aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/utils
Commit message (Collapse)AuthorAgeFilesLines
* iptables: fix nftables compile issue (FS#711)rektide de la faye2017-12-291-0/+20
| | | | | | | | | | | | | | | | Enabling IPTABLES_NFTABLES resulted in an error during build:# *** No rule to make target '../extensions/libext.a', needed by 'xtables-compat-multi'." Comments from Alexander Lochmann and Fedor Konstantinov in FS#711 provided fixes for this build error, allowing iptables to compile. https://bugs.lede-project.org/index.php?do=details&task_id=711. This commit updates the Makefile.am xtables_compat_multi_LDFLAGS and _LDADD, moving linking of extensions to LDFLAGS. Signed-off-by: rektide de la faye <rektide@voodoowarez.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* layerscape: fix package downloadHauke Mehrtens2017-12-211-2/+2
| | | | | | | | | | | | | | | | The git hash was changed for multiple layerscape packages without changing the version number. The LEDE build system will not download the packages again if the old version is already there and so some people and the build bots are using wrong version of some packages. Use PKG_SOURCE_DATE instead of PKG_VERSION to generate packages with the date and the first charterers of the git hash. This will change the file name and make the build system download them again, also if in future the git hash is changed the file name will change and trigger a new download. This should fix a problem spotted by build bot. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* xtables-addons: fix compile with kernel 4.14Hauke Mehrtens2017-12-161-0/+9
| | | | | | This fixes a compile problems seen with kernel 4.14. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* xtables-addons: update to version 2.14Hauke Mehrtens2017-12-161-2/+2
| | | | | | This includes a compile fix needed for kernel 4.14. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iproute2: cake: support new operating modesKevin Darbyshire-Bryant2017-12-152-50/+129
| | | | | | | | | | | | | | | | | | | | There has been recent significant activity with the cake qdisc of late Some of that effort is related to upstreaming to kernel & iproute2 mainline but we're not quite there yet. This commit teaches tc how to activate and interprete the latest cake operating modes, namely: ingress mode: Instead of only counting packets that make it past the shaper, include packets we've decided to drop as well, since they did arrive with us on the link and took link capacity. This mode is more suitable for shaping the ingress of a link (e.g. from ISP) rather than the more normal egress. ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS. Useful in highly assymetric links (downstream v upstream capacity) where the majority of upstream link capacity is occupied with ACKS for downstream traffic. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* merge: packages: update branding in core packagesZoltan HERPAI2017-12-081-1/+1
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* iproute2: align ip help text for tiny variantHans Dedecker2017-12-061-1/+18
| | | | | | | | Tiny variant supports a subset of the ip commands; align the ip help text so it actually reflects which commands are supported in the tiny variant. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: update to v4.14.1Russell Senior2017-12-0610-66/+64
| | | | | | | Preserves optionality of libmnl by letting configuration script follow the HAVE_MNL environment variable. Signed-off-by: Russell Senior <russell@personaltelco.net>
* curl: bump to 7.57.0 (3 CVEs)Hans Dedecker2017-11-302-4/+4
| | | | | | | | | | CVE-2017-8816: NTLM buffer overflow via integer overflow CVE-2017-8817: FTP wildcard out of bounds read CVE-2017-8818: SSL out of buffer access For other bugfixes and changes in 7.57.0 see https://curl.haxx.se/changes.html Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kmod-sched-cake: update to latest git HEADFushan Wen2017-11-251-18/+21
| | | | | | | | | | dfb2f6c pkt_sched: make compile again 5ab7026 sch_cake: make compile again 6f28803 codel5: make more checkpatch compliant bd426aa Fix build error on 4.12 e4a3628 Whitespace tidy up Signed-off-by: Fushan Wen <qydwhotmail@gmail.com>
* add PKG_CPE_ID ids to package and toolsAlexander Couzens2017-11-177-0/+7
| | | | | | | | | | | CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Thanks to swalker for CPE to package mapping and keep tracking CVEs. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* layerscape: add restool packageYangbo Lu2017-11-1013-0/+794
| | | | | | | | restool is a user space application providing the ability to dynamically create and manage Layerscape DPAA2 containers and objects from Linux. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* netfilter, iptables: add optional CHECKSUM moduleDenis Osvald2017-11-061-0/+10
| | | | Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
* iwinfo: add "PKG_MIRROR_HASH" to the MakefileArjun AK2017-11-061-0/+1
| | | | | | | Defining it will let the build tool download the tarball file from a buildbot server, avoiding a clone of the source repo. Signed-off-by: Arjun AK <lede@arjunak.com>
* iperf3: update to 3.3 and refresh patchesPhilip Prindeville2017-10-314-60/+302
| | | | | | Taking the same patchset I've submitted upstream for inclusion. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* uqmi: replace legacy command invoke with newer typeKoen Vandeputte2017-10-241-7/+7
| | | | Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* uqmi: also try newer pin verificationKoen Vandeputte2017-10-241-1/+1
| | | | | | | | | Newer devices tend to only support the newer version of the pin verification command, so also try that one. Fixes PIN issues with modems like the Sierra Wireless MC7455 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* curl: bump to 7.56.1Hans Dedecker2017-10-293-41/+5
| | | | | | | | | | | Refresh patches Remove 320-curl-confopts.m4-fix-disable-threaded-resolver.patch as integrated upstream See https://curl.haxx.se/changes.html for the bugfixes in 7.56.0 and 7.56.1 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* build: use KERNEL_MAKE_FLAGS for kernel file compilationsKarl Vogel2017-10-291-4/+2
| | | | | | | The build system already defines KERNEL_CROSS which defaults to TARGET_CROSS. Make use of this variable for kernel makefiles. Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
* iptables: Fix target TRACE issueMartin Wetterwald2017-10-271-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | The package kmod-ipt-debug builds the module xt_TRACE, which allows users to use '-j TRACE' as target in the chain PREROUTING of the table raw in iptables. The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so that this feature which is implemented deep inside the linux IP stack (for example in sk_buff) is compiled. But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which fails as this dynamic library is not present on the system. I created the package iptables-mod-trace which takes care of that, and target TRACE now works! https://dev.openwrt.org/ticket/16694 https://dev.openwrt.org/ticket/19661 Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com> [Jo-Philipp Wich: also remove trace extension from builtin extension list and depend on kmod-ipt-raw since its required for rules] Signed-off-by: Jo-Philipp Wich <jo@mein.io> Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
* libs/libnl: Update to 3.3.0Daniel Engberg2017-10-151-0/+44
| | | | | | | | | | Update libnl to 3.3.0 Import patches to fix compilation Source: https://git.busybox.net/buildroot/tree/package/libnl Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287 Use more automatic toolchain logic Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* wpan-tools: add the wpan-ping to test the 6LoWPAN networkYunhui Fu2017-10-151-0/+1
| | | | | | | This patch adds the help tool wpan-ping to test the 6LoWPAN network to help the user debug network problem. Signed-off-by: Yunhui Fu <yhfudev@gmail.com>
* iproute2: bump to 4.13Hans Dedecker2017-10-1311-38/+51
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* net: uqmi: fix blocking in endless loops when unplugging deviceAlexandru Ardelean2017-10-091-0/+2
| | | | | | | | | | | If you unplug a QMI device, the /dev/cdc-wdmX device disappears but uqmi will continue to poll it endlessly. Then, when you plug it back, you have 2 uqmi processes, and that's bad, because 2 processes talking QMI to the same device [and the same time] doesn't seem to work well. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* conntrack-tools: switch to gitStijn Tintel2017-10-091-7/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There have been a number of interesting fixes in conntrack-tools since the current latest release. Most notable is that this fixes IPv6 conntrack table syncing when cross-compiling conntrack-tools. 7e7748d src/main: refresh help message fe32043 conntrackd.8: refresh file 47a4dda conntrackd.8: add reference to systemd 0cfe7ff doc/manual: include some bits about init systems 74a418b conntrackd: cthelper: ftp: Set match offset/len for PORT mangling d833bed conntrackd: cthelper: ftp: Fix debug print dd4b5a1 conntrackd: cthelper: Add new mdns helper 498d698 Link nfct and helper modules with `-z lazy` 9e94e85 sync-mode: print errno message on failure ab81c35 log: print messages to stdout/sderr if running in console mode 631d92b log: introduce a mechanism to know if log was initialized ccb1c8b conntrackd: replace error reporting in the config parser with dlog() bee121e conntrackd: replace fprintf calls with dlog() 5a51b04 conntrack-tools: update Arturo Borrero Gonzalez email address abb9984 helper: remove copy and paste from uapi kernel header a91a004 src: add log message when resync is requested by other node c2d8be1 systemd: fix missing log.h include f6ca216 config: drop old/obsolete/deprecated conntrackd.conf config options 8b83771 conntrack: send mark filter to kernel iff set 1ba5e76 conntrackd: cthelper: Don't leak nat_tuple 832166d conntrackd: cthelper: Free pktb after use ff843bc conntrackd: config: Do not strdup() tokens b61c454 conntrackd: cthelper: ssdp: Track UPnP eventing 8ea394e conntrackd: Remove obsolete rule to catch ambiguous Checksum option 39398cd conntrackd: CommitTimeout breaks DisableExternalCache set On 29b390a conntrack: Support IPv6 NAT 381827a conntrackd: factorice tx_queue functions 131df89 conntrackd: factorize resync operations d31bacc conntrackd: consolidate more code to use resync_send() 3d98496 conntrackd: request resync at startup ef410bf conntrackd: remove use of HAVE_INET_PTON_IPV6 9d38445 conntrackd: evaluate configuration earlier 6feded7 conntrackd: cleanup if failed forking dbfdea7 conntrackd: deprecate unix backlog configuration 210f542 conntrackd: make the daemon run in RT mode by default 37cc7f0 conntrackd: remove warning for -S d2849d1 conntrack: Show multiple CPUs stats from proc bc0b49a conntrackd: cthelper: ssdp: fix build with musl 0c77a25 tests: don't fail on modprobe since the driver might be built-in eefe649 conntrack.8: refresh manpage Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* treewide: switch git.netfilter.org to HTTPSStijn Tintel2017-10-083-3/+3
| | | | | | | As git.netfilter.org seems to support HTTPS, use that instead of HTTP which is insecure, or GIT which is blocked on many corporate networks. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* curl: add nghttp2 supportHans Dedecker2017-10-072-2/+9
| | | | | | Add config option support for nghttp2 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* mac80211: update to backports-4.14-rc2Hauke Mehrtens2017-10-011-25/+382
| | | | | | | | | | | | | | | | | | | | This updates mac80211 to backprots-4.14-rc2. This was compile and runtime tested with ath9k, ath10k and b43 with multiple stations and ieee80211w and in different scenarios by many other people. To create the backports-4.14-rc2-1.tar.xz use this repository: https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git from tag v4.14-rc2-1 Then run this: ./gentree.py --git-revision v4.14-rc2 --clean <path to linux repo> ../backports-4.14-rc2-1 This also adapts the ath10k-ct and mt76 driver to the changed cfg80211 APIs and syncs the nl80211.h file in iw with the new version from backports-4.14-rc2. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iw: fix build on musl hostStijn Tintel2017-09-291-2/+1
| | | | | | | | | | | The empty version.sh script causes a problem when run by make: make[3]: /usr/bin/env bash: Shell program not found Adding a shebang line in version.sh seems to solve it. Fixes FS#977. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* curl: fix disable threaded resolverHans Dedecker2017-09-271-0/+36
| | | | | | | | | | | Bump to 7.55.1 broke the disable threaded resolver feature as reported in https://github.com/curl/curl/issues/1784. As a result curl is always compiled with the threaded resolver feature enabled which causes a dependency issue on pthread for uclibc. Fix this issue by backporting the upstream curl commit which fixes disable threaded resolver. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ipset: replace patch that was reverted upstreamStijn Tintel2017-09-262-31/+25
| | | | | | Use the correct prefix for backports while at it. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ipset: bump to 6.34Stijn Tintel2017-09-252-3/+34
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* curl: bump to 7.55.1Stijn Tintel2017-09-253-11/+11
| | | | | | | | | | | | Update 200-no_docs_tests.patch. Refresh patches. Fixes the following CVEs: - CVE-2017-1000099 - CVE-2017-1000100 - CVE-2017-1000101 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* iperf: bump to 2.0.10Stijn Tintel2017-09-251-9/+4
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* tcpdump: noop commit to refer CVEs fixed in 4.9.2Stijn Tintel2017-09-181-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed CVEs in the commit message. As the list of fixed CVEs is quite long, we should probably mention them in the changelogs of the releases to come. This commit will make sure this happens. The following CVEs were fixed in 21014d9708d586becbd62da571effadb488da9fc: CVE-2017-11541 CVE-2017-11541 CVE-2017-11542 CVE-2017-11542 CVE-2017-11543 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* cyassl,curl,libustream-ssl: rename every `cyassl` to `wolfssl`Alexandru Ardelean2017-09-172-5/+5
| | | | | | | | | | | | This is to eliminate any ambiguity about the cyassl/wolfssl lib. The rename happened some time ago (~3+ years). As time goes by, people will start to forget cyassl and start to get confused about the wolfSSL vs cyassl thing. It's a good idea to keep up with the times (moving forward). Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* wwan: json format in some modem definitionsAlexandru Ardelean2017-09-16268-349/+349
| | | | | | | | | | | | | | | | | | | | Method used: ``` cd package/network/utils/wwan/files/data sed -e 's/}}/}/g' -i * sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i * sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i * ``` Manually adjusted commas. Validated with ``` for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done ``` Thanks to @lynxis for pointing out the commas. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* treewide: fix shellscript syntax errors/typosLorenzo Santina2017-09-133-4/+3
| | | | | | | | | Fix multiple syntax errors in shelscripts (of packages only) These errors were causing many conditions to not working properly Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [increase PKG_RELEASE, drop command substitution from directip.sh] Signed-off-by: Mathias Kresin <dev@kresin.em>
* tcpdump: bump to 4.9.2Stijn Tintel2017-09-112-37/+41
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* xtables-addons: update to version 2.13Koen Vandeputte2017-08-241-2/+2
| | | | | | | | | | | | | | | | | Changes: 89d1b80 xt_condition: namespace support #2 c839e87 xt_geoip: check for allocation overflow a587f95 compat_xtables: use more accurate printf format for NIPQUAD 1874fcd xt_DNETMAP: fix a buffer overflow 21ea7b7 xt_LOGMARK: resolve new gcc7 warnings ee8da2b build: support for Linux 4.12 19a4359 xt_condition: add support for namespaces 1b37966 xt_psd: resolve compiler warning Tested on cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* Revert "iputils: switch to new upstream"John Crispin2017-08-248-101/+330
| | | | | | | This reverts commit 77d3ac8e3ecd7989a7cffb575c4a42bc68190b6c. This reverts commit e665b3df2a47ba5bb049d13358937ac67b860b70. Signed-off-by: John Crispin <john@phrozen.org>
* iperf3: add SSL variant for iperf_auth featurePhilip Prindeville2017-08-232-3/+74
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* iperf3: update to 3.2Philip Prindeville2017-08-232-3/+24
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* iputils: update sha256sumJohn Crispin2017-08-231-1/+1
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* iputils: switch to new upstreamJohn Crispin2017-08-238-329/+100
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* iwinfo: update to the latest git HEADRafał Miłecki2017-08-231-3/+2
| | | | | | | | | | | | | c1a03e8 nl80211: request split information about frequencies 5638567 nl80211: store info about freq being not available for some bandwidths ce51cb8 Allow storing more info about each frequency 5c10efa nl80211: support receiving split frequencies 335967c nl80211: improve error handling ab089dd nl80211: propagate netlink errors to callers 7bba117 nl80211: handle netlink errors in nl80211_wait() d22c64c iwinfo: add device id for Ubiquiti NanoStation Loco M2 Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* Revert "xtables-addons: fix nathelper-rtsp dependencies"John Crispin2017-08-231-1/+1
| | | | | | This reverts commit e2ef80130e0c855df47b2e046aed2b3467845184. Signed-off-by: John Crispin <john@phrozen.org>
* xtables-addons: fix nathelper-rtsp dependenciesPhilip Prindeville2017-08-221-1/+1
| | | | | | Both nf_conntrack and nf_nat need to be called out. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* nftables: remove date from versionHauke Mehrtens2017-08-091-1/+1
| | | | | | | We are using the normal 0.7 version of nftables, do not add an additional date to the version number. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tcpdump: Update to 4.9.1Daniel Engberg2017-07-281-2/+2
| | | | | | | | | Update tcpdump to 4.9.1 Fixes: * CVE-2017-11108: Fix bounds checking for STP. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>