Packets which are merely forwarded by the router and which are neither
involved in any DNAT/SNAT nor originate locally, are considered INVALID
from a conntrack point of view, causing them to get dropped in the
zone_*_dest_ACCEPT chains, since those only allow stream with state NEW
or UNTRACKED.
Remove the ctstate restriction on dest accept chains to properly pass-
through unrelated 3rd party traffic.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Use ubus process signalling instead of 'kill pidof dnsmasq' for
SIGHUP signalling to dnsmasq when ntp says time is valid.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Most mac80211 drivers leave the SMPS field in the HT capabilities
uninitialized (unfortunately defaults to static SMPS), which leads to
some devices limiting themselves to single-stream rates in some modes
(mostly mesh and IBSS).
Signed-off-by: Felix Fietkau <nbd@nbd.name>
For 988X, 9980, 9984 CT firmware.
This should allow IBSS + RSN on at least the 988X firmware,
and includes recent stability fixes for all firmware.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This at least makes it harder to hit some txq related
crashes on firmware restart, a potential memory leak,
and some other fixes.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This causes problem when a FQDN is configured in /etc/config/system. The
domain name will appear twice in reverse DNS.
Next to that, there seems to be a bug in dnsmasq. From the manual page:
--interface-name=<name>,<interface>[/4|/6]
Return a DNS record associating the name with the primary address
on the given interface. This flag specifies an A or AAAA record for the
given name in the same way as an /etc/hosts line, except that the address
is not constant, but taken from the given interface. The interface may be
followed by "/4" or "/6" to specify that only IPv4 or IPv6 addresses
of the interface should be used. If the interface is down, not configured
or non-existent, an empty record is returned. The matching PTR record is
also created, mapping the interface address to the name. More than one name
may be associated with an interface address by repeating the flag; in that
case the first instance is used for the reverse address-to-name mapping.
It does not just create an A/AAAA record for the primary address, it creates
one for all addresses. And what is worse, it seems to actually resolve to the
non-primary address first. This is quite annoying when you use floating IP
addresses (e.g. VRRP), because when the floating IP is on the other device,
SSH failes due to incorrect entry in the known hosts file.
I know that this is not a common setup, but it would be nice if there was an
option to restore the previous behaviour, rather than just forcing this new
feature on everybody.
Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Delete the map-t device when tearing down the map-t interface; as such
there's no conflict when the map-t interface comes up again when trying
to add the map-t device as the map-t device was still present
(Can not add: device 'map-wan6_4' already exists!).
Only call ifdown in teardown for map-e and lw6o4 map interfaces types
in order to suppress the trace "wan6_4 (6652): Interface wan6_4_ not found"
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This reverts the following commits:
fbe522d120278ad007ee863888e44f96daf6352fcfd83555fc
This seems to trigger some mconf bugs when built with all feeds
packages, so I will try to find a less intrusive solution before the
release.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
wpa_supplicant allows only SAE as the key management
type for mesh mode. The recent key_mgmt rework unconditionally
added WPA-PSK - this breaks interface bringup and wpa_s
throws this error message:
Line 10: key_mgmt for mesh network should be open or SAE
Line 10: failed to parse network block.
Failed to read or parse configuration '/var/run/wpa_supplicant-wlan0.conf
Fix this by making sure that only SAE is used for mesh.
Signed-off-by: Sujith Manoharan <m.sujith@gmail.com>
The gettext-full host build might pick up iconv-stub host build headers
during the build, leading to stray linker errors with unresolved references
to libiconv_open(), libiconv() and libiconv_close().
Since we're not needing iconv support on the host, pass the appropriate
cache variables to configure to prevent detection and linking of iconv.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Cleanup to prepare for changing STAGING_DIR_HOSTPKG. The actual change of
STAGING_DIR_HOSTPKG (i.e., moving the host packages back into a common, not
target-specific directory) will be done after the first LEDE release, but
the cleanup will also be useful for projects like Gluon.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This code was marked as incompatible to Linux 4.4 well over a year ago
and nobody cared, and now it's breaking builds.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Current board-2.bin file for qca9984 in Kvalo's repo is from branch
10.4-3.2, while board-2.bin file in code-aurora repo is newer and
corresponds to the branch 10.4-3.3, the same as recently updated firmware.
Considering that it's better to have all parts from the same branch
we are updating board-2.bin as well.
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
It has never been used by default (due to being too bloated), and it is
properly replaced by usign (which has been the default for a long time
now).
Remove this feature to simplify the build system
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Enabling this makes it possible to query LLDP neighbors via SNMP.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Since mtd-utils embeds ubi-utils and ubi-utils depends on @NAND_SUPPORT, we
cannot share this package among targets as the SDK processing the package is
not guaranteed to claim NAND_SUPPORT.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add option keep_ra_dnslifetime which will preserve the received
lifetime for RDNSS and DNSSL RA records and not overwrite it
by the RA router lifetime as specified in RFC6106.
This allows to accept RDNNS records from RAs that don't announce
a default route by setting router lifetime to 0 in the RAs.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
ef3c563 dhcpv6-ia: filter out prefixes having invalid length
16cd87e dhcpv6-ia: fix dereference after freeing assignment
d6b0c99 dhcpv6-ia: log only IPv6 addresses which are effectively
assigned to a DHCPv6 client
08a9367 config: respect ignore uci option
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Fix bug in deflate_stored() for zero-length input
* Fix bug in gzwrite.c that produced corrupt gzip files
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
This property allows specifying extra limits for wireless device in DT.
For a full documentation see upstream commit b330b25eaabd ("dt-bindings:
document common IEEE 802.11 frequency limit property").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
'add_local_hostname' previous implementation may drop some addresses.
Soft addition of IP6 addresses may not cause a reload or restart event.
dnsmasq '--interface-name' robustly applies DNS to all addresses per
interface (except fe80::/10).
Change UCI 'add_local_hostname' to expand during each interface assignement
during add_dhcp().
Assign '<iface>.<host>.<domain>' as true name (reflexive A, AAAA, and PTR).
Assign '<host>.<domain>' and '<host>' as convinience aliases (no PTR, not
technically CNAME).
This is accomplished with the '--interface-name' order, first is PTR.
We could also assign each <ip4/6>.<iface>.<host>.<domain> to the respective
dual stack on the interface.
That seemed excessive so it was skipped (/4 or /6 suffix to the interface).
Add UCI 'add_wan_hostname' similar to 'add_local_hostname' function for
external WAN.
WAN IP4 are less often named by the ISP and rarely WAN IP6 due to complexity.
For logs, LuCI connection graph, and other uses assigning a WAN name is desired.
'add_local_hostname' only applies with DHCP and 'add_wam_hostname' only applies
without DHCP. Common residential users will want to set both options TRUE.
Businesses will probably have global DNS, static IP, and 'add_wan_hostname' FALSE.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
While at it, the following changes are introduced
- Rewrite the Makefile for better readability
- Make parallel builds possible
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This reverts commit 528f46d082.
After this commit, several users reported stability issues. Revert it
now so it doesn't cause issues for the upcoming release
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add DHCPv6 matching by DHCP Unique Identifier (RFC-3315) in addition to
existing MAC-address (RFC-6939). The latter is not widely supported yet.
Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
Enable support for stronger SHA256-based algorithms in hostapd and
wpa_supplicant when using WPA-EAP or WPA-PSK with 802.11w enabled.
We cannot unconditionally enable it, as it requires hostapd to be
compiled with 802.11w support, which is disabled in the -mini variants.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
Now that wpa_key_mgmt handling for hostapd and wpa_supplicant are
consistent, we can move parts of it to a dedicated function.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
Rework wpa_key_mgmt handling for wpa_supplicant to be consistent with
how it is done for hostapd.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
This commit modifies the /lib/netifd/proto/gre.sh script so that, when
GRE-TAP tunnels are created, either IPv4 or IPv6, the prefix before the chosen
interface name contains the "tap" substring, to differentiate them from non-TAP
GRE tunnels.
Right now, both GRE and GRE-TAP tunnel (either IPv4 or IPv6) interfaces defined
in /etc/config/network are named equally ("gre-"+$ifname or "grev6"+$ifname)
upon creation. For instance, the following tunnels:
config interface 'tuna'
option peeraddr '172.30.22.1'
option proto 'gre'
config interface 'tunb'
option peeraddr '192.168.233.4'
option proto 'gretap'
config interface 'tunc'
option peer6addr 'fdc5:7c9e:e93d:45af::1'
option proto 'grev6'
config interface 'tund'
option peer6addr 'fdc0:6071:1348:31ff::2'
option proto 'grev6tap'
are named, respectively, "gre-tuna", "gre-tunb", "grev6-tunc" and "grev6-tund".
The current change makes that each GRE tunnel interface of the four different
types available (gre, gretap, grev6 and grev6tap) gets a different prefix.
Therefore, the abovementioned tunnels will be named, respectively:
"gre4-tuna", "gre4t-tunb", "gre6-tunc" and "gre6t-tund".
This is coherent with other types of virtual interfaces (i.e. PPP, PPPoE, PPPoA)
where the whole protocol name is used. For instance, a PPPoA interface named
"p1" and a PPPoE interface named "p2" will respectively appear as "pppoa-p1"
and "pppoe-p2", not as "ppp-p1" and "ppp-p2").
Since Linux interfaces names are limited to 15 characters, these prefixes leave,
for the worst case (TAP tunnels), 9 characters for the actual name.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Other changes:
- Project moved to sourceware.org
- musl patch where cleaned up and submitted upstream
- TEMP_FAILURE_RETRY macro fixed and submitted upstream
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[Jo-Philipp Wich: add missing .patch extension to 007-fix_TEMP_FAILURE_RETRY]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Brings in the following changes:
84b530a732b1 libfstools: Check return values for fread and system
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Brings in the following changes:
52d955fd802a remove obsolete mac os x /opt/local include/library search path
a4e49b4163b2 Fix unused results warnings
48cfff3fbec9 uclient-http: send correct "Host:" header if port is set
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Increasing CONFIG_SYS_BOOTM_LEN from 8 MB to 16 MB is necessary to
support uncompressing images larger than 8 MB when using the bootm
command.
Signed-off-by: Mathias Kresin <dev@kresin.me>
currently (after blogic's edit to my commit) it prints like this:
root@lede:/# service aa
aa does not exist. the following services are available :adblock dnsmasq gpio_switch rpcd system
boot done led sqm uhttpd
crelay dropbear log sysctl umount
cron firewall network sysfixtime urandom_seed
ddns fstab odhcpd sysntpd
which looks pretty bad, and is even worse if someone writes only "service" without arguments, as it will print " does not exist. " which is confusing.
with this commit it looks like this:
root@lede:/# service
service "" not found, the following services are available:
adblock dnsmasq gpio_switch rpcd system
boot done led sqm uhttpd
crelay dropbear log sysctl umount
cron firewall network sysfixtime urandom_seed
ddns fstab odhcpd sysntpd
Yes there is some play with " and ', it is to display "name" or just "" if no service name is entered (like in the example).
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
bnx2 driver support for the x86 architecture. Includes module and
firmware for Broadcom BCM5706/5708/5709/5716 ethernet adapters.
Signed-off-by: George Amanakis <g_amanakis@yahoo.com>
This fixes the folowing security problems:
CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
CVE-2016-9594: unititialized random
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently both libustream-polarssl and libustream-mbedtls
variants define themselves as the DEFAULT_VARIANT
Remove extra DEFAULT_VARIANT from libustream-polarssl.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Later OpenVPN 2.3-openssl versions only enable
TLS cipher suites with perfect forward secrecy, i.e. DHE and ECDHE
cipher suites. ECDHE key exchange is not supported by
OpenVPN 2.3-openssl, enable DHE key exchange to allow LEDE
OpenVPN 2.4-mbedtls clients to connect to such servers.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Reported-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reported-by: Lucian Cristian <luci@createc.ro>
Secp384r1 is the default curve for OpenVPN 2.4+. Enable this to
make OpenVPN-mbedtls clients able to perform ECDHE key exchange
with remote OpenVPN 2.4-openssl servers that use the default
OpenVPN curve.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
An external reset patch for AR955x accidentally led to external reset
being issued twice on AR913x, once before the RTC reset and once after.
This may be causing some stability issues.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit was added to improve reset time on old SoC devices that run
into chip hangs more frequently. However with the more recent addition
of full WMAC reset on these chips, it could be problematic.
Drop this patch to ensure that DMA activity is really stopped before the
chip reset is issued
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Opkg's builtin decompression code is unsuitable to process nested archives as
it uses a single shared state and relies on undefined seek behaviour for pipes.
Rework the extraction logic to use the external gzip command as I/O filter for
decompressing data and remove the builtin inflate code entirely.
This shrinks the final opkg binary by about 4KB and results in less runtime
memory consumption due to efficient use of vfork() and less copy-on-write
operations in the forked child.
Rework by Felix: create a thread that relays data to the gzip process
instead of using a fragile poll loop
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The external script used to generate the package lists for the
LEDE wiki's table of packages [1] and package indexes [2] requires
a "Source:" field in the package lists to find package makefiles.
The package makefiles are used to read the package's Category and Submenu.
The "Source:" field was removed in commit
b4aa3c899c
to reduce package list sizes and lessen opkg issues in low ram devices.
Add a separate package list file with full data to be used by the wiki's script.
It's called Packages.manifest and isn't compressed as it's not necessary.
1. https://lede-project.org/packages/start
2. https://lede-project.org/packages/index/start
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Opkg's builtin decompression code is unsuitable to process nested archives as
it uses a single shared state and relies on undefined seek behaviour for pipes.
Rework the extraction logic to use the external gzip command as I/O filter for
decompressing data and remove the builtin inflate code entirely.
This shrinks the final opkg binary by about 4KB and results in less runtime
memory consumption due to efficient use of vfork() and less copy-on-write
operations in the forked child.
Rework by Felix: create a thread that relays data to the gzip process
instead of using a fragile poll loop
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
64a655d proto: allow configuring deprecated static IPv6 addresses
c99182e remove obsolete /opt/local prefix on Mac OS X
0249d5f system-linux: Don't set gre tunnel ttl by default to 64 (#FS312)
edc15ca ubus: Display the IPv6 prefix assigned address
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
We do not have the needed platform support for VOICE_CPE_VMMC_PMC. The
vmmc driver will not compile with this option activated.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add patches provided upstream [1] by Fabio Berton to fix error:
> ./gencode.c: In function 'pcap_compile':
> ./gencode.c:693:8: error: 'compiler_state_t {aka struct _compiler_state}' has no member named 'ai'
> cstate.ai = NULL;
> ^
> ./gencode.c: In function 'gen_gateway':
> ./gencode.c:4914:13: error: 'cstate' undeclared (first use in this function)
> bpf_error(cstate, "direction applied to 'gateway'");
> ^
[1] https://github.com/the-tcpdump-group/libpcap/pull/541
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Tested-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
add possibility to set the facility to which dnsmasq will send syslog entries, i.e. set it to '/dev/null' to mute dnsmasq output at all.
Signed-off-by: Dirk Brenken dev@brenken.org
Before the rewrite, uhttpd-mod-tls used to contain a tls plugin.
Afterwards it was left in for compatibility reasons, but given how much
has changed, and that we're about to change the default SSL
implementation again, it's better to just drop this now
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit 0d4f02dfd6, which was
obviously untested. git downloads cannot handle multiple URLs at the
moment.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
- Source updated to fix noise level, DTS
- Added support for BB and RF
Tested working on WRT1900ACv1 (mamba) kernel 4.4.38. No regressions found.
Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix mirror hash]
A new firmware that is available on code-aurora repository is newer
than in Kvalo's repo.
Taking into account that firmwares that are in Kvalo's repo are considered
to be tested by internal QCA team, this one seems to be more stable
and fixes this bug:
ath10k_pci 0000:01:00.0: received unexpected tx_fetch_ind event: in
push mode
At least i havent faced it for a while in contradiction to current version.
Thus switching firmware source for qca9984 until it or a newer version
gets into Kvalo's repo.
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
Sometimes I'm getting error on the host-side build:
```
/usr/lib64/gcc/x86_64-suse-linux/4.8/../../../../x86_64-suse-linux/bin/ld: /home/sandu/work/lede/staging_dir/host/lib/liblzma.a(liblzma_la-common.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
/home/sandu/work/lede/staging_dir/host/lib/liblzma.a: error adding symbols: Bad value
collect2: error: ld returned 1 exit status
Makefile:2847: recipe for target 'libgettextlib.la' failed
make[9]: *** [libgettextlib.la] Error 1
make[9]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl-1.1.15/host/gettext-0.19.8.1/gettext-tools/gnulib-lib'
Makefile:2597: recipe for target 'all' failed
```
Disabling the shared-lib build, seems to fix this.
This is when building glib2 on the host-side.
glib2 is required by newer QEMU package [which is in the feeds].
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This adds a patch that introduces airtime fairness scheduling to ath9k,
which can significantly improve network efficiency in mixed-rate
environments.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
OpenVPN 2.4 builds with mbedTLS 2.x, rename openvpn-polarssl
variant to openvpn-mbedtls.
Some feature highlights:
* Data channel cipher negotiation
* AEAD cipher support for data channel encryption (currently only
* AES-GCM)
* ECDH key exchange for control channel
* LZ4 compression support
See https://github.com/OpenVPN/openvpn/blob/master/Changes.rst
for additional change notes.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Build seems to fail with:
```
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for X:
* grev4 *
* opkg_install_cmd: Cannot install package X
```
After adding an empty install rule, the failure goes away.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
uqmi has the possibility to allow the modem to start a regsitration
process only to this specified plmn
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Let dnsmasq reread the leasefile by using procd_send_signal
which triggers procd to send SIGHUP kill signal by default
if signal is not specified
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This allows users of this package to configure DFS channels.
It mimics the behaviour of the ath10k module included in
package mac80211
Signed-off-by: Andy Strohman <andrew@andrewstrohman.com>
This seems to occur when gettext-full is built on the host-side
and the autoreconf stuff re-generates some of the build files,
except for the po/Makefile.in.in
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Even though these fonts may not be installed, they seem to be
generated at build time.
Seems that the configure script re-generated from configure.ac
is a bit more annoying than it has to be.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Reboot of: a0ea22ac43
Reverted: 3c52cbfa53
The host-side build of grub2 requires this sometimes.
This will re-generate the ./configure script from configure.ac.
I don't know the conditions of how this reproduces, it just
sometimes appears, and sometimes doesn't.
Build error
```
<lede-dir>/build_dir/target-x86_64_musl-1.1.15_yogi/host/grub-2.02~beta2/build-aux/missing: line 81: aclocal-1.14: command not found
WARNING: 'aclocal-1.14' is missing on your system.
You should only need it if you modified 'acinclude.m4' or
'configure.ac' or m4 files included by 'configure.ac'.
The 'aclocal' program is part of the GNU Automake package:
<http://www.gnu.org/software/automake>
It also requires GNU Autoconf, GNU m4 and Perl in order to run:
<http://www.gnu.org/software/autoconf>
<http://www.gnu.org/software/m4/>
<http://www.perl.org/>
Makefile:3962: recipe for target 'aclocal.m4' failed
```
Adding PKG_FIXUP adds sanity (i.e. autoreconf is used for host & target
builds) over just using HOST_FIXUP.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Update to latest upstream HEAD:
- Refreshed all
- Delete patches and parts which made it upstream
Compile tested Full & Mini configs
Run-tested Mini config
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [another update, remove broken patch]
This partially reverts commit 15734b023b.
--enable-stunnel was actually important and properly described in
commit 9b118cde89. Removing it broke ustream-cyassl
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add procd_send_signal which allows to send an optional specified
kill signal to one specified or all instances of a given service.
By default SIGHUP is sent if no signal is specified
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This adds support for install-overlay define. When used in package it
allows installing files to a special directory that gets copied to the
root when installing it.
It allows overwriting files provided by other packages.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
If _GNU_SOURCE was added as part of a package's TARGET_CFLAGS,
then compilation would fail for that module (especially if
warnings get treated as errors).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Follow upstream cake:
diffserv3: a simple 3 tin classifier more in line with sqm-scripts
defaults for other qdisc algorithms.
defaults: default qdisc options are now diffserv3 and triple-isolate.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Update tc to track upstream cake changes:
diffserv3 - a simple 3 tin classifier
Also make diffserv3 and triple-isolate default
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
More and more platforms are multicore SoCs, don't enforce singlethreading.
Drop stunnel option as stunnel code isn't available for download from upstream website.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Add .cis firmware for Sierra Wireless Aircard GPRS/3G PCMCIA modems:
- Aircard 555
- Aircards 7xx
- Aircards 8x0
There is a package named sierra-pcmcia in obsoleted repository for
packages at git.openwrt.org but there's no reason to reintroduce it in
current packages repo because these files are part of upstream
linux-firmware.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Allow to load .cis firmware updates from userspace. Some of PCMCIA cards
need to update Card Information Structure (CIS) to work properly.
Signen-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Few minor code formatting style fixes, including:
- keep one board per line
- always use "|\" (for consistency)
- remove redundant double quotes and empty lines
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Add uqmi 'sync' command call to release stalled cid when preparing to
setup new connection. As a result it prevents 'POLICY MISMATCH' errors.
Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
8ceeab6 uqmi: Change returned value to QMI_CMD_REQUEST for 'sync' command.
1dc7be1 uqmi: Add sync command to release all cids.
Signed-off-by: John Crispin <john@phrozen.org>
It's useful when using multiple usb devices that should be bound to
certain usb ports. Symlinks are created by hotplug handlers.
Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
It's useful when using multiple usb devices that should be bound to
certain usb ports. Symlinks are created by hotplug handlers.
Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
The build system only accepts Package/<name>/description and since the
typoed version virtually has the same content as the TITLE field, remove
them altogether
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This adds a patch that introduces airtime fairness scheduling to ath9k,
which can significantly improve network efficiency in mixed-rate
environments.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The patch commit states:
"It's possible to make scanning consume almost arbitrary amounts
of memory, e.g. by sending beacon frames with random BSSIDs at
high rates while somebody is scanning.
Limit the number of BSS table entries we're willing to cache to
1000, limiting maximum memory usage to maybe 4-5MB, but lower
in practice - that would be the case for having both full-sized
beacon and probe response frames for each entry; this seems not
possible in practice, so a limit of 1000 entries will likely be
closer to 0.5 MB."
Signed-off-by: Johannes Berg <johannes.berg@intel.com>"
This patch was added in 4.4.36. But because LEDE backports
cfg80211, mac80211 and the wifi drivers separately, it needs
to be added manually for now. It can be dropped later as it
will be part of the next mac80211 refresh.
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
This is intended to be used for a wide array of package sanity checks.
The first check that is implemented is for the hash of downloaded files.
It checks:
- Missing hash
- Use of SHA256 instead of MD5
- dl/<file> hash not matching hash in makefile
- deprecated MD5SUM variable
The deprecated MD5SUM variable check is skipped for feeds/ until OpenWrt
is updated as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This works around deadlock and/or memory corruption during
firmware crash and improves ability to configure number of
tids in firmware.
Signed-off-by: Ben Greear <greearb@candelatech.com>
CT firmware files use the same filename with a different URL for
different chips. Since all files end up in dl/, filenames need to be
unique as well.
Add a chip prefix to the output filename to fix this issue.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The SIGHUP also got sent to the reload script making it bail out
with an error
Revert "dnsmasq: reload config if host name is modified"
This reverts commit 854459a2f9.
Reported-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
The sha256sum was not updated in the last commit.
Fixes: a7c231027 [odhcpd: Fix dnsmasq re-reading hostfile]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Calling a build ##.##-CURRENT might mislead users into thinking that this
build is the most current release of a branch.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Currently, installing kmod-sdhci fails with "sdhci is already loaded" since
"sdhci.ko" is inserted explicitely first, the implicitely loaded again when
"sdhci-pltfm.ko" is inserted as the latter depends on the former.
Remove the explicit autoprobe of "sdhci.ko" to fix the postinstall script.
Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This will avoid loading it in the default configuration, which reduces
image size a bit, and (more importantly) improves performance by
avoiding some unnecessary netfilter hooks
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Update libpcap to upstream release 1.8.1
Change the name from libpcap.so.1.3 to libpcap.so.1
Remove parts of patch 201 which moved code among src files.
Import patch 204 from Debian to update the USB path.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix parallel build bug]
this package references an undefined variable for its submenu.
Remove this NOP variable assignment.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
this kernel module currently does not set submenu.
Fix this by adding it to the "Others" submenu
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Add support for specifying a call profile index instead of APN. A
specific index different from 1 must be used for some service
provider and modem combinations.
In addition, change the manufacturer detection to use the standard
AT+CGMI command, which produces more predictable output than ATI,
remove the redundant ipv6 option, since it is less ambiguous to
directly specify the PDP context type with mobile connections, and
fix missing device during teardown when using ncm through the wwan
proto.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
Update uqmi to latest version, which brings about support for
specifying a call profile index instead of APN. A specific index
different from 1 must be used for some service provider and modem
combinations.
Also change option dhcp to dhcpv6, since IPv4 now always uses DHCP,
replace option ipv6 with pdptype, which is less ambiguous, and
make autoconnect optional and default it to off for IPv6 due to it
not working with statically configured IPv6.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
Harmonise handling of DEFAULT_PATH by removing the patch introducing #ifndef
guards around the path, and only using one means to set the path in the
makefile.
Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>
Update procd to latest HEAD in order to introduce support for services signals:
- Adds a new service.signal ubus call to send a kill() signal to one or all
running instances of a given service
- Adds a new "reload_signal" property which allows service init scripts to
request procd to send a specific kill() signal on reload, instead of
stopping and restarting running processes
Also fixes some potential memory leaks reported by cppcheck and an environment
variable corruption in the trace command.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The xt_id match was used by the firewall3 package to track its own rules but
the approach has been changed to use xt_comment instead now, so we can drop
this nonstandard extension.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update to current HEAD in order to drop automatic generation of per-zone
NOTRACK rules.
The NOTRACK rules used to provide a little performance improvement but the
later introduction of the netfilter conntrack cache made those rules largely
unnecessary. Additionally, those rules caused various issues which broke
stateful firewalling in some scenarios.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Depending on the dhcp uci config pidof dnsmasq can return
multiple pids. Fix re-reading of the hostfile by dnsmasq in
such case by sending SIGHUP signal to each of the returned
pids.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Let dnsmasq read all hosts files in /tmp/hosts directory by specifying
/tmp/hosts as argument of --addn-host
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Support new packet overhead passing paradigm in cake qdisc, also restore
DSCP wash/nowash keywords.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Track upstream changes, incl changes in packet overhead accounting
(automatically taking care of linux' packet sizing knowledge),
improvements to triple isolated DRR handling (new flow dominance),
statistics tweak & allow more packet drops in stressed conditions.
Under tests this has significantly improved latency control under
'many flows to one' scenarious as is typical of bittorrent and MS
Windows update.
I also restored 'DSCP washing' functionality in my repo which follows
upstream closely (like a hawk!) with tc keywords 'wash/nowash'. This
allows cake to limit/control packets in bands determined by a packet's
DSCP but to clear those DSCP bits on qdisc egress. This functionality
was originally removed as part of an attempt to push cake into the
kernel, which hasn't actually happened as yet.
A matching commit is required to iproute2/tc to support the new overhead
handling, keyword changes as well as the 'wash/nowash' tweak.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>