summaryrefslogtreecommitdiff
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* dropbear: enable curve25519 support by default, increases compressed binary ↵Felix Fietkau2016-01-101-1/+1
| | | | | | | | size by ~5 kb Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48196
* dropbear: split out curve25519 support into a separate config optionFelix Fietkau2016-01-102-4/+19
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48195
* hostapd: fix post v2.4 security issuesFelix Fietkau2016-01-1011-0/+554
| | | | | | | | | | | | | | | | | | | | | | | - WPS: Fix HTTP chunked transfer encoding parser (CVE-2015-4141) - EAP-pwd peer: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd server: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd peer: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd server: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd peer: Fix asymmetric fragmentation behavior (CVE-2015-4146) - NFC: Fix payload length validation in NDEF record parser (CVE-2015-8041) - WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use (CVE-2015-5310) - EAP-pwd peer: Fix last fragment length validation (CVE-2015-5315) - EAP-pwd server: Fix last fragment length validation (CVE-2015-5314) - EAP-pwd peer: Fix error path for unexpected Confirm message (CVE-2015-5316) Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> SVN-Revision: 48185
* openvpn: added service_triggers() to init scriptFelix Fietkau2016-01-071-0/+4
| | | | | | | | | Follow up of #21469 This patch enables autoreloading openvpn via procd. Signed-off-by: Federico Capoano <nemesis@ninux.org> SVN-Revision: 48150
* swconfig: support sending SWITCH_TYPE_LINK to kernelRafał Miłecki2016-01-061-0/+28
| | | | | | Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 48141
* samba36: add three CVE patches from 2015-12-16Felix Fietkau2016-01-054-1/+253
| | | | | | | | | This is a patch for CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299. A patchset for these vulnerabilities was published on 16th December 2015. Signed-off-by: Jan Čermák <jan.cermak@nic.cz> SVN-Revision: 48133
* relayd: move to git.openwrt.orgFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48129
* firewall: move to git.openwrt.orgFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48128
* uqmi: move to git.openwrt.orgFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48124
* uhttpd: move to git.openwrt.orgFelix Fietkau2016-01-041-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48122
* packages: use OPENWRT_GIT to point at the main openwrt git repoFelix Fietkau2016-01-044-4/+4
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48118
* package/network/config/gre: ipv6 gre kmod package name was wrongFelix Fietkau2016-01-031-1/+1
| | | | | | | | | | Source package gre was depending on kmod-ip6-gre, however the actual kernel module package that is created is kmod-gre6. Therefore update (source) package gre for ipv6 gre support. Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com> SVN-Revision: 48100
* wpa_supplicant: set regulatory domain the same way as hostapdFelix Fietkau2016-01-031-0/+6
| | | | | | | | | | | | | In sta-only configuration, wpa_supplicant needs correct regulatory domain because otherwise it may skip channel of its AP during scan. Another alternative is to fix "iw reg set" in mac80211 netifd script. Currently it fails if some phy has private regulatory domain which matches configured one. Signed-off-by: Dmitry Ivanov <dima@ubnt.com> SVN-Revision: 48099
* iproute2: update to 4.3.0Felix Fietkau2016-01-038-120/+68
| | | | | | | | | | | | iproute2-4.0 had connmark support added by nbd. This does not work with 4.x kernels. iproute2-4.3 is the latest version and has his changes mainlined. This patch updates the package to iproute2-4.3 and fixes the patches so that it compiles. This should resolve ticket #21374. Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net> SVN-Revision: 48098
* ltq-vdsl-app: re-add lowlevel settingsJohn Crispin2016-01-011-0/+88
| | | | | | | | | | | | | | | | Add back a slightly modified version of the lowlevel settings which where removed with r46920. In compare to the old lowlevel settings, the B43c tone is added to tone_adsl_b and tone_adsl_bv. If an unsupported tone value is used, the auto probing mode is used, in compare to the fallback to tone_adsl_av and tone_vdsl_av with the old lowlevel settings. Signed-off-by: Mathias Kresin <openwrt@kresin.me> SVN-Revision: 48054
* ltq-vdsl-app: enable G.993.5 XTSE bit by defaultJohn Crispin2016-01-011-3/+7
| | | | | | | | | | | | | According to ITU-T G.997.1 Amendment 2 (04/2013) section 2.1, bit 3 of XTSE octet 8 either allow or denies the initialization of G.993.5. Even if the current redistributable xDSL firmware doesn't include G.993.5 vectoring support, enable this bit by default to allow people to get their G.993.5 line working using a custom xDSL firmware. Signed-off-by: Mathias Kresin <openwrt@kresin.me> SVN-Revision: 48053
* ltq-vdsl-app: let the driver/app probe the xtse on missing annexJohn Crispin2016-01-011-3/+0
| | | | | | | | | | | r47933 revealed that the driver/app in combination with the chosen firmware does a good job in selecting a working xtse. Use this probing mode if no annex is specified. Signed-off-by: Mathias Kresin <openwrt@kresin.me> SVN-Revision: 48052
* ltq-vdsl-app: add/enable missing G.993.2 XTSE bitsJohn Crispin2016-01-011-10/+9
| | | | | | | | | | | | | | | | | This patch adds the missing VDSL2 bits to the annex specific XTSE (like it should be according to the comments above the XTSE bits). Since r47933 it's mandatory to remove the annex option to switch to VDSL2 (only) operation mode. As shown by ticket #21436 and a few mails I received personally, even experienced users are not aware that they have to remove the annex option to get their VDSL2 line working and as shown by this patch it doesn't need to be that "complicated". Signed-off-by: Mathias Kresin <openwrt@kresin.me> SVN-Revision: 48051
* ltq-vdsl-app: use the final xtse formatJohn Crispin2016-01-011-5/+5
| | | | | | | | This way we can drop the call to sed. Signed-off-by: Mathias Kresin <openwrt@kresin.me> SVN-Revision: 48050
* dante: fix MD5SUMNicolas Thill2015-12-311-1/+1
| | | | | | | | | | MD5SUM is wrong, it was not updated during last update to v1.4.1. Thanks to Daniel Dickinson <openwrt@daniel.thecshore.com> for reporting it. Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 48017
* 6in4: Corrected tunnelbroker tunnel update URLHauke Mehrtens2015-12-272-2/+2
| | | | | | | | | | | | | | Changed the tunnel update URL into format tunnelbrokers example has, that made it work again. Current method gives "Username/Password Authentication Failed." when I tried the wget line manually and logread eventually says also "6in4: update failed". With corrected URL it works fine: "good 111.222.333.444" or "nochg 111.222.333.444" and logread concurs with success, and tunnel actually updates. Tested-by: Vaasa Hacklab <info@vaasa.hacklab.fi> Signed-off-by: Sami Olmari <sami@olmari.fi> SVN-Revision: 48006
* swconfig: support receiving SWITCH_TYPE_LINK from kernelJohn Crispin2015-12-233-0/+92
| | | | | | | | | When using cli, print link state the same way kernel used to do it. This will allow kernel switching PORT_LINK from SWITCH_TYPE_STRING. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 47998
* openvpn: fix configure optionsJohn Crispin2015-12-231-2/+1
| | | | | | | | | | | | | | | - eurephia: commit: Remove the --disable-eurephia configure option - fix option name: http proxy option is now called http-proxy (see configure.ac) fixes: configure: WARNING: unrecognized options: --disable-nls, --disable-eurephia, --enable-http Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> SVN-Revision: 47979
* package/lldpd: Remove extraneous selectJohn Crispin2015-12-231-1/+0
| | | | | | | | | | Only the conditional dependency ought to be required; if build fails with JSON there is some other problem at work. Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com> SVN-Revision: 47976
* dnsmasq: Add option --no-pingJohn Crispin2015-12-231-0/+1
| | | | | | | | | | By default dnsmasq sends an ICMP echo request before allocating an IP address to a host; the uci option noping allows to disable this check. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> SVN-Revision: 47974
* dnsmasq: changed option nonwildcard to --bind-dynamicFelix Fietkau2015-12-191-1/+1
| | | | | | | | | | | | | | | | Changed option nonwildcard from --bind-interfaces into --bind-dynamic. With this, Dnsmasq binds the address of individual interfaces, allowing multiple dnsmasq instances, but if new interfaces or addresses appear, it automatically listens on those. This makes dynamically created interfaces work in the same way as the default, but allows also use of other DNS-servers (like Named) at the same time on diffirent interfaces where Dnsmasq is NOT configured, whereas with --bind-interfaces will still reserve every interface even if not used and thus disallowing use of any other DNS-program even on unused interfaces. Tested-by: Vaasa Hacklab <info@vaasa.hacklab.fi> Signed-off-by: Sami Olmari <sami@olmari.fi> SVN-Revision: 47953
* ltq-vdsl-app: enable Annex-M support, disable unsupported Annex-A modesFelix Fietkau2015-12-181-6/+3
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 47934
* ltq-vdsl-app: remove whitespace after -i, it prevents vdsl_cpe_control from ↵Felix Fietkau2015-12-181-1/+1
| | | | | | | | parsing the XTSE bits Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 47933
* network/services/lldpd: Fix missing dependency when using JSONJohn Crispin2015-12-171-0/+1
| | | | | | | | | Using the JSON output option depends on json library so add select json-c library when JSON output is selected. Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com> SVN-Revision: 47928
* dante: update to 1.4.1John Crispin2015-12-174-536/+13
| | | | | | | | | | | | | | | - 1.4.x has IPv6 support - set C std explicitly due to gcc 5 changes/old code style of dante - disable pam via configure vars since detection of without pam option is broken (-lpam gets linked in if available) - remove and refresh patches only compile tested Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> SVN-Revision: 47926
* netifd: update to the latest version, fixes more route table issuesFelix Fietkau2015-12-161-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 47897
* netifd: update to the latest version, fixes reload issues on routing table ↵Felix Fietkau2015-12-151-2/+2
| | | | | | | | changes Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 47893
* linux-atm: add wrapper for br2684ctl to defer nasX device bringupFelix Fietkau2015-12-143-2/+10
| | | | | | | | Fixes a race condition on netifd device bringup. Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 47891
* lantiq: ltq-vdsl-app: cleanup MakefileFelix Fietkau2015-12-131-14/+8
| | | | | | | | | | | | | | | | - CONFIG_IFX_CLI is unused, couldn't find any reference to this config variable - use disable-feature instead of enable-feature=no - reorder configure args to have depending args together - remove configure args which set the default value - group enable-model and configure args which enable or disable features that are covered by the feature set The config.log contains the same values as before. The vdsl_cpe_control binary has the same checksum as before. Signed-off-by: Mathias Kresin <openwrt@kresin.me> SVN-Revision: 47888
* lantiq: ltq-vdsl-app: re-add showtime counters supportFelix Fietkau2015-12-131-1/+2
| | | | | | | | | | | | | The typicial feature set doesn't include "DSL PM showtime counters support" (INCLUDE_DSL_CPE_PM_SHOWTIME_COUNTERS). This feature provides the vdsl_cpe_control command 'pmccsg', which is used by 'dsl_control status' to get the line uptime. The binary size increases to 103912 byte (+4256 byte) uncompressed. Signed-off-by: Mathias Kresin <openwrt@kresin.me> SVN-Revision: 47887
* dnsmasq: Add option "--all-servers"John Crispin2015-12-111-0/+1
| | | | | | | | | Add the option "--all-servers" which forces dnsmasq to send all queries to all servers and then take the first answer. Signed-off-by: Andréas Gustafsson <gurgalof@gmail.com> SVN-Revision: 47857
* br2684ctl: add atm-bridge disabled optionFelix Fietkau2015-12-101-1/+5
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 47830
* br2684ctl: fix config reload triggerFelix Fietkau2015-12-101-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 47829
* netifd: ifup-shellscript - fix wrong usage of 'local'Felix Fietkau2015-12-101-3/+1
| | | | | | | | | | | | | | | | | | this error was not visible until recent bump to busybox 1.24.1 stable which introduced a warning message when keyword 'local' is not used with a shell-function. this does not change behavior and is a cosmetic cleanup. fixes the following output: root@box:~ ifup <interface> /sbin/ifup: local: line 362: not in a function /sbin/ifup: local: line 362: not in a function /sbin/ifup: local: line 1: not in a function Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com> SVN-Revision: 47828
* lldpd: add STOP=01 param in init scriptFelix Fietkau2015-12-051-1/+2
| | | | | | | | | | This should ensure that lldpd is among the first processes to stop, so that it has time to send the shutdown LLDPU to the other side, before the network goes down. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> SVN-Revision: 47786
* iw: add VHT80 support for 802.11sFelix Fietkau2015-12-051-0/+170
| | | | | | | | | | | Support next to the non-HT/HT channel widths like HT20 or NOHT also VHT80 channels during the mesh join iw dev mesh0 mesh join "meshnet" freq 5180 80MHz Signed-off-by: Sven Eckelmann <sven@open-mesh.com> SVN-Revision: 47782
* iw: add VHT80 support for IBSSFelix Fietkau2015-12-052-0/+145
| | | | | | Signed-off-by: Sven Eckelmann <sven@open-mesh.com> SVN-Revision: 47780
* iw: display interface TX power if availableFelix Fietkau2015-12-051-0/+32
| | | | | | Signed-off-by: Sven Eckelmann <sven@open-mesh.com> SVN-Revision: 47779
* iw: sync nl80211.h with compat-wireless 2015-10-26Felix Fietkau2015-12-051-2/+92
| | | | | | | | | Fix the id of NL80211_ATTR_WIPHY_ANTENNA_GAIN for antenna_gain command when using compat-wireless 2015-10-26. Signed-off-by: Sven Eckelmann <sven@open-mesh.com> SVN-Revision: 47778
* iw: update to version 4.3Felix Fietkau2015-12-054-136/+56
| | | | | | Signed-off-by: Sven Eckelmann <sven@open-mesh.com> SVN-Revision: 47777
* lantiq: debloat the ltq-vdsl-app binaryFelix Fietkau2015-12-041-2/+2
| | | | | | | | | | | Use the 'typical' compile configuration instead of 'full', which most notably excludes the soap support. /sbin/vdsl_cpe_control shrinks down to ~50%, from 178kb(!) to 90kb. Signed-off-by: Andre Heider <a.heider@gmail.com> SVN-Revision: 47769
* br2684ctl: convert init script to procd, add hotplug/reload supportFelix Fietkau2015-12-043-35/+34
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 47765
* lantiq: move esi calls to dsl_cpe_control scripts to fix ordering wrt. ↵Felix Fietkau2015-12-043-1/+4
| | | | | | | | loading vr9 drivers Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 47764
* xtables-addons: update to 2.10Jonas Gorski2015-12-021-2/+2
| | | | | | | | Fixes compilation with linux 4.4. Signed-off-by: Jonas Gorski <jogo@openwrt.org> SVN-Revision: 47699
* netifd: update to the latest version, fixes an issue with moving a wifi ↵Felix Fietkau2015-12-021-2/+2
| | | | | | | | iface to a different network Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 47683