The WAN port should at least respond to IGMP and MLD queries as
otherwise a snooping bridge/switch might drop traffic.
RFC4890 recommends to leave IGMP and MLD unfiltered as they are always
link-scoped anyways.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
SVN-Revision: 45613
Before r45593 kmod-l2tp-ip did not depend on kmod-ipv6.
With r45593 support for L2TP IPv6 encapsulation was added and
included in the kmod-l2tp-ip package. This change also
added the dependency to kmod-ipv6 to kmod-l2tp-ip, regardless
of whether the user chose to generally include IPv6 support
or not.
Change this so L2TP over IPv6 and the resulting dependency
to kmod-ipv6 is only included in kmod-l2tp-ip if IPv6 support
is enabled.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 45612
OpenVPN assumes that its control channel messages are sent and received
unfragmented, this assumption is broken when CBC record splitting is
enabled in mbedTLS.
The record splitting is intended as countermeasure against BEAST attacks
which do not apply to OpenVPN, therefore we simply disable it until
upstream OpenVPN gains the ability to process fragmented control
messages.
Disabling the splitting also works around a (not remotely triggerable)
segmentation fault in mbedTLS.
References:
* https://dev.openwrt.org/ticket/19101
* https://community.openvpn.net/openvpn/ticket/524
* https://github.com/ARMmbed/mbedtls/pull/185
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 45602
This reverts commit ff84c27a281bc19df19bc62ee8688cca5586f6e3.
This tool has really broken size handling (many values hardcoded), it
crashes right now in case of NVRAM not filling whole MTD partition.
Conflicts:
package/utils/nvram/src/nvram.h
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 45579
This reverts r43204. The symlinks are faulty, as they point to a
temporary staging dir
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 45569
For years Broadcom devices use 64 KiB NVRAM partition size and some of
them indeed have it filled in more than 50%. This change allows handling
whole NVRAM e.g. on Netgear WNDR4500 and Netgear R8000.
The same fix was applied to kernel in upstream commit 6ab7c29.
Reported-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 45566
We don't have broadcom-diag for months or years now and the correct
solution is to simply don't have "nvram" partition on WGT634U anyway.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 45564
Sytax of /proc/mtd is following:
dev: size erasesize name
which means that sscanf "mtd%d: %08x" reads size, not erasesize.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 45563
instead of failing when authsae is not installed, also try using
wpa_supplicant as the newly added -mesh variants support mesh mode
and SAE encryption.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 45520
The most significant change from the previous version is the trimming of
the 300-ip_tiny.patch to lib/utils.c where a section previously patched
had vanished. That section of the patch was removed.
Built and lightly tested on ar71xx against uClibc and musl.
Signed-off-by: Russell Senior <russell@personaltelco.net>
SVN-Revision: 45512