OpenVPN assumes that its control channel messages are sent and received
unfragmented, this assumption is broken when CBC record splitting is
enabled in mbedTLS.
The record splitting is intended as countermeasure against BEAST attacks
which do not apply to OpenVPN, therefore we simply disable it until
upstream OpenVPN gains the ability to process fragmented control
messages.
Disabling the splitting also works around a (not remotely triggerable)
segmentation fault in mbedTLS.
References:
* https://dev.openwrt.org/ticket/19101
* https://community.openvpn.net/openvpn/ticket/524
* https://github.com/ARMmbed/mbedtls/pull/185
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 45602
This reverts commit ff84c27a281bc19df19bc62ee8688cca5586f6e3.
This tool has really broken size handling (many values hardcoded), it
crashes right now in case of NVRAM not filling whole MTD partition.
Conflicts:
package/utils/nvram/src/nvram.h
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 45579
This reverts r43204. The symlinks are faulty, as they point to a
temporary staging dir
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 45569
For years Broadcom devices use 64 KiB NVRAM partition size and some of
them indeed have it filled in more than 50%. This change allows handling
whole NVRAM e.g. on Netgear WNDR4500 and Netgear R8000.
The same fix was applied to kernel in upstream commit 6ab7c29.
Reported-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 45566
We don't have broadcom-diag for months or years now and the correct
solution is to simply don't have "nvram" partition on WGT634U anyway.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 45564
Sytax of /proc/mtd is following:
dev: size erasesize name
which means that sscanf "mtd%d: %08x" reads size, not erasesize.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 45563
instead of failing when authsae is not installed, also try using
wpa_supplicant as the newly added -mesh variants support mesh mode
and SAE encryption.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 45520
The most significant change from the previous version is the trimming of
the 300-ip_tiny.patch to lib/utils.c where a section previously patched
had vanished. That section of the patch was removed.
Built and lightly tested on ar71xx against uClibc and musl.
Signed-off-by: Russell Senior <russell@personaltelco.net>
SVN-Revision: 45512
Hostapd's control file location was changed in 2013, and that has apparently
broken the wps button hotplug script in cases where there are multiple radios
and wps is possibly configured also for the second radio. The current wps
button hotplug script always handles only the first radio.
https://dev.openwrt.org/browser/trunk/package/network/services/hostapd/files/wps-hotplug.sh
The reason is that the button hotplug script seeks directories like
/var/run/hostapd*, as the hostapd-phy0.conf files were earlier in
per-interface subdirectories.
Currently the *.conf files are directly in /var/run and the control sockets
are in /var/run/hostapd, but there is no subdirectory for each radio.
root@OpenWrt:/# ls /var/run/hostapd*
/var/run/hostapd-phy0.conf /var/run/hostapd-phy1.conf
/var/run/hostapd:
wlan0 wlan1
The hotplug script was attempted to be fixed after the hostapd change by
r38986 in Dec2013, but that change only unbroke the script for the first
radio, but left it broken for multiple radios.
https://dev.openwrt.org/changeset/38986/
The script fails to find subdirectories with [ -d "$dir" ], and passes just
the only found directory /var/run/hostapd, leading into activating only the
first radio, as hostapd_cli defaults to first socket found inthe passed
directory:
root@OpenWrt:/# hostapd_cli -?
...
usage: hostapd_cli [-p<path>] [-i<ifname>] [-hvB] [-a<path>] \
[-G<ping interval>] [command..]
...
-p<path> path to find control sockets (default: /var/run/hostapd)
...
-i<ifname> Interface to listen on (default: first interface found in the
socket path)
Below is a run with the default script and with my proposed solution.
Default script (with logging added):
==================================
root@OpenWrt:/# cat /etc/rc.button/wps
#!/bin/sh
if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
for dir in /var/run/hostapd*; do
[ -d "$dir" ] || continue
logger "WPS activated for: $dir"
hostapd_cli -p "$dir" wps_pbc
done
fi
>>>> WPS BUTTON PRESSED <<<<<
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status
PBC Status: Timed-out
Last WPS result: None
root@OpenWrt:/# logread | grep WPS
Tue Apr 14 18:38:50 2015 user.notice root: WPS activated for: /var/run/hostapd
wlan0 got WPS activated, while wlan1 remained inactive.
I have modified the script to search for sockets instead of directories and
to use the "-i" option with hostapd_cli, and now the script properly
activates wps for both radios. As "-i" needs the interface name instead of
the full path, the script first changes dir to /var/run/hostapd to get simply
the interface names.
Modified script (with logging):
===============================
root@OpenWrt:/# cat /etc/rc.button/wps
#!/bin/sh
if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
cd /var/run/hostapd
for dir in *; do
[ -S "$socket" ] || continue
logger "WPS activated for: $socket"
hostapd_cli -i "$socket" wps_pbc
done
fi
>>>> WPS BUTTON PRESSED <<<<<
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# logread | grep WPS
Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan0
Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan1
Both radios got their WPS activated properly.
I am not sure if my solution is optimal, but it seems to work. WPS button is
maybe not that often used functionality, but it might be fixed in any case.
Routers with multiple radios are common now, so the bug is maybe more
prominent than earlier.
The modified script has been in a slightly different format in my community
build since r42420 in September 2014.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SVN-Revision: 45492
The last line of procd.sh has a reference to procd_add_interface_reload. procd_add_interface_reload
doesn't seem to exist. I've removed the reference of it to minimize confusion.
Signed-off-by: Eric Schultz <eschultz@prplfoundation.org>
SVN-Revision: 45487
Depending on configuration, disable the LED before writing the trigger
and enable it after writing it. Fixes LEDs where the value defaults to 1
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 45463
it has been non-functional for years and caused numerous memleaks and
crashes for people that tried to enable it.
it has no maintained upstream source, and it does not look like it's
going to be fixed any time soon
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 45423
To prevent future confusion around '/overlay' vs. 'overlay' simply reject
relative path specifications as mount points since such paths result in
undefined behaviour anyway.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 45404
Two errors "netifd: radio0: sh: bad number" have recently surfaced in system
log in trunk when wifi interfaces come up. I tracked the errors to checking
numerical values of some config options without ensuring that the option has
any value.
The errors I see have apparently been introduced by r45051 (ieee80211r in
hostapd) and r45326 (start_disabled in mac80211). My patches fix two
instances of "bad number", but there may be a third one, as the original
report in bug 19345 pre-dates r45326 and already has two "bad number" errors
for radio0.
https://dev.openwrt.org/ticket/19345
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SVN-Revision: 45380
Two errors "netifd: radio0: sh: bad number" have recently surfaced in system
log in trunk when wifi interfaces come up. I tracked the errors to checking
numerical values of some config options without ensuring that the option has
any value.
The errors I see have apparently been introduced by r45051 (ieee80211r in
hostapd) and r45326 (start_disabled in mac80211). My patches fix two
instances of "bad number", but there may be a third one, as the original
report in bug 19345 pre-dates r45326 and already has two "bad number" errors
for radio0.
https://dev.openwrt.org/ticket/19345
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SVN-Revision: 45379
Fixes build failure caught by buildbot:
IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks support (IEEE802154) [M/n/y/?] m
6lowpan support over IEEE 802.15.4 (IEEE802154_6LOWPAN) [N/m/?] (NEW) aborted!
Console input/output is redirected. Run 'make oldconfig' to update configuration.
make[6]: *** [silentoldconfig] Error 1
make[5]: *** [silentoldconfig] Error 2
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 45357
r45270 removed ieee80211n=%d from the format string but didn't remove
the parameter itself. Though this probably doesn't cause any harm, it's
quite confusing and unneeded.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 45351
it causes problems with newer iptables when ipv6 is disabled as iptc uncoditionally links ip6tc
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 45350
This patch adds the wpan-tools (iwpan) utility to OpenWRT
build system. This utility required to manage IEE-802.15.4
devices.
Signed-off-by: Varka Bhadram <varkab@cdac.in>
SVN-Revision: 45349
Current NAND sysupgrade process is a bit hard to follow due to the way
of triggering stage1. Currently this is done by leaving a /mark/ in the
form of /tmp/sysupgrade-nand-path during nand_do_platform_check.
Existence of this mark stops standard sysupgrade process (as the result
of sysupgrade_pre_upgrade exit). This may be a bit misleading.
Proposed solution adds a new function that will allow platform.sh
trigger NAND sysupgrade consciously. This will also allow cleaning
nand_do_platform_check limiting it to just checking the image.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 45338
- move config symbol to separate package (Why was it there in the first place?)
- 8723au might be used in some USB sticks or on some sunxi boards
compile tested only
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
SVN-Revision: 45336
Enables last error support for the PPP protocol handlers.
In generic teardown the PPP daemon exit code is translated into
a self explaining error string which is set as interface error
by proto_notify_error in case of failure.
Signed-off-by: Johan Peeters <johan.peeters111@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 45333
this allow us to use syslog tcp with \0 trailer
instead of \n trailer (logread -0 option)
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
SVN-Revision: 45329
Subtarget legacy is supposed to support all ssb SoC except for BCM4705.
There are few BCM4703 devices with 802.11n supprt (WRT160N v1.0, v1.1).
Few BCM4704 devices with 802.11n: ASUS WL-500W, Linksys WRT150N v1.0 &
v1.1, Linksys WRT300N v1.0, Netgear WNDR3300 v1, WNR834B v1 & v2.
It seems we have to enable N-PHY for legacy as well to support above.
Unfortunately it increases root.squashfs size by 48 460 B.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 45309
This driver is upstream since 2012 (commit: a8e510f682f), so switch to
it and remove own sources. Also place it under "Network Devices" menu
together with other phy drivers.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
SVN-Revision: 45269
The arg argument is missing to the printer call in the print_option
utility when the option flag OPT_A2STRVAL is set.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 45264
PPPD crashes (SEGV) when the dump or dryrun options are specified and an option
is internally defined as "o_special" with an option flag of "OPT_A2STRVAL".
As the option value is not saved when the parameter is processed, a reference
to the option will result into a crash (e.g. when printing).
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
SVN-Revision: 45263
User might have modified/extended template direct or by LuCI application.
So do not overwrite on update/upgrade.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 45258
Most AP devices out there do not have a properly programmed regulatory
domain code, which means they are limited to US frequencies by default.
This has been a major annoyance for a long time now. Since no fix for
the manfuacturing process seems to be forthcoming, the only sane option
seems to be to allow users to change the country code in such cases.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 45252
Otherwise procd cannot initialize the watchdog since the module will
be loaded later.
Tested with booke_wdt.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
SVN-Revision: 45239
CONFIG_MFD_OMAP_USB_HOST is needed for working USB on BeagleBoard
tested on BeagleBoard C4 (EBVBeagle)
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
SVN-Revision: 45236
replaces kmod-usb-serial-motorola-phone it's found only in Kernel <3.12
This module handles many simple USB serial devices
like Motorola Phones, GPS reveivers in Kernels above 3.14
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
SVN-Revision: 45233
This module is needed for bluetooth audio playback
with pulseaudio 6 and bluez5.
a working guide can be found in the wiki:
http://wiki.openwrt.org/wiki/bluetooth.audio
(additional packages/modifications are required
and submitted to github feeds)
tested with:
Android mobile (Sony Xperia M) as audio source
TI omap BeagleBoard as audio sink
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
SVN-Revision: 45231
This patch backports the option --tftp-no-fail to dnsmasq and prevents the
service from aborting if the specified TFTP root directory is not available;
this might be the case if TFTP files are located on external media that might
occasionally not be present at startup.
Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>
SVN-Revision: 45213
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
v2: changes in input.mk broke the patch, some of the CONFIG_SND_*
stuff was added already
SVN-Revision: 45205
from upstream
commit title: "[IPV4]: The scheduled removal of multipath cached routing support."
removed in Kernel 2.6.23 (2007)
Reasons: very buggy, no maintainer, no fixes
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
SVN-Revision: 45121
driver in staging since 3.14
removed upstream in 3.17
from upstream commit message:
Most webcams covered by this driver are now supported by gspca.
Nobody has the hardware or is willing to convert the remaining devices to gspca.
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
SVN-Revision: 45120
This updates libnetfilter_conntrack to the latest
stable version 1.0.4 which was released Aug-06-2013.
Changeset is available here:
http://git.netfilter.org/libnetfilter_conntrack/log/
Signed-off-by: Christian Mehlis <christian@m3hlis.de>
SVN-Revision: 45074
To enable 802.11r, wpa_key_mgmt should contain FT-EAP or FT-PSK. Allow
multiple key management algorithms to make this possible.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
SVN-Revision: 45050
The 802.11r implementation in hostapd uses nas_identifier as PMK-R0 Key
Holder identifier. As 802.11r can also be used with WPA Personal, nasid
should be appended to the hostapd config for all WPA types.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
SVN-Revision: 45049
'hostapd-common' is needed by all of the variants for wifi to function
correctly (a number of the target profiles simply select 'wpad-mini').
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
SVN-Revision: 45048
These new variants include support for mesh mode and SAE crypto.
They always depend on openssl as EC operations are not provided by
the internal crypto implementation.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 45047
madwifi was dropped upstream, can't find it anywhere in OpenWrt
either, thus finally burrying madwifi.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 45045
This backports upstream commit 702131e2a393b45174be326f1dbe20b658b4f157
bcma: move PCI IRQ control function to host specific code
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 44969
Helpful to disable when debugging lldpd crashes (when working on it).
When privilege separation is on, some crashes are stack-traced to
some privilege separation code.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
SVN-Revision: 44967
fix a bug the made uloop_end() not work when called from within a uloop_process
callback handler
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 44945
Use xattr to store the filesystem initialization state of the overlay.
As long as the filesystem is not marked as initialized yet (happens in
/etc/init.d/done), all overlay data (except for sysupgrade.tgz) will be
discarded before the system is allowed to boot
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 44942
There are some places where there is a redundant declaration of
strlcpy() that prevents building perf otherwise.
Signed-off-by: John Szakmeister <john@szakmeister.net>
SVN-Revision: 44926
from Erik Tews <erik@datenzone.de>
This patch has two effects. First, the quickleave feature/behaviour is
disabled for all groups that are used on more than one interface. The
idea of quickleave is to leave a group fast and later figure out whether
there is still somebody interested in that group. For groups used on
more than one interface, it is already known that there is still
somebody interested in that group.
Second, when a leave is received for a group that is used on more than
one interface, igmpproxy sends queries on all interface to discover
remeining listeners for that group. Previously these queries were only
send on the interface the leave was received on, so that listeners on
the other interfaces were not discovered and the group might be left on
the upstream router incorrectly.
This patch can be improved by sending the queries only on the interface
the leave was received on and adapting the algorithm in
internAgeRoute(...) in rttable.c in a way that only one interface is
actually processed and all other interfaces of the route are silently
assumed to be still active.
Signed-off-by: Erik Tews <erik@datenzone.de>
SVN-Revision: 44859