M_ars
3e658c5d01
rc: init.c - remove start_nas()/stop_nas() (already done at start_services()/stop_services())
...
And important: call stop_nas() first before we start again
6 years ago
M_ars
f6f1bc04ed
rc: network.c - bring down loopback interface if we stop lan (and some cosmetic)
...
In addition: check if lo interface is already running,
we call function config_loopback() several times with multi-lan setups
tested with RT-N18U, working correct
6 years ago
M_ars
0cd1a47b51
GUI: about.asp - virtual SSID support of Teaman works really good! (no experiment/test anymore...) (only cosmetic)
6 years ago
M_ars
017c1a78ed
rc: usb.c - improve/extend detection to activate the USB LED for Router with only one USB LED
...
(align to the two USB LED detection way and/or also see mips branch)
6 years ago
M_ars
d3dc8ffe4f
Huawei WS880: change LED table - assign GPIO 14 for USB LED (active LOW) (no Change) - assign GPIO 1 for LED_BRIDGE (active LOW) (no Change) - assign GPIO 0 for LED_AOSS (active LOW) --> used for WLAN SUMMARY LED (similar to Netgear R-Series Router) - assign GPIO 12 for LED_WHITE (active HIGH) (no Change) - assign GPIO 6 for LED_DIAG (active LOW) / WPS LED in front - assign GPIO 15 for WLAN toggle function / Power Button in front (active LOW) - assign GPIO 2 for reset button (active LOW) (no Change) - assign GPIO 3 for wps button (active LOW) (no Change) - NO wifi blinking support anymore (causing problems)
...
Reference (for example) or WS880 CFE/Bootloader:
https://patchwork.ozlabs.org/patch/551390/
Hint: this should help to get back "Reboot via GUI" for WS880, see
https://www.linksysinfo.org/index.php?threads/ws880-lack-of-reboot-issue.75142/page-3#post-312259
6 years ago
M_ars
89564f837e
rc: network.c - rework start and stop of emf/lan/wl - fix/correct start and stop of EMF (stop failed almost every time and also router stuck/hung sometimes at reboot via GUI!) - make EMF multi-lan aware - give feedback about start and stop EMF - rework basic start and stop of start_lan / start_lan_wl / start_wl / start_wireless ... - cosmetic - set start_wan(BOOT) last one --> at services.c (align also to init.c)
...
tested with RT-N18U and R7000, working (reboot, restart, wifi bridge, VIFs, multi lan, wifi on/off, et cetera... all ok)
6 years ago
M_ars
0fc43dee91
Huawei WS880: disable wifi blink by default for WS880, causing problems (This is a workaround for now!)
...
fix for: lack of reboot with WS880 (with both wifi radios must be turned on!)
see forum:
https://www.linksysinfo.org/index.php?threads/ws880-lack-of-reboot-issue.75142/page-3#post-312177
6 years ago
M_ars
99948c952a
rc: init.c - init variable restore_defaults to 0 and also use it to reset/adjust beamforming parameter
6 years ago
M_ars
de4d55aea8
rc: init.c - Adjust et and wl thresh value after reset (for wifi-driver and et_linux.c)
6 years ago
M_ars
2407fb71a1
kernel: arch: arm: mach-brcm-hnd: board_ns.c - cosmetic - fix typo - use else if
6 years ago
M_ars
fec4440007
RT-AC3200: improve/change LED table if router is in WiFi bridge mode
...
fix for: second WAN LED with color RED (GPIO 5, active HIGH) was turned on in WiFi bridge mode.
see report:
https://www.linksysinfo.org/index.php?threads/fork-freshtomato-arm-development-thread.74117/page-180#post-311841
Hint: reboot required
6 years ago
M_ars
accaa4ebf0
GUI: nas-samba.asp - add option to enable/disable GRO (Default Off --> like before)
...
Note: GRO only gets enabled when Samba is! (tomato user can decide)
See log file:
Jan 1 01:00:27 Tomato-Router kern.warn kernel: gro enabled with interval 2
Jan 1 01:00:27 Tomato-Router user.info preinit[1]: samba daemon is started
tested with RT-N18U, working without problems
6 years ago
pedro
096ab80d91
GUI: add AdvancedTomato-like themes: red, blue, green and dark
...
- AdvancedTomato's look and feel
- uniform panel-based UI
- custom-drawn controls
- svg-based (embedded) icons
- css-only vector animations for spinners
- collapsible menu for low-res screens
- ability to enable dynamic chart scaling
- note: requires modern browser
Based on https://github.com/tsg2k2/tomato-css (thanks!) with numerous corrections and additions (e.g. it wasn't ready for a dark theme, some icons were missing, errors in some places etc.)
6 years ago
pedro
5452ceada3
GUI: clean-up; the first step to sorting out this mess
...
- many changes, fixes and improvements
- remove duplicate JS scripts and more
- 99.5% of css rules moved from .asp scripts to main css file (tomato.css)
- at last 100% compatible with older browsers (ex. IE 9, Safari 5.1.7)
- some of themes (css) on tomatothemebase.eu may need corrections in 1-2 places (#footer mainly)
- preparation for advanced themes
- /www size reduced by 25KB
- tested on: IE 9, Safari 5.1.7, Opera 67.0.3575.53, Chrome 80.0.3987.132, Firefox Nightly 75.0a1: all ok
6 years ago
pedro
e7e259f9a9
router: others: mymotd: fix 'bad number' bug when wanX is disabled
6 years ago
Michał Obrembski
6c53343187
Merged pedro311/freshtomato-arm into arm-master
6 years ago
pedro
cc7678b2fb
GUI: Basic Network: fix the order in which the wifi interfaces are selected when setting Wireless Client Mode
...
- bug similar to that on the Overview page fd06410
6 years ago
pedro
3c2f4fb983
GUI: Admin Access: do not restart sshd if there are no configuration changes
6 years ago
pedro
d3f599fce1
GUI: overview: fix issue when warning about unsecured wifi appears, even if this radio is temporarily disabled by "Disable" button on this page
6 years ago
pedro
fd064101ab
GUI: overview: fix the order of the enable/disable wifi buttons for routers with three radios
6 years ago
pedro
abb1dc3041
router: www: cosmetic in some asp/html files
6 years ago
pedro
c728a8484b
sqlite: update to 3.31.1
6 years ago
pedro
c309c9f6f0
spawn-fcgi: update to 3c1b01c (2019.08.25) snapshot; clean sources, add patch instead, cosmetic in router/Makefile
6 years ago
pedro
2dd42c6520
router: rc: nginx.c: some corrections, clean-up
6 years ago
pedro
f2974d3b5c
php: update to 7.2.27
6 years ago
pedro
7da5255589
nginx: update to 1.17.8
6 years ago
pedro
a1f3af3535
gmp: update to 6.2.0
6 years ago
pedro
fc93eeb007
router: rc: services.c: add warning to syslog when dnsmasq is skipped because of WEB mode enabled
6 years ago
pedro
6ca9de742c
Merge branch 'arm-sdk7' of https://bitbucket.org/pedro311/freshtomato-arm into arm-sdk7
6 years ago
pedro
d96e4689e3
Merge branch 'arm-master' into arm-sdk7
6 years ago
pedro
f69c96ac82
Merge branch 'arm-master' into arm-ng
6 years ago
pedro
c3be5786a1
router: mdu: Makefile: build openssl11 with pthread
6 years ago
pedro
3a61559acd
GUI: Admin Access: delete the unnecessary http_root variable (Allow web login as "root") - now the username is 'root' if it's not entered, no need to check/uncheck something
6 years ago
pedro
766c05eb44
GUI: Admin Access: fix info about default web username
6 years ago
pedro
914730a960
router: httpd: misc.c: change memory format specifiers to unsigned integer, fixes #9
...
- there was an overflow in displaying memory sizes above 2GB
6 years ago
pedro
d976879e0e
router: others: secure adblock with lock file; cosmetic in Makefile
6 years ago
Alessandro Radicati
e5447fc04c
GUI: Fix Issue #15 to allow configuring remote access in router mode
6 years ago
pedro
4d541760e8
Merge branch 'arm-master' into arm-sdk7
6 years ago
pedro
94908faefd
Merge branch 'arm-master' into arm-ng
6 years ago
pedro
b30029f19d
router: www: status-overview.asp: add missing 10Mb port icons, add set of half-duplex icons, code optimization/reduce size, clean-up
6 years ago
pedro
7c6d81b5be
router: Makefile: transmission: fix compiler warnings (partially); don't build utils/cli; clean-up recipe
6 years ago
M_ars
7182930974
kernel: netfilter: nf_ct_ipv4: packets with wrong ihl are invalid It was reported that the Linux kernel sometimes logs:
...
klogd: [2629147.402413] kernel BUG at net / netfilter /
nf_conntrack_proto_tcp.c: 447!
klogd: [1072212.887368] kernel BUG at net / netfilter /
nf_conntrack_proto_tcp.c: 392
ipv4_get_l4proto() in nf_conntrack_l3proto_ipv4.c and tcp_error() in
nf_conntrack_proto_tcp.c should catch malformed packets, so the errors
at the indicated lines - TCP options parsing - should not happen.
However, tcp_error() relies on the "dataoff" offset to the TCP header,
calculated by ipv4_get_l4proto(). But ipv4_get_l4proto() does not check
bogus ihl values in IPv4 packets, which then can slip through tcp_error()
and get caught at the TCP options parsing routines.
The patch fixes ipv4_get_l4proto() by invalidating packets with bogus
ihl value.
The patch closes netfilter bugzilla id 771.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c?h=v4.10&id=07153c6ec074257ade76a461429b567cff2b3a1e
6 years ago
M_ars
bcfc0af989
kernel: netfilter: nf_ct_ipv4: handle invalid IPv4 and IPv6 packets consistently IPv6 conntrack marked invalid packets as INVALID and let the user drop those by an explicit rule, while IPv4 conntrack dropped such packets itself.
...
IPv4 conntrack is changed so that it marks INVALID packets and let
the user to drop them.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c?h=v4.10&id=8430eac2f6a3c2adce22d490e2ab8bb50d59077a
6 years ago
M_ars
8178f1320f
kernel: net: don't call strlen() on the user buffer in packet_bind_spkt() KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of uninitialized memory in packet_bind_spkt(): Acked-by: Eric Dumazet <edumazet@google.com>
...
==================================================================
BUG: KMSAN: use of unitialized memory
CPU: 0 PID: 1074 Comm: packet Not tainted 4.8.0-rc6+ #1891
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs
01/01/2011
0000000000000000 ffff88006b6dfc08 ffffffff82559ae8 ffff88006b6dfb48
ffffffff818a7c91 ffffffff85b9c870 0000000000000092 ffffffff85b9c550
0000000000000000 0000000000000092 00000000ec400911 0000000000000002
Call Trace:
[< inline >] __dump_stack lib/dump_stack.c:15
[<ffffffff82559ae8>] dump_stack+0x238/0x290 lib/dump_stack.c:51
[<ffffffff818a6626>] kmsan_report+0x276/0x2e0 mm/kmsan/kmsan.c:1003
[<ffffffff818a783b>] __msan_warning+0x5b/0xb0
mm/kmsan/kmsan_instr.c:424
[< inline >] strlen lib/string.c:484
[<ffffffff8259b58d>] strlcpy+0x9d/0x200 lib/string.c:144
[<ffffffff84b2eca4>] packet_bind_spkt+0x144/0x230
net/packet/af_packet.c:3132
[<ffffffff84242e4d>] SYSC_bind+0x40d/0x5f0 net/socket.c:1370
[<ffffffff84242a22>] SyS_bind+0x82/0xa0 net/socket.c:1356
[<ffffffff8515991b>] entry_SYSCALL_64_fastpath+0x13/0x8f
arch/x86/entry/entry_64.o:?
chained origin: 00000000eba00911
[<ffffffff810bb787>] save_stack_trace+0x27/0x50
arch/x86/kernel/stacktrace.c:67
[< inline >] kmsan_save_stack_with_flags mm/kmsan/kmsan.c:322
[< inline >] kmsan_save_stack mm/kmsan/kmsan.c:334
[<ffffffff818a59f8>] kmsan_internal_chain_origin+0x118/0x1e0
mm/kmsan/kmsan.c:527
[<ffffffff818a7773>] __msan_set_alloca_origin4+0xc3/0x130
mm/kmsan/kmsan_instr.c:380
[<ffffffff84242b69>] SYSC_bind+0x129/0x5f0 net/socket.c:1356
[<ffffffff84242a22>] SyS_bind+0x82/0xa0 net/socket.c:1356
[<ffffffff8515991b>] entry_SYSCALL_64_fastpath+0x13/0x8f
arch/x86/entry/entry_64.o:?
origin description: ----address@SYSC_bind (origin=00000000eb400911)
==================================================================
(the line numbers are relative to 4.8-rc6, but the bug persists
upstream)
, when I run the following program as root:
=====================================
#include <string.h>
#include <sys/socket.h>
#include <netpacket/packet.h>
#include <net/ethernet.h>
int main() {
struct sockaddr addr;
memset(&addr, 0xff, sizeof(addr));
addr.sa_family = AF_PACKET;
int fd = socket(PF_PACKET, SOCK_PACKET, htons(ETH_P_ALL));
bind(fd, &addr, sizeof(addr));
return 0;
}
=====================================
This happens because addr.sa_data copied from the userspace is not
zero-terminated, and copying it with strlcpy() in packet_bind_spkt()
results in calling strlen() on the kernel copy of that non-terminated
buffer.
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/packet/af_packet.c?h=v5.5&id=540e2894f7905538740aaf122bd8e0548e1c34a4
6 years ago
M_ars
48dbb19961
kernel: ipv6: Allow IPv4-mapped address as next-hop Made kernel accept IPv6 routes with IPv4-mapped address as next-hop.
...
It is possible to configure IP interfaces with IPv4-mapped addresses, and
one can add IPv6 routes for IPv4-mapped destinations/prefixes, yet prior
to this fix the kernel returned an EINVAL when attempting to add an IPv6
route with an IPv4-mapped address as a nexthop/gateway.
RFC 4798 (a proposed standard RFC) uses IPv4-mapped addresses as nexthops,
thus in order to support that type of address configuration the kernel
needs to allow IPv4-mapped addresses as nexthops.
Signed-off-by: Erik Nordmark <nordmark@arista.com>
Signed-off-by: Bob Gilligan <gilligan@arista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.5&id=96d5822c1d812ed30da035795a4408f43fe533f3
6 years ago
M_ars
b3a317d01d
kernel: ipv6: do not increment mac header when it's unset Otherwise we'll overflow the integer. This occurs when layer 3 tunneled packets are handed off to the IPv6 layer.
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/reassembly.c?h=v5.5&id=b678aa578c9e400429e027269e8de2783e5e73ce
6 years ago
M_ars
2a3bb52334
kernel: tcp: avoid infinite loop in tcp_splice_read() Splicing from TCP socket is vulnerable when a packet with URG flag is received and stored into receive queue.
...
__tcp_splice_read() returns 0, and sk_wait_data() immediately
returns since there is the problematic skb in queue.
This is a nice way to burn cpu (aka infinite loop) and trigger
soft lockups.
Again, this gem was found by syzkaller tool.
Fixes: 9c55e01c0cc8 ("[TCP]: Splice receive support.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/tcp.c?h=v5.5&id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82
6 years ago
M_ars
a38330c2c1
kernel: netfilter: nf_ct_ipv4: packets with wrong ihl are invalid It was reported that the Linux kernel sometimes logs:
...
klogd: [2629147.402413] kernel BUG at net / netfilter /
nf_conntrack_proto_tcp.c: 447!
klogd: [1072212.887368] kernel BUG at net / netfilter /
nf_conntrack_proto_tcp.c: 392
ipv4_get_l4proto() in nf_conntrack_l3proto_ipv4.c and tcp_error() in
nf_conntrack_proto_tcp.c should catch malformed packets, so the errors
at the indicated lines - TCP options parsing - should not happen.
However, tcp_error() relies on the "dataoff" offset to the TCP header,
calculated by ipv4_get_l4proto(). But ipv4_get_l4proto() does not check
bogus ihl values in IPv4 packets, which then can slip through tcp_error()
and get caught at the TCP options parsing routines.
The patch fixes ipv4_get_l4proto() by invalidating packets with bogus
ihl value.
The patch closes netfilter bugzilla id 771.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c?h=v4.10&id=07153c6ec074257ade76a461429b567cff2b3a1e
6 years ago
M_ars
b8a4d3c1fa
kernel: netfilter: nf_ct_ipv4: handle invalid IPv4 and IPv6 packets consistently IPv6 conntrack marked invalid packets as INVALID and let the user drop those by an explicit rule, while IPv4 conntrack dropped such packets itself.
...
IPv4 conntrack is changed so that it marks INVALID packets and let
the user to drop them.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c?h=v4.10&id=8430eac2f6a3c2adce22d490e2ab8bb50d59077a
6 years ago
M_ars
f580948651
kernel: net: don't call strlen() on the user buffer in packet_bind_spkt() KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of uninitialized memory in packet_bind_spkt(): Acked-by: Eric Dumazet <edumazet@google.com>
...
==================================================================
BUG: KMSAN: use of unitialized memory
CPU: 0 PID: 1074 Comm: packet Not tainted 4.8.0-rc6+ #1891
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs
01/01/2011
0000000000000000 ffff88006b6dfc08 ffffffff82559ae8 ffff88006b6dfb48
ffffffff818a7c91 ffffffff85b9c870 0000000000000092 ffffffff85b9c550
0000000000000000 0000000000000092 00000000ec400911 0000000000000002
Call Trace:
[< inline >] __dump_stack lib/dump_stack.c:15
[<ffffffff82559ae8>] dump_stack+0x238/0x290 lib/dump_stack.c:51
[<ffffffff818a6626>] kmsan_report+0x276/0x2e0 mm/kmsan/kmsan.c:1003
[<ffffffff818a783b>] __msan_warning+0x5b/0xb0
mm/kmsan/kmsan_instr.c:424
[< inline >] strlen lib/string.c:484
[<ffffffff8259b58d>] strlcpy+0x9d/0x200 lib/string.c:144
[<ffffffff84b2eca4>] packet_bind_spkt+0x144/0x230
net/packet/af_packet.c:3132
[<ffffffff84242e4d>] SYSC_bind+0x40d/0x5f0 net/socket.c:1370
[<ffffffff84242a22>] SyS_bind+0x82/0xa0 net/socket.c:1356
[<ffffffff8515991b>] entry_SYSCALL_64_fastpath+0x13/0x8f
arch/x86/entry/entry_64.o:?
chained origin: 00000000eba00911
[<ffffffff810bb787>] save_stack_trace+0x27/0x50
arch/x86/kernel/stacktrace.c:67
[< inline >] kmsan_save_stack_with_flags mm/kmsan/kmsan.c:322
[< inline >] kmsan_save_stack mm/kmsan/kmsan.c:334
[<ffffffff818a59f8>] kmsan_internal_chain_origin+0x118/0x1e0
mm/kmsan/kmsan.c:527
[<ffffffff818a7773>] __msan_set_alloca_origin4+0xc3/0x130
mm/kmsan/kmsan_instr.c:380
[<ffffffff84242b69>] SYSC_bind+0x129/0x5f0 net/socket.c:1356
[<ffffffff84242a22>] SyS_bind+0x82/0xa0 net/socket.c:1356
[<ffffffff8515991b>] entry_SYSCALL_64_fastpath+0x13/0x8f
arch/x86/entry/entry_64.o:?
origin description: ----address@SYSC_bind (origin=00000000eb400911)
==================================================================
(the line numbers are relative to 4.8-rc6, but the bug persists
upstream)
, when I run the following program as root:
=====================================
#include <string.h>
#include <sys/socket.h>
#include <netpacket/packet.h>
#include <net/ethernet.h>
int main() {
struct sockaddr addr;
memset(&addr, 0xff, sizeof(addr));
addr.sa_family = AF_PACKET;
int fd = socket(PF_PACKET, SOCK_PACKET, htons(ETH_P_ALL));
bind(fd, &addr, sizeof(addr));
return 0;
}
=====================================
This happens because addr.sa_data copied from the userspace is not
zero-terminated, and copying it with strlcpy() in packet_bind_spkt()
results in calling strlen() on the kernel copy of that non-terminated
buffer.
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/packet/af_packet.c?h=v5.5&id=540e2894f7905538740aaf122bd8e0548e1c34a4
6 years ago