aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* uqmi: fix network registration loopThomas Richard2021-05-082-10/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With some debug in qmi.sh using following patch, some errors are visible in the registration step @@ -29,6 +29,7 @@ proto_qmi_init_config() { } proto_qmi_setup() { + set -x local interface="$1" local dataformat connstat plmn_mode mcc mnc local device apn auth username password pincode delay modes pdptype @@ -224,6 +225,8 @@ proto_qmi_setup() { fi done + registration=$(uqmi -s -d "$device" --get-serving-system) + [ -n "$modes" ] && uqmi -s -d "$device" --set-network-modes "$modes" > /dev/null 2>&1 echo "Starting network $interface" During the boot of the system, modem could not start automatically its network registration. netifd: wan (9235): + echo 'Waiting for network registration' netifd: wan (9235): Waiting for network registration netifd: wan (9235): + local 'registration_timeout=0' netifd: wan (9235): + uqmi -s -d /dev/cdc-wdm1 --get-serving-system netifd: wan (9235): + grep '"searching"' netifd: wan (9235): + uqmi -s -d /dev/cdc-wdm1 --get-serving-system netifd: wan (9235): + registration='{"registration":"not_registered","plmn_mcc":208,"plmn_mnc":20,"plmn_description":"","roaming":true}' netifd: wan (9235): + '[' -n ] netifd: wan (9235): + echo 'Starting network wan' As the while loop checks only "searching" pattern, uqmi.sh script quits searching loop and continues whereas the modem is not registered Other issue, after X seconds modem stops searching. netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system netifd: wan (9213): + grep '"searching"' netifd: wan (9213): + '[' -e /dev/cdc-wdm0 ] netifd: wan (9213): + '[' 3 -lt 0 -o 0 '=' 0 ] netifd: wan (9213): + let registration_timeout++ netifd: wan (9213): + sleep 1 netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system netifd: wan (9213): + grep '"searching"' netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system netifd: wan (9213): + registration='{"registration":"not_registered"}' netifd: wan (9213): + '[' -n ] netifd: wan (9213): + echo 'Starting network wan' netifd: wan (9213): Starting network wan If registration_timeout is not expired, registration can be restarted Signed-off-by: Thomas Richard <thomas.richard@kontron.com> Tested-by: Florian Eckert <fe@dev.tdt.de>
* dnsmasq: Update to version 2.85Alan Swanson2021-05-054-92/+6
| | | | | | | | | | | | | | | | | | | | | Fixes issue with merged DNS requests in 2.83/2.84 not being retried on the firsts failed request causing lookup failures. Also fixes the following security problem in dnsmasq: * CVE-2021-3448: If specifiying the source address or interface to be used when contacting upstream name servers such as: server=8.8.8.8@1.2.3.4, server=8.8.8.8@1.2.3.4#66 and server=8.8.8.8@eth0 then all would use the same socket bound to the explicitly configured port. Now only server=8.8.8.8@1.2.3.4#66 will use the explicitly configured port and the others random source ports. Remove upstreamed patches and update remaining patch. Signed-off-by: Alan Swanson <reiver@improbability.net> [refreshed old runtime support patch] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* ltq-dsl-base: Make package nonshared to fix image builderHauke Mehrtens2021-05-041-0/+2
| | | | | | | | | | This package depends on the lantiq target and is only build for that target. A normal package would be build by the SDK builder probably under a different target and then this package will not be selected. Mark it as nonshared to build it when the lantiq target gets build. Fixes: FS#3773, FS#3774 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iwinfo: update to latest Git HEADDavid Bauer2021-05-021-4/+4
| | | | | | c45f0b5 iwinfo: add 802.11ax HE rate information Signed-off-by: David Bauer <mail@david-bauer.net>
* iwinfo: update to latest Git HEADDavid Bauer2021-04-281-4/+4
| | | | | | | | 50b64a6 iwinfo: add basic IEEE 802.11ax support 70d2136 iwinfo: nl80211: perform split wiphy dump cd23727 iwinfo: cli: fix hwmode formatting Signed-off-by: David Bauer <mail@david-bauer.net>
* dnsmasq: add ignore hosts dir to dnsmasq init scriptJoão Henriques2021-04-241-1/+6
| | | | | | | | When running multiple instances of dnsmasq, for example one being for the lan and another for a guest network, it might not be desirable to have the same dns names configured in both networks Signed-off-by: João Henriques <joaoh88@gmail.com>
* bpftools: update to v5.11.16, simplify makeTony Ambardar2021-04-242-16/+7
| | | | | | | | | | | | | | | | Update to the latest stable upstream version. Drop unneeded make variables to remove redundant assignments seen during invocation of package Makefile. Also remove the following patch now included upstream: * 200-fix-install-param-order-on-macos.patch Compile and run-tested on malta/mips32be, using bpftool directly and also libbpf (linked with tc) to inspect and load simple eBPF programs. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* bpftools: fix feature override for masking clangTony Ambardar2021-04-241-1/+1
| | | | | | | | | Rename feature variable clang-bpf-global-var following upstream changes. This restores the HAVE_CLANG feature override and should avoid rare build errors where a recent host clang and BTF-enabled host kernel are present. Fixes: 23be333401f0 ("bpftools: update to 5.10.10") Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: avoid unneeded compiles to speed buildingTony Ambardar2021-04-224-3/+31
| | | | | | | | | | | | | | | | | | | | | | | Skip building Makefile targets that aren't packaged: tipc, dcb, ifstat, rtacct, lnstat, and man. Also, only compile targets needed for the current build variant i.e. don't compile 'tc' when building an 'ip' variant and vice versa. These changes reduce typical build times by over 30%: $ make package/iproute2/clean && time make -j8 package/iproute2/compile (old) ... real 2m24.985s user 3m12.537s sys 0m26.677s (new) ... real 1m36.945s user 2m8.734s sys 0m20.046s Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* ltq-vdsl-app: extent dsl metrics with state_num and power_state_numFlorian Eckert2021-04-171-14/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the old ubus dsl API, the numbers for the individual line_states and power_states were also returned. These were not ported to the new DSL C-API. This commit adds the missing information. For this the internal values are mapped to numbers. * additional JSON output for state_num: "state_num": <map_state_number> Since not all values are meaningful only the following values are implemented, this can be extended if the future. * LSTATE_MAP_NOT_INITIALIZED * LSTATE_MAP_EXCEPTION * LSTATE_MAP_IDLE * LSTATE_MAP_SILENT * LSTATE_MAP_HANDSHAKE * LSTATE_MAP_FULL_INIT * LSTATE_MAP_SHOWTIME_NO_SYNC * LSTATE_MAP_SHOWTIME_TC_SYNC * LSTATE_MAP_RESYNC * additinal JSON output for power_level: "power_state_num": <map_power_satte_number>, Since there are not so many here, all are mapped. * PSTATE_MAP_NA, * PSTATE_MAP_L0, * PSTATE_MAP_L1, * PSTATE_MAP_L2, * PSTATE_MAP_L3, Signed-off-by: Florian Eckert <fe@dev.tdt.de> v6: Add state LSTATE_MAP_NOT_INITILIZED at the beginning of the list Start the list LSTATE_MAP with -1 Reviewed-by: Andre Heider <a.heider@gmail.com>
* odhcp6c: read user scripts from directoryLeon M. George2021-04-172-2/+6
| | | | | | | | | | | | | | Placeholder DHCP user scripts were added recently. These files make package-based installations of such scripts more difficult. Pull user callbacks from directories instead to allow packages and users to install co-existing scripts more easily. References: b4f3d93b5 odhcp6c: add a odhcp6c.user placeholder script Signed-off-by: Leon M. George <leon@georgemail.eu> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* netifd: read udhcpc user scripts from directoryLeon M. George2021-04-172-1/+6
| | | | | | | | | | | | | | Placeholder DHCP user scripts were added recently. These files make package-based installations of such scripts more difficult. Pull user callbacks from directories instead to allow packages and users to install co-existing scripts more easily. References: 130118f7a netifd: add a udhcpc.user placeholder script Signed-off-by: Leon M. George <leon@georgemail.eu> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* umdns: add missing syscalls to seccomp filterDaniel Golle2021-04-101-27/+30
| | | | | | | | | | | | | | | Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due to changes on libraries used by umdns now using slightly different calls. Found using /etc/init.d/umdns trace now use umdns, ie. cover all ubus call etc., then /etc/init.d/umdns stop find list of syscalls traced in /tmp/umdns.*.json Fixes: FS#3355 ("UMDNS: does not start on master with seccomp") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* lldpd: further size reductionsStijn Tintel2021-04-051-2/+2
| | | | | | | | | | | Size difference on mips_4kec: Before: 120196 After: 120006 Closes https://github.com/openwrt/openwrt/pull/3823 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Suggested-by: Lucian Cristian <lucian.cristian@gmail.com>
* lldpd: enable LTOStijn Tintel2021-04-051-1/+4
| | | | | | | | | Size difference on mips_4kec: W/o LTO: 139674 W/ LTO: 120196 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Suggested-by: Lucian Cristian <lucian.cristian@gmail.com>
* lldpd: bump to 1.0.9Stijn Tintel2021-04-052-64/+3
| | | | | | Contains fixes related to CVE-2020-27827. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* lldpd: add libcap dependencyStijn Tintel2021-04-052-19/+2
| | | | | | | | | Now that libcap is in OpenWrt base, we can drop our custom patch to disable libcap support and have lldpd depend on it instead. This will allow the monitor process to drop its privileges instead of running as root, improving security. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* netifd: update to Git version 2021-04-03Hauke Mehrtens2021-04-031-3/+3
| | | | | | | f8899b9 netifd: bridge: set default value for igmp_snoop 327da98 netifd: add possibility to switch off route config Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: enable airtime policy for the -basic variantsRui Salvaterra2021-04-031-1/+1
| | | | | | | | | | | | | | Airtime policy configuration is extremely useful in multiple BSS scenarios. Since nowadays most people configure both private and guest networks (at least), it makes sense to enable it by default, except for the most limited of the variants. Size of the hostapd-basic-openssl binary (mipsel 24Kc -O2): 543944 bytes (airtime policy disabled) 548040 bytes (airtime policy enabled) Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> Acked-by: Daniel Golle <daniel@makrotopia.org>
* lantiq: use ActualNetDataRate for speed reportingJeroen Peelaerts2021-04-032-1/+6
| | | | | | | | | | | | | Switch to Actual Net Data Rate (ACTNDR) for speed reporting on lantiq VDSL modems Refer to ITU-T G.997.1 chapter 7.5.2.8 Independent whether retransmission is used or not in a given transmit direction: - In L0 state, this parameter reports the Net Data Rate (as specified in G.992.3, G.992.5 or G.993.2) at which the bearer channel is operating. - In L2 state, the parameter contains the Net Data Rate (as specified in G.992.3, G.992.5 or G.993.2) in the previous L0 state. Signed-off-by: Jeroen Peelaerts <jeroen.peelaerts@gmail.com> Reviewed-by: Andre Heider <a.heider@gmail.com>
* lantiq: enable G.INP retransmission countersJeroen Peelaerts2021-04-031-2/+4
| | | | | | | | | | | | | | | | This commit adds monitoring for a couple of DSL line features that are present in the lantiq firmware blobs. * G.INP ON/OFF * Trellis encoding ON/OFF * Virtaul Noise ON/OFF * Bitswap ON/OFF Difference in size for ltq-vdsl-app = 1k Difference in size for kmod-ltq-vdsl-vr9 < 1k Reviewed-by: Andre Heider <a.heider@gmail.com> Signed-off-by: Jeroen Peelaerts <jeroen.peelaerts@gmail.com>
* iproute2: fix libbpf detection with NLS enabledTony Ambardar2021-04-032-1/+21
| | | | | | | | | | | | | | | | | Upstream iproute2 detects libbpf using a one-line $CC test-compile, which normally ignores LDFLAGS. With NLS enabled however, LDFLAGS includes an "rpath-link" linker option needed to resolve libintl.so. Its absence causes both the compile and libbpf detection to fail: ld: warning: libintl.so.8, needed by libbpf.so, not found (try using -rpath or -rpath-link) ld: libelf.so.1: undefined reference to `libintl_dgettext' collect2: error: ld returned 1 exit status Fix this by directly including $LDFLAGS in the test-compile command. Reported-by: Ian Cooper <iancooper@hotmail.com> Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* bpftools: drop unneeded libintl linking for NLSTony Ambardar2021-04-031-5/+1
| | | | | | | | There is no direct linking of libintl from bpftools, only secondary linking through libelf, so remove "-lintl" from TARGET_LDFLAGS. Fixes: 5582fbd6135f ("bpftools: support NLS, fix ppc build and update to 5.8.9") Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* firewall4: update to latest Git HEADJo-Philipp Wich2021-04-011-3/+3
| | | | | | | | | | | | | 29fba84 tests: expand testing 6bf82a8 fw4.uc: fix family test functions 25b2c7d fw4.uc: fix parsing boolean "0" values 694d428 rule.uc: fix redundant whitespace in rules without target 7f69fbb ruleset.uc: reduce empty lines in output 8f8e42c fw4.uc: gracefully handle missing defaults section 25287af treewide: remove ucode module preloading 802b685 fw4.uc: remove upvalue caching Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to git HEADDaniel Golle2021-03-311-3/+3
| | | | | | | | | | 09632d4 device: remove left-over comment b22f83d handler: add mechanism to generate external device handler stubs 80bf9d7 extdev: add support for external device handlers 44c0f40 system-linux: reorder sysctl functions c84f3b0 system-linux: add device options used by wpad Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* firewall: update to latest git HEADHans Dedecker2021-03-301-3/+3
| | | | | | | a4355a6 firewall3: clean up the flow table detection logic edd0dc5 firewall3: create a common helper to find strings in files Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall3: update to latest git HEADTony Ambardar2021-03-271-3/+3
| | | | | | | | | | | | | | | This includes several improvements and fixes: 61db17e rules: fix device and chain usage for DSCP/MARK targets 7b844f4 zone: avoid duplicates in devices list c2c72c6 firewall3: remove last remaining sprintf() 12f6f14 iptables: fix serializing multiple weekdays 00f27ab firewall3: fix duplicate defaults section detection e8f2d8f ipsets: allow blank/commented lines with loadfile 8c2f9fa fw3: zones: limit zone names to 11 bytes 78d52a2 options: fix parsing of boolean attributes Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* igmpproxy: remove packageJan Pavlinec2021-03-213-221/+0
| | | | | | | | | Moved to packages repo because it was considered non-essential for most router configurations. Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz> [shorten commit title] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* uhttpd: update to git HEADHauke Mehrtens2021-03-211-4/+4
| | | | | | 15346de client: Always close connection with request body in case of error Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uhttpd: Execute uci commit and reload_config onceHauke Mehrtens2021-03-211-4/+6
| | | | | | | | Instead of doing uci commit and reload_config for each setting do it only once when one of these options was changed. This should make it a little faster when both conditions are taken. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uhttpd: Reload config after uhttpd-mod-ubus was addedHauke Mehrtens2021-03-212-1/+3
| | | | | | | | | | | | Without this change the config is only committed, but the uhttpd daemon is not reloaded. This reload is needed to apply the config. Without the reload of uhttpd, the ubus server is not available over http and returns a Error 404. This caused problems when installing luci on the snapshots and accessing it without reloading uhttpd. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* umdns: add syscalls needed on Aarch64Daniel Golle2021-03-191-0/+1
| | | | | | | Now that ujail supports seccomp also on Aarch64, add missing syscall 'fstat' to the list of allowed syscalls. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* firewall4: introduce packageJo-Philipp Wich2021-03-191-0/+45
| | | | | | | This commit introduces firewall4, an nftables based reimplementation of the UCI iptables firewall. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iproute2: separate tc into tiny and full variantsTony Ambardar2021-03-191-27/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change was investigated previously [1] but not deemed necessary. With the recent addition [2] of modern BPF loader support, however, tc gained dependencies on libelf and libbpf, with a larger installation footprint. Similar to ip-tiny/ip-full, split tc into tc-full and tc-tiny variants, where the latter excludes the eBPF loader, uses a smaller executable, and avoids libelf and libbpf package dependencies. Both variants provide the 'tc' virtual package, with tc-tiny as the default. The previous tc package included a loadable module for iptables actions. Separate this out into a common package, tc-mod-iptables, which both variants depend on. Some package sizes on mips_24kc: Before: 148343 tc_5.11.0-1_mips_24kc.ipk After: 144833 tc-full_5.11.0-2_mips_24kc.ipk 138430 tc-tiny_5.11.0-2_mips_24kc.ipk (and no libelf or libbpf) 4115 tc-mod-iptables_5.11.0-2_mips_24kc.ipk Also fix up some Makefile indentation. [1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447619962 [2] b048a305a3d3 ("iproute2: update to 5.11.0") Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* kernel/modules: relocate teql hotplug from iproute2 to kmod-schedTony Ambardar2021-03-192-25/+0
| | | | | | | | | | | | | | The link equalizer sch_teql.ko of package kmod-sched relies on a hotplug script historically included in iproute2's tc package. In previous discussion [1], consensus was the hotplug script is best located together with the module in kmod-sched, but this change was deferred at the time. Relocate the hotplug script now. This change also simplifies adding a tc variant for minimal size with reduced functionality. [1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447923636 Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: add missing limits.h includesTony Ambardar2021-03-191-0/+45
| | | | | | | | | | | | | | | This patch has been submitted upstream to fix an error reported by a few users. One instance seen using gcc 10.2.0, binutils 2.35.1 and musl 1.1.24: bpf_glue.c: In function 'get_libbpf_version': bpf_glue.c:46:11: error: 'PATH_MAX' undeclared (first use in this function); did you mean 'AF_MAX'? 46 | char buf[PATH_MAX], *s; | ^~~~~~~~ | AF_MAX Reported-by: Rui Salvaterra <rsalvaterra@gmail.com> Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* ppp: compile fix: unset FILTER variable in MakefileEike Ritter2021-03-191-0/+12
| | | | | | | | | | | | | | | | If the environment variable FILTER is set before compilation, compilation of the ppp-package will fail with the error message Package ppp is missing dependencies for the following libraries: libpcap.so.1 The reason is that the OpenWrt-patch for the Makefile only comments out the line FILTER=y. Hence the pcap-library will be dynamically linked if the environment variable FILTER is set elsewhere, which causes compilation to fail. The fix consists on explicitly unsetting the variable FILTER instead. Signed-off-by: Eike Ritter <git@rittere.co.uk>
* mac80211: backport upstream patches for driver disconnectFelix Fietkau2021-03-151-2/+8
| | | | | | Needed for an mt76 update Signed-off-by: Felix Fietkau <nbd@nbd.name>
* xfrm: simplify the check for necessary kernel supportAlin Nastac2021-03-132-2/+2
| | | | | | | [ -d /sys/module/xfrm_interface ] is enough to check if CONFIG_XFRM_INTERFACE support was enabled in kernel. Signed-off-by: Alin Nastac <alin.nastac@technicolor.com>
* vti: use alternative way to check if kernel support is enabledAlin Nastac2021-03-132-3/+3
| | | | | | | When necessary support is built in kernel, vti protocol support is not enabled in netifd. Signed-off-by: Alin Nastac <alin.nastac@technicolor.com>
* gre: use alternative way to check if kernel support is enabledAlin Nastac2021-03-132-5/+3
| | | | | | | When necessary support is built in kernel, gre protocol support is not enabled in netifd. Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
* netifd: add a udhcpc.user placeholder scriptRui Salvaterra2021-03-102-1/+6
| | | | | | | | Document the existence of this feature. This allows the user to execute a script at each DHCPv4 event. This is useful, for example, as an ad-hoc way to update a DDNS entry when (and only when) required. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* odhcp6c: add a odhcp6c.user placeholder scriptRui Salvaterra2021-03-102-1/+8
| | | | | | | | Document the existence of this feature. This allows the user to execute a script at each DHCPv6 event. This is useful, for example, as an ad-hoc way to update a DDNS entry when (and only when) required. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* bpftools: fix param order for install on macOSGeorgi Valkov2021-03-071-0/+11
| | | | | | | Fix: bpftools 5.11.2 does not compile on macOS, because the -m option was placed between src and dst. Corrected by moving -m 644 before src. Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
* bpftools: fix libbpf pkgconfig fileTony Ambardar2021-03-071-0/+4
| | | | | | | | | | | | | | | | | | | | | The pkgconfig file hardcodes a host library directory which cannot be overridden by OpenWrt during builds. Use SED to fix this and potential include directory problems, as is done with several other packages. This fixes a strange issue intermittently seen building iproute2 on the oxnas target: iptables modules directory: /usr/lib/iptables libc has setns: yes SELinux support: no libbpf support: no libbpf version 0.3.0 is too low, please update it to at least 0.1.0 LIBBPF_FORCE=on set, but couldn't find a usable libbpf Fixes: 2f0d672088c3 ("bpftools: add utility and library packages supporting eBPF usage") Reported-by: Russell Senior <russell@personaltelco.net> Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* rssileds: use new application led trigger backendFlorian Eckert2021-03-052-0/+5
| | | | | | | | | | | | | | | | | This will use the new application led trigger backend. For now this is the only package that uses leds trigger in user space to configure the kernel led triggers. The callback script only emmits a message for now, so that this LED is now managed by the rssileds service. Until now a generic warning was emitted that this LED trigger is not supported. But that is not true. -> Skipping trigger 'rssileds' for led '<name>' due to missing kernel module I think this callback should be changed in the future to restart the service. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* hostapd: P2P: Fix a corner case in peer addition based on PD RequestStefan Lippers-Hollmann2021-03-011-0/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | p2p_add_device() may remove the oldest entry if there is no room in the peer table for a new peer. This would result in any pointer to that removed entry becoming stale. A corner case with an invalid PD Request frame could result in such a case ending up using (read+write) freed memory. This could only by triggered when the peer table has reached its maximum size and the PD Request frame is received from the P2P Device Address of the oldest remaining entry and the frame has incorrect P2P Device Address in the payload. Fix this by fetching the dev pointer again after having called p2p_add_device() so that the stale pointer cannot be used. This fixes the following security vulnerabilities/bugs: - CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
* igmpproxy: update to version 0.3Jan Pavlinec2021-03-011-11/+3
| | | | | | | | | Changes: - Remove custom Build/Compile because it's no longer needed - Remove std=gnu99 which is added automaticaly by igmpproxy if needed - Remove -Dlog from CFLAGS because igmpproxy doesn't have log function Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* bpftools: update to latest stable 5.11.2Tony Ambardar2021-03-012-7/+2
| | | | | | | Compile and run-tested on malta/mip32be, using bpftool directly and also libbpf (linked with tc) to inspect and load simple eBPF programs. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: update to 5.11.0Tony Ambardar2021-03-0111-29/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The latest iproute2 version brings various improvements and fixes: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?qt=range&q=v5.10.0..v5.11.0 In particular, ip and tc now use libbpf as the standard way to load BPF programs, rather than the old, limited custom loader. This allows more consistent and featureful BPF program handling e.g. support for global initialized variables. Also fix a longstanding problem with iproute2 builds where unneeded DSO dependencies are added to most utilities, bloating their installation footprint. From research and testing, explicitly using a "--as-needed" linker flag avoids the issue. Update accordingly and drop extra package dependencies from Makefile. Additional build and packaging updates include: - install missing development header to iproute2/bpf_elf.h - propagate OpenWrt verbose flag during build - update and refresh patches Compile and run tested: QEMU/malta-mips32be on kernels 5.4 & 5.10. All iproute2 packages were built and installed to the test image. Some regression testing using ip-full and tc was successfully performed to exercise several kmods, tc modules, and simple BPF programs. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>