* dnsmasq: add ubus acl to allow calls to hotplug.tftp object
dnsmasq may call hotplug.dhcp, hotplug.neigh and hotplug.tftp.
Only the first two callees were listed in the ACL, so add missing
hotplug.tftp.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: fix the dynamic dns object names patch
We can't use booleans, since we're not including stdbool.h. Use integers
instead.
Fixes: 0b79e7c01e ("dnsmasq: generate the dns object name dynamically")
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Rui Salvaterra <rsalvaterra@gmail.com>
Add pdptype param, for selecting IPv4, IPv6, or IPv4v6
Fix check for required PIN, only pin1 (SIM pin) matters
Get IP config directly from modem, no need for DHCP
Fix return value from proto_mbim_setup()
Signed-off-by: Howard Chu <hyc@symas.com>
* dnsmasq: add support for monitoring and modifying dns lookup results via ubus
The monitoring functionality will be used for dns rule support in qosify
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: add match_tag for --dhcp-host
A set of tags can be specified for --dhcp-host option to restrict the
assignment to the requests which match all the tags.
Example usage:
config vendorclass
option networkid 'udhcp'
option vendorclass 'udhcp'
config host
option mac '*:*:*:*:*:*'
list match_tag 'switch.10'
list match_tag 'udhcp'
option ip '192.168.25.10'
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Paul Fertser <fercerpav@gmail.com>
Build the tc-mod-iptables before the tc-tiny and tc-full packages.
This avoids unnecessary package rebuild when calling make back to back.
Before this change, tc-mod-iptables will be built after the main tc
binary packages.
Both tc-tiny and tc-full depend on tc-mod-ipables. If make is called
after the packages are already built, it will check the timestamps of
both packages, and will rebuild the main binaries, since the module
package will be newer than the tc package.
Calling BuildPackage,mod-iptables first ensures that its variant gets
built before the other packages' variants.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Commit a2fcd3900c ("dnsmasq: improve init script") broke the existing
handling for hosts_dir. Remove the redundant mount again to fix it.
Reported-by: Hartmut Birr <e9hack@gmail.com>
Fixes: a2fcd3900c ("dnsmasq: improve init script")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
Package hostapd-common is a dependency of every other package defined in
hostpad Makefile. It is currently built next to the bottom of that
Makefile's package list.
If you run make back to back, then check-compile will compare the
hostapd-common timestamp to the variant being compiled, to decide if the
varint needs to be rebuilt or not. Since the hostapd-conf package is
built towards the end of the list, it will be newer than most of the
variants, causing unnecessary package rebuilds.
Move it to the top, so that its timestamp will be older than dependent
packages, avoiding unnecessary rebuild of every selected variant.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* fix restart in LuCI (inherited umask was to restrictive)
* make directory of hosts-file (!= /tmp) accessible in ujail
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: fix a race condition on adding AP mode wds sta interfaces
Both hostapd and netifd attempt to add a VLAN device to a bridge.
Depending on which one wins the race, bridge vlan settings might be incomplete,
or hostapd might run into an error and refuse to service the client.
Fix this by preventing hostapd from adding interfaces to the bridge and
instead rely entirely on netifd handling this properly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix up patches after the last commit
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: ubus: fix uninitialized pointer
This fixes passing a bogus non-null pointer to the ubus handler in case
the transition request is rejected.
Signed-off-by: David Bauer <mail@david-bauer.net>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: David Bauer <mail@david-bauer.net>
* hostapd: ubus: add notification for BSS transition response
To allow steering daemons to be aware of the STA-decided transition
target, publish WNM transition responses to ubus. This way, steerings
daemons can learn about STA-chosen targets and send a better selection
of transition candidates.
Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: ubus: add BSS transtiton request method
The existing wnm_disassoc_imminent ubus method only supports issuing a
bss transition request with the disassoc imminent flag set.
For use-cases, where the client is requested to roam to another BSS
without a pending disassoc, this existing method is not suitable.
Add a new bss_transition_request ubus method, which provides a more
universal way to dispatch a transition request. It takes the following
arguments:
Required:
addr: String - MAC-address of the STA to send the request to (colon-seperated)
Optional:
abridged - Bool - Indicates if the abridged flag is set
disassociation_imminent: Bool - Whether or not the disassoc_imminent
flag is set
disassociation_timer: I32 - number of TBTTs after which the client will
be disassociated
validity_period: I32 - number of TBTTs after which the beacon
candidate list (if included) will be invalid
neighbors: blob-array - Array of strings containing neighbor reports as
hex-string
Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: fix goto loop for ubus assoc handler
When a ubus event handler denies a association with a non-zero return
value, the code jumps to preceeding code, creating an endless loop until
the event handler accepts the assc request.
Move the ubus handler further up the code to avoid creating such a loop.
Signed-off-by: David Bauer <mail@david-bauer.net>
Co-authored-by: David Bauer <mail@david-bauer.net>
Bring the usage in line with the dnsmasq man page and the other options
where set: is mandatory.
No functional change.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Co-authored-by: Paul Fertser <fercerpav@gmail.com>
* hostapd: let netifd set bridge port attributes for snooping
Avoids race conditions on bridge member add/remove
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix segfault when deinit mesh ifaces
In hostapd_ubus_add_bss(), ubus objects are not registered for mesh
interfaces. This provokes a segfault when accessing the ubus object in
mesh deinit.
This commit adds the same condition to hostapd_ubus_free_bss() for
discarding those mesh interfaces.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
* iproute2: bump to 5.13
Drop patch 185-libbpf-add-limits-h merged upstream
Update patch 170-ip_tiny
Update patch 130-no_netem_tpic_dcb...
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* iproute2: m_xt.so depends on dynsyms.list
When doing parallel build on a fast machine with bottleneck in i/o,
m_xt.so may start linking faster than dynsyms.list gets populated,
resulting in error:
ld:dynsyms.list:0: syntax error in dynamic list
Fix this by adding dynsyms.list as make dependency to m_xt.so
Described also here:
https://bugs.openwrt.org/index.php?do=details&task_id=3353
Change from v1:
- add dynsysms.list dependancy only when shared libs are enabled
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Fixes: FS#3353
* iproute2: update to 5.14
Update iproute2 to latest stable 5.14; for the changes see https://lwn.net/Articles/867940/
Refresh patches
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Co-authored-by: Ansuel Smith <ansuelsmth@gmail.com>
Co-authored-by: Roman Yeryomin <roman@advem.lv>
Co-authored-by: Hans Dedecker <dedeckeh@gmail.com>
Change the CONFLICTS definition from the alternative package
(ethtool-full) to the main one.
The CONFLICTS line creates a dependency to the conflicting package.
Right now, the dependency would be created in the PACKAGE_ethtool-full
symbol:
config PACKAGE_ethtool-full
depends on m || (PACKAGE_ethtool != y)
When the main package is selected by airmon-ng, it selects
PACKAGE_ethtool, *depending* on the value of PACKAGE_ethtool-full:
config PACKAGE_airmon-ng
select PACKAGE_ethtool if PACKAGE_ethtool-full<PACKAGE_airmon-ng
In the first block, the value of PACKAGE_ethtool-full depends on the
value of PACKAGE_ethtool. In the second block, the opposite is true:
the value of PACKAGE_ethtool depends on the value of
PACKAGE_ethtool-full. This is a recursive dependency.
Fix it by changing the package where the dependency is created, so that
only the value of PACKAGE_ethtool will depend on PACKAGE_ethtool-full.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* hostapd: refresh patches
Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: fix Proxy-ARP with Hotspot 2.0 disabled
The disable_dgaf config fiels is only available in case Hostapd is
compiled with Hotspot 2.0 support, however Proxy-ARP does not depend on
Hotspot 2.0.
Only add the code related to this config field when Hotspot 2.0 is
enabled to fix compilation with the aformentioned preconditions.
Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: enable proxy-arp support for hostapd-full
The hostapd.sh script already has support for configuring proxy-ARP,
however no built variant has support for it enabled.
Enable proxy-ARP support for hostapd-full builds in order to allow users
to actually use this feature.
Signed-off-by: David Bauer <mail@david-bauer.net>
Co-authored-by: David Bauer <mail@david-bauer.net>
40e5f6a ipsets: permit default timeout of 0
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Co-authored-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This check was accidentally left in after reworking the code,
causing a segfault
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
* ethtool: introduce ethtool-full build variant
Netlink support is required for using the virtual cable tester
functionality.
Remove the pretty print build option and instead create a second package
variant ethtool-full. This allows users to install the full ethtool
featureset using opkg.
Signed-off-by: David Bauer <mail@david-bauer.net>
* ethtool: update to v5.13
Signed-off-by: David Bauer <mail@david-bauer.net>
* ethtool: fix depends
Co-authored-by: David Bauer <mail@david-bauer.net>
Co-authored-by: Chen Minqiang <ptpt52@gmail.com>
When using htmode 'HE20' with a radio mode that uses wpa-supplicant
(like mesh or sta), it will default to 40 MHz bw if disable_ht40 is not
set. This commit fixes this behaviour.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
Co-authored-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
* dnsmasq: fix more dnsmasq jail issues
* remove superflus mounts of /dev/null and /dev/urandom
* reset EXTRA_MOUNTS at the beginning of the script
* add mount according to ignore_hosts_dir
* don't add mount for file which is inside a directory already in the
EXTRA_MOUNTS list
Fixes: 59c63224e1 ("dnsmasq: rework jail mounts")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: reset EXTRA_MOUNT in the right place
EXTRA_MOUNT variable should be reset in dnsmasq_start() rather than
just once at the beginning of the script.
Fixes: ac4e8aa2f8 ("dnsmasq: fix more dnsmasq jail issues")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
* split into multiple lines to improve readability
* use EXTRA_MOUNT for addnhosts instead of blindly adding /tmp/hosts
* remove no longer needed mount for /sbin/hotplug-call
* add dhcp-script.sh dependencies (jshn, ubus)
Fixes: 3a94c2ca5c ("dnsmasq: add /tmp/hosts/ to jail_mount")
Fixes: aed95c4cb8 ("dnsmasq: switch to ubus-based hotplug call")
Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
Fixes: 7b46377a0cd9 ("hostapd: make the snooping interface (for proxyarp) configurable")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
* hostapd: make the snooping interface (for proxyarp) configurable
Use the VLAN interface instead of the bridge, to ensure that hostapd receives
untagged DHCP packets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix a segfault on sta disconnect with proxy arp enabled
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: make proxyarp work with libnl-tiny
Remove a dependency on libnl3-route
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
Programs like the olsr-name-plugin write hostname files to "/tmp/hosts/".
If you don't add this to the jail_mount, dnsmasq can't read it anymore.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Co-authored-by: Nick Hainke <vincent@systemli.org>
This will restart the interface in case the CSA fails and can be used to
force the device on a DFS channel (including full CAC)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
* hostapd: make it possible to update station airtime weights via ubus
This allows dynamic tuning based on other runtime information
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for enabling HE on channel switch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: initialize ht/vht/he mode on channel switch by default
Use the current mode, but allow overwriting via ubus command parameters
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix uninitialized stack variable on CSA
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
Imports a function from iw to convert frequencies to channel numbers.
Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
[fix potential out of bounds read]
Signed-off-by: David Bauer <mail@david-bauer.net>
'--local' is a synonym for '--server' so let's use '--local' in the
resultant config file for uci's 'local' instead of uci's local
parameter being turned into '--server'. Slightly less confusion all
round.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
