LINUX_RELEASE?=1
-LINUX_VERSION-3.18 = .45
+LINUX_VERSION-3.18 = .75
-LINUX_KERNEL_MD5SUM-3.18.45 = c527bae0aa1a5d6f3ebe31ad348c5339
+LINUX_KERNEL_MD5SUM-3.18.75 = 7e49dc4c2e7abc4398172c04c431dbce
ifdef KERNEL_PATCHVER
LINUX_VERSION:=$(KERNEL_PATCHVER)$(strip $(LINUX_VERSION-$(KERNEL_PATCHVER)))
else
cat << EOF
=== IMPORTANT ============================
- Use 'passwd' to set your login password
- this will disable telnet and enable SSH
+ Use 'passwd' to set your login password!
------------------------------------------
EOF
fi
#!/bin/sh
-# Copyright (C) 2006 OpenWrt.org
+# Copyright (C) 2006-2015 OpenWrt.org
# Copyright (C) 2010 Vertical Communications
failsafe_netlogin () {
- telnetd -l /bin/login.sh <> /dev/null 2>&1
+ dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key
+ dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1
}
failsafe_shell() {
--- /dev/null
+This is only needed for kernel < 2.6.29 and conflicts with kernel 4.4.42
+
+--- a/backport-include/linux/cred.h
++++ /dev/null
+@@ -1,10 +0,0 @@
+-#ifndef __BACKPORT_LINUX_CRED_H
+-#define __BACKPORT_LINUX_CRED_H
+-#include_next <linux/cred.h>
+-#include <linux/version.h>
+-
+-#ifndef current_user_ns
+-#define current_user_ns() (current->nsproxy->user_ns)
+-#endif
+-
+-#endif /* __BACKPORT_LINUX_CRED_H */
#
-# Copyright (C) 2006-2012 OpenWrt.org
+# Copyright (C) 2006-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=lzo
-PKG_VERSION:=2.08
+PKG_VERSION:=2.10
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.oberhumer.com/opensource/lzo/download/
-PKG_MD5SUM:=fcec64c26a0f4f4901468f360029678f
+PKG_MD5SUM:=39d3f3f9c55c87b1e5d6888e1420f4b5
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
--- /dev/null
+--- a/include/mbedtls/config.h
++++ b/include/mbedtls/config.h
+@@ -185,7 +185,7 @@
+ *
+ * Uncomment to get errors on using deprecated functions.
+ */
+-//#define MBEDTLS_DEPRECATED_REMOVED
++#define MBEDTLS_DEPRECATED_REMOVED
+
+ /* \} name SECTION: System support */
+
+@@ -341,7 +341,7 @@
+ *
+ * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
+ */
+-#define MBEDTLS_CIPHER_MODE_CFB
++//#define MBEDTLS_CIPHER_MODE_CFB
+
+ /**
+ * \def MBEDTLS_CIPHER_MODE_CTR
+@@ -435,13 +435,13 @@
+ *
+ * Comment macros to disable the curve and functions for it
+ */
+-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
++//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
++//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ #define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
++//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
++//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ #define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ #define MBEDTLS_ECP_DP_BP256R1_ENABLED
+ #define MBEDTLS_ECP_DP_BP384R1_ENABLED
+@@ -517,7 +517,7 @@
+ * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ */
+-#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
++//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+
+ /**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+@@ -562,7 +562,7 @@
+ * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ */
+-#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
++//#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+
+ /**
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+@@ -616,7 +616,7 @@
+ * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ */
+-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
++//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+
+ /**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+@@ -689,7 +689,7 @@
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
++//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+
+ /**
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+@@ -713,7 +713,7 @@
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ */
+-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
++//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+
+ /**
+ * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+@@ -879,7 +879,7 @@
+ *
+ * Comment this macro to disable support for external private RSA keys.
+ */
+-#define MBEDTLS_PK_RSA_ALT_SUPPORT
++//#define MBEDTLS_PK_RSA_ALT_SUPPORT
+
+ /**
+ * \def MBEDTLS_PKCS1_V15
+@@ -911,14 +911,14 @@
+ * Uncomment this macro to disable the use of CRT in RSA.
+ *
+ */
+-//#define MBEDTLS_RSA_NO_CRT
++#define MBEDTLS_RSA_NO_CRT
+
+ /**
+ * \def MBEDTLS_SELF_TEST
+ *
+ * Enable the checkup functions (*_self_test).
+ */
+-#define MBEDTLS_SELF_TEST
++//#define MBEDTLS_SELF_TEST
+
+ /**
+ * \def MBEDTLS_SHA256_SMALLER
+@@ -934,7 +934,7 @@
+ *
+ * Uncomment to enable the smaller implementation of SHA256.
+ */
+-//#define MBEDTLS_SHA256_SMALLER
++#define MBEDTLS_SHA256_SMALLER
+
+ /**
+ * \def MBEDTLS_SSL_AEAD_RANDOM_IV
+@@ -1271,7 +1271,7 @@
+ *
+ * Comment this macro to disable support for truncated HMAC in SSL
+ */
+-#define MBEDTLS_SSL_TRUNCATED_HMAC
++//#define MBEDTLS_SSL_TRUNCATED_HMAC
+
+ /**
+ * \def MBEDTLS_THREADING_ALT
+@@ -1507,7 +1507,7 @@
+ * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
+ */
+-#define MBEDTLS_ARC4_C
++//#define MBEDTLS_ARC4_C
+
+ /**
+ * \def MBEDTLS_ASN1_PARSE_C
+@@ -1572,7 +1572,7 @@
+ *
+ * Module: library/blowfish.c
+ */
+-#define MBEDTLS_BLOWFISH_C
++//#define MBEDTLS_BLOWFISH_C
+
+ /**
+ * \def MBEDTLS_CAMELLIA_C
+@@ -1627,7 +1627,7 @@
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ */
+-#define MBEDTLS_CAMELLIA_C
++//#define MBEDTLS_CAMELLIA_C
+
+ /**
+ * \def MBEDTLS_CCM_C
+@@ -1641,7 +1641,7 @@
+ * This module enables the AES-CCM ciphersuites, if other requisites are
+ * enabled as well.
+ */
+-#define MBEDTLS_CCM_C
++//#define MBEDTLS_CCM_C
+
+ /**
+ * \def MBEDTLS_CERTS_C
+@@ -1653,7 +1653,7 @@
+ *
+ * This module is used for testing (ssl_client/server).
+ */
+-#define MBEDTLS_CERTS_C
++//#define MBEDTLS_CERTS_C
+
+ /**
+ * \def MBEDTLS_CIPHER_C
+@@ -1693,7 +1693,7 @@
+ *
+ * This module provides debugging functions.
+ */
+-#define MBEDTLS_DEBUG_C
++//#define MBEDTLS_DEBUG_C
+
+ /**
+ * \def MBEDTLS_DES_C
+@@ -1733,7 +1733,7 @@
+ * This module is used by the following key exchanges:
+ * DHE-RSA, DHE-PSK
+ */
+-#define MBEDTLS_DHM_C
++//#define MBEDTLS_DHM_C
+
+ /**
+ * \def MBEDTLS_ECDH_C
+@@ -2151,7 +2151,7 @@
+ * Caller: library/mbedtls_md.c
+ *
+ */
+-#define MBEDTLS_RIPEMD160_C
++//#define MBEDTLS_RIPEMD160_C
+
+ /**
+ * \def MBEDTLS_RSA_C
+@@ -2461,7 +2461,7 @@
+ * Module: library/xtea.c
+ * Caller:
+ */
+-#define MBEDTLS_XTEA_C
++//#define MBEDTLS_XTEA_C
+
+ /* \} name SECTION: mbed TLS modules */
+
PKG_NAME:=polarssl
SRC_PKG_NAME:=mbedtls
-PKG_VERSION:=1.3.14
+PKG_VERSION:=1.3.17
PKG_RELEASE:=1
PKG_USE_MIPS16:=0
PKG_SOURCE:=$(SRC_PKG_NAME)-$(PKG_VERSION)-gpl.tgz
-PKG_SOURCE_URL:=https://polarssl.org/download/
-PKG_MD5SUM:=869c7b5798b8769902880c7cf0212fed
+PKG_SOURCE_URL:=https://tls.mbed.org/download/
+PKG_MD5SUM:=a6ed92fc377ef60f7c24d42b900e0dad
PKG_BUILD_DIR:=$(BUILD_DIR)/$(SRC_PKG_NAME)-$(PKG_VERSION)
+++ /dev/null
---- a/include/polarssl/config.h
-+++ b/include/polarssl/config.h
-@@ -1011,8 +1011,8 @@
- * POLARSSL_SHA1_C
- *
- * Comment this macro to disable support for SSL 3.0
-- */
- #define POLARSSL_SSL_PROTO_SSL3
-+ */
-
- /**
- * \def POLARSSL_SSL_PROTO_TLS1
/**
* \def POLARSSL_SSL_AEAD_RANDOM_IV
-@@ -1138,8 +1138,8 @@
+@@ -1151,8 +1151,8 @@
* Requires: POLARSSL_VERSION_C
*
* Comment this to disable run-time checking and save ROM space
/**
* \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
-@@ -1457,8 +1457,8 @@
+@@ -1470,8 +1470,8 @@
* TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
* TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
* TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
/**
* \def POLARSSL_CCM_C
-@@ -1485,8 +1485,8 @@
+@@ -1498,8 +1498,8 @@
* Requires: POLARSSL_PEM_PARSE_C
*
* This module is used for testing (ssl_client/server).
/**
* \def POLARSSL_CIPHER_C
-@@ -1525,8 +1525,8 @@
+@@ -1538,8 +1538,8 @@
* library/ssl_tls.c
*
* This module provides debugging functions.
/**
* \def POLARSSL_DES_C
-@@ -1581,8 +1581,8 @@
+@@ -1594,8 +1594,8 @@
* ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
*
* Requires: POLARSSL_ECP_C
/**
* \def POLARSSL_ECDSA_C
-@@ -1596,8 +1596,8 @@
+@@ -1609,8 +1609,8 @@
* ECDHE-ECDSA
*
* Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
/**
* \def POLARSSL_ECP_C
-@@ -1609,8 +1609,8 @@
+@@ -1622,8 +1622,8 @@
* library/ecdsa.c
*
* Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED
/**
* \def POLARSSL_ENTROPY_C
-@@ -1649,8 +1649,8 @@
- *
- * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
- * requisites are enabled as well.
-- */
- #define POLARSSL_GCM_C
-+ */
-
- /**
- * \def POLARSSL_HAVEGE_C
-@@ -1686,8 +1686,8 @@
+@@ -1699,8 +1699,8 @@
* Requires: POLARSSL_MD_C
*
* Uncomment to enable the HMAC_DRBG random number geerator.
/**
* \def POLARSSL_MD_C
-@@ -1813,8 +1813,8 @@
+@@ -1826,8 +1826,8 @@
* Requires: POLARSSL_HAVE_ASM
*
* This modules adds support for the VIA PadLock on x86.
/**
* \def POLARSSL_PBKDF2_C
-@@ -1979,8 +1979,8 @@
+@@ -1992,8 +1992,8 @@
* Module: library/ripemd160.c
* Caller: library/md.c
*
/**
* \def POLARSSL_RSA_C
-@@ -2059,8 +2059,8 @@
+@@ -2072,8 +2072,8 @@
* Caller:
*
* Requires: POLARSSL_SSL_CACHE_C
/**
* \def POLARSSL_SSL_CLI_C
-@@ -2136,8 +2136,8 @@
+@@ -2149,8 +2149,8 @@
* Caller: library/havege.c
*
* This module is used by the HAVEGE random number generator.
/**
* \def POLARSSL_VERSION_C
-@@ -2147,8 +2147,8 @@
+@@ -2160,8 +2160,8 @@
* Module: library/version.c
*
* This module provides run-time version information.
/**
* \def POLARSSL_X509_USE_C
-@@ -2257,8 +2257,8 @@
+@@ -2270,8 +2270,8 @@
*
* Module: library/xtea.c
* Caller:
include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
-PKG_VERSION:=2.73
+PKG_VERSION:=2.78
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
-PKG_MD5SUM:=b8bfe96d22945c8cf4466826ba9b21bd
+PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/
+PKG_MD5SUM:=6d0241b72c79d2b510776ccc4ed69ca4
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
PKG_BUILD_PARALLEL:=1
PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6 \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec \
+ CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_noid \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth \
CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset
define Package/dnsmasq-full
$(call Package/dnsmasq/Default)
- TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset enabled by default)
+ TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset, NO_ID enabled by default)
DEPENDS:=+PACKAGE_dnsmasq_full_dnssec:libnettle \
+PACKAGE_dnsmasq_full_dhcpv6:kmod-ipv6 \
+PACKAGE_dnsmasq_full_ipset:kmod-ipt-ipset
define Package/dnsmasq-full/description
$(call Package/dnsmasq/description)
-This is a fully configurable variant with DHCPv6, DNSSEC, Authroitative DNS and
-IPset support enabled by default.
+This is a fully configurable variant with DHCPv6, DNSSEC, Authoritative DNS and
+IPset, NO_ID support enabled by default.
endef
define Package/dnsmasq/conffiles
config PACKAGE_dnsmasq_full_dnssec
bool "Build with DNSSEC support."
default y
+ config PACKAGE_dnsmasq_full_noid
+ bool "Build with NO_ID. (hide *.bind pseudo domain)"
+ default y
config PACKAGE_dnsmasq_full_auth
bool "Build with the facility to act as an authoritative DNS server."
default y
COPTS += $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6),,-DNO_DHCP6) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec),-DHAVE_DNSSEC) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth),,-DNO_AUTH) \
+ $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_noid),-DNO_ID,) \
$(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset),,-DNO_IPSET)
COPTS += $(if $(CONFIG_LIBNETTLE_MINI),-DNO_GMP,)
else
- COPTS += -DNO_AUTH -DNO_IPSET
+ COPTS += -DNO_AUTH -DNO_IPSET -DNO_ID
endif
MAKE_FLAGS := \
+++ /dev/null
---- a/src/dhcp.c
-+++ b/src/dhcp.c
-@@ -146,7 +146,7 @@ void dhcp_packet(time_t now, int pxe_fd)
- struct iovec iov;
- ssize_t sz;
- int iface_index = 0, unicast_dest = 0, is_inform = 0;
-- struct in_addr iface_addr;
-+ struct in_addr iface_addr, *addrp = NULL;
- struct iface_param parm;
- #ifdef HAVE_LINUX_NETWORK
- struct arpreq arp_req;
-@@ -272,11 +272,9 @@ void dhcp_packet(time_t now, int pxe_fd)
- {
- ifr.ifr_addr.sa_family = AF_INET;
- if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1 )
-- iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
-- else
- {
-- my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name);
-- return;
-+ addrp = &iface_addr;
-+ iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
- }
-
- for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next)
-@@ -295,7 +293,7 @@ void dhcp_packet(time_t now, int pxe_fd)
- parm.relay_local.s_addr = 0;
- parm.ind = iface_index;
-
-- if (!iface_check(AF_INET, (struct all_addr *)&iface_addr, ifr.ifr_name, NULL))
-+ if (!iface_check(AF_INET, (struct all_addr *)addrp, ifr.ifr_name, NULL))
- {
- /* If we failed to match the primary address of the interface, see if we've got a --listen-address
- for a secondary */
-@@ -315,6 +313,12 @@ void dhcp_packet(time_t now, int pxe_fd)
- complete_context(match.addr, iface_index, NULL, match.netmask, match.broadcast, &parm);
- }
-
-+ if (!addrp)
-+ {
-+ my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name);
-+ return;
-+ }
-+
- if (!iface_enumerate(AF_INET, &parm, complete_context))
- return;
-
(buffer = safe_malloc(BUFF_SZ)) &&
(ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 &&
(bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1))
-@@ -168,62 +149,16 @@ static int new_add_to_ipset(const char *
- }
-
-
--static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int remove)
--{
-- socklen_t size;
-- struct ip_set_req_adt_get {
-- unsigned op;
-- unsigned version;
-- union {
-- char name[IPSET_MAXNAMELEN];
-- uint16_t index;
-- } set;
-- char typename[IPSET_MAXNAMELEN];
-- } req_adt_get;
-- struct ip_set_req_adt {
-- unsigned op;
-- uint16_t index;
-- uint32_t ip;
-- } req_adt;
--
-- if (strlen(setname) >= sizeof(req_adt_get.set.name))
-- {
-- errno = ENAMETOOLONG;
-- return -1;
-- }
--
-- req_adt_get.op = 0x10;
-- req_adt_get.version = 3;
-- strcpy(req_adt_get.set.name, setname);
-- size = sizeof(req_adt_get);
-- if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0)
-- return -1;
-- req_adt.op = remove ? 0x102 : 0x101;
-- req_adt.index = req_adt_get.set.index;
-- req_adt.ip = ntohl(ipaddr->addr.addr4.s_addr);
-- if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0)
-- return -1;
--
-- return 0;
--}
--
--
--
- int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove)
- {
- int af = AF_INET;
-
- #ifdef HAVE_IPV6
+@@ -217,17 +198,10 @@ int add_to_ipset(const char *setname, co
if (flags & F_IPV6)
-- {
+ {
af = AF_INET6;
- /* old method only supports IPv4 */
- if (old_kernel)
-- return -1;
-- }
+- {
+- errno = EAFNOSUPPORT ;
+- ret = -1;
+- }
+ }
#endif
-- return old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove);
-+ return new_add_to_ipset(setname, ipaddr, af, remove);
- }
+- if (ret != -1)
+- ret = old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove);
++ ret = new_add_to_ipset(setname, ipaddr, af, remove);
- #endif
+ if (ret == -1)
+ my_syslog(LOG_ERR, _("failed to update ipset %s: %s"), setname, strerror(errno));
--- a/src/dnssec.c
+++ b/src/dnssec.c
-@@ -432,17 +432,24 @@ static int back_to_the_future;
+@@ -462,17 +462,24 @@ static time_t timestamp_time;
int setup_timestamp(void)
{
struct stat statbuf;
--
+ time_t now;
+ time_t base = 1420070400; /* 1-1-2015 */
-+
- back_to_the_future = 0;
+
+ daemon->back_to_the_future = 0;
if (!daemon->timestamp_file)
return 0;
--
+
+ now = time(NULL);
+
+ if (!stat("/proc/self/exe", &statbuf) && difftime(statbuf.st_mtime, base) > 0)
+ base = statbuf.st_mtime;
-+
+
if (stat(daemon->timestamp_file, &statbuf) != -1)
{
timestamp_time = statbuf.st_mtime;
check_and_exit:
- if (difftime(timestamp_time, time(0)) <= 0)
-+ if (difftime(now, base) >= 0 && difftime(timestamp_time, now) <= 0)
++ if (difftime(now, base) >= 0 && difftime(timestamp_time, now) <= 0)
{
/* time already OK, update timestamp, and do key checking from the start. */
- if (utime(daemon->timestamp_file, NULL) == -1)
-@@ -463,7 +470,7 @@ int setup_timestamp(void)
+ if (utimes(daemon->timestamp_file, NULL) == -1)
+@@ -493,7 +500,7 @@ int setup_timestamp(void)
close(fd);
-- timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */
-+ timestamp_time = timbuf.actime = timbuf.modtime = base;
- if (utime(daemon->timestamp_file, &timbuf) == 0)
- goto check_and_exit;
- }
+- timestamp_time = 1420070400; /* 1-1-2015 */
++ timestamp_time = base; /* 1-1-2015 */
+ tv[0].tv_sec = tv[1].tv_sec = timestamp_time;
+ tv[0].tv_usec = tv[1].tv_usec = 0;
+ if (utimes(daemon->timestamp_file, tv) == 0)
--- /dev/null
+dnsmasq: fix warning with poll.h include on musl
+
+Warning is:
+ #warning redirecting incorrect #include <sys/poll.h> to <poll.h>
+
+Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
+
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -88,7 +88,7 @@ typedef unsigned long long u64;
+ #if defined(HAVE_SOLARIS_NETWORK)
+ # include <sys/sockio.h>
+ #endif
+-#include <sys/poll.h>
++#include <poll.h>
+ #include <sys/wait.h>
+ #include <sys/time.h>
+ #include <sys/un.h>
menu "Configuration"
depends on PACKAGE_dropbear
+config DROPBEAR_CURVE25519
+ bool "Curve25519 support"
+ default y
+ help
+ This enables the following key exchange algorithm:
+ curve25519-sha256@libssh.org
+
+ Increases binary size by about 13 kB uncompressed (MIPS).
+
config DROPBEAR_ECC
bool "Elliptic curve cryptography (ECC)"
default n
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
- curve25519-sha256@libssh.org
Public key algorithms:
ecdsa-sha2-nistp256
Does not generate ECC host keys by default (ECC key exchange will not be used,
only ECC public key auth).
- Increases binary size by about 36 kB (MIPS).
+ Increases binary size by about 23 kB (MIPS).
+
+config DROPBEAR_UTMP
+ bool "Utmp support"
+ default n
+ depends on BUSYBOX_CONFIG_FEATURE_UTMP
+ help
+ This enables dropbear utmp support, the file /var/run/utmp is used to
+ track who is currently logged in.
+
+config DROPBEAR_PUTUTLINE
+ bool "Pututline support"
+ default n
+ depends on DROPBEAR_UTMP
+ help
+ Dropbear will use pututline() to write the utmp structure into the utmp file.
endmenu
#
-# Copyright (C) 2006-2014 OpenWrt.org
+# Copyright (C) 2006-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear
-PKG_VERSION:=2015.67
+PKG_VERSION:=2017.75
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
http://matt.ucc.asn.au/dropbear/releases/ \
https://dropbear.nl/mirror/releases/
-PKG_MD5SUM:=e967e320344cd4bfebe321e3ab8514d6
+PKG_MD5SUM:=e57e9b9d25705dcb073ba15c416424fd
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
PKG_BUILD_PARALLEL:=1
PKG_USE_MIPS16:=0
-PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC
+PKG_CONFIG_DEPENDS:=CONFIG_TARGET_INIT_PATH CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_CURVE25519
include $(INCLUDE_DIR)/package.mk
+ifneq ($(DUMP),1)
+ STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell $(SH_FUNC) echo $(CONFIG_TARGET_INIT_PATH) | md5s)
+endif
+
define Package/dropbear/Default
URL:=http://matt.ucc.asn.au/dropbear/
endef
define Package/dropbear/conffiles
/etc/dropbear/dropbear_rsa_host_key
-/etc/dropbear/dropbear_dss_host_key
/etc/config/dropbear
endef
--enable-syslog \
$(if $(CONFIG_SHADOW_PASSWORDS),,--disable-shadow) \
--disable-lastlog \
- --disable-utmp \
- --disable-utmpx \
+ $(if $(CONFIG_DROPBEAR_UTMP),,--disable-utmp) \
--disable-wtmp \
--disable-wtmpx \
--disable-loginfunc \
- --disable-pututline \
+ $(if $(CONFIG_DROPBEAR_PUTUTLINE),,--disable-pututline) \
--disable-pututxline \
--disable-zlib \
--enable-bundled-libtom
-TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections
+TARGET_CFLAGS += -DDEFAULT_PATH=\\\"$(TARGET_INIT_PATH)\\\" -DARGTYPE=3 -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
define Build/Configure
$(Build/Configure/Default)
+ $(SED) 's,^#define DEFAULT_PATH .*$$$$,#define DEFAULT_PATH "$(TARGET_INIT_PATH)",g' \
+ $(PKG_BUILD_DIR)/options.h
+
+ awk 'BEGIN { rc = 1 } \
+ /'DROPBEAR_CURVE25519'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_CURVE25519),,// )#define 'DROPBEAR_CURVE25519'"; rc = 0 } \
+ { print } \
+ END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \
+ >$(PKG_BUILD_DIR)/options.h.new && \
+ mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h
+
# Enforce that all replacements are made, otherwise options.h has changed
# format and this logic is broken.
- for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \
+ for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH; do \
awk 'BEGIN { rc = 1 } \
/'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \
{ print } \
>$(PKG_BUILD_DIR)/options.h.new && \
mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \
done
+
+ # remove protocol idented software version number
+ $(SED) 's,^#define LOCAL_IDENT .*$$$$,#define LOCAL_IDENT "SSH-2.0-dropbear",g' \
+ $(PKG_BUILD_DIR)/sysoptions.h
+
+ # Enforce rebuild of svr-chansession.c
+ rm -f $(PKG_BUILD_DIR)/svr-chansession.o
endef
define Build/Compile
$(INSTALL_DIR) $(1)/usr/lib/opkg/info
$(INSTALL_DIR) $(1)/etc/dropbear
touch $(1)/etc/dropbear/dropbear_rsa_host_key
- touch $(1)/etc/dropbear/dropbear_dss_host_key
endef
define Package/dropbearconvert/install
'RootPasswordAuth:bool:1' \
'RootLogin:bool:1' \
'rsakeyfile:file' \
- 'dsskeyfile:file' \
'BannerFile:file' \
'Port:list(port):22' \
'SSHKeepAlive:uinteger:300' \
{
local PasswordAuth enable Interface GatewayPorts \
RootPasswordAuth RootLogin rsakeyfile \
- dsskeyfile BannerFile Port SSHKeepAlive IdleTimeout \
+ BannerFile Port SSHKeepAlive IdleTimeout \
mdns ipaddrs
validate_section_dropbear "${1}" || {
[ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
[ "${RootLogin}" -eq 0 ] && procd_append_param command -w
[ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}"
- [ -n "${dsskeyfile}" ] && procd_append_param command -d "${dsskeyfile}"
[ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}"
append_ports "${ipaddrs}" "${Port}"
[ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}"
[ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}"
[ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear"
+ procd_set_param respawn
procd_close_instance
}
keygen()
{
- for keytype in rsa dss; do
+ for keytype in rsa; do
# check for keys
key=dropbear/dropbear_${keytype}_host_key
[ -f /tmp/$key -o -s /etc/$key ] || {
chmod 0700 /etc/dropbear
}
+load_interfaces()
+{
+ config_get interface "$1" Interface
+ interfaces=" ${interface} ${interfaces}"
+}
+
start_service()
{
- [ -s /etc/dropbear/dropbear_rsa_host_key -a \
- -s /etc/dropbear/dropbear_dss_host_key ] || keygen
+ [ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen
. /lib/functions.sh
. /lib/functions/network.sh
service_triggers()
{
- procd_add_reload_trigger "dropbear"
+ local interfaces
+
+ procd_open_trigger
+ procd_add_config_trigger "config.change" "dropbear" /etc/init.d/dropbear reload
+
+ config_load "${NAME}"
+ config_foreach load_interfaces dropbear
+
+ [ -n "${interfaces}" ] & {
+ for n in $interfaces ; do
+ procd_add_interface_trigger "interface.*" $n /etc/init.d/dropbear reload
+ done
+ }
+ procd_close_trigger
+
procd_add_validation validate_section_dropbear
}
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
-@@ -208,17 +208,21 @@ static int checkpubkey(unsigned char* al
+@@ -220,14 +220,20 @@ static int checkpubkey(char* algo, unsig
goto out;
}
- filename = m_malloc(len + 22);
- snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
- ses.authstate.pw_dir);
--
-- /* open the file */
-- authfile = fopen(filename, "r");
+ if (ses.authstate.pw_uid != 0) {
+ /* we don't need to check pw and pw_dir for validity, since
+ * its been done in checkpubkeyperms. */
+ /* allocate max required pathname storage,
+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+ filename = m_malloc(len + 22);
-+ snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
-+ ses.authstate.pw_dir);
-+
-+ /* open the file */
-+ authfile = fopen(filename, "r");
++ snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
++ ses.authstate.pw_dir);
+ } else {
-+ authfile = fopen("/etc/dropbear/authorized_keys","r");
++ filename = m_malloc(30);
++ strncpy(filename, "/etc/dropbear/authorized_keys", 30);
+ }
- if (authfile == NULL) {
- goto out;
- }
-@@ -371,26 +375,35 @@ static int checkpubkeyperms() {
++
+
+ /* open the file as the authenticating user. */
+ origuid = getuid();
+@@ -396,26 +402,35 @@ static int checkpubkeyperms() {
goto out;
}
--- a/svr-chansession.c
+++ b/svr-chansession.c
-@@ -920,12 +920,12 @@ static void execchild(void *user_data) {
+@@ -922,12 +922,12 @@ static void execchild(void *user_data) {
/* We can only change uid/gid as root ... */
if (getuid() == 0) {
/* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
#define ENABLE_USER_ALGO_LIST
-@@ -126,9 +126,9 @@ much traffic. */
+@@ -91,16 +91,16 @@ much traffic. */
+ * Including multiple keysize variants the same cipher
+ * (eg AES256 as well as AES128) will result in a minimal size increase.*/
+ #define DROPBEAR_AES128
+-#define DROPBEAR_3DES
++/*#define DROPBEAR_3DES*/
+ #define DROPBEAR_AES256
+ /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
+ /*#define DROPBEAR_BLOWFISH*/
+-#define DROPBEAR_TWOFISH256
+-#define DROPBEAR_TWOFISH128
++/*#define DROPBEAR_TWOFISH256*/
++/*#define DROPBEAR_TWOFISH128*/
+
+ /* Enable CBC mode for ciphers. This has security issues though
+ * is the most compatible with older SSH implementations */
+-#define DROPBEAR_ENABLE_CBC_MODE
++/*#define DROPBEAR_ENABLE_CBC_MODE*/
+
+ /* Enable "Counter Mode" for ciphers. This is more secure than normal
+ * CBC mode against certain attacks. It is recommended for security
+@@ -131,9 +131,9 @@ If you test it please contact the Dropbe
* If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
* which are not the standard form. */
#define DROPBEAR_SHA1_HMAC
-#define DROPBEAR_SHA1_96_HMAC
--#define DROPBEAR_SHA2_256_HMAC
--#define DROPBEAR_SHA2_512_HMAC
+/*#define DROPBEAR_SHA1_96_HMAC*/
-+/*#define DROPBEAR_SHA2_256_HMAC*/
+ #define DROPBEAR_SHA2_256_HMAC
+-#define DROPBEAR_SHA2_512_HMAC
+/*#define DROPBEAR_SHA2_512_HMAC*/
#define DROPBEAR_MD5_HMAC
/* You can also disable integrity. Don't bother disabling this if you're
-@@ -184,7 +184,7 @@ much traffic. */
+@@ -146,7 +146,7 @@ If you test it please contact the Dropbe
+ * Removing either of these won't save very much space.
+ * SSH2 RFC Draft requires dss, recommends rsa */
+ #define DROPBEAR_RSA
+-#define DROPBEAR_DSS
++/*#define DROPBEAR_DSS*/
+ /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
+ * code (either ECDSA or ECDH) increases binary size - around 30kB
+ * on x86-64 */
+@@ -194,7 +194,7 @@ If you test it please contact the Dropbe
/* Whether to print the message of the day (MOTD). This doesn't add much code
* size */
/* The MOTD file path */
#ifndef MOTD_FILENAME
-@@ -226,7 +226,7 @@ much traffic. */
+@@ -242,7 +242,7 @@ Homedir is prepended unless path begins
* note that it will be provided for all "hidden" client-interactive
* style prompts - if you want something more sophisticated, use
* SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
+++ /dev/null
---- a/cli-runopts.c
-+++ b/cli-runopts.c
-@@ -315,6 +315,10 @@ void cli_getopts(int argc, char ** argv)
- debug_trace = 1;
- break;
- #endif
-+ case 'o':
-+ next = &dummy;
-+ case 'x':
-+ break;
- case 'F':
- case 'e':
- #ifndef ENABLE_USER_ALGO_LIST
-@@ -332,7 +336,6 @@ void cli_getopts(int argc, char ** argv)
- print_version();
- exit(EXIT_SUCCESS);
- break;
-- case 'o':
- case 'b':
- next = &dummy;
- default:
--- /dev/null
+--- a/cli-runopts.c
++++ b/cli-runopts.c
+@@ -296,6 +296,8 @@ void cli_getopts(int argc, char ** argv)
+ debug_trace = 1;
+ break;
+ #endif
++ case 'x':
++ break;
+ case 'F':
+ case 'e':
+ #ifndef ENABLE_USER_ALGO_LIST
--- a/dbutil.h
+++ b/dbutil.h
-@@ -101,7 +101,11 @@ int m_str_to_uint(const char* str, unsig
+@@ -78,7 +78,11 @@ int m_str_to_uint(const char* str, unsig
#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
/* Dropbear assertion */
--- a/options.h
+++ b/options.h
@@ -5,6 +5,11 @@
- #ifndef _OPTIONS_H_
- #define _OPTIONS_H_
+ #ifndef DROPBEAR_OPTIONS_H_
+ #define DROPBEAR_OPTIONS_H_
+#if !defined(DROPBEAR_CLIENT) && !defined(DROPBEAR_SERVER)
+#define DROPBEAR_SERVER
--- a/options.h
+++ b/options.h
-@@ -336,7 +336,7 @@ be overridden at runtime with -I. 0 disa
+@@ -352,7 +352,9 @@ be overridden at runtime with -I. 0 disa
#define DEFAULT_IDLE_TIMEOUT 0
/* The default path. This will often get replaced by the shell */
--#define DEFAULT_PATH "/usr/bin:/bin"
-+#define DEFAULT_PATH "/bin:/sbin:/usr/bin:/usr/sbin"
++#ifndef DEFAULT_PATH
+ #define DEFAULT_PATH "/usr/bin:/bin"
++#endif
/* Some other defines (that mostly should be left alone) are defined
* in sysoptions.h */
--- /dev/null
+--- a/svr-auth.c
++++ b/svr-auth.c
+@@ -149,7 +149,7 @@ void recv_msg_userauth_request() {
+ AUTH_METHOD_NONE_LEN) == 0) {
+ TRACE(("recv_msg_userauth_request: 'none' request"))
+ if (valid_user
+- && svr_opts.allowblankpass
++ && (svr_opts.allowblankpass || !strcmp(ses.authstate.pw_name, "root"))
+ && !svr_opts.noauthpass
+ && !(svr_opts.norootpass && ses.authstate.pw_uid == 0)
+ && ses.authstate.pw_passwd[0] == '\0')
--- /dev/null
+--- a/svr-runopts.c
++++ b/svr-runopts.c
+@@ -488,6 +488,7 @@ void load_all_hostkeys() {
+ m_free(hostkey_file);
+ }
+
++ if (svr_opts.num_hostkey_files <= 0) {
+ #ifdef DROPBEAR_RSA
+ loadhostkey(RSA_PRIV_FILENAME, 0);
+ #endif
+@@ -499,6 +500,7 @@ void load_all_hostkeys() {
+ #ifdef DROPBEAR_ECDSA
+ loadhostkey(ECDSA_PRIV_FILENAME, 0);
+ #endif
++ }
+
+ #ifdef DROPBEAR_DELAY_HOSTKEY
+ if (svr_opts.delay_hostkey) {
include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd
-PKG_VERSION:=2015-03-25
+PKG_VERSION:=2016-06-15
PKG_RELEASE:=1
-PKG_REV:=8278138e679174b1ec8af7f169c2810a8888e202
+PKG_REV:=31d3692fe5d56c05753ed4a70c7943979e1d29e7
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=git://w1.fi/srv/git/hostap.git
hostapd \
)))
LOCAL_VARIANT=$(patsubst wpad-%,%,$(patsubst supplicant-%,%,$(BUILD_VARIANT)))
+CONFIG_VARIANT:=$(LOCAL_VARIANT)
+ifeq ($(LOCAL_VARIANT),mesh)
+ CONFIG_VARIANT:=full
+endif
ifeq ($(LOCAL_TYPE),supplicant)
ifeq ($(LOCAL_VARIANT),full)
CONFIG_WPA_SUPPLICANT_INTERNAL \
CONFIG_WPA_SUPPLICANT_OPENSSL
endif
- ifeq ($(LOCAL_VARIANT),mesh)
- PKG_CONFIG_DEPENDS += \
- CONFIG_WPA_SUPPLICANT_OPENSSL
- endif
endif
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
endif
endif
ifeq ($(LOCAL_VARIANT),mesh)
- DRIVER_MAKEOPTS += CONFIG_TLS=openssl
+ DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_AP=y CONFIG_SAE=y CONFIG_MESH=y
TARGET_LDFLAGS += -lcrypto -lssl
endif
ifdef CONFIG_WPA_SUPPLICANT_NO_TIMESTAMP_CHECK
define Package/wpad-mesh
$(call Package/wpad/Default)
TITLE+= (with 802.11s mesh and SAE support)
- DEPENDS:=$(DRV_DEPENDS) +libubus +libopenssl +@CONFIG_WPA_SUPPLICANT_OPENSSL @(!TARGET_uml||BROKEN)
- CONFLICTS:=@WPA_SUPPLICANT_INTERNAL
+ DEPENDS:=$(DRV_DEPENDS) +libubus +PACKAGE_wpad-mesh:libopenssl @(!TARGET_uml||BROKEN)
VARIANT:=wpad-mesh
endef
define Build/Configure
$(Build/Configure/rebuild)
- $(if $(wildcard ./files/hostapd-$(LOCAL_VARIANT).config), \
- $(CP) ./files/hostapd-$(LOCAL_VARIANT).config $(PKG_BUILD_DIR)/hostapd/.config \
+ $(if $(wildcard ./files/hostapd-$(CONFIG_VARIANT).config), \
+ $(CP) ./files/hostapd-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/hostapd/.config \
)
- $(CP) ./files/wpa_supplicant-$(LOCAL_VARIANT).config $(PKG_BUILD_DIR)/wpa_supplicant/.config
+ $(CP) ./files/wpa_supplicant-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/wpa_supplicant/.config
endef
TARGET_CPPFLAGS := \
config_add_boolean rsn_preauth auth_cache
config_add_int ieee80211w
+ config_add_int eapol_version
config_add_string 'auth_server:host' 'server:host'
config_add_string auth_secret
wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 \
wps_device_type wps_device_name wps_manufacturer wps_pin \
macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \
- iapp_interface
+ iapp_interface eapol_version
set_default isolate 0
set_default maxassoc 0
set_default hidden 0
set_default wmm 1
set_default uapsd 1
+ set_default eapol_version 0
append bss_conf "ctrl_interface=/var/run/hostapd"
if [ "$isolate" -gt 0 ]; then
[ -e "$wpa_psk_file" ] || touch "$wpa_psk_file"
append bss_conf "wpa_psk_file=$wpa_psk_file" "$N"
}
+ [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"
+
wps_possible=1
append wpa_key_mgmt "WPA-PSK"
;;
[ -n "$vlan_tagged_interface" ] && \
append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N"
}
+
+ [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"
;;
wep)
local wep_keyidx=0
+++ /dev/null
-# Example wpa_supplicant build time configuration
-#
-# This file lists the configuration options that are used when building the
-# hostapd binary. All lines starting with # are ignored. Configuration option
-# lines must be commented out complete, if they are not to be included, i.e.,
-# just setting VARIABLE=n is not disabling that variable.
-#
-# This file is included in Makefile, so variables like CFLAGS and LIBS can also
-# be modified from here. In most cases, these lines should use += in order not
-# to override previous values of the variables.
-
-
-# Uncomment following two lines and fix the paths if you have installed OpenSSL
-# or GnuTLS in non-default location
-#CFLAGS += -I/usr/local/openssl/include
-#LIBS += -L/usr/local/openssl/lib
-
-# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
-# the kerberos files are not in the default include path. Following line can be
-# used to fix build issues on such systems (krb5.h not found).
-#CFLAGS += -I/usr/include/kerberos
-
-# Example configuration for various cross-compilation platforms
-
-#### sveasoft (e.g., for Linksys WRT54G) ######################################
-#CC=mipsel-uclibc-gcc
-#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
-#CFLAGS += -Os
-#CPPFLAGS += -I../src/include -I../../src/router/openssl/include
-#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl
-###############################################################################
-
-#### openwrt (e.g., for Linksys WRT54G) #######################################
-#CC=mipsel-uclibc-gcc
-#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
-#CFLAGS += -Os
-#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \
-# -I../WRT54GS/release/src/include
-#LIBS = -lssl
-###############################################################################
-
-
-# Driver interface for Host AP driver
-CONFIG_DRIVER_HOSTAP=y
-
-# Driver interface for Agere driver
-#CONFIG_DRIVER_HERMES=y
-# Change include directories to match with the local setup
-#CFLAGS += -I../../hcf -I../../include -I../../include/hcf
-#CFLAGS += -I../../include/wireless
-
-# Driver interface for ndiswrapper
-# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
-#CONFIG_DRIVER_NDISWRAPPER=y
-
-# Driver interface for Atmel driver
-# CONFIG_DRIVER_ATMEL=y
-
-# Driver interface for old Broadcom driver
-# Please note that the newer Broadcom driver ("hybrid Linux driver") supports
-# Linux wireless extensions and does not need (or even work) with the old
-# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver.
-#CONFIG_DRIVER_BROADCOM=y
-# Example path for wlioctl.h; change to match your configuration
-#CFLAGS += -I/opt/WRT54GS/release/src/include
-
-# Driver interface for Intel ipw2100/2200 driver
-# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
-#CONFIG_DRIVER_IPW=y
-
-# Driver interface for Ralink driver
-#CONFIG_DRIVER_RALINK=y
-
-# Driver interface for generic Linux wireless extensions
-CONFIG_DRIVER_WEXT=y
-
-# Driver interface for Linux drivers using the nl80211 kernel interface
-CONFIG_DRIVER_NL80211=y
-
-# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-#CONFIG_DRIVER_BSD=y
-#CFLAGS += -I/usr/local/include
-#LIBS += -L/usr/local/lib
-#LIBS_p += -L/usr/local/lib
-#LIBS_c += -L/usr/local/lib
-
-# Driver interface for Windows NDIS
-#CONFIG_DRIVER_NDIS=y
-#CFLAGS += -I/usr/include/w32api/ddk
-#LIBS += -L/usr/local/lib
-# For native build using mingw
-#CONFIG_NATIVE_WINDOWS=y
-# Additional directories for cross-compilation on Linux host for mingw target
-#CFLAGS += -I/opt/mingw/mingw32/include/ddk
-#LIBS += -L/opt/mingw/mingw32/lib
-#CC=mingw32-gcc
-# By default, driver_ndis uses WinPcap for low-level operations. This can be
-# replaced with the following option which replaces WinPcap calls with NDISUIO.
-# However, this requires that WZC is disabled (net stop wzcsvc) before starting
-# wpa_supplicant.
-# CONFIG_USE_NDISUIO=y
-
-# Driver interface for development testing
-#CONFIG_DRIVER_TEST=y
-
-# Include client MLME (management frame processing) for test driver
-# This can be used to test MLME operations in hostapd with the test interface.
-# space.
-#CONFIG_CLIENT_MLME=y
-
-# Driver interface for wired Ethernet drivers
-CONFIG_DRIVER_WIRED=y
-
-# Driver interface for the Broadcom RoboSwitch family
-#CONFIG_DRIVER_ROBOSWITCH=y
-
-# Driver interface for no driver (e.g., WPS ER only)
-#CONFIG_DRIVER_NONE=y
-
-# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
-# included)
-CONFIG_IEEE8021X_EAPOL=y
-
-# EAP-MD5
-CONFIG_EAP_MD5=y
-
-# EAP-MSCHAPv2
-CONFIG_EAP_MSCHAPV2=y
-
-# EAP-TLS
-CONFIG_EAP_TLS=y
-
-# EAL-PEAP
-CONFIG_EAP_PEAP=y
-
-# EAP-TTLS
-CONFIG_EAP_TTLS=y
-
-# EAP-FAST
-# Note: Default OpenSSL package does not include support for all the
-# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
-# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch)
-# to add the needed functions.
-#CONFIG_EAP_FAST=y
-
-# EAP-GTC
-CONFIG_EAP_GTC=y
-
-# EAP-OTP
-CONFIG_EAP_OTP=y
-
-# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
-#CONFIG_EAP_SIM=y
-
-# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
-#CONFIG_EAP_PSK=y
-
-# EAP-PAX
-#CONFIG_EAP_PAX=y
-
-# LEAP
-CONFIG_EAP_LEAP=y
-
-# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
-#CONFIG_EAP_AKA=y
-
-# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
-# This requires CONFIG_EAP_AKA to be enabled, too.
-#CONFIG_EAP_AKA_PRIME=y
-
-# Enable USIM simulator (Milenage) for EAP-AKA
-#CONFIG_USIM_SIMULATOR=y
-
-# EAP-SAKE
-#CONFIG_EAP_SAKE=y
-
-# EAP-GPSK
-#CONFIG_EAP_GPSK=y
-# Include support for optional SHA256 cipher suite in EAP-GPSK
-#CONFIG_EAP_GPSK_SHA256=y
-
-# EAP-TNC and related Trusted Network Connect support (experimental)
-#CONFIG_EAP_TNC=y
-
-# Wi-Fi Protected Setup (WPS)
-CONFIG_WPS=y
-
-# EAP-IKEv2
-#CONFIG_EAP_IKEV2=y
-
-# PKCS#12 (PFX) support (used to read private key and certificate file from
-# a file that usually has extension .p12 or .pfx)
-CONFIG_PKCS12=y
-
-# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
-# engine.
-CONFIG_SMARTCARD=y
-
-# PC/SC interface for smartcards (USIM, GSM SIM)
-# Enable this if EAP-SIM or EAP-AKA is included
-#CONFIG_PCSC=y
-
-# Development testing
-#CONFIG_EAPOL_TEST=y
-
-# Select control interface backend for external programs, e.g, wpa_cli:
-# unix = UNIX domain sockets (default for Linux/*BSD)
-# udp = UDP sockets using localhost (127.0.0.1)
-# named_pipe = Windows Named Pipe (default for Windows)
-# y = use default (backwards compatibility)
-# If this option is commented out, control interface is not included in the
-# build.
-CONFIG_CTRL_IFACE=y
-
-# Include support for GNU Readline and History Libraries in wpa_cli.
-# When building a wpa_cli binary for distribution, please note that these
-# libraries are licensed under GPL and as such, BSD license may not apply for
-# the resulting binary.
-#CONFIG_READLINE=y
-
-# Remove debugging code that is printing out debug message to stdout.
-# This can be used to reduce the size of the wpa_supplicant considerably
-# if debugging code is not needed. The size reduction can be around 35%
-# (e.g., 90 kB).
-#CONFIG_NO_STDOUT_DEBUG=y
-
-# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
-# 35-50 kB in code size.
-#CONFIG_NO_WPA=y
-
-# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to
-# save about 1 kB in code size when building only WPA-Personal (no EAP support)
-# or 6 kB if building for WPA-Enterprise.
-#CONFIG_NO_WPA2=y
-
-# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
-# This option can be used to reduce code size by removing support for
-# converting ASCII passphrases into PSK. If this functionality is removed, the
-# PSK can only be configured as the 64-octet hexstring (e.g., from
-# wpa_passphrase). This saves about 0.5 kB in code size.
-#CONFIG_NO_WPA_PASSPHRASE=y
-
-# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
-# This can be used if ap_scan=1 mode is never enabled.
-#CONFIG_NO_SCAN_PROCESSING=y
-
-# Select configuration backend:
-# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
-# path is given on command line, not here; this option is just used to
-# select the backend that allows configuration files to be used)
-# winreg = Windows registry (see win_example.reg for an example)
-CONFIG_BACKEND=file
-
-# Remove configuration write functionality (i.e., to allow the configuration
-# file to be updated based on runtime configuration changes). The runtime
-# configuration can still be changed, the changes are just not going to be
-# persistent over restarts. This option can be used to reduce code size by
-# about 3.5 kB.
-#CONFIG_NO_CONFIG_WRITE=y
-
-# Remove support for configuration blobs to reduce code size by about 1.5 kB.
-#CONFIG_NO_CONFIG_BLOBS=y
-
-# Select program entry point implementation:
-# main = UNIX/POSIX like main() function (default)
-# main_winsvc = Windows service (read parameters from registry)
-# main_none = Very basic example (development use only)
-#CONFIG_MAIN=main
-
-# Select wrapper for operatins system and C library specific functions
-# unix = UNIX/POSIX like systems (default)
-# win32 = Windows systems
-# none = Empty template
-#CONFIG_OS=unix
-
-# Select event loop implementation
-# eloop = select() loop (default)
-# eloop_win = Windows events and WaitForMultipleObject() loop
-# eloop_none = Empty template
-#CONFIG_ELOOP=eloop
-
-# Select layer 2 packet implementation
-# linux = Linux packet socket (default)
-# pcap = libpcap/libdnet/WinPcap
-# freebsd = FreeBSD libpcap
-# winpcap = WinPcap with receive thread
-# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
-# none = Empty template
-#CONFIG_L2_PACKET=linux
-
-# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
-CONFIG_PEERKEY=y
-
-# IEEE 802.11w (management frame protection)
-# This version is an experimental implementation based on IEEE 802.11w/D1.0
-# draft and is subject to change since the standard has not yet been finalized.
-# Driver support is also needed for IEEE 802.11w.
-CONFIG_IEEE80211W=y
-
-# Select TLS implementation
-# openssl = OpenSSL (default)
-# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA)
-# internal = Internal TLSv1 implementation (experimental)
-# none = Empty template
-CONFIG_TLS=internal
-
-# Whether to enable TLS/IA support, which is required for EAP-TTLSv1.
-# You need CONFIG_TLS=gnutls for this to have any effect. Please note that
-# even though the core GnuTLS library is released under LGPL, this extra
-# library uses GPL and as such, the terms of GPL apply to the combination
-# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not
-# apply for distribution of the resulting binary.
-#CONFIG_GNUTLS_EXTRA=y
-
-# If CONFIG_TLS=internal is used, additional library and include paths are
-# needed for LibTomMath. Alternatively, an integrated, minimal version of
-# LibTomMath can be used. See beginning of libtommath.c for details on benefits
-# and drawbacks of this option.
-CONFIG_INTERNAL_LIBTOMMATH=y
-#ifndef CONFIG_INTERNAL_LIBTOMMATH
-#LTM_PATH=/usr/src/libtommath-0.39
-#CFLAGS += -I$(LTM_PATH)
-#LIBS += -L$(LTM_PATH)
-#LIBS_p += -L$(LTM_PATH)
-#endif
-# At the cost of about 4 kB of additional binary size, the internal LibTomMath
-# can be configured to include faster routines for exptmod, sqr, and div to
-# speed up DH and RSA calculation considerably
-CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-
-# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
-# This is only for Windows builds and requires WMI-related header files and
-# WbemUuid.Lib from Platform SDK even when building with MinGW.
-#CONFIG_NDIS_EVENTS_INTEGRATED=y
-#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
-
-# Add support for old DBus control interface
-# (fi.epitest.hostap.WPASupplicant)
-#CONFIG_CTRL_IFACE_DBUS=y
-
-# Add support for new DBus control interface
-# (fi.w1.hostap.wpa_supplicant1)
-#CONFIG_CTRL_IFACE_DBUS_NEW=y
-
-# Add introspection support for new DBus control interface
-#CONFIG_CTRL_IFACE_DBUS_INTRO=y
-
-# Add support for loading EAP methods dynamically as shared libraries.
-# When this option is enabled, each EAP method can be either included
-# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
-# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
-# be loaded in the beginning of the wpa_supplicant configuration file
-# (see load_dynamic_eap parameter in the example file) before being used in
-# the network blocks.
-#
-# Note that some shared parts of EAP methods are included in the main program
-# and in order to be able to use dynamic EAP methods using these parts, the
-# main program must have been build with the EAP method enabled (=y or =dyn).
-# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
-# unless at least one of them was included in the main build to force inclusion
-# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
-# in the main build to be able to load these methods dynamically.
-#
-# Please also note that using dynamic libraries will increase the total binary
-# size. Thus, it may not be the best option for targets that have limited
-# amount of memory/flash.
-#CONFIG_DYNAMIC_EAP_METHODS=y
-
-# IEEE Std 802.11r-2008 (Fast BSS Transition)
-#CONFIG_IEEE80211R=y
-
-# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
-#CONFIG_DEBUG_FILE=y
-
-# Enable privilege separation (see README 'Privilege separation' for details)
-#CONFIG_PRIVSEP=y
-
-# Enable mitigation against certain attacks against TKIP by delaying Michael
-# MIC error reports by a random amount of time between 0 and 60 seconds
-#CONFIG_DELAYED_MIC_ERROR_REPORT=y
-
-# Enable tracing code for developer debugging
-# This tracks use of memory allocations and other registrations and reports
-# incorrect use with a backtrace of call (or allocation) location.
-#CONFIG_WPA_TRACE=y
-# For BSD, comment out these.
-#LIBS += -lexecinfo
-#LIBS_p += -lexecinfo
-#LIBS_c += -lexecinfo
-
-# Use libbfd to get more details for developer debugging
-# This enables use of libbfd to get more detailed symbols for the backtraces
-# generated by CONFIG_WPA_TRACE=y.
-#CONFIG_WPA_TRACE_BFD=y
-# For BSD, comment out these.
-#LIBS += -lbfd -liberty -lz
-#LIBS_p += -lbfd -liberty -lz
-#LIBS_c += -lbfd -liberty -lz
-
-CONFIG_NO_RANDOM_POOL=y
-NEED_80211_COMMON=y
-
-CONFIG_IBSS_RSN=y
-
-CONFIG_MESH=y
-CONFIG_SAE=y
-CONFIG_AP=y
+++ /dev/null
-From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Tue, 7 Apr 2015 11:32:11 +0300
-Subject: [PATCH] P2P: Validate SSID element length before copying it
- (CVE-2015-1863)
-
-This fixes a possible memcpy overflow for P2P dev->oper_ssid in
-p2p_add_device(). The length provided by the peer device (0..255 bytes)
-was used without proper bounds checking and that could have resulted in
-arbitrary data of up to 223 bytes being written beyond the end of the
-dev->oper_ssid[] array (of which about 150 bytes would be beyond the
-heap allocation) when processing a corrupted management frame for P2P
-peer discovery purposes.
-
-This could result in corrupted state in heap, unexpected program
-behavior due to corrupted P2P peer device information, denial of service
-due to process crash, exposure of memory contents during GO Negotiation,
-and potentially arbitrary code execution.
-
-Thanks to Google security team for reporting this issue and smart
-hardware research group of Alibaba security team for discovering it.
-
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
----
- src/p2p/p2p.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/src/p2p/p2p.c
-+++ b/src/p2p/p2p.c
-@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p,
- if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
- os_memcpy(dev->interface_addr, addr, ETH_ALEN);
- if (msg.ssid &&
-+ msg.ssid[1] <= sizeof(dev->oper_ssid) &&
- (msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
- os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
- != 0)) {
+++ /dev/null
-From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Wed, 29 Apr 2015 02:21:53 +0300
-Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser
-
-The length of the WMM Action frame was not properly validated and the
-length of the information elements (int left) could end up being
-negative. This would result in reading significantly past the stack
-buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
-so, resulting in segmentation fault.
-
-This can result in an invalid frame being used for a denial of service
-attack (hostapd process killed) against an AP with a driver that uses
-hostapd for management frame processing (e.g., all mac80211-based
-drivers).
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/ap/wmm.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/src/ap/wmm.c
-+++ b/src/ap/wmm.c
-@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_d
- return;
- }
-
-+ if (left < 0)
-+ return; /* not a valid WMM Action frame */
-+
- /* extract the tspec info element */
- if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
- hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
+++ /dev/null
-From 5acd23f4581da58683f3cf5e36cb71bbe4070bd7 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Tue, 28 Apr 2015 17:08:33 +0300
-Subject: [PATCH] WPS: Fix HTTP chunked transfer encoding parser
-
-strtoul() return value may end up overflowing the int h->chunk_size and
-resulting in a negative value to be stored as the chunk_size. This could
-result in the following memcpy operation using a very large length
-argument which would result in a buffer overflow and segmentation fault.
-
-This could have been used to cause a denial service by any device that
-has been authorized for network access (either wireless or wired). This
-would affect both the WPS UPnP functionality in a WPS AP (hostapd with
-upnp_iface parameter set in the configuration) and WPS ER
-(wpa_supplicant with WPS_ER_START control interface command used).
-
-Validate the parsed chunk length value to avoid this. In addition to
-rejecting negative values, we can also reject chunk size that would be
-larger than the maximum configured body length.
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/wps/httpread.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/wps/httpread.c b/src/wps/httpread.c
-index 2f08f37..d2855e3 100644
---- a/src/wps/httpread.c
-+++ b/src/wps/httpread.c
-@@ -533,6 +533,13 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx)
- if (!isxdigit(*cbp))
- goto bad;
- h->chunk_size = strtoul(cbp, NULL, 16);
-+ if (h->chunk_size < 0 ||
-+ h->chunk_size > h->max_bytes) {
-+ wpa_printf(MSG_DEBUG,
-+ "httpread: Invalid chunk size %d",
-+ h->chunk_size);
-+ goto bad;
-+ }
- /* throw away chunk header
- * so we have only real data
- */
---
-1.9.1
-
+++ /dev/null
-From dd2f043c9c43d156494e33d7ce22db96e6ef42c7 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 1 May 2015 16:37:45 +0300
-Subject: [PATCH 1/5] EAP-pwd peer: Fix payload length validation for Commit
- and Confirm
-
-The length of the received Commit and Confirm message payloads was not
-checked before reading them. This could result in a buffer read
-overflow when processing an invalid message.
-
-Fix this by verifying that the payload is of expected length before
-processing it. In addition, enforce correct state transition sequence to
-make sure there is no unexpected behavior if receiving a Commit/Confirm
-message before the previous exchanges have been completed.
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 29 +++++++++++++++++++++++++++++
- 1 file changed, 29 insertions(+)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index f2b0926..a629437 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -355,6 +355,23 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
- BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL;
- u16 offset;
- u8 *ptr, *scalar = NULL, *element = NULL;
-+ size_t prime_len, order_len;
-+
-+ if (data->state != PWD_Commit_Req) {
-+ ret->ignore = TRUE;
-+ goto fin;
-+ }
-+
-+ prime_len = BN_num_bytes(data->grp->prime);
-+ order_len = BN_num_bytes(data->grp->order);
-+
-+ if (payload_len != 2 * prime_len + order_len) {
-+ wpa_printf(MSG_INFO,
-+ "EAP-pwd: Unexpected Commit payload length %u (expected %u)",
-+ (unsigned int) payload_len,
-+ (unsigned int) (2 * prime_len + order_len));
-+ goto fin;
-+ }
-
- if (((data->private_value = BN_new()) == NULL) ||
- ((data->my_element = EC_POINT_new(data->grp->group)) == NULL) ||
-@@ -554,6 +571,18 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
- u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
- int offset;
-
-+ if (data->state != PWD_Confirm_Req) {
-+ ret->ignore = TRUE;
-+ goto fin;
-+ }
-+
-+ if (payload_len != SHA256_MAC_LEN) {
-+ wpa_printf(MSG_INFO,
-+ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)",
-+ (unsigned int) payload_len, SHA256_MAC_LEN);
-+ goto fin;
-+ }
-+
- /*
- * first build up the ciphersuite which is group | random_function |
- * prf
---
-1.9.1
-
+++ /dev/null
-From e28a58be26184c2a23f80b410e0997ef1bd5d578 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 1 May 2015 16:40:44 +0300
-Subject: [PATCH 2/5] EAP-pwd server: Fix payload length validation for Commit
- and Confirm
-
-The length of the received Commit and Confirm message payloads was not
-checked before reading them. This could result in a buffer read
-overflow when processing an invalid message.
-
-Fix this by verifying that the payload is of expected length before
-processing it. In addition, enforce correct state transition sequence to
-make sure there is no unexpected behavior if receiving a Commit/Confirm
-message before the previous exchanges have been completed.
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_server/eap_server_pwd.c | 19 +++++++++++++++++++
- 1 file changed, 19 insertions(+)
-
-diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
-index 66bd5d2..3189105 100644
---- a/src/eap_server/eap_server_pwd.c
-+++ b/src/eap_server/eap_server_pwd.c
-@@ -656,9 +656,21 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
- BIGNUM *x = NULL, *y = NULL, *cofactor = NULL;
- EC_POINT *K = NULL, *point = NULL;
- int res = 0;
-+ size_t prime_len, order_len;
-
- wpa_printf(MSG_DEBUG, "EAP-pwd: Received commit response");
-
-+ prime_len = BN_num_bytes(data->grp->prime);
-+ order_len = BN_num_bytes(data->grp->order);
-+
-+ if (payload_len != 2 * prime_len + order_len) {
-+ wpa_printf(MSG_INFO,
-+ "EAP-pwd: Unexpected Commit payload length %u (expected %u)",
-+ (unsigned int) payload_len,
-+ (unsigned int) (2 * prime_len + order_len));
-+ goto fin;
-+ }
-+
- if (((data->peer_scalar = BN_new()) == NULL) ||
- ((data->k = BN_new()) == NULL) ||
- ((cofactor = BN_new()) == NULL) ||
-@@ -774,6 +786,13 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
- u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
- int offset;
-
-+ if (payload_len != SHA256_MAC_LEN) {
-+ wpa_printf(MSG_INFO,
-+ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)",
-+ (unsigned int) payload_len, SHA256_MAC_LEN);
-+ goto fin;
-+ }
-+
- /* build up the ciphersuite: group | random_function | prf */
- grp = htons(data->group_num);
- ptr = (u8 *) &cs;
---
-1.9.1
-
+++ /dev/null
-From 477c74395acd0123340457ba6f15ab345d42016e Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sat, 2 May 2015 19:23:04 +0300
-Subject: [PATCH 3/5] EAP-pwd peer: Fix Total-Length parsing for fragment
- reassembly
-
-The remaining number of bytes in the message could be smaller than the
-Total-Length field size, so the length needs to be explicitly checked
-prior to reading the field and decrementing the len variable. This could
-have resulted in the remaining length becoming negative and interpreted
-as a huge positive integer.
-
-In addition, check that there is no already started fragment in progress
-before allocating a new buffer for reassembling fragments. This avoid a
-potential memory leak when processing invalid message.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index a629437..1d2079b 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -866,11 +866,23 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
- * if it's the first fragment there'll be a length field
- */
- if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
-+ if (len < 2) {
-+ wpa_printf(MSG_DEBUG,
-+ "EAP-pwd: Frame too short to contain Total-Length field");
-+ ret->ignore = TRUE;
-+ return NULL;
-+ }
- tot_len = WPA_GET_BE16(pos);
- wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments whose "
- "total length = %d", tot_len);
- if (tot_len > 15000)
- return NULL;
-+ if (data->inbuf) {
-+ wpa_printf(MSG_DEBUG,
-+ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use");
-+ ret->ignore = TRUE;
-+ return NULL;
-+ }
- data->inbuf = wpabuf_alloc(tot_len);
- if (data->inbuf == NULL) {
- wpa_printf(MSG_INFO, "Out of memory to buffer "
---
-1.9.1
-
+++ /dev/null
-From 3035cc2894e08319b905bd6561e8bddc8c2db9fa Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sat, 2 May 2015 19:26:06 +0300
-Subject: [PATCH 4/5] EAP-pwd server: Fix Total-Length parsing for fragment
- reassembly
-
-The remaining number of bytes in the message could be smaller than the
-Total-Length field size, so the length needs to be explicitly checked
-prior to reading the field and decrementing the len variable. This could
-have resulted in the remaining length becoming negative and interpreted
-as a huge positive integer.
-
-In addition, check that there is no already started fragment in progress
-before allocating a new buffer for reassembling fragments. This avoid a
-potential memory leak when processing invalid message.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_server/eap_server_pwd.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
-index 3189105..2bfc3c2 100644
---- a/src/eap_server/eap_server_pwd.c
-+++ b/src/eap_server/eap_server_pwd.c
-@@ -942,11 +942,21 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
- * the first fragment has a total length
- */
- if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
-+ if (len < 2) {
-+ wpa_printf(MSG_DEBUG,
-+ "EAP-pwd: Frame too short to contain Total-Length field");
-+ return;
-+ }
- tot_len = WPA_GET_BE16(pos);
- wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments, total "
- "length = %d", tot_len);
- if (tot_len > 15000)
- return;
-+ if (data->inbuf) {
-+ wpa_printf(MSG_DEBUG,
-+ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use");
-+ return;
-+ }
- data->inbuf = wpabuf_alloc(tot_len);
- if (data->inbuf == NULL) {
- wpa_printf(MSG_INFO, "EAP-pwd: Out of memory to "
---
-1.9.1
-
+++ /dev/null
-From 28a069a545b06b99eb55ad53f63f2c99e65a98f6 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sat, 2 May 2015 19:26:28 +0300
-Subject: [PATCH 5/5] EAP-pwd peer: Fix asymmetric fragmentation behavior
-
-The L (Length) and M (More) flags needs to be cleared before deciding
-whether the locally generated response requires fragmentation. This
-fixes an issue where these flags from the server could have been invalid
-for the following message. In some cases, this could have resulted in
-triggering the wpabuf security check that would terminate the process
-due to invalid buffer allocation.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index 1d2079b..e58b13a 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -968,6 +968,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
- /*
- * we have output! Do we need to fragment it?
- */
-+ lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch);
- len = wpabuf_len(data->outbuf);
- if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
- resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu,
---
-1.9.1
-
+++ /dev/null
-From df9079e72760ceb7ebe7fb11538200c516bdd886 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Tue, 7 Jul 2015 21:57:28 +0300
-Subject: [PATCH] NFC: Fix payload length validation in NDEF record parser
-
-It was possible for the 32-bit record->total_length value to end up
-wrapping around due to integer overflow if the longer form of payload
-length field is used and record->payload_length gets a value close to
-2^32. This could result in ndef_parse_record() accepting a too large
-payload length value and the record type filter reading up to about 20
-bytes beyond the end of the buffer and potentially killing the process.
-This could also result in an attempt to allocate close to 2^32 bytes of
-heap memory and if that were to succeed, a buffer read overflow of the
-same length which would most likely result in the process termination.
-In case of record->total_length ending up getting the value 0, there
-would be no buffer read overflow, but record parsing would result in an
-infinite loop in ndef_parse_records().
-
-Any of these error cases could potentially be used for denial of service
-attacks over NFC by using a malformed NDEF record on an NFC Tag or
-sending them during NFC connection handover if the application providing
-the NDEF message to hostapd/wpa_supplicant did no validation of the
-received records. While such validation is likely done in the NFC stack
-that needs to parse the NFC messages before further processing,
-hostapd/wpa_supplicant better be prepared for any data being included
-here.
-
-Fix this by validating record->payload_length value in a way that
-detects integer overflow. (CID 122668)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/wps/ndef.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/wps/ndef.c b/src/wps/ndef.c
-index 5604b0a..50d018f 100644
---- a/src/wps/ndef.c
-+++ b/src/wps/ndef.c
-@@ -48,6 +48,8 @@ static int ndef_parse_record(const u8 *data, u32 size,
- if (size < 6)
- return -1;
- record->payload_length = ntohl(*(u32 *)pos);
-+ if (record->payload_length > size - 6)
-+ return -1;
- pos += sizeof(u32);
- }
-
-@@ -68,7 +70,8 @@ static int ndef_parse_record(const u8 *data, u32 size,
- pos += record->payload_length;
-
- record->total_length = pos - data;
-- if (record->total_length > size)
-+ if (record->total_length > size ||
-+ record->total_length < record->payload_length)
- return -1;
- return 0;
- }
---
-1.9.1
-
+++ /dev/null
-From 6b12d93d2c7428a34bfd4b3813ba339ed57b698a Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 25 Oct 2015 15:45:50 +0200
-Subject: [PATCH] WNM: Ignore Key Data in WNM Sleep Mode Response frame if no
- PMF in use
-
-WNM Sleep Mode Response frame is used to update GTK/IGTK only if PMF is
-enabled. Verify that PMF is in use before using this field on station
-side to avoid accepting unauthenticated key updates. (CVE-2015-5310)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- wpa_supplicant/wnm_sta.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
-index 954de67..7d79499 100644
---- a/wpa_supplicant/wnm_sta.c
-+++ b/wpa_supplicant/wnm_sta.c
-@@ -187,6 +187,12 @@ static void wnm_sleep_mode_exit_success(struct wpa_supplicant *wpa_s,
- end = ptr + key_len_total;
- wpa_hexdump_key(MSG_DEBUG, "WNM: Key Data", ptr, key_len_total);
-
-+ if (key_len_total && !wpa_sm_pmf_enabled(wpa_s->wpa)) {
-+ wpa_msg(wpa_s, MSG_INFO,
-+ "WNM: Ignore Key Data in WNM-Sleep Mode Response - PMF not enabled");
-+ return;
-+ }
-+
- while (ptr + 1 < end) {
- if (ptr + 2 + ptr[1] > end) {
- wpa_printf(MSG_DEBUG, "WNM: Invalid Key Data element "
+++ /dev/null
-From 8057821706784608b828e769ccefbced95591e50 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Nov 2015 18:18:17 +0200
-Subject: [PATCH] EAP-pwd peer: Fix last fragment length validation
-
-All but the last fragment had their length checked against the remaining
-room in the reassembly buffer. This allowed a suitably constructed last
-fragment frame to try to add extra data that would go beyond the buffer.
-The length validation code in wpabuf_put_data() prevents an actual
-buffer write overflow from occurring, but this results in process
-termination. (CVE-2015-5315)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index 1f78544..75ceef1 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -903,7 +903,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
- /*
- * buffer and ACK the fragment
- */
-- if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
-+ if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) {
- data->in_frag_pos += len;
- if (data->in_frag_pos > wpabuf_size(data->inbuf)) {
- wpa_printf(MSG_INFO, "EAP-pwd: Buffer overflow attack "
-@@ -916,7 +916,8 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
- return NULL;
- }
- wpabuf_put_data(data->inbuf, pos, len);
--
-+ }
-+ if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
- resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD,
- EAP_PWD_HDR_SIZE,
- EAP_CODE_RESPONSE, eap_get_id(reqData));
-@@ -930,10 +931,8 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
- * we're buffering and this is the last fragment
- */
- if (data->in_frag_pos) {
-- wpabuf_put_data(data->inbuf, pos, len);
- wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes",
- (int) len);
-- data->in_frag_pos += len;
- pos = wpabuf_head_u8(data->inbuf);
- len = data->in_frag_pos;
- }
---
-1.9.1
-
+++ /dev/null
-From bef802ece03f9ae9d52a21f0cf4f1bc2c5a1f8aa Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Nov 2015 18:24:16 +0200
-Subject: [PATCH] EAP-pwd server: Fix last fragment length validation
-
-All but the last fragment had their length checked against the remaining
-room in the reassembly buffer. This allowed a suitably constructed last
-fragment frame to try to add extra data that would go beyond the buffer.
-The length validation code in wpabuf_put_data() prevents an actual
-buffer write overflow from occurring, but this results in process
-termination. (CVE-2015-5314)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_server/eap_server_pwd.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
-index cb83ff7..9f787ab 100644
---- a/src/eap_server/eap_server_pwd.c
-+++ b/src/eap_server/eap_server_pwd.c
-@@ -970,7 +970,7 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
- /*
- * the first and all intermediate fragments have the M bit set
- */
-- if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
-+ if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) {
- if ((data->in_frag_pos + len) > wpabuf_size(data->inbuf)) {
- wpa_printf(MSG_DEBUG, "EAP-pwd: Buffer overflow "
- "attack detected! (%d+%d > %d)",
-@@ -981,6 +981,8 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
- }
- wpabuf_put_data(data->inbuf, pos, len);
- data->in_frag_pos += len;
-+ }
-+ if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
- wpa_printf(MSG_DEBUG, "EAP-pwd: Got a %d byte fragment",
- (int) len);
- return;
-@@ -990,8 +992,6 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
- * buffering fragments so that's how we know it's the last)
- */
- if (data->in_frag_pos) {
-- wpabuf_put_data(data->inbuf, pos, len);
-- data->in_frag_pos += len;
- pos = wpabuf_head_u8(data->inbuf);
- len = data->in_frag_pos;
- wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes",
---
-1.9.1
-
+++ /dev/null
-From 95577884ca4fa76be91344ff7a8d5d1e6dc3da61 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Nov 2015 19:35:44 +0200
-Subject: [PATCH] EAP-pwd peer: Fix error path for unexpected Confirm message
-
-If the Confirm message is received from the server before the Identity
-exchange has been completed, the group has not yet been determined and
-data->grp is NULL. The error path in eap_pwd_perform_confirm_exchange()
-did not take this corner case into account and could end up
-dereferencing a NULL pointer and terminating the process if invalid
-message sequence is received. (CVE-2015-5316)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index 75ceef1..892b590 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -774,7 +774,8 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
- wpabuf_put_data(data->outbuf, conf, SHA256_MAC_LEN);
-
- fin:
-- bin_clear_free(cruft, BN_num_bytes(data->grp->prime));
-+ if (data->grp)
-+ bin_clear_free(cruft, BN_num_bytes(data->grp->prime));
- BN_clear_free(x);
- BN_clear_free(y);
- if (data->outbuf == NULL) {
---
-1.9.1
-
+++ /dev/null
-From f4830bed661f4adff51f50a0d37c64ceb748e780 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <zajec5@gmail.com>
-Date: Mon, 25 Apr 2016 17:10:47 +0200
-Subject: [PATCH] nl80211: Try running without mgmt frame subscription (driver
- AP SME)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-One of supported code paths already allows this scenario. It is used if
-driver doesn't report NL80211_ATTR_DEVICE_AP_SME and doesn't support
-monitor interface. In such situation:
-1) We don't quit if subscribing for WLAN_FC_STYPE_PROBE_REQ fails
-2) We don't try subscribing for WLAN_FC_STYPE_ACTION
-3) We fallback to AP SME mode after failing to create monitor interface
-4) We don't quit if subscribing for WLAN_FC_STYPE_PROBE_REQ fails
-Above scenario is used, e.g., with brcmfmac. As you can see - thanks to
-events provided by cfg80211 - it's not really required to receive Probe
-Request or action frames.
-
-However, the previous implementation did not allow using hostapd with
-drivers that:
-1) Report NL80211_ATTR_DEVICE_AP_SME
-2) Don't support subscribing for PROBE_REQ and/or ACTION frames
-In case of using such a driver hostapd will cancel setup after failing
-to subscribe for WLAN_FC_STYPE_ACTION. I noticed it after setting flag
-WIPHY_FLAG_HAVE_AP_SME in brcmfmac driver for my experiments.
-
-This patch allows working with such drivers with just a small warning
-printed as debug message.
-
-Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
----
- src/drivers/driver_nl80211.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
---- a/src/drivers/driver_nl80211.c
-+++ b/src/drivers/driver_nl80211.c
-@@ -4108,7 +4108,8 @@ static int nl80211_setup_ap(struct i802_
-
- if (drv->device_ap_sme && !drv->use_monitor)
- if (nl80211_mgmt_subscribe_ap_dev_sme(bss))
-- return -1;
-+ wpa_printf(MSG_DEBUG,
-+ "nl80211: Failed to subscribe for mgmt frames from SME driver - trying to run without it");
-
- if (!drv->device_ap_sme && drv->use_monitor &&
- nl80211_create_monitor_interface(drv) &&
--- /dev/null
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -2332,7 +2332,8 @@ wpa_driver_nl80211_finish_drv_init(struc
+
+ if (drv->hostapd || bss->static_ap)
+ nlmode = NL80211_IFTYPE_AP;
+- else if (bss->if_dynamic)
++ else if (bss->if_dynamic ||
++ nl80211_get_ifmode(bss) == NL80211_IFTYPE_MESH_POINT)
+ nlmode = nl80211_get_ifmode(bss);
+ else
+ nlmode = NL80211_IFTYPE_STATION;
+++ /dev/null
---- a/src/ap/ieee802_1x.c
-+++ b/src/ap/ieee802_1x.c
-@@ -2332,9 +2332,9 @@ void ieee802_1x_notify_pre_auth(struct e
- }
-
-
--static const char * bool_txt(Boolean bool)
-+static const char * bool_txt(Boolean bool_val)
- {
-- return bool ? "TRUE" : "FALSE";
-+ return bool_val ? "TRUE" : "FALSE";
- }
-
-
#ifdef ANDROID
#include <sys/capability.h>
-@@ -155,59 +156,46 @@ int os_gmtime(os_time_t t, struct os_tm
+@@ -179,59 +180,46 @@ int os_gmtime(os_time_t t, struct os_tm
return 0;
}
+ if (chdir("/") < 0)
return -1;
- }
--
+
- return 0;
-}
-#else /* __APPLE__ */
-#define os_daemon daemon
-#endif /* __APPLE__ */
-
+-
-
-int os_daemonize(const char *pid_file)
-{
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -252,9 +252,10 @@ void wpa_supplicant_cancel_auth_timeout(
+@@ -257,9 +257,10 @@ void wpa_supplicant_cancel_auth_timeout(
*/
void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
{
--- a/src/l2_packet/l2_packet_linux.c
+++ b/src/l2_packet/l2_packet_linux.c
-@@ -307,8 +307,7 @@ struct l2_packet_data * l2_packet_init_b
+@@ -337,8 +337,7 @@ struct l2_packet_data * l2_packet_init_b
l2 = l2_packet_init(br_ifname, own_addr, protocol, rx_callback,
rx_callback_ctx, l2_hdr);
- return NULL;
+ return l2;
+ #ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
/*
- * The Linux packet socket behavior has changed over the years and there
+++ /dev/null
-From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <zajec5@gmail.com>
-Date: Mon, 11 Jan 2016 19:18:06 +0100
-Subject: [PATCH] nl80211: Report disassociated STA / lost peer for the correct
- BSS
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We shouldn't use drv->ctx as it always points to the first BSS. When
-using FullMAC driver with multi-BSS support it resulted in incorrect
-treating nl80211 events. I noticed with with brcmfmac and BCM43602.
-
-Before my change I was getting "disassociated" on a wrong interface:
-wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: associated
-wlan0-1: STA 78:d6:f0:00:11:22 WPA: pairwise key handshake completed (RSN)
-wlan0: STA 78:d6:f0:00:11:22 IEEE 802.11: disassociated
-
-With this patch it works as expected:
-wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: associated
-wlan0-1: STA 78:d6:f0:00:11:22 WPA: pairwise key handshake completed (RSN)
-wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: disassociated
-
-This doesn't apply to hostapd dealing with SoftMAC drivers when handling
-AP SME & MLME is done it hostapd not the firmware.
-
-Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
----
- src/drivers/driver_nl80211_event.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
---- a/src/drivers/driver_nl80211_event.c
-+++ b/src/drivers/driver_nl80211_event.c
-@@ -1154,6 +1154,7 @@ static void nl80211_new_station_event(st
-
-
- static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv,
-+ struct i802_bss *bss,
- struct nlattr **tb)
- {
- u8 *addr;
-@@ -1166,7 +1167,7 @@ static void nl80211_del_station_event(st
- MAC2STR(addr));
-
- if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
-- drv_event_disassoc(drv->ctx, addr);
-+ drv_event_disassoc(bss->ctx, addr);
- return;
- }
-
-@@ -1175,7 +1176,7 @@ static void nl80211_del_station_event(st
-
- os_memset(&data, 0, sizeof(data));
- os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN);
-- wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data);
-+ wpa_supplicant_event(bss->ctx, EVENT_IBSS_PEER_LOST, &data);
- }
-
-
-@@ -1939,7 +1940,7 @@ static void do_process_drv_event(struct
- nl80211_new_station_event(drv, bss, tb);
- break;
- case NL80211_CMD_DEL_STATION:
-- nl80211_del_station_event(drv, tb);
-+ nl80211_del_station_event(drv, bss, tb);
- break;
- case NL80211_CMD_SET_REKEY_OFFLOAD:
- nl80211_rekey_offload_event(drv, tb);
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
-@@ -17,6 +17,7 @@ export BINDIR ?= /usr/local/bin/
- # CFLAGS += -DUSE_KERNEL_HEADERS -I/usr/src/linux/include
+@@ -28,6 +28,7 @@ CFLAGS += -I$(abspath ../src/utils)
+ export BINDIR ?= /usr/local/bin/
-include .config
+-include $(if $(MULTICALL), ../wpa_supplicant/.config)
- ifdef CONFIG_TESTING_OPTIONS
- CFLAGS += -DCONFIG_TESTING_OPTIONS
-@@ -242,10 +243,14 @@ ifdef CONFIG_IEEE80211AC
- CFLAGS += -DCONFIG_IEEE80211AC
+ ifndef CONFIG_NO_GITVER
+ # Add VERSION_STR postfix for builds from a git repository
+@@ -190,7 +191,8 @@ endif
+
+ ifdef CONFIG_NO_VLAN
+ CFLAGS += -DCONFIG_NO_VLAN
+-else
++endif
++ifneq ($(findstring CONFIG_NO_VLAN,$(CFLAGS)), CONFIG_NO_VLAN)
+ OBJS += ../src/ap/vlan_init.o
+ OBJS += ../src/ap/vlan_ifconfig.o
+ OBJS += ../src/ap/vlan.o
+@@ -315,10 +317,14 @@ CFLAGS += -DCONFIG_MBO
+ OBJS += ../src/ap/mbo_ap.o
endif
+ifndef MULTICALL
LIBS += $(DRV_AP_LIBS)
ifdef CONFIG_L2_PACKET
-@@ -941,6 +946,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
+@@ -1051,6 +1057,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
BCHECK=../src/drivers/build.hostapd
hostapd: $(BCHECK) $(OBJS)
$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
@$(E) " LD " $@
-@@ -980,6 +991,12 @@ HOBJS += ../src/crypto/aes-internal.o
+@@ -1092,6 +1104,12 @@ HOBJS += ../src/crypto/aes-internal.o
HOBJS += ../src/crypto/aes-internal-enc.o
endif
@$(E) " LD " $@
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -15,6 +15,7 @@ CFLAGS += -I$(abspath ../src)
+@@ -27,6 +27,7 @@ CFLAGS += -I$(abspath ../src)
CFLAGS += -I$(abspath ../src/utils)
-include .config
+-include $(if $(MULTICALL),../hostapd/.config)
- ifdef CONFIG_TESTING_OPTIONS
- CFLAGS += -DCONFIG_TESTING_OPTIONS
-@@ -773,6 +774,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
+ ifndef CONFIG_NO_GITVER
+ # Add VERSION_STR postfix for builds from a git repository
+@@ -803,6 +804,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
LIBS += -ldl -rdynamic
endif
endif
ifdef CONFIG_MACSEC
-@@ -793,9 +798,11 @@ NEED_EAP_COMMON=y
+@@ -823,9 +828,11 @@ NEED_EAP_COMMON=y
NEED_RSN_AUTHENTICATOR=y
CFLAGS += -DCONFIG_AP
OBJS += ap.o
OBJS += ../src/ap/hostapd.o
OBJS += ../src/ap/wpa_auth_glue.o
OBJS += ../src/ap/utils.o
-@@ -858,10 +865,18 @@ endif
+@@ -898,10 +905,18 @@ endif
ifdef CONFIG_HS20
OBJS += ../src/ap/hs20.o
endif
NEED_AES_WRAP=y
OBJS += ../src/ap/wpa_auth.o
OBJS += ../src/ap/wpa_auth_ie.o
-@@ -1603,6 +1618,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
+@@ -1680,6 +1695,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
$(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config
wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
@$(E) " LD " $@
-@@ -1694,6 +1715,12 @@ endif
- $(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
+@@ -1782,6 +1803,12 @@ endif
+ -e 's|\@DBUS_INTERFACE\@|$(DBUS_INTERFACE)|g' $< >$@
@$(E) " sed" $<
+dump_cflags:
wpa_cli.exe: wpa_cli
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -4581,8 +4581,8 @@ union wpa_event_data {
+@@ -4794,8 +4794,8 @@ union wpa_event_data {
* Driver wrapper code should call this function whenever an event is received
* from the driver.
*/
+extern void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
+ /**
+ * wpa_supplicant_event_global - Report a driver event for wpa_supplicant
+@@ -4807,7 +4807,7 @@ void wpa_supplicant_event(void *ctx, enu
+ * Same as wpa_supplicant_event(), but we search for the interface in
+ * wpa_global.
+ */
+-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
++extern void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
/*
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
-@@ -1075,8 +1075,8 @@ static void hostapd_event_dfs_cac_starte
+@@ -1157,8 +1157,8 @@ static void hostapd_event_dfs_cac_starte
#endif /* NEED_AP_MLME */
{
struct hostapd_data *hapd = ctx;
#ifndef CONFIG_NO_STDOUT_DEBUG
+@@ -1367,7 +1367,7 @@ void wpa_supplicant_event(void *ctx, enu
+ }
+
+
+-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
++void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data)
+ {
+ struct hapd_interfaces *interfaces = ctx;
--- a/wpa_supplicant/wpa_priv.c
+++ b/wpa_supplicant/wpa_priv.c
-@@ -819,8 +819,8 @@ static void wpa_priv_send_ft_response(st
+@@ -940,8 +940,8 @@ static void wpa_priv_send_ft_response(st
}
{
struct wpa_priv_interface *iface = ctx;
-@@ -961,6 +961,7 @@ int main(int argc, char *argv[])
+@@ -1010,7 +1010,7 @@ void wpa_supplicant_event(void *ctx, enu
+ }
+
+
+-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
++void supplicant_event_global(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data)
+ {
+ struct wpa_priv_global *global = ctx;
+@@ -1122,6 +1122,8 @@ int main(int argc, char *argv[])
if (os_program_init())
return -1;
+ wpa_supplicant_event = supplicant_event;
++ wpa_supplicant_event_global = supplicant_event_global;
wpa_priv_fd_workaround();
- for (;;) {
+ os_memset(&global, 0, sizeof(global));
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
-@@ -3138,8 +3138,8 @@ static void wpa_supplicant_event_assoc_a
+@@ -3384,8 +3384,8 @@ static void wpa_supplicant_event_assoc_a
}
+ union wpa_event_data *data)
{
struct wpa_supplicant *wpa_s = ctx;
+ int resched;
+@@ -4051,7 +4051,7 @@ void wpa_supplicant_event(void *ctx, enu
+ #endif /* CONFIG_AP */
+ break;
+ case EVENT_ACS_CHANNEL_SELECTED:
+-#ifdef CONFIG_ACS
++#if defined(CONFIG_ACS) && defined(CONFIG_AP)
+ if (!wpa_s->ap_iface)
+ break;
+ hostapd_acs_channel_selected(wpa_s->ap_iface->bss[0],
+@@ -4065,7 +4065,7 @@ void wpa_supplicant_event(void *ctx, enu
+ }
+
+-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
++void supplicant_event_global(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data)
+ {
+ struct wpa_supplicant *wpa_s;
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -4300,6 +4300,9 @@ static void wpa_supplicant_deinit_iface(
- os_free(wpa_s);
+@@ -4982,7 +4982,6 @@ struct wpa_interface * wpa_supplicant_ma
+ return NULL;
}
+-
+ /**
+ * wpa_supplicant_match_existing - Match existing interfaces
+ * @global: Pointer to global data from wpa_supplicant_init()
+@@ -5019,6 +5018,11 @@ static int wpa_supplicant_match_existing
+
+ #endif /* CONFIG_MATCH_IFACE */
+
+extern void supplicant_event(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
+
++extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
/**
* wpa_supplicant_add_iface - Add a new network interface
-@@ -4526,6 +4529,7 @@ struct wpa_global * wpa_supplicant_init(
+@@ -5274,6 +5278,8 @@ struct wpa_global * wpa_supplicant_init(
#ifndef CONFIG_NO_WPA_MSG
wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
#endif /* CONFIG_NO_WPA_MSG */
+ wpa_supplicant_event = supplicant_event;
++ wpa_supplicant_event_global = supplicant_event_global;
if (params->wpa_debug_file_path)
wpa_debug_open_file(params->wpa_debug_file_path);
--- a/hostapd/main.c
+++ b/hostapd/main.c
-@@ -511,6 +511,9 @@ static int hostapd_get_ctrl_iface_group(
- return 0;
+@@ -583,6 +583,11 @@ fail:
+ return -1;
}
+void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
+
++void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
#ifdef CONFIG_WPS
static int gen_uuid(const char *txt_addr)
-@@ -562,6 +565,7 @@ int main(int argc, char *argv[])
- interfaces.global_iface_name = NULL;
+@@ -660,6 +665,8 @@ int main(int argc, char *argv[])
interfaces.global_ctrl_sock = -1;
+ dl_list_init(&interfaces.global_ctrl_dst);
+ wpa_supplicant_event = hostapd_wpa_event;
++ wpa_supplicant_event_global = hostapd_wpa_event_global;
for (;;) {
- c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:");
+ c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:vg:G:");
if (c < 0)
--- a/src/drivers/drivers.c
+++ b/src/drivers/drivers.c
-@@ -10,6 +10,9 @@
+@@ -10,6 +10,11 @@
#include "utils/common.h"
#include "driver.h"
+void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
++void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
+
#ifdef CONFIG_DRIVER_WEXT
extern struct wpa_driver_ops wpa_driver_wext_ops; /* driver_wext.c */
#endif /* CONFIG_DRIVER_WEXT */
--- a/wpa_supplicant/eapol_test.c
+++ b/wpa_supplicant/eapol_test.c
-@@ -28,8 +28,12 @@
+@@ -29,7 +29,12 @@
#include "ctrl_iface.h"
#include "pcsc_funcs.h"
#include "wpas_glue.h"
+#include "drivers/driver.h"
-
+void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
-+
- struct wpa_driver_ops *wpa_drivers[] = { NULL };
++void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
+ const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
-@@ -1203,6 +1207,8 @@ static void usage(void)
+@@ -1295,6 +1300,10 @@ static void usage(void)
"option several times.\n");
}
+extern void supplicant_event(void *ctx, enum wpa_event_type event,
+ union wpa_event_data *data);
++extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
++ union wpa_event_data *data);
int main(int argc, char *argv[])
{
-@@ -1221,6 +1227,7 @@ int main(int argc, char *argv[])
+@@ -1315,6 +1324,8 @@ int main(int argc, char *argv[])
if (os_program_init())
return -1;
+ wpa_supplicant_event = supplicant_event;
++ wpa_supplicant_event_global = supplicant_event_global;
hostapd_logger_register_cb(hostapd_logger_cb);
os_memset(&eapol_test, 0, sizeof(eapol_test));
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -2771,6 +2771,10 @@ static int hostapd_config_fill(struct ho
+@@ -2861,6 +2861,10 @@ static int hostapd_config_fill(struct ho
}
#endif /* CONFIG_IEEE80211W */
#ifdef CONFIG_IEEE80211N
} else if (os_strcmp(buf, "ht_capab") == 0) {
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
-@@ -619,6 +619,8 @@ struct hostapd_config {
+@@ -655,6 +655,8 @@ struct hostapd_config {
int ht_op_mode_fixed;
u16 ht_capab;
+ int no_ht_coex;
int ieee80211n;
int secondary_channel;
- int require_ht;
+ int no_pri_sec_switch;
--- a/src/ap/hw_features.c
+++ b/src/ap/hw_features.c
-@@ -461,7 +461,7 @@ static int ieee80211n_check_40mhz(struct
- struct wpa_driver_scan_params params;
+@@ -474,7 +474,8 @@ static int ieee80211n_check_40mhz(struct
int ret;
-- if (!iface->conf->secondary_channel)
-+ if (!iface->conf->secondary_channel || iface->conf->noscan)
- return 0; /* HT40 not used */
+ /* Check that HT40 is used and PRI / SEC switch is allowed */
+- if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch)
++ if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch ||
++ iface->conf->noscan)
+ return 0;
hostapd_set_state(iface, HAPD_IFACE_HT_SCAN);
--- a/src/ap/ieee802_11_ht.c
+++ b/src/ap/ieee802_11_ht.c
-@@ -221,6 +221,9 @@ void hostapd_2040_coex_action(struct hos
+@@ -244,6 +244,9 @@ void hostapd_2040_coex_action(struct hos
if (!(iface->conf->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
return;
if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie))
return;
-@@ -346,6 +349,9 @@ void ht40_intolerant_add(struct hostapd_
+@@ -368,6 +371,9 @@ void ht40_intolerant_add(struct hostapd_
if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
return;
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -3249,7 +3249,7 @@ wpa_supplicant_alloc(struct wpa_supplica
+@@ -3548,7 +3548,7 @@ wpa_supplicant_alloc(struct wpa_supplica
if (wpa_s == NULL)
return NULL;
wpa_s->scan_req = INITIAL_SCAN_REQ;
+ wpa_s->scan_interval = 1;
wpa_s->new_connection = 1;
wpa_s->parent = parent ? parent : wpa_s;
- wpa_s->sched_scanning = 0;
+ wpa_s->p2pdev = wpa_s->parent;
--- a/src/drivers/drivers.mak
+++ b/src/drivers/drivers.mak
-@@ -34,7 +34,6 @@ NEED_SME=y
+@@ -36,7 +36,6 @@ NEED_SME=y
NEED_AP_MLME=y
NEED_NETLINK=y
NEED_LINUX_IOCTL=y
-NEED_RFKILL=y
+ NEED_RADIOTAP=y
ifdef CONFIG_LIBNL32
- DRV_LIBS += -lnl-3
-@@ -116,7 +115,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT
+@@ -123,7 +122,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT
CONFIG_WIRELESS_EXTENSION=y
NEED_NETLINK=y
NEED_LINUX_IOCTL=y
endif
ifdef CONFIG_DRIVER_NDIS
-@@ -142,7 +140,6 @@ endif
+@@ -149,7 +147,6 @@ endif
ifdef CONFIG_WIRELESS_EXTENSION
DRV_WPA_CFLAGS += -DCONFIG_WIRELESS_EXTENSION
DRV_WPA_OBJS += ../src/drivers/driver_wext.o
endif
ifdef NEED_NETLINK
-@@ -155,6 +152,7 @@ endif
+@@ -162,6 +159,7 @@ endif
ifdef NEED_RFKILL
DRV_OBJS += ../src/drivers/rfkill.o
+DRV_WPA_CFLAGS += -DCONFIG_RFKILL
endif
- ifdef CONFIG_VLAN_NETLINK
+ ifdef NEED_RADIOTAP
--- a/src/drivers/rfkill.h
+++ b/src/drivers/rfkill.h
@@ -18,8 +18,24 @@ struct rfkill_config {
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -3616,7 +3616,7 @@ static int nl80211_set_channel(struct i8
+@@ -3795,7 +3795,7 @@ static int nl80211_set_channel(struct i8
freq->freq, freq->ht_enabled, freq->vht_enabled,
freq->bandwidth, freq->center_freq1, freq->center_freq2);
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
-@@ -76,6 +76,16 @@ static void hostapd_reload_bss(struct ho
+@@ -80,6 +80,16 @@ static void hostapd_reload_bss(struct ho
#endif /* CONFIG_NO_RADIUS */
ssid = &hapd->conf->ssid;
if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next &&
ssid->wpa_passphrase_set && ssid->wpa_passphrase) {
/*
-@@ -175,21 +185,12 @@ int hostapd_reload_config(struct hostapd
+@@ -179,21 +189,12 @@ int hostapd_reload_config(struct hostapd
oldconf = hapd->iconf;
iface->conf = newconf;
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -2254,13 +2254,18 @@ wpa_driver_nl80211_finish_drv_init(struc
+@@ -2394,13 +2394,18 @@ wpa_driver_nl80211_finish_drv_init(struc
}
return send_and_recv_msgs(drv, msg, NULL, NULL);
}
-@@ -2311,7 +2316,7 @@ static void wpa_driver_nl80211_deinit(st
+@@ -2452,7 +2457,7 @@ static void wpa_driver_nl80211_deinit(st
nl80211_remove_monitor_interface(drv);
if (is_ap_interface(drv->nlmode))
if (drv->eapol_sock >= 0) {
eloop_unregister_read_sock(drv->eapol_sock);
-@@ -4140,8 +4145,7 @@ static void nl80211_teardown_ap(struct i
+@@ -4385,8 +4390,7 @@ static void nl80211_teardown_ap(struct i
nl80211_remove_monitor_interface(drv);
else
nl80211_mgmt_unsubscribe(bss, "AP teardown");
}
-@@ -6066,8 +6070,6 @@ static int wpa_driver_nl80211_if_remove(
+@@ -6387,8 +6391,6 @@ static int wpa_driver_nl80211_if_remove(
} else {
wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
nl80211_teardown_ap(bss);
nl80211_destroy_bss(bss);
if (!bss->added_if)
i802_set_iface_flags(bss, 0);
-@@ -6389,8 +6391,7 @@ static int wpa_driver_nl80211_deinit_ap(
+@@ -6750,8 +6752,7 @@ static int wpa_driver_nl80211_deinit_ap(
struct wpa_driver_nl80211_data *drv = bss->drv;
if (!is_ap_interface(drv->nlmode))
return -1;
/*
* If the P2P GO interface was dynamically added, then it is
-@@ -6409,8 +6410,7 @@ static int wpa_driver_nl80211_stop_ap(vo
+@@ -6770,8 +6771,7 @@ static int wpa_driver_nl80211_stop_ap(vo
struct wpa_driver_nl80211_data *drv = bss->drv;
if (!is_ap_interface(drv->nlmode))
return -1;
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
-@@ -45,6 +45,7 @@
- #include "wps/wps.h"
+@@ -54,6 +54,7 @@
+ #include "fst/fst_ctrl_iface.h"
#include "config_file.h"
#include "ctrl_iface.h"
+#include "config_file.h"
- struct wpa_ctrl_dst {
-@@ -55,6 +56,7 @@ struct wpa_ctrl_dst {
- int errors;
- };
+ #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256
+@@ -72,6 +73,7 @@ static void hostapd_ctrl_iface_send(stru
+ enum wpa_msg_type type,
+ const char *buf, size_t len);
+static char *reload_opts = NULL;
- static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level,
- const char *buf, size_t len);
-@@ -164,6 +166,61 @@ static int hostapd_ctrl_iface_new_sta(st
+ static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
+ struct sockaddr_storage *from,
+@@ -123,6 +125,61 @@ static int hostapd_ctrl_iface_new_sta(st
return 0;
}
#ifdef CONFIG_IEEE80211W
#ifdef NEED_AP_MLME
-@@ -2086,6 +2143,8 @@ static void hostapd_ctrl_iface_receive(i
+@@ -2483,6 +2540,8 @@ static int hostapd_ctrl_iface_receive_pr
} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
reply_size);
#ifdef RADIUS_SERVER
--- a/src/ap/ctrl_iface_ap.c
+++ b/src/ap/ctrl_iface_ap.c
-@@ -541,5 +541,11 @@ int hostapd_parse_csa_settings(const cha
+@@ -593,7 +593,13 @@ int hostapd_parse_csa_settings(const cha
int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd)
{
+
+ return 0;
}
+
+
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
-@@ -110,6 +110,11 @@ struct wpa_interface {
+@@ -100,6 +100,11 @@ struct wpa_interface {
const char *ifname;
/**
* bridge_ifname - Optional bridge interface name
*
* If the driver interface (ifname) is included in a Linux bridge
-@@ -442,6 +447,8 @@ struct wpa_supplicant {
- #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
+@@ -484,6 +489,8 @@ struct wpa_supplicant {
+ #endif /* CONFIG_CTRL_IFACE_BINDER */
char bridge_ifname[16];
+ struct wpa_ctrl *hostapd;
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -14,6 +14,10 @@ CFLAGS += $(EXTRA_CFLAGS)
+@@ -26,6 +26,10 @@ CFLAGS += $(EXTRA_CFLAGS)
CFLAGS += -I$(abspath ../src)
CFLAGS += -I$(abspath ../src/utils)
-include .config
-include $(if $(MULTICALL),../hostapd/.config)
-@@ -84,6 +88,8 @@ OBJS_c += ../src/utils/wpa_debug.o
+@@ -113,6 +117,8 @@ OBJS_c += ../src/utils/wpa_debug.o
OBJS_c += ../src/utils/common.o
OBJS += wmm_ac.o
CONFIG_OS=win32
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -107,6 +107,55 @@ const char *wpa_supplicant_full_license5
+@@ -112,6 +112,55 @@ const char *const wpa_supplicant_full_li
"\n";
#endif /* CONFIG_NO_STDOUT_DEBUG */
+ int ret;
+
+ if (!bss)
-+ return;
++ return -1;
+
+ if (bss->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) {
+ int sec = bss->ht_param & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK;
/* Configure default/group WEP keys for static WEP */
int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
{
-@@ -743,8 +792,12 @@ void wpa_supplicant_set_state(struct wpa
+@@ -812,8 +861,12 @@ void wpa_supplicant_set_state(struct wpa
wpas_p2p_completed(wpa_s);
sme_sched_obss_scan(wpa_s, 1);
wpa_s->new_connection = 1;
wpa_drv_set_operstate(wpa_s, 0);
#ifndef IEEE8021X_EAPOL
-@@ -4038,6 +4091,20 @@ static int wpa_supplicant_init_iface(str
+@@ -4638,6 +4691,20 @@ static int wpa_supplicant_init_iface(str
sizeof(wpa_s->bridge_ifname));
}
/* RSNA Supplicant Key Management - INITIALIZE */
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
-@@ -4280,6 +4347,11 @@ static void wpa_supplicant_deinit_iface(
+@@ -4929,6 +4996,11 @@ static void wpa_supplicant_deinit_iface(
if (terminate)
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
#include "drivers/driver.h"
#include "wpa_supplicant_i.h"
#include "config.h"
-@@ -277,6 +278,10 @@ static void calculate_update_time(const
+@@ -287,6 +288,10 @@ static void calculate_update_time(const
static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
struct os_reltime *fetch_time)
{
dst->flags = src->flags;
os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
dst->freq = src->freq;
-@@ -289,6 +294,15 @@ static void wpa_bss_copy_res(struct wpa_
+@@ -299,6 +304,15 @@ static void wpa_bss_copy_res(struct wpa_
dst->est_throughput = src->est_throughput;
dst->snr = src->snr;
--- a/wpa_supplicant/main.c
+++ b/wpa_supplicant/main.c
-@@ -33,7 +33,7 @@ static void usage(void)
+@@ -34,7 +34,7 @@ static void usage(void)
"vW] [-P<pid file>] "
"[-g<global ctrl>] \\\n"
" [-G<group>] \\\n"
"[-p<driver_param>] \\\n"
" [-b<br_ifname>] [-e<entropy file>]"
#ifdef CONFIG_DEBUG_FILE
-@@ -84,6 +84,7 @@ static void usage(void)
- #endif /* CONFIG_DEBUG_LINUX_TRACING */
- printf(" -t = include timestamp in debug messages\n"
+@@ -74,6 +74,7 @@ static void usage(void)
+ " -g = global ctrl_interface\n"
+ " -G = global ctrl_interface group\n"
" -h = show this help text\n"
+ " -H = connect to a hostapd instance to manage state changes\n"
- " -L = show license (BSD)\n"
- " -o = override driver parameter for new interfaces\n"
- " -O = override ctrl_interface parameter for new interfaces\n"
-@@ -175,7 +176,7 @@ int main(int argc, char *argv[])
+ " -i = interface name\n"
+ " -I = additional configuration file\n"
+ " -K = include keys (passwords, etc.) in debug output\n"
+@@ -201,7 +202,7 @@ int main(int argc, char *argv[])
for (;;) {
c = getopt(argc, argv,
-- "b:Bc:C:D:de:f:g:G:hi:I:KLm:No:O:p:P:qsTtuvW");
-+ "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuvW");
+- "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW");
++ "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuvW");
if (c < 0)
break;
switch (c) {
-@@ -222,6 +223,9 @@ int main(int argc, char *argv[])
+@@ -248,6 +249,9 @@ int main(int argc, char *argv[])
usage();
exitcode = 0;
goto out;
break;
--- a/wpa_supplicant/bss.h
+++ b/wpa_supplicant/bss.h
-@@ -72,6 +72,10 @@ struct wpa_bss {
- u8 ssid[32];
+@@ -79,6 +79,10 @@ struct wpa_bss {
+ u8 ssid[SSID_MAX_LEN];
/** Length of SSID */
size_t ssid_len;
+ /** HT caapbilities */
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
-@@ -168,6 +168,9 @@ endif
+@@ -212,6 +212,9 @@ endif
ifdef CONFIG_NO_CTRL_IFACE
CFLAGS += -DCONFIG_NO_CTRL_IFACE
else
+ifdef CONFIG_CTRL_IFACE_MIB
+CFLAGS += -DCONFIG_CTRL_IFACE_MIB
+endif
- OBJS += ctrl_iface.o
- OBJS += ../src/ap/ctrl_iface_ap.o
- endif
+ ifeq ($(CONFIG_CTRL_IFACE), udp)
+ CFLAGS += -DCONFIG_CTRL_IFACE_UDP
+ else
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
-@@ -1953,6 +1953,7 @@ static void hostapd_ctrl_iface_receive(i
+@@ -2342,6 +2342,7 @@ static int hostapd_ctrl_iface_receive_pr
reply_size);
} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
reply_len = hostapd_drv_status(hapd, reply, reply_size);
} else if (os_strcmp(buf, "MIB") == 0) {
reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
if (reply_len >= 0) {
-@@ -1994,6 +1995,7 @@ static void hostapd_ctrl_iface_receive(i
+@@ -2383,6 +2384,7 @@ static int hostapd_ctrl_iface_receive_pr
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
reply_size);
+#endif
} else if (os_strcmp(buf, "ATTACH") == 0) {
- if (hostapd_ctrl_iface_attach(hapd, &from, fromlen))
+ if (hostapd_ctrl_iface_attach(hapd, from, fromlen))
reply_len = -1;
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -837,6 +837,9 @@ ifdef CONFIG_WNM
- OBJS += ../src/ap/wnm_ap.o
+@@ -872,6 +872,9 @@ ifdef CONFIG_MBO
+ OBJS += ../src/ap/mbo_ap.o
endif
ifdef CONFIG_CTRL_IFACE
+ifdef CONFIG_CTRL_IFACE_MIB
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
-@@ -1795,7 +1795,7 @@ static int wpa_supplicant_ctrl_iface_sta
+@@ -1895,7 +1895,7 @@ static int wpa_supplicant_ctrl_iface_sta
pos += ret;
}
if (wpa_s->ap_iface) {
pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
end - pos,
-@@ -7896,6 +7896,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -8687,6 +8687,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_len = -1;
} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
} else if (os_strcmp(buf, "MIB") == 0) {
reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
if (reply_len >= 0) {
-@@ -7903,6 +7904,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -8694,6 +8695,7 @@ char * wpa_supplicant_ctrl_iface_process
reply + reply_len,
reply_size - reply_len);
}
} else if (os_strncmp(buf, "STATUS", 6) == 0) {
reply_len = wpa_supplicant_ctrl_iface_status(
wpa_s, buf + 6, reply, reply_size);
-@@ -8353,6 +8355,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -9164,6 +9166,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_len = wpa_supplicant_ctrl_iface_bss(
wpa_s, buf + 4, reply, reply_size);
#ifdef CONFIG_AP
} else if (os_strcmp(buf, "STA-FIRST") == 0) {
reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
} else if (os_strncmp(buf, "STA ", 4) == 0) {
-@@ -8361,12 +8364,15 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -9172,12 +9175,15 @@ char * wpa_supplicant_ctrl_iface_process
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
reply_size);
reply_len = -1;
--- a/src/ap/ctrl_iface_ap.c
+++ b/src/ap/ctrl_iface_ap.c
-@@ -22,6 +22,7 @@
- #include "ctrl_iface_ap.h"
+@@ -24,6 +24,7 @@
#include "ap_drv_ops.h"
+ #include "mbo_ap.h"
+#ifdef CONFIG_CTRL_IFACE_MIB
static int hostapd_get_sta_tx_rx(struct hostapd_data *hapd,
struct sta_info *sta,
-@@ -224,6 +225,7 @@ int hostapd_ctrl_iface_sta_next(struct h
+@@ -249,6 +250,7 @@ int hostapd_ctrl_iface_sta_next(struct h
return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
}
static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
-@@ -2337,6 +2337,7 @@ static const char * bool_txt(Boolean boo
- return bool_val ? "TRUE" : "FALSE";
+@@ -2441,6 +2441,7 @@ static const char * bool_txt(Boolean val
+ return val ? "TRUE" : "FALSE";
}
+#ifdef CONFIG_CTRL_IFACE_MIB
int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
{
-@@ -2512,6 +2513,7 @@ int ieee802_1x_get_mib_sta(struct hostap
+@@ -2616,6 +2617,7 @@ int ieee802_1x_get_mib_sta(struct hostap
return len;
}
+#endif
- static void ieee802_1x_finished(struct hostapd_data *hapd,
- struct sta_info *sta, int success,
+ #ifdef CONFIG_HS20
+ static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
-@@ -2999,6 +2999,7 @@ static const char * wpa_bool_txt(int boo
- return bool ? "TRUE" : "FALSE";
+@@ -3069,6 +3069,7 @@ static const char * wpa_bool_txt(int val
+ return val ? "TRUE" : "FALSE";
}
+#ifdef CONFIG_CTRL_IFACE_MIB
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
-@@ -3143,7 +3144,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
+@@ -3213,7 +3214,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
return len;
}
{
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
-@@ -2032,6 +2032,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
+@@ -2108,6 +2108,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
}
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
-@@ -2115,6 +2117,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
+@@ -2191,6 +2193,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
return (int) len;
}
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
-@@ -1015,7 +1015,7 @@ int wpas_ap_wps_nfc_report_handover(stru
+@@ -1114,7 +1114,7 @@ int wpas_ap_wps_nfc_report_handover(stru
#endif /* CONFIG_WPS */
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
-@@ -1228,6 +1228,31 @@ u32 wpa_akm_to_suite(int akm)
+@@ -1244,6 +1244,31 @@ u32 wpa_akm_to_suite(int akm)
}
int wpa_compare_rsn_ie(int ft_initial_assoc,
const u8 *ie1, size_t ie1len,
const u8 *ie2, size_t ie2len)
-@@ -1235,8 +1260,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
+@@ -1251,8 +1276,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
if (ie1 == NULL || ie2 == NULL)
return -1;
--- a/src/ap/wps_hostapd.c
+++ b/src/ap/wps_hostapd.c
-@@ -1052,11 +1052,9 @@ int hostapd_init_wps(struct hostapd_data
-
- if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP))
+@@ -352,8 +352,7 @@ static int hapd_wps_reconfig_in_memory(s
+ bss->wpa_pairwise |= WPA_CIPHER_GCMP;
+ else
+ bss->wpa_pairwise |= WPA_CIPHER_CCMP;
+- }
+- if (cred->encr_type & WPS_ENCR_TKIP)
++ } else if (cred->encr_type & WPS_ENCR_TKIP)
+ bss->wpa_pairwise |= WPA_CIPHER_TKIP;
+ bss->rsn_pairwise = bss->wpa_pairwise;
+ bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
+@@ -1073,8 +1072,7 @@ int hostapd_init_wps(struct hostapd_data
+ if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) {
wps->encr_types |= WPS_ENCR_AES;
-- if (conf->rsn_pairwise & WPA_CIPHER_TKIP)
-+ else if (conf->rsn_pairwise & WPA_CIPHER_TKIP)
+ wps->encr_types_rsn |= WPS_ENCR_AES;
+- }
+- if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
++ } else if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
wps->encr_types |= WPS_ENCR_TKIP;
-- }
--
-- if (conf->wpa & WPA_PROTO_WPA) {
-+ } else if (conf->wpa & WPA_PROTO_WPA) {
- if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK)
- wps->auth_types |= WPS_AUTH_WPAPSK;
- if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
-@@ -1064,7 +1062,7 @@ int hostapd_init_wps(struct hostapd_data
-
- if (conf->wpa_pairwise & WPA_CIPHER_CCMP)
- wps->encr_types |= WPS_ENCR_AES;
-- if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
-+ else if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
- wps->encr_types |= WPS_ENCR_TKIP;
- }
-
+ wps->encr_types_rsn |= WPS_ENCR_TKIP;
+ }
#ifdef CONFIG_DEBUG_FILE
static char *last_path = NULL;
#endif /* CONFIG_DEBUG_FILE */
-@@ -602,7 +576,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_
+@@ -604,7 +578,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_
}
{
va_list ap;
char *buf;
-@@ -640,7 +614,7 @@ void wpa_msg(void *ctx, int level, const
+@@ -642,7 +616,7 @@ void wpa_msg(void *ctx, int level, const
}
/*
* wpa_dbg() behaves like wpa_msg(), but it can be removed from build to reduce
-@@ -181,7 +222,12 @@ void wpa_hexdump_ascii_key(int level, co
+@@ -182,7 +223,12 @@ void wpa_hexdump_ascii_key(int level, co
*
* Note: New line '\n' is added to the end of the text when printing to stdout.
*/
/**
* wpa_msg_ctrl - Conditional printf for ctrl_iface monitors
-@@ -195,8 +241,13 @@ void wpa_msg(void *ctx, int level, const
+@@ -196,8 +242,13 @@ void wpa_msg(void *ctx, int level, const
* attached ctrl_iface monitors. In other words, it can be used for frequent
* events that do not need to be sent to syslog.
*/
#include "crypto/random.h"
#include "crypto/tls.h"
#include "common/version.h"
-@@ -567,7 +568,7 @@ int main(int argc, char *argv[])
-
+@@ -668,7 +669,7 @@ int main(int argc, char *argv[])
wpa_supplicant_event = hostapd_wpa_event;
+ wpa_supplicant_event_global = hostapd_wpa_event_global;
for (;;) {
-- c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:");
-+ c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:g:G:v::");
+- c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:vg:G:");
++ c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:g:G:v::");
if (c < 0)
break;
switch (c) {
-@@ -604,6 +605,8 @@ int main(int argc, char *argv[])
+@@ -705,6 +706,8 @@ int main(int argc, char *argv[])
break;
#endif /* CONFIG_DEBUG_LINUX_TRACING */
case 'v':
#include "common.h"
+#include "build_features.h"
+ #include "fst/fst.h"
#include "wpa_supplicant_i.h"
#include "driver_i.h"
- #include "p2p_supplicant.h"
-@@ -176,7 +177,7 @@ int main(int argc, char *argv[])
+@@ -202,7 +203,7 @@ int main(int argc, char *argv[])
for (;;) {
c = getopt(argc, argv,
-- "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuvW");
-+ "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuv::W");
+- "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuvW");
++ "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuv::W");
if (c < 0)
break;
switch (c) {
-@@ -279,8 +280,12 @@ int main(int argc, char *argv[])
+@@ -305,8 +306,12 @@ int main(int argc, char *argv[])
break;
#endif /* CONFIG_DBUS */
case 'v':
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
-@@ -67,7 +67,6 @@ static const char *commands_help =
+@@ -69,7 +69,6 @@ static const char *const commands_help =
#ifdef CONFIG_IEEE80211W
" sa_query <addr> send SA Query to a station\n"
#endif /* CONFIG_IEEE80211W */
" wps_pin <uuid> <pin> [timeout] [addr] add WPS Enrollee PIN\n"
" wps_check_pin <PIN> verify PIN checksum\n"
" wps_pbc indicate button pushed to initiate PBC\n"
-@@ -80,7 +79,6 @@ static const char *commands_help =
+@@ -82,7 +81,6 @@ static const char *const commands_help =
" wps_ap_pin <cmd> [params..] enable/disable AP PIN\n"
" wps_config <SSID> <auth> <encr> <key> configure AP\n"
" wps_get_status show current WPS status\n"
" get_config show current configuration\n"
" help show this usage help\n"
" interface [ifname] show interfaces/select interface\n"
-@@ -353,7 +351,6 @@ static int hostapd_cli_cmd_sa_query(stru
+@@ -418,7 +416,6 @@ static int hostapd_cli_cmd_sa_query(stru
#endif /* CONFIG_IEEE80211W */
static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
-@@ -579,7 +576,6 @@ static int hostapd_cli_cmd_wps_config(st
+@@ -644,7 +641,6 @@ static int hostapd_cli_cmd_wps_config(st
ssid_hex, argv[1]);
return wpa_ctrl_command(ctrl, buf);
}
static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
-@@ -1027,7 +1023,6 @@ static struct hostapd_cli_cmd hostapd_cl
+@@ -1236,7 +1232,6 @@ static const struct hostapd_cli_cmd host
#ifdef CONFIG_IEEE80211W
{ "sa_query", hostapd_cli_cmd_sa_query },
#endif /* CONFIG_IEEE80211W */
{ "wps_pin", hostapd_cli_cmd_wps_pin },
{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin },
{ "wps_pbc", hostapd_cli_cmd_wps_pbc },
-@@ -1041,7 +1036,6 @@ static struct hostapd_cli_cmd hostapd_cl
+@@ -1250,7 +1245,6 @@ static const struct hostapd_cli_cmd host
{ "wps_ap_pin", hostapd_cli_cmd_wps_ap_pin },
{ "wps_config", hostapd_cli_cmd_wps_config },
{ "wps_get_status", hostapd_cli_cmd_wps_get_status },
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
-@@ -26,6 +26,10 @@
+@@ -25,6 +25,9 @@
+ #include <cutils/properties.h>
#endif /* ANDROID */
-
+#ifndef CONFIG_P2P
+#define CONFIG_P2P
+#endif
-+
- static const char *wpa_cli_version =
+
+ static const char *const wpa_cli_version =
"wpa_cli v" VERSION_STR "\n"
- "Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> and contributors";
+++ /dev/null
---- a/src/ap/beacon.c
-+++ b/src/ap/beacon.c
-@@ -664,6 +664,10 @@ void handle_probe_req(struct hostapd_dat
- return;
- }
-
-+ if (!sta && hapd->num_sta >= hapd->conf->max_num_sta)
-+ wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " ignored,"
-+ " too many connected stations.", MAC2STR(mgmt->sa));
-+
- #ifdef CONFIG_INTERWORKING
- if (hapd->conf->interworking &&
- elems.interworking && elems.interworking_len >= 1) {
--- a/hostapd/main.c
+++ b/hostapd/main.c
-@@ -36,6 +36,8 @@ struct hapd_global {
+@@ -37,6 +37,8 @@ struct hapd_global {
};
static struct hapd_global global;
#ifndef CONFIG_NO_HOSTAPD_LOGGER
-@@ -142,6 +144,14 @@ static void hostapd_logger_cb(void *ctx,
+@@ -143,6 +145,14 @@ static void hostapd_logger_cb(void *ctx,
}
#endif /* CONFIG_NO_HOSTAPD_LOGGER */
/**
* hostapd_driver_init - Preparate driver interface
-@@ -160,6 +170,8 @@ static int hostapd_driver_init(struct ho
+@@ -161,6 +171,8 @@ static int hostapd_driver_init(struct ho
return -1;
}
/* Initialize the driver interface */
if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5]))
b = NULL;
-@@ -381,8 +393,6 @@ static void hostapd_global_deinit(const
+@@ -401,8 +413,6 @@ static void hostapd_global_deinit(const
#endif /* CONFIG_NATIVE_WINDOWS */
eap_server_unregister_methods();
}
-@@ -408,11 +418,6 @@ static int hostapd_global_run(struct hap
+@@ -428,18 +438,6 @@ static int hostapd_global_run(struct hap
}
#endif /* EAP_SERVER_TNC */
-- if (daemonize && os_daemonize(pid_file)) {
-- wpa_printf(MSG_ERROR, "daemon: %s", strerror(errno));
-- return -1;
+- if (daemonize) {
+- if (os_daemonize(pid_file)) {
+- wpa_printf(MSG_ERROR, "daemon: %s", strerror(errno));
+- return -1;
+- }
+- if (eloop_sock_requeue()) {
+- wpa_printf(MSG_ERROR, "eloop_sock_requeue: %s",
+- strerror(errno));
+- return -1;
+- }
- }
-
eloop_run();
return 0;
-@@ -542,8 +547,7 @@ int main(int argc, char *argv[])
+@@ -638,8 +636,7 @@ int main(int argc, char *argv[])
struct hapd_interfaces interfaces;
int ret = 1;
size_t i, j;
+#include "drivers/nl80211_copy.h"
#include "common/defs.h"
+ #include "common/ieee802_11_defs.h"
#include "utils/list.h"
-
-@@ -538,6 +539,9 @@ struct wpa_driver_associate_params {
+@@ -587,6 +588,9 @@ struct wpa_driver_associate_params {
* responsible for selecting with which BSS to associate. */
const u8 *bssid;
*
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
-@@ -15,6 +15,7 @@
- #include "rsn_supp/wpa.h"
+@@ -16,6 +16,7 @@
#include "eap_peer/eap.h"
#include "p2p/p2p.h"
+ #include "fst/fst.h"
+#include "drivers/nl80211_copy.h"
#include "config.h"
-@@ -1722,6 +1723,97 @@ static char * wpa_config_write_mesh_basi
+@@ -1816,6 +1817,97 @@ static char * wpa_config_write_mesh_basi
#endif /* CONFIG_MESH */
/* Helper macros for network block parser */
#ifdef OFFSET
-@@ -1947,6 +2039,9 @@ static const struct parse_data ssid_fiel
+@@ -2047,6 +2139,9 @@ static const struct parse_data ssid_fiel
{ INT(ap_max_inactivity) },
{ INT(dtim_period) },
{ INT(beacon_int) },
#include "eap_peer/eap_config.h"
+#include "drivers/nl80211_copy.h"
- #define MAX_SSID_LEN 32
-@@ -675,6 +676,9 @@ struct wpa_ssid {
+ #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
+@@ -711,6 +712,9 @@ struct wpa_ssid {
*/
void *parent_cred;
* macsec_policy - Determines the policy for MACsec secure session
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2266,6 +2266,13 @@ static void wpas_start_assoc_cb(struct w
+@@ -2510,6 +2510,13 @@ static void wpas_start_assoc_cb(struct w
params.beacon_int = ssid->beacon_int;
else
params.beacon_int = wpa_s->conf->beacon_int;
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -4398,7 +4398,7 @@ static int wpa_driver_nl80211_ibss(struc
+@@ -4644,7 +4644,7 @@ static int wpa_driver_nl80211_ibss(struc
struct wpa_driver_associate_params *params)
{
struct nl_msg *msg;
int count = 0;
wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
-@@ -4425,6 +4425,37 @@ retry:
+@@ -4671,6 +4671,37 @@ retry:
nl80211_put_beacon_int(msg, params->beacon_int))
goto fail;
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -541,6 +541,8 @@ struct wpa_driver_associate_params {
+@@ -590,6 +590,8 @@ struct wpa_driver_associate_params {
unsigned char rates[NL80211_MAX_SUPP_RATES];
int mcast_rate;
* bssid_hint - BSSID of a proposed AP
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
-@@ -4456,6 +4456,22 @@ retry:
+@@ -4702,6 +4702,22 @@ retry:
nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, params->mcast_rate);
}
goto fail;
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
-@@ -1754,6 +1754,71 @@ static char * wpa_config_write_mcast_rat
+@@ -1848,6 +1848,71 @@ static char * wpa_config_write_mcast_rat
}
#endif /* NO_CONFIG_WRITE */
static int wpa_config_parse_rates(const struct parse_data *data,
struct wpa_ssid *ssid, int line,
const char *value)
-@@ -2042,6 +2107,7 @@ static const struct parse_data ssid_fiel
+@@ -2142,6 +2207,7 @@ static const struct parse_data ssid_fiel
{ INT_RANGE(fixed_freq, 0, 1) },
{ FUNC(rates) },
{ FUNC(mcast_rate) },
#endif /* CONFIG_MACSEC */
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
-@@ -678,6 +678,8 @@ struct wpa_ssid {
+@@ -714,6 +714,8 @@ struct wpa_ssid {
unsigned char rates[NL80211_MAX_SUPP_RATES];
double mcast_rate;
/**
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2273,6 +2273,8 @@ static void wpas_start_assoc_cb(struct w
+@@ -2517,6 +2517,8 @@ static void wpas_start_assoc_cb(struct w
i++;
}
params.mcast_rate = ssid->mcast_rate;
+++ /dev/null
---- a/src/ap/sta_info.h
-+++ b/src/ap/sta_info.h
-@@ -179,7 +179,7 @@ struct sta_info {
- * AP_DISASSOC_DELAY seconds. Similarly, the station will be deauthenticated
- * after AP_DEAUTH_DELAY seconds has passed after disassociation. */
- #define AP_MAX_INACTIVITY (5 * 60)
--#define AP_DISASSOC_DELAY (1)
-+#define AP_DISASSOC_DELAY (3)
- #define AP_DEAUTH_DELAY (1)
- /* Number of seconds to keep STA entry with Authenticated flag after it has
- * been disassociated. */
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
-@@ -121,6 +121,11 @@ OBJS += ../src/common/hw_features_common
+@@ -157,6 +157,11 @@ OBJS += ../src/common/hw_features_common
OBJS += ../src/eapol_auth/eapol_auth_sm.o
struct wpa_ctrl_dst;
struct radius_server_data;
-@@ -103,6 +104,7 @@ struct hostapd_data {
+@@ -118,6 +119,7 @@ struct hostapd_data {
struct hostapd_iface *iface;
struct hostapd_config *iconf;
struct hostapd_bss_config *conf;
int interface_added; /* virtual interface added for this BSS */
unsigned int started:1;
unsigned int disabled:1;
-@@ -286,6 +288,8 @@ struct hostapd_iface {
+@@ -323,6 +325,8 @@ struct hostapd_iface {
struct hostapd_config *conf;
char phy[16]; /* Name of the PHY (radio) */
HAPD_IFACE_DISABLED,
--- /dev/null
+++ b/src/ap/ubus.c
-@@ -0,0 +1,511 @@
+@@ -0,0 +1,536 @@
+/*
+ * hostapd / ubus support
+ * Copyright (c) 2013, Felix Fietkau <nbd@openwrt.org>
+#include "wps_hostapd.h"
+#include "sta_info.h"
+#include "ubus.h"
++#include "ap_drv_ops.h"
++#include "beacon.h"
+
+static struct ubus_context *ctx;
+static struct blob_buf b;
+{
+ struct blob_attr *tb[__VENDOR_ELEMENTS_MAX];
+ struct hostapd_data *hapd = get_hapd_from_object(obj);
++ struct hostapd_bss_config *bss = hapd->conf;
++ struct wpabuf *elems;
++ const char *pos;
++ size_t len;
+
+ blobmsg_parse(ve_policy, __VENDOR_ELEMENTS_MAX, tb,
+ blob_data(msg), blob_len(msg));
+ if (!tb[VENDOR_ELEMENTS])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
-+ const char *vendor_elements = blobmsg_data(tb[VENDOR_ELEMENTS]);
-+ if (hostapd_set_iface(hapd->iconf, hapd->conf, "vendor_elements",
-+ vendor_elements) != 0)
-+ return UBUS_STATUS_NOT_SUPPORTED;
++ pos = blobmsg_data(tb[VENDOR_ELEMENTS]);
++ len = os_strlen(pos);
++ if (len & 0x01)
++ return UBUS_STATUS_INVALID_ARGUMENT;
++
++ len /= 2;
++ if (len == 0) {
++ wpabuf_free(bss->vendor_elements);
++ bss->vendor_elements = NULL;
++ return 0;
++ }
++
++ elems = wpabuf_alloc(len);
++ if (elems == NULL)
++ return 1;
++
++ if (hexstr2bin(pos, wpabuf_put(elems, len), len)) {
++ wpabuf_free(elems);
++ return UBUS_STATUS_INVALID_ARGUMENT;
++ }
++
++ wpabuf_free(bss->vendor_elements);
++ bss->vendor_elements = elems;
+
+ /* update beacons if vendor elements were set successfully */
+ if (ieee802_11_update_beacons(hapd->iface) != 0)
+#endif
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
-@@ -277,6 +277,7 @@ static void hostapd_free_hapd_data(struc
+@@ -284,6 +284,7 @@ static void hostapd_free_hapd_data(struc
hapd->started = 0;
wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
iapp_deinit(hapd->iapp);
hapd->iapp = NULL;
accounting_deinit(hapd);
-@@ -1098,6 +1099,8 @@ static int hostapd_setup_bss(struct host
+@@ -1139,6 +1140,8 @@ static int hostapd_setup_bss(struct host
if (hapd->driver && hapd->driver->set_operstate)
hapd->driver->set_operstate(hapd->drv_priv, 1);
return 0;
}
-@@ -1384,6 +1387,7 @@ int hostapd_setup_interface_complete(str
+@@ -1664,6 +1667,7 @@ static int hostapd_setup_interface_compl
if (err)
goto fail;
wpa_printf(MSG_DEBUG, "Completing interface initialization");
if (iface->conf->channel) {
#ifdef NEED_AP_MLME
-@@ -1544,6 +1548,7 @@ dfs_offload:
+@@ -1844,6 +1848,7 @@ dfs_offload:
fail:
wpa_printf(MSG_ERROR, "Interface initialization failed");
+ hostapd_ubus_free_iface(iface);
hostapd_set_state(iface, HAPD_IFACE_DISABLED);
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
- if (iface->interfaces && iface->interfaces->terminate_on_error)
-@@ -1873,6 +1878,7 @@ void hostapd_interface_deinit_free(struc
+ #ifdef CONFIG_FST
+@@ -2277,6 +2282,7 @@ void hostapd_interface_deinit_free(struc
(unsigned int) iface->conf->num_bss);
driver = iface->bss[0]->driver;
drv_priv = iface->bss[0]->drv_priv;
__func__, driver, drv_priv);
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
-@@ -881,7 +881,8 @@ int auth_sae_init_committed(struct hosta
+@@ -980,7 +980,8 @@ int auth_sae_init_committed(struct hosta
static void handle_auth(struct hostapd_data *hapd,
{
u16 auth_alg, auth_transaction, status_code;
u16 resp = WLAN_STATUS_SUCCESS;
-@@ -897,6 +898,11 @@ static void handle_auth(struct hostapd_d
+@@ -996,6 +997,11 @@ static void handle_auth(struct hostapd_d
char *identity = NULL;
char *radius_cui = NULL;
u16 seq_ctrl;
+ .frame_info = fi,
+ };
- if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
- wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
-@@ -983,6 +989,14 @@ static void handle_auth(struct hostapd_d
+ os_memset(&vlan_id, 0, sizeof(vlan_id));
+
+@@ -1149,6 +1155,14 @@ static void handle_auth(struct hostapd_d
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
if (res == HOSTAPD_ACL_PENDING) {
wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR
" waiting for an external authentication",
-@@ -1694,13 +1708,18 @@ static void send_assoc_resp(struct hosta
+@@ -2033,13 +2047,18 @@ static u16 send_assoc_resp(struct hostap
static void handle_assoc(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len,
+ int reassoc, struct hostapd_frame_info *fi)
{
u16 capab_info, listen_interval, seq_ctrl, fc;
- u16 resp = WLAN_STATUS_SUCCESS;
+ u16 resp = WLAN_STATUS_SUCCESS, reply_res;
const u8 *pos;
int left, i;
struct sta_info *sta;
if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
sizeof(mgmt->u.assoc_req))) {
-@@ -1820,6 +1839,13 @@ static void handle_assoc(struct hostapd_
- goto fail;
+@@ -2159,6 +2178,13 @@ static void handle_assoc(struct hostapd_
}
+ #endif /* CONFIG_MBO */
+ if (hostapd_ubus_handle_event(hapd, &req)) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
+ goto fail;
+ }
+
- sta->capability = capab_info;
- sta->listen_interval = listen_interval;
-
-@@ -2236,7 +2262,7 @@ int ieee802_11_mgmt(struct hostapd_data
+ /*
+ * sta->capability is used in check_assoc_ies() for RRM enabled
+ * capability element.
+@@ -2639,7 +2665,7 @@ int ieee802_11_mgmt(struct hostapd_data
if (stype == WLAN_FC_STYPE_PROBE_REQ) {
return 1;
}
-@@ -2251,17 +2277,17 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -2657,17 +2683,17 @@ int ieee802_11_mgmt(struct hostapd_data
switch (stype) {
case WLAN_FC_STYPE_AUTH:
wpa_printf(MSG_DEBUG, "mgmt::auth");
case WLAN_FC_STYPE_DISASSOC:
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
-@@ -542,7 +542,7 @@ static enum ssid_match_result ssid_match
+@@ -675,7 +675,7 @@ sta_track_seen_on(struct hostapd_iface *
void handle_probe_req(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len,
{
u8 *resp;
struct ieee802_11_elems elems;
-@@ -550,8 +550,14 @@ void handle_probe_req(struct hostapd_dat
- size_t ie_len;
- struct sta_info *sta = NULL;
+@@ -684,9 +684,15 @@ void handle_probe_req(struct hostapd_dat
size_t i, resp_len;
-+ int ssi_signal = fi->ssi_signal;
int noack;
enum ssid_match_result res;
++ int ssi_signal = fi->ssi_signal;
+ int ret;
+ u16 csa_offs[2];
+ size_t csa_offs_len;
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_PROBE_REQ,
+ .mgmt_frame = mgmt,
+ .frame_info = fi,
+ };
- ie = mgmt->u.probe_req.variable;
- if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req))
-@@ -710,6 +716,12 @@ void handle_probe_req(struct hostapd_dat
+ if (len < IEEE80211_HDRLEN)
+ return;
+@@ -838,6 +844,12 @@ void handle_probe_req(struct hostapd_dat
}
#endif /* CONFIG_P2P */
int ieee802_11_update_beacons(struct hostapd_iface *iface);
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
-@@ -49,6 +49,10 @@ int hostapd_notif_assoc(struct hostapd_d
+@@ -52,6 +52,10 @@ int hostapd_notif_assoc(struct hostapd_d
u16 reason = WLAN_REASON_UNSPECIFIED;
u16 status = WLAN_STATUS_SUCCESS;
const u8 *p2p_dev_addr = NULL;
if (addr == NULL) {
/*
-@@ -113,6 +117,12 @@ int hostapd_notif_assoc(struct hostapd_d
+@@ -124,6 +128,12 @@ int hostapd_notif_assoc(struct hostapd_d
+ goto fail;
}
- sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
+ if (hostapd_ubus_handle_event(hapd, &req)) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
--- /dev/null
+From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 14 Jul 2017 15:15:35 +0200
+Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
+
+Do not reinstall TK to the driver during Reassociation Response frame
+processing if the first attempt of setting the TK succeeded. This avoids
+issues related to clearing the TX/RX PN that could result in reusing
+same PN values for transmitted frames (e.g., due to CCM nonce reuse and
+also hitting replay protection on the receiver) and accepting replayed
+frames on RX side.
+
+This issue was introduced by the commit
+0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
+authenticator') which allowed wpa_ft_install_ptk() to be called multiple
+times with the same PTK. While the second configuration attempt is
+needed with some drivers, it must be done only if the first attempt
+failed.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/ap/ieee802_11.c | 16 +++++++++++++---
+ src/ap/wpa_auth.c | 11 +++++++++++
+ src/ap/wpa_auth.h | 3 ++-
+ src/ap/wpa_auth_ft.c | 10 ++++++++++
+ src/ap/wpa_auth_i.h | 1 +
+ 5 files changed, 37 insertions(+), 4 deletions(-)
+
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index 4e04169..333035f 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ {
+ struct ieee80211_ht_capabilities ht_cap;
+ struct ieee80211_vht_capabilities vht_cap;
++ int set = 1;
+
+ /*
+ * Remove the STA entry to ensure the STA PS state gets cleared and
+@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ * FT-over-the-DS, where a station re-associates back to the same AP but
+ * skips the authentication flow, or if working with a driver that
+ * does not support full AP client state.
++ *
++ * Skip this if the STA has already completed FT reassociation and the
++ * TK has been configured since the TX/RX PN must not be reset to 0 for
++ * the same key.
+ */
+- if (!sta->added_unassoc)
++ if (!sta->added_unassoc &&
++ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
++ set = 0;
++ }
+
+ #ifdef CONFIG_IEEE80211N
+ if (sta->flags & WLAN_STA_HT)
+@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
+ sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
+ sta->vht_opmode, sta->p2p_ie ? 1 : 0,
+- sta->added_unassoc)) {
++ set)) {
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
+ "Could not %s STA to kernel driver",
+- sta->added_unassoc ? "set" : "add");
++ set ? "set" : "add");
+
+ if (sta->added_unassoc) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 3587086..707971d 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
+ #else /* CONFIG_IEEE80211R */
+ break;
+ #endif /* CONFIG_IEEE80211R */
++ case WPA_DRV_STA_REMOVED:
++ sm->tk_already_set = FALSE;
++ return 0;
+ }
+
+ #ifdef CONFIG_IEEE80211R
+@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
+ }
+
+
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
++{
++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
++ return 0;
++ return sm->tk_already_set;
++}
++
++
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry)
+ {
+diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
+index 0de8d97..97461b0 100644
+--- a/src/ap/wpa_auth.h
++++ b/src/ap/wpa_auth.h
+@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
+ u8 *data, size_t data_len);
+ enum wpa_event {
+ WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
+- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
+ };
+ void wpa_remove_ptk(struct wpa_state_machine *sm);
+ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
+@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
+ int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
+ int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
+ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry);
+ struct rsn_pmksa_cache_entry *
+diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
+index 42242a5..e63b99a 100644
+--- a/src/ap/wpa_auth_ft.c
++++ b/src/ap/wpa_auth_ft.c
+@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+ return;
+ }
+
++ if (sm->tk_already_set) {
++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
++ * PN in the driver */
++ wpa_printf(MSG_DEBUG,
++ "FT: Do not re-install same PTK to the driver");
++ return;
++ }
++
+ /* FIX: add STA entry to kernel/driver here? The set_key will fail
+ * most likely without this.. At the moment, STA entry is added only
+ * after association has been completed. This function will be called
+@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+
+ /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
+ sm->pairwise_set = TRUE;
++ sm->tk_already_set = TRUE;
+ }
+
+
+@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
+
+ sm->pairwise = pairwise;
+ sm->PTK_valid = TRUE;
++ sm->tk_already_set = FALSE;
+ wpa_ft_install_ptk(sm);
+
+ buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
+index 72b7eb3..7fd8f05 100644
+--- a/src/ap/wpa_auth_i.h
++++ b/src/ap/wpa_auth_i.h
+@@ -65,6 +65,7 @@ struct wpa_state_machine {
+ struct wpa_ptk PTK;
+ Boolean PTK_valid;
+ Boolean pairwise_set;
++ Boolean tk_already_set;
+ int keycount;
+ Boolean Pair;
+ struct wpa_key_replay_counter {
+--
+2.7.4
+
--- /dev/null
+From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Wed, 12 Jul 2017 16:03:24 +0200
+Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
+
+Track the current GTK and IGTK that is in use and when receiving a
+(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
+not install the given key if it is already in use. This prevents an
+attacker from trying to trick the client into resetting or lowering the
+sequence counter associated to the group key.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 11 +++++
+ src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
+ src/rsn_supp/wpa_i.h | 4 ++
+ 3 files changed, 87 insertions(+), 44 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index af1d0f0..d200285 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -217,6 +217,17 @@ struct wpa_ptk {
+ size_t tk_len;
+ };
+
++struct wpa_gtk {
++ u8 gtk[WPA_GTK_MAX_LEN];
++ size_t gtk_len;
++};
++
++#ifdef CONFIG_IEEE80211W
++struct wpa_igtk {
++ u8 igtk[WPA_IGTK_MAX_LEN];
++ size_t igtk_len;
++};
++#endif /* CONFIG_IEEE80211W */
+
+ /* WPA IE version 1
+ * 00-50-f2:1 (OUI:OUI type)
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 3c47879..95bd7be 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
++ /* Detect possible key reinstallation */
++ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
++ gd->keyidx, gd->tx, gd->gtk_len);
++ return 0;
++ }
++
+ wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
+@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++
+ return 0;
+ }
+
+@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ }
+
+
++#ifdef CONFIG_IEEE80211W
++static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
++ const struct wpa_igtk_kde *igtk)
++{
++ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
++ u16 keyidx = WPA_GET_LE16(igtk->keyid);
++
++ /* Detect possible key reinstallation */
++ if (sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
++ keyidx);
++ return 0;
++ }
++
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
++ keyidx, MAC2STR(igtk->pn));
++ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
++ if (keyidx > 4095) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Invalid IGTK KeyID %d", keyidx);
++ return -1;
++ }
++ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
++ broadcast_ether_addr,
++ keyidx, 0, igtk->pn, sizeof(igtk->pn),
++ igtk->igtk, len) < 0) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Failed to configure IGTK to the driver");
++ return -1;
++ }
++
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++
++ return 0;
++}
++#endif /* CONFIG_IEEE80211W */
++
++
+ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ struct wpa_eapol_ie_parse *ie)
+ {
+@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ if (ie->igtk) {
+ size_t len;
+ const struct wpa_igtk_kde *igtk;
+- u16 keyidx;
++
+ len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
+ return -1;
++
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- keyidx = WPA_GET_LE16(igtk->keyid);
+- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
+- "pn %02x%02x%02x%02x%02x%02x",
+- keyidx, MAC2STR(igtk->pn));
+- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
+- igtk->igtk, len);
+- if (keyidx > 4095) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Invalid IGTK KeyID %d", keyidx);
+- return -1;
+- }
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igtk->pn, sizeof(igtk->pn),
+- igtk->igtk, len) < 0) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Failed to configure IGTK to the driver");
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+ }
+
+ return 0;
+@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
+ */
+ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ {
+- int clear_ptk = 1;
++ int clear_keys = 1;
+
+ if (sm == NULL)
+ return;
+@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ /* Prepare for the next transition */
+ wpa_ft_prepare_auth_request(sm, NULL);
+
+- clear_ptk = 0;
++ clear_keys = 0;
+ }
+ #endif /* CONFIG_IEEE80211R */
+
+- if (clear_ptk) {
++ if (clear_keys) {
+ /*
+ * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
+ * this is not part of a Fast BSS Transition.
+@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ }
+
+ #ifdef CONFIG_TDLS
+@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(sm->pmk, 0, sizeof(sm->pmk));
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+ os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
+@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ os_memset(&gd, 0, sizeof(gd));
+ #ifdef CONFIG_IEEE80211W
+ } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
+- struct wpa_igtk_kde igd;
+- u16 keyidx;
+-
+- os_memset(&igd, 0, sizeof(igd));
+- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
+- os_memcpy(igd.keyid, buf + 2, 2);
+- os_memcpy(igd.pn, buf + 4, 6);
+-
+- keyidx = WPA_GET_LE16(igd.keyid);
+- os_memcpy(igd.igtk, buf + 10, keylen);
+-
+- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
+- igd.igtk, keylen);
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igd.pn, sizeof(igd.pn),
+- igd.igtk, keylen) < 0) {
+- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
+- "WNM mode");
+- os_memset(&igd, 0, sizeof(igd));
++ const struct wpa_igtk_kde *igtk;
++
++ igtk = (const struct wpa_igtk_kde *) (buf + 2);
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+- os_memset(&igd, 0, sizeof(igd));
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+ wpa_printf(MSG_DEBUG, "Unknown element id");
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index f653ba6..afc9e37 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -31,6 +31,10 @@ struct wpa_sm {
+ u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
++ struct wpa_gtk gtk;
++#ifdef CONFIG_IEEE80211W
++ struct wpa_igtk igtk;
++#endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+
+--
+2.7.4
+
--- /dev/null
+From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:12:24 +0300
+Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
+ Mode cases
+
+This extends the protection to track last configured GTK/IGTK value
+separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
+corner case where these two different mechanisms may get used when the
+GTK/IGTK has changed and tracking a single value is not sufficient to
+detect a possible key reconfiguration.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
+ src/rsn_supp/wpa_i.h | 2 ++
+ 2 files changed, 40 insertions(+), 15 deletions(-)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 95bd7be..7a2c68d 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -709,14 +709,17 @@ struct wpa_gtk_data {
+
+ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const struct wpa_gtk_data *gd,
+- const u8 *key_rsc)
++ const u8 *key_rsc, int wnm_sleep)
+ {
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
+ /* Detect possible key reinstallation */
+- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
++ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
+ gd->keyidx, gd->tx, gd->gtk_len);
+@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
+- sm->gtk.gtk_len = gd->gtk_len;
+- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ if (wnm_sleep) {
++ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len);
++ } else {
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ }
+
+ return 0;
+ }
+@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
+ gtk_len, gtk_len,
+ &gd.key_rsc_len, &gd.alg) ||
+- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
++ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "RSN: Failed to install GTK");
+ os_memset(&gd, 0, sizeof(gd));
+@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+
+ #ifdef CONFIG_IEEE80211W
+ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+- const struct wpa_igtk_kde *igtk)
++ const struct wpa_igtk_kde *igtk,
++ int wnm_sleep)
+ {
+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
+
+ /* Detect possible key reinstallation */
+- if (sm->igtk.igtk_len == len &&
+- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ if ((sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
++ (sm->igtk_wnm_sleep.igtk_len == len &&
++ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
+ keyidx);
+@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+ return -1;
+ }
+
+- sm->igtk.igtk_len = len;
+- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ if (wnm_sleep) {
++ sm->igtk_wnm_sleep.igtk_len = len;
++ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len);
++ } else {
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ }
+
+ return 0;
+ }
+@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ return -1;
+
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
+ return -1;
+ }
+
+@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
+ if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
+ key_rsc = null_rsc;
+
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
+ wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
+ goto failed;
+ os_memset(&gd, 0, sizeof(gd));
+@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ }
+
+@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+
+ wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
+ gd.gtk, gd.gtk_len);
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
+ os_memset(&gd, 0, sizeof(gd));
+ wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
+ "WNM mode");
+@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ const struct wpa_igtk_kde *igtk;
+
+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
+ return -1;
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index afc9e37..9a54631 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -32,8 +32,10 @@ struct wpa_sm {
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
+ struct wpa_gtk gtk;
++ struct wpa_gtk gtk_wnm_sleep;
+ #ifdef CONFIG_IEEE80211W
+ struct wpa_igtk igtk;
++ struct wpa_igtk igtk_wnm_sleep;
+ #endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+--
+2.7.4
+
--- /dev/null
+From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 29 Sep 2017 04:22:51 +0200
+Subject: [PATCH 4/8] Prevent installation of an all-zero TK
+
+Properly track whether a PTK has already been installed to the driver
+and the TK part cleared from memory. This prevents an attacker from
+trying to trick the client into installing an all-zero TK.
+
+This fixes the earlier fix in commit
+ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
+driver in EAPOL-Key 3/4 retry case') which did not take into account
+possibility of an extra message 1/4 showing up between retries of
+message 3/4.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 1 +
+ src/rsn_supp/wpa.c | 5 ++---
+ src/rsn_supp/wpa_i.h | 1 -
+ 3 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index d200285..1021ccb 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -215,6 +215,7 @@ struct wpa_ptk {
+ size_t kck_len;
+ size_t kek_len;
+ size_t tk_len;
++ int installed; /* 1 if key has already been installed to driver */
+ };
+
+ struct wpa_gtk {
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 7a2c68d..0550a41 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
+ os_memset(buf, 0, sizeof(buf));
+ }
+ sm->tptk_set = 1;
+- sm->tk_to_set = 1;
+
+ kde = sm->assoc_wpa_ie;
+ kde_len = sm->assoc_wpa_ie_len;
+@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+ enum wpa_alg alg;
+ const u8 *key_rsc;
+
+- if (!sm->tk_to_set) {
++ if (sm->ptk.installed) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Do not re-install same PTK to the driver");
+ return 0;
+@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+
+ /* TK is not needed anymore in supplicant */
+ os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+- sm->tk_to_set = 0;
++ sm->ptk.installed = 1;
+
+ if (sm->wpa_ptk_rekey) {
+ eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 9a54631..41f371f 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -24,7 +24,6 @@ struct wpa_sm {
+ struct wpa_ptk ptk, tptk;
+ int ptk_set, tptk_set;
+ unsigned int msg_3_of_4_ok:1;
+- unsigned int tk_to_set:1;
+ u8 snonce[WPA_NONCE_LEN];
+ u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
+ int renew_snonce;
+--
+2.7.4
+
--- /dev/null
+From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:32:57 +0300
+Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
+
+The Authenticator state machine path for PTK rekeying ended up bypassing
+the AUTHENTICATION2 state where a new ANonce is generated when going
+directly to the PTKSTART state since there is no need to try to
+determine the PMK again in such a case. This is far from ideal since the
+new PTK would depend on a new nonce only from the supplicant.
+
+Fix this by generating a new ANonce when moving to the PTKSTART state
+for the purpose of starting new 4-way handshake to rekey PTK.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 707971d..bf10cc1 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
+ }
+
+
++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
++{
++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
++ wpa_printf(MSG_ERROR,
++ "WPA: Failed to get random data for ANonce");
++ sm->Disconnect = TRUE;
++ return -1;
++ }
++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
++ WPA_NONCE_LEN);
++ sm->TimeoutCtr = 0;
++ return 0;
++}
++
++
+ SM_STATE(WPA_PTK, INITPMK)
+ {
+ u8 msk[2 * PMK_LEN];
+@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
+ SM_ENTER(WPA_PTK, AUTHENTICATION);
+ else if (sm->ReAuthenticationRequest)
+ SM_ENTER(WPA_PTK, AUTHENTICATION2);
+- else if (sm->PTKRequest)
+- SM_ENTER(WPA_PTK, PTKSTART);
+- else switch (sm->wpa_ptk_state) {
++ else if (sm->PTKRequest) {
++ if (wpa_auth_sm_ptk_update(sm) < 0)
++ SM_ENTER(WPA_PTK, DISCONNECTED);
++ else
++ SM_ENTER(WPA_PTK, PTKSTART);
++ } else switch (sm->wpa_ptk_state) {
+ case WPA_PTK_INITIALIZE:
+ break;
+ case WPA_PTK_DISCONNECT:
+--
+2.7.4
+
--- /dev/null
+From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:03:15 +0300
+Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
+
+Do not try to reconfigure the same TPK-TK to the driver after it has
+been successfully configured. This is an explicit check to avoid issues
+related to resetting the TX/RX packet number. There was already a check
+for this for TPK M2 (retries of that message are ignored completely), so
+that behavior does not get modified.
+
+For TPK M3, the TPK-TK could have been reconfigured, but that was
+followed by immediate teardown of the link due to an issue in updating
+the STA entry. Furthermore, for TDLS with any real security (i.e.,
+ignoring open/WEP), the TPK message exchange is protected on the AP path
+and simple replay attacks are not feasible.
+
+As an additional corner case, make sure the local nonce gets updated if
+the peer uses a very unlikely "random nonce" of all zeros.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 36 insertions(+), 2 deletions(-)
+
+diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
+index e424168..9eb9738 100644
+--- a/src/rsn_supp/tdls.c
++++ b/src/rsn_supp/tdls.c
+@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
+ u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
+ } tpk;
+ int tpk_set;
++ int tk_set; /* TPK-TK configured to the driver */
+ int tpk_success;
+ int tpk_in_progress;
+
+@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ u8 rsc[6];
+ enum wpa_alg alg;
+
++ if (peer->tk_set) {
++ /*
++ * This same TPK-TK has already been configured to the driver
++ * and this new configuration attempt (likely due to an
++ * unexpected retransmitted frame) would result in clearing
++ * the TX/RX sequence number which can break security, so must
++ * not allow that to happen.
++ */
++ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
++ " has already been configured to the driver - do not reconfigure",
++ MAC2STR(peer->addr));
++ return -1;
++ }
++
+ os_memset(rsc, 0, 6);
+
+ switch (peer->cipher) {
+@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ return -1;
+ }
+
++ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
++ MAC2STR(peer->addr));
+ if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
+ rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
+ wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
+ "driver");
+ return -1;
+ }
++ peer->tk_set = 1;
+ return 0;
+ }
+
+@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ peer->cipher = 0;
+ peer->qos_info = 0;
+ peer->wmm_capable = 0;
+- peer->tpk_set = peer->tpk_success = 0;
++ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
+ peer->chan_switch_enabled = 0;
+ os_memset(&peer->tpk, 0, sizeof(peer->tpk));
+ os_memset(peer->inonce, 0, WPA_NONCE_LEN);
+@@ -1159,6 +1177,7 @@ skip_rsnie:
+ wpa_tdls_peer_free(sm, peer);
+ return -1;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
+ peer->inonce, WPA_NONCE_LEN);
+ os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
+@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
+ }
+
+
++static int tdls_nonce_set(const u8 *nonce)
++{
++ int i;
++
++ for (i = 0; i < WPA_NONCE_LEN; i++) {
++ if (nonce[i])
++ return 1;
++ }
++
++ return 0;
++}
++
++
+ static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
+ const u8 *buf, size_t len)
+ {
+@@ -2004,7 +2036,8 @@ skip_rsn:
+ peer->rsnie_i_len = kde.rsn_ie_len;
+ peer->cipher = cipher;
+
+- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
++ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
++ !tdls_nonce_set(peer->inonce)) {
+ /*
+ * There is no point in updating the RNonce for every obtained
+ * TPK M1 frame (e.g., retransmission due to timeout) with the
+@@ -2020,6 +2053,7 @@ skip_rsn:
+ "TDLS: Failed to get random data for responder nonce");
+ goto error;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ }
+
+ #if 0
+--
+2.7.4
+
--- /dev/null
+From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:25:02 +0300
+Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
+ request
+
+Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
+Mode Response if WNM-Sleep Mode has not been used') started ignoring the
+response when no WNM-Sleep Mode Request had been used during the
+association. This can be made tighter by clearing the used flag when
+successfully processing a response. This adds an additional layer of
+protection against unexpected retransmissions of the response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ wpa_supplicant/wnm_sta.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
+index 1b3409c..67a07ff 100644
+--- a/wpa_supplicant/wnm_sta.c
++++ b/wpa_supplicant/wnm_sta.c
+@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+
+ if (!wpa_s->wnmsleep_used) {
+ wpa_printf(MSG_DEBUG,
+- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
++ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
+ return;
+ }
+
+@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+ return;
+ }
+
++ wpa_s->wnmsleep_used = 0;
++
+ if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
+ wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
+ wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
+--
+2.7.4
+
--- /dev/null
+From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 12:06:37 +0300
+Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
+
+The driver is expected to not report a second association event without
+the station having explicitly request a new association. As such, this
+case should not be reachable. However, since reconfiguring the same
+pairwise or group keys to the driver could result in nonce reuse issues,
+be extra careful here and do an additional state check to avoid this
+even if the local driver ends up somehow accepting an unexpected
+Reassociation Response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c | 3 +++
+ src/rsn_supp/wpa_ft.c | 8 ++++++++
+ src/rsn_supp/wpa_i.h | 1 +
+ 3 files changed, 12 insertions(+)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 0550a41..2a53c6f 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
+ #ifdef CONFIG_TDLS
+ wpa_tdls_disassoc(sm);
+ #endif /* CONFIG_TDLS */
++#ifdef CONFIG_IEEE80211R
++ sm->ft_reassoc_completed = 0;
++#endif /* CONFIG_IEEE80211R */
+
+ /* Keys are not needed in the WPA state machine anymore */
+ wpa_sm_drop_sa(sm);
+diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
+index 205793e..d45bb45 100644
+--- a/src/rsn_supp/wpa_ft.c
++++ b/src/rsn_supp/wpa_ft.c
+@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
+ u16 capab;
+
+ sm->ft_completed = 0;
++ sm->ft_reassoc_completed = 0;
+
+ buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+ 2 + sm->r0kh_id_len + ric_ies_len + 100;
+@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ if (sm->ft_reassoc_completed) {
++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
++ return 0;
++ }
++
+ if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
+ wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
+ return -1;
+@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ sm->ft_reassoc_completed = 1;
++
+ if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
+ return -1;
+
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 41f371f..56f88dc 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -128,6 +128,7 @@ struct wpa_sm {
+ size_t r0kh_id_len;
+ u8 r1kh_id[FT_R1KH_ID_LEN];
+ int ft_completed;
++ int ft_reassoc_completed;
+ int over_the_ds_in_progress;
+ u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
+ int set_ptk_after_assoc;
+--
+2.7.4
+
PKG_NAME:=openvpn
-PKG_VERSION:=2.3.6
-PKG_RELEASE:=5
+PKG_VERSION:=2.3.18
+PKG_RELEASE:=1
PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_MD5SUM:=6ca03fe0fd093e0d01601abee808835c
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_MD5SUM:=844ec9c64aae62051478784b8562f881
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
--disable-systemd \
--disable-plugins \
--disable-debug \
- --disable-eurephia \
--disable-pkcs11 \
- --enable-password-save \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_LZO),--enable,--disable)-lzo \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_X509_ALT_USERNAME),enable,disable-x509-alt-username)-ssl \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SERVER),--enable,--disable)-server \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MANAGEMENT),--enable,--disable)-management \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SOCKS),--enable,--disable)-socks \
- $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_HTTP),--enable,--disable)-http \
+ $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_HTTP),--enable,--disable)-http-proxy \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_FRAGMENT),--enable,--disable)-fragment \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MULTIHOME),--enable,--disable)-multihome \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_IPROUTE2),--enable,--disable)-iproute2 \
config_get v "$s" "$p"
IFS="$LIST_SEP"
for v in $v; do
- [ -n "$v" ] && append_param "$s" "$p" && echo " $v" >> "/var/etc/openvpn-$s.conf"
+ [ -n "$v" ] && [ "$p" != "push" ] && append_param "$s" "$p" && echo " $v" >> "/var/etc/openvpn-$s.conf"
+ [ -n "$v" ] && [ "$p" == "push" ] && append_param "$s" "$p" && echo " \"$v\"" >> "/var/etc/openvpn-$s.conf"
done
unset IFS
done
# append params
append_params "$s" \
- cd askpass auth auth_retry auth_user_pass auth_user_pass_verify bcast_buffers ca cert \
+ cd askpass auth auth_retry auth_user_pass auth_user_pass_verify bcast_buffers ca cert capath \
chroot cipher client_config_dir client_connect client_disconnect comp_lzo connect_freq \
connect_retry connect_timeout connect_retry_max crl_verify dev dev_node dev_type dh \
echo engine explicit_exit_notify fragment group hand_window hash_size \
redirect_gateway remap_usr1 remote remote_cert_eku remote_cert_ku remote_cert_tls \
reneg_bytes reneg_pkts reneg_sec \
replay_persist replay_window resolv_retry route route_delay route_gateway \
- route_metric route_up rport script_security secret server server_bridge setenv shaper sndbuf \
- socks_proxy status status_version syslog tcp_queue_limit tls_auth \
+ route_metric route_pre_down route_up rport script_security secret server server_bridge setenv shaper sndbuf \
+ socks_proxy status status_version syslog tcp_queue_limit tls_auth tls_version_min \
tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology tran_window \
tun_mtu tun_mtu_extra txqueuelen user verb down push up \
+ verify_x509_name x509_username_field \
ifconfig_ipv6 route_ipv6 server_ipv6 ifconfig_ipv6_pool ifconfig_ipv6_push iroute_ipv6
openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf"
fi
done
}
+
+service_triggers() {
+ procd_add_reload_trigger openvpn
+}
+++ /dev/null
-commit 98156e90e1e83133a6a6a020db8e7333ada6156b
-Author: Steffan Karger <steffan@karger.me>
-Date: Tue Dec 2 21:42:00 2014 +0100
-
- Really fix '--cipher none' regression
-
- ... by not incorrectly hinting to the compiler the function argument of
- cipher_kt_mode_{cbc,ofb_cfb}() is nonnull, since that no longer is the
- case.
-
- Verified the fix on Debian Wheezy, one of the platforms the reporter in
- trac #473 mentions with a compiler that would optimize out the required
- checks.
-
- Also add a testcase for --cipher none to t_lpback, to prevent further
- regressions.
-
- Signed-off-by: Steffan Karger <steffan@karger.me>
- Acked-by: Gert Doering <gert@greenie.muc.de>
- Message-Id: <1417552920-31770-1-git-send-email-steffan@karger.me>
- URL: http://article.gmane.org/gmane.network.openvpn.devel/9300
- Signed-off-by: Gert Doering <gert@greenie.muc.de>
-
---- a/src/openvpn/crypto_backend.h
-+++ b/src/openvpn/crypto_backend.h
-@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *c
- *
- * @return true iff the cipher is a CBC mode cipher.
- */
--bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
-- __attribute__((nonnull));
-+bool cipher_kt_mode_cbc(const cipher_kt_t *cipher);
-
- /**
- * Check if the supplied cipher is a supported OFB or CFB mode cipher.
-@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_
- *
- * @return true iff the cipher is a OFB or CFB mode cipher.
- */
--bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
-- __attribute__((nonnull));
-+bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher);
-
-
- /**
---- a/tests/t_lpback.sh
-+++ b/tests/t_lpback.sh
-@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/op
- # GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5)
- CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' )
-
-+# Also test cipher 'none'
-+CIPHERS=${CIPHERS}$(printf "\nnone")
-+
- "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$
- set +e
-
--- /dev/null
+--- a/src/openvpn/ssl_polarssl.c
++++ b/src/openvpn/ssl_polarssl.c
+@@ -1156,7 +1156,7 @@ const char *
+ get_ssl_library_version(void)
+ {
+ static char polar_version[30];
+- unsigned int pv = version_get_number();
++ unsigned int pv = POLARSSL_VERSION_NUMBER;
+ sprintf( polar_version, "PolarSSL %d.%d.%d",
+ (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
+ return polar_version;
+++ /dev/null
---- a/src/openvpn/ssl_polarssl.h
-+++ b/src/openvpn/ssl_polarssl.h
-@@ -38,6 +38,8 @@
- #include <polarssl/pkcs11.h>
- #endif
-
-+#include <polarssl/compat-1.2.h>
-+
- typedef struct _buffer_entry buffer_entry;
-
- struct _buffer_entry {
---- a/src/openvpn/ssl_polarssl.c
-+++ b/src/openvpn/ssl_polarssl.c
-@@ -46,7 +46,7 @@
- #include "manage.h"
- #include "ssl_common.h"
-
--#include <polarssl/sha2.h>
-+#include <polarssl/sha256.h>
- #include <polarssl/havege.h>
-
- #include "ssl_verify_polarssl.h"
-@@ -212,13 +212,13 @@ tls_ctx_load_dh_params (struct tls_root_
- {
- if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_inline)
- {
-- if (0 != x509parse_dhm(ctx->dhm_ctx, (const unsigned char *) dh_inline,
-+ if (0 != dhm_parse_dhm(ctx->dhm_ctx, (const unsigned char *) dh_inline,
- strlen(dh_inline)))
- msg (M_FATAL, "Cannot read inline DH parameters");
- }
- else
- {
-- if (0 != x509parse_dhmfile(ctx->dhm_ctx, dh_file))
-+ if (0 != dhm_parse_dhmfile(ctx->dhm_ctx, dh_file))
- msg (M_FATAL, "Cannot read DH parameters from file %s", dh_file);
- }
-
-@@ -253,13 +253,13 @@ tls_ctx_load_cert_file (struct tls_root_
-
- if (!strcmp (cert_file, INLINE_FILE_TAG) && cert_inline)
- {
-- if (0 != x509parse_crt(ctx->crt_chain,
-+ if (0 != x509_crt_parse(ctx->crt_chain,
- (const unsigned char *) cert_inline, strlen(cert_inline)))
- msg (M_FATAL, "Cannot load inline certificate file");
- }
- else
- {
-- if (0 != x509parse_crtfile(ctx->crt_chain, cert_file))
-+ if (0 != x509_crt_parse_file(ctx->crt_chain, cert_file))
- msg (M_FATAL, "Cannot load certificate file %s", cert_file);
- }
- }
-@@ -277,7 +277,7 @@ tls_ctx_load_priv_file (struct tls_root_
- status = x509parse_key(ctx->priv_key,
- (const unsigned char *) priv_key_inline, strlen(priv_key_inline),
- NULL, 0);
-- if (POLARSSL_ERR_X509_PASSWORD_REQUIRED == status)
-+ if (POLARSSL_ERR_PK_PASSWORD_REQUIRED == status)
- {
- char passbuf[512] = {0};
- pem_password_callback(passbuf, 512, 0, NULL);
-@@ -289,7 +289,7 @@ tls_ctx_load_priv_file (struct tls_root_
- else
- {
- status = x509parse_keyfile(ctx->priv_key, priv_key_file, NULL);
-- if (POLARSSL_ERR_X509_PASSWORD_REQUIRED == status)
-+ if (POLARSSL_ERR_PK_PASSWORD_REQUIRED == status)
- {
- char passbuf[512] = {0};
- pem_password_callback(passbuf, 512, 0, NULL);
-@@ -480,14 +480,14 @@ void tls_ctx_load_ca (struct tls_root_ct
-
- if (ca_file && !strcmp (ca_file, INLINE_FILE_TAG) && ca_inline)
- {
-- if (0 != x509parse_crt(ctx->ca_chain, (const unsigned char *) ca_inline,
-+ if (0 != x509_crt_parse(ctx->ca_chain, (const unsigned char *) ca_inline,
- strlen(ca_inline)))
- msg (M_FATAL, "Cannot load inline CA certificates");
- }
- else
- {
- /* Load CA file for verifying peer supplied certificate */
-- if (0 != x509parse_crtfile(ctx->ca_chain, ca_file))
-+ if (0 != x509_crt_parse_file(ctx->ca_chain, ca_file))
- msg (M_FATAL, "Cannot load CA certificate file %s", ca_file);
- }
- }
-@@ -501,14 +501,14 @@ tls_ctx_load_extra_certs (struct tls_roo
-
- if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_inline)
- {
-- if (0 != x509parse_crt(ctx->crt_chain,
-+ if (0 != x509_crt_parse(ctx->crt_chain,
- (const unsigned char *) extra_certs_inline,
- strlen(extra_certs_inline)))
- msg (M_FATAL, "Cannot load inline extra-certs file");
- }
- else
- {
-- if (0 != x509parse_crtfile(ctx->crt_chain, extra_certs_file))
-+ if (0 != x509_crt_parse_file(ctx->crt_chain, extra_certs_file))
- msg (M_FATAL, "Cannot load extra-certs file: %s", extra_certs_file);
- }
- }
-@@ -724,7 +724,7 @@ void key_state_ssl_init(struct key_state
- external_key_len );
- else
- #endif
-- ssl_set_own_cert( ks_ssl->ctx, ssl_ctx->crt_chain, ssl_ctx->priv_key );
-+ ssl_set_own_cert_rsa( ks_ssl->ctx, ssl_ctx->crt_chain, ssl_ctx->priv_key );
-
- /* Initialise SSL verification */
- #if P2MP_SERVER
-@@ -1068,7 +1068,7 @@ print_details (struct key_state_ssl * ks
- cert = ssl_get_peer_cert(ks_ssl->ctx);
- if (cert != NULL)
- {
-- openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) cert->rsa.len * 8);
-+ openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) pk_rsa(cert->pk)->len * 8);
- }
-
- msg (D_HANDSHAKE, "%s%s", s1, s2);
---- a/src/openvpn/crypto_polarssl.c
-+++ b/src/openvpn/crypto_polarssl.c
-@@ -487,7 +487,12 @@ cipher_ctx_get_cipher_kt (const cipher_c
-
- int cipher_ctx_reset (cipher_context_t *ctx, uint8_t *iv_buf)
- {
-- return 0 == cipher_reset(ctx, iv_buf);
-+ int retval = cipher_reset(ctx);
-+
-+ if (0 == retval)
-+ cipher_set_iv(ctx, iv_buf, ctx->cipher_info->iv_size);
-+
-+ return 0 == retval;
- }
-
- int cipher_ctx_update (cipher_context_t *ctx, uint8_t *dst, int *dst_len,
---- a/src/openvpn/ssl_verify_polarssl.h
-+++ b/src/openvpn/ssl_verify_polarssl.h
-@@ -34,6 +34,7 @@
- #include "misc.h"
- #include "manage.h"
- #include <polarssl/x509.h>
-+#include <polarssl/compat-1.2.h>
-
- #ifndef __OPENVPN_X509_CERT_T_DECLARED
- #define __OPENVPN_X509_CERT_T_DECLARED
---- a/src/openvpn/ssl_verify_polarssl.c
-+++ b/src/openvpn/ssl_verify_polarssl.c
-@@ -40,6 +40,7 @@
- #include "ssl_verify.h"
- #include <polarssl/error.h>
- #include <polarssl/bignum.h>
-+#include <polarssl/oid.h>
- #include <polarssl/sha1.h>
-
- #define MAX_SUBJECT_LENGTH 256
-@@ -102,7 +103,7 @@ x509_get_username (char *cn, int cn_len,
- /* Find common name */
- while( name != NULL )
- {
-- if( memcmp( name->oid.p, OID_CN, OID_SIZE(OID_CN) ) == 0)
-+ if( memcmp( name->oid.p, OID_AT_CN, OID_SIZE(OID_AT_CN) ) == 0)
- break;
-
- name = name->next;
-@@ -224,60 +225,18 @@ x509_setenv (struct env_set *es, int cer
- while( name != NULL )
- {
- char name_expand[64+8];
-+ const char *shortname;
-
-- if( name->oid.len == 2 && memcmp( name->oid.p, OID_X520, 2 ) == 0 )
-+ if( 0 == oid_get_attr_short_name(&name->oid, &shortname) )
- {
-- switch( name->oid.p[2] )
-- {
-- case X520_COMMON_NAME:
-- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_CN",
-- cert_depth); break;
--
-- case X520_COUNTRY:
-- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_C",
-- cert_depth); break;
--
-- case X520_LOCALITY:
-- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_L",
-- cert_depth); break;
--
-- case X520_STATE:
-- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_ST",
-- cert_depth); break;
--
-- case X520_ORGANIZATION:
-- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_O",
-- cert_depth); break;
--
-- case X520_ORG_UNIT:
-- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_OU",
-- cert_depth); break;
--
-- default:
-- openvpn_snprintf (name_expand, sizeof(name_expand),
-- "X509_%d_0x%02X", cert_depth, name->oid.p[2]);
-- break;
-- }
-+ openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_%s",
-+ cert_depth, shortname);
-+ }
-+ else
-+ {
-+ openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_\?\?",
-+ cert_depth);
- }
-- else if( name->oid.len == 8 && memcmp( name->oid.p, OID_PKCS9, 8 ) == 0 )
-- {
-- switch( name->oid.p[8] )
-- {
-- case PKCS9_EMAIL:
-- openvpn_snprintf (name_expand, sizeof(name_expand),
-- "X509_%d_emailAddress", cert_depth); break;
--
-- default:
-- openvpn_snprintf (name_expand, sizeof(name_expand),
-- "X509_%d_0x%02X", cert_depth, name->oid.p[8]);
-- break;
-- }
-- }
-- else
-- {
-- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_\?\?",
-- cert_depth);
-- }
-
- for( i = 0; i < name->val.len; i++ )
- {
---- a/configure.ac
-+++ b/configure.ac
-@@ -819,13 +819,13 @@ if test "${with_crypto_library}" = "pola
- #include <polarssl/version.h>
- ]],
- [[
--#if POLARSSL_VERSION_NUMBER < 0x01020A00 || POLARSSL_VERSION_NUMBER >= 0x01030000
-+#if POLARSSL_VERSION_NUMBER < 0x01030000
- #error invalid version
- #endif
- ]]
- )],
- [AC_MSG_RESULT([ok])],
-- [AC_MSG_ERROR([PolarSSL 1.2.x required and must be 1.2.10 or later])]
-+ [AC_MSG_ERROR([PolarSSL 1.3.x required])]
- )
-
- polarssl_with_pkcs11="no"
--- /dev/null
+openvpn: fix build without POLARSSL_DEBUG_C
+
+Backport of upstream master commit
+b63f98633dbe2ca92cd43fc6f8597ab283a600bf.
+
+Signed-off-by: Magnus Kroken <mkroken@gmail.com>
+
+From b63f98633dbe2ca92cd43fc6f8597ab283a600bf Mon Sep 17 00:00:00 2001
+From: Steffan Karger <steffan@karger.me>
+Date: Tue, 14 Jun 2016 22:00:03 +0200
+Subject: [PATCH] mbedtls: don't set debug threshold if compiled without
+ MBEDTLS_DEBUG_C
+
+For targets with space constraints, one might want to compile mbed TLS
+without MBEDTLS_DEBUG_C defined, to save some tens of kilobytes. Make
+sure OpenVPN still compiles if that is the case.
+
+Signed-off-by: Steffan Karger <steffan@karger.me>
+Acked-by: Gert Doering <gert@greenie.muc.de>
+Message-Id: <1465934403-22226-1-git-send-email-steffan@karger.me>
+URL: http://article.gmane.org/gmane.network.openvpn.devel/11922
+Signed-off-by: Gert Doering <gert@greenie.muc.de>
+--- a/src/openvpn/ssl_polarssl.c
++++ b/src/openvpn/ssl_polarssl.c
+@@ -747,7 +747,9 @@ void key_state_ssl_init(struct key_state
+ if (polar_ok(ssl_init(ks_ssl->ctx)))
+ {
+ /* Initialise SSL context */
++ #ifdef POLARSSL_DEBUG_C
+ debug_set_threshold(3);
++ #endif
+ ssl_set_dbg (ks_ssl->ctx, my_debug, NULL);
+ ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint);
+++ /dev/null
---- a/src/openvpn/syshead.h
-+++ b/src/openvpn/syshead.h
-@@ -214,10 +214,6 @@
-
- #ifdef TARGET_LINUX
-
--#if defined(HAVE_NETINET_IF_ETHER_H)
--#include <netinet/if_ether.h>
--#endif
--
- #ifdef HAVE_LINUX_IF_TUN_H
- #include <linux/if_tun.h>
- #endif
+++ /dev/null
-Index: openvpn-2.3.6/src/openvpn/ssl_polarssl.c
-===================================================================
---- openvpn-2.3.6.orig/src/openvpn/ssl_polarssl.c
-+++ openvpn-2.3.6/src/openvpn/ssl_polarssl.c
-@@ -707,6 +707,11 @@ void key_state_ssl_init(struct key_state
- if (ssl_ctx->allowed_ciphers)
- ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers);
-
-+ /* Disable record splitting (breaks current ssl handling) */
-+#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
-+ ssl_set_cbc_record_splitting (ks_ssl->ctx, SSL_CBC_RECORD_SPLITTING_DISABLED);
-+#endif /* POLARSSL_SSL_CBC_RECORD_SPLITTING */
-+
- /* Initialise authentication information */
- if (is_server)
- ssl_set_dh_param_ctx (ks_ssl->ctx, ssl_ctx->dhm_ctx );
+++ /dev/null
---- a/src/openvpn/ssl_polarssl.c
-+++ b/src/openvpn/ssl_polarssl.c
-@@ -1119,7 +1119,7 @@ const char *
- get_ssl_library_version(void)
- {
- static char polar_version[30];
-- unsigned int pv = version_get_number();
-+ unsigned int pv = POLARSSL_VERSION_NUMBER;
- sprintf( polar_version, "PolarSSL %d.%d.%d",
- (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
- return polar_version;
--- /dev/null
+--- a/src/openvpn/syshead.h
++++ b/src/openvpn/syshead.h
+@@ -602,9 +602,7 @@ socket_defined (const socket_descriptor_
+ /*
+ * Should we include OCC (options consistency check) code?
+ */
+-#ifndef ENABLE_SMALL
+ #define ENABLE_OCC
+-#endif
+
+ /*
+ * Should we include NTLM proxy functionality
PKG_NAME:=samba
PKG_VERSION:=3.6.25
-PKG_RELEASE:=5
+PKG_RELEASE:=6
PKG_SOURCE_URL:=http://ftp.samba.org/pub/samba \
http://ftp.samba.org/pub/samba/stable
--- /dev/null
+From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Mon, 8 May 2017 21:40:40 +0200
+Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with /
+ inside
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
+
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+---
+ source3/rpc_server/srv_pipe.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/source3/rpc_server/srv_pipe.c
++++ b/source3/rpc_server/srv_pipe.c
+@@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_f
+ pipename += 1;
+ }
+
++ if (strchr(pipename, '/')) {
++ DEBUG(1, ("Refusing open on pipe %s\n", pipename));
++ return false;
++ }
++
+ if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
+ DEBUG(10, ("refusing spoolss access\n"));
+ return false;
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
-@@ -991,7 +991,6 @@ static bool api_pipe_bind_req(struct pip
+@@ -996,7 +996,6 @@ static bool api_pipe_bind_req(struct pip
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("api_pipe_bind_req: invalid pdu: %s\n",
nt_errstr(status)));
goto err_exit;
}
-@@ -1325,7 +1324,6 @@ bool api_pipe_bind_auth3(struct pipes_st
+@@ -1330,7 +1329,6 @@ bool api_pipe_bind_auth3(struct pipes_st
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("api_pipe_bind_auth3: invalid pdu: %s\n",
nt_errstr(status)));
goto err;
}
-@@ -1483,7 +1481,6 @@ static bool api_pipe_alter_context(struc
+@@ -1488,7 +1486,6 @@ static bool api_pipe_alter_context(struc
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("api_pipe_alter_context: invalid pdu: %s\n",
nt_errstr(status)));
goto err_exit;
}
-@@ -2057,7 +2054,6 @@ static bool process_request_pdu(struct p
+@@ -2062,7 +2059,6 @@ static bool process_request_pdu(struct p
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("process_request_pdu: invalid pdu: %s\n",
nt_errstr(status)));
--- /dev/null
+#
+# Copyright (C) 2016-2017 Jason A. Donenfeld <Jason@zx2c4.com>
+# Copyright (C) 2016 Baptiste Jonglez <openwrt@bitsofnetworks.org>
+# Copyright (C) 2016-2017 Dan Luedtke <mail@danrl.com>
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=wireguard
+
+PKG_VERSION:=0.0.20171017
+PKG_RELEASE:=1
+
+PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/
+PKG_MD5SUM:=1184c5734f7cd3b5895157835a336b3d
+
+PKG_LICENSE:=GPL-2.0 Apache-2.0
+PKG_LICENSE_FILES:=COPYING
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/WireGuard-$(PKG_VERSION)
+PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
+
+# WireGuard's makefile needs this to know where to build the kernel module
+export KERNELDIR:=$(LINUX_DIR)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/wireguard/Default
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=VPN
+ URL:=https://www.wireguard.com
+ MAINTAINER:=Baptiste Jonglez <openwrt@bitsofnetworks.org>, \
+ Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>, \
+ Dan Luedtke <mail@danrl.com>, \
+ Jason A. Donenfeld <Jason@zx2c4.com>
+endef
+
+define Package/wireguard/Default/description
+ WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
+ state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
+ more useful than IPSec, while avoiding the massive headache. It intends to
+ be considerably more performant than OpenVPN. WireGuard is designed as a
+ general purpose VPN for running on embedded interfaces and super computers
+ alike, fit for many different circumstances. It uses UDP.
+endef
+
+define Package/wireguard
+ $(call Package/wireguard/Default)
+ TITLE:=WireGuard meta-package
+ DEPENDS:=+wireguard-tools +kmod-wireguard
+endef
+
+include $(INCLUDE_DIR)/kernel-defaults.mk
+include $(INCLUDE_DIR)/package-defaults.mk
+
+# Used by Build/Compile/Default
+MAKE_PATH:=src/tools
+
+define Build/Compile
+ $(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules
+ $(call Build/Compile/Default)
+endef
+
+define Package/wireguard/install
+ true
+endef
+
+define Package/wireguard/description
+ $(call Package/wireguard/Default/description)
+endef
+
+define Package/wireguard-tools
+ $(call Package/wireguard/Default)
+ TITLE:=WireGuard userspace control program (wg)
+ DEPENDS:=+libmnl +ip
+endef
+
+define Package/wireguard-tools/description
+ $(call Package/wireguard/Default/description)
+
+ This package provides the userspace control program for WireGuard,
+ `wg(8)`, and a netifd protocol helper.
+endef
+
+define Package/wireguard-tools/install
+ $(INSTALL_DIR) $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/tools/wg $(1)/usr/bin/
+ $(INSTALL_DIR) $(1)/lib/netifd/proto/
+ $(INSTALL_BIN) ./files/wireguard.sh $(1)/lib/netifd/proto/
+endef
+
+define KernelPackage/wireguard
+ SECTION:=kernel
+ CATEGORY:=Kernel modules
+ SUBMENU:=Network Support
+ TITLE:=WireGuard kernel module
+ DEPENDS:=+IPV6:kmod-udptunnel6 +IPV6:kmod-ipv6 +kmod-udptunnel4 +kmod-crypto-core
+ FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
+ AUTOLOAD:=$(call AutoProbe,wireguard)
+endef
+
+define KernelPackage/wireguard/description
+ $(call Package/wireguard/Default/description)
+
+ This package provides the kernel module for WireGuard.
+endef
+
+$(eval $(call BuildPackage,wireguard))
+$(eval $(call BuildPackage,wireguard-tools))
+$(eval $(call KernelPackage,wireguard))
--- /dev/null
+#!/bin/sh
+# Copyright 2016-2017 Dan Luedtke <mail@danrl.com>
+# Licensed to the public under the Apache License 2.0.
+
+
+WG=/usr/bin/wg
+if [ ! -x $WG ]; then
+ logger -t "wireguard" "error: missing wireguard-tools (${WG})"
+ exit 0
+fi
+
+
+[ -n "$INCLUDE_ONLY" ] || {
+ . /lib/functions.sh
+ . ../netifd-proto.sh
+ init_proto "$@"
+}
+
+
+proto_wireguard_init_config() {
+ proto_config_add_string "private_key"
+ proto_config_add_int "listen_port"
+ proto_config_add_int "mtu"
+ proto_config_add_string "fwmark"
+ available=1
+ no_proto_task=1
+}
+
+
+proto_wireguard_setup_peer() {
+ local peer_config="$1"
+
+ local public_key
+ local preshared_key
+ local allowed_ips
+ local route_allowed_ips
+ local endpoint_host
+ local endpoint_port
+ local persistent_keepalive
+
+ config_get public_key "${peer_config}" "public_key"
+ config_get preshared_key "${peer_config}" "preshared_key"
+ config_get allowed_ips "${peer_config}" "allowed_ips"
+ config_get_bool route_allowed_ips "${peer_config}" "route_allowed_ips" 0
+ config_get endpoint_host "${peer_config}" "endpoint_host"
+ config_get endpoint_port "${peer_config}" "endpoint_port"
+ config_get persistent_keepalive "${peer_config}" "persistent_keepalive"
+
+ # peer configuration
+ echo "[Peer]" >> "${wg_cfg}"
+ echo "PublicKey=${public_key}" >> "${wg_cfg}"
+ if [ "${preshared_key}" ]; then
+ echo "PresharedKey=${preshared_key}" >> "${wg_cfg}"
+ fi
+ for allowed_ip in $allowed_ips; do
+ echo "AllowedIPs=${allowed_ip}" >> "${wg_cfg}"
+ done
+ if [ "${endpoint_host}" ]; then
+ case "${endpoint_host}" in
+ *:*)
+ endpoint="[${endpoint_host}]"
+ ;;
+ *)
+ endpoint="${endpoint_host}"
+ ;;
+ esac
+ if [ "${endpoint_port}" ]; then
+ endpoint="${endpoint}:${endpoint_port}"
+ else
+ endpoint="${endpoint}:51820"
+ fi
+ echo "Endpoint=${endpoint}" >> "${wg_cfg}"
+ fi
+ if [ "${persistent_keepalive}" ]; then
+ echo "PersistentKeepalive=${persistent_keepalive}" >> "${wg_cfg}"
+ fi
+
+ # add routes for allowed ips
+ if [ ${route_allowed_ips} -ne 0 ]; then
+ for allowed_ip in ${allowed_ips}; do
+ case "${allowed_ip}" in
+ *:*/*)
+ proto_add_ipv6_route "${allowed_ip%%/*}" "${allowed_ip##*/}"
+ ;;
+ *.*/*)
+ proto_add_ipv4_route "${allowed_ip%%/*}" "${allowed_ip##*/}"
+ ;;
+ *:*)
+ proto_add_ipv6_route "${allowed_ip%%/*}" "128"
+ ;;
+ *.*)
+ proto_add_ipv4_route "${allowed_ip%%/*}" "32"
+ ;;
+ esac
+ done
+ fi
+}
+
+
+proto_wireguard_setup() {
+ local config="$1"
+ local wg_dir="/tmp/wireguard"
+ local wg_cfg="${wg_dir}/${config}"
+
+ local private_key
+ local listen_port
+ local mtu
+
+ # load configuration
+ config_load network
+ config_get private_key "${config}" "private_key"
+ config_get listen_port "${config}" "listen_port"
+ config_get addresses "${config}" "addresses"
+ config_get mtu "${config}" "mtu"
+ config_get fwmark "${config}" "fwmark"
+
+ # create interface
+ ip link del dev "${config}" 2>/dev/null
+ ip link add dev "${config}" type wireguard
+
+ if [ "${mtu}" ]; then
+ ip link set mtu "${mtu}" dev "${config}"
+ fi
+
+ proto_init_update "${config}" 1
+
+ # generate configuration file
+ umask 077
+ mkdir -p "${wg_dir}"
+ echo "[Interface]" > "${wg_cfg}"
+ echo "PrivateKey=${private_key}" >> "${wg_cfg}"
+ if [ "${listen_port}" ]; then
+ echo "ListenPort=${listen_port}" >> "${wg_cfg}"
+ fi
+ if [ "${fwmark}" ]; then
+ echo "FwMark=${fwmark}" >> "${wg_cfg}"
+ fi
+ config_foreach proto_wireguard_setup_peer "wireguard_${config}"
+
+ # apply configuration file
+ ${WG} setconf ${config} "${wg_cfg}"
+ WG_RETURN=$?
+
+ # delete configuration file
+ rm -f "${wg_cfg}"
+
+ # check status
+ if [ ${WG_RETURN} -ne 0 ]; then
+ sleep 5
+ proto_setup_failed "${config}"
+ exit 1
+ fi
+
+ # add ip addresses
+ for address in ${addresses}; do
+ case "${address}" in
+ *:*/*)
+ proto_add_ipv6_address "${address%%/*}" "${address##*/}"
+ ;;
+ *.*/*)
+ proto_add_ipv4_address "${address%%/*}" "${address##*/}"
+ ;;
+ *:*)
+ proto_add_ipv6_address "${address%%/*}" "128"
+ ;;
+ *.*)
+ proto_add_ipv4_address "${address%%/*}" "32"
+ ;;
+ esac
+ done
+
+ # endpoint dependency
+ wg show "${config}" endpoints | \
+ sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \
+ while IFS=$'\t ' read -r key address port; do
+ [ -n "${port}" ] || continue
+ proto_add_host_dependency "${config}" "${address}"
+ done
+
+ proto_send_update "${config}"
+}
+
+
+proto_wireguard_teardown() {
+ local config="$1"
+ ip link del dev "${config}" >/dev/null 2>&1
+}
+
+
+[ -n "$INCLUDE_ONLY" ] || {
+ add_protocol wireguard
+}
include $(TOPDIR)/rules.mk
PKG_NAME:=tcpdump
-PKG_VERSION:=4.5.1
-PKG_RELEASE:=4
+PKG_VERSION:=4.9.2
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.tcpdump.org/release/ \
- http://ftp.gwdg.de/pub/misc/tcpdump/ \
- http://www.at.tcpdump.org/ \
- http://www.br.tcpdump.org/
-PKG_MD5SUM:=973a2513d0076e34aa9da7e15ed98e1b
+ http://www.at.tcpdump.org/
+PKG_MD5SUM:=9bbc1ee33dab61302411b02dd0515576
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
PKG_BUILD_PARALLEL:=1
---- a/tcpdump.c
-+++ b/tcpdump.c
-@@ -1095,20 +1095,6 @@ main(int argc, char **argv)
- error("invalid data link type %s", gndo->ndo_dltname);
- break;
+--- a/configure
++++ b/configure
+@@ -6259,97 +6259,6 @@ $as_echo "no" >&6; }
+ fi
+ fi
--#if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG)
-- case 'Y':
-- {
-- /* Undocumented flag */
--#ifdef HAVE_PCAP_DEBUG
-- extern int pcap_debug;
-- pcap_debug = 1;
--#else
+-#
+-# Check for special debugging functions
+-#
+-for ac_func in pcap_set_parser_debug
+-do :
+- ac_fn_c_check_func "$LINENO" "pcap_set_parser_debug" "ac_cv_func_pcap_set_parser_debug"
+-if test "x$ac_cv_func_pcap_set_parser_debug" = xyes; then :
+- cat >>confdefs.h <<_ACEOF
+-#define HAVE_PCAP_SET_PARSER_DEBUG 1
+-_ACEOF
+-
+-fi
+-done
+-
+-if test "$ac_cv_func_pcap_set_parser_debug" = "no" ; then
+- #
+- # OK, we don't have pcap_set_parser_debug() to set the libpcap
+- # filter expression parser debug flag; can we directly set the
+- # flag?
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pcap_debug is defined by libpcap" >&5
+-$as_echo_n "checking whether pcap_debug is defined by libpcap... " >&6; }
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
+- extern int pcap_debug;
+-
+- return pcap_debug;
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_link "$LINENO"; then :
+- ac_lbl_cv_pcap_debug_defined=yes
+-else
+- ac_lbl_cv_pcap_debug_defined=no
+-fi
+-rm -f core conftest.err conftest.$ac_objext \
+- conftest$ac_exeext conftest.$ac_ext
+- if test "$ac_lbl_cv_pcap_debug_defined" = yes ; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+-
+-$as_echo "#define HAVE_PCAP_DEBUG 1" >>confdefs.h
+-
+- else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+- #
+- # OK, what about "yydebug"?
+- #
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether yydebug is defined by libpcap" >&5
+-$as_echo_n "checking whether yydebug is defined by libpcap... " >&6; }
+- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h. */
+-
+-int
+-main ()
+-{
+-
- extern int yydebug;
-- yydebug = 1;
--#endif
-- }
-- break;
--#endif
- case 'z':
- if (optarg) {
- zflag = strdup(optarg);
+-
+- return yydebug;
+-
+- ;
+- return 0;
+-}
+-_ACEOF
+-if ac_fn_c_try_link "$LINENO"; then :
+- ac_lbl_cv_yydebug_defined=yes
+-else
+- ac_lbl_cv_yydebug_defined=no
+-fi
+-rm -f core conftest.err conftest.$ac_objext \
+- conftest$ac_exeext conftest.$ac_ext
+- if test "$ac_lbl_cv_yydebug_defined" = yes ; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
+-
+-$as_echo "#define HAVE_YYDEBUG 1" >>confdefs.h
+-
+- else
+- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+-$as_echo "no" >&6; }
+- fi
+- fi
+-fi
+ for ac_func in pcap_set_optimizer_debug
+ do :
+ ac_fn_c_check_func "$LINENO" "pcap_set_optimizer_debug" "ac_cv_func_pcap_set_optimizer_debug"
--- a/configure
+++ b/configure
-@@ -5813,28 +5813,6 @@ $as_echo "Using $pfopen" >&6; }
+@@ -5471,37 +5471,6 @@ $as_echo "Using $pfopen" >&6; }
LIBS="$LIBS $pfopen"
fi
fi
-- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for local pcap library" >&5
+- libpcap=FAIL
+- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for local pcap library" >&5
-$as_echo_n "checking for local pcap library... " >&6; }
-- libpcap=FAIL
-- lastdir=FAIL
-- places=`ls $srcdir/.. | sed -e 's,/$,,' -e "s,^,$srcdir/../," | \
-- egrep '/libpcap-[0-9]+\.[0-9]+(\.[0-9]*)?([ab][0-9]*|-PRE-GIT)?$'`
-- for dir in $places $srcdir/../libpcap $srcdir/libpcap ; do
-- basedir=`echo $dir | sed -e 's/[ab][0-9]*$//' | \
-- sed -e 's/-PRE-GIT$//' `
-- if test $lastdir = $basedir ; then
-- continue;
-- fi
-- lastdir=$dir
-- if test -r $dir/libpcap.a ; then
-- libpcap=$dir/libpcap.a
-- d=$dir
-- fi
-- done
+-
+-# Check whether --with-system-libpcap was given.
+-if test "${with_system_libpcap+set}" = set; then :
+- withval=$with_system_libpcap;
+-fi
+-
+- if test "x$with_system_libpcap" != xyes ; then
+- lastdir=FAIL
+- places=`ls $srcdir/.. | sed -e 's,/$,,' -e "s,^,$srcdir/../," | \
+- egrep '/libpcap-[0-9]+\.[0-9]+(\.[0-9]*)?([ab][0-9]*|-PRE-GIT)?$'`
+- places2=`ls .. | sed -e 's,/$,,' -e "s,^,../," | \
+- egrep '/libpcap-[0-9]+\.[0-9]+(\.[0-9]*)?([ab][0-9]*|-PRE-GIT)?$'`
+- for dir in $places $srcdir/../libpcap ../libpcap $srcdir/libpcap $places2 ; do
+- basedir=`echo $dir | sed -e 's/[ab][0-9]*$//' | \
+- sed -e 's/-PRE-GIT$//' `
+- if test $lastdir = $basedir ; then
+- continue;
+- fi
+- lastdir=$dir
+- if test -r $dir/libpcap.a ; then
+- libpcap=$dir/libpcap.a
+- d=$dir
+- fi
+- done
+- fi
- if test $libpcap = FAIL ; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
-$as_echo "not found" >&6; }
--
+
#
# Look for pcap-config.
- #
-@@ -5989,41 +5967,6 @@ if test "x$ac_cv_lib_pcap_main" = xyes;
+@@ -5657,51 +5626,6 @@ if test "x$ac_cv_lib_pcap_main" = xyes;
libpcap="-lpcap"
fi
- V_PCAPDEP=$libpcap
- places=`ls $srcdir/.. | sed -e 's,/$,,' -e "s,^,$srcdir/../," | \
- egrep '/libpcap-[0-9]*.[0-9]*(.[0-9]*)?([ab][0-9]*)?$'`
+- places2=`ls .. | sed -e 's,/$,,' -e "s,^,../," | \
+- egrep '/libpcap-[0-9]*.[0-9]*(.[0-9]*)?([ab][0-9]*)?$'`
+- pcapH=FAIL
- if test -r $d/pcap.h; then
-- V_INCLS="-I$d $V_INCLS"
-- elif test -r $places/pcap.h; then
-- V_INCLS="-I$places $V_INCLS"
+- pcapH=$d
- else
-- as_fn_error see INSTALL "cannot find pcap.h" "$LINENO" 5
+- for dir in $places $srcdir/../libpcap ../libpcap $srcdir/libpcap $places2 ; do
+- if test -r $dir/pcap.h ; then
+- pcapH=$dir
+- fi
+- done
+- fi
+-
+- if test $pcapH = FAIL ; then
+- as_fn_error $? "cannot find pcap.h: see INSTALL" "$LINENO" 5
- fi
+- V_INCLS="-I$pcapH $V_INCLS"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $libpcap" >&5
-$as_echo "$libpcap" >&6; }
# Extract the first word of "pcap-config", so it can be a program name with args.
--- a/Makefile.in
+++ b/Makefile.in
-@@ -71,6 +71,22 @@ DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@
- @rm -f $@
- $(CC) $(FULL_CFLAGS) -c $(srcdir)/$*.c
+@@ -72,6 +72,80 @@ DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@
+
+ CSRC = setsignal.c tcpdump.c
+ifdef TCPDUMP_MINI
+
-+CSRC = addrtoname.c af.c checksum.c cpack.c gmpls.c oui.c gmt2local.c ipproto.c \
-+ nlpid.c l2vpn.c machdep.c parsenfsfh.c in_cksum.c \
-+ print-802_11.c print-aodv.c print-arp.c print-ascii.c \
-+ print-bgp.c print-bootp.c print-cdp.c print-domain.c print-eap.c print-ether.c \
-+ print-gre.c print-icmp.c print-igmp.c print-ip.c \
-+ print-l2tp.c print-lldp.c print-llc.c \
-+ print-nfs.c print-ntp.c print-null.c print-olsr.c print-ospf.c \
-+ print-ppp.c print-pppoe.c print-pptp.c print-radius.c print-raw.c print-rsvp.c \
-+ print-sctp.c print-sip.c print-sll.c print-snmp.c print-stp.c print-sunrpc.c \
-+ print-syslog.c print-tcp.c print-telnet.c print-tftp.c print-udp.c \
-+ setsignal.c tcpdump.c util.c signature.c print-ipnet.c print-forces.c
++LIBNETDISSECT_SRC=\
++ netdissect.c \
++ addrtoname.c \
++ addrtostr.c \
++ af.c \
++ ascii_strcasecmp.c \
++ checksum.c \
++ cpack.c \
++ gmpls.c \
++ gmt2local.c \
++ in_cksum.c \
++ ipproto.c \
++ l2vpn.c \
++ machdep.c \
++ nlpid.c \
++ oui.c \
++ parsenfsfh.c \
++ print.c \
++ print-802_11.c \
++ print-aodv.c \
++ print-arp.c \
++ print-ascii.c \
++ print-bootp.c \
++ print-dhcp6.c \
++ print-domain.c \
++ print-eap.c \
++ print-ether.c \
++ print-ftp.c \
++ print-gre.c \
++ print-http.c \
++ print-icmp.c \
++ print-icmp6.c \
++ print-igmp.c \
++ print-ip.c \
++ print-ip6.c \
++ print-ip6opts.c \
++ print-ipnet.c \
++ print-l2tp.c \
++ print-llc.c \
++ print-lldp.c \
++ print-loopback.c \
++ print-nfs.c \
++ print-ntp.c \
++ print-null.c \
++ print-olsr.c \
++ print-ospf.c \
++ print-ospf6.c \
++ print-ppp.c \
++ print-pppoe.c \
++ print-pptp.c \
++ print-radius.c \
++ print-raw.c \
++ print-rsvp.c \
++ print-rt6.c \
++ print-rtsp.c \
++ print-sip.c \
++ print-sll.c \
++ print-smtp.c \
++ print-snmp.c \
++ print-stp.c \
++ print-sunrpc.c \
++ print-syslog.c \
++ print-tcp.c \
++ print-telnet.c \
++ print-tftp.c \
++ print-udp.c \
++ signature.c \
++ strtoaddr.c \
++ util-print.c
+
+else
+
- CSRC = addrtoname.c af.c checksum.c cpack.c gmpls.c oui.c gmt2local.c ipproto.c \
- nlpid.c l2vpn.c machdep.c parsenfsfh.c in_cksum.c \
- print-802_11.c print-802_15_4.c print-ap1394.c print-ah.c \
-@@ -103,6 +119,8 @@ LIBNETDISSECT_SRC=print-isakmp.c
- LIBNETDISSECT_OBJ=$(LIBNETDISSECT_SRC:.c=.o)
- LIBNETDISSECT=libnetdissect.a
+ LIBNETDISSECT_SRC=\
+ addrtoname.c \
+ addrtostr.c \
+@@ -237,6 +311,8 @@ LIBNETDISSECT_SRC=\
+ strtoaddr.c \
+ util-print.c
+endif
+
LOCALSRC = @LOCALSRC@
GENSRC = version.c
LIBOBJS = @LIBOBJS@
-@@ -286,10 +304,12 @@ $(PROG): $(OBJ) @V_PCAPDEP@
- @rm -f $@
- $(CC) $(FULL_CFLAGS) $(LDFLAGS) -o $@ $(OBJ) $(LIBS)
-
-+ifndef TCPDUMP_MINI
- $(LIBNETDISSECT): $(LIBNETDISSECT_OBJ)
- @rm -f $@
- $(AR) cr $@ $(LIBNETDISSECT_OBJ)
- $(RANLIB) $@
-+endif
-
- datalinks.o: $(srcdir)/missing/datalinks.c
- $(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/datalinks.c
--- a/addrtoname.c
+++ b/addrtoname.c
-@@ -556,10 +556,10 @@ linkaddr_string(const u_char *ep, const
-
+@@ -578,8 +578,10 @@ linkaddr_string(netdissect_options *ndo,
if (type == LINKADDR_ETHER && len == ETHER_ADDR_LEN)
- return (etheraddr_string(ep));
--
+ return (etheraddr_string(ndo, ep));
+
+#ifndef TCPDUMP_MINI
if (type == LINKADDR_FRELAY)
- return (q922_string(ep));
--
+ return (q922_string(ndo, ep, len));
+#endif
- tp = lookup_bytestring(ep, len);
- if (tp->e_name)
- return (tp->e_name);
-@@ -1159,6 +1159,7 @@ init_addrtoname(u_int32_t localnet, u_in
- init_ipxsaparray();
+
+ tp = lookup_bytestring(ndo, ep, len);
+ if (tp->bs_name)
+@@ -1214,6 +1216,7 @@ init_addrtoname(netdissect_options *ndo,
+ init_ipxsaparray(ndo);
}
+#ifndef TCPDUMP_MINI
const char *
- dnaddr_string(u_short dnaddr)
+ dnaddr_string(netdissect_options *ndo, u_short dnaddr)
{
-@@ -1178,6 +1179,7 @@ dnaddr_string(u_short dnaddr)
+@@ -1233,6 +1236,7 @@ dnaddr_string(netdissect_options *ndo, u
return(tp->name);
}
/* Return a zero'ed hnamemem struct and cuts down on calloc() overhead */
struct hnamemem *
+--- a/print.c
++++ b/print.c
+@@ -48,6 +48,7 @@ static const struct printer printers[] =
+ #ifdef DLT_IPNET
+ { ipnet_if_print, DLT_IPNET },
+ #endif
++#ifndef TCPDUMP_MINI
+ #ifdef DLT_IEEE802_15_4
+ { ieee802_15_4_if_print, DLT_IEEE802_15_4 },
+ #endif
+@@ -57,12 +58,14 @@ static const struct printer printers[] =
+ #ifdef DLT_PPI
+ { ppi_if_print, DLT_PPI },
+ #endif
++#endif
+ #ifdef DLT_NETANALYZER
+ { netanalyzer_if_print, DLT_NETANALYZER },
+ #endif
+ #ifdef DLT_NETANALYZER_TRANSPARENT
+ { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT },
+ #endif
++#ifndef TCPDUMP_MINI
+ #if defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H)
+ { nflog_if_print, DLT_NFLOG},
+ #endif
+@@ -75,10 +78,12 @@ static const struct printer printers[] =
+ #ifdef DLT_IP_OVER_FC
+ { ipfc_if_print, DLT_IP_OVER_FC },
+ #endif
++#endif
+ { null_if_print, DLT_NULL },
+ #ifdef DLT_LOOP
+ { null_if_print, DLT_LOOP },
+ #endif
++#ifndef TCPDUMP_MINI
+ #ifdef DLT_APPLE_IP_OVER_IEEE1394
+ { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 },
+ #endif
+@@ -92,7 +97,9 @@ static const struct printer printers[] =
+ #ifdef DLT_ARCNET_LINUX
+ { arcnet_linux_if_print, DLT_ARCNET_LINUX },
+ #endif
++#endif
+ { raw_if_print, DLT_RAW },
++#ifndef TCPDUMP_MINI
+ #ifdef DLT_IPV4
+ { raw_if_print, DLT_IPV4 },
+ #endif
+@@ -116,17 +123,21 @@ static const struct printer printers[] =
+ #ifdef DLT_HDLC
+ { chdlc_if_print, DLT_HDLC },
+ #endif
++#endif
+ #ifdef DLT_PPP_ETHER
+ { pppoe_if_print, DLT_PPP_ETHER },
+ #endif
++#ifndef TCPDUMP_MINI
+ #if defined(DLT_PFLOG) && defined(HAVE_NET_IF_PFLOG_H)
+ { pflog_if_print, DLT_PFLOG },
+ #endif
+ { token_if_print, DLT_IEEE802 },
+ { fddi_if_print, DLT_FDDI },
++#endif
+ #ifdef DLT_LINUX_SLL
+ { sll_if_print, DLT_LINUX_SLL },
+ #endif
++#ifndef TCPDUMP_MINI
+ #ifdef DLT_FR
+ { fr_if_print, DLT_FR },
+ #endif
+@@ -198,6 +209,7 @@ static const struct printer printers[] =
+ #ifdef DLT_PKTAP
+ { pktap_if_print, DLT_PKTAP },
+ #endif
++#endif
+ #ifdef DLT_IEEE802_11_RADIO
+ { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO },
+ #endif
+@@ -214,12 +226,14 @@ static const struct printer printers[] =
+ #ifdef DLT_PPP_WITHDIRECTION
+ { ppp_if_print, DLT_PPP_WITHDIRECTION },
+ #endif
++#ifndef TCPDUMP_MINI
+ #ifdef DLT_PPP_BSDOS
+ { ppp_bsdos_if_print, DLT_PPP_BSDOS },
+ #endif
+ #ifdef DLT_PPP_SERIAL
+ { ppp_hdlc_if_print, DLT_PPP_SERIAL },
+ #endif
++#endif
+ { NULL, 0 },
+ };
+
--- a/print-ether.c
+++ b/print-ether.c
@@ -342,6 +342,7 @@ ethertype_print(netdissect_options *ndo,
- arp_print(ndo, p, length, caplen);
+ arp_print(ndo, p, length, caplen);
return (1);
+#ifndef TCPDUMP_MINI
case ETHERTYPE_DN:
- decnet_print(/*ndo,*/p, length, caplen);
- return (1);
-@@ -360,10 +361,13 @@ ethertype_print(netdissect_options *ndo,
- ND_PRINT((ndo, "(NOV-ETHII) "));
- ipx_print(/*ndo,*/p, length);
+ decnet_print(ndo, p, length, caplen);
return (1);
-+#endif
-
-+#ifndef TCPDUMP_MINI
- case ETHERTYPE_ISO:
- isoclns_print(/*ndo,*/p+1, length-1, length-1);
- return(1);
+@@ -368,6 +369,7 @@ ethertype_print(netdissect_options *ndo,
+ }
+ isoclns_print(ndo, p + 1, length - 1);
+ return(1);
+#endif
case ETHERTYPE_PPPOED:
case ETHERTYPE_PPPOES:
-@@ -376,9 +380,11 @@ ethertype_print(netdissect_options *ndo,
+@@ -380,9 +382,11 @@ ethertype_print(netdissect_options *ndo,
eap_print(ndo, p, length);
return (1);
+#ifndef TCPDUMP_MINI
case ETHERTYPE_RRCP:
- rrcp_print(ndo, p - 14 , length + 14);
+ rrcp_print(ndo, p, length, src, dst);
return (1);
+#endif
case ETHERTYPE_PPP:
if (length) {
-@@ -387,6 +393,7 @@ ethertype_print(netdissect_options *ndo,
+@@ -391,6 +395,7 @@ ethertype_print(netdissect_options *ndo,
}
return (1);
+#ifndef TCPDUMP_MINI
case ETHERTYPE_MPCP:
- mpcp_print(/*ndo,*/p, length);
+ mpcp_print(ndo, p, length);
return (1);
-@@ -399,7 +406,7 @@ ethertype_print(netdissect_options *ndo,
+@@ -403,6 +408,7 @@ ethertype_print(netdissect_options *ndo,
case ETHERTYPE_CFM_OLD:
- cfm_print(/*ndo,*/p, length);
+ cfm_print(ndo, p, length);
return (1);
--
+#endif
+
case ETHERTYPE_LLDP:
- lldp_print(/*ndo,*/p, length);
- return (1);
-@@ -407,6 +414,7 @@ ethertype_print(netdissect_options *ndo,
- case ETHERTYPE_LOOPBACK:
+ lldp_print(ndo, p, length);
+@@ -412,6 +418,7 @@ ethertype_print(netdissect_options *ndo,
+ loopback_print(ndo, p, length);
return (1);
+#ifndef TCPDUMP_MINI
case ETHERTYPE_MPLS:
case ETHERTYPE_MPLS_MULTI:
- mpls_print(/*ndo,*/p, length);
-@@ -428,6 +436,7 @@ ethertype_print(netdissect_options *ndo,
- case ETHERTYPE_CALM_FAST:
- calm_fast_print(ndo, p-14, p, length);
- return (1);
+ mpls_print(ndo, p, length);
+@@ -441,6 +448,7 @@ ethertype_print(netdissect_options *ndo,
+ case ETHERTYPE_MEDSA:
+ medsa_print(ndo, p, length, caplen, src, dst);
+ return (1);
+#endif
case ETHERTYPE_LAT:
case ETHERTYPE_SCA:
--- a/print-gre.c
+++ b/print-gre.c
-@@ -213,6 +213,7 @@ gre_print_0(const u_char *bp, u_int leng
- ip6_print(gndo, bp, len);
+@@ -216,6 +216,7 @@ gre_print_0(netdissect_options *ndo, con
+ case ETHERTYPE_IPV6:
+ ip6_print(ndo, bp, len);
break;
- #endif
+#ifndef TCPDUMP_MINI
case ETHERTYPE_MPLS:
- mpls_print(bp, len);
+ mpls_print(ndo, bp, len);
break;
-@@ -228,6 +229,7 @@ gre_print_0(const u_char *bp, u_int leng
+@@ -231,6 +232,7 @@ gre_print_0(netdissect_options *ndo, con
case ETHERTYPE_TEB:
- ether_print(gndo, bp, len, len, NULL, NULL);
+ ether_print(ndo, bp, len, ndo->ndo_snapend - bp, NULL, NULL);
break;
+#endif
default:
- printf("gre-proto-0x%x", prot);
+ ND_PRINT((ndo, "gre-proto-0x%x", prot));
}
--- a/print-igmp.c
+++ b/print-igmp.c
-@@ -309,6 +309,7 @@ igmp_print(register const u_char *bp, re
- TCHECK2(bp[4], 4);
- (void)printf("igmp leave %s", ipaddr_string(&bp[4]));
+@@ -306,6 +306,7 @@ igmp_print(netdissect_options *ndo,
+ ND_TCHECK2(bp[4], 4);
+ ND_PRINT((ndo, "igmp leave %s", ipaddr_string(ndo, &bp[4])));
break;
+#ifndef TCPDUMP_MINI
case 0x13:
- (void)printf("igmp dvmrp");
+ ND_PRINT((ndo, "igmp dvmrp"));
if (len < 8)
-@@ -320,6 +321,7 @@ igmp_print(register const u_char *bp, re
- (void)printf("igmp pimv1");
- pimv1_print(bp, len);
+@@ -317,6 +318,7 @@ igmp_print(netdissect_options *ndo,
+ ND_PRINT((ndo, "igmp pimv1"));
+ pimv1_print(ndo, bp, len);
break;
+#endif
case 0x1e:
- print_mresp(bp, len);
+ print_mresp(ndo, bp, len);
break;
+--- a/print-ip6.c
++++ b/print-ip6.c
+@@ -305,6 +305,7 @@ ip6_print(netdissect_options *ndo, const
+ return;
+ nh = *cp;
+ break;
++#ifndef TCPDUMP_MINI
+ case IPPROTO_FRAGMENT:
+ advance = frag6_print(ndo, cp, (const u_char *)ip6);
+ if (advance < 0 || ndo->ndo_snapend <= cp + advance)
+@@ -328,6 +329,7 @@ ip6_print(netdissect_options *ndo, const
+ return;
+ nh = *cp;
+ return;
++#endif
+ case IPPROTO_ROUTING:
+ ND_TCHECK(*cp);
+ advance = rt6_print(ndo, cp, (const u_char *)ip6);
+@@ -335,12 +337,14 @@ ip6_print(netdissect_options *ndo, const
+ return;
+ nh = *cp;
+ break;
++#ifndef TCPDUMP_MINI
+ case IPPROTO_SCTP:
+ sctp_print(ndo, cp, (const u_char *)ip6, len);
+ return;
+ case IPPROTO_DCCP:
+ dccp_print(ndo, cp, (const u_char *)ip6, len);
+ return;
++#endif
+ case IPPROTO_TCP:
+ tcp_print(ndo, cp, len, (const u_char *)ip6, fragmented);
+ return;
+@@ -350,6 +354,7 @@ ip6_print(netdissect_options *ndo, const
+ case IPPROTO_ICMPV6:
+ icmp6_print(ndo, cp, len, (const u_char *)ip6, fragmented);
+ return;
++#ifndef TCPDUMP_MINI
+ case IPPROTO_AH:
+ advance = ah_print(ndo, cp);
+ if (advance < 0)
+@@ -382,6 +387,7 @@ ip6_print(netdissect_options *ndo, const
+ case IPPROTO_PIM:
+ pim_print(ndo, cp, len, (const u_char *)ip6);
+ return;
++#endif
+
+ case IPPROTO_OSPF:
+ ospf6_print(ndo, cp, len);
+@@ -395,9 +401,11 @@ ip6_print(netdissect_options *ndo, const
+ ip_print(ndo, cp, len);
+ return;
+
++#ifndef TCPDUMP_MINI
+ case IPPROTO_PGM:
+ pgm_print(ndo, cp, len, (const u_char *)ip6);
+ return;
++#endif
+
+ case IPPROTO_GRE:
+ gre_print(ndo, cp, len);
--- a/print-ip.c
+++ b/print-ip.c
-@@ -328,6 +328,7 @@ ip_print_demux(netdissect_options *ndo,
+@@ -344,6 +344,7 @@ ip_print_demux(netdissect_options *ndo,
again:
switch (ipds->nh) {
+#ifndef TCPDUMP_MINI
case IPPROTO_AH:
- ipds->nh = *ipds->cp;
- ipds->advance = ah_print(ipds->cp);
-@@ -362,15 +363,15 @@ again:
- ipds->nh = enh & 0xff;
- goto again;
+ if (!ND_TTEST(*ipds->cp)) {
+ ND_PRINT((ndo, "[|AH]"));
+@@ -382,7 +383,9 @@ again:
+ */
+ break;
}
--
+#endif
+
++#ifndef TCPDUMP_MINI
case IPPROTO_SCTP:
- sctp_print(ipds->cp, (const u_char *)ipds->ip, ipds->len);
+ sctp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len);
break;
--
-+#ifndef TCPDUMP_MINI
+@@ -390,6 +393,7 @@ again:
case IPPROTO_DCCP:
- dccp_print(ipds->cp, (const u_char *)ipds->ip, ipds->len);
+ dccp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len);
break;
--
+#endif
+
case IPPROTO_TCP:
/* pass on the MF bit plus the offset to detect fragments */
- tcp_print(ipds->cp, ipds->len, (const u_char *)ipds->ip,
-@@ -388,7 +389,7 @@ again:
- icmp_print(ipds->cp, ipds->len, (const u_char *)ipds->ip,
+@@ -409,6 +413,7 @@ again:
ipds->off & (IP_MF|IP_OFFMASK));
break;
--
+
+#ifndef TCPDUMP_MINI
case IPPROTO_PIGP:
/*
* XXX - the current IANA protocol number assignments
-@@ -409,15 +410,15 @@ again:
+@@ -429,14 +434,17 @@ again:
case IPPROTO_EIGRP:
- eigrp_print(ipds->cp, ipds->len);
+ eigrp_print(ndo, ipds->cp, ipds->len);
break;
--
+#endif
+
case IPPROTO_ND:
ND_PRINT((ndo, " nd %d", ipds->len));
break;
--
+
+#ifndef TCPDUMP_MINI
case IPPROTO_EGP:
- egp_print(ipds->cp, ipds->len);
+ egp_print(ndo, ipds->cp, ipds->len);
break;
--
+#endif
+
case IPPROTO_OSPF:
- ospf_print(ipds->cp, ipds->len, (const u_char *)ipds->ip);
- break;
-@@ -451,10 +452,10 @@ again:
- gre_print(ipds->cp, ipds->len);
+ ospf_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip);
+@@ -469,6 +477,7 @@ again:
+ gre_print(ndo, ipds->cp, ipds->len);
break;
+#ifndef TCPDUMP_MINI
case IPPROTO_MOBILE:
- mobile_print(ipds->cp, ipds->len);
+ mobile_print(ndo, ipds->cp, ipds->len);
break;
--
- case IPPROTO_PIM:
- vec[0].ptr = ipds->cp;
- vec[0].len = ipds->len;
-@@ -480,7 +481,7 @@ again:
+@@ -497,6 +506,7 @@ again:
case IPPROTO_PGM:
- pgm_print(ipds->cp, ipds->len, (const u_char *)ipds->ip);
+ pgm_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip);
break;
--
+#endif
+
default:
- if (ndo->ndo_nflag==0 && (proto = getprotobynumber(ipds->nh)) != NULL)
- ND_PRINT((ndo, " %s", proto->p_name));
---- a/print-ip6.c
-+++ b/print-ip6.c
-@@ -192,9 +192,11 @@ ip6_print(netdissect_options *ndo, const
- case IPPROTO_SCTP:
- sctp_print(cp, (const u_char *)ip6, len);
- return;
-+#ifndef TCPDUMP_MINI
- case IPPROTO_DCCP:
- dccp_print(cp, (const u_char *)ip6, len);
- return;
-+#endif
- case IPPROTO_TCP:
- tcp_print(cp, len, (const u_char *)ip6, fragmented);
- return;
-@@ -204,6 +206,7 @@ ip6_print(netdissect_options *ndo, const
- case IPPROTO_ICMPV6:
- icmp6_print(ndo, cp, len, (const u_char *)ip6, fragmented);
- return;
-+#ifndef TCPDUMP_MINI
- case IPPROTO_AH:
- advance = ah_print(cp);
- nh = *cp;
-@@ -228,7 +231,7 @@ ip6_print(netdissect_options *ndo, const
- pim_print(cp, len, nextproto6_cksum(ip6, cp, len,
- IPPROTO_PIM));
- return;
--
-+#endif
- case IPPROTO_OSPF:
- ospf6_print(cp, len);
- return;
-@@ -240,11 +243,11 @@ ip6_print(netdissect_options *ndo, const
- case IPPROTO_IPV4:
- ip_print(ndo, cp, len);
- return;
--
-+#ifndef TCPDUMP_MINI
- case IPPROTO_PGM:
- pgm_print(cp, len, (const u_char *)ip6);
- return;
--
-+#endif
- case IPPROTO_GRE:
- gre_print(cp, len);
- return;
+ if (ndo->ndo_nflag==0 && (p_name = netdb_protoname(ipds->nh)) != NULL)
--- a/print-llc.c
+++ b/print-llc.c
-@@ -196,7 +196,7 @@ llc_print(const u_char *p, u_int length,
- control = EXTRACT_LE_16BITS(p + 2);
- is_u = 0;
+@@ -206,6 +206,7 @@ llc_print(netdissect_options *ndo, const
+ hdrlen = 4; /* DSAP, SSAP, 2-byte control field */
}
--
+
+#ifndef TCPDUMP_MINI
if (ssap_field == LLCSAP_GLOBAL && dsap_field == LLCSAP_GLOBAL) {
/*
* This is an Ethernet_802.3 IPX frame; it has an
-@@ -219,6 +219,7 @@ llc_print(const u_char *p, u_int length,
- ipx_print(p, length);
- return (1);
+@@ -228,6 +229,7 @@ llc_print(netdissect_options *ndo, const
+ ipx_print(ndo, p, length);
+ return (0); /* no LLC header */
}
+#endif
dsap = dsap_field & ~LLC_IG;
ssap = ssap_field & ~LLC_GSAP;
-@@ -251,6 +252,7 @@ llc_print(const u_char *p, u_int length,
- return (1);
+@@ -291,6 +293,7 @@ llc_print(netdissect_options *ndo, const
+ return (hdrlen);
}
+#ifndef TCPDUMP_MINI
if (ssap == LLCSAP_IPX && dsap == LLCSAP_IPX &&
control == LLC_UI) {
/*
-@@ -266,6 +268,7 @@ llc_print(const u_char *p, u_int length,
- ipx_print(p+3, length-3);
- return (1);
+@@ -304,6 +307,7 @@ llc_print(netdissect_options *ndo, const
+ ipx_print(ndo, p, length);
+ return (hdrlen);
}
+#endif
- #ifdef TCPDUMP_DO_SMB
+ #ifdef ENABLE_SMB
if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI
-@@ -297,11 +300,13 @@ llc_print(const u_char *p, u_int length,
- return (1);
+@@ -322,12 +326,13 @@ llc_print(netdissect_options *ndo, const
+ return (hdrlen);
}
#endif
+#ifndef TCPDUMP_MINI
if (ssap == LLCSAP_ISONS && dsap == LLCSAP_ISONS
&& control == LLC_UI) {
- isoclns_print(p + 3, length - 3, caplen - 3);
- return (1);
+ isoclns_print(ndo, p, length);
+ return (hdrlen);
}
+-
+#endif
+ if (!ndo->ndo_eflag) {
+ if (ssap == dsap) {
+ if (src == NULL || dst == NULL)
+@@ -480,6 +485,7 @@ snap_print(netdissect_options *ndo, cons
- if (ssap == LLCSAP_SNAP && dsap == LLCSAP_SNAP
- && control == LLC_UI) {
-@@ -444,6 +449,7 @@ snap_print(const u_char *p, u_int length
- case PID_CISCO_CDP:
- cdp_print(p, length, caplen);
- return (1);
+ case OUI_CISCO:
+ switch (et) {
+#ifndef TCPDUMP_MINI
- case PID_CISCO_DTP:
- dtp_print(p, length);
+ case PID_CISCO_CDP:
+ cdp_print(ndo, p, length, caplen);
return (1);
-@@ -453,6 +459,7 @@ snap_print(const u_char *p, u_int length
+@@ -492,6 +498,7 @@ snap_print(netdissect_options *ndo, cons
case PID_CISCO_VTP:
- vtp_print(p, length);
+ vtp_print(ndo, p, length);
return (1);
+#endif
case PID_CISCO_PVST:
case PID_CISCO_VLANBRIDGE:
- stp_print(p, length);
-@@ -484,6 +491,7 @@ snap_print(const u_char *p, u_int length
- ether_print(gndo, p, length, caplen, NULL, NULL);
- return (1);
+ stp_print(ndo, p, length);
+@@ -504,6 +511,7 @@ snap_print(netdissect_options *ndo, cons
+ case OUI_RFC2684:
+ switch (et) {
+#ifndef TCPDUMP_MINI
- case PID_RFC2684_802_5_FCS:
- case PID_RFC2684_802_5_NOFCS:
+ case PID_RFC2684_ETH_FCS:
+ case PID_RFC2684_ETH_NOFCS:
/*
-@@ -525,6 +533,7 @@ snap_print(const u_char *p, u_int length
+@@ -565,6 +573,7 @@ snap_print(netdissect_options *ndo, cons
*/
- fddi_print(p, length, caplen);
+ fddi_print(ndo, p, length, caplen);
return (1);
+#endif
case PID_RFC2684_BPDU:
- stp_print(p, length);
+ stp_print(ndo, p, length);
--- a/print-null.c
+++ b/print-null.c
-@@ -128,7 +128,7 @@ null_if_print(const struct pcap_pkthdr *
- ip6_print(gndo, p, length);
+@@ -116,6 +116,7 @@ null_if_print(netdissect_options *ndo, c
+ ip6_print(ndo, p, length);
break;
- #endif
--
+
+#ifndef TCPDUMP_MINI
case BSD_AFNUM_ISO:
- isoclns_print(p, length, caplen);
+ isoclns_print(ndo, p, length);
break;
-@@ -140,7 +140,7 @@ null_if_print(const struct pcap_pkthdr *
+@@ -127,6 +128,7 @@ null_if_print(netdissect_options *ndo, c
case BSD_AFNUM_IPX:
- ipx_print(p, length);
+ ipx_print(ndo, p, length);
break;
--
+#endif
+
default:
/* unknown AF_ value */
- if (!eflag)
--- a/print-ppp.c
+++ b/print-ppp.c
-@@ -1262,7 +1262,7 @@ trunc:
+@@ -1367,6 +1367,7 @@ trunc:
return 0;
}
--
+#ifndef TCPDUMP_MINI
static void
- ppp_hdlc(const u_char *p, int length)
- {
-@@ -1327,17 +1327,19 @@ cleanup:
+ ppp_hdlc(netdissect_options *ndo,
+ const u_char *p, int length)
+@@ -1445,6 +1446,7 @@ trunc:
free(b);
- return;
+ ND_PRINT((ndo, "[|ppp]"));
}
+#endif
/* PPP */
- static void
- handle_ppp(u_int proto, const u_char *p, int length)
+@@ -1452,10 +1454,12 @@ static void
+ handle_ppp(netdissect_options *ndo,
+ u_int proto, const u_char *p, int length)
{
+#ifndef TCPDUMP_MINI
- if ((proto & 0xff00) == 0x7e00) {/* is this an escape code ? */
- ppp_hdlc(p-1, length);
- return;
- }
--
+ if ((proto & 0xff00) == 0x7e00) { /* is this an escape code ? */
+ ppp_hdlc(ndo, p - 1, length);
+ return;
+ }
+#endif
+
switch (proto) {
case PPP_LCP: /* fall through */
- case PPP_IPCP:
-@@ -1371,6 +1373,7 @@ handle_ppp(u_int proto, const u_char *p,
- ip6_print(gndo, p, length);
+@@ -1488,6 +1492,7 @@ handle_ppp(netdissect_options *ndo,
+ case PPP_IPV6:
+ ip6_print(ndo, p, length);
break;
- #endif
+#ifndef TCPDUMP_MINI
case ETHERTYPE_IPX: /*XXX*/
case PPP_IPX:
- ipx_print(p, length);
-@@ -1382,6 +1385,7 @@ handle_ppp(u_int proto, const u_char *p,
+ ipx_print(ndo, p, length);
+@@ -1499,6 +1504,7 @@ handle_ppp(netdissect_options *ndo,
case PPP_MPLS_MCAST:
- mpls_print(p, length);
+ mpls_print(ndo, p, length);
break;
+#endif
case PPP_COMP:
- printf("compressed PPP data");
+ ND_PRINT((ndo, "compressed PPP data"));
break;
-@@ -1520,6 +1524,7 @@ ppp_if_print(const struct pcap_pkthdr *h
+@@ -1639,6 +1645,7 @@ ppp_if_print(netdissect_options *ndo,
return (0);
}
/*
* PPP I/F printer to use if we know that RFC 1662-style PPP in HDLC-like
* framing, or Cisco PPP with HDLC framing as per section 4.3.1 of RFC 1547,
-@@ -1747,7 +1752,7 @@ printx:
+@@ -1866,6 +1873,7 @@ printx:
#endif /* __bsdi__ */
return (hdrlength);
}
--
+#endif
+
/*
- * Local Variables:
+--- a/print-sll.c
++++ b/print-sll.c
+@@ -238,12 +238,14 @@ recurse:
+ */
+ switch (ether_type) {
+
++#ifndef TCPDUMP_MINI
+ case LINUX_SLL_P_802_3:
+ /*
+ * Ethernet_802.3 IPX frame.
+ */
+ ipx_print(ndo, p, length);
+ break;
++#endif
+
+ case LINUX_SLL_P_802_2:
+ /*
--- a/print-tcp.c
+++ b/print-tcp.c
-@@ -573,14 +573,14 @@ tcp_print(register const u_char *bp, reg
- utoval >>= 1;
- (void)printf(" %u", utoval);
+@@ -589,12 +589,14 @@ tcp_print(netdissect_options *ndo,
+ ND_PRINT((ndo, " %u", utoval));
break;
--
+
+#ifndef TCPDUMP_MINI
case TCPOPT_MPTCP:
datalen = len - 2;
LENCHECK(datalen);
- if (!mptcp_print(cp-2, len, flags))
+ if (!mptcp_print(ndo, cp-2, len, flags))
goto bad;
break;
--
+#endif
- case TCPOPT_EXPERIMENT2:
+
+ case TCPOPT_FASTOPEN:
datalen = len - 2;
- LENCHECK(datalen);
-@@ -659,8 +659,8 @@ tcp_print(register const u_char *bp, reg
- if ((flags & TH_RST) && vflag) {
- print_tcp_rst_data(bp, length);
+@@ -670,6 +672,7 @@ tcp_print(netdissect_options *ndo,
return;
-- }
--
-+ }
+ }
+
+#ifndef TCPDUMP_MINI
- if (packettype) {
- switch (packettype) {
+ if (ndo->ndo_packettype) {
+ switch (ndo->ndo_packettype) {
case PT_ZMTP1:
-@@ -669,7 +669,7 @@ tcp_print(register const u_char *bp, reg
+@@ -681,28 +684,36 @@ tcp_print(netdissect_options *ndo,
}
return;
}
--
+#endif
- if (sport == TELNET_PORT || dport == TELNET_PORT) {
- if (!qflag && vflag)
- telnet_print(bp, length);
-@@ -683,10 +683,12 @@ tcp_print(register const u_char *bp, reg
- else if (sport == SMB_PORT || dport == SMB_PORT)
- smb_tcp_print(bp, length);
+
+ if (IS_SRC_OR_DST_PORT(TELNET_PORT)) {
+ telnet_print(ndo, bp, length);
+ } else if (IS_SRC_OR_DST_PORT(SMTP_PORT)) {
+ ND_PRINT((ndo, ": "));
+ smtp_print(ndo, bp, length);
+- } else if (IS_SRC_OR_DST_PORT(BGP_PORT))
++ }
++#ifndef TCPDUMP_MINI
++ else if (IS_SRC_OR_DST_PORT(BGP_PORT))
+ bgp_print(ndo, bp, length);
++#endif
+ else if (IS_SRC_OR_DST_PORT(PPTP_PORT))
+ pptp_print(ndo, bp);
++#ifndef TCPDUMP_MINI
+ else if (IS_SRC_OR_DST_PORT(REDIS_PORT))
+ resp_print(ndo, bp, length);
++#endif
+ #ifdef ENABLE_SMB
+ else if (IS_SRC_OR_DST_PORT(NETBIOS_SSN_PORT))
+ nbt_tcp_print(ndo, bp, length);
+ else if (IS_SRC_OR_DST_PORT(SMB_PORT))
+ smb_tcp_print(ndo, bp, length);
#endif
+#ifndef TCPDUMP_MINI
- else if (sport == BEEP_PORT || dport == BEEP_PORT)
- beep_print(bp, length);
- else if (sport == OPENFLOW_PORT || dport == OPENFLOW_PORT)
- openflow_print(bp, length);
+ else if (IS_SRC_OR_DST_PORT(BEEP_PORT))
+ beep_print(ndo, bp, length);
+ else if (IS_SRC_OR_DST_PORT(OPENFLOW_PORT_OLD) || IS_SRC_OR_DST_PORT(OPENFLOW_PORT_IANA))
+ openflow_print(ndo, bp, length);
+#endif
- else if (length > 2 &&
- (sport == NAMESERVER_PORT || dport == NAMESERVER_PORT ||
- sport == MULTICASTDNS_PORT || dport == MULTICASTDNS_PORT)) {
-@@ -695,6 +697,7 @@ tcp_print(register const u_char *bp, reg
+ else if (IS_SRC_OR_DST_PORT(FTP_PORT)) {
+ ND_PRINT((ndo, ": "));
+ ftp_print(ndo, bp, length);
+@@ -719,6 +730,7 @@ tcp_print(netdissect_options *ndo,
* XXX packet could be unaligned, it can go strange
*/
- ns_print(bp + 2, length - 2, 0);
+ ns_print(ndo, bp + 2, length - 2, 0);
+#ifndef TCPDUMP_MINI
- } else if (sport == MSDP_PORT || dport == MSDP_PORT) {
- msdp_print(bp, length);
- } else if (sport == RPKI_RTR_PORT || dport == RPKI_RTR_PORT) {
-@@ -702,6 +705,7 @@ tcp_print(register const u_char *bp, reg
+ } else if (IS_SRC_OR_DST_PORT(MSDP_PORT)) {
+ msdp_print(ndo, bp, length);
+ } else if (IS_SRC_OR_DST_PORT(RPKI_RTR_PORT)) {
+@@ -726,6 +738,7 @@ tcp_print(netdissect_options *ndo,
}
- else if (length > 0 && (sport == LDP_PORT || dport == LDP_PORT)) {
- ldp_print(bp, length);
+ else if (length > 0 && (IS_SRC_OR_DST_PORT(LDP_PORT))) {
+ ldp_print(ndo, bp, length);
+#endif
}
- else if ((sport == NFS_PORT || dport == NFS_PORT) &&
- length >= 4 && TTEST2(*bp, 4)) {
+ else if ((IS_SRC_OR_DST_PORT(NFS_PORT)) &&
+ length >= 4 && ND_TTEST2(*bp, 4)) {
--- a/print-udp.c
+++ b/print-udp.c
-@@ -418,11 +418,12 @@ udp_print(register const u_char *bp, u_i
- vat_print((void *)(up + 1), up);
+@@ -430,10 +430,12 @@ udp_print(netdissect_options *ndo, regis
+ vat_print(ndo, (const void *)(up + 1), up);
break;
+#ifndef TCPDUMP_MINI
case PT_WB:
- udpipaddr_print(ip, sport, dport);
- wb_print((void *)(up + 1), length);
+ udpipaddr_print(ndo, ip, sport, dport);
+ wb_print(ndo, (const void *)(up + 1), length);
break;
--
+#endif
+
case PT_RPC:
- rp = (struct sunrpc_msg *)(up + 1);
- direction = (enum sunrpc_msg_type)EXTRACT_32BITS(&rp->rm_direction);
-@@ -450,11 +451,12 @@ udp_print(register const u_char *bp, u_i
- snmp_print((const u_char *)(up + 1), length);
+ rp = (const struct sunrpc_msg *)(up + 1);
+@@ -462,10 +464,12 @@ udp_print(netdissect_options *ndo, regis
+ snmp_print(ndo, (const u_char *)(up + 1), length);
break;
+#ifndef TCPDUMP_MINI
case PT_CNFP:
- udpipaddr_print(ip, sport, dport);
- cnfp_print(cp, (const u_char *)ip);
+ udpipaddr_print(ndo, ip, sport, dport);
+ cnfp_print(ndo, cp);
break;
--
+#endif
+
case PT_TFTP:
- udpipaddr_print(ip, sport, dport);
- tftp_print(cp, length);
-@@ -475,6 +477,7 @@ udp_print(register const u_char *bp, u_i
- radius_print(cp, length);
+ udpipaddr_print(ndo, ip, sport, dport);
+@@ -483,6 +487,7 @@ udp_print(netdissect_options *ndo, regis
+ radius_print(ndo, cp, length);
break;
+#ifndef TCPDUMP_MINI
case PT_VXLAN:
- udpipaddr_print(ip, sport, dport);
- vxlan_print((const u_char *)(up + 1), length);
-@@ -489,6 +492,7 @@ udp_print(register const u_char *bp, u_i
- udpipaddr_print(ip, sport, dport);
- lmp_print(cp, length);
+ udpipaddr_print(ndo, ip, sport, dport);
+ vxlan_print(ndo, (const u_char *)(up + 1), length);
+@@ -497,6 +502,7 @@ udp_print(netdissect_options *ndo, regis
+ udpipaddr_print(ndo, ip, sport, dport);
+ lmp_print(ndo, cp, length);
break;
+#endif
}
return;
}
-@@ -517,6 +521,7 @@ udp_print(register const u_char *bp, u_i
- }
- #endif
- }
+@@ -574,31 +580,40 @@ udp_print(netdissect_options *ndo, regis
+ ns_print(ndo, (const u_char *)(up + 1), length, 0);
+ else if (IS_SRC_OR_DST_PORT(MULTICASTDNS_PORT))
+ ns_print(ndo, (const u_char *)(up + 1), length, 1);
+#ifndef TCPDUMP_MINI
- if (TTEST(((struct LAP *)cp)->type) &&
- ((struct LAP *)cp)->type == lapDDP &&
- (atalk_port(sport) || atalk_port(dport))) {
-@@ -525,6 +530,7 @@ udp_print(register const u_char *bp, u_i
- llap_print(cp, length);
- return;
- }
+ else if (IS_SRC_OR_DST_PORT(TIMED_PORT))
+ timed_print(ndo, (const u_char *)(up + 1));
+#endif
- }
- udpipaddr_print(ip, sport, dport);
-
-@@ -575,14 +581,18 @@ udp_print(register const u_char *bp, u_i
- ns_print((const u_char *)(up + 1), length, 0);
- else if (ISPORT(MULTICASTDNS_PORT))
- ns_print((const u_char *)(up + 1), length, 1);
-+#ifndef TCPDUMP_MINI
- else if (ISPORT(TIMED_PORT))
- timed_print((const u_char *)(up + 1));
-+#endif
- else if (ISPORT(TFTP_PORT))
- tftp_print((const u_char *)(up + 1), length);
- else if (ISPORT(IPPORT_BOOTPC) || ISPORT(IPPORT_BOOTPS))
- bootp_print((const u_char *)(up + 1), length);
-+#ifndef TCPDUMP_MINI
- else if (ISPORT(RIP_PORT))
- rip_print((const u_char *)(up + 1), length);
-+#endif
- else if (ISPORT(AODV_PORT))
- aodv_print((const u_char *)(up + 1), length,
- #ifdef INET6
-@@ -590,6 +600,7 @@ udp_print(register const u_char *bp, u_i
- #else
- 0);
- #endif
+ else if (IS_SRC_OR_DST_PORT(TFTP_PORT))
+ tftp_print(ndo, (const u_char *)(up + 1), length);
+ else if (IS_SRC_OR_DST_PORT(BOOTPC_PORT) || IS_SRC_OR_DST_PORT(BOOTPS_PORT))
+ bootp_print(ndo, (const u_char *)(up + 1), length);
++#ifndef TCPDUMP_MINI
+ else if (IS_SRC_OR_DST_PORT(RIP_PORT))
+ rip_print(ndo, (const u_char *)(up + 1), length);
++#endif
+ else if (IS_SRC_OR_DST_PORT(AODV_PORT))
+ aodv_print(ndo, (const u_char *)(up + 1), length,
+ ip6 != NULL);
+#ifndef TCPDUMP_MINI
- else if (ISPORT(ISAKMP_PORT))
- isakmp_print(gndo, (const u_char *)(up + 1), length, bp2);
- else if (ISPORT(ISAKMP_PORT_NATT))
-@@ -598,12 +609,15 @@ udp_print(register const u_char *bp, u_i
- else if (ISPORT(ISAKMP_PORT_USER1) || ISPORT(ISAKMP_PORT_USER2))
- isakmp_print(gndo, (const u_char *)(up + 1), length, bp2);
+ else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT))
+ isakmp_print(ndo, (const u_char *)(up + 1), length, bp2);
++
+ else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT_NATT))
+ isakmp_rfc3948_print(ndo, (const u_char *)(up + 1), length, bp2);
+ #if 1 /*???*/
+ else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT_USER1) || IS_SRC_OR_DST_PORT(ISAKMP_PORT_USER2))
+ isakmp_print(ndo, (const u_char *)(up + 1), length, bp2);
#endif
+#endif
- else if (ISPORT(SNMP_PORT) || ISPORT(SNMPTRAP_PORT))
- snmp_print((const u_char *)(up + 1), length);
- else if (ISPORT(NTP_PORT))
- ntp_print((const u_char *)(up + 1), length);
+ else if (IS_SRC_OR_DST_PORT(SNMP_PORT) || IS_SRC_OR_DST_PORT(SNMPTRAP_PORT))
+ snmp_print(ndo, (const u_char *)(up + 1), length);
+ else if (IS_SRC_OR_DST_PORT(NTP_PORT))
+ ntp_print(ndo, (const u_char *)(up + 1), length);
+#ifndef TCPDUMP_MINI
- else if (ISPORT(KERBEROS_PORT) || ISPORT(KERBEROS_SEC_PORT))
- krb_print((const void *)(up + 1));
+ else if (IS_SRC_OR_DST_PORT(KERBEROS_PORT) || IS_SRC_OR_DST_PORT(KERBEROS_SEC_PORT))
+ krb_print(ndo, (const void *)(up + 1));
+#endif
- else if (ISPORT(L2TP_PORT))
- l2tp_print((const u_char *)(up + 1), length);
- #ifdef TCPDUMP_DO_SMB
-@@ -614,6 +628,7 @@ udp_print(register const u_char *bp, u_i
+ else if (IS_SRC_OR_DST_PORT(L2TP_PORT))
+ l2tp_print(ndo, (const u_char *)(up + 1), length);
+ #ifdef ENABLE_SMB
+@@ -609,6 +624,7 @@ udp_print(netdissect_options *ndo, regis
#endif
else if (dport == VAT_PORT)
- vat_print((const void *)(up + 1), up);
+ vat_print(ndo, (const void *)(up + 1), up);
+#ifndef TCPDUMP_MINI
- else if (ISPORT(ZEPHYR_SRV_PORT) || ISPORT(ZEPHYR_CLT_PORT))
- zephyr_print((const void *)(up + 1), length);
- /*
-@@ -624,6 +639,7 @@ udp_print(register const u_char *bp, u_i
- (dport >= RX_PORT_LOW && dport <= RX_PORT_HIGH))
- rx_print((const void *)(up + 1), length, sport, dport,
- (u_char *) ip);
-+#endif
- #ifdef INET6
- else if (ISPORT(RIPNG_PORT))
- ripng_print((const u_char *)(up + 1), length);
-@@ -635,21 +651,25 @@ udp_print(register const u_char *bp, u_i
+ else if (IS_SRC_OR_DST_PORT(ZEPHYR_SRV_PORT) || IS_SRC_OR_DST_PORT(ZEPHYR_CLT_PORT))
+ zephyr_print(ndo, (const void *)(up + 1), length);
/*
- * Kludge in test for whiteboard packets.
- */
-+#ifndef TCPDUMP_MINI
- else if (dport == WB_PORT)
- wb_print((const void *)(up + 1), length);
- else if (ISPORT(CISCO_AUTORP_PORT))
- cisco_autorp_print((const void *)(up + 1), length);
+@@ -621,8 +637,11 @@ udp_print(netdissect_options *ndo, regis
+ (const u_char *) ip);
+ else if (IS_SRC_OR_DST_PORT(RIPNG_PORT))
+ ripng_print(ndo, (const u_char *)(up + 1), length);
+#endif
- else if (ISPORT(RADIUS_PORT) ||
- ISPORT(RADIUS_NEW_PORT) ||
- ISPORT(RADIUS_ACCOUNTING_PORT) ||
- ISPORT(RADIUS_NEW_ACCOUNTING_PORT) )
- radius_print((const u_char *)(up+1), length);
++
+ else if (IS_SRC_OR_DST_PORT(DHCP6_SERV_PORT) || IS_SRC_OR_DST_PORT(DHCP6_CLI_PORT))
+ dhcp6_print(ndo, (const u_char *)(up + 1), length);
++#ifndef TCPDUMP_MINI
+ else if (IS_SRC_OR_DST_PORT(AHCP_PORT))
+ ahcp_print(ndo, (const u_char *)(up + 1), length);
+ else if (IS_SRC_OR_DST_PORT(BABEL_PORT) || IS_SRC_OR_DST_PORT(BABEL_PORT_OLD))
+@@ -636,6 +655,7 @@ udp_print(netdissect_options *ndo, regis
+ wb_print(ndo, (const void *)(up + 1), length);
+ else if (IS_SRC_OR_DST_PORT(CISCO_AUTORP_PORT))
+ cisco_autorp_print(ndo, (const void *)(up + 1), length);
++#endif
+ else if (IS_SRC_OR_DST_PORT(RADIUS_PORT) ||
+ IS_SRC_OR_DST_PORT(RADIUS_NEW_PORT) ||
+ IS_SRC_OR_DST_PORT(RADIUS_ACCOUNTING_PORT) ||
+@@ -643,15 +663,18 @@ udp_print(netdissect_options *ndo, regis
+ IS_SRC_OR_DST_PORT(RADIUS_CISCO_COA_PORT) ||
+ IS_SRC_OR_DST_PORT(RADIUS_COA_PORT) )
+ radius_print(ndo, (const u_char *)(up+1), length);
+#ifndef TCPDUMP_MINI
else if (dport == HSRP_PORT)
- hsrp_print((const u_char *)(up + 1), length);
- else if (ISPORT(LWRES_PORT))
- lwres_print((const u_char *)(up + 1), length);
- else if (ISPORT(LDP_PORT))
- ldp_print((const u_char *)(up + 1), length);
-+#endif
- else if (ISPORT(OLSR_PORT))
- olsr_print((const u_char *)(up + 1), length,
- #if INET6
-@@ -657,6 +677,7 @@ udp_print(register const u_char *bp, u_i
- #else
- 0);
- #endif
-+#ifndef TCPDUMP_MINI
- else if (ISPORT(MPLS_LSP_PING_PORT))
- lspping_print((const u_char *)(up + 1), length);
+ hsrp_print(ndo, (const u_char *)(up + 1), length);
+ else if (IS_SRC_OR_DST_PORT(LWRES_PORT))
+ lwres_print(ndo, (const u_char *)(up + 1), length);
+ else if (IS_SRC_OR_DST_PORT(LDP_PORT))
+ ldp_print(ndo, (const u_char *)(up + 1), length);
++#endif
+ else if (IS_SRC_OR_DST_PORT(OLSR_PORT))
+ olsr_print(ndo, (const u_char *)(up + 1), length,
+ (IP_V(ip) == 6) ? 1 : 0);
++#ifndef TCPDUMP_MINI
+ else if (IS_SRC_OR_DST_PORT(MPLS_LSP_PING_PORT))
+ lspping_print(ndo, (const u_char *)(up + 1), length);
else if (dport == BFD_CONTROL_PORT ||
-@@ -674,14 +695,17 @@ udp_print(register const u_char *bp, u_i
- lwapp_control_print((const u_char *)(up + 1), length, 0);
- else if (ISPORT(LWAPP_DATA_PORT))
- lwapp_data_print((const u_char *)(up + 1), length);
-+#endif
- else if (ISPORT(SIP_PORT))
- sip_print((const u_char *)(up + 1), length);
- else if (ISPORT(SYSLOG_PORT))
- syslog_print((const u_char *)(up + 1), length);
-+#ifndef TCPDUMP_MINI
- else if (ISPORT(OTV_PORT))
- otv_print((const u_char *)(up + 1), length);
- else if (ISPORT(VXLAN_PORT))
- vxlan_print((const u_char *)(up + 1), length);
-+#endif
- else
- (void)printf("UDP, length %u",
- (u_int32_t)(ulen - sizeof(*up)));
---- a/tcpdump.c
-+++ b/tcpdump.c
-@@ -161,6 +161,7 @@ struct ndo_printer {
-
-
- static struct printer printers[] = {
-+#ifndef TCPDUMP_MINI
- { arcnet_if_print, DLT_ARCNET },
- #ifdef DLT_ARCNET_LINUX
- { arcnet_linux_if_print, DLT_ARCNET_LINUX },
-@@ -179,19 +180,23 @@ static struct printer printers[] = {
- #ifdef DLT_SLIP_BSDOS
- { sl_bsdos_if_print, DLT_SLIP_BSDOS },
- #endif
-+#endif
- { ppp_if_print, DLT_PPP },
- #ifdef DLT_PPP_WITHDIRECTION
- { ppp_if_print, DLT_PPP_WITHDIRECTION },
- #endif
-+#ifndef TCPDUMP_MINI
- #ifdef DLT_PPP_BSDOS
- { ppp_bsdos_if_print, DLT_PPP_BSDOS },
- #endif
- { fddi_if_print, DLT_FDDI },
-+#endif
- { null_if_print, DLT_NULL },
- #ifdef DLT_LOOP
- { null_if_print, DLT_LOOP },
- #endif
- { raw_if_print, DLT_RAW },
-+#ifndef TCPDUMP_MINI
- { atm_if_print, DLT_ATM_RFC1483 },
- #ifdef DLT_C_HDLC
- { chdlc_if_print, DLT_C_HDLC },
-@@ -202,6 +207,7 @@ static struct printer printers[] = {
- #ifdef DLT_PPP_SERIAL
- { ppp_hdlc_if_print, DLT_PPP_SERIAL },
- #endif
-+#endif
- #ifdef DLT_PPP_ETHER
- { pppoe_if_print, DLT_PPP_ETHER },
- #endif
-@@ -211,6 +217,7 @@ static struct printer printers[] = {
- #ifdef DLT_IEEE802_11
- { ieee802_11_if_print, DLT_IEEE802_11},
- #endif
-+#ifndef TCPDUMP_MINI
- #ifdef DLT_LTALK
- { ltalk_if_print, DLT_LTALK },
- #endif
-@@ -229,12 +236,14 @@ static struct printer printers[] = {
- #ifdef DLT_IP_OVER_FC
- { ipfc_if_print, DLT_IP_OVER_FC },
- #endif
-+#endif
- #ifdef DLT_PRISM_HEADER
- { prism_if_print, DLT_PRISM_HEADER },
- #endif
- #ifdef DLT_IEEE802_11_RADIO
- { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO },
- #endif
-+#ifndef TCPDUMP_MINI
- #ifdef DLT_ENC
- { enc_if_print, DLT_ENC },
- #endif
-@@ -244,9 +253,11 @@ static struct printer printers[] = {
- #ifdef DLT_APPLE_IP_OVER_IEEE1394
- { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 },
- #endif
-+#endif
- #ifdef DLT_IEEE802_11_RADIO_AVS
- { ieee802_11_radio_avs_if_print, DLT_IEEE802_11_RADIO_AVS },
- #endif
-+#ifndef TCPDUMP_MINI
- #ifdef DLT_JUNIPER_ATM1
- { juniper_atm1_print, DLT_JUNIPER_ATM1 },
- #endif
-@@ -312,6 +323,7 @@ static struct printer printers[] = {
- #ifdef DLT_IPV6
- { raw_if_print, DLT_IPV6 },
- #endif
-+#endif
- { NULL, 0 },
- };
-
-@@ -320,6 +332,7 @@ static struct ndo_printer ndo_printers[]
- #ifdef DLT_IPNET
- { ipnet_if_print, DLT_IPNET },
- #endif
-+#ifndef TCPDUMP_MINI
- #ifdef DLT_IEEE802_15_4
- { ieee802_15_4_if_print, DLT_IEEE802_15_4 },
- #endif
-@@ -329,15 +342,18 @@ static struct ndo_printer ndo_printers[]
- #ifdef DLT_PPI
- { ppi_if_print, DLT_PPI },
- #endif
-+#endif
- #ifdef DLT_NETANALYZER
- { netanalyzer_if_print, DLT_NETANALYZER },
- #endif
- #ifdef DLT_NETANALYZER_TRANSPARENT
- { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT },
- #endif
-+#ifndef TCPDUMP_MINI
- #ifdef DLT_NFLOG
- { nflog_if_print, DLT_NFLOG},
- #endif
-+#endif
- { NULL, 0 },
- };
-
---- a/print-sll.c
-+++ b/print-sll.c
-@@ -154,14 +154,14 @@ recurse:
- * Yes - what type is it?
- */
- switch (ether_type) {
--
-+#ifndef TCPDUMP_MINI
- case LINUX_SLL_P_802_3:
- /*
- * Ethernet_802.3 IPX frame.
- */
- ipx_print(p, length);
- break;
--
-+#endif
- case LINUX_SLL_P_802_2:
- /*
- * 802.2.
+@@ -669,10 +692,12 @@ udp_print(netdissect_options *ndo, regis
+ lwapp_control_print(ndo, (const u_char *)(up + 1), length, 0);
+ else if (IS_SRC_OR_DST_PORT(LWAPP_DATA_PORT))
+ lwapp_data_print(ndo, (const u_char *)(up + 1), length);
++#endif
+ else if (IS_SRC_OR_DST_PORT(SIP_PORT))
+ sip_print(ndo, (const u_char *)(up + 1), length);
+ else if (IS_SRC_OR_DST_PORT(SYSLOG_PORT))
+ syslog_print(ndo, (const u_char *)(up + 1), length);
++#ifndef TCPDUMP_MINI
+ else if (IS_SRC_OR_DST_PORT(OTV_PORT))
+ otv_print(ndo, (const u_char *)(up + 1), length);
+ else if (IS_SRC_OR_DST_PORT(VXLAN_PORT))
+@@ -689,7 +714,9 @@ udp_print(netdissect_options *ndo, regis
+ if (ndo->ndo_vflag)
+ ND_PRINT((ndo, "kip "));
+ llap_print(ndo, cp, length);
+- } else {
++ }
++#endif
++ else {
+ if (ulen > length)
+ ND_PRINT((ndo, "UDP, bad length %u > %u",
+ ulen, length));
--- /dev/null
+From 02d56c03115276aa4e2203ddbd411c3e587cf08f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <zajec5@gmail.com>
+Date: Wed, 6 Jul 2016 13:55:48 +0200
+Subject: [PATCH] system: add reboot method to system ubus object
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Sometimes, for various reasons, user may want to reboot a device. This
+is a common task and it makes sense to support it with something common
+like a procd.
+
+Right now both: LuCI and LuCI2 implement this feature on their own with
+luci-rpc-luci2-system reboot and luci-rpc-sys reboot. This leads to code
+duplication and situation may become even worse with more software
+controlling system with ubus.
+
+Othen than that procd already has support for rebooting so one may
+consider this ubus method even cleaner.
+
+Once we get this patch in place we may consider switching LuCI and LuCI2
+to this new method.
+
+Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
+---
+ system.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/system.c b/system.c
+index 569a75d..1e31ce6 100644
+--- a/system.c
++++ b/system.c
+@@ -18,6 +18,7 @@
+ #endif
+ #include <sys/ioctl.h>
+ #include <sys/types.h>
++#include <sys/reboot.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+ #include <signal.h>
+@@ -242,6 +243,14 @@ static int system_upgrade(struct ubus_context *ctx, struct ubus_object *obj,
+ return 0;
+ }
+
++static int system_reboot(struct ubus_context *ctx, struct ubus_object *obj,
++ struct ubus_request_data *req, const char *method,
++ struct blob_attr *msg)
++{
++ procd_shutdown(RB_AUTOBOOT);
++ return 0;
++}
++
+ enum {
+ WDT_FREQUENCY,
+ WDT_TIMEOUT,
+@@ -388,6 +397,7 @@ static const struct ubus_method system_methods[] = {
+ UBUS_METHOD_NOARG("board", system_board),
+ UBUS_METHOD_NOARG("info", system_info),
+ UBUS_METHOD_NOARG("upgrade", system_upgrade),
++ UBUS_METHOD_NOARG("reboot", system_reboot),
+ UBUS_METHOD("watchdog", watchdog_set, watchdog_policy),
+ UBUS_METHOD("signal", proc_signal, signal_policy),
+
+--
+2.7.4
+
default n
config BUSYBOX_DEFAULT_TELNET
bool
- default y
+ default n
config BUSYBOX_DEFAULT_FEATURE_TELNET_TTYPE
bool
- default y
+ default n
config BUSYBOX_DEFAULT_FEATURE_TELNET_AUTOLOGIN
bool
default n
config BUSYBOX_DEFAULT_TELNETD
bool
- default y
+ default n
config BUSYBOX_DEFAULT_FEATURE_TELNETD_STANDALONE
bool
- default y
+ default n
config BUSYBOX_DEFAULT_FEATURE_TELNETD_INETD_WAIT
bool
default n
$(INSTALL_DIR) $(1)/etc/init.d
$(CP) $(PKG_INSTALL_DIR)/* $(1)/
$(INSTALL_BIN) ./files/cron $(1)/etc/init.d/cron
- $(INSTALL_BIN) ./files/telnet $(1)/etc/init.d/telnet
$(INSTALL_BIN) ./files/sysntpd $(1)/etc/init.d/sysntpd
$(INSTALL_BIN) ./files/ntpd-hotplug $(1)/usr/sbin/ntpd-hotplug
-rm -rf $(1)/lib64
+++ /dev/null
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2006-2011 OpenWrt.org
-
-START=50
-
-USE_PROCD=1
-PROG=/usr/sbin/telnetd
-
-has_root_pwd() {
- local pwd=$([ -f "$1" ] && cat "$1")
- pwd="${pwd#*root:}"
- pwd="${pwd%%:*}"
-
- test -n "${pwd#[\!x]}"
-}
-
-get_root_home() {
- local homedir=$([ -f "$1" ] && cat "$1")
- homedir="${homedir#*:*:0:0:*:}"
-
- echo "${homedir%%:*}"
-}
-
-has_ssh_pubkey() {
- ( /etc/init.d/dropbear enabled 2> /dev/null && grep -qs "^ssh-" /etc/dropbear/authorized_keys ) || \
- ( /etc/init.d/sshd enabled 2> /dev/null && grep -qs "^ssh-" "$(get_root_home /etc/passwd)"/.ssh/authorized_keys )
-}
-
-start_service() {
- if ( ! has_ssh_pubkey && \
- ! has_root_pwd /etc/passwd && ! has_root_pwd /etc/shadow ) || \
- ( ! /etc/init.d/dropbear enabled 2> /dev/null && ! /etc/init.d/sshd enabled 2> /dev/null );
- then
- procd_open_instance
- procd_set_param command "$PROG" -F -l /bin/login.sh
- procd_close_instance
- fi
-}
PKG_INFO_DIR := $(STAGING_DIR)/pkginfo
TARGET_PATH:=$(subst $(space),:,$(filter-out .,$(filter-out ./,$(subst :,$(space),$(PATH)))))
+TARGET_INIT_PATH:=$(call qstrip,$(CONFIG_TARGET_INIT_PATH))
+TARGET_INIT_PATH:=$(if $(TARGET_INIT_PATH),$(TARGET_INIT_PATH),/usr/sbin:/sbin:/usr/bin:/bin)
TARGET_CFLAGS:=$(TARGET_OPTIMIZATION)$(if $(CONFIG_DEBUG), -g3) $(EXTRA_OPTIMIZATION)
TARGET_CXXFLAGS = $(TARGET_CFLAGS)
TARGET_ASFLAGS_DEFAULT = $(TARGET_CFLAGS)
push @extra, "$extra[0]/longterm/v$1";
}
foreach my $dir (@extra) {
- push @mirrors, "ftp://ftp.all.kernel.org/pub/$dir";
- push @mirrors, "http://ftp.all.kernel.org/pub/$dir";
+ push @mirrors, "https://kernel.org/pub/$dir";
+ push @mirrors, "ftp://kernel.org/pub/$dir";
}
} elsif ($mirror =~ /^\@GNOME\/(.+)$/) {
push @mirrors, "http://ftp.gnome.org/pub/GNOME/sources/$1";
obj-$(CONFIG_PCI_AR724X) += pci-ar724x.o
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
-@@ -1820,6 +1820,9 @@
+@@ -1821,6 +1821,9 @@
#define PCI_VENDOR_ID_CB 0x1307 /* Measurement Computing */
--- a/drivers/mtd/chips/Kconfig
+++ b/drivers/mtd/chips/Kconfig
-@@ -188,6 +188,14 @@ config MTD_CFI_AMDSTD
+@@ -189,6 +189,14 @@ config MTD_CFI_AMDSTD
provides support for command set 0002, used on chips including
the AMD Am29LV320.
obj-$(CONFIG_CAVIUM_OCTEON_SOC) += msi-octeon.o
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
-@@ -1820,6 +1820,9 @@
+@@ -1821,6 +1821,9 @@
#define PCI_VENDOR_ID_CB 0x1307 /* Measurement Computing */
--- a/drivers/net/ethernet/dec/tulip/tulip_core.c
+++ b/drivers/net/ethernet/dec/tulip/tulip_core.c
-@@ -207,6 +207,7 @@ struct tulip_chip_table tulip_tbl[] = {
+@@ -206,6 +206,7 @@ struct tulip_chip_table tulip_tbl[] = {
};
static const struct pci_device_id tulip_pci_tbl[] = {
{ 0x1011, 0x0009, PCI_ANY_ID, PCI_ANY_ID, 0, 0, DC21140 },
{ 0x1011, 0x0019, PCI_ANY_ID, PCI_ANY_ID, 0, 0, DC21143 },
-@@ -250,7 +251,7 @@ static const struct pci_device_id tulip_
+@@ -249,7 +250,7 @@ static const struct pci_device_id tulip_
{ } /* terminate list */
};
MODULE_DEVICE_TABLE(pci, tulip_pci_tbl);
/* A full-duplex map for media types. */
const char tulip_media_cap[32] =
-@@ -268,11 +269,14 @@ static void tulip_down(struct net_device
+@@ -267,11 +268,14 @@ static void tulip_down(struct net_device
static struct net_device_stats *tulip_get_stats(struct net_device *dev);
static int private_ioctl(struct net_device *dev, struct ifreq *rq, int cmd);
static void set_rx_mode(struct net_device *dev);
static void tulip_set_power_state (struct tulip_private *tp,
int sleep, int snooze)
{
-@@ -289,7 +293,7 @@ static void tulip_set_power_state (struc
+@@ -288,7 +292,7 @@ static void tulip_set_power_state (struc
}
}
static void tulip_up(struct net_device *dev)
{
-@@ -303,6 +307,7 @@ static void tulip_up(struct net_device *
+@@ -302,6 +306,7 @@ static void tulip_up(struct net_device *
napi_enable(&tp->napi);
#endif
/* Wake the chip from sleep/snooze mode. */
tulip_set_power_state (tp, 0, 0);
-@@ -310,6 +315,7 @@ static void tulip_up(struct net_device *
+@@ -309,6 +314,7 @@ static void tulip_up(struct net_device *
pci_enable_wake(tp->pdev, PCI_D3hot, 0);
pci_enable_wake(tp->pdev, PCI_D3cold, 0);
tulip_set_wolopts(tp->pdev, 0);
/* On some chip revs we must set the MII/SYM port before the reset!? */
if (tp->mii_cnt || (tp->mtable && tp->mtable->has_mii))
-@@ -317,18 +323,22 @@ static void tulip_up(struct net_device *
+@@ -316,18 +322,22 @@ static void tulip_up(struct net_device *
/* Reset the chip, holding bit 0 set at least 50 PCI cycles. */
iowrite32(0x00000001, ioaddr + CSR0);
iowrite32(tp->rx_ring_dma, ioaddr + CSR3);
iowrite32(tp->tx_ring_dma, ioaddr + CSR4);
-@@ -362,9 +372,11 @@ static void tulip_up(struct net_device *
+@@ -361,9 +371,11 @@ static void tulip_up(struct net_device *
*setup_frm++ = eaddrs[1]; *setup_frm++ = eaddrs[1];
*setup_frm++ = eaddrs[2]; *setup_frm++ = eaddrs[2];
tp->tx_buffers[tp->cur_tx].skb = NULL;
tp->tx_buffers[tp->cur_tx].mapping = mapping;
-@@ -520,7 +532,7 @@ tulip_open(struct net_device *dev)
+@@ -519,7 +531,7 @@ tulip_open(struct net_device *dev)
tulip_init_ring (dev);
dev->name, dev);
if (retval)
goto free_ring;
-@@ -644,8 +656,10 @@ static void tulip_init_ring(struct net_d
+@@ -643,8 +655,10 @@ static void tulip_init_ring(struct net_d
tp->rx_buffers[i].skb = skb;
if (skb == NULL)
break;
tp->rx_buffers[i].mapping = mapping;
tp->rx_ring[i].status = cpu_to_le32(DescOwned); /* Owned by Tulip chip */
tp->rx_ring[i].buffer1 = cpu_to_le32(mapping);
-@@ -678,8 +692,10 @@ tulip_start_xmit(struct sk_buff *skb, st
+@@ -677,8 +691,10 @@ tulip_start_xmit(struct sk_buff *skb, st
entry = tp->cur_tx % TX_RING_SIZE;
tp->tx_buffers[entry].skb = skb;
tp->tx_buffers[entry].mapping = mapping;
tp->tx_ring[entry].buffer1 = cpu_to_le32(mapping);
-@@ -730,16 +746,19 @@ static void tulip_clean_tx_ring(struct t
+@@ -729,16 +745,19 @@ static void tulip_clean_tx_ring(struct t
if (tp->tx_buffers[entry].skb == NULL) {
/* test because dummy frames not mapped */
if (tp->tx_buffers[entry].mapping)
/* Free the original skb. */
dev_kfree_skb_irq(tp->tx_buffers[entry].skb);
-@@ -790,7 +809,9 @@ static void tulip_down (struct net_devic
+@@ -789,7 +808,9 @@ static void tulip_down (struct net_devic
dev->if_port = tp->saved_if_port;
/* Leave the driver in snooze, not sleep, mode. */
}
static void tulip_free_ring (struct net_device *dev)
-@@ -811,8 +832,10 @@ static void tulip_free_ring (struct net_
+@@ -810,8 +831,10 @@ static void tulip_free_ring (struct net_
/* An invalid address. */
tp->rx_ring[i].buffer1 = cpu_to_le32(0xBADF00D0);
if (skb) {
dev_kfree_skb (skb);
}
}
-@@ -821,8 +844,10 @@ static void tulip_free_ring (struct net_
+@@ -820,8 +843,10 @@ static void tulip_free_ring (struct net_
struct sk_buff *skb = tp->tx_buffers[i].skb;
if (skb != NULL) {
dev_kfree_skb (skb);
}
tp->tx_buffers[i].skb = NULL;
-@@ -843,7 +868,7 @@ static int tulip_close (struct net_devic
+@@ -842,7 +867,7 @@ static int tulip_close (struct net_devic
netdev_dbg(dev, "Shutting down ethercard, status was %02x\n",
ioread32 (ioaddr + CSR5));
tulip_free_ring (dev);
-@@ -874,7 +899,9 @@ static void tulip_get_drvinfo(struct net
+@@ -873,7 +898,9 @@ static void tulip_get_drvinfo(struct net
struct tulip_private *np = netdev_priv(dev);
strlcpy(info->driver, DRV_NAME, sizeof(info->driver));
strlcpy(info->version, DRV_VERSION, sizeof(info->version));
}
-@@ -887,7 +914,9 @@ static int tulip_ethtool_set_wol(struct
+@@ -886,7 +913,9 @@ static int tulip_ethtool_set_wol(struct
return -EOPNOTSUPP;
tp->wolinfo.wolopts = wolinfo->wolopts;
return 0;
}
-@@ -1165,9 +1194,11 @@ static void set_rx_mode(struct net_devic
+@@ -1164,9 +1193,11 @@ static void set_rx_mode(struct net_devic
tp->tx_buffers[entry].skb = NULL;
tp->tx_buffers[entry].mapping =
/* Put the setup frame on the Tx list. */
if (entry == TX_RING_SIZE-1)
tx_flags |= DESC_RING_WRAP; /* Wrap ring. */
-@@ -1264,19 +1295,22 @@ out:
+@@ -1263,19 +1294,22 @@ out:
netdev_dbg(dev, "MWI config cacheline=%d, csr0=%08x\n",
cache, csr0);
}
static const struct net_device_ops tulip_netdev_ops = {
.ndo_open = tulip_open,
-@@ -1294,6 +1328,7 @@ static const struct net_device_ops tulip
+@@ -1293,6 +1327,7 @@ static const struct net_device_ops tulip
#endif
};
const struct pci_device_id early_486_chipsets[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82424) },
{ PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_496) },
-@@ -1471,6 +1506,8 @@ static int tulip_init_one(struct pci_dev
+@@ -1470,6 +1505,8 @@ static int tulip_init_one(struct pci_dev
}
}
tp->pdev = pdev;
tp->base_addr = ioaddr;
tp->revision = pdev->revision;
tp->csr0 = csr0;
-@@ -1801,6 +1838,7 @@ err_out_free_netdev:
+@@ -1800,6 +1837,7 @@ err_out_free_netdev:
}
/* set the registers according to the given wolopts */
static void tulip_set_wolopts (struct pci_dev *pdev, u32 wolopts)
{
-@@ -1829,6 +1867,7 @@ static void tulip_set_wolopts (struct pc
+@@ -1828,6 +1866,7 @@ static void tulip_set_wolopts (struct pc
iowrite32(tmp, ioaddr + CSR13);
}
}
#ifdef CONFIG_PM
-@@ -1943,6 +1982,7 @@ static void tulip_remove_one(struct pci_
+@@ -1942,6 +1981,7 @@ static void tulip_remove_one(struct pci_
/* pci_power_off (pdev, -1); */
}
#ifdef CONFIG_NET_POLL_CONTROLLER
/*
-@@ -1964,7 +2004,8 @@ static void poll_tulip (struct net_devic
+@@ -1963,7 +2003,8 @@ static void poll_tulip (struct net_devic
}
#endif
.name = DRV_NAME,
.id_table = tulip_pci_tbl,
.probe = tulip_init_one,
-@@ -1974,10 +2015,12 @@ static struct pci_driver tulip_driver =
+@@ -1973,10 +2014,12 @@ static struct pci_driver tulip_driver =
.resume = tulip_resume,
#endif /* CONFIG_PM */
};
#ifdef MODULE
pr_info("%s", version);
#endif
-@@ -1987,13 +2030,18 @@ static int __init tulip_init (void)
+@@ -1992,13 +2035,18 @@ static int __init tulip_init (void)
tulip_max_interrupt_work = max_interrupt_work;
/* probe for and init boards */
#include <linux/delay.h>
#include <linux/mii.h>
#include <linux/crc32.h>
-@@ -204,6 +206,9 @@ struct tulip_chip_table tulip_tbl[] = {
+@@ -203,6 +205,9 @@ struct tulip_chip_table tulip_tbl[] = {
{ "Conexant LANfinity", 256, 0x0001ebef,
HAS_MII | HAS_ACPI, tulip_timer, tulip_media_task },
};
-@@ -377,6 +382,11 @@ static void tulip_up(struct net_device *
+@@ -376,6 +381,11 @@ static void tulip_up(struct net_device *
sizeof(tp->setup_frame),
PCI_DMA_TODEVICE);
#endif
tp->tx_buffers[tp->cur_tx].skb = NULL;
tp->tx_buffers[tp->cur_tx].mapping = mapping;
-@@ -396,6 +406,7 @@ static void tulip_up(struct net_device *
+@@ -395,6 +405,7 @@ static void tulip_up(struct net_device *
i = 0;
if (tp->mtable == NULL)
goto media_picked;
if (dev->if_port) {
int looking_for = tulip_media_cap[dev->if_port] & MediaIsMII ? 11 :
(dev->if_port == 12 ? 0 : dev->if_port);
-@@ -489,6 +500,10 @@ media_picked:
+@@ -488,6 +499,10 @@ media_picked:
iowrite32(ioread32(ioaddr + 0x88) | 1, ioaddr + 0x88);
dev->if_port = tp->mii_cnt ? 11 : 0;
tp->csr6 = 0x00040000;
} else if (tp->chip_id == AX88140) {
tp->csr6 = tp->mii_cnt ? 0x00040100 : 0x00000100;
} else
-@@ -660,6 +675,10 @@ static void tulip_init_ring(struct net_d
+@@ -659,6 +674,10 @@ static void tulip_init_ring(struct net_d
mapping = pci_map_single(tp->pdev, skb->data,
PKT_BUF_SZ, PCI_DMA_FROMDEVICE);
#endif
tp->rx_buffers[i].mapping = mapping;
tp->rx_ring[i].status = cpu_to_le32(DescOwned); /* Owned by Tulip chip */
tp->rx_ring[i].buffer1 = cpu_to_le32(mapping);
-@@ -696,6 +715,11 @@ tulip_start_xmit(struct sk_buff *skb, st
+@@ -695,6 +714,11 @@ tulip_start_xmit(struct sk_buff *skb, st
mapping = pci_map_single(tp->pdev, skb->data,
skb->len, PCI_DMA_TODEVICE);
#endif
tp->tx_buffers[entry].mapping = mapping;
tp->tx_ring[entry].buffer1 = cpu_to_le32(mapping);
-@@ -752,6 +776,13 @@ static void tulip_clean_tx_ring(struct t
+@@ -751,6 +775,13 @@ static void tulip_clean_tx_ring(struct t
sizeof(tp->setup_frame),
PCI_DMA_TODEVICE);
#endif
continue;
}
#ifdef CONFIG_TULIP_PCI
-@@ -759,6 +790,11 @@ static void tulip_clean_tx_ring(struct t
+@@ -758,6 +789,11 @@ static void tulip_clean_tx_ring(struct t
tp->tx_buffers[entry].skb->len,
PCI_DMA_TODEVICE);
#endif
/* Free the original skb. */
dev_kfree_skb_irq(tp->tx_buffers[entry].skb);
-@@ -836,6 +872,10 @@ static void tulip_free_ring (struct net_
+@@ -835,6 +871,10 @@ static void tulip_free_ring (struct net_
pci_unmap_single(tp->pdev, mapping, PKT_BUF_SZ,
PCI_DMA_FROMDEVICE);
#endif
dev_kfree_skb (skb);
}
}
-@@ -848,6 +888,10 @@ static void tulip_free_ring (struct net_
+@@ -847,6 +887,10 @@ static void tulip_free_ring (struct net_
pci_unmap_single(tp->pdev, tp->tx_buffers[i].mapping,
skb->len, PCI_DMA_TODEVICE);
#endif
dev_kfree_skb (skb);
}
tp->tx_buffers[i].skb = NULL;
-@@ -902,6 +946,9 @@ static void tulip_get_drvinfo(struct net
+@@ -901,6 +945,9 @@ static void tulip_get_drvinfo(struct net
#ifdef CONFIG_TULIP_PCI
strlcpy(info->bus_info, pci_name(np->pdev), sizeof(info->bus_info));
#endif
}
-@@ -917,6 +964,9 @@ static int tulip_ethtool_set_wol(struct
+@@ -916,6 +963,9 @@ static int tulip_ethtool_set_wol(struct
#ifdef CONFIG_TULIP_PCI
device_set_wakeup_enable(tp->kdev, tp->wolinfo.wolopts);
#endif
return 0;
}
-@@ -1192,13 +1242,20 @@ static void set_rx_mode(struct net_devic
+@@ -1191,13 +1241,20 @@ static void set_rx_mode(struct net_devic
}
/* Put the setup frame on the Tx list. */
if (entry == TX_RING_SIZE-1)
tx_flags |= DESC_RING_WRAP; /* Wrap ring. */
-@@ -1218,6 +1275,9 @@ static void set_rx_mode(struct net_devic
+@@ -1217,6 +1274,9 @@ static void set_rx_mode(struct net_devic
spin_unlock_irqrestore(&tp->lock, flags);
}
iowrite32(csr6, ioaddr + CSR6);
}
-@@ -1984,6 +2044,126 @@ static void tulip_remove_one(struct pci_
+@@ -1983,6 +2043,126 @@ static void tulip_remove_one(struct pci_
}
#endif /* CONFIG_TULIP_PCI */
#ifdef CONFIG_NET_POLL_CONTROLLER
/*
* Polling 'interrupt' - used by things like netconsole to send skbs
-@@ -2017,6 +2197,17 @@ static struct pci_driver tulip_pci_drive
+@@ -2016,6 +2196,17 @@ static struct pci_driver tulip_pci_drive
};
#endif
static int __init tulip_init (void)
{
-@@ -2033,6 +2224,9 @@ static int __init tulip_init (void)
+@@ -2038,6 +2229,9 @@ static int __init tulip_init (void)
#ifdef CONFIG_TULIP_PCI
ret = pci_register_driver(&tulip_pci_driver);
#endif
return ret;
}
-@@ -2042,6 +2236,9 @@ static void __exit tulip_cleanup (void)
+@@ -2047,6 +2241,9 @@ static void __exit tulip_cleanup (void)
#ifdef CONFIG_TULIP_PCI
pci_unregister_driver (&tulip_pci_driver);
#endif
};
/* Uart divisor latch read */
-@@ -3174,7 +3181,11 @@ static void serial8250_console_putchar(s
+@@ -3168,7 +3175,11 @@ static void serial8250_console_putchar(s
{
struct uart_8250_port *up = up_to_u8250p(port);
--- a/drivers/net/ethernet/ti/cpmac.c
+++ b/drivers/net/ethernet/ti/cpmac.c
-@@ -1146,6 +1146,8 @@ static int cpmac_probe(struct platform_d
+@@ -1147,6 +1147,8 @@ static int cpmac_probe(struct platform_d
goto out;
}
dev->irq = platform_get_irq_byname(pdev, "irq");
dev->netdev_ops = &cpmac_netdev_ops;
-@@ -1227,7 +1229,7 @@ int cpmac_init(void)
+@@ -1228,7 +1230,7 @@ int cpmac_init(void)
cpmac_mii->reset = cpmac_mdio_reset;
cpmac_mii->irq = mii_irqs;
if (!cpmac_mii->priv) {
pr_err("Can't ioremap mdio registers\n");
-@@ -1238,10 +1240,16 @@ int cpmac_init(void)
- #warning FIXME: unhardcode gpio&reset bits
+@@ -1239,10 +1241,16 @@ int cpmac_init(void)
+ /* FIXME: unhardcode gpio&reset bits */
ar7_gpio_disable(26);
ar7_gpio_disable(27);
- ar7_device_reset(AR7_RESET_BIT_CPMAC_LO);
cpmac_mii->reset(cpmac_mii);
for (i = 0; i < 300; i++) {
-@@ -1258,7 +1266,11 @@ int cpmac_init(void)
+@@ -1259,7 +1267,11 @@ int cpmac_init(void)
mask = 0;
}
#include <linux/uaccess.h>
#include <linux/ipv6.h>
#include <linux/icmpv6.h>
-@@ -837,10 +838,10 @@ static void tcp_v6_send_response(struct
+@@ -844,10 +845,10 @@ static void tcp_v6_send_response(struct
topt = (__be32 *)(t1 + 1);
if (tsecr) {
*/
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
-@@ -386,7 +386,7 @@ int ipv6_recv_error(struct sock *sk, str
+@@ -390,7 +390,7 @@ int ipv6_recv_error(struct sock *sk, str
ipv6_iface_scope_id(&sin->sin6_addr,
IP6CB(skb)->iif);
} else {
&sin->sin6_addr);
sin->sin6_scope_id = 0;
}
-@@ -720,12 +720,12 @@ int ip6_datagram_send_ctl(struct net *ne
+@@ -724,12 +724,12 @@ int ip6_datagram_send_ctl(struct net *ne
}
if (fl6->flowlabel&IPV6_FLOWINFO_MASK) {
case IPV6_2292HOPOPTS:
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
-@@ -394,7 +394,7 @@ static void ip6gre_err(struct sk_buff *s
-
- t = ip6gre_tunnel_lookup(skb->dev, &ipv6h->daddr, &ipv6h->saddr,
- flags & GRE_KEY ?
-- *(((__be32 *)p) + (grehlen / 4) - 1) : 0,
-+ net_hdr_word(((__be32 *)p) + (grehlen / 4) - 1) : 0,
- p[1]);
- if (t == NULL)
- return;
-@@ -476,11 +476,11 @@ static int ip6gre_rcv(struct sk_buff *sk
+@@ -479,11 +479,11 @@ static int ip6gre_rcv(struct sk_buff *sk
offset += 4;
}
if (flags&GRE_KEY) {
offset += 4;
}
}
-@@ -745,7 +745,7 @@ static netdev_tx_t ip6gre_xmit2(struct s
+@@ -748,7 +748,7 @@ static netdev_tx_t ip6gre_xmit2(struct s
if (tunnel->parms.o_flags&GRE_SEQ) {
++tunnel->o_seqno;
ptr--;
}
if (tunnel->parms.o_flags&GRE_KEY) {
-@@ -841,7 +841,7 @@ static inline int ip6gre_xmit_ipv6(struc
+@@ -844,7 +844,7 @@ static inline int ip6gre_xmit_ipv6(struc
dsfield = ipv6_get_dsfield(ipv6h);
if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
-@@ -1291,7 +1291,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str
+@@ -1301,7 +1301,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str
dsfield = ipv6_get_dsfield(ipv6h);
if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
goto next_ht;
--- a/net/ipv6/ip6_offload.c
+++ b/net/ipv6/ip6_offload.c
-@@ -221,7 +221,7 @@ static struct sk_buff **ipv6_gro_receive
+@@ -224,7 +224,7 @@ static struct sk_buff **ipv6_gro_receive
continue;
iph2 = (struct ipv6hdr *)(p->data + off);
* XXX skbs on the gro_list have all been parsed and pulled
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
-@@ -43,7 +43,7 @@ struct prefix_info {
+@@ -45,7 +45,7 @@ struct prefix_info {
__be32 reserved2;
struct in6_addr prefix;
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
-@@ -3683,14 +3683,16 @@ static bool tcp_parse_aligned_timestamp(
+@@ -3682,14 +3682,16 @@ static bool tcp_parse_aligned_timestamp(
{
const __be32 *ptr = (const __be32 *)(th + 1);
return 1;
ret = read_sr(nor);
-@@ -880,11 +896,11 @@ static int spansion_quad_enable(struct s
+@@ -887,11 +903,11 @@ static int spansion_quad_enable(struct s
return 0;
}
case CFI_MFR_MACRONIX:
status = macronix_quad_enable(nor);
if (status) {
-@@ -910,11 +926,6 @@ static int spi_nor_check(struct spi_nor
+@@ -917,11 +933,6 @@ static int spi_nor_check(struct spi_nor
return -EINVAL;
}
return 0;
}
-@@ -932,16 +943,24 @@ int spi_nor_scan(struct spi_nor *nor, co
+@@ -939,16 +950,24 @@ int spi_nor_scan(struct spi_nor *nor, co
if (ret)
return ret;
if (IS_ERR(jid)) {
return PTR_ERR(jid);
} else if (jid != id) {
-@@ -966,10 +985,10 @@ int spi_nor_scan(struct spi_nor *nor, co
+@@ -973,10 +992,10 @@ int spi_nor_scan(struct spi_nor *nor, co
* up with the software protection bits set
*/
write_enable(nor);
write_sr(nor, 0);
}
-@@ -984,7 +1003,7 @@ int spi_nor_scan(struct spi_nor *nor, co
+@@ -991,7 +1010,7 @@ int spi_nor_scan(struct spi_nor *nor, co
mtd->_read = spi_nor_read;
/* nor protection support for STmicro chips */
mtd->_lock = spi_nor_lock;
mtd->_unlock = spi_nor_unlock;
}
-@@ -995,9 +1014,8 @@ int spi_nor_scan(struct spi_nor *nor, co
+@@ -1002,9 +1021,8 @@ int spi_nor_scan(struct spi_nor *nor, co
else
mtd->_write = spi_nor_write;
#ifdef CONFIG_MTD_SPI_NOR_USE_4K_SECTORS
/* prefer "small sector" erase if possible */
-@@ -1038,7 +1056,7 @@ int spi_nor_scan(struct spi_nor *nor, co
+@@ -1045,7 +1063,7 @@ int spi_nor_scan(struct spi_nor *nor, co
/* Quad/Dual-read mode takes precedence over fast/normal */
if (mode == SPI_NOR_QUAD && info->flags & SPI_NOR_QUAD_READ) {
if (ret) {
dev_err(dev, "quad mode not supported\n");
return ret;
-@@ -1074,7 +1092,7 @@ int spi_nor_scan(struct spi_nor *nor, co
+@@ -1081,7 +1099,7 @@ int spi_nor_scan(struct spi_nor *nor, co
else if (mtd->size > 0x1000000) {
/* enable 4-byte addressing if the device exceeds 16MiB */
nor->addr_width = 4;
/* Dedicated 4-byte command set */
switch (nor->flash_read) {
case SPI_NOR_QUAD:
-@@ -1095,7 +1113,7 @@ int spi_nor_scan(struct spi_nor *nor, co
+@@ -1102,7 +1120,7 @@ int spi_nor_scan(struct spi_nor *nor, co
nor->erase_opcode = SPINOR_OP_SE_4B;
mtd->erasesize = info->sector_size;
} else
/* PMC */
{ "pm25lv512", INFO(0, 0, 32 * 1024, 2, SECT_4K_PMC) },
-@@ -896,6 +896,45 @@ static int spansion_quad_enable(struct s
+@@ -903,6 +903,45 @@ static int spansion_quad_enable(struct s
return 0;
}
static int set_quad_mode(struct spi_nor *nor, struct flash_info *info)
{
int status;
-@@ -908,6 +947,13 @@ static int set_quad_mode(struct spi_nor
+@@ -915,6 +954,13 @@ static int set_quad_mode(struct spi_nor
return -EINVAL;
}
return status;
--- a/drivers/char/Kconfig
+++ b/drivers/char/Kconfig
-@@ -581,6 +581,8 @@ config DEVPORT
+@@ -583,6 +583,8 @@ config DEVPORT
source "drivers/s390/char/Kconfig"
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
-@@ -4932,7 +4932,7 @@ static void port_event(struct usb_hub *h
+@@ -4933,7 +4933,7 @@ static void port_event(struct usb_hub *h
if (portchange & USB_PORT_STAT_C_OVERCURRENT) {
u16 status = 0, unused;
mmc_of_parse(mmc);
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
-@@ -1086,8 +1086,12 @@ static struct debugfs_blob_wrapper flat_
+@@ -1092,8 +1092,12 @@ static struct debugfs_blob_wrapper flat_
static int __init of_flat_dt_debugfs_export_fdt(void)
{
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
-@@ -901,22 +901,38 @@ int __init early_init_dt_scan_chosen(uns
+@@ -907,22 +907,38 @@ int __init early_init_dt_scan_chosen(uns
/* Retrieve command line */
p = of_get_flat_dt_prop(node, "bootargs", &l);
/*
* Some really old flashes (like AT45DB*) had smaller erasesize-s, but
-@@ -334,12 +335,23 @@ static int bcm47xxpart_parse(struct mtd_
+@@ -332,12 +333,23 @@ static int bcm47xxpart_parse(struct mtd_
if (buf[0] == NVRAM_HEADER) {
bcm47xxpart_add_part(&parts[curr_part++], "nvram",
master->size - blocksize, 0);
--- a/arch/arm/mach-cns3xxx/Makefile
+++ b/arch/arm/mach-cns3xxx/Makefile
-@@ -5,3 +5,5 @@ cns3xxx-y += core.o pm.o
- cns3xxx-$(CONFIG_ATAGS) += devices.o
+@@ -6,3 +6,5 @@ cns3xxx-$(CONFIG_ATAGS) += devices.o
cns3xxx-$(CONFIG_PCI) += pcie.o
+ CFLAGS_pcie.o += -Wframe-larger-than=1536 # override default 1024, this is safe here
cns3xxx-$(CONFIG_MACH_CNS3420VB) += cns3420vb.o
+cns3xxx-$(CONFIG_SMP) += platsmp.o headsmp.o
+cns3xxx-$(CONFIG_HOTPLUG_CPU) += hotplug.o
--- a/arch/arm/mach-cns3xxx/Makefile
+++ b/arch/arm/mach-cns3xxx/Makefile
-@@ -5,5 +5,5 @@ cns3xxx-y += core.o pm.o
- cns3xxx-$(CONFIG_ATAGS) += devices.o
+@@ -6,5 +6,5 @@ cns3xxx-$(CONFIG_ATAGS) += devices.o
cns3xxx-$(CONFIG_PCI) += pcie.o
+ CFLAGS_pcie.o += -Wframe-larger-than=1536 # override default 1024, this is safe here
cns3xxx-$(CONFIG_MACH_CNS3420VB) += cns3420vb.o
-cns3xxx-$(CONFIG_SMP) += platsmp.o headsmp.o
+cns3xxx-$(CONFIG_SMP) += platsmp.o headsmp.o cns3xxx_fiq.o
+cns3xxx-y += core.o pm.o gpio.o
cns3xxx-$(CONFIG_ATAGS) += devices.o
cns3xxx-$(CONFIG_PCI) += pcie.o
- cns3xxx-$(CONFIG_MACH_CNS3420VB) += cns3420vb.o
+ CFLAGS_pcie.o += -Wframe-larger-than=1536 # override default 1024, this is safe here
--- a/arch/arm/mach-cns3xxx/cns3xxx.h
+++ b/arch/arm/mach-cns3xxx/cns3xxx.h
@@ -68,8 +68,10 @@
endif
--- a/arch/arm/mach-cns3xxx/Makefile
+++ b/arch/arm/mach-cns3xxx/Makefile
-@@ -7,3 +7,5 @@ cns3xxx-$(CONFIG_PCI) += pcie.o
+@@ -8,3 +8,5 @@ CFLAGS_pcie.o += -Wframe-larger-than=
cns3xxx-$(CONFIG_MACH_CNS3420VB) += cns3420vb.o
cns3xxx-$(CONFIG_SMP) += platsmp.o headsmp.o cns3xxx_fiq.o
cns3xxx-$(CONFIG_HOTPLUG_CPU) += hotplug.o
offset + trx->offset[i],
0);
i++;
-@@ -205,7 +235,8 @@ static int bcm47xxpart_parse(struct mtd_
+@@ -203,7 +233,8 @@ static int bcm47xxpart_parse(struct mtd_
}
/* Squashfs on devices not using TRX */
--- a/drivers/net/ethernet/broadcom/bgmac.c
+++ b/drivers/net/ethernet/broadcom/bgmac.c
-@@ -1515,6 +1515,8 @@ static int bgmac_probe(struct bcma_devic
+@@ -1521,6 +1521,8 @@ static int bgmac_probe(struct bcma_devic
if (core->bus->sprom.boardflags_lo & BGMAC_BFL_ENETADM)
bgmac_warn(bgmac, "Support for ADMtek ethernet switch not implemented\n");
err = bgmac_mii_register(bgmac);
if (err) {
bgmac_err(bgmac, "Cannot register MDIO\n");
-@@ -1529,8 +1531,6 @@ static int bgmac_probe(struct bcma_devic
+@@ -1535,8 +1537,6 @@ static int bgmac_probe(struct bcma_devic
netif_carrier_off(net_dev);
return 0;
err_mii_unregister:
-@@ -1549,9 +1549,9 @@ static void bgmac_remove(struct bcma_dev
+@@ -1555,9 +1555,9 @@ static void bgmac_remove(struct bcma_dev
{
struct bgmac *bgmac = bcma_get_drvdata(core);
+++ /dev/null
-From 21697336d46b71dd031f29e426dda0b1e7f06cc0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <zajec5@gmail.com>
-Date: Wed, 11 Feb 2015 18:06:34 +0100
-Subject: [PATCH] bgmac: fix device initialization on Northstar SoCs (condition
- typo)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-On Northstar (Broadcom's ARM architecture) we need to manually enable
-all cores. Code for that is already in place, but the condition for it
-was wrong.
-
-Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- drivers/net/ethernet/broadcom/bgmac.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
---- a/drivers/net/ethernet/broadcom/bgmac.c
-+++ b/drivers/net/ethernet/broadcom/bgmac.c
-@@ -1412,6 +1412,7 @@ static void bgmac_mii_unregister(struct
- /* http://bcm-v4.sipsolutions.net/mac-gbit/gmac/chipattach */
- static int bgmac_probe(struct bcma_device *core)
- {
-+ struct bcma_chipinfo *ci = &core->bus->chipinfo;
- struct net_device *net_dev;
- struct bgmac *bgmac;
- struct ssb_sprom *sprom = &core->bus->sprom;
-@@ -1474,8 +1475,8 @@ static int bgmac_probe(struct bcma_devic
- bgmac_chip_reset(bgmac);
-
- /* For Northstar, we have to take all GMAC core out of reset */
-- if (core->id.id == BCMA_CHIP_ID_BCM4707 ||
-- core->id.id == BCMA_CHIP_ID_BCM53018) {
-+ if (ci->id == BCMA_CHIP_ID_BCM4707 ||
-+ ci->id == BCMA_CHIP_ID_BCM53018) {
- struct bcma_device *ns_core;
- int ns_gmac;
-
}
}
-@@ -1583,6 +1657,10 @@ static int bgmac_probe(struct bcma_devic
+@@ -1588,6 +1662,10 @@ static int bgmac_probe(struct bcma_devic
goto err_dma_free;
}
pr_err("Unsupported core_unit %d\n", core->core_unit);
return -ENOTSUPP;
}
-@@ -1588,8 +1597,17 @@ static int bgmac_probe(struct bcma_devic
+@@ -1593,8 +1602,17 @@ static int bgmac_probe(struct bcma_devic
}
bgmac->cmn = core->bus->drv_gmac_cmn.core;
struct net_device *net_dev;
struct bgmac *bgmac;
struct ssb_sprom *sprom = &core->bus->sprom;
-@@ -1626,8 +1629,7 @@ static int bgmac_probe(struct bcma_devic
+@@ -1631,8 +1634,7 @@ static int bgmac_probe(struct bcma_devic
bgmac_chip_reset(bgmac);
/* For Northstar, we have to take all GMAC core out of reset */
--- a/drivers/net/ethernet/broadcom/bgmac.c
+++ b/drivers/net/ethernet/broadcom/bgmac.c
-@@ -1578,6 +1578,11 @@ static int bgmac_probe(struct bcma_devic
- dev_warn(&core->dev, "Using random MAC: %pM\n", mac);
- }
+@@ -1583,6 +1583,11 @@ static int bgmac_probe(struct bcma_devic
+ */
+ bcma_core_enable(core, 0);
+ /* This (reset &) enable is not preset in specs or reference driver but
+ * Broadcom does it in arch PCI code when enabling fake PCI device.
u32 portid;
net = sock_net(skb->sk);
-@@ -971,9 +976,7 @@ static void nl_fib_input(struct sk_buff
+@@ -972,9 +977,7 @@ static void nl_fib_input(struct sk_buff
nlh = nlmsg_hdr(skb);
frn = (struct fib_result_nl *) nlmsg_data(nlh);
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
-@@ -597,20 +597,22 @@ int ip6_fragment(struct sk_buff *skb, in
+@@ -600,20 +600,22 @@ int ip6_fragment(struct sk_buff *skb, in
}
mtu -= hlen + sizeof(struct frag_hdr);
goto slow_path_clean;
/* Partially cloned skb? */
-@@ -627,8 +629,6 @@ int ip6_fragment(struct sk_buff *skb, in
+@@ -630,8 +632,6 @@ int ip6_fragment(struct sk_buff *skb, in
err = 0;
offset = 0;
/* BUILD HEADER */
*prevhdr = NEXTHDR_FRAGMENT;
-@@ -636,8 +636,11 @@ int ip6_fragment(struct sk_buff *skb, in
+@@ -639,8 +639,11 @@ int ip6_fragment(struct sk_buff *skb, in
if (!tmp_hdr) {
IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
IPSTATS_MIB_FRAGFAILS);
__skb_pull(skb, hlen);
fh = (struct frag_hdr *)__skb_push(skb, sizeof(struct frag_hdr));
-@@ -735,7 +738,6 @@ slow_path:
+@@ -738,7 +741,6 @@ slow_path:
*/
*prevhdr = NEXTHDR_FRAGMENT;
+++ /dev/null
-From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <zajec5@gmail.com>
-Date: Sat, 5 Dec 2015 02:03:32 +0100
-Subject: [PATCH] mtd: bcm47xxpart: limit scanned flash area on BCM47XX (MIPS)
- only
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We allowed using bcm47xxpart on BCM5301X arch with commit:
-9e3afa5f5c7 ("mtd: bcm47xxpart: allow enabling on ARCH_BCM_5301X")
-
-BCM5301X devices may contain some partitions in higher memory, e.g.
-Netgear R8000 has board_data at 0x2600000. To detect them we should
-use size limit on MIPS only.
-
-Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
----
- drivers/mtd/bcm47xxpart.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/drivers/mtd/bcm47xxpart.c
-+++ b/drivers/mtd/bcm47xxpart.c
-@@ -118,8 +118,8 @@ static int bcm47xxpart_parse(struct mtd_
- /* Parse block by block looking for magics */
- for (offset = 0; offset <= master->size - blocksize;
- offset += blocksize) {
-- /* Nothing more in higher memory */
-- if (offset >= 0x2000000)
-+ /* Nothing more in higher memory on BCM47XX (MIPS) */
-+ if (config_enabled(CONFIG_BCM47XX) && offset >= 0x2000000)
- break;
-
- if (curr_part >= BCM47XXPART_MAX_PARTS) {
continue;
}
-@@ -254,10 +258,11 @@ static int bcm47xxpart_parse(struct mtd_
+@@ -252,10 +256,11 @@ static int bcm47xxpart_parse(struct mtd_
}
/* Read middle of the block */
continue;
}
-@@ -277,10 +282,11 @@ static int bcm47xxpart_parse(struct mtd_
+@@ -275,10 +280,11 @@ static int bcm47xxpart_parse(struct mtd_
}
offset = master->size - possible_nvram_sizes[i];
+++ /dev/null
-From a95f03e51471dbdbafd3391991d867ac2358ed02 Mon Sep 17 00:00:00 2001
-From: Jonas Gorski <jogo@openwrt.org>
-Date: Sun, 23 Aug 2015 14:23:29 +0200
-Subject: [PATCH] usb: ehci-orion: fix probe for !GENERIC_PHY
-
-Commit d445913ce0ab7f ("usb: ehci-orion: add optional PHY support")
-added support for optional phys, but devm_phy_optional_get returns
--ENOSYS if GENERIC_PHY is not enabled.
-
-This causes probe failures, even when there are no phys specified:
-
-[ 1.443365] orion-ehci f1058000.usb: init f1058000.usb fail, -38
-[ 1.449403] orion-ehci: probe of f1058000.usb failed with error -38
-
-Similar to dwc3, treat -ENOSYS as no phy.
-
-Fixes: d445913ce0ab7f ("usb: ehci-orion: add optional PHY support")
-
-Signed-off-by: Jonas Gorski <jogo@openwrt.org>
----
- drivers/usb/host/ehci-orion.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
---- a/drivers/usb/host/ehci-orion.c
-+++ b/drivers/usb/host/ehci-orion.c
-@@ -226,7 +226,8 @@ static int ehci_orion_drv_probe(struct p
- priv->phy = devm_phy_optional_get(&pdev->dev, "usb");
- if (IS_ERR(priv->phy)) {
- err = PTR_ERR(priv->phy);
-- goto err_phy_get;
-+ if (err != -ENOSYS)
-+ goto err_phy_get;
- } else {
- err = phy_init(priv->phy);
- if (err)
--- a/Makefile
+++ b/Makefile
-@@ -614,9 +614,9 @@ KBUILD_CFLAGS += $(call cc-option,-fno-P
+@@ -618,9 +618,9 @@ KBUILD_CFLAGS += $(call cc-option,-fno-P
KBUILD_AFLAGS += $(call cc-option,-fno-PIE)
ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE
+#if defined(MODULE) && !defined(CONFIG_MODULE_STRIPPED)
/* Creates an alias so file2alias.c can find device table. */
#define MODULE_DEVICE_TABLE(type, name) \
- extern const struct type##_device_id __mod_##type##__##name##_device_table \
-@@ -159,7 +160,9 @@ void trim_init_extable(struct module *m)
+ extern const typeof(name) __mod_##type##__##name##_device_table \
+@@ -159,7 +160,9 @@ extern const typeof(name) __mod_##type##
*/
#if defined(MODULE) || !defined(CONFIG_SYSFS)
#else
#define MODULE_VERSION(_version) \
static struct module_version_attribute ___modver_attr = { \
-@@ -181,7 +184,7 @@ void trim_init_extable(struct module *m)
+@@ -181,7 +184,7 @@ extern const typeof(name) __mod_##type##
/* Optional firmware file (or files) needed by the module
* format is simply firmware file name. Multiple firmware
* files require multiple MODULE_FIRMWARE() specifiers */
set_license(mod, get_modinfo(info, "license"));
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
-@@ -1726,7 +1726,9 @@ static void read_symbols(char *modname)
+@@ -1758,7 +1758,9 @@ static void read_symbols(char *modname)
symname = remove_dot(info.strtab + sym->st_name);
handle_modversions(mod, &info, sym, symname);
}
if (!is_vmlinux(modname) ||
(is_vmlinux(modname) && vmlinux_section_warnings))
-@@ -1870,7 +1872,9 @@ static void add_header(struct buffer *b,
+@@ -1902,7 +1904,9 @@ static void add_header(struct buffer *b,
buf_printf(b, "#include <linux/vermagic.h>\n");
buf_printf(b, "#include <linux/compiler.h>\n");
buf_printf(b, "\n");
buf_printf(b, "\n");
buf_printf(b, "__visible struct module __this_module\n");
buf_printf(b, "__attribute__((section(\".gnu.linkonce.this_module\"))) = {\n");
-@@ -1887,16 +1891,20 @@ static void add_header(struct buffer *b,
+@@ -1919,16 +1923,20 @@ static void add_header(struct buffer *b,
static void add_intree_flag(struct buffer *b, int is_intree)
{
}
/**
-@@ -1989,11 +1997,13 @@ static void add_depends(struct buffer *b
+@@ -2021,11 +2029,13 @@ static void add_depends(struct buffer *b
static void add_srcversion(struct buffer *b, struct module *mod)
{
}
static void write_if_changed(struct buffer *b, const char *fname)
-@@ -2224,7 +2234,9 @@ int main(int argc, char **argv)
+@@ -2256,7 +2266,9 @@ int main(int argc, char **argv)
add_staging_flag(&buf, mod->name);
err |= add_versions(&buf, mod);
add_depends(&buf, mod, modules);
--- a/drivers/mtd/spi-nor/spi-nor.c
+++ b/drivers/mtd/spi-nor/spi-nor.c
-@@ -963,6 +963,7 @@ int spi_nor_scan(struct spi_nor *nor, co
+@@ -970,6 +970,7 @@ int spi_nor_scan(struct spi_nor *nor, co
if (JEDEC_MFR(info->jedec_id) == CFI_MFR_ATMEL ||
JEDEC_MFR(info->jedec_id) == CFI_MFR_INTEL ||
config CRYPTO_ANSI_CPRNG
--- a/crypto/Makefile
+++ b/crypto/Makefile
-@@ -89,6 +89,7 @@ obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.
+@@ -91,6 +91,7 @@ obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.
obj-$(CONFIG_CRYPTO_LZO) += lzo.o
obj-$(CONFIG_CRYPTO_LZ4) += lz4.o
obj-$(CONFIG_CRYPTO_LZ4HC) += lz4hc.o
#define PACKET_FANOUT_LB 1
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
-@@ -1530,6 +1530,7 @@ static int packet_rcv_spkt(struct sk_buf
+@@ -1529,6 +1529,7 @@ static int packet_rcv_spkt(struct sk_buf
{
struct sock *sk;
struct sockaddr_pkt *spkt;
/*
* When we registered the protocol we saved the socket in the data
-@@ -1537,6 +1538,7 @@ static int packet_rcv_spkt(struct sk_buf
+@@ -1536,6 +1537,7 @@ static int packet_rcv_spkt(struct sk_buf
*/
sk = pt->af_packet_priv;
/*
* Yank back the headers [hope the device set this
-@@ -1549,7 +1551,7 @@ static int packet_rcv_spkt(struct sk_buf
+@@ -1548,7 +1550,7 @@ static int packet_rcv_spkt(struct sk_buf
* so that this procedure is noop.
*/
goto out;
if (!net_eq(dev_net(dev), sock_net(sk)))
-@@ -1748,12 +1750,12 @@ static int packet_rcv(struct sk_buff *sk
+@@ -1747,12 +1749,12 @@ static int packet_rcv(struct sk_buff *sk
int skb_len = skb->len;
unsigned int snaplen, res;
if (!net_eq(dev_net(dev), sock_net(sk)))
goto drop;
-@@ -1873,12 +1875,12 @@ static int tpacket_rcv(struct sk_buff *s
+@@ -1872,12 +1874,12 @@ static int tpacket_rcv(struct sk_buff *s
BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h2)) != 32);
BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h3)) != 48);
if (!net_eq(dev_net(dev), sock_net(sk)))
goto drop;
-@@ -2828,6 +2830,7 @@ static int packet_create(struct net *net
+@@ -2831,6 +2833,7 @@ static int packet_create(struct net *net
spin_lock_init(&po->bind_lock);
mutex_init(&po->pg_vec_lock);
po->prot_hook.func = packet_rcv;
if (sock->type == SOCK_PACKET)
po->prot_hook.func = packet_rcv_spkt;
-@@ -3409,6 +3412,16 @@ packet_setsockopt(struct socket *sock, i
+@@ -3425,6 +3428,16 @@ packet_setsockopt(struct socket *sock, i
po->xmit = val ? packet_direct_xmit : dev_queue_xmit;
return 0;
}
default:
return -ENOPROTOOPT;
}
-@@ -3460,6 +3473,13 @@ static int packet_getsockopt(struct sock
+@@ -3476,6 +3489,13 @@ static int packet_getsockopt(struct sock
case PACKET_VNET_HDR:
val = po->has_vnet_hdr;
break;
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
-@@ -88,6 +88,12 @@ int ipv6_rcv_saddr_equal(const struct so
+@@ -90,6 +90,12 @@ int ipv6_rcv_saddr_equal(const struct so
void addrconf_join_solict(struct net_device *dev, const struct in6_addr *addr);
void addrconf_leave_solict(struct inet6_dev *idev, const struct in6_addr *addr);
int __ipv6_get_lladdr(struct inet6_dev *idev, struct in6_addr *addr,
u32 banned_flags)
-@@ -5469,6 +5468,9 @@ int __init addrconf_init(void)
+@@ -5473,6 +5472,9 @@ int __init addrconf_init(void)
ipv6_addr_label_rtnl_register();
return 0;
errout:
rtnl_af_unregister(&inet6_ops);
-@@ -5488,6 +5490,9 @@ void addrconf_cleanup(void)
+@@ -5492,6 +5494,9 @@ void addrconf_cleanup(void)
struct net_device *dev;
int i;
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
-@@ -1721,27 +1721,7 @@ void netlink_detachskb(struct sock *sk,
+@@ -1107,24 +1107,7 @@ void netlink_detachskb(struct sock *sk,
static struct sk_buff *netlink_trim(struct sk_buff *skb, gfp_t allocation)
{
- int delta;
-
WARN_ON(skb->sk != NULL);
-- if (netlink_skb_is_mmaped(skb))
-- return skb;
--
- delta = skb->end - skb->tail;
- if (is_vmalloc_addr(skb->head) || delta * 2 < skb->truesize)
- return skb;
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
-@@ -2023,7 +2023,7 @@ static inline int pskb_network_may_pull(
+@@ -2024,7 +2024,7 @@ static inline int pskb_network_may_pull(
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
*/
#ifndef NET_SKB_PAD
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
-@@ -2068,6 +2068,24 @@ static inline void pskb_trim_unique(stru
+@@ -2069,6 +2069,24 @@ static inline void pskb_trim_unique(stru
BUG_ON(err);
}
if (dev == ip6n->fb_tnl_dev)
RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL);
else
-@@ -771,6 +786,108 @@ int ip6_tnl_rcv_ctl(struct ip6_tnl *t,
+@@ -781,6 +796,108 @@ int ip6_tnl_rcv_ctl(struct ip6_tnl *t,
}
EXPORT_SYMBOL_GPL(ip6_tnl_rcv_ctl);
/**
* ip6_tnl_rcv - decapsulate IPv6 packet and retransmit it locally
* @skb: received socket buffer
-@@ -815,6 +932,26 @@ static int ip6_tnl_rcv(struct sk_buff *s
+@@ -825,6 +942,26 @@ static int ip6_tnl_rcv(struct sk_buff *s
skb_reset_network_header(skb);
skb->protocol = htons(protocol);
memset(skb->cb, 0, sizeof(struct inet6_skb_parm));
__skb_tunnel_rx(skb, t->dev, t->net);
-@@ -1076,6 +1213,7 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str
+@@ -1086,6 +1223,7 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str
__u8 dsfield;
__u32 mtu;
int err;
if ((t->parms.proto != IPPROTO_IPIP && t->parms.proto != 0) ||
!ip6_tnl_xmit_ctl(t))
-@@ -1095,6 +1233,18 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str
+@@ -1105,6 +1243,18 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
fl6.flowi6_mark = skb->mark;
err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu);
if (err != 0) {
/* XXX: send ICMP error even if DF is not set. */
-@@ -1263,6 +1413,14 @@ ip6_tnl_change(struct ip6_tnl *t, const
+@@ -1273,6 +1423,14 @@ ip6_tnl_change(struct ip6_tnl *t, const
t->parms.flowinfo = p->flowinfo;
t->parms.link = p->link;
t->parms.proto = p->proto;
ip6_tnl_dst_reset(t);
ip6_tnl_link_config(t);
return 0;
-@@ -1293,6 +1451,7 @@ ip6_tnl_parm_from_user(struct __ip6_tnl_
+@@ -1303,6 +1461,7 @@ ip6_tnl_parm_from_user(struct __ip6_tnl_
p->flowinfo = u->flowinfo;
p->link = u->link;
p->proto = u->proto;
memcpy(p->name, u->name, sizeof(u->name));
}
-@@ -1568,6 +1727,15 @@ static int ip6_tnl_validate(struct nlatt
+@@ -1578,6 +1737,15 @@ static int ip6_tnl_validate(struct nlatt
return 0;
}
static void ip6_tnl_netlink_parms(struct nlattr *data[],
struct __ip6_tnl_parm *parms)
{
-@@ -1601,6 +1769,46 @@ static void ip6_tnl_netlink_parms(struct
+@@ -1611,6 +1779,46 @@ static void ip6_tnl_netlink_parms(struct
if (data[IFLA_IPTUN_PROTO])
parms->proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
}
static int ip6_tnl_newlink(struct net *src_net, struct net_device *dev,
-@@ -1653,6 +1861,12 @@ static void ip6_tnl_dellink(struct net_d
+@@ -1663,6 +1871,12 @@ static void ip6_tnl_dellink(struct net_d
static size_t ip6_tnl_get_size(const struct net_device *dev)
{
return
/* IFLA_IPTUN_LINK */
nla_total_size(4) +
-@@ -1670,6 +1884,24 @@ static size_t ip6_tnl_get_size(const str
+@@ -1680,6 +1894,24 @@ static size_t ip6_tnl_get_size(const str
nla_total_size(4) +
/* IFLA_IPTUN_PROTO */
nla_total_size(1) +
0;
}
-@@ -1677,6 +1909,9 @@ static int ip6_tnl_fill_info(struct sk_b
+@@ -1687,6 +1919,9 @@ static int ip6_tnl_fill_info(struct sk_b
{
struct ip6_tnl *tunnel = netdev_priv(dev);
struct __ip6_tnl_parm *parm = &tunnel->parms;
if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
nla_put(skb, IFLA_IPTUN_LOCAL, sizeof(struct in6_addr),
-@@ -1687,8 +1922,27 @@ static int ip6_tnl_fill_info(struct sk_b
+@@ -1697,8 +1932,27 @@ static int ip6_tnl_fill_info(struct sk_b
nla_put_u8(skb, IFLA_IPTUN_ENCAP_LIMIT, parm->encap_limit) ||
nla_put_be32(skb, IFLA_IPTUN_FLOWINFO, parm->flowinfo) ||
nla_put_u32(skb, IFLA_IPTUN_FLAGS, parm->flags) ||
return 0;
nla_put_failure:
-@@ -1704,6 +1958,7 @@ static const struct nla_policy ip6_tnl_p
+@@ -1714,6 +1968,7 @@ static const struct nla_policy ip6_tnl_p
[IFLA_IPTUN_FLOWINFO] = { .type = NLA_U32 },
[IFLA_IPTUN_FLAGS] = { .type = NLA_U32 },
[IFLA_IPTUN_PROTO] = { .type = NLA_U8 },
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
-@@ -903,21 +903,45 @@ static int ip6_dst_lookup_tail(struct so
+@@ -906,21 +906,45 @@ static int ip6_dst_lookup_tail(struct so
#endif
int err;
* Here if the dst entry we've looked up
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
-@@ -2182,9 +2182,10 @@ int ip6_route_get_saddr(struct net *net,
+@@ -2184,9 +2184,10 @@ int ip6_route_get_saddr(struct net *net,
unsigned int prefs,
struct in6_addr *saddr)
{
case RTN_THROW:
default:
rt->dst.error = (cfg->fc_type == RTN_THROW) ? -EAGAIN
-@@ -2139,6 +2161,17 @@ static int ip6_pkt_prohibit_out(struct s
+@@ -2141,6 +2163,17 @@ static int ip6_pkt_prohibit_out(struct s
return ip6_pkt_drop(skb, ICMPV6_ADM_PROHIBITED, IPSTATS_MIB_OUTNOROUTES);
}
/*
* Allocate a dst for local (unicast / anycast) address.
*/
-@@ -2363,7 +2396,8 @@ static int rtm_to_fib6_config(struct sk_
+@@ -2365,7 +2398,8 @@ static int rtm_to_fib6_config(struct sk_
if (rtm->rtm_type == RTN_UNREACHABLE ||
rtm->rtm_type == RTN_BLACKHOLE ||
rtm->rtm_type == RTN_PROHIBIT ||
cfg->fc_flags |= RTF_REJECT;
if (rtm->rtm_type == RTN_LOCAL)
-@@ -2565,6 +2599,9 @@ static int rt6_fill_node(struct net *net
+@@ -2567,6 +2601,9 @@ static int rt6_fill_node(struct net *net
case -EACCES:
rtm->rtm_type = RTN_PROHIBIT;
break;
case -EAGAIN:
rtm->rtm_type = RTN_THROW;
break;
-@@ -2818,6 +2855,8 @@ static int ip6_route_dev_notify(struct n
+@@ -2825,6 +2862,8 @@ static int ip6_route_dev_notify(struct n
#ifdef CONFIG_IPV6_MULTIPLE_TABLES
net->ipv6.ip6_prohibit_entry->dst.dev = dev;
net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev);
net->ipv6.ip6_blk_hole_entry->dst.dev = dev;
net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev);
#endif
-@@ -3034,6 +3073,17 @@ static int __net_init ip6_route_net_init
+@@ -3047,6 +3086,17 @@ static int __net_init ip6_route_net_init
net->ipv6.ip6_blk_hole_entry->dst.ops = &net->ipv6.ip6_dst_ops;
dst_init_metrics(&net->ipv6.ip6_blk_hole_entry->dst,
ip6_template_metrics, true);
#endif
net->ipv6.sysctl.flush_delay = 0;
-@@ -3052,6 +3102,8 @@ out:
+@@ -3065,6 +3115,8 @@ out:
return ret;
#ifdef CONFIG_IPV6_MULTIPLE_TABLES
out_ip6_prohibit_entry:
kfree(net->ipv6.ip6_prohibit_entry);
out_ip6_null_entry:
-@@ -3069,6 +3121,7 @@ static void __net_exit ip6_route_net_exi
+@@ -3082,6 +3134,7 @@ static void __net_exit ip6_route_net_exi
#ifdef CONFIG_IPV6_MULTIPLE_TABLES
kfree(net->ipv6.ip6_prohibit_entry);
kfree(net->ipv6.ip6_blk_hole_entry);
#endif
dst_entries_destroy(&net->ipv6.ip6_dst_ops);
}
-@@ -3165,6 +3218,9 @@ int __init ip6_route_init(void)
+@@ -3155,6 +3208,9 @@ void __init ip6_route_init_special_entri
init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
init_net.ipv6.ip6_blk_hole_entry->dst.dev = init_net.loopback_dev;
init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
+ init_net.ipv6.ip6_policy_failed_entry->rt6i_idev =
+ in6_dev_get(init_net.loopback_dev);
#endif
- ret = fib6_init();
- if (ret)
+ }
+
--- a/net/core/dev.c
+++ b/net/core/dev.c
-@@ -4002,6 +4002,9 @@ static enum gro_result dev_gro_receive(s
+@@ -4009,6 +4009,9 @@ static enum gro_result dev_gro_receive(s
enum gro_result ret;
int grow;
if (!(skb->dev->features & NETIF_F_GRO))
goto normal;
-@@ -5067,6 +5070,48 @@ static void __netdev_adjacent_dev_unlink
+@@ -5080,6 +5083,48 @@ static void __netdev_adjacent_dev_unlink
&upper_dev->adj_list.lower);
}
static int __netdev_upper_dev_link(struct net_device *dev,
struct net_device *upper_dev, bool master,
void *private)
-@@ -5127,6 +5172,7 @@ static int __netdev_upper_dev_link(struc
+@@ -5140,6 +5185,7 @@ static int __netdev_upper_dev_link(struc
goto rollback_lower_mesh;
}
call_netdevice_notifiers(NETDEV_CHANGEUPPER, dev);
return 0;
-@@ -5244,6 +5290,7 @@ void netdev_upper_dev_unlink(struct net_
+@@ -5257,6 +5303,7 @@ void netdev_upper_dev_unlink(struct net_
list_for_each_entry(i, &upper_dev->all_adj_list.upper, list)
- __netdev_adjacent_dev_unlink(dev, i->dev);
+ __netdev_adjacent_dev_unlink(dev, i->dev, i->ref_nr);
+ netdev_update_addr_mask(dev);
call_netdevice_notifiers(NETDEV_CHANGEUPPER, dev);
}
EXPORT_SYMBOL(netdev_upper_dev_unlink);
-@@ -5763,6 +5810,7 @@ int dev_set_mac_address(struct net_devic
+@@ -5776,6 +5823,7 @@ int dev_set_mac_address(struct net_devic
if (err)
return err;
dev->addr_assign_type = NET_ADDR_SET;
#endif
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
-@@ -597,7 +597,8 @@ struct sk_buff {
+@@ -598,7 +598,8 @@ struct sk_buff {
#endif
__u8 ipvs_property:1;
__u8 inner_protocol_type:1;
* @phydev: the phy_device struct
--- a/include/linux/phy.h
+++ b/include/linux/phy.h
-@@ -748,6 +748,7 @@ void phy_start_machine(struct phy_device
+@@ -752,6 +752,7 @@ void phy_start_machine(struct phy_device
void phy_stop_machine(struct phy_device *phydev);
int phy_ethtool_sset(struct phy_device *phydev, struct ethtool_cmd *cmd);
int phy_ethtool_gset(struct phy_device *phydev, struct ethtool_cmd *cmd);
{
/* Do nothing for now */
return 0;
-@@ -1347,7 +1347,7 @@ static struct phy_driver genphy_driver[]
- .phy_id = 0xffffffff,
- .phy_id_mask = 0xffffffff,
- .name = "Generic PHY",
-- .soft_reset = genphy_soft_reset,
-+ .soft_reset = no_soft_reset,
- .config_init = genphy_config_init,
- .features = PHY_GBIT_FEATURES | SUPPORTED_MII |
- SUPPORTED_AUI | SUPPORTED_FIBRE |
-@@ -1362,7 +1362,7 @@ static struct phy_driver genphy_driver[]
+@@ -1364,7 +1364,7 @@ static struct phy_driver genphy_driver[]
.phy_id = 0xffffffff,
.phy_id_mask = 0xffffffff,
.name = "Generic 10G PHY",
phy_device_free(phydev);
--- a/include/linux/phy.h
+++ b/include/linux/phy.h
-@@ -785,4 +785,22 @@ int __init mdio_bus_init(void);
+@@ -789,4 +789,22 @@ int __init mdio_bus_init(void);
void mdio_bus_exit(void);
extern struct bus_type mdio_bus_type;
*/
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
-@@ -2054,6 +2054,10 @@ static inline int pskb_trim(struct sk_bu
+@@ -2055,6 +2055,10 @@ static inline int pskb_trim(struct sk_bu
return (len < skb->len) ? __pskb_trim(skb, len) : 0;
}
/**
* pskb_trim_unique - remove end from a paged unique (not cloned) buffer
* @skb: buffer to alter
-@@ -2180,16 +2184,6 @@ static inline struct sk_buff *dev_alloc_
+@@ -2181,16 +2185,6 @@ static inline struct sk_buff *dev_alloc_
}
help
--- a/net/core/dev.c
+++ b/net/core/dev.c
-@@ -2623,10 +2623,20 @@ static int xmit_one(struct sk_buff *skb,
+@@ -2629,10 +2629,20 @@ static int xmit_one(struct sk_buff *skb,
if (!list_empty(&ptype_all))
dev_queue_xmit_nit(skb, dev);
#include <net/protocol.h>
#include <net/dst.h>
-@@ -469,6 +470,22 @@ struct sk_buff *__netdev_alloc_skb(struc
+@@ -471,6 +472,22 @@ struct sk_buff *__netdev_alloc_skb(struc
}
EXPORT_SYMBOL(__netdev_alloc_skb);
#endif /* HOSTAP_H */
--- a/drivers/net/wireless/hostap/hostap_hw.c
+++ b/drivers/net/wireless/hostap/hostap_hw.c
-@@ -928,6 +928,7 @@ static int hfa384x_set_rid(struct net_de
+@@ -933,6 +933,7 @@ static int hfa384x_set_rid(struct net_de
prism2_hw_reset(dev);
}
/**************************************************
* BCMA bus ops
**************************************************/
-@@ -1688,6 +1700,14 @@ static int bgmac_probe(struct bcma_devic
+@@ -1693,6 +1705,14 @@ static int bgmac_probe(struct bcma_devic
net_dev->hw_features = net_dev->features;
net_dev->vlan_features = net_dev->features;
err = register_netdev(bgmac->net_dev);
if (err) {
bgmac_err(bgmac, "Cannot register net device\n");
-@@ -1714,6 +1734,10 @@ static void bgmac_remove(struct bcma_dev
+@@ -1719,6 +1739,10 @@ static void bgmac_remove(struct bcma_dev
{
struct bgmac *bgmac = bcma_get_drvdata(core);
--- a/drivers/usb/host/pci-quirks.c
+++ b/drivers/usb/host/pci-quirks.c
-@@ -97,6 +97,8 @@ struct amd_chipset_type {
+@@ -98,6 +98,8 @@ struct amd_chipset_type {
u8 rev;
};
static struct amd_chipset_info {
struct pci_dev *nb_dev;
struct pci_dev *smbus_dev;
-@@ -454,6 +456,10 @@ void usb_amd_dev_put(void)
+@@ -462,6 +464,10 @@ void usb_amd_dev_put(void)
}
EXPORT_SYMBOL_GPL(usb_amd_dev_put);
/*
* Make sure the controller is completely inactive, unable to
* generate interrupts or do DMA.
-@@ -533,8 +539,17 @@ reset_needed:
+@@ -541,8 +547,17 @@ reset_needed:
uhci_reset_hc(pdev, base);
return 1;
}
static inline int io_type_enabled(struct pci_dev *pdev, unsigned int mask)
{
u16 cmd;
-@@ -1095,3 +1110,4 @@ static void quirk_usb_early_handoff(stru
+@@ -1103,3 +1118,4 @@ static void quirk_usb_early_handoff(stru
}
DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_ANY_ID, PCI_ANY_ID,
PCI_CLASS_SERIAL_USB, 8, quirk_usb_early_handoff);
goto err;
--- a/net/core/sock.c
+++ b/net/core/sock.c
-@@ -2933,6 +2933,8 @@ static __net_initdata struct pernet_oper
+@@ -2939,6 +2939,8 @@ static __net_initdata struct pernet_oper
static int __init proto_init(void)
{
+
--- a/crypto/Makefile
+++ b/crypto/Makefile
-@@ -101,6 +101,8 @@ obj-$(CONFIG_CRYPTO_USER_API) += af_alg.
+@@ -103,6 +103,8 @@ obj-$(CONFIG_CRYPTO_USER_API) += af_alg.
obj-$(CONFIG_CRYPTO_USER_API_HASH) += algif_hash.o
obj-$(CONFIG_CRYPTO_USER_API_SKCIPHER) += algif_skcipher.o
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
-@@ -903,6 +903,9 @@ int __init early_init_dt_scan_chosen(uns
+@@ -909,6 +909,9 @@ int __init early_init_dt_scan_chosen(uns
p = of_get_flat_dt_prop(node, "bootargs", &l);
if (p != NULL && l > 0)
strlcpy(data, p, min((int)l, COMMAND_LINE_SIZE));
return ret;
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
-@@ -827,6 +827,7 @@
+@@ -828,6 +828,7 @@
#define PCI_DEVICE_ID_TI_XX12 0x8039
#define PCI_DEVICE_ID_TI_XX12_FM 0x803b
#define PCI_DEVICE_ID_TI_XIO2000A 0x8231
--- a/drivers/net/ethernet/intel/igb/e1000_phy.c
+++ b/drivers/net/ethernet/intel/igb/e1000_phy.c
-@@ -135,7 +135,7 @@ out:
+@@ -139,7 +139,7 @@ out:
s32 igb_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data)
{
struct e1000_phy_info *phy = &hw->phy;
s32 ret_val = 0;
if (offset > MAX_PHY_REG_ADDRESS) {
-@@ -148,11 +148,25 @@ s32 igb_read_phy_reg_mdic(struct e1000_h
+@@ -152,11 +152,25 @@ s32 igb_read_phy_reg_mdic(struct e1000_h
* Control register. The MAC will take care of interfacing with the
* PHY to retrieve the desired data.
*/
/* Poll the ready bit to see if the MDI read completed
* Increasing the time out as testing showed failures with
-@@ -177,6 +191,18 @@ s32 igb_read_phy_reg_mdic(struct e1000_h
+@@ -181,6 +195,18 @@ s32 igb_read_phy_reg_mdic(struct e1000_h
*data = (u16) mdic;
out:
return ret_val;
}
-@@ -191,7 +217,7 @@ out:
+@@ -195,7 +221,7 @@ out:
s32 igb_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data)
{
struct e1000_phy_info *phy = &hw->phy;
s32 ret_val = 0;
if (offset > MAX_PHY_REG_ADDRESS) {
-@@ -204,12 +230,27 @@ s32 igb_write_phy_reg_mdic(struct e1000_
+@@ -208,12 +234,27 @@ s32 igb_write_phy_reg_mdic(struct e1000_
* Control register. The MAC will take care of interfacing with the
* PHY to retrieve the desired data.
*/
/* Poll the ready bit to see if the MDI read completed
* Increasing the time out as testing showed failures with
-@@ -233,6 +274,18 @@ s32 igb_write_phy_reg_mdic(struct e1000_
+@@ -237,6 +278,18 @@ s32 igb_write_phy_reg_mdic(struct e1000_
}
out:
--- a/drivers/net/ethernet/intel/igb/e1000_phy.c
+++ b/drivers/net/ethernet/intel/igb/e1000_phy.c
-@@ -132,9 +132,8 @@ out:
+@@ -136,9 +136,8 @@ out:
* Reads the MDI control regsiter in the PHY at offset and stores the
* information read to data.
**/
u32 i, mdicnfg, mdic = 0;
s32 ret_val = 0;
-@@ -153,14 +152,14 @@ s32 igb_read_phy_reg_mdic(struct e1000_h
+@@ -157,14 +156,14 @@ s32 igb_read_phy_reg_mdic(struct e1000_h
case e1000_i211:
mdicnfg = rd32(E1000_MDICNFG);
mdicnfg &= ~(E1000_MDICNFG_PHY_MASK);
(E1000_MDIC_OP_READ));
break;
}
-@@ -214,9 +213,8 @@ out:
+@@ -218,9 +217,8 @@ out:
*
* Writes data to MDI control register in the PHY at offset.
**/
u32 i, mdicnfg, mdic = 0;
s32 ret_val = 0;
-@@ -235,7 +233,7 @@ s32 igb_write_phy_reg_mdic(struct e1000_
+@@ -239,7 +237,7 @@ s32 igb_write_phy_reg_mdic(struct e1000_
case e1000_i211:
mdicnfg = rd32(E1000_MDICNFG);
mdicnfg &= ~(E1000_MDICNFG_PHY_MASK);
wr32(E1000_MDICNFG, mdicnfg);
mdic = (((u32)data) |
(offset << E1000_MDIC_REG_SHIFT) |
-@@ -244,7 +242,7 @@ s32 igb_write_phy_reg_mdic(struct e1000_
+@@ -248,7 +246,7 @@ s32 igb_write_phy_reg_mdic(struct e1000_
default:
mdic = (((u32)data) |
(offset << E1000_MDIC_REG_SHIFT) |
(E1000_MDIC_OP_WRITE));
break;
}
-@@ -464,7 +462,7 @@ s32 igb_read_phy_reg_igp(struct e1000_hw
+@@ -468,7 +466,7 @@ s32 igb_read_phy_reg_igp(struct e1000_hw
goto out;
if (offset > MAX_PHY_MULTI_PAGE_REG) {
IGP01E1000_PHY_PAGE_SELECT,
(u16)offset);
if (ret_val) {
-@@ -473,8 +471,8 @@ s32 igb_read_phy_reg_igp(struct e1000_hw
+@@ -477,8 +475,8 @@ s32 igb_read_phy_reg_igp(struct e1000_hw
}
}
hw->phy.ops.release(hw);
-@@ -503,7 +501,7 @@ s32 igb_write_phy_reg_igp(struct e1000_h
+@@ -507,7 +505,7 @@ s32 igb_write_phy_reg_igp(struct e1000_h
goto out;
if (offset > MAX_PHY_MULTI_PAGE_REG) {
IGP01E1000_PHY_PAGE_SELECT,
(u16)offset);
if (ret_val) {
-@@ -512,8 +510,8 @@ s32 igb_write_phy_reg_igp(struct e1000_h
+@@ -516,8 +514,8 @@ s32 igb_write_phy_reg_igp(struct e1000_h
}
}
hw->phy.ops.release(hw);
-@@ -2464,8 +2462,9 @@ out:
+@@ -2468,8 +2466,9 @@ out:
}
/**
* @offset: lower half is register offset to write to
* upper half is page to use.
* @data: data to write at register offset
-@@ -2473,7 +2472,7 @@ out:
+@@ -2477,7 +2476,7 @@ out:
* Acquires semaphore, if necessary, then writes the data to PHY register
* at the offset. Release any acquired semaphores before exiting.
**/
{
s32 ret_val;
u16 page = offset >> GS40G_PAGE_SHIFT;
-@@ -2483,10 +2482,10 @@ s32 igb_write_phy_reg_gs40g(struct e1000
+@@ -2487,10 +2486,10 @@ s32 igb_write_phy_reg_gs40g(struct e1000
if (ret_val)
return ret_val;
release:
hw->phy.ops.release(hw);
-@@ -2494,8 +2493,24 @@ release:
+@@ -2498,8 +2497,24 @@ release:
}
/**
* @offset: lower half is register offset to read to
* upper half is page to use.
* @data: data to read at register offset
-@@ -2503,7 +2518,7 @@ release:
+@@ -2507,7 +2522,7 @@ release:
* Acquires semaphore, if necessary, then reads the data in the PHY register
* at the offset. Release any acquired semaphores before exiting.
**/
{
s32 ret_val;
u16 page = offset >> GS40G_PAGE_SHIFT;
-@@ -2513,10 +2528,10 @@ s32 igb_read_phy_reg_gs40g(struct e1000_
+@@ -2517,10 +2532,10 @@ s32 igb_read_phy_reg_gs40g(struct e1000_
if (ret_val)
return ret_val;
release:
hw->phy.ops.release(hw);
-@@ -2524,6 +2539,21 @@ release:
+@@ -2528,6 +2543,21 @@ release:
}
/**
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
-@@ -210,6 +210,9 @@ struct sk_buff *__alloc_skb(unsigned int
+@@ -212,6 +212,9 @@ struct sk_buff *__alloc_skb(unsigned int
if (sk_memalloc_socks() && (flags & SKB_ALLOC_RX))
gfp_mask |= __GFP_MEMALLOC;
/* Get the HEAD */
skb = kmem_cache_alloc_node(cache, gfp_mask & ~__GFP_DMA, node);
-@@ -1096,6 +1099,10 @@ int pskb_expand_head(struct sk_buff *skb
+@@ -1098,6 +1101,10 @@ int pskb_expand_head(struct sk_buff *skb
if (skb_shared(skb))
BUG();
unsigned long type);
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
-@@ -1050,6 +1050,12 @@
+@@ -1051,6 +1051,12 @@
#define PCI_DEVICE_ID_SGI_LITHIUM 0x1002
#define PCI_DEVICE_ID_SGI_IOC4 0x100a
choice
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
-@@ -4321,7 +4321,7 @@ hub_port_init (struct usb_hub *hub, stru
+@@ -4320,7 +4320,7 @@ hub_port_init (struct usb_hub *hub, stru
udev->ttport = hdev->ttport;
} else if (udev->speed != USB_SPEED_HIGH
&& hdev->speed == USB_SPEED_HIGH) {
--- a/drivers/gpio/Kconfig
+++ b/drivers/gpio/Kconfig
-@@ -819,6 +819,12 @@ config GPIO_MC33880
+@@ -820,6 +820,12 @@ config GPIO_MC33880
SPI driver for Freescale MC33880 high-side/low-side switch.
This provides GPIO interface supporting inputs and outputs.
};
/* USB part of the eSATA/USB 2.0 port */
- usb@50000 {
+ usb@58000 {
status = "okay";
};
put_usb3_hcd:
usb_put_hcd(xhci->shared_hcd);
-@@ -190,6 +206,7 @@ static int xhci_plat_remove(struct platf
- struct clk *clk = xhci->clk;
+@@ -192,6 +208,7 @@ static int xhci_plat_remove(struct platf
+ xhci->xhc_state |= XHCI_STATE_REMOVING;
usb_remove_hcd(xhci->shared_hcd);
+ usb_phy_shutdown(hcd->usb_phy);
#include <video/da8xx-fb.h>
#include <asm/div64.h>
-@@ -1317,12 +1318,54 @@ static struct fb_ops da8xx_fb_ops = {
+@@ -1316,12 +1317,54 @@ static struct fb_ops da8xx_fb_ops = {
.fb_blank = cfb_blank,
};
for (i = 0, lcdc_info = known_lcd_panels;
i < ARRAY_SIZE(known_lcd_panels); i++, lcdc_info++) {
if (strcmp(fb_pdata->type, lcdc_info->name) == 0)
-@@ -1351,7 +1394,7 @@ static int fb_probe(struct platform_devi
+@@ -1350,7 +1393,7 @@ static int fb_probe(struct platform_devi
int ret;
unsigned long ulcm;
dev_err(&device->dev, "Can not get platform data\n");
return -ENOENT;
}
-@@ -1391,7 +1434,10 @@ static int fb_probe(struct platform_devi
+@@ -1390,7 +1433,10 @@ static int fb_probe(struct platform_devi
break;
}
if (!lcd_cfg) {
ret = -EINVAL;
-@@ -1410,7 +1456,7 @@ static int fb_probe(struct platform_devi
+@@ -1409,7 +1455,7 @@ static int fb_probe(struct platform_devi
par->dev = &device->dev;
par->lcdc_clk = tmp_lcdc_clk;
par->lcdc_clk_rate = clk_get_rate(par->lcdc_clk);
par->panel_power_ctrl = fb_pdata->panel_power_ctrl;
par->panel_power_ctrl(1);
}
-@@ -1654,12 +1700,26 @@ static int fb_resume(struct device *dev)
+@@ -1653,12 +1699,26 @@ static int fb_resume(struct device *dev)
static SIMPLE_DEV_PM_OPS(fb_pm_ops, fb_suspend, fb_resume);
static struct fb_videomode known_lcd_panels[] = {
/* Sharp LCD035Q3DG01 */
[0] = {
-@@ -831,6 +834,32 @@ static int lcd_init(struct da8xx_fb_par
+@@ -830,6 +833,32 @@ static int lcd_init(struct da8xx_fb_par
return 0;
}
/* IRQ handler for version 2 of LCDC */
static irqreturn_t lcdc_irq_handler_rev02(int irq, void *arg)
{
-@@ -868,6 +897,8 @@ static irqreturn_t lcdc_irq_handler_rev0
+@@ -867,6 +896,8 @@ static irqreturn_t lcdc_irq_handler_rev0
LCD_DMA_FRM_BUF_CEILING_ADDR_0_REG);
par->vsync_flag = 1;
wake_up_interruptible(&par->vsync_wait);
}
if (stat & LCD_END_OF_FRAME1) {
-@@ -943,6 +974,8 @@ static irqreturn_t lcdc_irq_handler_rev0
+@@ -942,6 +973,8 @@ static irqreturn_t lcdc_irq_handler_rev0
LCD_DMA_FRM_BUF_CEILING_ADDR_1_REG);
par->vsync_flag = 1;
wake_up_interruptible(&par->vsync_wait);
--- a/drivers/video/fbdev/da8xx-fb.c
+++ b/drivers/video/fbdev/da8xx-fb.c
-@@ -909,6 +909,8 @@ static irqreturn_t lcdc_irq_handler_rev0
+@@ -908,6 +908,8 @@ static irqreturn_t lcdc_irq_handler_rev0
LCD_DMA_FRM_BUF_CEILING_ADDR_1_REG);
par->vsync_flag = 1;
wake_up_interruptible(&par->vsync_wait);
}
/* Set only when controller is disabled and at the end of
-@@ -974,8 +976,6 @@ static irqreturn_t lcdc_irq_handler_rev0
+@@ -973,8 +975,6 @@ static irqreturn_t lcdc_irq_handler_rev0
LCD_DMA_FRM_BUF_CEILING_ADDR_1_REG);
par->vsync_flag = 1;
wake_up_interruptible(&par->vsync_wait);
--- a/drivers/media/usb/uvc/uvc_driver.c
+++ b/drivers/media/usb/uvc/uvc_driver.c
-@@ -2504,6 +2504,20 @@ static struct usb_device_id uvc_ids[] =
+@@ -2610,6 +2610,20 @@ static struct usb_device_id uvc_ids[] =
.bInterfaceProtocol = 0,
.driver_info = UVC_QUIRK_PROBE_MINMAX
| UVC_QUIRK_IGNORE_SELECTOR_UNIT },
/* EHCI, OHCI */
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
-@@ -1304,7 +1304,7 @@ static void hub_quiesce(struct usb_hub *
+@@ -1261,7 +1261,7 @@ static void hub_quiesce(struct usb_hub *
if (type != HUB_SUSPEND) {
/* Disconnect all the children */
for (i = 0; i < hdev->maxchild; ++i) {
irq = platform_get_irq(pdev, 0);
+#endif
if (irq < 0)
- return -ENODEV;
+ return irq;
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
return 1;
}
-@@ -2843,6 +2847,7 @@ static int prepare_ring(struct xhci_hcd
+@@ -2835,6 +2839,7 @@ static int prepare_ring(struct xhci_hcd
next = ring->enqueue;
while (last_trb(xhci, ring, ring->enq_seg, next)) {
/* If we're not dealing with 0.95 hardware or isoc rings
* on AMD 0.96 host, clear the chain bit.
*/
-@@ -2852,6 +2857,9 @@ static int prepare_ring(struct xhci_hcd
+@@ -2844,6 +2849,9 @@ static int prepare_ring(struct xhci_hcd
next->link.control &= cpu_to_le32(~TRB_CHAIN);
else
next->link.control |= cpu_to_le32(TRB_CHAIN);
wmb();
next->link.control ^= cpu_to_le32(TRB_CYCLE);
-@@ -2982,6 +2990,9 @@ static void giveback_first_trb(struct xh
+@@ -2974,6 +2982,9 @@ static void giveback_first_trb(struct xh
start_trb->field[3] |= cpu_to_le32(start_cycle);
else
start_trb->field[3] &= cpu_to_le32(~TRB_CYCLE);
xhci_ring_ep_doorbell(xhci, slot_id, ep_index, stream_id);
}
-@@ -3037,6 +3048,29 @@ static u32 xhci_td_remainder(unsigned in
+@@ -3029,6 +3040,29 @@ static u32 xhci_td_remainder(unsigned in
return (remainder >> 10) << 17;
}
/*
* For xHCI 1.0 host controllers, TD size is the number of max packet sized
* packets remaining in the TD (*not* including this TRB).
-@@ -3194,6 +3228,7 @@ static int queue_bulk_sg_tx(struct xhci_
+@@ -3186,6 +3220,7 @@ static int queue_bulk_sg_tx(struct xhci_
}
/* Set the TRB length, TD size, and interrupter fields. */
if (xhci->hci_version < 0x100) {
remainder = xhci_td_remainder(
urb->transfer_buffer_length -
-@@ -3203,6 +3238,12 @@ static int queue_bulk_sg_tx(struct xhci_
+@@ -3195,6 +3230,12 @@ static int queue_bulk_sg_tx(struct xhci_
trb_buff_len, total_packet_count, urb,
num_trbs - 1);
}
length_field = TRB_LEN(trb_buff_len) |
remainder |
TRB_INTR_TARGET(0);
-@@ -3267,6 +3308,9 @@ int xhci_queue_bulk_tx(struct xhci_hcd *
+@@ -3259,6 +3300,9 @@ int xhci_queue_bulk_tx(struct xhci_hcd *
int running_total, trb_buff_len, ret;
unsigned int total_packet_count;
u64 addr;
if (urb->num_sgs)
return queue_bulk_sg_tx(xhci, mem_flags, urb, slot_id, ep_index);
-@@ -3291,6 +3335,25 @@ int xhci_queue_bulk_tx(struct xhci_hcd *
+@@ -3283,6 +3327,25 @@ int xhci_queue_bulk_tx(struct xhci_hcd *
num_trbs++;
running_total += TRB_MAX_BUFF_SIZE;
}
ret = prepare_transfer(xhci, xhci->devs[slot_id],
ep_index, urb->stream_id,
-@@ -3367,6 +3430,7 @@ int xhci_queue_bulk_tx(struct xhci_hcd *
+@@ -3359,6 +3422,7 @@ int xhci_queue_bulk_tx(struct xhci_hcd *
field |= TRB_ISP;
/* Set the TRB length, TD size, and interrupter fields. */
if (xhci->hci_version < 0x100) {
remainder = xhci_td_remainder(
urb->transfer_buffer_length -
-@@ -3376,6 +3440,10 @@ int xhci_queue_bulk_tx(struct xhci_hcd *
+@@ -3368,6 +3432,10 @@ int xhci_queue_bulk_tx(struct xhci_hcd *
trb_buff_len, total_packet_count, urb,
num_trbs - 1);
}
length_field = TRB_LEN(trb_buff_len) |
remainder |
TRB_INTR_TARGET(0);
-@@ -3465,7 +3533,11 @@ int xhci_queue_ctrl_tx(struct xhci_hcd *
+@@ -3457,7 +3525,11 @@ int xhci_queue_ctrl_tx(struct xhci_hcd *
field |= 0x1;
/* xHCI 1.0/1.1 6.4.1.2.1: Transfer Type field */
if (urb->transfer_buffer_length > 0) {
if (setup->bRequestType & USB_DIR_IN)
field |= TRB_TX_TYPE(TRB_DATA_IN);
-@@ -3489,7 +3561,12 @@ int xhci_queue_ctrl_tx(struct xhci_hcd *
+@@ -3481,7 +3553,12 @@ int xhci_queue_ctrl_tx(struct xhci_hcd *
field = TRB_TYPE(TRB_DATA);
length_field = TRB_LEN(urb->transfer_buffer_length) |
TRB_INTR_TARGET(0);
if (urb->transfer_buffer_length > 0) {
if (setup->bRequestType & USB_DIR_IN)
-@@ -3612,6 +3689,9 @@ static int xhci_queue_isoc_tx(struct xhc
+@@ -3604,6 +3681,9 @@ static int xhci_queue_isoc_tx(struct xhc
u64 start_addr, addr;
int i, j;
bool more_trbs_coming;
ep_ring = xhci->devs[slot_id]->eps[ep_index].ring;
-@@ -3625,6 +3705,21 @@ static int xhci_queue_isoc_tx(struct xhc
+@@ -3617,6 +3697,21 @@ static int xhci_queue_isoc_tx(struct xhc
start_trb = &ep_ring->enqueue->generic;
start_cycle = ep_ring->cycle_state;
urb_priv = urb->hcpriv;
/* Queue the first TRB, even if it's zero-length */
for (i = 0; i < num_tds; i++) {
-@@ -3696,9 +3791,13 @@ static int xhci_queue_isoc_tx(struct xhc
+@@ -3688,9 +3783,13 @@ static int xhci_queue_isoc_tx(struct xhc
} else {
td->last_trb = ep_ring->enqueue;
field |= TRB_IOC;
/* Set BEI bit except for the last td */
if (i < num_tds - 1)
field |= TRB_BEI;
-@@ -3713,6 +3812,7 @@ static int xhci_queue_isoc_tx(struct xhc
+@@ -3705,6 +3804,7 @@ static int xhci_queue_isoc_tx(struct xhc
trb_buff_len = td_remain_len;
/* Set the TRB length, TD size, & interrupter fields. */
if (xhci->hci_version < 0x100) {
remainder = xhci_td_remainder(
td_len - running_total);
-@@ -3722,6 +3822,10 @@ static int xhci_queue_isoc_tx(struct xhc
+@@ -3714,6 +3814,10 @@ static int xhci_queue_isoc_tx(struct xhc
total_packet_count, urb,
(trbs_per_td - j - 1));
}
xhci_dbg_trace(xhci, trace_xhci_dbg_init,
"Finished xhci_run for USB2 roothub");
return 0;
-@@ -1651,6 +1692,14 @@ int xhci_drop_endpoint(struct usb_hcd *h
+@@ -1638,6 +1679,14 @@ int xhci_drop_endpoint(struct usb_hcd *h
u32 drop_flag;
u32 new_add_flags, new_drop_flags;
int ret;
ret = xhci_check_args(hcd, udev, ep, 1, true, __func__);
if (ret <= 0)
-@@ -1698,6 +1747,40 @@ int xhci_drop_endpoint(struct usb_hcd *h
+@@ -1685,6 +1734,40 @@ int xhci_drop_endpoint(struct usb_hcd *h
xhci_endpoint_zero(xhci, xhci->devs[udev->slot_id], ep);
xhci_dbg(xhci, "drop ep 0x%x, slot id %d, new drop flags = %#x, new add flags = %#x\n",
(unsigned int) ep->desc.bEndpointAddress,
udev->slot_id,
-@@ -1730,6 +1813,19 @@ int xhci_add_endpoint(struct usb_hcd *hc
+@@ -1717,6 +1800,19 @@ int xhci_add_endpoint(struct usb_hcd *hc
u32 new_add_flags, new_drop_flags;
struct xhci_virt_device *virt_dev;
int ret = 0;
ret = xhci_check_args(hcd, udev, ep, 1, true, __func__);
if (ret <= 0) {
-@@ -1796,6 +1892,56 @@ int xhci_add_endpoint(struct usb_hcd *hc
+@@ -1783,6 +1879,56 @@ int xhci_add_endpoint(struct usb_hcd *hc
return -ENOMEM;
}
ctrl_ctx->add_flags |= cpu_to_le32(added_ctxs);
new_add_flags = le32_to_cpu(ctrl_ctx->add_flags);
-@@ -4467,8 +4613,14 @@ static u16 xhci_call_host_update_timeout
+@@ -4454,8 +4600,14 @@ static u16 xhci_call_host_update_timeout
u16 *timeout)
{
if (state == USB3_LPM_U1)
return xhci_calculate_u2_timeout(xhci, udev, desc);
return USB3_LPM_DISABLED;
-@@ -4853,7 +5005,9 @@ int xhci_gen_setup(struct usb_hcd *hcd,
+@@ -4840,7 +4992,9 @@ int xhci_gen_setup(struct usb_hcd *hcd,
hcd->self.no_sg_constraint = 1;
/* XHCI controllers don't stop the ep queue on short packets :| */
if (usb_hcd_is_primary_hcd(hcd)) {
xhci = kzalloc(sizeof(struct xhci_hcd), GFP_KERNEL);
-@@ -4926,6 +5080,10 @@ int xhci_gen_setup(struct usb_hcd *hcd,
+@@ -4913,6 +5067,10 @@ int xhci_gen_setup(struct usb_hcd *hcd,
if (xhci->quirks & XHCI_NO_64BIT_SUPPORT)
xhci->hcc_params &= ~BIT(0);
/* Set dma_mask and coherent_dma_mask to 64-bits,
* if xHC supports 64-bit addressing */
if (HCC_64BIT_ADDR(xhci->hcc_params) &&
-@@ -5020,8 +5178,57 @@ MODULE_DESCRIPTION(DRIVER_DESC);
+@@ -5007,8 +5165,57 @@ MODULE_DESCRIPTION(DRIVER_DESC);
MODULE_AUTHOR(DRIVER_AUTHOR);
MODULE_LICENSE("GPL");
#include "sdio_cis.h"
#include "sdio_bus.h"
-@@ -303,6 +305,13 @@ static void sdio_acpi_set_handle(struct
+@@ -313,6 +315,13 @@ static void sdio_acpi_set_handle(struct
static inline void sdio_acpi_set_handle(struct sdio_func *func) {}
#endif
/*
* Register a new SDIO function with the driver model.
*/
-@@ -312,6 +321,7 @@ int sdio_add_func(struct sdio_func *func
+@@ -322,6 +331,7 @@ int sdio_add_func(struct sdio_func *func
dev_set_name(&func->dev, "%s:%d", mmc_card_id(func->card), func->num);
sdio_acpi_set_handle(func);
ret = device_add(&func->dev);
if (ret == 0) {
-@@ -335,6 +345,7 @@ void sdio_remove_func(struct sdio_func *
+@@ -345,6 +355,7 @@ void sdio_remove_func(struct sdio_func *
dev_pm_domain_detach(&func->dev, false);
device_del(&func->dev);
--- a/arch/um/include/asm/Kbuild
+++ /dev/null
-@@ -1,30 +0,0 @@
+@@ -1,31 +0,0 @@
-generic-y += barrier.h
-generic-y += bug.h
-generic-y += clkdev.h
-generic-y += switch_to.h
-generic-y += topology.h
-generic-y += trace_clock.h
+-generic-y += word-at-a-time.h
-generic-y += xor.h
--- a/arch/um/include/asm/a.out-core.h
+++ /dev/null
--- a/arch/mips/jz4740/board-qi_lb60.c
+++ b/arch/mips/jz4740/board-qi_lb60.c
-@@ -312,7 +312,6 @@ static struct spi_board_info qi_lb60_spi
+@@ -313,7 +313,6 @@ static struct spi_board_info qi_lb60_spi
.chip_select = 0,
.bus_num = 1,
.max_speed_hz = 30 * 1000,