In a dual-WAN setup, it's useful to specify an interface over which to
have PPTP.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
SVN-Revision: 44507
This change adds the configuration options "bssid_whitelist" and
"bssid_blacklist" used to limit the AP selection of a network to a
specified (finite) set or discard certain APs.
This can be useful for environments where multiple networks operate
using the same SSID and roaming between those is not desired. It is also
useful to ignore a faulty or otherwise unwanted AP.
In many applications it is useful not just to enumerate a group of well
known access points, but to use a address/mask notation to match an
entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00).
This is especially useful if an OpenWrt device with two radios is used to
retransmit the same network (one in AP mode for other clients, one as STA for
the uplink); the following configuration prevents the device from associating
with itself, given that the own AP to be avoided is using the bssid
'C0:FF:EE:D0:0D:42':
config wifi-iface
option device 'radio2'
option network 'uplink'
option mode 'sta'
option ssid 'MyNetwork'
option encryption 'none'
list bssid_blacklist 'C0:FF:EE:D0:0D:42/00:FF:FF:FF:FF:FF'
This change consists of the following cherry-picked upstream commits:
b3d6a0a8259002448a29f14855d58fe0a624ab76
b83e455451a875ba233b3b8ac29aff8b62f064f2
79cd993a623e101952b81fa6a29c674cd858504f
(squashed to implement bssid_{white,black}lists)
0047306bc9ab7d46e8cc22ff9a3e876c47626473
(Add os_snprintf_error() helper)
Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>
SVN-Revision: 44438
Align init behaviour with other distros by starting an OpenVPN instance
for each config file found in /etc/openvpn/. This removes the additional
requirement to "register" the configs with uci and thus simplifies the
setup.
Make sure to respect the disabled state in uci to not suddenly autostart
instances which have been previously set to disabled, also skip configs
which are already started due to uci configuration.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44310
The previous update introducing LFS support unconditionally changed the
sprintf() pattern used to print the file modification time to use PRIx64.
Explicitely convert the st_mtime member of the stat struct to uint64_t in
order to avoid type mismatch errors when building for non-64bit targets.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44138
* Fix the ubus plugin to not make its uhttpd_plugin entry symbol
constant as uhttpd needs to modify its list_head member
* Make sure that uhttpd supports large files by using 64bit ints
where appropriate and by passing _FILE_OFFSET_BITS=64 to the build
* Plug a possible memleak in the directory listing code
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44135
The previous implementation of the "host-uniq" option used plain strings for
passing the value to pppd which made it impossible to specify binary data.
Switch the format to a hex encoded string to support binary data.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44094
This patch adds a simple check to silence logging of messages about
unrecognized igmp packets which originate from devices in local network.
Without this patch igmpproxy floods openwrt syslog with messages such as:
user.warn igmpproxy[19818]: The source address 192.168.1.175 for group
239.255.250.250, is not in any valid net for upstream VIF.
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
SVN-Revision: 44020
The --quiet-dhcp setting increases privacy by omitting DHCP lease logs including MAC addresses.
Signed-off-by: Lars Kruse <devel@sumpfralle.de>
SVN-Revision: 44006
Introduce configuration options to build an "hardened" OpenWRT.
Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.
uClibc makefile now automatically detects if SSP support is necessary.
hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.
Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.
Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.
Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>
SVN-Revision: 44005
This patch fixes adding new stations for some specific drivers when
using more than 1 BSS.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 43951
Makes sure that the openvpn instance gets restarted in case of a crash.
Intentional stops using /etc/init.d/openvpn stop will not result in
respawning. Anything else will, e.g. killall openvpn.
Signed-off-by: Lars Gierth <larsg@systemli.org>
SVN-Revision: 43886
This patch tries to
- Let the DHCPv6 feature depend on CONFIG_IPV6.
- Conditionally select libnettle, kmod-ipv6, kmod-ipt-ipset only if the
corresponding features are enabled.
- Install `trust-anchors.conf` only if DNSSEC is selected.
- Add PKG_CONFIG_DEPENDS for the configurable options.
- Add a patch to let the Makefile of dnsmasq be aware of changes in
COPTS variable.
Big thanks goes to Frank Schäfer <fschaefer.oss@googlemail.com> for
providing necessary information on connections and dependency relations
between these CONFIGs and packages.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 43851
The uapsd option sets the uapsd_advertisement_enabled flag in hostapd.
The check for phy support is already implemented here in hostapd since 2011:
http://w1.fi/cgit/hostap/commit/?id=70619a5d8a3d32faa43d66bcb1b670cacf0c243e
So this can be safely set to 1 as default.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
SVN-Revision: 43846
In r41872 and r42787 Dynamic VLAN support was reintroduced, but the vlan_bridge
parameter is not read while setting up the config, so the default is used which
is undesirable for some uses.
Signed-off-by: Ben Franske <ben.mm@franske.com>
SVN-Revision: 43473
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.
I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.
However, I can not garantee that I always picked the correct information
and/or did not miss license information.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43155
Port Debians adaptive LCP echo patch to pppd, make it configurable with UCI
and enable it by default.
When adaptive LCP echo is enabled, LCP echo requests are only sent if the
link is idle, this avoids the common situation where a congested PPP link
(e.g. during torrenting) is falsely detected as disconnected because the
LCP replies are not received in time.
Also bump the copyright year in the Makefile, remove a redundant maintainer
entry and fix the shell processing of the keepalive option when the two-
value syntax is used.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 43143
* Fixes sending an extraneous message body for 204 and 304 resoponses which
breaks Chrome in keep-alive mode.
* Adds mimetypes for JSON and JSONP.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 43078
The wpa_psk_file option offers the possibility to use a different WPA-PSK key for each client. The directive points to a file with the following syntax:
mac_address wpa_passphrase_or_hex_key
Example:
00:11:22:33:44:55 passphrase_for_client_1
00:11:22:33:44:67 passphrase_for_client_2
00:11:22:33:44:89 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
So it is possible to specify both ASCII passphrases and raw 64-chars hex keys.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
SVN-Revision: 43001
* Rewrite ndp proxy using kernel proxying
* Aid flash-renumbering in hybrid DHCPv6-mode
* Unicast RAs to RS senders
* Add support for router address
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42944
[base-files] shell-scripting: fix wrong usage of '==' operator
normally the '==' is used for invoking a regex parser and is a bashism.
all of the fixes just want to compare a string. the used busybox-ash
will silently "ignore" this mistake, but make it portable/clean at least.
this patch does not change the behavior/logic of the scripts.
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42911
This is not needed after all:
Omitting option ipv6 or setting it to 'auto' will
fire up a dhcpv6 subprotocol (this was added).
Setting ipv6 to 1 will only cause the IPv6 link to
be brought up and an accompanying dhcpv6 or static
interface with ifname @wan can be used to configure addresses.
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42859
Use network_get_ipaddrs_all to get all ip-addresses of an interface. If the
function fails, the interface does not exists or has not any suiteable ip
addresses assigned.
Use the returned ip-address(es) to construct the dropbear listen address.
Signed-off-by: Mathias Kresin <openwrt@kresin.me>
SVN-Revision: 42857
In r41872 Dynamic VLAN support was reintroduced, but the vlan_naming
parameter is not read while setting up the config, so it always
defaults to 1.
Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>
SVN-Revision: 42787
Send a netlink call to leave the mesh when meshd exits
Make hunting-and-pecking loop (more) resistant to side channel attack
Signed-off-by: Michel Stam <m.stam@fugro.nl>
SVN-Revision: 42750
With this patch WPS discovery can be started or canceled over ubus if
WPS is enabled in wireless configuration. This is equivalent of
'hostapd_cli wps_pbc' and 'hostapd_cli wps_cancel' commands.
Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
SVN-Revision: 42459
* ipv6
* 4 bugs in the dns parser
* service announcement
* tx goodbye support
* proper handling of rx goodbye
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 42325
Use an if/else statement to cover the two different syntaxes. Add
comments explaining what the end results should look like.
This patch should not change the script's output.
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
SVN-Revision: 42320
An entry like this in /etc/config/dhcp:
config 'host'
option 'name' 'pc2'
option 'ip' '192.168.100.56'
option 'dns' '1'
results in a /tmp/hosts/dhcp entry that looks like this:
192.168.100.56 .lan
Obviously it should say "pc2.lan".
This happens because $name is set to "" in order to support the MAC-less
syntax: "--dhcp-host=lap,192.168.0.199". Fix this by reordering the
operations. Also, refuse to add a DNS entry if the hostname or IP is
missing.
Fixes#17683
Reported-by: Kostas Papadopoulos <kpapad75@travelguide.gr>
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
SVN-Revision: 42319
LuCI creates "domain" UCI config sections, which the dnsmasq init file
then, currently, translates into "address" config lines. This is not
the correct usage of "address" (see r36943), and also causes rDNS
records to not be created. This patches dnsmasq.init to utilize the
additional hosts file introduced in r40799 for such domain names,
resolving both issues.
Signed-off-by: Tyler Fenby <tylerf@securecominc.com>
SVN-Revision: 42318
A quite frequent problem after sysupgrading from an older, SSL enabled build
is that ustream-ssl is not installed so uhttpd fails to come up again due to
https listening directives in the preserved configuration.
Skip key/cert and ssl listen options when libustream-ssl.so is not present.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 42284
somebody started to set a function returncode in the validation
stuff and everybody copies it, e.g.
myfunction()
{
fire_command
return $?
}
a function automatically returns with the last returncode,
so we can safely remove the command 'return $?'. reference:
http://tldp.org/LDP/abs/html/exit-status.html
"The last command executed in the function or script determines the exit status."
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42278
Disable MIPS16 to prevent it negatively affecting performance.
Observed was a increase of connection delay from ~6 to ~11 seconds
and a reduction of scp speed from 1.1MB/s to 710kB/s on brcm63xx.
Fixes#15209.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 42250
Add a further upstream commit to more closely match the keepalive
to OpenSSH.
Should now really fix#17523.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 42249
Don't send SSH_MSG_UNIMPLEMENTED for keepalive responses, which broke
at least putty.
Fixes#17522 / #17523.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 42162