This watchdog script tries to re-resolve hostnames for inactive WireGuard peers.
Use it for peers with a frequently changing dynamic IP.
persistent_keepalive must be set, recommended value is 25 seconds.
Run this script from cron every minute:
echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root
Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
[bump the package release]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This commit refreshes and updates the VHT160 ath10k support fix patches
and adds a number of backports from ath-next:
* 8ed05ed06fca ath10k: handle tdls peer events
* 229329ff345f ath10k: wmi: modify svc bitmap parsing for wcn3990
* 14d65775687c ath10k: advertise TDLS wider bandwidth support for 5GHz
* bc64d05220f3 ath10k: debugfs support to get final TPC stats for 10.4 variants
* 8b2d93dd2261 ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
* 4b190675ad06 ath10k: fix kernel panic while reading tpc_stats
* be8cce96f14d ath10k: add support to configure channel dwell time
* f40105e67478 ath: add support to get the detected radar specifications
* 6f6eb1bcbeff ath10k: DFS Host Confirmation
* 260e629bbf44 ath10k: fix memory leak of tpc_stats
* 38441fb6fcbb ath10k: support use of channel 173
* 2e9bcd0d7324 ath10k: fix spectral scan for QCA9984 and QCA9888 chipsets
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[move backported patches in the 3xx number space, bring in upstream order,
replace incomplete patch files with git format-patch ones, rewrite commit
message, fix subject]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
80b41cd version: bump snapshot
fe5f0f6 recieve: disable NAPI busy polling
e863f40 device: destroy workqueue before freeing queue
81a2e7e wg-quick: allow link local default gateway
95951af receive: use gro call instead of plain call
d9501f1 receive: account for zero or negative budget
e80799b tools: only error on wg show if all interfaces failk
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[Added commit log to commit description]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
iproute2's tc was updated to support the recently upstreamed cake qdisc.
Backport this canonical support from upstream into iproute2 v4.17
There is no kernel kmod/userspace tc ABI change in this release from the
previous package bump, so everyone can breath a sigh of relief.
This is largely a code style change, the exception to prove the rule:
option 'autorate_ingress' has been changed to 'autorate-ingress' to fit
in with upstream option naming expectations.
No openwrt package (e.g. sqm-scripts) has knowledge of
'autorate_ingress' thus only users who made their own scripts or used
it within the 'dangerous configuration' options of sqm-scripts will be
affected.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Restarting service sysctl echos multiple errors like:
sysctl: -e: No such file or directory
After the first filename, all remaining arguments are treated
as files.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Add each variant to the matching PROVIDERS variables after evaluating
the respective hostapd*, wpad* and wpa* variant.
Each package providing the same feature will automatically conflict with
all prior packages providing the same feature.
This way we can handle the conflicts automatically without introducing
recursive dependencies.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Move common variables and/or values to the package (variant) default.
Add additional values in variant packages if necessary. Remove further
duplicates by introducing new templates.
Remove the ANY_[HOSTAPD|SUPPLICANT_PROVIDERS]_PROVIDERS. The are the
same as the variables without the any prefix. No need to maintain both
variables.
Signed-off-by: Mathias Kresin <dev@kresin.me>
procd needs processes to stay in foreground to remain under its gaze and
control. Failure to do so means service stop commands fail to actually
stop the process (procd doesn't think it's running 'cos the process has
exited already as part of its forking routing)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
As dnsmasq is started earlier than netifd usage of network.sh functions
at boottime will fail; therefore don't call at boottime the functions
which construct the dhcp pool/relay info.
As interface triggers are installed the dhcp pool/relay info will be
constructed when the interface gets reported as up by netifd.
At the same time also register interface triggers based on DHCP relay
config.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The pptp.so plugin needs to be built with -fPIC as well in order to be
linkable again.
Fixes 888a15ff83 ("ppp: add missing -fPIC to rp-pppoe.so CFLAGS")
Fixes e7397eef69 ("ppp: compile with LTO enabled")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Increase the termination timeout to 15s to let OpenVPN properly tear down
its connections, especially when weak links or complex down scripts are
involved.
Fixes FS#859.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When attempting to use any of the functions in network.sh while netifd is
not started yet, the ubus interface dump query will fail with "Not found",
yielding an empty response.
Subsequently, jsonfilter is invoked with an empty string instead of a valid
JSON document, causing it to emit a second "unexpected end of data" error.
This caused the dnsmasq init script to log the following errors during
early boot on some systems:
procd: /etc/rc.d/S19dnsmasq: Command failed: Not found.
procd: /etc/rc.d/S19dnsmasq: Failed to parse json data: unexpected end of data.
Fix the issue by allowing the ubus query to fail with "Not found" but still
logging other failures, and by passing an empty JSON object to jsonfilter
if the interface status cache is empty.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Some HP Thin clients use the broadcom nextreme chip as integrated NIC.
It is connected via PCI express and will only be found automatically if
phy-broadcom is loaded before tg3. This small change makes the thin
client usable for Freifunk with gluon out of the box.
Signed-off-by: Steffen Förster <steffen@chemnitz.freifunk.net>
We can safely assume by now that rpm5.org is dead and isn't coming back
so just add another mirror instead.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'
Signed-off-by: Lukas Mrtvy <lukas.mrtvy@gmail.com>
Bump to the latest cake recipe.
This backports tc class support to kernel 4.9 and other than conditional
kernel compilation pre-processor macros represents the cake that has
gone upstream into kernel 4.19. Loud cheer!
Fun may be had by changing cake tin classification for packets on
ingress. e.g.
tc filter add dev ifb4eth0 parent 800b: protocol ip u32 match \
ip dport 6981 0xffff action skbedit priority 800b:1
Where 800b: represents the filter handle for the ifb obtained by 'tc
qdisc' and the 1 from 800b:1 represents the cake tin number. So the
above example puts all incoming packets destined for port 6981 into the
BULK (lowest priority) tin.
f39ab9a Obey tin_order for tc filter classifiers
1e2473f Clean up after latest backport.
82531d0 Reorder includes to fix out of tree compilation
52cbc00 Code style cleanup
6cdb496 Fix argument order for NL_SET_ERR_MSG_ATTR()
cab17b6 Remove duplicate call to qdisc_watchdog_init()
71c7991 Merge branch 'backport-classful'
32aa7fb Fix compilation on Linux 4.9
9f8fe7a Fix compilation on Linux 4.14
ceab7a3 Rework filter classification
aad5436 Fixed version of class stats
be1c549 Add cake-specific class stats
483399d Use tin_order for class dumps
80dc129 Add class dumping
0c8e6c1 Fix dropping when using filters
c220493 Add the minimum class ops
5ed54d2 Start implementing tc filter/class support
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Override the default shutdown action (stop) and close all processes
of dropbear
Since commit 498fe85, the stop action only closes the process
that's listening for new connections, maintaining the ones with
existing clients.
This poses a problem when restarting or shutting-down a device,
because the connections with existing SSH clients, like OpenSSH,
are not properly closed, causing them to hang.
This situation can be avoided by closing all dropbear processes when
shutting-down the system, which closes properly the connections with
current clients.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
[Luis: Rework commit message]
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
First of all lengths should be compared after checking all blocks for
being good/bad. It's because requested length may differ from a final
one if there were some bad blocks.
Secondly it makes sense to also compare crc32 since we already have a
new one calculated.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Fix broken DHCPv6 servers which provide the server unicast option but
do not reply on DHCPv6 renew messages directed to the IPv6 address
contained in the server unicast option whihc results in broken IPv6
connectivity.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Reading MTD data with (p)read doesn't return any error when accessing
bad block. As the result, with current code, CRC32 covers "data" stored
in bad blocks.
That behavior doesn't match CFE's one (bootloader simply skips bad
blocks) and may result in:
1) Invalid CRC32
2) CFE refusing to boot firmware with a following error:
Boot program checksum is invalid
Fix that problem by checking every block before reading its content.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
08719b1 mt76: use a per rx queue page fragment cache
4d2c565 mt76x2: reset HW before probe
f622975 mt76x2: fix CCK protection control frame rate
6780375 mt76x2: add frame protection support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Allow enabling/commenting/disabling each feed individually by using a
tristate config symbol.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
FEEDS_ENABLED and FEEDS_DISABLED are derived from FEEDS_AVAILABLE, not
FEEDS_INSTALLED.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'
Signed-off-by: Lukáš Mrtvý <lukas.mrtvy@gmail.com>
Enables support for Dynack feature.
When a remote station is far away, we need to compensate for the distance
by allowing more time for an ACK to arrive back before issueing a retransmission.
Currently, it needs to be set fixed to indicate the maximum distance the remote
station will ever be.
While this mostly works for static antennae, it introduces 2 issues:
- If the actual distance is less, speed is reduced due to a lot of wates wait-time
- If the distance becomes greater, retries start to occur and comms can get lost.
Allowing to set it dynamically using dynack ensures the best possible tradeoff
between speed vs distance.
This feature is currently only supported in ath9k.
it is also disabled by default.
Enabling it can be done in 2 ways:
- issue cmd: iw phy0 set distance auto
- sending the NL80211_ATTR_WIPHY_DYN_ACK flag to mac80211 driver using netlink
Disabling it can be done by providing a valid fixed value.
To give an idea of a practical example:
In my usecase, we have mesh wifi device installed on ships/platforms.
Currently, the coverage class is set at 12000m fixed.
When a vessel moved closer (ex. 1500m), the measured link capacity was a lot
lower compared to setting the coverage class fixed to 1500m
Dynack completely solved this, nearly providing double the bandwidth at closer range
compared to the fixed setting of 12000m being used.
Also when a vessel sailed to a distance greater than the fixed setting,
communication was lost as the ACK's never arrived within the max allowed timeframe.
Actual distance: 6010m
iperf 60s run avg
Fixed 12150m: 31 Mbit/s
Dynack: 58 Mbit/s
Fixed 6300m: 51 Mbit/s
Dynack: 59 Mbit/s
Fixed 3000m: 13 Mbit/s (lots of retries)
Dynack: 58 Mbit/s
Actual distance: 1504m
iperf 60s run avg
Fixed 12150m: 31 Mbit/s
Dynack: 86 Mbit/s
Fixed 6300m: 55 Mbit/s
Dynack: 87 Mbit/s
Fixed 3000m: 67 Mbit/s
Dynack: 87 Mbit/s
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* device: print daddr not saddr in missing peer error
* receive: style
Debug messages now make sense again.
* wg-quick: android: support excluding applications
Android now supports excluding certain apps (uids) from the tunnel.
* selftest: ratelimiter: improve chance of success via retry
* qemu: bump default kernel version
* qemu: decide debug kernel based on KERNEL_VERSION
Some improvements to our testing infrastructure.
* receive: use NAPI on the receive path
This is a big change that should both improve preemption latency (by not
disabling it unconditionally) and vastly improve rx performance on most
systems by using NAPI. The main purpose of this snapshot is to test out this
technique.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Update to the latest version of iproute2; see https://lwn.net/Articles/756991/
for a full overview of the changes in 4.17.
Remove upstream patch 002-json_print-fix-hidden-64-bit-type-promotion.
Backport upstream patch 001-rdma-sync-some-IP-headers-with-glibc fixing
rdma compile issue.
At the same time re-organize patch numbering so the OpenWRT specific
patches start at 100.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
345bba0 dhcpv4: improve error checking in handle_dhcpv4()
c0f6390 odhcpd: Check if open the ioctl socket failed
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Aleksandr V. Piskunov
Ansuel Smith
Jason A. Donenfeld
Felix Fietkau
Kevin Darbyshire-Bryant
Luiz Angelo Daros de Luca
Mathias Kresin
Hans Dedecker
Jo-Philipp Wich
Peter Wagner
Steffen Förster
Daniel Engberg
Lukas Mrtvy
Christian Schoenebeck
Rafał Miłecki
Matthias Schiffer
Koen Vandeputte
Moritz Warning