The build system already defines KERNEL_CROSS which defaults to TARGET_CROSS.
Make use of this variable for kernel makefiles.
Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.
The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.
But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.
I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!
https://dev.openwrt.org/ticket/16694https://dev.openwrt.org/ticket/19661
Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
This patch adds the help tool wpan-ping to test the 6LoWPAN
network to help the user debug network problem.
Signed-off-by: Yunhui Fu <yhfudev@gmail.com>
If you unplug a QMI device, the /dev/cdc-wdmX device
disappears but uqmi will continue to poll it endlessly.
Then, when you plug it back, you have 2 uqmi processes,
and that's bad, because 2 processes talking QMI to the
same device [and the same time] doesn't seem to work well.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
There have been a number of interesting fixes in conntrack-tools since
the current latest release. Most notable is that this fixes IPv6
conntrack table syncing when cross-compiling conntrack-tools.
7e7748d src/main: refresh help message
fe32043 conntrackd.8: refresh file
47a4dda conntrackd.8: add reference to systemd
0cfe7ff doc/manual: include some bits about init systems
74a418b conntrackd: cthelper: ftp: Set match offset/len for PORT mangling
d833bed conntrackd: cthelper: ftp: Fix debug print
dd4b5a1 conntrackd: cthelper: Add new mdns helper
498d698 Link nfct and helper modules with `-z lazy`
9e94e85 sync-mode: print errno message on failure
ab81c35 log: print messages to stdout/sderr if running in console mode
631d92b log: introduce a mechanism to know if log was initialized
ccb1c8b conntrackd: replace error reporting in the config parser with dlog()
bee121e conntrackd: replace fprintf calls with dlog()
5a51b04 conntrack-tools: update Arturo Borrero Gonzalez email address
abb9984 helper: remove copy and paste from uapi kernel header
a91a004 src: add log message when resync is requested by other node
c2d8be1 systemd: fix missing log.h include
f6ca216 config: drop old/obsolete/deprecated conntrackd.conf config options
8b83771 conntrack: send mark filter to kernel iff set
1ba5e76 conntrackd: cthelper: Don't leak nat_tuple
832166d conntrackd: cthelper: Free pktb after use
ff843bc conntrackd: config: Do not strdup() tokens
b61c454 conntrackd: cthelper: ssdp: Track UPnP eventing
8ea394e conntrackd: Remove obsolete rule to catch ambiguous Checksum option
39398cd conntrackd: CommitTimeout breaks DisableExternalCache set On
29b390a conntrack: Support IPv6 NAT
381827a conntrackd: factorice tx_queue functions
131df89 conntrackd: factorize resync operations
d31bacc conntrackd: consolidate more code to use resync_send()
3d98496 conntrackd: request resync at startup
ef410bf conntrackd: remove use of HAVE_INET_PTON_IPV6
9d38445 conntrackd: evaluate configuration earlier
6feded7 conntrackd: cleanup if failed forking
dbfdea7 conntrackd: deprecate unix backlog configuration
210f542 conntrackd: make the daemon run in RT mode by default
37cc7f0 conntrackd: remove warning for -S
d2849d1 conntrack: Show multiple CPUs stats from proc
bc0b49a conntrackd: cthelper: ssdp: fix build with musl
0c77a25 tests: don't fail on modprobe since the driver might be built-in
eefe649 conntrack.8: refresh manpage
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
As git.netfilter.org seems to support HTTPS, use that instead of HTTP
which is insecure, or GIT which is blocked on many corporate networks.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This updates mac80211 to backprots-4.14-rc2.
This was compile and runtime tested with ath9k, ath10k and b43
with multiple stations and ieee80211w and in different scenarios by many
other people.
To create the backports-4.14-rc2-1.tar.xz use this repository:
https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git
from tag v4.14-rc2-1
Then run this:
./gentree.py --git-revision v4.14-rc2 --clean <path to linux repo> ../backports-4.14-rc2-1
This also adapts the ath10k-ct and mt76 driver to the changed cfg80211
APIs and syncs the nl80211.h file in iw with the new version from
backports-4.14-rc2.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The empty version.sh script causes a problem when run by make:
make[3]: /usr/bin/env bash: Shell program not found
Adding a shebang line in version.sh seems to solve it.
Fixes FS#977.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Bump to 7.55.1 broke the disable threaded resolver feature as reported
in https://github.com/curl/curl/issues/1784.
As a result curl is always compiled with the threaded resolver feature
enabled which causes a dependency issue on pthread for uclibc.
Fix this issue by backporting the upstream curl commit which fixes
disable threaded resolver.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed
CVEs in the commit message. As the list of fixed CVEs is quite long,
we should probably mention them in the changelogs of the releases to
come. This commit will make sure this happens.
The following CVEs were fixed in 21014d9708:
CVE-2017-11541
CVE-2017-11541
CVE-2017-11542
CVE-2017-11542
CVE-2017-11543
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This is to eliminate any ambiguity about the cyassl/wolfssl lib.
The rename happened some time ago (~3+ years).
As time goes by, people will start to forget cyassl and
start to get confused about the wolfSSL vs cyassl thing.
It's a good idea to keep up with the times (moving forward).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Method used:
```
cd package/network/utils/wwan/files/data
sed -e 's/}}/}/g' -i *
sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i *
sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i *
```
Manually adjusted commas.
Validated with
```
for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done
```
Thanks to @lynxis for pointing out the commas.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Fix multiple syntax errors in shelscripts (of packages only)
These errors were causing many conditions to not working properly
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[increase PKG_RELEASE, drop command substitution from directip.sh]
Signed-off-by: Mathias Kresin <dev@kresin.em>
Changes:
89d1b80 xt_condition: namespace support #2
c839e87 xt_geoip: check for allocation overflow
a587f95 compat_xtables: use more accurate printf format for NIPQUAD
1874fcd xt_DNETMAP: fix a buffer overflow
21ea7b7 xt_LOGMARK: resolve new gcc7 warnings
ee8da2b build: support for Linux 4.12
19a4359 xt_condition: add support for namespaces
1b37966 xt_psd: resolve compiler warning
Tested on cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
c1a03e8 nl80211: request split information about frequencies
5638567 nl80211: store info about freq being not available for some bandwidths
ce51cb8 Allow storing more info about each frequency
5c10efa nl80211: support receiving split frequencies
335967c nl80211: improve error handling
ab089dd nl80211: propagate netlink errors to callers
7bba117 nl80211: handle netlink errors in nl80211_wait()
d22c64c iwinfo: add device id for Ubiquiti NanoStation Loco M2
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Intent is to link against it, and have the option to
not install the ipset utility (if needed).
One example/use-case is keepalived (from package)
feeds, where it would be nice to just depend on a
`libipset` (sub)package.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
This PR allow the 3G modem embedded in the DWR-512 to be managed
by the wwan-ncm scripts. The modem will use the usb-option and
usb-cdc-ether drivers.
The DWR-512 DT is updated accordingly.
Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
The dep for the nftables support was wrong, if someone actually enable
that option gain a compilation error. This fix this problem.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Commit f4e312ddf8 adds libnetlink to
staging dir but did not add the header files libgenl.h and ll_map.h
which define functions belonging to libnetlink lib
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Make scan output useful for 802.11s meshes. The common print_ssid function
is used, so this doesn't add any additional code.
Based-on-patch-by: Jan-Tarek Butt <tarek@ring0.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Add actual mirror and use main site as last resport
Source: http://www.tcpdump.org/mirrors.html
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
The kernel unconditionally pulls in a header file that defines
'current', which conflicts with the lua extension code.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Pass down TARGET_CPPFLAGS for path to header files, and append the
libraries we depend on in TARGET_LDFLAGS. Put TARGET_LDFLAGS at the end
of the command line as is required by modern GCC/binutils.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Drops a LEDE carried patch now upstream.
Convert to autotools.
A number of nits fixed upstream (dns & short packet handling most
notable)
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
This reverts the following commits:
fbe522d120278ad007ee863888e44f96daf6352fcfd83555fc
This seems to trigger some mconf bugs when built with all feeds
packages, so I will try to find a less intrusive solution before the
release.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes the folowing security problems:
CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
CVE-2016-9594: unititialized random
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
uqmi has the possibility to allow the modem to start a regsitration
process only to this specified plmn
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Update tc to track upstream cake changes:
diffserv3 - a simple 3 tin classifier
Also make diffserv3 and triple-isolate default
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Add uqmi 'sync' command call to release stalled cid when preparing to
setup new connection. As a result it prevents 'POLICY MISMATCH' errors.
Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
8ceeab6 uqmi: Change returned value to QMI_CMD_REQUEST for 'sync' command.
1dc7be1 uqmi: Add sync command to release all cids.
Signed-off-by: John Crispin <john@phrozen.org>
It's useful when using multiple usb devices that should be bound to
certain usb ports. Symlinks are created by hotplug handlers.
Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
It's useful when using multiple usb devices that should be bound to
certain usb ports. Symlinks are created by hotplug handlers.
Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
Add support for specifying a call profile index instead of APN. A
specific index different from 1 must be used for some service
provider and modem combinations.
In addition, change the manufacturer detection to use the standard
AT+CGMI command, which produces more predictable output than ATI,
remove the redundant ipv6 option, since it is less ambiguous to
directly specify the PDP context type with mobile connections, and
fix missing device during teardown when using ncm through the wwan
proto.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
Update uqmi to latest version, which brings about support for
specifying a call profile index instead of APN. A specific index
different from 1 must be used for some service provider and modem
combinations.
Also change option dhcp to dhcpv6, since IPv4 now always uses DHCP,
replace option ipv6 with pdptype, which is less ambiguous, and
make autoconnect optional and default it to off for IPv6 due to it
not working with statically configured IPv6.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
The xt_id match was used by the firewall3 package to track its own rules but
the approach has been changed to use xt_comment instead now, so we can drop
this nonstandard extension.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Support new packet overhead passing paradigm in cake qdisc, also restore
DSCP wash/nowash keywords.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
This fixes the following security problems:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Not all kmod packages depends on kmod-ipt-compat-xtables, but this
kernel config option is required for building the whole package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes building with musl and drops the dependency on the OpenWrt
kernel-header patches:
270-uapi-kernel.h-glibc-specific-inclusion-of-sysinfo.h.patch
271-uapi-libc-compat.h-do-not-rely-on-__GLIBC__.patch
272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch
Use the new upstream location at netfilter.org and use a define instead
of a patch to "optimize".
See also: https://git.netfilter.org/arptables/log/
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
[Jo-Philipp Wich: add mirror SHA256 sum]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>