summaryrefslogtreecommitdiff
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* netifd: quote vendorid and hostname variables in dhcp scriptHans Dedecker2016-07-121-2/+2
| | | | | | | Quote hostname and vendorid variables in dhcp script so they can hold strings having white spaces Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* samba: update smb template socket options defaultsKevin Darbyshire-Bryant2016-07-111-1/+0
| | | | | | | | | | | | | | | | | | Removed socket options = TCP_NODELAY IPTOS_LOWDELAY TCP_NODELAY (disables Nagle algorithm) is default since samba2. IPTOS_LOWDELAY sets DSCP 0x10 coding (CS2) The alternate IPTOS_THROUGHPUT sets DSCP 0x08 coding (CS1) CS1 is a scavenger class, whilst CS2 is more OAM/interactive (SNMP,SSH,syslog) Using CS2 is definitely an abuse of DSCP classification, CS1 less so however even if the ISP takes note of DSCP codings having a default that sets traffic to CS2 is wrong. Better to use the default Best Effort class. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* iftop: fix mac address displayKevin Darbyshire-Bryant2016-07-112-1/+68
| | | | | | | iftop would display portions of mac address with large ffffff prefixes. Make if_hw_addr type consistent. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* igmpproxy: logging options - make work & improveKevin Darbyshire-Bryant2016-07-113-18/+9
| | | | | | | | | | Move logging command line option to uci: option verbose [0]/1/2 - mono-syllabic/verbose/noisy Previously handled as 'OPTIONS' in .init script however variable was ignored so never worked. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* hostapd: add a WDS AP fix for reconnecting clientsFelix Fietkau2016-07-061-0/+25
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* samba: Update smb.conf.templateneheb2016-07-051-8/+2
| | | | | | | | Removed some options which are default anyway and added bind interfaces only which causes the interfaces line to actually have an effect. Can be verified with netstat. Signed-off by: Rosen Penev <rosenp@gmail.com>
* umbim: update to latest git HEADJohn Crispin2016-07-051-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* iwinfo: fix nl80211 phy lookup without platform prefixJo-Philipp Wich2016-07-041-2/+2
| | | | | | | | | | | Commit d9b20a6f351c50d206fb6d2f965a16318c0cecf7 (SVN r48426) changed the mac80211 phy lookup logic to strip the platform/ directory component from the phy path specification. Fix iwinfo to follow that logic by trying to lookup phys both with and without "platform/" prefix. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* odhcp6c: Upstep to latest versionHans Dedecker2016-06-301-2/+2
| | | | | | | | | Following fixes are included in the latest version: -Script is launched with incorrect action -Possible buffer overflows -Lots of minor bugfixes Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: cake AQM prepare tc for COBALT algorithmKevin Darbyshire-Bryant2016-06-302-11/+14
| | | | | | | | Cake AQM is experimenting with a codel/blue hybrid AQM COBALT instead of just using codel alone. This patch updates tc to cope with some new stats produced by COBALT. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* dnsmasq: Add broken realtime clock build switch in full variantHans Dedecker2016-06-301-3/+8
| | | | | | | | | | | | | By default dnsmasq uses the time function; which returns the time since Epoch; to retrieve the current time. On boards which have no realtime clock this can lead to side effects when the time is synced via ntp as the "time wrap" forces dhcp leases to be considered as expired. By enabling the broken realtime clock build switch dnsmasq uses the times utility which returns the number of clock tick. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [Jo-Philipp Wich: change symbol name, add sym to PKG_CONFIG_DEPENDS] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: fix missing cipher list for polarssl in v2.3.11Jo-Philipp Wich2016-06-282-1/+43
| | | | | | | | | | | Upstream OpenSSL hardening work introduced a change in shared code that causes polarssl / mbedtls builds to break when no --tls-cipher is specified. Import the upstream fix commit as patch until the next OpenVPN release gets released and packaged. Reported-by: Sebastian Koch <seb@metafly.info> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* lldpd: Use /etc/os-release instead of /etc/openwrt_*Daniel Dickinson2016-06-272-43/+4
| | | | | | | | | With the addition of /etc/os-release patching lldpd to use /etc/openwrt_release and to have the initscript use /etc/openwrt_release and/or /etc/openwrt_version becomes unnecessary. Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
* ebtables: fix segmentation fault due to uninitialized extension dataJo-Philipp Wich2016-06-242-1/+250
| | | | | | | | | | | | | | | | | | | The ebtables code relies on the `-nostartfiles` linker argument to execute the extension modules' `_init()` functions automatically which is not working reliably across all supported targets and gcc versions. Running an ebtables executable linked this way just crashes with a segmentation fault at runtime on program startup, e.g. on ARM architectures. In order to fix the issue ... - remove the use of the -nostartfiles linker flag - rename the init procedures to a generic name without implicit semantics - explicitely annotate those init procedures as constructors The patch has been taken from the Alpine Linux distribution at http://git.alpinelinux.org/cgit/aports/tree/main/ebtables/fix-extension-init.patch Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: dnssec time handling uses ntpd hotplugKevin Darbyshire-Bryant2016-06-244-25/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change dnsmasq's dnssec time check handling to use time validity indicated by ntpd rather than maintaining a cross boot/upgrade /etc/dnsmasq.time timestamp file. This saves flash device wear. If ntpd client is configured in uci and you're using dnssec, then dnsmasq will not check dnssec timestamp validity until ntpd hotplug indicates sync via a stratum change. The ntpd hotplug leaves a status flag file to indicate to dnsmasq.init that time is valid and that it should now start in 'check dnssec timestamp valid' mode. If ntpd client is not configured and you're using dnssec, then it is presumed you're using an alternate time sync mechanism and that time is correct, thus dnsmasq checks dnssec timestamps are valid from 1st start. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> V2 - stratum & step ntp changes indicate time is valid V3 - on initial flag file step signal dnsmasq with SIGHUP if running V4 - only accept step ntp changes. Accepting both stratum & step could result in unpleasant script race conditions V5 - Actually only accepting stratum is the correct thing to do after further testing V6 - improve handling of non busybox ntpd if sysntpd not executable dnsmasq checks dnssec timestamps else sysntp script disabled - look for timestamp file - allows external mechanism to use hotplug flag file sysntp script enabled & uci ntp enabled - look for timestamp file sysntp script enabled & uci ntp disabled - dnsmasq checks dnssec timestamps fi
* packages: prefer http over git for git protocolHauke Mehrtens2016-06-223-3/+3
| | | | | | | | | In company networks everything except the http and https protocol is often causes problems, because the network administrators try to block everything else. To make it easier to use LEDE in company networks use the https/http protocol for git access when possible. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* lantiq: Correct ADSL race conditionDaniel Gimpelevich2016-06-221-1/+1
| | | | | | | puts br2684ctl init after ADSL init instead of before, so that the ESI is set at the right time, and for consistency with the PTM driver. Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
* uhttpd: update to the latest version, adds some extensions to handler script ↵Felix Fietkau2016-06-161-2/+2
| | | | | | support Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix breakage with non-nl80211 driversFelix Fietkau2016-06-152-15/+18
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix compilation error in wext backendJo-Philipp Wich2016-06-151-0/+10
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: implement fallback for incomplete survey dataFelix Fietkau2016-06-151-0/+45
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to version 2016-06-15Felix Fietkau2016-06-1523-115/+115
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: Update to version 2016-05-05Michal Hrusecky2016-06-158-103/+180
| | | | | | Fixes CVE-2016-4476 and few possible memory leaks. Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
* package/lantiq: make lantiq kernel modules work with xway_legacyJohn Crispin2016-06-131-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* openvpn: update to 2.3.11Magnus Kroken2016-06-133-4/+25
| | | | | | | | | | Security fixes: * Fixed port-share bug with DoS potential * Fix buffer overflow by user supplied data Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* package/*: update git urls for project reposJohn Crispin2016-06-138-8/+8
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* swconfig: improve failure reportingJo-Philipp Wich2016-06-112-7/+7
| | | | | | Report the translated error to the user if a get/set netlink operation failed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: support hostid ipv6 address suffix optionKevin Darbyshire-Bryant2016-06-101-1/+29
| | | | | | | | | | | | | | | | | | | | | | Add support for hostid dhcp config entry to dnsmasq. This allows specification of dhcpv6 hostid suffix and works in the same way as odhcpd. Entries in auto generated dnsmasq.conf should conform to: dhcp-host=mm:mm:mm:mm:mm:mm,IPv4addr,[::V6su:ffix],hostname example based on sample config/dhcp entry: config host option name 'Kermit' option mac 'E0:3F:49:A1:D4:AA' option ip '192.168.235.4' option hostid '4' dhcp-host=E0:3F:49:A1:D4:AA,192.168.235.4,[::0:4],Kermit Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* dnsmasq: Add option --max-portHans Dedecker2016-06-101-0/+1
| | | | | | | | | By default dnsmasq uses random ports for outbound dns queries; when the maxport UCI option is specified the ports used will always be smaller than the specified value. This is usefull for systems behind firewalls. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* xtables-addons: add missing dependencyFelix Fietkau2016-06-091-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* xtables-addons: update to 2.11Dirk Neukirchen2016-06-073-60/+8
| | | | | | | | | | | | - fix compilation w. Kernel 4.6 due to hash->shash crypto API - remove a patch integrated upstream - remove unrecognized configure option removed upstream in 2010 commit 40d0345f1ed02de183b13a6ce38847bc1f4ac48e Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* openvpn: add support for tls-version-minMatteo Panella2016-06-072-2/+2
| | | | | | | | | | | | | Currently, the uci data model does not provide support for specifying the minimum TLS version supported in an OpenVPN instance (be it server or client). This patch adds support for writing the relevant option to the openvpn configuration file at service startup. Signed-off-by: Matteo Panella <morpheus@level28.org> [Jo-Philipp Wich: shorten commit title, bump pkg release] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* treewide: replace jow@openwrt.org with jo@mein.ioJo-Philipp Wich2016-06-0743-46/+46
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* treewide: replace nbd@openwrt.org with nbd@nbd.nameFelix Fietkau2016-06-0729-30/+30
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iproute2: Add support for cake qdiscHannu Nyman2016-06-062-1/+670
| | | | | | | | | | | | | | | Add cake support to 'tc' in iproute2 - Use a patch to modify tc instead of adding a new tc-adv package. Patch creates q_cake.c that matches commit https://github.com/dtaht/tc-adv/commit/3314230bc47328bc9b44faacaad8210065ef98b7 - Do not include the other things from tc-adv (cake0, cake2, pie etc.). V2 - KDB Small update to base on latest cake tc changes (wash option deprecated) V3 - KDB Move kmod-sched-cake package to kernel as is kernel related v4 - KDB Split into individual patches, tc & kmod Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* netifd: update to the latest versionFelix Fietkau2016-06-061-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openvpn: remove unrecognized optionDirk Neukirchen2016-06-011-1/+0
| | | | | | | | removed upstream in https://github.com/OpenVPN/openvpn/commit/9ffd00e7541d83571b9eec087c6b3545ff68441f now its always on Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* lantiq: fix segfault inside ltq-adsl-appDaniel Gimpelevich2016-05-271-0/+65
| | | | Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
* iproute2: Use URL aliasDaniel Engberg2016-05-241-1/+1
| | | | | | Remove hardcoded URLs and use alias instead. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* iw: Use URL aliasDaniel Engberg2016-05-241-1/+1
| | | | | | Remove hardcoded URL and use alias instead. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* dropbear: Fix incorrect CONFIG_TARGET_INIT_PATH.Dario Ernst2016-05-241-2/+2
| | | | | | | Fix a „semantic typo“ introduced in b78aae793e20e06defa1e75ab4d30dbb6807c139, where TARGET_INIT_PATH was used instead of CONFIG_TARGET_INIT_PATH. Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>
* dnsmasq: Set the default dhcp lease file and resolv fileDaniel Dickinson2016-05-241-4/+12
| | | | | | | | Instead of making assumptions about the leasefile and resolv file make sure we use what the user configures, but fall back to defaults if no configuration is specified Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
* dnsmasq: update to dnsmasq v2.76Kevin Darbyshire-Bryant2016-05-244-10/+28
| | | | | | | Update to dnsmasq2.76. Refresh patches. Add new patch to fix musl 'poll.h' location warning. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* mdns: update to latest git HEADJohn Crispin2016-05-231-2/+2
| | | | | | * fixes loopback handling Signed-off-by: John Crispin <john@phrozen.org>
* uhttpd: use configured distribution name for SSL certificate CNFelix Fietkau2016-05-212-1/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* curl: remove axtls config option, the library does not exist in our treeFelix Fietkau2016-05-192-6/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* curl: update to 7.49Dirk Neukirchen2016-05-194-40/+14
| | | | | | | | | | | | | | | | fixes: CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL - remove crypto auth compile fix curl changelog of 7.46 states its fixed - fix mbedtls and cyassl usability #19621 : add path to certificate file (from Mozilla via curl) and provide this in a new package tested on ar71xx w. curl/mbedtls/wolfssl Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.timeKevin Darbyshire-Bryant2016-05-192-0/+18
| | | | | | | | | | | | conditionally save dnsmasq.time across sysupgrade dnsmasq uses /etc/dnsmasq.time as record of the last known good system time to aid its validation of dnssec timestamps. dnsmasq updates the timestamp on process start/stop once it considers the system time as valid. The timestamp file should be preserved across system upgrade but should not be included as part of normal configuration backups to prevent restores corrupting the current timestamp. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* Revert "dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.time"Jo-Philipp Wich2016-05-192-18/+0
| | | | | | | | This reverts commit d830cb08826dc593406d9003d061016061b6c3c4. Reverting this commit due to a missing Signed-off-by. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.timeKevin Darbyshire-Bryant2016-05-182-0/+18
| | | | | | | | | | conditionally save dnsmasq.time across sysupgrade dnsmasq uses /etc/dnsmasq.time as record of the last known good system time to aid its validation of dnssec timestamps. dnsmasq updates the timestamp on process start/stop once it considers the system time as valid. The timestamp file should be preserved across system upgrade but should not be included as part of normal configuration backups to prevent restores corrupting the current timestamp.