package/network/config/netifd/files/etc/init.d/network

@@ -50,8 +50,6 @@ validate_atm_bridge_section()
 		'atmdev:uinteger:0' \
 		'encaps:or("llc", "vc"):llc' \
 		'payload:or("bridged", "routed"):bridged'
-
-	return $?
 }
 
 validate_route_section()
@@ -64,8 +62,6 @@ validate_route_section()
 		'metric:uinteger' \
 		'mtu:uinteger' \
 		'table:or(range(0,65535),string)'
-
-	return $?
 }
 
 validate_route6_section()
@@ -77,8 +73,6 @@ validate_route6_section()
 		'metric:uinteger' \
 		'mtu:uinteger' \
 		'table:or(range(0,65535),string)'
-
-	return $?
 }
 
 validate_rule_section()
@@ -94,8 +88,6 @@ validate_rule_section()
 		'lookup:or(range(0,65535),string)' \
 		'goto:range(0,65535)' \
 		'action:or("prohibit", "unreachable", "blackhole", "throw")'
-
-	return $?
 }
 
 validate_rule6_section()
@@ -111,8 +103,6 @@ validate_rule6_section()
 		'lookup:or(range(0,65535),string)' \
 		'goto:range(0,65535)' \
 		'action:or("prohibit", "unreachable", "blackhole", "throw")'
-
-	return $?
 }
 
 validate_switch_section()
@@ -122,8 +112,6 @@ validate_switch_section()
 		'enable:bool' \
 		'enable_vlan:bool' \
 		'reset:bool'
-
-	return $?
 }
 
 validate_switch_vlan()
@@ -132,8 +120,6 @@ validate_switch_vlan()
 		'device:string' \
 		'vlan:uinteger' \
 		'ports:list(ports)'
-
-	return $?
 }
 
 service_triggers()

package/network/config/netifd/files/lib/netifd/dhcp.script

@@ -50,7 +50,7 @@ setup_interface () {
 		ip6rd="${ip6rd#* }"
 		local ip6rdbr="${ip6rd%% *}"
 
-		[ -n "$ZONE" ] || ZONE=$(fw3 network $INTERFACE)
+		[ -n "$ZONE" ] || ZONE=$(fw3 -q network $INTERFACE)
 		[ -z "$IFACE6RD" -o "$IFACE6RD" = 1 ] && IFACE6RD=${INTERFACE}_6rd
 
 		json_init

package/network/config/netifd/files/lib/netifd/proto/dhcp.sh

@@ -39,7 +39,7 @@ proto_dhcp_setup() {
 	[ "$broadcast" = 1 ] && broadcast="-B" || broadcast=
 	[ -n "$clientid" ] && clientid="-x 0x3d:${clientid//:/}" || clientid="-C"
 	[ -n "$iface6rd" ] && proto_export "IFACE6RD=$iface6rd"
-	[ -n "$iface6rd" ] && append dhcpopts "-O 212"
+	[ "$iface6rd" != 0 -a -f /lib/netifd/proto/6rd.sh ] && append dhcpopts "-O 212"
 	[ -n "$zone6rd" ] && proto_export "ZONE6RD=$zone6rd"
 	[ -n "$zone" ] && proto_export "ZONE=$zone"
 	[ "$delegate" = "0" ] && proto_export "IFACE6RD_DELEGATE=0"

package/network/ipv6/map/Makefile

@@ -8,8 +8,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=map
-PKG_VERSION:=1
-PKG_RELEASE:=2
+PKG_VERSION:=2
+PKG_RELEASE:=1
 
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk

package/network/ipv6/map/files/map.sh

@@ -122,19 +122,28 @@ proto_map_setup() {
 	[ "$zone" != "-" ] && json_add_string zone "$zone"
 
 	json_add_array firewall
-	  for portset in $(eval "echo \$RULE_${k}_PORTSETS"); do
-            for proto in icmp tcp udp; do
-	      json_add_object ""
-	        json_add_string type nat
-	        json_add_string target SNAT
-	        json_add_string family inet
-	        json_add_string proto "$proto"
-                json_add_boolean connlimit_ports 1
-                json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR")
-                json_add_string snat_port "$portset"
-	      json_close_object
-            done
-	  done
+	  if [ -z "$(eval "echo \$RULE_${k}_PORTSETS")" ]; then
+	    json_add_object ""
+	      json_add_string type nat
+	      json_add_string target SNAT
+	      json_add_string family inet
+	      json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR")
+	    json_close_object
+	  else
+	    for portset in $(eval "echo \$RULE_${k}_PORTSETS"); do
+              for proto in icmp tcp udp; do
+	        json_add_object ""
+	          json_add_string type nat
+	          json_add_string target SNAT
+	          json_add_string family inet
+	          json_add_string proto "$proto"
+                  json_add_boolean connlimit_ports 1
+                  json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR")
+                  json_add_string snat_port "$portset"
+	        json_close_object
+              done
+	    done
+	  fi
 	  if [ "$type" = "map-t" ]; then
 	  	json_add_object ""
 	  		json_add_string type rule

package/network/ipv6/map/src/mapcalc.c

@@ -343,14 +343,17 @@ int main(int argc, char *argv[])
 		}
 
 
-		if (psidlen == 0) {
-			printf("RULE_%d_PORTSETS=0-65535\n", rulecnt);
-		} else if (psid >= 0) {
+		if (psidlen > 0 && psid >= 0) {
 			printf("RULE_%d_PORTSETS='", rulecnt);
 			for (int k = (offset) ? 1 : 0; k < (1 << offset); ++k) {
 				int start = (k << (16 - offset)) | (psid >> offset);
 				int end = start + (1 << (16 - offset - psidlen)) - 1;
-				printf("%d-%d ", start, end);
+
+				if (start == 0)
+					start = 1;
+
+				if (start <= end)
+					printf("%d-%d ", start, end);
 			}
 			printf("'\n");
 		}

package/network/ipv6/odhcp6c/Makefile

 #
-# Copyright (C) 2012 OpenWrt.org
+# Copyright (C) 2012-2014 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=odhcp6c
-PKG_VERSION:=2014-07-21
+PKG_VERSION:=2014-10-25
 PKG_RELEASE=$(PKG_SOURCE_VERSION)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_SOURCE_URL:=git://github.com/sbyx/odhcp6c.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=67b311ab81736b35858664219d345844ab08fcc7
+PKG_SOURCE_VERSION:=940e2141ab13727af6323c4d30002f785e466318
 PKG_MAINTAINER:=Steven Barth <steven@midlink.org>
 
 include $(INCLUDE_DIR)/package.mk
@@ -29,10 +29,6 @@ ifneq ($(CONFIG_PACKAGE_odhcp6c_ext_cer_id),0)
   CMAKE_OPTIONS += -DEXT_CER_ID=$(CONFIG_PACKAGE_odhcp6c_ext_cer_id)
 endif
 
-ifneq ($(CONFIG_PACKAGE_odhcp6c_ext_s46),0)
-  CMAKE_OPTIONS += -DEXT_S46=$(CONFIG_PACKAGE_odhcp6c_ext_s46)
-endif
-
 define Package/odhcp6c
   SECTION:=net
   CATEGORY:=Network
@@ -50,11 +46,6 @@ define Package/odhcp6c/config
     int "CER-ID Extension ID (0 = disabled)"
     depends on PACKAGE_odhcp6c
     default 0
-
-  config PACKAGE_odhcp6c_ext_s46
-    int "Softwire MAP Extension ID (0 = disabled)"
-    depends on PACKAGE_odhcp6c
-    default 0
 endef
 
 define Package/odhcp6c/install

package/network/ipv6/odhcp6c/files/dhcpv6.script

@@ -26,6 +26,15 @@ setup_interface () {
 
 	for prefix in $PREFIXES; do
 		proto_add_ipv6_prefix "$prefix"
+                local entry="${prefix#*/}"
+                entry="${entry#*,}"
+                entry="${entry#*,}"
+                local valid="${entry%%,*}"
+
+		if [ -z "$RA_ADDRESSES" -a -z "$RA_ROUTES" -a \
+				-z "$RA_DNS" -a "$FAKE_ROUTES" = 1 ]; then
+			RA_ROUTES="::/0,$SERVER,$valid,4096"
+		fi
 	done
 
 	[ -n "$USERPREFIX" ] && proto_add_ipv6_prefix "$USERPREFIX"
@@ -51,6 +60,11 @@ setup_interface () {
 		local valid="${entry%%,*}"
 
 		proto_add_ipv6_address "$addr" "$mask" "$preferred" "$valid" 1
+
+                if [ -z "$RA_ADDRESSES" -a -z "$RA_ROUTES" -a \
+                                -z "$RA_DNS" -a "$FAKE_ROUTES" = 1 ]; then
+                        RA_ROUTES="::/0,$SERVER,$valid,4096"
+                fi
 	done
 
 	for entry in $RA_ROUTES; do
@@ -113,7 +127,7 @@ setup_interface () {
 		[ -n "$IFACE_MAP_DELEGATE" ] && json_add_boolean delegate "$IFACE_MAP_DELEGATE"
 		json_close_object
 		ubus call network add_dynamic "$(json_dump)"
-	elif [ -n "$AFTR_IP " -a "$IFACE_DSLITE" != 0 -a -f /lib/netifd/proto/dslite.sh ]; then
+	elif [ -n "$AFTR_IP" -a "$IFACE_DSLITE" != 0 -a -f /lib/netifd/proto/dslite.sh ]; then
 		[ -z "$IFACE_DSLITE" -o "$IFACE_DSLITE" = 1 ] && IFACE_DSLITE=${INTERFACE}_dslite
 		json_init
 		json_add_string name "$IFACE_DSLITE"
@@ -141,9 +155,12 @@ case "$2" in
 		teardown_interface "$1"
 		setup_interface "$1"
 	;;
-	informed|updated|rebound|ra-updated)
+	informed|updated|rebound)
 		setup_interface "$1"
 	;;
+	ra-updated)
+		[ -n "$ADDRESSES$RA_ADDRESSES$PREFIXES$USERPREFIX" ] && setup_interface "$1"
+	;;
 	started|stopped|unbound)
 		teardown_interface "$1"
 	;;

package/network/ipv6/odhcp6c/files/dhcpv6.sh

@@ -26,14 +26,15 @@ proto_dhcpv6_init_config() {
 	proto_config_add_string "vendorclass"
 	proto_config_add_boolean delegate
 	proto_config_add_int "soltimeout"
+	proto_config_add_boolean fakeroutes
 }
 
 proto_dhcpv6_setup() {
 	local config="$1"
 	local iface="$2"
 
-	local reqaddress reqprefix clientid reqopts noslaaconly forceprefix norelease ip6prefix iface_dslite iface_map ifaceid sourcerouting userclass vendorclass delegate zone_dslite zone_map zone soltimeout
-	json_get_vars reqaddress reqprefix clientid reqopts noslaaconly forceprefix norelease ip6prefix iface_dslite iface_map ifaceid sourcerouting userclass vendorclass delegate zone_dslite zone_map zone soltimeout
+	local reqaddress reqprefix clientid reqopts noslaaconly forceprefix norelease ip6prefix iface_dslite iface_map ifaceid sourcerouting userclass vendorclass delegate zone_dslite zone_map zone soltimeout fakeroutes
+	json_get_vars reqaddress reqprefix clientid reqopts noslaaconly forceprefix norelease ip6prefix iface_dslite iface_map ifaceid sourcerouting userclass vendorclass delegate zone_dslite zone_map zone soltimeout fakeroutes
 
 
 	# Configure
@@ -72,6 +73,7 @@ proto_dhcpv6_setup() {
 	[ -n "$zone_dslite" ] && proto_export "ZONE_DSLITE=$zone_dslite"
 	[ -n "$zone_map" ] && proto_export "ZONE_MAP=$zone_map"
 	[ -n "$zone" ] && proto_export "ZONE=$zone"
+	[ "$fakeroutes" != "0" ] && proto_export "FAKE_ROUTES=1"
 
 	proto_export "INTERFACE=$config"
 	proto_run_command "$config" odhcp6c \

package/network/services/dnsmasq/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
 PKG_VERSION:=2.71
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq

package/network/services/dnsmasq/files/dnsmasq.init

@@ -293,15 +293,22 @@ dhcp_host_add() {
 	config_get ip "$cfg" ip
 	[ -n "$ip" -o -n "$name" ] || return 0
 
+	config_get_bool dns "$cfg" dns 0
+	[ "$dns" = "1" -a -n "$ip" -a -n "$name" ] && {
+		echo "$ip $name${DOMAIN:+.$DOMAIN}" >> $HOSTFILE
+	}
+
 	config_get mac "$cfg" mac
-	[ -z "$mac" ] && {
+	if [ -n "$mac" ]; then
+		# --dhcp-host=00:20:e0:3b:13:af,192.168.0.199,lap
+		macs=""
+		for m in $mac; do append macs "$m" ","; done
+	else
+		# --dhcp-host=lap,192.168.0.199
 		[ -n "$name" ] || return 0
-		mac="$name"
+		macs="$name"
 		name=""
-	}
-
-	macs=""
-	for m in $mac; do append macs "$m" ","; done
+	fi
 
 	config_get tag "$cfg" tag
 
@@ -309,11 +316,6 @@ dhcp_host_add() {
 	[ "$broadcast" = "0" ] && broadcast=
 
 	xappend "--dhcp-host=$macs${networkid:+,net:$networkid}${broadcast:+,set:needs-broadcast}${tag:+,set:$tag}${ip:+,$ip}${name:+,$name}"
-
-	config_get_bool dns "$cfg" dns 0
-	[ "$dns" = "1" ] && {
-		echo "$ip $name${DOMAIN:+.$DOMAIN}" >> $HOSTFILE
-	}
 }
 
 dhcp_tag_add() {
@@ -373,6 +375,9 @@ dhcp_add() {
 	config_get net "$cfg" interface
 	[ -n "$net" ] || return 0
 
+	config_get dhcpv4 "$cfg" dhcpv4
+	[ "$dhcpv4" != "disabled" ] || return 0
+
 	config_get networkid "$cfg" networkid
 	[ -n "$networkid" ] || networkid="$net"
 
@@ -438,13 +443,10 @@ dhcp_domain_add() {
 	[ -n "$ip" ] || return 0
 
 	for name in $names; do
-		[ "${name%.*}" == "$name" ] && \
-			name="$name${DOMAIN:+.$DOMAIN}"
-
-		record="${record:+$record/}$name"
+		record="${record:+$record }$name"
 	done
 
-	xappend "--address=/$record/$ip"
+	echo "$ip $record" >> $HOSTFILE
 }
 
 dhcp_srv_add() {
@@ -569,7 +571,7 @@ start_service() {
 	local lanaddr
 	[ $ADD_LOCAL_HOSTNAME -eq 1 ] && network_get_ipaddr lanaddr "lan" && {
 		local hostname="$(uci_get system @system[0] hostname OpenWrt)"
-		dhcp_hostrecord_add "" "${hostname%.$DOMAIN}${DOMAIN:+.$DOMAIN ${hostname%.$DOMAIN}}" "$lanaddr"
+		dhcp_domain_add "" "$hostname" "$lanaddr"
 	}
 
 	echo >> $CONFIGFILE

package/network/services/dnsmasq/patches/002-fix-race-on-interface-flaps.patch

+From a0358e5ddbc1ef3dec791f11f95f5dbe56087a5e Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 7 Jun 2014 13:38:48 +0100
+Subject: [PATCH] Handle async notification of address changes using the event
+ system.
+
+---
+ CHANGELOG     |  4 ++++
+ src/bpf.c     |  6 +++---
+ src/dhcp6.c   | 10 ----------
+ src/dnsmasq.c | 13 +++++++++++--
+ src/dnsmasq.h |  6 ++++--
+ src/netlink.c | 39 ++++++++++-----------------------------
+ src/network.c | 11 +++--------
+ 7 files changed, 35 insertions(+), 54 deletions(-)
+
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -15,6 +15,10 @@ version 2.71
+ 	    regression introduced in 2.69. Thanks to James Hunt and
+ 	    the Ubuntu crowd for assistance in fixing this.
+ 
++	    Fix race condition which could lock up dnsmasq when an 
++	    interface goes down and up rapidly. Thanks to Conrad 
++	    Kostecki for helping to chase this down.
++	    
+ 
+ version 2.70
+             Fix crash, introduced in 2.69, on TCP request when dnsmasq
+--- a/src/bpf.c
++++ b/src/bpf.c
+@@ -376,7 +376,7 @@ void route_init(void)
+     die(_("cannot create PF_ROUTE socket: %s"), NULL, EC_BADNET);
+ }
+ 
+-void route_sock(time_t now)
++void route_sock(void)
+ {
+   struct if_msghdr *msg;
+   int rc = recv(daemon->routefd, daemon->packet, daemon->packet_buff_sz, 0);
+@@ -401,7 +401,7 @@ void route_sock(time_t now)
+    else if (msg->ifm_type == RTM_NEWADDR)
+      {
+        del_family = 0;
+-       newaddress(now);
++       send_newaddr();
+      }
+    else if (msg->ifm_type == RTM_DELADDR)
+      {
+@@ -439,7 +439,7 @@ void route_sock(time_t now)
+ 	       of += sizeof(long) - (diff & (sizeof(long) - 1));
+ 	   }
+        
+-       newaddress(now);
++       send_newaddr();
+      }
+ }
+ 
+--- a/src/dnsmasq.c
++++ b/src/dnsmasq.c
+@@ -917,10 +917,10 @@ int main (int argc, char **argv)
+ 
+ #if defined(HAVE_LINUX_NETWORK)
+       if (FD_ISSET(daemon->netlinkfd, &rset))
+-	netlink_multicast(now);
++	netlink_multicast();
+ #elif defined(HAVE_BSD_NETWORK)
+       if (FD_ISSET(daemon->routefd, &rset))
+-	route_sock(now);
++	route_sock();
+ #endif
+ 
+       /* Check for changes to resolv files once per second max. */
+@@ -1037,6 +1037,11 @@ void send_alarm(time_t event, time_t now
+     }
+ }
+ 
++void send_newaddr(void)
++{
++  send_event(pipewrite, EVENT_NEWADDR, 0, NULL);
++}
++
+ void send_event(int fd, int event, int data, char *msg)
+ {
+   struct event_desc ev;
+@@ -1230,6 +1235,10 @@ static void async_event(int pipe, time_t
+ 	if (daemon->log_file != NULL)
+ 	  log_reopen(daemon->log_file);
+ 	break;
++
++      case EVENT_NEWADDR:
++	newaddress(now);
++	break;
+ 	
+       case EVENT_TERM:
+ 	/* Knock all our children on the head. */
+--- a/src/dnsmasq.h
++++ b/src/dnsmasq.h
+@@ -165,6 +165,7 @@ struct event_desc {
+ #define EVENT_LUA_ERR   19
+ #define EVENT_TFTP_ERR  20
+ #define EVENT_INIT      21
++#define EVENT_NEWADDR   22
+ 
+ /* Exit codes. */
+ #define EC_GOOD        0
+@@ -1289,6 +1290,7 @@ unsigned char *extended_hwaddr(int hwtyp
+ int make_icmp_sock(void);
+ int icmp_ping(struct in_addr addr);
+ #endif
++void send_newaddr(void);
+ void send_alarm(time_t event, time_t now);
+ void send_event(int fd, int event, int data, char *msg);
+ void clear_cache_and_reload(time_t now);
+@@ -1297,7 +1299,7 @@ void poll_resolv(int force, int do_reloa
+ /* netlink.c */
+ #ifdef HAVE_LINUX_NETWORK
+ void netlink_init(void);
+-void netlink_multicast(time_t now);
++void netlink_multicast(void);
+ #endif
+ 
+ /* bpf.c */
+@@ -1306,7 +1308,7 @@ void init_bpf(void);
+ void send_via_bpf(struct dhcp_packet *mess, size_t len,
+ 		  struct in_addr iface_addr, struct ifreq *ifr);
+ void route_init(void);
+-void route_sock(time_t now);
++void route_sock(void);
+ #endif
+ 
+ /* bpf.c or netlink.c */
+--- a/src/netlink.c
++++ b/src/netlink.c
+@@ -38,7 +38,7 @@
+ static struct iovec iov;
+ static u32 netlink_pid;
+ 
+-static int nl_async(struct nlmsghdr *h);
++static void nl_async(struct nlmsghdr *h);
+ 
+ void netlink_init(void)
+ {
+@@ -142,7 +142,7 @@ int iface_enumerate(int family, void *pa
+   struct nlmsghdr *h;
+   ssize_t len;
+   static unsigned int seq = 0;
+-  int callback_ok = 1, newaddr = 0;
++  int callback_ok = 1;
+ 
+   struct {
+     struct nlmsghdr nlh;
+@@ -191,21 +191,10 @@ int iface_enumerate(int family, void *pa
+ 	if (h->nlmsg_seq != seq || h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
+ 	  {
+ 	    /* May be multicast arriving async */
+-	    if (nl_async(h))
+-	      {
+-		newaddr = 1; 
+-		enumerate_interfaces(1); /* reset */
+-	      }
++	    nl_async(h);
+ 	  }
+ 	else if (h->nlmsg_type == NLMSG_DONE)
+-	  {
+-	    /* handle async new interface address arrivals, these have to be done
+-	       after we complete as we're not re-entrant */
+-	    if (newaddr) 
+-	      newaddress(dnsmasq_time());
+-		
+-	    return callback_ok;
+-	  }
++	  return callback_ok;
+ 	else if (h->nlmsg_type == RTM_NEWADDR && family != AF_UNSPEC && family != AF_LOCAL)
+ 	  {
+ 	    struct ifaddrmsg *ifa = NLMSG_DATA(h);  
+@@ -330,11 +319,11 @@ int iface_enumerate(int family, void *pa
+     }
+ }
+ 
+-void netlink_multicast(time_t now)
++void netlink_multicast(void)
+ {
+   ssize_t len;
+   struct nlmsghdr *h;
+-  int flags, newaddr = 0;
++  int flags;
+   
+   /* don't risk blocking reading netlink messages here. */
+   if ((flags = fcntl(daemon->netlinkfd, F_GETFL)) == -1 ||
+@@ -343,24 +332,19 @@ void netlink_multicast(time_t now)
+   
+   if ((len = netlink_recv()) != -1)
+     for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+-      if (nl_async(h))
+-	newaddr = 1;
++      nl_async(h);
+   
+   /* restore non-blocking status */
+   fcntl(daemon->netlinkfd, F_SETFL, flags);
+-  
+-  if (newaddr) 
+-    newaddress(now);
+ }
+ 
+-static int nl_async(struct nlmsghdr *h)
++static void nl_async(struct nlmsghdr *h)
+ {
+   if (h->nlmsg_type == NLMSG_ERROR)
+     {
+       struct nlmsgerr *err = NLMSG_DATA(h);
+       if (err->error != 0)
+ 	my_syslog(LOG_ERR, _("netlink returns error: %s"), strerror(-(err->error)));
+-      return 0;
+     }
+   else if (h->nlmsg_pid == 0 && h->nlmsg_type == RTM_NEWROUTE) 
+     {
+@@ -385,18 +369,15 @@ static int nl_async(struct nlmsghdr *h)
+ 	      else if (daemon->rfd_save && daemon->rfd_save->refcount != 0)
+ 		fd = daemon->rfd_save->fd;
+ 	      else
+-		return 0;
++		return;
+ 	      
+ 	      while(sendto(fd, daemon->packet, daemon->packet_len, 0,
+ 			   &daemon->srv_save->addr.sa, sa_len(&daemon->srv_save->addr)) == -1 && retry_send()); 
+ 	    }
+ 	}
+-      return 0;
+     }
+   else if (h->nlmsg_type == RTM_NEWADDR || h->nlmsg_type == RTM_DELADDR) 
+-    return 1; /* clever bind mode - rescan */
+-  
+-  return 0;
++    send_newaddr();
+ }
+ #endif
+ 
+--- a/src/network.c
++++ b/src/network.c
+@@ -551,7 +551,7 @@ static int iface_allowed_v4(struct in_ad
+ int enumerate_interfaces(int reset)
+ {
+   static struct addrlist *spare = NULL;
+-  static int done = 0, active = 0;
++  static int done = 0;
+   struct iface_param param;
+   int errsave, ret = 1;
+   struct addrlist *addr, *tmp;
+@@ -570,14 +570,11 @@ int enumerate_interfaces(int reset)
+       return 1;
+     }
+ 
+-  if (done || active)
++  if (done)
+     return 1;
+ 
+   done = 1;
+ 
+-  /* protect against recusive calls from iface_enumerate(); */
+-  active = 1;
+-
+   if ((param.fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1)
+     return 0;
+  
+@@ -677,10 +674,8 @@ int enumerate_interfaces(int reset)
+     }
+   
+   errno = errsave;
+-  
+   spare = param.spare;
+-  active = 0;
+-  
++    
+   return ret;
+ }
+ 

package/network/services/dropbear/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dropbear
 PKG_VERSION:=2014.63
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:= \
@@ -21,6 +21,7 @@ PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
 
 PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0
 
 PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC
 

package/network/services/dropbear/files/dropbear.init

@@ -47,7 +47,6 @@ validate_section_dropbear()
 		'Port:list(port):22' \
 		'SSHKeepAlive:uinteger:300' \
 		'IdleTimeout:uinteger:0'
-	return $?
 }
 
 dropbear_instance()

package/network/services/hostapd/Makefile

 #
-# Copyright (C) 2006-2012 OpenWrt.org
+# Copyright (C) 2006-2014 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_VERSION:=2014-06-03
+PKG_VERSION:=2014-06-03.1
 PKG_RELEASE:=1
 PKG_REV:=84df167554569af8c87f0a8ac1fb508192417d8e
 

package/network/services/hostapd/files/hostapd.sh

@@ -196,13 +196,13 @@ hostapd_set_bss_options() {
 		config_get device_type "$vif" wps_device_type "6-0050F204-1"
 		config_get device_name "$vif" wps_device_name "OpenWrt AP"
 		config_get manufacturer "$vif" wps_manufacturer "openwrt.org"
-		config_get wps_pin "$vif" wps_pin "12345670"
+		config_get wps_pin "$vif" wps_pin
 
 		config_get_bool ext_registrar "$vif" ext_registrar 0
 		[ "$ext_registrar" -gt 0 -a -n "$bridge" ] && append "$var" "upnp_iface=$bridge" "$N"
 
 		append "$var" "eap_server=1" "$N"
-		append "$var" "ap_pin=$wps_pin" "$N"
+		[ -n "$wps_pin" ] && append "$var" "ap_pin=$wps_pin" "$N"
 		append "$var" "wps_state=${wps_not_configured:-2}" "$N"
 		append "$var" "ap_setup_locked=0" "$N"
 		append "$var" "device_type=$device_type" "$N"

package/network/services/hostapd/files/netifd.sh

@@ -129,6 +129,9 @@ hostapd_common_add_bss_config() {
 	config_add_string iapp_interface
 	config_add_string eap_type ca_cert client_cert identity auth priv_key priv_key_pwd
 
+	config_add_int dynamic_vlan vlan_naming
+	config_add_string vlan_tagged_interface
+
 	config_add_string 'key1:wepkey' 'key2:wepkey' 'key3:wepkey' 'key4:wepkey' 'password:wpakey'
 
 	config_add_boolean wps_pushbutton wps_label ext_registrar wps_pbc_in_m1
@@ -215,7 +218,8 @@ hostapd_set_bss_options() {
 				acct_server acct_secret acct_port \
 				dae_client dae_secret dae_port \
 				nasid iapp_interface ownip \
-				eap_reauth_period
+				eap_reauth_period dynamic_vlan \
+				vlan_tagged_interface
 
 			# legacy compatibility
 			[ -n "$auth_server" ] || json_get_var auth_server server
@@ -226,6 +230,8 @@ hostapd_set_bss_options() {
 			set_default acct_port 1813
 			set_default dae_port 3799
 
+			set_default vlan_naming 1
+
 			append bss_conf "auth_server_addr=$auth_server" "$N"
 			append bss_conf "auth_server_port=$auth_port" "$N"
 			append bss_conf "auth_server_shared_secret=$auth_secret" "$N"
@@ -245,10 +251,17 @@ hostapd_set_bss_options() {
 			}
 
 			append bss_conf "nas_identifier=$nasid" "$N"
-                        [ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N"
+			[ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N"
 			append bss_conf "eapol_key_index_workaround=1" "$N"
 			append bss_conf "ieee8021x=1" "$N"
 			append bss_conf "wpa_key_mgmt=WPA-EAP" "$N"
+
+			[ -n "$dynamic_vlan" ] && {
+				append bss_conf "dynamic_vlan=$dynamic_vlan" "$N"
+				append bss_conf "vlan_naming=$vlan_naming" "$N"
+				[ -n "$vlan_tagged_interface" ] && \
+					append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N"
+			}
 		;;
 		wep)
 			local wep_keyidx=0
@@ -277,7 +290,6 @@ hostapd_set_bss_options() {
 		set_default wps_device_type "6-0050F204-1"
 		set_default wps_device_name "OpenWrt AP"
 		set_default wps_manufacturer "openwrt.org"
-		set_default wps_pin "12345670"
 
 		wps_state=2
 		[ -n "$wps_configured" ] && wps_state=1
@@ -285,7 +297,7 @@ hostapd_set_bss_options() {
 		[ "$ext_registrar" -gt 0 -a -n "$network_bridge" ] && append bss_conf "upnp_iface=$network_bridge" "$N"
 
 		append bss_conf "eap_server=1" "$N"
-		append bss_conf "ap_pin=$wps_pin" "$N"
+		[ -n "$wps_pin" ] && append bss_conf "ap_pin=$wps_pin" "$N"
 		append bss_conf "wps_state=$wps_state" "$N"
 		append bss_conf "ap_setup_locked=0" "$N"
 		append bss_conf "device_type=$wps_device_type" "$N"
@@ -297,7 +309,7 @@ hostapd_set_bss_options() {
 
 	append bss_conf "ssid=$ssid" "$N"
 	[ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge" "$N"
-	[ -n "$iapp_interface" ] &&  {
+	[ -n "$iapp_interface" ] && {
 		iapp_interface="$(uci_get_state network "$iapp_interface" ifname "$iapp_interface")"
 		[ -n "$iapp_interface" ] && append bss_conf "iapp_interface=$iapp_interface" "$N"
 	}
@@ -377,7 +389,7 @@ hostapd_set_log_options() {
 	set_default log_iapp   1
 	set_default log_mlme   1
 
-	local log_mask=$((       \
+	local log_mask=$(( \
 		($log_80211  << 0) | \
 		($log_8021x  << 1) | \
 		($log_radius << 2) | \
@@ -404,7 +416,7 @@ _wpa_supplicant_common() {
 
 wpa_supplicant_teardown_interface() {
 	_wpa_supplicant_common "$1"
-	rm -rf "$_rpath" "$_config"
+	rm -rf "$_rpath/$1" "$_config"
 }
 
 wpa_supplicant_prepare_interface() {

package/network/services/hostapd/patches/001-fix_pmksa_cache.patch

+From 9c829900bb01d6fb22e78ba78195c78de39f64b9 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 04 Oct 2014 19:11:00 +0000
+Subject: Fix authenticator OKC fetch from PMKSA cache to avoid infinite loop
+
+If the first entry in the PMKSA cache did not match the station's MAC
+address, an infinite loop could be reached in pmksa_cache_get_okc() when
+trying to find a PMKSA cache entry for opportunistic key caching cases.
+This would only happen if OKC is enabled (okc=1 included in the
+configuration file).
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+--- a/src/ap/pmksa_cache_auth.c
++++ b/src/ap/pmksa_cache_auth.c
+@@ -394,15 +394,13 @@ struct rsn_pmksa_cache_entry * pmksa_cac
+ 	struct rsn_pmksa_cache_entry *entry;
+ 	u8 new_pmkid[PMKID_LEN];
+ 
+-	entry = pmksa->pmksa;
+-	while (entry) {
++	for (entry = pmksa->pmksa; entry; entry = entry->next) {
+ 		if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0)
+ 			continue;
+ 		rsn_pmkid(entry->pmk, entry->pmk_len, aa, spa, new_pmkid,
+ 			  wpa_key_mgmt_sha256(entry->akmp));
+ 		if (os_memcmp(new_pmkid, pmkid, PMKID_LEN) == 0)
+ 			return entry;
+-		entry = entry->next;
+ 	}
+ 	return NULL;
+ }

package/network/services/hostapd/patches/003-wpa_cli-Use-os_exec-for-action-script-execution.patch

+From c5f258de76dbb67fb64beab39a99e5c5711f41fe Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Mon, 6 Oct 2014 17:25:52 +0300
+Subject: [PATCH 2/3] wpa_cli: Use os_exec() for action script execution
+
+Use os_exec() to run the action script operations to avoid undesired
+command line processing for control interface event strings. Previously,
+it could have been possible for some of the event strings to include
+unsanitized data which is not suitable for system() use. (CVE-2014-3686)
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ wpa_supplicant/wpa_cli.c | 25 ++++++++-----------------
+ 1 file changed, 8 insertions(+), 17 deletions(-)
+
+--- a/wpa_supplicant/wpa_cli.c
++++ b/wpa_supplicant/wpa_cli.c
+@@ -3149,28 +3149,19 @@ static int str_match(const char *a, cons
+ static int wpa_cli_exec(const char *program, const char *arg1,
+ 			const char *arg2)
+ {
+-	char *cmd;
++	char *arg;
+ 	size_t len;
+ 	int res;
+-	int ret = 0;
+ 
+-	len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
+-	cmd = os_malloc(len);
+-	if (cmd == NULL)
++	len = os_strlen(arg1) + os_strlen(arg2) + 2;
++	arg = os_malloc(len);
++	if (arg == NULL)
+ 		return -1;
+-	res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
+-	if (res < 0 || (size_t) res >= len) {
+-		os_free(cmd);
+-		return -1;
+-	}
+-	cmd[len - 1] = '\0';
+-#ifndef _WIN32_WCE
+-	if (system(cmd) < 0)
+-		ret = -1;
+-#endif /* _WIN32_WCE */
+-	os_free(cmd);
++	os_snprintf(arg, len, "%s %s", arg1, arg2);
++	res = os_exec(program, arg, 1);
++	os_free(arg);
+ 
+-	return ret;
++	return res;
+ }
+ 
+