b52053b 6in4: https support for he.net tunnel api
introduced HTTPS support using wget.
The busybox version of wget, however, doesn't support the -V option,
thus poluting logfiles with a full invalid-parameter-output.
Redirect stderr to fix that.
As libcurl and curl support selecting the SSL library of your choice,
also add support for curl which is more commonly used on OpenWrt than
"real" wget which needs libopenssl.
Also make sure to respect SSL_CERT_DIR and increase timeouts.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 43228
setsid is called fixing the pgrp issue
trigger the wdt while modules are being inserted
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43193
This will ease adding new targets and updating:
* split UBOOTS var into multiple lines
* remove version from TITLE
Signed-off-by: Nicolas Thill <nico@openwrt.org>
SVN-Revision: 43187
This patch adds the userspace and kernelspace for
- match NETFILTER_XT_MATCH_CLUSTER
This match can be used to deploy gateway and back-end load-sharing clusters.
- target IP_NF_TARGET_CLUSTERIP
This module allows you to configure a simple cluster of nodes
that share a certain IP and MAC address
without an explicit load balancer in front of them.
Connections are statically distributed between the nodes in this cluster.
This is used i.e. by strongswan-ha.
Signed-off-by: Christian Scheele <cs@embedd.com>
SVN-Revision: 43174
Generate a random serial from /dev/urandom when creating selfsigned certs.
Fixes "sec_error_reused_issuer_and_serial" with Firefox.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 43168
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.
I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.
However, I can not garantee that I always picked the correct information
and/or did not miss license information.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43155
Port Debians adaptive LCP echo patch to pppd, make it configurable with UCI
and enable it by default.
When adaptive LCP echo is enabled, LCP echo requests are only sent if the
link is idle, this avoids the common situation where a congested PPP link
(e.g. during torrenting) is falsely detected as disconnected because the
LCP replies are not received in time.
Also bump the copyright year in the Makefile, remove a redundant maintainer
entry and fix the shell processing of the keepalive option when the two-
value syntax is used.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 43143
Only list the kernel versions that do not match so that new kernel
versions will automatically match. This improves support for kernel
3.18.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 43132
This patch added stuff that is already there and if it would be needed
this would result in a compile error.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 43131
More recent kernel versions (>= 3.12) support native VXLAN
support.
The Open VSwitch kernel module tries to build using native VXLAN
support if it detects a kernel version >=3.12.
The build works fine, but during startup the OVS kernel module
does not load.
dmesg output is something like this:
[ 1201.262842] openvswitch: Unknown symbol vxlan_sock_release
[ 1201.262949] openvswitch: Unknown symbol vxlan_xmit_skb
[ 1201.263161] openvswitch: Unknown symbol vxlan_sock_add
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
SVN-Revision: 43126
Using a redirect to a non-empty mtd partition will not erase the
blocks prior to writing to them resulting in broken dsl_fw.
Fix this by piping to mtd write - /dev/mtdX instead.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 43125
HE.net tunnel update API requests are now made via https if an
SSL-capable wget is installed. Certificate validation is
conditionally enabled if the CA certs are available.
Signed-off-by: Andrew Skalski <askalski@gmail.com>
SVN-Revision: 43124
I had to use a VDSL-only tone-setup to get show-time.
Handle this in uci by checking if annex is unset.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 43114
The DHT11 is a temperature and humidity sensor supported by linux
since 3.14.
This patch is tested on recent mxs with kernel 3.14.18.
Signed-off-by: Harald Geyer <harald@ccbib.org>
SVN-Revision: 43103
Currently busybox utils like "ls" fail to display filenames containing UTF-8
characters, replacing any special characters with "?".
Change libbb's printable_string() function to allow high ASCII characters so
that unicode filenames are displayed correctls.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 43084
* Fixes sending an extraneous message body for 204 and 304 resoponses which
breaks Chrome in keep-alive mode.
* Adds mimetypes for JSON and JSONP.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 43078
Package util-linux-dmesg is broken (at least) in Barrier Breaker git repo
as you can select it within menuconfig, it will compile (as a part of
util-linux) but it will not install as install section is missing from
package Makefile.
Signed-off-by: Tomasz Wasiak <tjwasiak@gmail.com>
SVN-Revision: 43069
- Support HT40 instead of HT40+/HT40- like mac80211
- Enable 11n if htmode is HT20 or HT40
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 43063
Based on bug #18206 sysupgrade can lead to loss of password information in
certain situations. Most likely all users who will upgrade from versions
r43017-43040, will lose their current passwords. :-(
https://dev.openwrt.org/ticket/18206
Currently /etc/shadow is defined as a conffile in base-files:
https://dev.openwrt.org/browser/trunk/package/base-files/Makefile#L37
But it is not defined in the default list of essential files to keep in
sysupgrade:
https://dev.openwrt.org/browser/trunk/package/base-files/files/lib/upgrade/keep.d/base-files-essential
If exporting conffiles info fails, /etc/shadow can get lost.
Shadow passwords are now the default, so saying that preserving /etc/passwd
is essential while /etc/shadow is not, makes no sense.
The attached patch adds /etc/shadow to the list of essential files.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SVN-Revision: 43061
Attempting to build broadcom_wl (from trunk) with the linaro 4.9.x
toolchain produces the following errors:
<...>/wl_linux.c: In function 'wl_dump_ver':
<...>/wl_linux.c:2302:3: error: macro "__DATE__" might prevent reproducible builds [-Werror=date-time]
__DATE__, __TIME__, EPI_VERSION_STR);
^
<...>/wl_linux.c:2302:13: error: macro "__TIME__" might prevent reproducible builds [-Werror=date-time]
__DATE__, __TIME__, EPI_VERSION_STR);
^
cc1: some warnings being treated as errors
Remove the use of the __DATE__ and __TIME__ macros, as the info is not
really useful.
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
SVN-Revision: 43046
This module is required to read the CPU core temperature sensors
on the Alix APU board.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 43027
The wpa_psk_file option offers the possibility to use a different WPA-PSK key for each client. The directive points to a file with the following syntax:
mac_address wpa_passphrase_or_hex_key
Example:
00:11:22:33:44:55 passphrase_for_client_1
00:11:22:33:44:67 passphrase_for_client_2
00:11:22:33:44:89 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
So it is possible to specify both ASCII passphrases and raw 64-chars hex keys.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
SVN-Revision: 43001
[base-files] failsafe-mode: print short help on commandline
Like mentioned in ticket https://dev.openwrt.org/ticket/11911
this should make the IRC much quieter. Failsafe is somehow
special and even experienced users are helpless, because they
are not used to this seldom situation. Also: likely you have
no internet access in this mode, so you cannot use the wiki.
a failsafe-session now looks like this:
first we see from 'package/base-files/files/bin/login.sh' the hint:
=== IMPORTANT ============================
Use 'passwd' to set your login password
this will disable telnet and enable SSH
------------------------------------------
after this the /etc/banner ("OpenWrt - wireless freedom")
and then the new text:
================= FAILSAFE MODE active ================
special commands:
* firstboot reset settings to factory defaults
* mount_root mount root-partition with config files
after mount_root:
* passwd change root's password
* /etc/config directory with config files
for more help see:
http://wiki.openwrt.org/doc/howto/generic.failsafe
=======================================================
this supersedes the old patches:
http://patchwork.openwrt.org/patch/3337/http://patchwork.openwrt.org/patch/3553/
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42985
* Rewrite ndp proxy using kernel proxying
* Aid flash-renumbering in hybrid DHCPv6-mode
* Unicast RAs to RS senders
* Add support for router address
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42944
- Consider not installed feeds as well
- Add option to decide whether to comment disabled feeds
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 42931
Inside every LuCI package you need to clear luci-indexcache and
sometimes when installing non LuCI pacakges it's also needed to clear
it. Easier put it into default_postinst().
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 42923
Qihoo C301 has 2 flash chips of which one is used as primary and the
other is used as backup. OEM U-Boot will try to boot an activeregion N
with imageNstatus=0 and imageNtrynum <= imagemaxtry. If such a region
is found, bootloader will try to increment imageNtrynum and boot it.
This patch tries to reset imageNtrynum after each successful boot (if
the boot process reaches the execution of /etc/init.d/done).
root@OpenWrt:/# hexdump -C -n 128 /dev/mtdblock9
00000000 9e f3 63 91 61 63 74 69 76 65 72 65 67 69 6f 6e |..c.activeregion|
00000010 3d 31 00 69 6d 61 67 65 31 73 74 61 74 75 73 3d |=1.image1status=|
00000020 30 00 69 6d 61 67 65 32 73 74 61 74 75 73 3d 30 |0.image2status=0|
00000030 00 69 6d 61 67 65 32 74 72 79 6e 75 6d 3d 30 00 |.image2trynum=0.|
00000040 69 6d 61 67 65 6d 61 78 74 72 79 3d 33 00 69 6d |imagemaxtry=3.im|
00000050 61 67 65 31 74 72 79 6e 75 6d 3d 30 00 00 00 00 |age1trynum=0....|
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
SVN-Revision: 42914
[base-files] shell-scripting: fix wrong usage of '==' operator
normally the '==' is used for invoking a regex parser and is a bashism.
all of the fixes just want to compare a string. the used busybox-ash
will silently "ignore" this mistake, but make it portable/clean at least.
this patch does not change the behavior/logic of the scripts.
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 42911
Patch allows to configure the mtu of the dynamic 6rd tunnel interface when created by dhcp script.
In some setups it's desirable to have config control over the 6rd tunnel mtu to maximize the traffic throughput
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42871
This is not needed after all:
Omitting option ipv6 or setting it to 'auto' will
fire up a dhcpv6 subprotocol (this was added).
Setting ipv6 to 1 will only cause the IPv6 link to
be brought up and an accompanying dhcpv6 or static
interface with ifname @wan can be used to configure addresses.
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42859
Use network_get_ipaddrs_all to get all ip-addresses of an interface. If the
function fails, the interface does not exists or has not any suiteable ip
addresses assigned.
Use the returned ip-address(es) to construct the dropbear listen address.
Signed-off-by: Mathias Kresin <openwrt@kresin.me>
SVN-Revision: 42857
This allows IPv6 to set up without IPv4 being up thus
IPv6-only or IPv6+DS-Lite working with the default config.
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42848
it is now possible to inlie the uid and gid in the syntax
USERID:=username=uid:group=gid:group2=gid2:...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 42838
this proto handler will detect which of 3g, qmi, mbim, ncm or directip you need
for a stick and setup uci automagically
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 42837
Some ISP seem to only do stateful DHCPv6 and not sending RAs.
This is technically broken because plain DHCPv6 doesn't carry routes.
We work around here by faking a default route to the DHCPv6 server
if we do not receive a useful RA from the ISP.
This workaround can be turned off with: option fakeroutes 0
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42803
The AR9580 with the new ID can be found in the EnGenius ESR900 and the
QCA9880 without any subsystem IDs can be found in the EnGenius ESR1750.
Signed-off-by: Forest Crossman <cyrozap@gmail.com>
SVN-Revision: 42793
In r41872 Dynamic VLAN support was reintroduced, but the vlan_naming
parameter is not read while setting up the config, so it always
defaults to 1.
Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>
SVN-Revision: 42787
During boot, a not found message is displayed for systems which do
not have uci 'network.globals.ula_prefix' defined in
/etc/config/network. The error message itself is not used and can
be ignored.
Signed-off-by: Michel Stam <m.stam@fugro.nl>
SVN-Revision: 42755
A message:
uinteger - 9 = true
is displayed during boot. This is the result of the validate_data
command checking the cron log level. As the output is not
interesting, only the result, filter...
Signed-off-by: Michel Stam <m.stam@fugro.nl>
SVN-Revision: 42751
Send a netlink call to leave the mesh when meshd exits
Make hunting-and-pecking loop (more) resistant to side channel attack
Signed-off-by: Michel Stam <m.stam@fugro.nl>
SVN-Revision: 42750
Tos support is added as a string parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42749
Tos support is added as a string parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42748
Tos support is added as a string parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42747
The package supports IP in IP by registering the ipip protocol handler
Following options are configurable
-peeraddr (IPv4 remote address)
-ipaddr (IPv4 local address)
-ttl (time to live of encapsulating packet)
-tos (type of service of encapsulating packet either inherit (outer header inherits the value of the inner header) or hex value)
-df (don't fragment flag of encapsulating packet)
-mtu (IPIP tunnel mtu)
-tunlink (bind tunnel to this interface)
-zone (firewall zone to which the IPIP tunnel will be added)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42746
When 'wifi down' is called by /etc/init.d/network, it is run from
stop_service( ). This function is in turn invoked from stop( ).
stop( ) messes up the order by first procd_kill-ing the network
settings, then calling wifi to down the wifi networking
interfaces. By redefining stop( ) instead, the proper order is
restored.
Signed-off-by: Michel Stam <m.stam@fugro.nl>
SVN-Revision: 42745
Instead of connecting once and saving the packet data handle, let the
firmware handle connecting/reconnecting automatically. This is more
reliable and reduces reliance on potentially stale data.
Use the global packet data handle to attempt to disable autoconnect
before restarting the connection. This ensures that the firmware will
take the new APN/auth settings.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 42721
Tos support is added as a generic grev4/grev6 parameter which can have the following values :
-inherit (outer header inherits the tos value of the inner header)
-hex value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 42700
Add a third argument to ucidef_set_interface_raw, which is specifying
the protocol.
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 42665
Implementing "add-cert.sh" functionality described at
http://wiki.openwrt.org/doc/howto/wget-ssl-certs into Makefile
otherwise you need to create symbolic links for certificate hashes
yourself.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 42660
Without running fixtrx the image will not boot at the second time,
because the CRC the boot loader check is invalid at that time.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 42639