a left over from the dnsmasq jail testing
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45058 3c298f89-4303-0410-b956-a3cf2f4a3e73
To enable 802.11r, wpa_key_mgmt should contain FT-EAP or FT-PSK. Allow
multiple key management algorithms to make this possible.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45050 3c298f89-4303-0410-b956-a3cf2f4a3e73
The 802.11r implementation in hostapd uses nas_identifier as PMK-R0 Key
Holder identifier. As 802.11r can also be used with WPA Personal, nasid
should be appended to the hostapd config for all WPA types.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45049 3c298f89-4303-0410-b956-a3cf2f4a3e73
'hostapd-common' is needed by all of the variants for wifi to function
correctly (a number of the target profiles simply select 'wpad-mini').
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45048 3c298f89-4303-0410-b956-a3cf2f4a3e73
These new variants include support for mesh mode and SAE crypto.
They always depend on openssl as EC operations are not provided by
the internal crypto implementation.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45047 3c298f89-4303-0410-b956-a3cf2f4a3e73
Helpful to disable when debugging lldpd crashes (when working on it).
When privilege separation is on, some crashes are stack-traced to
some privilege separation code.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44967 3c298f89-4303-0410-b956-a3cf2f4a3e73
For using liblldpctl to talk to lldpd (via unix sockets).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44924 3c298f89-4303-0410-b956-a3cf2f4a3e73
from Erik Tews <erik@datenzone.de>
This patch has two effects. First, the quickleave feature/behaviour is
disabled for all groups that are used on more than one interface. The
idea of quickleave is to leave a group fast and later figure out whether
there is still somebody interested in that group. For groups used on
more than one interface, it is already known that there is still
somebody interested in that group.
Second, when a leave is received for a group that is used on more than
one interface, igmpproxy sends queries on all interface to discover
remeining listeners for that group. Previously these queries were only
send on the interface the leave was received on, so that listeners on
the other interfaces were not discovered and the group might be left on
the upstream router incorrectly.
This patch can be improved by sending the queries only on the interface
the leave was received on and adapting the algorithm in
internAgeRoute(...) in rttable.c in a way that only one interface is
actually processed and all other interfaces of the route are silently
assumed to be still active.
Signed-off-by: Erik Tews <erik@datenzone.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44859 3c298f89-4303-0410-b956-a3cf2f4a3e73
_GNU_SOURCE has been declared "deprecated" in favor of _DEFAULT_SOURCE in glibc
Signed-off-by: Nicolas Thill <nico@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44843 3c298f89-4303-0410-b956-a3cf2f4a3e73
DNSMASQ has the ability to provide a menu to a pxeboot system, using
the --pxe-prompt and --pxe-service configuration options. The current
init.d script converting the "dhcp" file to "dnsmasq.conf" does not
find these options, but they are supported. This patch thus enables
the options.
Signed-off-by: Derek LaHousse <dlahouss@mtu.edu>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44747 3c298f89-4303-0410-b956-a3cf2f4a3e73
The --dhcp-boot option of dnsmasq does not require servername and serveraddress
arguments if the builtin tftp server is used.
Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44744 3c298f89-4303-0410-b956-a3cf2f4a3e73
The names for the config options were taken from lldpd's
configure.ac file.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44743 3c298f89-4303-0410-b956-a3cf2f4a3e73
this add json-c 0.12, sorry forgot to push this earlier today
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44682 3c298f89-4303-0410-b956-a3cf2f4a3e73
In a dual-WAN setup, it's useful to specify an interface over which to
have PPTP.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44507 3c298f89-4303-0410-b956-a3cf2f4a3e73
This change adds the configuration options "bssid_whitelist" and
"bssid_blacklist" used to limit the AP selection of a network to a
specified (finite) set or discard certain APs.
This can be useful for environments where multiple networks operate
using the same SSID and roaming between those is not desired. It is also
useful to ignore a faulty or otherwise unwanted AP.
In many applications it is useful not just to enumerate a group of well
known access points, but to use a address/mask notation to match an
entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00).
This is especially useful if an OpenWrt device with two radios is used to
retransmit the same network (one in AP mode for other clients, one as STA for
the uplink); the following configuration prevents the device from associating
with itself, given that the own AP to be avoided is using the bssid
'C0:FF:EE:D0:0D:42':
config wifi-iface
option device 'radio2'
option network 'uplink'
option mode 'sta'
option ssid 'MyNetwork'
option encryption 'none'
list bssid_blacklist 'C0:FF:EE:D0:0D:42/00:FF:FF:FF:FF:FF'
This change consists of the following cherry-picked upstream commits:
b3d6a0a8259002448a29f14855d58fe0a624ab76
b83e455451a875ba233b3b8ac29aff8b62f064f2
79cd993a623e101952b81fa6a29c674cd858504f
(squashed to implement bssid_{white,black}lists)
0047306bc9ab7d46e8cc22ff9a3e876c47626473
(Add os_snprintf_error() helper)
Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44438 3c298f89-4303-0410-b956-a3cf2f4a3e73
Align init behaviour with other distros by starting an OpenVPN instance
for each config file found in /etc/openvpn/. This removes the additional
requirement to "register" the configs with uci and thus simplifies the
setup.
Make sure to respect the disabled state in uci to not suddenly autostart
instances which have been previously set to disabled, also skip configs
which are already started due to uci configuration.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44310 3c298f89-4303-0410-b956-a3cf2f4a3e73
The previous update introducing LFS support unconditionally changed the
sprintf() pattern used to print the file modification time to use PRIx64.
Explicitely convert the st_mtime member of the stat struct to uint64_t in
order to avoid type mismatch errors when building for non-64bit targets.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44138 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Fix the ubus plugin to not make its uhttpd_plugin entry symbol
constant as uhttpd needs to modify its list_head member
* Make sure that uhttpd supports large files by using 64bit ints
where appropriate and by passing _FILE_OFFSET_BITS=64 to the build
* Plug a possible memleak in the directory listing code
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44135 3c298f89-4303-0410-b956-a3cf2f4a3e73
The previous implementation of the "host-uniq" option used plain strings for
passing the value to pppd which made it impossible to specify binary data.
Switch the format to a hex encoded string to support binary data.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44094 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch adds a simple check to silence logging of messages about
unrecognized igmp packets which originate from devices in local network.
Without this patch igmpproxy floods openwrt syslog with messages such as:
user.warn igmpproxy[19818]: The source address 192.168.1.175 for group
239.255.250.250, is not in any valid net for upstream VIF.
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44020 3c298f89-4303-0410-b956-a3cf2f4a3e73
The --quiet-dhcp setting increases privacy by omitting DHCP lease logs including MAC addresses.
Signed-off-by: Lars Kruse <devel@sumpfralle.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44006 3c298f89-4303-0410-b956-a3cf2f4a3e73
Introduce configuration options to build an "hardened" OpenWRT.
Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.
uClibc makefile now automatically detects if SSP support is necessary.
hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.
Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.
Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.
Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44005 3c298f89-4303-0410-b956-a3cf2f4a3e73
