fix target TRACE issueMartin Wetterwald2018-01-261-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | The package kmod-ipt-debug builds the module xt_TRACE, which allows users to use '-j TRACE' as target in the chain PREROUTING of the table raw in iptables. The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so that this feature which is implemented deep inside the linux IP stack (for example in sk_buff) is compiled. But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which fails as this dynamic library is not present on the system. I created the package iptables-mod-trace which takes care of that, and target TRACE now works! https://dev.openwrt.org/ticket/16694 https://dev.openwrt.org/ticket/19661 Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com> [Jo-Philipp Wich: also remove trace extension from builtin extension list and depend on kmod-ipt-raw since its required for rules] Signed-off-by: Jo-Philipp Wich <jo@mein.io> Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
* curl: fix libcurl/mbedtls async interfaceDarren Tucker2018-01-242-1/+28
| | | | | | | | | | | | When using mbedtls, curl's nonblocking interface will report a request as done immediately after the socket is written to and never read from the connection. This will result in a HTTP status code of 0 and zero length replies. Cherry-pick the patch from curl 7.53.0 to fix this (https://github.com/curl/curl/commit/b993d2cc). Fixes https://bugs.openwrt.org/index.php?do=details&task_id=1285. Signed-off-by: Darren Tucker <dtucker@dtucker.net>
* dnsmasq: backport validation fix in dnssec security fixKevin Darbyshire-Bryant2018-01-202-2/+2
| | | | | | | | | A DNSSEC validation error was introduced in the fix for CVE-2017-15107 Backport the upstream fix to the fix (a simple typo) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (backported from commit adaf1cbcc8b253ea807dbe0416b4b04c33dceadf)
* dnsmasq: backport dnssec security fix for 17.01Kevin Darbyshire-Bryant2018-01-192-1/+203
| | | | | | | | | | | | | | | | | | | | | | | | | CVE-2017-15107 An interesting problem has turned up in DNSSEC validation. It turns out that NSEC records expanded from wildcards are allowed, so a domain can include an NSEC record for *.example.org and an actual query reply could expand that to anything in example.org and still have it signed by the signature for the wildcard. So, for example !.example.org NSEC zz.example.org is fine. The problem is that most implementers (your author included, but also the Google public DNS people, powerdns and Unbound) then took that record to prove the nothing exists between !.example.org and zz.example.org, whereas in fact it only provides that proof between *.example.org and zz.example.org. This gives an attacker a way to prove that anything between !.example.org and *.example.org doesn't exists, when it may well do so. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* mountd: bump to git HEAD versionHans Dedecker2018-01-171-4/+4
| | | | | | | | c54e5c6 mount: check if block was mounted before cleaning it up e31565a mount: remove directory if mounting fails 0f4f20b mount: call hotplug mount scripts only on success Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kmod-sched-cake: bump to latest cake bake for 17.01Kevin Darbyshire-Bryant2018-01-161-3/+3
| | | | | | | | | | | | | | | | | More important bug fix: 402f05c Use full-rate mtu_time in all tins. Fixes an issue where some cake tins experienced excessive latency since 49776da (dynamically adjust target) Minor bug fixes: 31277c2 Avoid unsigned comparison against zero. Fix compiler warning, no known impact. 8cf5278 ack_filter: fix TCP flag check. A very contrived case may have lead to dropping a SYN packet that should not be dropped. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* lantiq: activate noise margin delta for VDSL tooHauke Mehrtens2018-01-071-2/+2
| | | | | | | | | | | Previously this was only activated for ADSL, this patch activates the same setting also for VDSL, this feature is also support for VDSL in the same way it works for ADSL. I tested it with DSL FW 5.7.9.5.1.7 against a Broadcom 177.140 DSLCO (Deutsche Telekom) and saw different data rates and Max. Attainable Data Rates depending on the ds_snr_offset settings I choose. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Lantiq: make possible to tweak DSL SRN from UCIAndrea Merello2018-01-071-1/+26
| | | | | | | | | | | | | | | | | | | | | This patch makes possible to tweak the downstream SNR margin on Lantiq DSL devices. The UCI parameter 'network.dsl.ds_snr_offset' is used to set the SNR margin offset. It accepts values in range -50 to +50 in 0.1 dB units. The SNR margin can thus be modified in range -5.0 to +5.0 dB in 0.1 dB steps. Currently this should only affect ADSL (not VDSL). It should be very easy to make this work also on VDSL lines, but since I couldn't test on VDSL lines this patch does not do that yet. I have also a patch for LUCI about this, that I could submit. Tested on FB3370 (Lantiq VR9) and Telecom Italia ADSL2+ line. Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
* libubox: update to latest lede-17.01 git HEADJo-Philipp Wich2018-01-071-3/+3
| | | | | | | | 1dafcd7 jshn: properly support JSON "null" type 6abafba jshn: read and write 64-bit integers cfc75c5 runqueue: fix use-after-free bug Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* fstools: backport fix from master branchRafał Miłecki2018-01-051-3/+3
| | | | | | 37762ff libfstools: support file paths longer than 255 chars Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* procd: update to latest git HEADHans Dedecker2018-01-041-3/+3
| | | | | | | 1883530 procd: Fix minor null pointer dereference. 9085551 procd: initd: fix path allocation in early_insmod Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "iptables: fix nftables compile issue (FS#711)"Hans Dedecker2018-01-021-20/+0
| | | | | | This reverts commit da126d557c6d1cfe19d3f93481af6e00631d7931 as the iptables patch does not apply cleanly. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iptables: fix nftables compile issue (FS#711)rektide de la faye2018-01-021-0/+20
| | | | | | | | | | | | | | | | Enabling IPTABLES_NFTABLES resulted in an error during build:# *** No rule to make target '../extensions/libext.a', needed by 'xtables-compat-multi'." Comments from Alexander Lochmann and Fedor Konstantinov in FS#711 provided fixes for this build error, allowing iptables to compile. https://bugs.lede-project.org/index.php?do=details&task_id=711. This commit updates the Makefile.am xtables_compat_multi_LDFLAGS and _LDADD, moving linking of extensions to LDFLAGS. Signed-off-by: rektide de la faye <rektide@voodoowarez.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* rpcd: backport version 2017-12-07 from masterDaniel Golle2018-01-011-3/+3
| | | | | | | | cfe1e75c91 sys: packagelist: allow listing all packages 74a784f037 sys: fix passwd path Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit 173edcdc9da55fbd7225c4baa7b03405dfc074cc on master)
* uci: update to HEAD of lede-17.01 branchJo-Philipp Wich2018-01-011-3/+3
| | | | | | | | | | Switch uci to the lede-17.01 branch which contains the following two commits cherry-picked from uci master: 141b64e lua: additionally return name when looking up sections 1e17f24 lua: support extended section notation Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iproute2: cake: fix patch format errorKevin Darbyshire-Bryant2017-12-302-16/+6
| | | | | | | Fix patch format error introduced in c4e9487cf5 Refresh patches to tidy fuzz Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iproute2: cake: support new operating modes for 17.01Kevin Darbyshire-Bryant2017-12-302-38/+118
| | | | | | | | | | | | | | | | | | | | There has been recent significant activity with the cake qdisc of late Some of that effort is related to upstreaming to kernel & iproute2 mainline but we're not quite there yet. This commit teaches tc how to activate and interprete the latest cake operating modes, namely: ingress mode: Instead of only counting packets that make it past the shaper, include packets we've decided to drop as well, since they did arrive with us on the link and took link capacity. This mode is more suitable for shaping the ingress of a link (e.g. from ISP) rather than the more normal egress. ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS. Useful in highly assymetric links (downstream v upstream capacity) where the majority of upstream link capacity is occupied with ACKS for downstream traffic. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kmod-sched-cake: bump to latest bake of cake for 17.01Kevin Darbyshire-Bryant2017-12-301-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | There has been recent significant activity with the cake qdisc of late but in the cobalt branch. Some of that effort is related to upstreaming to kernel & iproute2 mainline but we're not quite there yet. Relevant feature changes: ingress mode: Instead of only counting packets that make it past the shaper, include packets we've decided to drop as well, since they did arrive with us on the link and took link capacity. This mode is more suitable for shaping the ingress of a link (e.g. from ISP) rather than the more normal egress. ptm mode: Minor optimisation in packet overhead calculation. dual-src/dsthost/triple-isolate: Optimise only calculating src or dst host hashes only if required. ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS. Useful in highly assymetric links (downstream v upstream capacity) where the majority of upstream link capacity is occupied with ACKS for downstream traffic. A separate iproute2 patch to teach it about Cake's new features will follow. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* base-files: fix logic when to show failsafe bannerMatthias Schiffer2017-12-292-2/+2
| | | | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Fixes: 1c9299877be9 ("base-files: set FAILSAFE in /etc/profile when /tmp/.failsafe exists")
* base-files: set FAILSAFE in /etc/profile when /tmp/.failsafe existsMatthias Schiffer2017-12-292-2/+5
| | | | | | | Since dropbear clears the environment, FAILSAFE was not set as intended in failsafe mode. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* wireguard: bump to 20171221Kevin Darbyshire-Bryant2017-12-251-2/+2
| | | | | | | | | | | | | | | | 7e945a8 version: bump snapshot f2168aa compat: kernels < 3.13 modified genl_ops 52004fd crypto: compile on UML 6b69b65 wg-quick: dumber matching for default routes aa35d9d wg-quick: add the "Table" config option 037c389 keygen-html: remove prebuilt file No patch refresh required. Compile-test-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* wireguard: bump to 20171211Kevin Darbyshire-Bryant2017-12-152-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump to latest WireGuard snapshot release: 44f8e4d version: bump snapshot bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x 679e53a chacha20: avx512vl implementation 10b1232 poly1305: fix avx512f alignment bug 5fce163 chacha20poly1305: cleaner generic code 63a0031 blake2s-x86_64: fix spacing d2e13a8 global: add SPDX tags to all files d94f3dc chacha20-arm: fix with clang -fno-integrated-as. 3004f6b poly1305: update x86-64 kernel to AVX512F only d452d86 tools: no need to put this on the stack 0ff098f tools: remove undocumented unused syntax b1aa43c contrib: keygen-html for generating keys in the browser e35e45a kernel-tree: jury rig is the more common spelling 210845c netlink: rename symbol to avoid clashes fcf568e device: clear last handshake timer on ifdown d698467 compat: fix 3.10 backport 5342867 device: do not clear keys during sleep on Android 88624d4 curve25519: explictly depend on AS_AVX c45ed55 compat: support RAP in assembly 7f29cf9 curve25519: modularize dispatch Refresh patches. Compile-test-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* usbutils: Update usb.ids file to latestRosen Penev2017-12-131-3/+3
| | | | | Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit fc4e7bdca75f4d283374d3dfe0d0ac1cd4885612)
* hostapd: remove unused local var declarationLeon M. George2017-12-131-2/+0
| | | | | Signed-off-by: Leon M. George <leon@georgemail.eu> (cherry picked from commit 63462910ddb01d9a7391d793228767628aa65db2)
* hostapd: don't set htmode for wpa_supplicantLeon M. George2017-12-131-2/+0
| | | | | | | no longer supported Signed-off-by: Leon M. George <leon@georgemail.eu> (cherry picked from commit cc0847eda337f948f5ff6e75014aa88e48779677)
* libnl-tiny: use fixed message size instead of using the page sizeFelix Fietkau2017-12-131-6/+1
| | | | | | | Simplifies the code and reduces size Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit d5bcd0240a8f42a05ef31005a9a9dea848d3f7a8)
* packages: nvram: fix memory leak in _nvram_freeZhai Zhaoxuan2017-12-131-0/+4
| | | | | | | | The value of nvram_tuple_t is allocated in _nvram_realloc, but it is not freed in _nvram_free. Signed-off-by: Zhai Zhaoxuan <zhaizhaoxuan@xiaomi.com> (cherry picked from commit c382237ac33a787043b22abc42f0c5a80278baae)
* mac80211: don't pass the hostapd ctrl iface in adhocAntonio Quartulli2017-12-131-2/+8
| | | | | | | | Passing the ctrl iface to wpa_supplicant will automatically cause wpa_supplicant to send "STOP_AP" messages to the hostapd. This breaks the AP interfaces. Signed-off-by: Antonio Quartulli <ordex@autistici.org> (cherry picked from commit 0da54fa6428ea98d31b49f5d9a4a272214f5d188)
* hostapd: explicitly set beacon interval for wpa_supplicantSven Eckelmann2017-12-131-0/+1
| | | | | | | | | | | | | | | | The beacon_int is currently set explicitly for hostapd and when LEDE uses iw to join and IBSS/mesh. But it was not done when wpa_supplicant was used to join an encrypted IBSS or mesh. This configuration is required when an AP interface is configured together with an mesh interface. The beacon_int= line must therefore be re-added to the wpa_supplicant config. The value is retrieved from the the global variable. Fixes: 1a16cb9c67f0 ("mac80211, hostapd: always explicitly set beacon interval") Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Felix Fietkau <nbd@nbd.name> [rebase] (cherry picked from commit 772afef61dc68e2470f4da130fac862ccf2fb105)
* hostapd: set mcast_rate in mesh modeSven Eckelmann2017-12-131-0/+68
| | | | | | | | | | | | | | | | | | | The wpa_supplicant code for IBSS allows to set the mcast rate. It is recommended to increase this value from 1 or 6 Mbit/s to something higher when using a mesh protocol on top which uses the multicast packet loss as indicator for the link quality. This setting was unfortunately not applied for mesh mode. But it would be beneficial when wpa_supplicant would behave similar to IBSS mode and set this argument during mesh join like authsae already does. At least it is helpful for companies/projects which are currently switching to 802.11s (without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS because newer drivers seem to support 802.11s but not IBSS anymore. Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com> Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh] (cherry picked from commit 43f66943d0dbf0ed0ec2a9cb071d0fbded2fbe35)
* igmpproxy: remove firewall rules when service is stoppedHans Dedecker2017-12-132-1/+5
| | | | | | | | | | Remove multicast routing firewall rules when the igmpproxy is stopped by triggering a firewall config change. Keeping the firewall open from the wan for igmp and udp multicast is not desired when the igmpproxy service is inactive. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 31ebbe34ccc066c212ef20de0856ab3a428fb801)
* openvpn: add support to start/stop single instancesMartin Schiller2017-12-132-18/+37
| | | | | | Signed-off-by: Martin Schiller <ms@dev.tdt.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase) (cherry picked from commit e2f25e607d2092cffa45196e7997854feb464232)