summaryrefslogtreecommitdiff
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* branding: add LEDE brandingJohn Crispin2016-03-2410-16/+16
| | | | Signed-off-by: John Crispin <blogic@openwrt.org>
* dnsmasq: run as dedicated UID/GIDJohn Crispin2016-04-262-2/+5
| | | | | | | | | | | Running dnsmasq in a dedicated user/group allows matching its outgoing traffic more easily using iptables' owner match. Add UID/GID to the package metadata and append the user/group parameters to the init script. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 49252
* xtables-addons: build: fix configure compatiblity with POSIX shellsJohn Crispin2016-04-212-6/+57
| | | | | | | | | Fixes build with /bin/sh pointing to certain versions of dash (for example on Void Linux). Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> SVN-Revision: 49218
* curl: remove file accidentally committed in r49197Hauke Mehrtens2016-04-191-162/+0
| | | | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49199
* oxnas: add support for Akitio MyCloud miniHauke Mehrtens2016-04-191-0/+162
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 49197
* curl: fix deprecated 'depends' syntaxHauke Mehrtens2016-04-171-1/+1
| | | | | | | | | This was introduced in r49183 Reported-by: swalker Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49192
* dnsmasq: Add enable parameter in the UCI DHCP host sectionHauke Mehrtens2016-04-171-0/+3
| | | | | | | | | | Parameter allows to enable/disable static leases; by default the value is 1 to keep backwards compatibility Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49187
* curl: add flags to allow gc-sections to strip out unused codeHauke Mehrtens2016-04-171-1/+2
| | | | | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49184
* curl: add config option for NTLM supportHauke Mehrtens2016-04-172-1/+8
| | | | | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49183
* curl: upstep to latest version 7.48.0Hauke Mehrtens2016-04-174-7/+7
| | | | | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49182
* hostapd.sh: Add support for "anonymous_identity" config fieldHauke Mehrtens2016-04-171-2/+3
| | | | | | | | | | | | | | | | | | The wpa_supplicant supports an "anonymous_identity" field, which some EAP networks require. From the documentation: anonymous_identity: Anonymous identity string for EAP (to be used as the unencrypted identity with EAP types that support different tunnelled identity, e.g., EAP-TTLS). This change modifies the hostapd.sh script to propagate this field from the UCI config to the wpa_supplicant.conf file. Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Reviewed-by: Manuel Munz <freifunk@somakoma.de> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49181
* samba: fix some security problemsHauke Mehrtens2016-04-1621-46/+20105
| | | | | | | | | | | | | | | This fixes the following security problems: * CVE-2015-7560 * CVE-2015-5370 * CVE-2016-2110 * CVE-2016-2111 * CVE-2016-2112 * CVE-2016-2115 * CVE-2016-2118 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49175
* odhcp6c : Silence mtu write error warningsblogic2016-03-201-1/+1
| | | | | | | | | | Silence warning "daemon.notice netifd: wan6 (1139): sh: write error: Invalid argument" when an invalid MTU is received via RA as kernel refuses to accept IPv6 mtu values which are smaller than 1280 and bigger than the device mtu. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn+ssh://svn.openwrt.org/openwrt/trunk@49054 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: add support for X.509 name optionsJohn Crispin2016-03-081-0/+1
| | | | | | | | | x509-username-field was added in OpenVPN 2.2, and verify-x509-name was added in 2.3. This fixes ticket #18807. Signed-off-by: Jeffery To <jeffery.to@gmail.com> SVN-Revision: 48969
* ltq-vdsl-app: do not set the reserved bit 4 in the xTSE 8Felix Fietkau2016-03-071-3/+3
| | | | | | | | | | I do not know if this causes any problems now, but we should not set it, because it is reserved. Some more recent versions of the Lantiq DSL API driver and Control is checking if only valid bits are set. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48948
* ltq-vdsl-app: make it possible to configure ADSL/VDSL independentlyFelix Fietkau2016-03-071-2/+18
| | | | | | | | | | | There are some cases where ISPs are running ATM over VDSL or PTM over ADSL, this is not the common case, but these cases exist. Make it possible to configure OpenWrt for such cases by adding a new config option line_mode. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48947
* ltq-vdsl-app: sync annex option between from ADSL packageFelix Fietkau2016-03-071-3/+41
| | | | | | | | | | The detailed annex option were only available in the danube DSL app including the activation of G.992.2 Annex A (ADSL Lite). This is now also added to the vdsl app for the vrx200. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48946
* ltq-adsl-app: sync annex option between from VDSL packageFelix Fietkau2016-03-071-2/+3
| | | | | | | | | | | | The adsl control app missed the activation of annex M and annex L in the Annex A part, this now activates everything the firmware supports. In Annex L type only the wide US (Mask1) was activated, now also the narrow US (Mask2) version gets activated. In addition annex J was also added. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48945
* ltq-vdsl-app: make the dsl_control application stop cleanlyFelix Fietkau2016-03-071-0/+2
| | | | | | | | | | | I am not calling dsl_cmd because I want to ignore the lock, quit should also be send when someone else is accessing it. I saw that some other call was stuck here and all following calls were stuck in the dsl_cmd lock. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48943
* ltq-vdsl-app: load the vrx200 firmware or patch itFelix Fietkau2016-03-072-1/+43
| | | | | | | | This checks for the VRX firmware provided in the OpenWrt package. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48940
* netifd: fix build errorJo-Philipp Wich2016-03-041-1/+1
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48920
* netifd: fix VTI ikey/okey endianessJo-Philipp Wich2016-03-041-2/+2
| | | | | | | | | Ensure that ikey and okey are sent in network byte order to the kernel. Also don't mangle external IP addrs and routes when reconfiguring iinterfaces. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48919
* dnsmasq: add host-specific lease time option for static hostsJohn Crispin2016-02-262-3/+5
| | | | | | | | | | | | | | | | | | | | | | | Enable setting a host-specific lease time for static hosts. The new option is called "leasetime" and the format is similar as for the default lease time: e.g. 12h, 3d, infinite Default lease time is used for all hosts for which there is no host-specific definition. The option is added to /etc/config/dhcp for the selected hosts: config host option name 'Nexus' option mac 'd8:50:66:55:59:7c' option ip '192.168.1.245' option leasetime '2h' It gets appended to /var/etc/dnsmasq.conf like this: dhcp-host=d8:50:66:55:59:7c,192.168.1.245,Nexus,2h Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> SVN-Revision: 48801
* dnsmasq: add dhcp relay optionJohn Crispin2016-02-261-0/+19
| | | | | | Signed-off-by: dbugnar <dnbugnar@ocedo.com> SVN-Revision: 48800
* linux-atm: activate format security checksHauke Mehrtens2016-02-253-14/+20
| | | | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48786
* ltq-vdsl-app: Enable T1.413 in Annex A xTSE setJohn Crispin2016-02-251-1/+1
| | | | | | | | | Before r47933 Bit 1 (first bit) of xTSE Octet 1 (first octet) defaulted to 1, which allowed T1.413 to operate. Signed-off-by: Jonathan A. Kollasch <jakllsch@kollasch.net> SVN-Revision: 48763
* dnsmasq: export tftp root to the procd jailFelix Fietkau2016-02-251-11/+17
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48761
* dnsmasq: only enable tftp if the tftp root existsFelix Fietkau2016-02-251-1/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48760
* lldp: Upgrade to 0.9.0John Crispin2016-02-181-2/+2
| | | | | | Signed-off-by: Ben Kelly <ben@benjii.net> SVN-Revision: 48738
* vti: fix kmod dependenciesJohn Crispin2016-02-121-2/+2
| | | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> SVN-Revision: 48704
* dropbear: honor CONFIG_TARGET_INIT_PATHJo-Philipp Wich2016-02-082-6/+17
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48679
* relayd: update to the latest version, fixes some more connectivity issues ↵Felix Fietkau2016-02-081-2/+2
| | | | | | | | (#21817) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48655
* iptables: using external kernel tree should not alter patch behaviour.Felix Fietkau2016-02-071-4/+0
| | | | | | | | | iptables is the only exception in the package tree, causing patch behaviour to be inconsistent on this package. Signed-off-by: Rick van der Zwet <rick.vanderzwet@anywi.com> SVN-Revision: 48643
* relayd: update to the latest version, fixes route table issues when ↵Felix Fietkau2016-02-051-2/+2
| | | | | | | | connecting to the router Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48635
* swconfig: support setting SWITCH_TYPE_LINK attributesRafał Miłecki2016-02-031-0/+51
| | | | | | | | | | Supported syntax is inspired by ethtool. Example usages: swconfig dev switch0 port 2 set link "duplex half speed 100" swconfig dev switch0 port 2 set link "autoneg on" Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 48624
* curl: add support for mbedtlsHauke Mehrtens2016-02-013-1/+17
| | | | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48615
* curl: update curl to version 7.47.0Hauke Mehrtens2016-02-013-8/+8
| | | | | | | | | | | | | | This fixes the following security problems: CVE-2016-0754: remote file name path traversal in curl tool for Windows http://curl.haxx.se/docs/adv_20160127A.html CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use http://curl.haxx.se/docs/adv_20160127B.html Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 48614
* iproute2: refresh patchesFelix Fietkau2016-02-019-29/+28
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48613
* iproute2: Update to version 4.4Felix Fietkau2016-02-011-2/+2
| | | | | | | | Update iproute2 to latest version 4.4 with full MPLS support. Signed-off-by: André Valentin <avalentin@marcant.net> SVN-Revision: 48612
* gre: Support multicast configurable gre interfacesFelix Fietkau2016-02-011-2/+5
| | | | | | | | | | | UCI paramater multicast is added which allows to toggle multicast support on gre interfaces. By default multicast support is enabled as gre tunnels are often used in combination with routing protocols using multicast. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Nick Podolak <nicholas.podolak@dtechlabs.com> SVN-Revision: 48596
* netifd: update to the latest version, adds many fixesFelix Fietkau2016-02-011-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48595
* firewall: drop invalid by default, remove chain indirection, fix invert ↵Jo-Philipp Wich2016-01-291-3/+3
| | | | | | | | | | | | flags (#21738) * Enable drop_invalid by default to catch unnatted packets (#21738) * Fix processing of inversions for -i, -o, -s, -d and -p flags * Remove delegate_* chain indirection but rely on xt_id to identify own rules Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48551
* hostapd: remove useless TLS provider selection override for ↵Felix Fietkau2016-01-281-2/+1
| | | | | | | | wpad-mesh/wpa_supplicant-mesh Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48537
* hostapd: fix mesh interface bridge handlingFelix Fietkau2016-01-285-10/+22
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48529
* hostapd: fix wpad-mesh and wpa-supplicant-mesh configuration issuesFelix Fietkau2016-01-282-417/+9
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48528
* hostapd: update to version 2016-01-15Felix Fietkau2016-01-2842-945/+243
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48527
* dnsmasq: Don't add local hostname if ula prefix is not specifiedJo-Philipp Wich2016-01-252-3/+3
| | | | | | | | | | | | Commit 6a7e56b adds support for adding local hostname for own lan ula adress but if ula prefix is not specified results into an invalid config (address=/OpenWrt.lan/1) causing dnsmasq not to start up. Use lanaddr6 when adding local hostname as the lan ula address is constructed based on the UCI parameters ip6hint and ip6ifaceid and thus not always ula prefix suffixed with 1 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> SVN-Revision: 48495
* package/uhttpd: generate 2048 bit RSA keyFelix Fietkau2016-01-252-2/+2
| | | | | | | | | | RSA keys should be generated with sufficient length. Using 1024 bits is considered unsafe. In other packages the used key length is 2048 bits. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> SVN-Revision: 48494
* iwinfo: add support for VHT rates to Lua bindingJo-Philipp Wich2016-01-251-1/+1
| | | | | | | | Update to Git HEAD in order to include VHT rate support in the Lua binding. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48488
* iwinfo: add support for VHT ratesJo-Philipp Wich2016-01-251-3/+3
| | | | | | | | | Update to upstream Git HEAD to include VHT rate support and a number of coverity scan fixes. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48487