A quite frequent problem after sysupgrading from an older, SSL enabled build
is that ustream-ssl is not installed so uhttpd fails to come up again due to
https listening directives in the preserved configuration.
Skip key/cert and ssl listen options when libustream-ssl.so is not present.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 42284
somebody started to set a function returncode in the validation
stuff and everybody copies it, e.g.
myfunction()
{
fire_command
return $?
}
a function automatically returns with the last returncode,
so we can safely remove the command 'return $?'. reference:
http://tldp.org/LDP/abs/html/exit-status.html
"The last command executed in the function or script determines the exit status."
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42278
Disable MIPS16 to prevent it negatively affecting performance.
Observed was a increase of connection delay from ~6 to ~11 seconds
and a reduction of scp speed from 1.1MB/s to 710kB/s on brcm63xx.
Fixes#15209.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 42250
Add a further upstream commit to more closely match the keepalive
to OpenSSH.
Should now really fix#17523.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 42249
Don't send SSH_MSG_UNIMPLEMENTED for keepalive responses, which broke
at least putty.
Fixes#17522 / #17523.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 42162
This is a bug revealed in r41830.
First, the static variable `char nif[IFNAMSIZ]` of nl80211_phy2ifname()
would be zeroed out if the argument is "wlan0" or the like. This will
happen in the following call stack.
nl80211_get_scanlist("radio0", buf, len);
nl80211_phy2ifname("radio0") // return static var nif with content "wlan0"
nl80211_get_scanlist(nif, buf, len); // tail call
nl80211_get_mode(nif);
nl80211_phy2ifname(nif); // zero out nif
Later we try nl80211_ifadd("") which was supposed to create interface
"tmp.", but that won't happen because nl80211_msg() will put an invalid
ifidx 0 to the nlmsg.
Then iwinfo_ifup() and iwinfo_ifdown() would fail and happily
nl80211_get_scanlist() returned 0 and left *len undefined.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 42151
Utilize the new selective conntrack flushing facility to clear
out active conntrack entries referring to old IP addresses after
a firewall reload.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 42114
NFLOG and NFQUEUE targets' full support for iptables.
Includes all needed kernel modules (Xtables's and Netlink's)
and userspace libraries.
All added kernel modules can be individually disabled,
all other new libraries get their own individual packages.
Reported-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
Reported-by: Rainer Poisel <rainer.poisel@fhstp.ac.at>
Reported-by: Derek LaHousse <dlahouss@mtu.edu>
Signed-off-by: Guillaume Déflache <guillaume.deflache@ibwag.com>
SVN-Revision: 42022
This commit implements a new netfilter match "xt_id" which can be used to
attach unsigned 32bit IDs to iptables rules.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41945
The package supports Generic Routing Encapsulation support by registering following protocol kinds:
-gre
-gretap
-grev6
-grev6tap
Following options are valid for gre and gretap kinds:
-ipaddr
-peeraddr
-df
-mtu
-ttl
-tunlink
-zone
-ikey
-okey
-icsum
-ocsum
-iseqno
-oseqno
The gretap kind supports additionally the network option
Following options are valid for grev6 and grev6tap kinds:
-ip6addr
-peer6addr
-weakif
-mtu
-ttl
-tunlink
-zone
-ikey
-okey
-icsum
-ocsum
-iseqno
-oseqno
The grev6tap kind supports additionally the network option
Typical network config for a GREv4 tunnel :
config interface 'gre'
option peeraddr '172.16.18.240'
option mtu '1400'
option proto 'gre'
option tunlink 'wan'
option zone 'tunnel'
Typical network config for a GREv4 tap tunnel :
config interface 'gretap'
option peeraddr '195.207.5.79'
option mtu '1400'
option proto 'gretap'
option zone 'tunnel'
option tunlink 'wan'
option network 'wlan_ap'
I added myself as maintainer for the moment; feel free to change.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 41897
This patch brings full dynamic vlan support to netifd that existed in hostapd.sh in Attitude Adjustment.
Signed-off-by: Joseph CG Walker <Joe@ChubbyPenguin.net>
[jow@openwrt.org: changed commit message, rebased on top of current hostapd.sh]
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41872
If the iface to scan on already is in ad-hoc, station or monitor mode
then do not spawn a temporary iface.
Also preventively disable IPv6 on temporary ifaces before bringing them
up to avoid potential security issues.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41830
So far iwinfo aborted a wifi scan attempt if the mac of the spawned
interface could not be changed. Change the code to try anyway - this
should fix wifi scanning on RaLink devices.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41826
the IB tries to run the enable target on all init.d scripts.
It fails when including the dsl_control helper. Check for existence
prior to the include.
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 41787
Properly parse and pass arbritary netmasks to iptables, this allows
specifying ranges like '::c23f:eff:fe7a:a094/::ffff:ffff:ffff:ffff' to
match the host part of an IPv6 address regardless of the currently active
IPv6 prefix.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41760
Split connection mark into two parts:
The lower nibble contains the confirmed conntrack mark which is not
generated by default/reclassify rules.
The upper nibble contains the current value specified by
default/reclassify rules.
For egress, the default/reclassify value is preferred
For ingress, the connection mark is preferred
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41682
The commit 92281eb747b56e748b7c3d754055919c23befdd4 broke fw3_ubus_addresses() so that
no addresses where returned at all, this caused fw3 to not emit NAT reflection rules
anymore.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41556
They should be unnecessary with fq_codel, and simplifying rules helps
with performance
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 41549
currently the keepalive option needs to be removed to fully disable it. this patch allows us to set it to 0.
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 41438
The preferred he.net /nic/update endpoint expects the password or updatekey in
plain text and not as md5 sum, therfore remove the hashing operation from the
script.
This effectively renders the "updatekey" option redundant but we keep it around
for backwards compatibility. Both "option password" and "option updatekey" will
have end up in the "&password=" parameter of the update url and are passed through
unmodified.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41358
this is still wip, you can use the following ubus calls.
ubus call mdns scan # triggers a scan
ubus call mdns browse # look at the currenlty cached records
ubus call mdns hosts # look at the currenlty cached hosts
TODO
- ipv6, currenlty AAAA records are handled but only on v4 sockets
- finish the service announce code
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 41345
Reworks the handling of RT_TABLE_MAIN in system-linux.c so that ip rules
with lookup main can be properly setup.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41282
* Add Authoritative DNS and IPSET to full variant
* Remove some bloat from IPSET support
* Reintroduce "DHCP no address warning"-patch
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 41246
Ship keys for the root zone and add two uci options to enable
DNSSEC checks:
Option 'dnssec': Activate DNSSEC validation
Option 'dnsseccheckunsigned': Ensure answers without DNSSEC are in
unsigned zones.
Signed-off-by: Andre Heider <a.heider@gmail.com>
SVN-Revision: 41245
This variant includes support for DHCPv6 and DNSSEC.
DNSSEC adds a dependency on libnettle.
Signed-off-by: Andre Heider <a.heider@gmail.com>
SVN-Revision: 41244
As documented in config.h.
Doing otherwise will break dnsmasq's pkg-wrapper script to find its
libs to link to.
Signed-off-by: Andre Heider <a.heider@gmail.com>
SVN-Revision: 41241
Fixed wpa_supplicant when the radio is in 40MHz mode so that it no
longer restarts hostapd with the second channel disabled.
Signed-off-by: Lance Chaney <furryfur1@gmail.com>
SVN-Revision: 41019
rsn_preauth is used outside of "case $auth_type", so if it is set
for an EAP-enabled SSID, it would also be set for the following
non-EAP-enabled SSIDs, because it would not be read again.
Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>
SVN-Revision: 41012
Let the first parameter of function config_get be local, because there
is a chance that config_get won't export the variable.
Signed-off-by: Zhao, Gang <gamerh2o@gmail.com>
SVN-Revision: 41000
In case of .11ac device the hwmode was not properly displayed.
This patch fixes it.
Signed-off-by: Marek Kwaczynski <marek.kwaczynski@tieto.com>
Signed-off-by: Bartosz Markowski <bartosz.markowski@tieto.com>
SVN-Revision: 40953
- The package does not compile at the moment. Since there is a new
upstream version avaiable, use this new source instead.
- Upstream has already included our both patches.
- This is only compile tested, since I do not own any test hardware.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 40940
It's quite unconveniet to remember which ports are used by which applications, especially for not so advanced users.
Together with luci patch (discussed on IRC) this improves qos-scripts usability.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
SVN-Revision: 40935
`own_ip_addr` is used by hostapd as NAS-IP-Address.
This is used to identify the AP that is requesting the authentication of the
user and could be used to define which AP's can authenticate users.
Some vendors implement only NAS-Identifier or NAS-IP-Address and not both.
This patch adds ownip as an optional parameter in /etc/config/wireless.
Signed-off-by: Thomas Wouters <thomaswouters@gmail.com>
SVN-Revision: 40934
allows to set PPP interface name manually via new
network interface option pppname.
If not set, default naming will be used (e.g. pppoe-eth0)
Signed-off-by: Ulrich Weber <uw@ocedo.com>
SVN-Revision: 40933
when disabling ipv6, the iptables build breaks without a manul clean or this patch
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 40916
Many of the 4G/LTE and 3G modems utilize the QMI-protocol to control the
modem. At the moment there is no support for them in OpenWrt. This
patch adds support for them in the form of a netifd script and a
control utility. Tested with Huawei E398 and ZTE MF820D (which requires
a delay of ~30 s before responding to QMI commands). I put myself up as
the maintainer, feel free to change this if you desire.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
SVN-Revision: 40868
DHCP entries in /etc/config/dhcp will not automatically create A or PTR
records. Add an "option dns" directive which appends an entry to
/tmp/hosts/dhcp to facilitate forward and reverse DNS lookups. For
instance, this item:
config host
option ip '192.168.0.10'
option mac '00:13:57:9b:df:02'
option name 'winpc'
option dns '1'
will add a corresponding entry to /tmp/hosts/dhcp:
192.168.0.10 winpc.lan
This keeps the hostname/IP/MAC in a single place, for easy maintenance.
Related: ticket #13854 reports an regression involving missing PTR
records when using "config domain" to define static DNS entries for
individual hosts. However, per Simon Kelley[1], the --address feature
used by "config domain" was never intended to generate DNS A records for
hosts. It would probably be better for the reporter to apply this patch,
and then use "config host" sections instead of "config domain" sections.
[1] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q4/002498.html
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 40799
This updates samba to the most recent minor version.
This patch is based on a patch by Anton van Bohemen <avbohemen@ziggo.nl>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 40618
This patch fixes compilation failure for hostapd when using eglibc 2.15.
Signed-off-by: Zachery Stoddard <zacherystoddard@gmail.com>
SVN-Revision: 40575
Gives the user the control to select the correct WAN IPv4 address to be used by the 6rd tunnel when mutiple WAN interfaces are configured
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 40566
This patch implements support for 802.11s protected mesh wireless networks (using authsae) in the netifd framework.
Until meshd-nl80211 implements a proper -P option for the PID file, this uses shell backgrounding in order to be able to get the PID for the process.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
SVN-Revision: 40497
r39995 introduced a new parameter wps_pbc_in_m1 to wifi wps config, but
apparently did not provide a default value 0.
When that option's non-existing value is later evaluated in
/lib/netifd/hostapd.sh, it causes the "bad number" error to be logged in
syslog if user has not set the wps_pbc_in_m1 option. The error materialises
only if user has enabled wps.
Sat Apr 12 13:25:01 2014 daemon.notice netifd: radio1 (1254): sh: bad number
Sat Apr 12 13:25:01 2014 daemon.notice netifd: radio0 (1253): sh: bad number
Discussion in bug 15508: https://dev.openwrt.org/ticket/15508#comment:3
Error is caused by line 282:
https://dev.openwrt.org/browser/trunk/package/network/services/hostapd/files/netifd.sh#L282
My patch sets the parameter's default value to 0, which does nothing. The
default might also be set a bit later in the function, but this felt like the
most clear place to do that.
Signed-off-by hnyman <hannu.nyman@iki.fi>
SVN-Revision: 40469
* atm module needs to be loaded before linux-atm
* use absolute firmware paths
* extended validation
* add a script for mounting an optional firmware partition
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 40460