This is useful to bring up multiple client mode interfaces on a single
channel much faster without having to scan through a lot of channels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
It should return false to indicate that the option should not be ignored
Fixes 064dc1e8 ("dnsmasq: abort when dnssec requested but not
available")
Reported-by: Sami Olmari <sami@olmari.fi>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The TFTP server provided by dnsmasq supports serving a select boot image
based on the client's MAC or IP address. This allows an administrator
to activate this feature in /etc/config/dhcp. Here is an example
/etc/config/dhcp that configures dnsmasq with --tftp-unique-root=mac:
...
config dnsmasq
option enable_tftp 1
option tftp_root /usr/libexec/tftpboot
option tftp_unique_root mac
config boot router
option serveraddress 192.168.1.1
option servername tftp.example.com
option filename openwrt-initramfs-kernel.bin
...
With this configuration, dnsmasq will serve
/usr/libexec/tftpboot/00-11-22-33-44-55/openwrt-initramfs-kernel.bin to
the client with MAC address 00:11:22:33:44:55.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Make the BSSID and SSID fields optional when configuring a neighbor
report into hostapd.
Both options can now be an empty string. For the BSSID, the first 6 byte
are copied from the neighbor report. For the SSID, the SSID for the
affected hostapd BSS is used.
Signed-off-by: David Bauer <mail@david-bauer.net>
Rafal Milecki pointed out that ubus events are meant for low-level ubus
events only (e.g. addition or removal of an object). Higher level
events should happen as notifications on the ubus object itself.
Dispatch BSS events on the main hostapd ubus object instead of
publishing them as ubus events.
Signed-off-by: David Bauer <mail@david-bauer.net>
hostapd will emit a ubus event with the eventname hostapd.<ifname>.<event>
when adding, removing or reloading a BSS.
This way, services which install state (for example the RMM neighbor
list) can on-demand reinstall this information for the BSS without
polling this state.
Signed-off-by: David Bauer <mail@david-bauer.net>
UCI defaults scripts are supposed to be numbered, but odhcpd's lacked numbering, which
turned out to mess up my custom scripts numbered 9[0-9]_*. The idea is to have high number
(custom) scripts executed last. Jow confirmed numbering is the default case, not the
exception (thanks).
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Add support for per-BSS airtime weight configuration. This allows to set
a airtime weight per BSS as well as a ratio limit based on the weight.
Support for this feature is only enabled in the full flavors of hostapd.
Consult the hostapd.conf documentation (Airtime policy configuration)
for more information on the inner workings of the exposed settings.
Signed-off-by: David Bauer <mail@david-bauer.net>
Don't use bash syntax, because /bin/sh is used here.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* compat: backport kfree_sensitive and switch to it
* netlink: consistently use NLA_POLICY_EXACT_LEN()
* netlink: consistently use NLA_POLICY_MIN_LEN()
* compat: backport NLA policy macros
Backports from upstream changes.
* peerlookup: take lock before checking hash in replace operation
A fix for a race condition caught by syzkaller.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The Ed25519 key pairs are much shorter than RSA pairs and are supported
by default in OpenSSH. Looking at websites explaining how to create new
SSH keys, many suggest using Ed25519 rather than RSA, however consider
the former as not yet widely established. OpenWrt likely has a positive
influence on that development.
As enabling Ed25519 is a compile time option, it is currently not
possible to install the feature via `opkg` nor select that option in an
ImageBuilder.
Due to the size impact of **12kB** the option should only be enabled for
devices with `!SMALL_FLASH`.
This approach seems cleaner than splitting `dropbear` into two packages
like `dropbear` and `dropbear-ed25519`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
af30be0 Fix setting prefix for IPv6 link-local addresss
0314df4 Disable asking password again when prompt program returns 128
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This fixes the following compile errors after the wolfssl 4.5.0 update:
LD wpa_cli
../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject':
../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
type = GEN_EMAIL;
^~~~~~~~~
ENAVAIL
../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function)
type = GEN_DNS;
^~~~~~~
../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function)
type = GEN_URI;
^~~~~~~
../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event':
../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
if (gen->type != GEN_EMAIL &&
^~~~~~~~~
ENAVAIL
../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function)
gen->type != GEN_DNS &&
^~~~~~~
../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function)
gen->type != GEN_URI)
^~~~~~~
Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed
Fixes: 00722a720c ("wolfssl: Update to version 4.5.0")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Abort the dhcp-check based on the interface instead of the carrier
state. In cases where the interface is up but the carrier is down,
netifd won't cause a dnsmasq reload, thus dhcp won't become active
on this interface.
Signed-off-by: David Bauer <mail@david-bauer.net>
Abort the link-check based on the interface instead of the carrier
state. In cases where the interface is up but the carrier is down,
netifd won't case a dnsmasq reload, thus dhcp won't be active on thsi
interface.
Signed-off-by: David Bauer <mail@david-bauer.net>
If not needed, disabling scp allows for a nice size reduction.
Dropbear executable size comparison:
153621 bytes (baseline)
133077 bytes (without scp)
In other words, we trim a total of 20544 bytes.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
The ssh symlink was still being created even when dbclient was disabled in the
build configuration. Fix this annoyance.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
677aa53 Fix -W option for pppoe-discovery utility (#157)
115c419 Accept Malformed Windows Success Message (#156)
5bdb148 pppd: Add documentation of stop-bits option to pppd man page (#154)
2a7981f Add ipv6cp-accept-remote option
0678d3b pppd: Fix the default value for ipv6cp-accept-local to false
Refresh patches
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The hostapd configuration logic is supposed to accept "option key" as
legacy alias for "option auth_secret". This particular fallback option
failed to work though because "key" was not a registered configuration
variable.
Fix this issue by registering the "key" option as well, similar to the
existing "server" nad "port" options.
Ref: https://github.com/openwrt/openwrt/pull/3282
Suggested-by: Michael Jones <mike@meshplusplus.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
If an existing "wpa_psk_file" is passed to hostapd, the "key" option may
be omitted.
While we're at it, also improve the passphrase length checking to ensure
that it is either exactly 64 bytes or 8 to 63 bytes.
Fixes: FS#2689
Ref: https://github.com/openwrt/openwrt/pull/3283
Suggested-by: Michael Jones <mike@meshplusplus.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add package which provides size optimized wpad with support for just
WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[adapt to recent changes, add dependency for WPA_WOLFSSL config]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Before this commit, if uci option "dnssec" was set, we pass "--dnssec"
and friends to dnsmasq, let it start and decide whether to quit and
whether to emit message for diagnosis
# dnsmasq --dnssec; echo $?
dnsmasq: DNSSEC not available: set HAVE_DNSSEC in src/config.h
1
DNSSEC as a feature is different from others like dhcp, tftp in that
it's a security feature. Better be explicit. With this change
committed, we make it so by not allowing it in the first in the
initscript, should dnsmasq later decides to not quit (not likely) or
quit without above explicit error (unlikely but less so ;)
So this is just being proactive. on/off choices with uci option
"dnssec" are still available like before
Link: https://github.com/openwrt/openwrt/pull/3265#issuecomment-667795302
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
With the introduction of the generic OpenVPN hotplug mechanism, wrapped
--up and --down scripts got the wrong amount and order of arguments passed,
breaking existing configurations and functionality.
Fix this issue by passing the same amount of arguments in the same expected
order as if the scripts were executed by the OpenVPN daemon directly.
Ref: https://github.com/openwrt/openwrt/pull/1596#issuecomment-668935156
Fixes: 8fe9940db6 ("openvpn: add generic hotplug mechanism")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
212f836 ubus: rename JSON-RPC format related functions
628341f ubus: use local "blob_buf" in uh_ubus_handle_request_object()
9d663e7 ubus: use BLOBMSG_TYPE_UNSPEC for "params" JSON attribute
77d345e ubus: drop unused "obj" arguments
8d9e1fc ubus: parse "call" method params only for relevant call
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* compat: rhel 8.3 beta removed nf_nat_core.h
* compat: ipv6_dst_lookup_flow was ported to rhel 7.9 beta
This compat tag adds support for RHEL 8.3 beta and RHEL 7.9 beta, in addition
to RHEL 8.2 and RHEL 7.8. It also marks the first time that
<https://www.wireguard.com/build-status/> is all green for all RHEL kernels.
After quite a bit of trickery, we've finally got the RHEL kernels building
automatically.
* compat: allow override of depmod basedir
When building in an environment with a different modules install path, it's
not possible to override the depmod basedir flag by setting the DEPMODBASEDIR
environment variable.
* compat: add missing headers for ip_tunnel_parse_protocol
This fixes compilation with some unusual configurations.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Update the openvpn sample configurations to use modern options in favor
of deprecated ones, suggest more sane default settings and add some
warnings.
* Add tls_crypt and ncp_disable to the sample configuration
* Replace nsCertType with remote_cert_tls in client sample configuration
* Comment out "option compress", compression should not be preferred
* Advise 2048-bit Diffie-Hellman parameters by default
* Add warnings about compression and use of Blowfish (BF-CBC)
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
