aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* ppp: update to latest git HEADHans Dedecker2020-08-115-9/+9
| | | | | | | | | | | | 677aa53 Fix -W option for pppoe-discovery utility (#157) 115c419 Accept Malformed Windows Success Message (#156) 5bdb148 pppd: Add documentation of stop-bits option to pppd man page (#154) 2a7981f Add ipv6cp-accept-remote option 0678d3b pppd: Fix the default value for ipv6cp-accept-local to false Refresh patches Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* bintuils: Pack libctf-nobfd.so in additionHauke Mehrtens2020-08-101-2/+3
| | | | | | | | | | readelf is linked against this library on MIPS64BE This fixes a build problem on MIPS64BE. In addition also explicitly activate it in the configure command. Fixes: 60f595daab45 ("binutils: update to version 2.34") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Update to version 5.8Hauke Mehrtens2020-08-1010-374/+17
| | | | | | The removed patches were applied upstream. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uboot-envtools: ath79: add ZyXEL NBG6616 uboot env supportChristoph Krapp2020-08-101-1/+2
| | | | | | This adds support for ZyXEL NBG6616 uboot-env access Signed-off-by: Christoph Krapp <achterin@googlemail.com>
* treewide: make dependency on kmod-usb-net selectiveAdrian Schmutzler2020-08-101-1/+1
| | | | | | | | A bunch of kernel modules depends on kmod-usb-net, but does not select it. Make AddDepends/usb-net selective, so we can drop some redundant +kmod-usb-net definitions for DEVICE_PACKAGES. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* procd: add SELinux supportThomas Petazzoni2020-08-101-5/+6
| | | | | | | | | | | | | | | | | | This commit adds a patch to procd to support loading the SELinux policy early at boot time, and adjusts the procd package to use this SELinux support when libselinux is enabled. The procd patch has been submitted separately [1]: obviously the intent is to have it merged in the procd Git repository rather than have it in OpenWrt itself. [1] http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025791.html Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> [rebase, add commit message] Signed-off-by: W. Michael Petullo <mike@flyn.org> [split commit into openwrt.git and procd.git] Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* kernel: modules: add package kmod-iosched-bfqDaniel Golle2020-08-101-0/+14
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-envtools: ar71xx: add ZyXEL NBG6616 uboot env supportChristoph Krapp2020-08-091-0/+1
| | | | | | | | This adds support for ZyXEL NBG6616 uboot-env access Signed-off-by: Christoph Krapp <achterin@googlemail.com> [add "ar71xx" to commit title] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* mac80211: fix spurious disconnect issues with disassoc_low_ack=1 (default)Felix Fietkau2020-08-091-0/+116
| | | | | | | | | | mac80211 reports a packet loss event to user space when 50 consecutive packets were not acked. On a high throughput link with long aggregates and sudden link changes, this can trigger way too easily. Mitigate false positives by only triggering the event on a packet loss if no ACK was received for at least a second Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: exchange mesh 6GHz IE patch for upstream acceptedDavid Bauer2020-08-082-28/+64
| | | | | | | | | | Exchange the patch fixing the kernel ringbuffer WARNING flood for the one accepted upstream. Fixes commit a956c14d6aa4 ("mac80211: util: don't warn on missing sband iftype data") Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: recognize option "key" as alias for "auth_secret"Jo-Philipp Wich2020-08-072-2/+2
| | | | | | | | | | | | | | The hostapd configuration logic is supposed to accept "option key" as legacy alias for "option auth_secret". This particular fallback option failed to work though because "key" was not a registered configuration variable. Fix this issue by registering the "key" option as well, similar to the existing "server" nad "port" options. Ref: https://github.com/openwrt/openwrt/pull/3282 Suggested-by: Michael Jones <mike@meshplusplus.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: make "key" option optional if "wpa_psk_file" is providedJo-Philipp Wich2020-08-071-5/+5
| | | | | | | | | | | | | If an existing "wpa_psk_file" is passed to hostapd, the "key" option may be omitted. While we're at it, also improve the passphrase length checking to ensure that it is either exactly 64 bytes or 8 to 63 bytes. Fixes: FS#2689 Ref: https://github.com/openwrt/openwrt/pull/3283 Suggested-by: Michael Jones <mike@meshplusplus.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* exfat: add dependency on nls-baseDavid Bauer2020-08-071-0/+1
| | | | | | | | | | | | Add a dependency on kmod-nls-base for the new exfat driver. Otherwise the build fails on ramips and ath79 on kernel 5.4: Package kmod-fs-exfat is missing dependencies for the following libraries: nls_base.ko Fixes commit cd41234d2f63 ("exfat: add out of tree module") Signed-off-by: David Bauer <mail@david-bauer.net>
* om-watchdog: fix board name for teltonika,rut5xxAdrian Schmutzler2020-08-072-2/+2
| | | | | | | | | The board name is equivalent to the compatible, not the device definition. Fix it. Fixes: b4588c853838 ("kernel/om-watchdog: Apply device renames from ramips") Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* nat46: update to latest git HEADHans Dedecker2020-08-072-37/+3
| | | | | | | | 71e9f09 nat46-core: fix compilation with kernel 5.4 Remove 100-kernel-5.4-compat patch as upstream accepted Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: add wpad-basic-wolfssl variantPetr Štetiar2020-08-072-0/+16
| | | | | | | | | Add package which provides size optimized wpad with support for just WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w. Signed-off-by: Petr Štetiar <ynezz@true.cz> [adapt to recent changes, add dependency for WPA_WOLFSSL config] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* base-files: functions.sh: fix config_get() on invalid identifiersJo-Philipp Wich2020-08-072-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When passing a section or option value to config_get() which contains characters that happen to be valid variable interpolation expressions, the function returns a nonsensical expression result instead of the expected empty string. When the passed section or option name contains other characters which are not valid within a shell variable name, a substitution error is occuring instead. The issue can be easily reproduced by one of the following examples: root@OpenWrt:~# . /lib/functions.sh root@OpenWrt:~# config load system root@OpenWrt:~# config_get variable invalid-section option root@OpenWrt:~# echo "$variable" section_option:- root@OpenWrt:~# . /lib/functions.sh root@OpenWrt:~# config load system root@OpenWrt:~# config_get variable section invalid-option root@OpenWrt:~# echo "$variable" option:- root@OpenWrt:~# . /lib/functions.sh root@OpenWrt:~# config load system root@OpenWrt:~# config_get variable section invalid@option -ash: eval: syntax error: bad substitution Fix this issue by only performing interpolations when the given section and option arguments are free of illegal characters. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: abort when dnssec requested but not availableYousong Zhou2020-08-072-3/+7
| | | | | | | | | | | | | | | | | | | | | | Before this commit, if uci option "dnssec" was set, we pass "--dnssec" and friends to dnsmasq, let it start and decide whether to quit and whether to emit message for diagnosis # dnsmasq --dnssec; echo $? dnsmasq: DNSSEC not available: set HAVE_DNSSEC in src/config.h 1 DNSSEC as a feature is different from others like dhcp, tftp in that it's a security feature. Better be explicit. With this change committed, we make it so by not allowing it in the first in the initscript, should dnsmasq later decides to not quit (not likely) or quit without above explicit error (unlikely but less so ;) So this is just being proactive. on/off choices with uci option "dnssec" are still available like before Link: https://github.com/openwrt/openwrt/pull/3265#issuecomment-667795302 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* Revert "dsaconfig: introduce package for UCI configuration of VLAN filter rules"Jo-Philipp Wich2020-08-064-364/+0
| | | | | | | | This reverts commit 96b87196b0788d4cdaa81a49a65d198d9f6c90d2. This commit was not meant to go into master. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Revert "add vfconfig"Jo-Philipp Wich2020-08-064-292/+0
| | | | | | | | This reverts commit 34553e8cc9ad4530d3f52c3423e5c52fdacac539. This commit was not meant to go into master. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to git HEADDaniel Golle2020-08-061-3/+3
| | | | | | | | | | | | | 47a9f0d service: add method to query available container features afbaba9 initd: attempt to mount cgroup2 ead60fe jail: use pidns semantics also for timens 759e9f8 jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits 83053b6 instance: add instances into unified cgroup hierarchy 16159bb jail: parse OCI cgroups resources 282ff0c jail: only free cgroups if they were allocated ab55357 jail: fix freeing cgroups avl Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "procd: update to git HEAD"Daniel Golle2020-08-062-17/+3
| | | | | | This reverts commit e0e607f0d000e62c6af8d822d7c3f57c2a582136. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ath79/nand: add support for Netgear WNDR4300TNDavy Hollevoet2020-08-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds support for the WNDR4300TN, marketed by Belgian ISP Telenet. The hardware is the same as the WNDR4300 v1, without the fifth ethernet port (WAN) and the USB port. The circuit board has the traces, but the components are missing. Specifications: * SoC: Atheros AR9344 * RAM: 128 MB * Flash: 128 MB NAND flash * WiFi: Atheros AR9580 (5 GHz) and AR9344 (2.4 GHz) * Ethernet: 4x 1000Base-T * LED: Power, LAN, WiFi 2.4GHz, WiFi 5GHz, WPS * UART: on board, to the right of the RF shield at the top of the board Installation: * Flashing through the OEM web interface: + Connect your computer to the router with an ethernet cable and browse to http://192.168.0.51/ + Log in with the default credentials are admin:password + Browse to Advanced > Administration > Firmware Upgrade in the Telenet interface + Upload the Openwrt firmware: openwrt-ath79-nand-netgear_wndr4300tn-squashfs-factory.img + Proceed with the firmware installation and give the device a few minutes to finish and reboot. * Flashing through TFTP: + Configure your wired client with a static IP in the 192.168.1.x range, e.g. 192.168.1.10 and netmask 255.255.255.0. + Power off the router. + Press and hold the RESET button (the factory reset button on the bottom of the device, with the gray circle around it, next to the Telenet logo) and turn the router on while keeping the button pressed. + The power LED will start flashing orange. You can release the button once it switches to flashing green. + Transfer the image over TFTP: $ tftp 192.168.1.1 -m binary -c put openwrt-ath79-nand-netgear_wndr4300tn-squashfs-factory.img Signed-off-by: Davy Hollevoet <github@natox.be> [use DT label reference for adding LEDs in DTSI files] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* procd: update to git HEADDaniel Golle2020-08-062-3/+17
| | | | | | | | | | | 47a9f0d service: add method to query available container features afbaba9 initd: attempt to mount cgroup2 ead60fe jail: use pidns semantics also for timens 759e9f8 jail: make use of BLOBMSG_CAST_INT64 for OCI rlimits 83053b6 instance: add instances into unified cgroup hierarchy 16159bb jail: parse OCI cgroups resources Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libubox: update to git HEADDaniel Golle2020-08-061-3/+3
| | | | | | 9e52171 blobmsg: introduce BLOBMSG_CAST_INT64 Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mac80211: merge performance improvement patchesFelix Fietkau2020-08-063-0/+260
| | | | | | | Fix fq_codel performance issues Add a new rx function for batch processing Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix AQL issuesFelix Fietkau2020-08-062-0/+112
| | | | | | | - Remove bogus STA txq pending airtime underflow warning - Improve tx airtime estimation for A-MPDU traffic Signed-off-by: Felix Fietkau <nbd@nbd.name>
* binutils: update to version 2.34Felix Fietkau2020-08-063-1329/+19
| | | | | | Fixes perf on aarch64 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mt76: update to 2020-07-22Felix Fietkau2020-08-061-5/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7bc58ca2b375 mt76: add missing lock configuring coverage class 43febd452110 mt76: mt7615: fix lmac queue debugsfs entry 0b9975254694 mt76: mt7615: fix hw queue mapping 4058595e146e mt76: overwrite qid for non-bufferable mgmt frames 49c7131dd0c5 mt76: mt76x02: do not access uninitialized NAPI structs f185d90ec51c update mt7915 firmware to the latest version 0ed6a335ebc2 mt76: mt7615: re-enable offloading of sequence number assignment 2a52eabbddc5 mt76: usb: rely on mt76_for_each_q_rx 90fc1d8614e1 mt76: mt7663: introduce ARP filter offload b57223dd01b9 mt76: mt7615: fix up typo in Kconfig for MT7663U ec4057d685c0 mt76: add script for generating single-sku device tree data 769b030de636 mt76: add functions for parsing rate power limits from DT 1d2aedb248d0 mt76: extend DT rate power limits to support 11ax devices a3e17ff8e624 mt76: mt7615: implement support for using DT rate power limits a48a4ae32d48 mt76: allow more channels, allowed in ETSI domain 869ba618ef54 mt76: fix include in pci.h b1ddec840aa4 mt76: rely on register macros d6d9a7ea428d mt76: add U-APSD support on AP side ee13b78367db mt76: mt7615: fix EEPROM buffer size 82a94173b162 mt76: mt7915: add missing CONFIG_MAC80211_DEBUGFS c0dbbd930d32 mt76: mt7615: add .set_tsf callback 84d54df76996 mt76: mt7915: add a fixed AC queue mapping dacc2d29672d mt76: mt7915: add MU-MIMO support 1ce4660a0ea3 mt76: mt7915: use ieee80211_tx_queue_params to avoid open coded 53891242a682 mt76: mt7915: add support for DT rate power limits b3a4d78914f6 mt76: mt7915: rework the flow of txpower setting c6ea163c019b mt76: mt7915: directly read per-rate tx power from registers 8ae83adc73a8 mt76: mt7915: overwrite qid for non-bufferable mgmt frames 740b0bfdf279 mt76: mt76x2e: rename routines in pci.c b5eee1b52234 mt76: mt7615: schedule tx tasklet and sta poll on mac tx free 72f34107248e mt76: mt7615: add support for accessing mapped registers via bus ops 46bc8a0b5347 mt76: mt7615: add support for accessing RF registers via MCU 882cec420609 mt76: mt7615: use full on-chip memory address for WF_PHY registers b1ddb8e35ca2 mt76: vif_mask to struct mt76_phy 3a1ea7287eb2 mt76: add API for testmode support d7467bc018e5 mt76: mt7615: implement testmode support 3ea5da1639fe add utility for using testmode support 6789a2db7246 mt7615: fix getting wideband RSSI in test mode 7941217ffe46 mt76: mt7915: remove unused parameters in mt7915_puts_rate_txpower() 13ab1d648684 mt76: mt7915: update HE capabilities 3f0e66dc25de mt76: mt76x2: fix pci suspend/resume on mt7612e c605f2b6940b mt76: mt76x2u: enable HC-M7662BU1 ca2b797ee52d mt76: mt7915: avoid memcpy in rxv operation dad3f93e8f6a mt76: mt7615: avoid polling in fw_own for mt7663 ec303bfad299 mt76: move mt76 workqueue in common code 0bf82270568a mt76: mt7615: add mt7615_pm_wake utility routine 091e9b5df6af mt76: mt7615: introduce mt7615_mutex_{acquire,release} utilities e3850966d74c mt76: mt7615: wake device before accessing regmap in debugfs e6dcb71d7992 mt76: mt7615: wake device before configuring hw keys 050f8cd9cbe7 mt76: mt7615: introduce pm_power_save delayed work 56779a6c7dec mt76: mt7615: wake device in mt7615_update_channel before access regmap b0bcdd66ccaa mt76: mt7615: acquire driver_own before configuring device for suspend 58369fdce235 mt76: mt7615: wake device before performing freq scan 2c188db1f7c7 mt76: mt7615: add missing lock in mt7615_regd_notifier 6fdb20a025eb mt76: mt7615: run mt7615_mcu_set_wmm holding mt76 mutex 36a789c00e4f mt76: mt7615: run mt7615_mcu_set_roc holding mt76 mutex b8cdce45c131 mt76: mt7615: wake device before pulling packets from mac80211 queues 82e8e0525d6c mt76: mt7615: wake device before pushing frames in mt7615_tx 65ccc40c14e1 mt76: mt7615: run mt7615_pm_wake in mt7615_mac_sta_{add,remove} 2107caf92e71 mt76: mt7615: check MT76_STATE_PM flag before accessing the device 28a2f5fa6eed mt76: mt7615: do not request {driver,fw}_own if already granted 94519eac69c3 mt76: mt7615: add runtime-pm knob in mt7615 debugfs ccc90dafea66 mt76: mt7615: enable beacon hw filter for runtime-pm 29f2bebe1a1e mt76: mt7615: add idle-timeout knob in mt7615 debugfs 58057d1f232b mt76: mt7615: improve mt7615_driver_own reliability a873b7c8e3de mt76: mt7663u: sync probe sampling with rate configuration b469c59c616c mt76: mt7615: avoid scheduling runtime-pm during hw scan f1ff52acb6a7 mt76: mt7615: reschedule ps work according to last activity 1f670a534451 mt76: mt7663u: fix memory leak in set key afff00ad2b60 mt76: mt7663u: fix potential memory leak in mcu message handler 4c9309f47ddf mt76: mt7615: fix potential memory leak in mcu message handler 379445b4aa7f mt76: mt7915: potential array overflow in mt7915_mcu_tx_rate_report() 750797b61ba8 mt76: fix copy&paste error in mt76_testmode_cmd f9a7a2f7dbc2 testmode: fix setting tx_power 1641aa201682 mt76: mt7615: fix mt7615_mcu_set_test_param set non-bool parameters 6838d002f9de mt76: mt7615: fix tx_frames setup 8c0a25d6a38c mt76: mt7615: take into account sdio bus configuring txwi c0cbef79eb45 mt76: mt76u: add mt76_skb_adjust_pad utility routine 98412356c959 mt76: mt7615: sdio code must access rate/key regs in preocess context fa16627d7e3a mt76: mt7615: introduce mt7663-usb-sdio-common module bf88e70c7a68 mt76: introduce mt76_sdio module aa97be8e02de mt76: mt7615: introduce mt7663s support 1eb8b7d689a3 mt76: testmode: fix tx_done accounting on enqueue failures 632ce698e8ee mt76: mt7615: fix antenna settings for test mode 4d2f622190b6 mt76: mt76s: move queue accounting in mt76s_tx_queue_skb 9a3723c8febc mt76: mt7915: fix potential memory leak in mcu message handler 88fa973f59c2 mt76: mt7615: fix possible memory leak in mt7615_mcu_wtbl_sta_add 2fff7d77befd mt76: mt76u: add missing release on skb in __mt76x02u_mcu_send_msg b5df0fbb1847 mt7615: update firmware to version 20200629 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: make cfg80211 testmode support optional (and disabled by default)Felix Fietkau2020-08-061-1/+16
| | | | | | | Testmode commands are typically only used for manufacturing or vendor specific debugging features, so they should not be in the default image Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openvpn: fix arguments passing to wrapped up and down scriptsJo-Philipp Wich2020-08-062-2/+3
| | | | | | | | | | | | | With the introduction of the generic OpenVPN hotplug mechanism, wrapped --up and --down scripts got the wrong amount and order of arguments passed, breaking existing configurations and functionality. Fix this issue by passing the same amount of arguments in the same expected order as if the scripts were executed by the OpenVPN daemon directly. Ref: https://github.com/openwrt/openwrt/pull/1596#issuecomment-668935156 Fixes: 8fe9940db6 ("openvpn: add generic hotplug mechanism") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* add vfconfigJo-Philipp Wich2020-08-064-0/+292
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dsaconfig: introduce package for UCI configuration of VLAN filter rulesJo-Philipp Wich2020-08-064-0/+364
| | | | | | | | | | | | | | This package provides the necessary files to translate `config dsa_vlan` and `config dsa_port` sections of `/etc/config/network` into appropriate bridge vlan filter rules. The approach of the configuration is to bridge all DSA ports into a logical bridge device, called "switch0" by default, and to set VLAN port membership, tagging state and PVID as specified by UCI on each port and on the switch bridge device itself, allowing logical interfaces to reference port VLAN groups by using "switch0.N" as ifname, where N denotes the VLAN ID. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: update to the latest masterRafał Miłecki2020-08-051-3/+3
| | | | | | | | | | 212f836 ubus: rename JSON-RPC format related functions 628341f ubus: use local "blob_buf" in uh_ubus_handle_request_object() 9d663e7 ubus: use BLOBMSG_TYPE_UNSPEC for "params" JSON attribute 77d345e ubus: drop unused "obj" arguments 8d9e1fc ubus: parse "call" method params only for relevant call Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* wireguard: bump to 1.0.20200729Jason A. Donenfeld2020-08-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | * compat: rhel 8.3 beta removed nf_nat_core.h * compat: ipv6_dst_lookup_flow was ported to rhel 7.9 beta This compat tag adds support for RHEL 8.3 beta and RHEL 7.9 beta, in addition to RHEL 8.2 and RHEL 7.8. It also marks the first time that <https://www.wireguard.com/build-status/> is all green for all RHEL kernels. After quite a bit of trickery, we've finally got the RHEL kernels building automatically. * compat: allow override of depmod basedir When building in an environment with a different modules install path, it's not possible to override the depmod basedir flag by setting the DEPMODBASEDIR environment variable. * compat: add missing headers for ip_tunnel_parse_protocol This fixes compilation with some unusual configurations. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* package: replace remaining occurrences of ifconfig with ipAdrian Schmutzler2020-08-032-4/+4
| | | | | | | | ifconfig is effectively deprecated for quite some time now. Let's replace the remaining occurrences for packages by the corresponding ip commands now. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* openvpn: revise sample configurationMagnus Kroken2020-08-011-8/+75
| | | | | | | | | | | | | | Update the openvpn sample configurations to use modern options in favor of deprecated ones, suggest more sane default settings and add some warnings. * Add tls_crypt and ncp_disable to the sample configuration * Replace nsCertType with remote_cert_tls in client sample configuration * Comment out "option compress", compression should not be preferred * Advise 2048-bit Diffie-Hellman parameters by default * Add warnings about compression and use of Blowfish (BF-CBC) Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* uboot-envtools: ath79: add support for the Nanostation M (XM)Rui Salvaterra2020-08-011-0/+1
| | | | | | Tested on an AirGrid M2 (AG‑HP‑2G16). Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* wireguard-tools: allow compiling with MIPS16 instructionsRui Salvaterra2020-08-011-1/+0
| | | | | | | | | | | | | | | The wg utility compiles and runs without issues in MIPS16 mode, despite setting PKG_USE_MIPS16:=0 in the makefile. Let's remove this, allowing for a substantial size reduction of the wg executable. Since wg is a just a configuration utility, it shouldn't be performance-critical, as the crypto heavy-lifting is done on the kernel side. wg sizes for both modes: MIPS32: 64309 bytes MIPS16: 42501 bytes Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* exfat: add out of tree moduleRosen Penev2020-08-012-0/+77
| | | | | | | | | | | | | | | | | | | | | | | | | >From an email conversation with the person responsible for upstreaming the exFAT driver, it seems the staging one in kernel 5.4 is not so good. Excerpts below. Namjae Jeon: Hm... exfat in 5.4 kernel that we did crap shit long time ago is contributed by someone who we don't know. This version is unstable and low quality code. We have been improving it continuously. and staging version exfat is removed from linux 5.7 kernel. linux exfat oot version is a backport of exfat in linux 5.7 kernel to support lower version kernel, and it is a real. You can see the patch history fro linux-exfat-oot. this version support timezone and boot sector verification feature newly. and better filesystem structure and much clean code quality that reviewed by high profile kernel developers. and add many bug fixes. And this version is officially maintained by me and kernel guys. I would not recommend to use staging exfat version. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* staging: remove staging exfat driverRosen Penev2020-08-011-24/+0
| | | | | | This will be replaced with the driver found in newer kernels. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* mac80211: don't kill wireless daemon on teardownDavid Bauer2020-07-311-2/+0
| | | | | | | | Don't kill the wireless daemon on teardown. hostapd as well as wpa_supplicant are managed by procd which would detect the shutdown of either process as a crash loop. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: fix incorrect service nameDavid Bauer2020-07-312-2/+2
| | | | | | | | | | | | | | When retrieving the PID for hostapd and wpa_supplicant via ubus the wrong service name is currently used. This leads to the following error in the log: netifd: radio0 (1409): WARNING (wireless_add_process): executable path /usr/sbin/wpad does not match process path (/proc/exe) Fixing the service name retrieves the correct PID and therefore the warning won't occur. Signed-off-by: David Bauer <mail@david-bauer.net>
* kirkwood: use real model names for Linksys devicesAdrian Schmutzler2020-07-311-2/+3
| | | | | | | | | | | | This replaces the internal device names "Audi" and "Viper" with the real model names, which a user would look for. This makes the Linksys devices on this target consistent with the names recently changed for mvebu based on the same idea. As a consequence, the "viper" device definition is split into two separate definitions with the correct names for both real models. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* base-files: mount bpffs at bootTony Ambardar2020-07-312-1/+2
| | | | | | | | | | Explicitly mount the BPF filesystem if available. This is used for pinning eBPF programs and maps, making them accessible to other eBPF programs or from userspace with the help of libbpf or bpftool. Signed-off-by: Tony Ambardar <itugrok@yahoo.com> [daniel@makrotopia.org: bumped PKG_RELEASE] Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: reorganize config selection hierarchy for WPA3Adrian Schmutzler2020-07-311-16/+18
| | | | | | | | | | | | | | | | | | The current selection of DRIVER_MAKEOPTS and TARGET_LDFLAGS is exceptionally hard to read. This tries to make things a little easier by inverting the hierarchy of the conditions, so SSL_VARIANT is checked first and LOCAL_VARIANT is checked second. This exploits the fact that some of the previous conditions were unnecessary, e.g. there is no hostapd-mesh*, so we don't need to exclude this combination. It also should make it a little easier to see which options are actually switched by SSL_VARIANT and which by LOCAL_VARIANT. The patch is supposed to be cosmetic. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* base-files: fwtool: make compat_version backward compatibleAdrian Schmutzler2020-07-311-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So far, the compatibility mechanism only works if both device and image are already updated to the new routines. This patch extends the sysupgrade metadata and fwtool_check_image() to account for "older" images as well: The basic mechanism for older devices to check for image compatibility is the supported_devices entry. This can be exploited by putting a custom message into this variable of the metadata, so older FW will produce a mismatch and print the message as it thinks it's the list of supported devices. So, we have two cases: device 1.0, image 1.0: The metadata will just contain supported_devices as before. device 1.0, image 1.1: The metadata will contain: "new_supported_devices":["device_string1", "device_string2", ...], "supported_devices":["Image version 1.1 incompatible to device: ..."] If the device is "legacy", i.e. does not have the updated fwtool.sh, it will just fail with image check and print the content of supported_devices. If DEVICE_COMPAT_MESSAGE is set, this will be printed on old devices as well through the same mechanism. Otherwise a generic "Please check documentation ..." is appended. Upgrade can still be performed with -F like when SUPPORTED_DEVICES has been removed to prevent bricking. If the device has updated fwtool.sh (but is 1.0), it will just use the new_supported_devices instead, and work as intended (flashing with -n will work, flashing without will print the appropriate warning). This mechanism should provide a fair tradeoff between simplicity and functionality. Since we touched a lot of fields in metadata, this also bumps metadata_version to 1.1. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* base-files: fwtool: implement compatibility check for imagesAdrian Schmutzler2020-07-311-1/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We regularly encounter the situation that devices are subject to changes that will make them incompatible to previous versions. Removing SUPPORTED_DEVICES will not really be helpful in most of these cases, as this only helps after a rename. To solve this situation, this patchset introduces a compatibility version for devices. In this patch, the actual checks are implemented into fwtool_check_image(): If an incompatible change is introduced, one can increase either the minor version (1.0->1.1) or the major version (1.0->2.0). Minor version increment: This will still allow sysupgrade, but require to reset config (-n or SAVE_CONFIG=0). If sysupgrade is called without -n, a corresponding message will be printed. If sysupgrade is called with -n, it will just pass, with supported devices being checked as usual. (Which will allow us to add back SUPPORTED_DEVICES for many cases.) Major version increment: This is meant for potential (rare) cases where sysupgrade is not possible at all, because it would break the device. In this case, a warning will be printed, and -n won't help. If image check fails because of one of the versions parts not matching, the content of DEVICE_COMPAT_MESSAGE is printed in addition to the generic message (if set). For both cases, upgrade can still be forced with -F as usual. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* base-files: add support for compat_version on deviceAdrian Schmutzler2020-07-312-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We regularly encounter the situation that devices are subject to changes that will make them incompatible to previous versions. Removing SUPPORTED_DEVICES will not really be helpful in most of these cases, as this only helps after a rename. To solve this situation, this patchset introduces a compatibility version for devices. To complement the DEVICE_COMPAT_VERSION set for the image to be flashed, this implements a compat_version on the device, so it will have something to compare with the image. The only viable way to achieve this seems to be via board.d files, i.e. this is technically adding a compat version for the device's config. Like for the network setup, this will set up a command ucidef_set_compat_version to set the compat_version in board.d. This will then add a string to /etc/board.json, which will be translated into uci system config by bin/config_generate. By this, the compat_version, being a version of the config, will also be exposed to the user. As with DEVICE_COMPAT_VERSION, missing uci entry will be assumed as compat_version "1.0", so we only need to add this if a device needs to be bumped, e.g. ucidef_set_compat_version "1.1" Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* procd: update to git HEADDaniel Golle2020-07-301-3/+3
| | | | | | | 28be011 instance: make sure values are not inherited from previous runs 2ae5cbc uxc: remove debugging left-over Signed-off-by: Daniel Golle <daniel@makrotopia.org>