aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* 6rd : remove 6rd tunnel delete workaroundHans Dedecker2021-10-302-3/+1
| | | | | | | | Remove 6rd tunnel delete workaround in as the real issue is now solved in netifd (https://git.openwrt.org/?p=project/netifd.git;a=commit;h=8f82742ca4f47f459284f3a07323d04da72ea5f6) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: fix deletion of ip tunnels (FS#4058)Hans Dedecker2021-10-301-3/+3
| | | | | | 8f82742 system-linux: fix deletion of ip tunnels (FS#4058) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: add config options for agent-forwarding supportSven Roederer2021-10-302-1/+13
| | | | | | | | | | * SSH agent forwarding might cause security issues, locally and on the jump machine (https://defn.io/2019/04/12/ssh-forwarding/). So allow to completely disabling it. * separate options for client and server * keep it enabled by default Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* umdns: add missing syscall to seccomp filterMichael Peleshenko2021-10-271-0/+1
| | | | | | | The 'madvise', syscall is missing. Found with 'utrace /usr/sbin/umdns' on an R7800 and RT3200. Signed-off-by: Michael Peleshenko <mpeleshenko@gmail.com>
* mac80211: Update to version 5.14.13-1Hauke Mehrtens2021-10-241-6/+36
| | | | | | The removed patches were applied upstream. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ethtool: update to v5.14Hans Dedecker2021-10-231-3/+3
| | | | | | Update to newly released version 5.14 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "ethtool: update to v5.14"Hans Dedecker2021-10-231-3/+3
| | | | | | This reverts commit 7630001427fa266fa61da0b2533e2c1054eababe Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ethtool: update to v5.14Hans Dedecker2021-10-231-3/+3
| | | | | | Update to newly released version 5.14 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* umdns: add missing syscall to seccomp filterMichael Peleshenko2021-10-231-0/+1
| | | | | | | The 'clock_gettime64', syscall is missing. Found with 'utrace /usr/sbin/umdns' on an R7800. Signed-off-by: Michael Peleshenko <mpeleshenko@gmail.com>
* hostapd: ubus: fix uninitialized pointerDavid Bauer2021-10-211-1/+1
| | | | | | | This fixes passing a bogus non-null pointer to the ubus handler in case the transition request is rejected. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: fix up patches after the last commitFelix Fietkau2021-10-214-8/+8
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix a race condition on adding AP mode wds sta interfacesFelix Fietkau2021-10-212-1/+23
| | | | | | | | | | Both hostapd and netifd attempt to add a VLAN device to a bridge. Depending on which one wins the race, bridge vlan settings might be incomplete, or hostapd might run into an error and refuse to service the client. Fix this by preventing hostapd from adding interfaces to the bridge and instead rely entirely on netifd handling this properly Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2021-10-211-3/+3
| | | | | | | c61a1d432b34 wireless: fix creating AP mode WDS station interfaces f78bdec2ed5f wireless: fix handling vif attributes on reload with mode change Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ltq-vdsl-app: add error vector counters to the ubus metricsAndre Heider2021-10-211-0/+23
| | | | | | | | | | | | | | | These are useful stats to debug vector related line deteriorations, see [0]. Example output: "erb": { "sent": 169925, "discarded": 0 } [0] https://forum.openwrt.org/t/vectoring-on-lantiq-vrx200-vr9-missing-callback-for-sending-error-samples/104046 Signed-off-by: Andre Heider <a.heider@gmail.com>
* ltq-vdsl-app: prepare for multiple mei ioctlsAndre Heider2021-10-212-19/+23
| | | | | | | | | | | | Refactor so that the outer function opens and closes the mei fd and passes it around, just as with the main fd. That also allows us to use the IOCTL macro in get_vector_status() and clean up accordingly. Switch to AUTORELEASE while at it. Signed-off-by: Andre Heider <a.heider@gmail.com>
* iw: sync nl80211 with kernel backportsHauke Mehrtens2021-10-211-13/+56
| | | | | | | | The nl80211 was out of sync with the version used in our backports. This broke the configuration of the antenna gain. Fixes: 2bfac61483db ("mac80211: backport support for BSS color changes") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: fix goto loop for ubus assoc handlerDavid Bauer2021-10-191-8/+7
| | | | | | | | | | When a ubus event handler denies a association with a non-zero return value, the code jumps to preceeding code, creating an endless loop until the event handler accepts the assc request. Move the ubus handler further up the code to avoid creating such a loop. Signed-off-by: David Bauer <mail@david-bauer.net>
* wireguard-tools: add uci option to disable wireguard peersStepan Henek2021-10-183-1/+16
| | | | | | | | | | | | | Right now when I want to temporarily disable wg peer I need to delete the entire peer section. This is not such a good solution because I loose the previous configuration of the peer. This patch adds `disabled` option to peer config which causes that the config section is ignored. Signed-off-by: Stepan Henek <stepan.henek@nic.cz> [use $(AUTORELEASE)] Signed-off-by: Paul Spooren <mail@aparcar.org>
* nftables: bump to 1.0.0Stijn Tintel2021-10-191-3/+3
| | | | | | | | This introduces support for hardware flow offloading, which was added in in nftables 0.9.9. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: ubus: add BSS transtiton request methodDavid Bauer2021-10-131-40/+112
| | | | | | | | | | | | | | | | | | | | | | | | | | | The existing wnm_disassoc_imminent ubus method only supports issuing a bss transition request with the disassoc imminent flag set. For use-cases, where the client is requested to roam to another BSS without a pending disassoc, this existing method is not suitable. Add a new bss_transition_request ubus method, which provides a more universal way to dispatch a transition request. It takes the following arguments: Required: addr: String - MAC-address of the STA to send the request to (colon-seperated) Optional: abridged - Bool - Indicates if the abridged flag is set disassociation_imminent: Bool - Whether or not the disassoc_imminent flag is set disassociation_timer: I32 - number of TBTTs after which the client will be disassociated validity_period: I32 - number of TBTTs after which the beacon candidate list (if included) will be invalid neighbors: blob-array - Array of strings containing neighbor reports as hex-string Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: ubus: add notification for BSS transition responseDavid Bauer2021-10-133-0/+74
| | | | | | | | | To allow steering daemons to be aware of the STA-decided transition target, publish WNM transition responses to ubus. This way, steerings daemons can learn about STA-chosen targets and send a better selection of transition candidates. Signed-off-by: David Bauer <mail@david-bauer.net>
* netifd: update to git HEADDaniel Golle2021-10-131-3/+3
| | | | | | | be8cd8f interface: don't fork() to start jail interface 7a048bd interface, ubus: rework netns up/down Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* umdns: add missing syscalls to seccomp filterRonny Kotzschmar2021-10-071-0/+3
| | | | | | | The 'mmap', 'mmap2', 'munmap' syscalls are missing. Found with 'utrace /usr/sbin/umdns'. Signed-off-by: Ronny Kotzschmar <ro.ok@me.com>
* dnsmasq: add explicit "set:" for client-matching optionsPaul Fertser2021-10-031-6/+6
| | | | | | | | | Bring the usage in line with the dnsmasq man page and the other options where set: is mandatory. No functional change. Signed-off-by: Paul Fertser <fercerpav@gmail.com>
* netifd: update to the latest versionFelix Fietkau2021-09-301-3/+3
| | | | | | | | | | | 186f6eaeba70 wireless: display log messages for setup/teardown/retry fac471c4934a wireless: process and close script file descriptor when rerunning setup 62e2bb56f48e main: poll process log stream even if processes are killed 0e311d3f2d1a wireless: reset number of retries on config change e467e0ff44c0 wireless: reset retry counter when setup succeeds 448ffc154fe7 wireless: fix index for stations Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2021-09-281-3/+3
| | | | | | 4d0c2ad3fd26 wireless: fix applying wireless devices attributes on hotplug events Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2021-09-271-3/+3
| | | | | | 5a4ac30c7a15 netifd: rework/fix device free handling Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix segfault when deinit mesh ifacesJesus Fernandez Manzano2021-09-241-0/+5
| | | | | | | | | | | In hostapd_ubus_add_bss(), ubus objects are not registered for mesh interfaces. This provokes a segfault when accessing the ubus object in mesh deinit. This commit adds the same condition to hostapd_ubus_free_bss() for discarding those mesh interfaces. Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
* restool: add back PKG_VERSIONRosen Penev2021-09-231-1/+2
| | | | | | | | | | | | | For some reason, the build system chops off the last number from the version, which is not correct. Add it back. Update hash. Fixes: 96c7164acd80 ("restool: update to LSDK-20.12") Signed-off-by: Rosen Penev <rosenp@gmail.com> [add Fixes] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* bpftools: fix compilation with musl 1.2.xRosen Penev2021-09-221-0/+20
| | | | | | | | A definition for __maybe_inline is needed. Refreshed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* restool: update to LSDK-20.12Rosen Penev2021-09-213-369/+2
| | | | | | | | | | | | Fixes compilation with both GCC 10 and 11. Switched to AUTORELEASE for simplicity. Removed PKG_VERSION as it's derived from PKG_SOURCE_VERSION. Removed all patches as they are upstream backports. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* 6rd: delete tunnel on interface teardownDavid Lam2021-09-222-1/+3
| | | | | | | | | | | | Delete tunnel on 6rd interface teardown. Should solve problem related to tunnel stuck on restart loop with "Unknown Command" on tunnel restart due to wan connection drop. This patch is similar to the one written by Ansuel on Aug 2, 2021 but the 6rd teardown produces the same symptoms when the network service is restarted. Signed-off-by: David Lam <david@thedavid.net>
* restool: fix compilation with GCC 10Kuan-Yi Li2021-09-213-10/+269
| | | | | | | | | GCC 10 defaults to `-fno-common` and complains about multiple definition of `mc_status` in restool. Backport a patch from upstream to fix compilation with host GCC 10. Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
* hostapd: let netifd set bridge port attributes for snoopingFelix Fietkau2021-09-211-1/+30
| | | | | | Avoids race conditions on bridge member add/remove Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ustp: update to the latest versionFelix Fietkau2021-09-211-3/+3
| | | | | | | | c62d85cf7a0d bridge: check port bpdu filter status and apply it to the config 25555611be91 libnetlink: turn rtnetlink error answers into debug msgs 462b3a491347 build: use pthread cflags/ldflags Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2021-09-211-3/+3
| | | | | | | | | | | | d590fbd255ce wireless: always enable bpdu filter for AP interfaces and VLANs f8ff6d820283 system-linux: remove copy&paste from /proc and /sys path names 300b1220fab3 wireless: improve reliability of proxyarp support 5ba9744aac6d device: add support for configuring bonding devices 6fa9b042ff4d wireless: only apply wireless device attributes to the base vif interface 06d11bbf1f2b wireless: only enable proxyarp/isolate for AP vifs 08e954e137ff bonding: claim the port device before creating the bonding device Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iproute2: update to 5.14Hans Dedecker2021-09-1810-17/+17
| | | | | | | | Update iproute2 to latest stable 5.14; for the changes see https://lwn.net/Articles/867940/ Refresh patches Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: add config option for connmark DNS filteringEtan Kissling2021-09-141-0/+12
| | | | | | | | | This adds uci support to configure connmark based DNS filtering. Signed-off-by: Etan Kissling <etan_kissling@apple.com> (imported from upstream mailing list https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/015151.html) Signed-off-by: Etan Kissling <etan.kissling@gmail.com>
* dnsmasq: Update to version 2.86Etan Kissling2021-09-142-5/+5
| | | | | | | | | | | | | | | | | | | | | Summary of upstream CHANGELOG: * Handle DHCPREBIND requests in the DHCPv6 server code. * Fix bug which caused dnsmasq to lose track of processes forked. * Major rewrite of the DNS server and domain handling code. * Revise resource handling for number of concurrent DNS queries. * Improve efficiency of DNSSEC. * Connection track mark based DNS query filtering. * Allow smaller than 64 prefix lengths in synth-domain. * Make domains generated by --synth-domain appear in replies when in authoritative mode. * Ensure CAP_NET_ADMIN capability is available when conntrack is configured. * When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are given a directory as argument, define the order in which files within that directory are read. * Support some wildcard matching of input tags to --tag-if. Signed-off-by: Etan Kissling <etan.kissling@gmail.com>
* iproute2: m_xt.so depends on dynsyms.listRoman Yeryomin2021-09-091-1/+2
| | | | | | | | | | | | | | | | | | When doing parallel build on a fast machine with bottleneck in i/o, m_xt.so may start linking faster than dynsyms.list gets populated, resulting in error: ld:dynsyms.list:0: syntax error in dynamic list Fix this by adding dynsyms.list as make dependency to m_xt.so Described also here: https://bugs.openwrt.org/index.php?do=details&task_id=3353 Change from v1: - add dynsysms.list dependancy only when shared libs are enabled Signed-off-by: Roman Yeryomin <roman@advem.lv> Fixes: FS#3353
* firewall4: update to latest Git HEADJo-Philipp Wich2021-09-011-3/+3
| | | | | | | cf835ce treewide: convert deprecated syntax c9a3bf5 tests: adapt to latest ucode Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ethtool: fix recursive dependencyEneas U de Queiroz2021-08-311-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change the CONFLICTS definition from the alternative package (ethtool-full) to the main one. The CONFLICTS line creates a dependency to the conflicting package. Right now, the dependency would be created in the PACKAGE_ethtool-full symbol: config PACKAGE_ethtool-full depends on m || (PACKAGE_ethtool != y) When the main package is selected by airmon-ng, it selects PACKAGE_ethtool, *depending* on the value of PACKAGE_ethtool-full: config PACKAGE_airmon-ng select PACKAGE_ethtool if PACKAGE_ethtool-full<PACKAGE_airmon-ng In the first block, the value of PACKAGE_ethtool-full depends on the value of PACKAGE_ethtool. In the second block, the opposite is true: the value of PACKAGE_ethtool depends on the value of PACKAGE_ethtool-full. This is a recursive dependency. Fix it by changing the package where the dependency is created, so that only the value of PACKAGE_ethtool will depend on PACKAGE_ethtool-full. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wireguard-tools: bump to 20210424Kevin Darbyshire-Bryant2021-08-301-3/+3
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: enable proxy-arp support for hostapd-fullDavid Bauer2021-08-283-0/+9
| | | | | | | | | | The hostapd.sh script already has support for configuring proxy-ARP, however no built variant has support for it enabled. Enable proxy-ARP support for hostapd-full builds in order to allow users to actually use this feature. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: fix Proxy-ARP with Hotspot 2.0 disabledDavid Bauer2021-08-281-0/+51
| | | | | | | | | | | The disable_dgaf config fiels is only available in case Hostapd is compiled with Hotspot 2.0 support, however Proxy-ARP does not depend on Hotspot 2.0. Only add the code related to this config field when Hotspot 2.0 is enabled to fix compilation with the aformentioned preconditions. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: refresh patchesDavid Bauer2021-08-286-12/+12
| | | | Signed-off-by: David Bauer <mail@david-bauer.net>
* ustp: add OpenWrt STP/RSTP daemonFelix Fietkau2021-08-262-0/+55
| | | | | | | | | This integrates with netifd in order to provide STP/RSTP protocol support in user space. It defaults to using RSTP for bridges with stp enabled. This daemon has no config files, it uses the configuration passed from netifd via ubus Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2021-08-241-3/+3
| | | | | | | | | | 94170ae24bc9 device: extend device settings flags to 64 bit 1eb0fafaa986 device: add support for configuring device link speed/duplex ed84473b7af9 bridge: memset bst->config by default to avoid stale config values 6519cf31e4b0 bridge: add support for an external STP daemon 454e9c33c906 bridge: tune default stp parameters Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: enable ht40 in wpa_supplicant when using wider HE modesFelix Fietkau2021-08-241-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uhttpd: add config option for json_scriptStijn Tintel2021-08-242-2/+3
| | | | | | | | | | Add a config option for json_script instead of unconditionally including all json files in /etc/uhttpd in every uhttpd instance. This makes it possible to configure a single instance with an unconditional redirect, which currently renders all other uhttpd instances unusable. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Felix Fietkau <nbd@nbd.name>