With the default priority of 0, the DEU algos would be overlapped
by the generic algos (if available).
To fix this, set the cra_priority of the hardware algos to the
recommended value of 300/400.
Signed-off-by: Martin Schiller <mschiller@tdt.de>
Now that snapshot builds are only publishing SHA-256 checksums, it makes
sense to ship an appropriate utility for verification.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
PPP daemon can be put into persist mode meaning the
daemon will not exit after a connection gets terminated
but will instead try to reopen the connection.
The re-initiation after the link has been terminated
can be controlled via holdoff; this is helpfull in
scenarios where a BRAS is in denial of service mode
due to link setup requests after a BRAS has gone down
Following uci parameters have been added :
persist (boolean) : Puts the ppp daemon in persist mode
maxfail (integer) : Number of consecutive fail attempts which
puts the PPP daemon in exit mode
holdoff (interget) : Specifies how many seconds to wait
before re-initiating link setup after it has been terminated
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
src/linksys_bootcount.c misses to include stdint.h.
Apparently musl doesn't mind and includes this header by default,
but glibc does not and causes the build to fail.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
tools/env/fw_env.c misses to include stdint.h.
Apparently musl doesn't mind and includes this header by default,
but glibc does not and causes the build to fail.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
* Only parse interfaces that are up during init_config (as the
script depends on this to determine the proper IP/subnet range)
* Add reload interface triggers for samba-designated interfaces
* Force full service restart upon config change to ensure Samba
binds to new interfaces (sending HUP signal doesn't work)
* Rename "interface" variable to "samba_iface" and move into
global scope
Needed to fix Samba connectivity for clients connecting from a
different LAN subnet (e.g. pseudobridge configurations) due to the
'bind interfaces only' setting.
Signed-off-by: Conn O'Griofa <connogriofa@gmail.com>
When PKG_CONFIG_LIBDIR was unset in the environment, the configure
script was deducing the PKG_CONFIG_LIBDIR from the location of the
pkg-config binary, which doesn't make a lot of sense, and isn't done
by other autotools based packages.
Patch imported from the Buildroot project:
https://github.com/buildroot/buildroot/blob/master/package/ncurses/0001-fixup-pkg-config-handling.patch
Also refresh patches while we're at.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Due to an empty pi_ifname in the generic failsafe setup, the deconfig
never removed the failsafe networking interface, causing broken
networking later on.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Also configure the switch based on the failsafe config, and create the
failsafe interface as tagged if necessary.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
In preparation of properly setting up vlans and switches, add
support for configuring failsafe on a vlan tagged interface.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Move preinit interface and ip config to its own function to allow
calling it from more than one place.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Instead of board_detect generating the config as a side effect, let
config_generate call board_detect as needed.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
The security issues were reported by an anonymous researcher working with
Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Among other things, this compiles out support for peer caching.
The feature did not seem to work well in my testing of AP mode,
and totally breaks my own special use of station mode.
Briefly tested on ea8500.
Signed-off-by: Ben Greear <greearb@candelatech.com>
ath10k-ct driver was using bad defaults for 9980 if user
had not specified a fwcfg file to over-ride them.
Also, support configurable station-kickout-threshold,
which might work around issues with flakey connections.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix PKG_VERSION]
9pfs is used by kvm to share files between host and guest,
add proper config option to enable it.
Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
RADIUS accounting can be used even when RADIUS authentication is not
used. Move the accounting configuration outside of the EAP-exclusive
sections.
Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
The pi_* variables and the fs_failsafe_wait_timeout variable are set by
the CONFIG_TARGET_PREINIT_* config options. No need to maintain the same
values twice.
All other fs_ variables were never used.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Change the error message about missing SSL support to be more explicit by
mentioning required package names.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Changes include:
* Higher maximum transmit power in the 5170-5250 band of the BG
regdomain
* Introduction of the CU regdomain
* Introduction of the 5725-5875 band (short-range devices) in the DE
regdomain
* Introduction of 60 GHz channels 1-4 in the KR regdomain
* Introduction of the 5725-5875 band (short-range devices) in the NL
regdomain
Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
sysupgrade immediately reboots after flashing an image and doesn't
allow to unmount filesystems. At least in case the image used for
sysupgrade is stored on a FAT formatted usb flash drive, the following
warning is printed during the next mount of the flash drive:
FAT-fs (sda1): Volume was not properly unmounted. Some data may be
corrupt. Please run fsck.
Although a data corruption during read operations is unlikely, there is
no need to scare the users.
Signed-off-by: Mathias Kresin <dev@kresin.me>
/etc/init.d/boot tried to create /dev/root based on the kernel's
cmdline which won't work on any recent targets. Remove that code now
that fstools can detect the mounted rootfs based on
/proc/self/mountinfo and /dev/root was long gone anyway.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Targets that need switch drivers should select them in their kernel
config. This prevents some bloat from creeping into targets that don't
need switchdev/dsa
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Network drivers typically allocate memory in atomic context. For that to
be reliable, there needs to be enough free memory. Set the value
heuristically based on the total amount of system RAM.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
If option ist not set then ipv6 is still enabled on this Interface.
Check if variable is zero will fix this issue.
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
multiple invocation of dnsmasq script (e.g. by procd and hotplugd)
might cause procd to restart dnsmasq with an incomplete config file.
Config file generation might take quite a long time on larger configs
due ubus calls for each listening interface...
Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
Emits an initial event after the first link-up of a force_link
interface. This is needed for making the dnsmasq dhcp check more
reliable
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Open/close triggers array around service_triggers call to make using
multiple triggers easier to deal with.
The API was quite confusing, because some functions contained implicit
trigger open/close calls and some didn't.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Passing the hostname is currently broken in since the shipped busybox includes this commit:
https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?id=2017d48c0d70bef8768efb42909e605ea8eb5a21
Before:
Sun Jan 31 18:11:32 2016 daemon.notice netifd: Interface 'wan' is now down
Sun Jan 31 18:11:32 2016 daemon.notice netifd: Interface 'wan' is setting up now
Sun Jan 31 18:11:32 2016 daemon.notice netifd: wan (18158): udhcpc: option -h NAME is deprecated, use -x hostname:NAME
Sun Jan 31 18:11:32 2016 daemon.notice netifd: wan (18158): udhcpc: malformed hex string 'WR150'
After:
Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): udhcpc (v1.23.2) started
Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Sending discover...
Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Sending select for xxx.yyy.zzz.xyz...
Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Lease of xxx.yyy.zzz.xyz obtained, lease time 600
Signed-off-by: Merlijn Wajer <merlijn@wizzup.org>
Treat 'relayd' as an essential service to avoid connection interruptions during sysupgrade on devices configured as a pseudobridge.
Signed-off-by: Conn O'Griofa <connogriofa@gmail.com>
Fixes duplicate ubiblock entries being listed and improves
find_mount_point to also match against a block device's
major:minor numbers (needed e.g. for /dev/root).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Previous implementation was blocking the init and
breaking halt/reboot/sysupgrade (reported by Daniel Golle)
v2: use procd logging, use set -e + trap for error handling
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Tested-by: Daniel Golle <daniel@makrotopia.org>
This firmware has been lightly tested on non LEDE system
to date, and will be undergoing further testing and development.
Allow users to easily install this on their LEDE system as
they prefer.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The patch needed for this commit has been sent upstream:
https://github.com/openssl/openssl/pull/1155
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [add back bf and srp]
NPN has been superseded by ALPN so NPN is disabled by default
The patch has been sent to OpenSSL for inclusion, see
https://github.com/openssl/openssl/pull/1100
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
This patch gets rid of the booke watchdog kmod package.
Instead the affected boards will enable it in their
kernel configs.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
There seems to be a situation in which a rebuild of libpcap.so is triggered
in the install step of the libpcap Makefile. libpcap.so is the wrong
target, leading to the build failure reported in [1].
Fix the dependency of install-shared-so to $(SHAREDLIB) so the build can
succeed in this case.
[1] https://dev.openwrt.org/ticket/19894
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This lets one use the CT ath10k driver instead of the built-in
ath10k driver from the upstream kernel (or backports).
This should be a drop-in replacement, as well as enabling
better CT firmware support.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This reverts commit 31e5ed4152.
I've noticed some weird powersave related issues with this commit.
Revert until they've been fixed.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Removed socket options = TCP_NODELAY IPTOS_LOWDELAY
TCP_NODELAY (disables Nagle algorithm) is default since samba2.
IPTOS_LOWDELAY sets DSCP 0x10 coding (CS2)
The alternate IPTOS_THROUGHPUT sets DSCP 0x08 coding (CS1)
CS1 is a scavenger class, whilst CS2 is more OAM/interactive
(SNMP,SSH,syslog)
Using CS2 is definitely an abuse of DSCP classification, CS1 less so
however even if the ISP takes note of DSCP codings having a default that
sets traffic to CS2 is wrong. Better to use the default Best Effort
class.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
iftop would display portions of mac address with large ffffff prefixes.
Make if_hw_addr type consistent.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Move logging command line option to uci:
option verbose [0]/1/2 - mono-syllabic/verbose/noisy
Previously handled as 'OPTIONS' in .init script however variable
was ignored so never worked.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
To work correctly hostapd requires wireless driver to allow interfaces
removal. It was working with brcmfmac only partially. Firmware for
BCM43602 got some special hack (feature?) that allowed removing all
interfaces by disabling mbss mode. It wasn't working with BCM4366
firmware and remaining interfaces were preventing hostapd from starting
again.
Those patches add support for "interface_remove" firmware method which
works with BCM4366 firmware and they make it finally possible to use
BCM4366 & brcmfmac & multiple interfaces.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
There are multiple prism54/p54 firmware versions for different
drivers and devices. Therefore, assigning the package version
of all the different firmware packages on the old prism54
firmware could break if any of the p54 firmwares are updated
and we need to roll out new packages.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[removed PKG_VERSION]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Removed some options which are default anyway and added bind interfaces
only which causes the interfaces line to actually have an effect. Can be
verified with netstat.
Signed-off by: Rosen Penev <rosenp@gmail.com>
px5g has been listed as a blocker for switching to new mbedtls
as the default, therefore make and mbedtls variant of px5g so
that an new mbedtls-only image can be created.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
This reverts commit abf0768131.
The description is wrong, there is no recursive dependency here. The
conditions were added intentionally to avoid bogus build dependencies.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Commit d9b20a6f35 (SVN r48426) changed the
mac80211 phy lookup logic to strip the platform/ directory component from
the phy path specification.
Fix iwinfo to follow that logic by trying to lookup phys both with and
without "platform/" prefix.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
On OS X systems, the compilation of e2fsprogs fails at subst.c due to a
missing sys/stat.h include:
subst.c:333:14: error: variable has incomplete type 'struct stat'
struct stat stbuf;
^
subst.c:333:9: note: forward declaration of 'struct stat'
struct stat stbuf;
^
subst.c:392:8: warning: implicit declaration of function 'fstat' is invalid in C99
[-Wimplicit-function-declaration]
if (fstat(fd, &stbuf) == 0) {
^
subst.c:438:12: warning: implicit declaration of function 'fchmod' is invalid in C99
[-Wimplicit-function-declaration]
(void) fchmod(ofd, 0444);
^
2 warnings and 1 error generated.
make[3]: *** [subst.o] Error 1
Declare the nescessary HAVE_SYS_STAT_H macro to include the required header in
order to avoid the undeclared stat structure.
Tested-By: David Thornley <david.thornley@touchstargroup.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Two variants incorrectly include themselves in
conditional depends on ssl libraries, which results
in a recursive dependency.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
This allows gpiolib to re-use ath9k's devicetree node as GPIO
controller.
Example:
ath9k: ath9k@0 {
#gpio-cells = <2>;
gpio-controller;
}
Now the ath9k node can be used just like any other GPIO controller:
gpios = <&ath9k 1 GPIO_ACTIVE_HIGH>;
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
This enables ath9k's built-in GPIO controller for all chip versions
(instead of an explicit whitelist). This also allows us to get rid of
some duplicate code between hw.c and gpio.c because hw.c already
determines the number of GPIOs.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
This folds 550-ath9k_add_ar9280_gpio_chip.patch into
548-ath9k_enable_gpio_chip.patch because the former patch only extends
code which is introduced in the latter.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Use first caldata for devices without OTP. The driver uses the caldata
instead of the board.bin data anyway
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Small cleanup. I initially though /dev/kmsg was used for dmsg(and journald
on desktops) but this seems not to be the case. dmsg is still accessible
as non-root(gives output) which begs the question what does this do? Some
googling reveals that permissions are set to 600 for some embedded systems
while 644 for others. I can't find any justification for the latter. Might
as well err on the side of caution.
Signed-off by: Rosen Penev <rosenp@gmail.com>
This package is a custom build(like ubi-utils) of mtd-utils from infradead.org
It is required to work with Mikrotik NAND based devices
Signed-off-by: Sergey Sergeev <adron@yapic.net>
This adds this commit from normal libnl to libnl-tiny:
2dbc1ca76c
commit 2dbc1ca76c5b82c40749e609eb83877418abb006
Author: dima <dima.ky@gmail.com>
Date: Wed Oct 13 17:53:34 2010 +0300
Generic Netlink multicast groups support
I have a patch against commit d378220c96c3c8b6f27dca33e7d8ba03318f9c2d
extending libnl with a facility to receive generic netlink messages sent
to multicast groups.
Essentially it add one new function genl_ctrl_resolve_grp which
prototype looks like this
int genl_ctrl_resolve_grp(struct nl_sock *sk, const char *family_name,
const char *grp_name)
It resolves the family name and the group name to group id. Then
the returned id can be used in nl_socket_add_membership to subscribe
to multicast messages.
Besides that it adds two more functions
uint32_t nl_socket_get_peer_groups(struct nl_sock *sk)
void nl_socket_set_peer_groups(struct nl_sock *sk, uint32_t groups)
allowing to modify the socket peer groups field. So it's possible to
multicast messages from the user space using the legacy interface.
Looks like there is no way (or I was not able to find one?) to modify
the netlink socket destination group from the user space, when the
group id is greater then 32.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cosmetic style fix]
The pps-ldisc kernel module supports Pulse-Per-Second connected with the CD (Carrier Detect) pin.
Signed-off-by: Stephen Walker <stephendwalker+github@gmail.com>
This changes the default permissions for /dev entries to be more similar to
a desktop distro. Taken from the defaults of Arch Linux and Ubuntu. Also
changed some that were nonsensical. For example, all 660 permissions on
desktop distros were of the form root:x where x is something other than
root. As such, 660 is useless for LEDE where the specific group is missing.
audio seems to be the only group that isn't.
Signed-off by: Rosen Penev <rosenp@gmail.com>
This commit:
1) seed /dev/urandom with the saved seeds as early as possible
(see /lib/preinit/81_urandom_seed)
2) save a seed at /etc/urandom.seed if it doesn't exists
3) save a new seed each boot at "system.@system[0].urandom_seed"
(see /etc/init.d/urandom_seed)
We use getrandom() so we are sure /dev/urandom pool is initialized
Seed size is 512 bytes (ie /proc/sys/kernel/random/poolsize / 8)
it's the same size as in ubuntu 14.04 and all systemd systems
Seeding /dev/urandom doesn't change entropy estimation, so we still have
"random: ubus urandom read with 4 bits of entropy available"
messages in the logs, but we can now ignore them if
after "urandom-seed: Seeding with ..." message
Saving a new seed on each boot is disabled by default to avoid too much
writes without user consent
v2: log preinit messages to /dev/kmsg
v3: use non generic function name for logging, as /lib/preinit/ files
are all sourced together in /etc/preinit
v4: after a lot of discussion on the ML, use a uci config param
v5: config param is now the path of the seed
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
OpenWrt enables XATTR support pretty much universally, therefore
for filesystems that a loaded as modules also enable XATTR support
so that there are no unexpected missing capabilities.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>