Fixes: e0d7181a6Closes: #22973Closes: #22988
1. Make the new `startup()` function in `/usr/bin/wifi_schedule.sh`
respect the global `enabled` config flag; in particular, make no
changes to `/etc/config/wireless` when wifi_schedule is disabled.
2. Make the new `/etc/init.d/wifi_schedule` service script executable.
Signed-off-by: Rani Hod <rani.hod@gmail.com>
Allow use of rules as-defined, and don't override their actions. This
is generally the best way to use the ruleset, and overriding their
actions should only be undertaken when you fully understand how it
affects their use.
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
This PR adds the ability of snort to process rules that target
swf and pdf files requiring lzma decompression to look for
malicious payloads therein. This change only increases the size
of the snort3 executable by a fraction of a KB and the added
dependency of liblzma (based on currently offered 5.4.4-1) is
only a 169 KB shared object. Based on CPU requirements of snort,
x86 users likely represent the majority user-base and space their
rootfs is not an issue as it may be for lower-powered SoCs.
Size of snort3-3.1.76.0-2: 7354403 bytes
Size of snort3-3.1.76.0-3: 7354435 bytes
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Maintainer: @mkrkn @neheb
Compile tested: aarch64, cortex-a53, OpenWRT Master
Run tested: Dynalink DL-WRX36
Description:
[A previous commit](f8a8b71e26) has added more script event options.
However it looked like that commit was not complete as it stops the use of the script events route-up, route-pre-down, and ipchange when those are placed in the openvpn config file.
This PR fixes a regression that makes it problematic to specify certain event options in the OpenVPN configuration file.
Discussion in [this thread](https://forum.openwrt.org/t/openvpn-custom-route-up-script-in-23-05-rc2/167105/13) and [here](https://forum.openwrt.org/t/openvpn-route-up-and-route-pre-down-broken-in-23-05/176568)
Please have a look and consider implementing or make it possible to use all script event options in the openvpn config file in another way.
Pull request has been discussed and improved with the help of @AuthorReflex, see: https://github.com/openwrt/packages/pull/21732
Signed-off-by: Erik Conijn <egc112@msn.com>
* rework the device/interface auto-detection (only layer-3 network devices will be detetcted correctly), disable the auto-detection e.g. for special tunnel interfaces
* supports now full gawk (preferred, if installed) and busybox awk
* raise the default boot timeout to 20 seconds (if 'ban_triggerdelay' is not set)
* various small fixes and improvements
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
Remove append_params and use shell expressions instead e.g. ${port:+-p $port}.
Note that we can't do that with ProxyCommand because it has to be quoted.
The order of options was changed from more important like hostname to just static -nN.
The CompressionLevel option is removed from SSH2.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
The ProxyCommand may have spaces so it must be quoted.
So we must use the procd_append_param.
Currently the option is not supported by Dropbear.
But it has -J instead which in OpenSSH means ProxyJump.
So we can't use it to avoid conflict.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Changelog: https://github.com/snort3/snort3/releases/tag/3.1.77.0
,,_ -*> Snort++ <*-
o" )~ Version 3.1.77.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.13
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.12 24 Oct 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3
Using Hyperscan version 5.4.2 2023-12-20
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
v0.20.0:
- GNUNET_TESTING_get_testname_from_underscore renamed to GNUNET_STRINGS_get_suffix_from_binary_name and moved from libgnunettesting to libgnuneutil
- Move GNUNET_s into libgnunetutil.
- re-introduce compiler annotation for array size in signature
- function-signature adjustment due to compiler error
- GNUNET_PQ_get_oid removed, GNUNET_PQ_get_oid_by_name improved
- Added GNUNET_PQ_get_oid_by_name
- added GNUNET_PQ_get_oid()
- Added new CCA-secure KEM and use in IDENTITY encryption
- Add KEM API to avoid ephemeral private key management
- Add new GNUNET_PQ_event_do_poll() API to gnunet_pq_lib.h
- Added API to support arrays in query results
- Improve PQ API documentation.
- API for array types extended for times
- API extended for array query types
- relevant array-types in queries (not results) in postgresql added
- just style fixes, int to enum
- initial steps towards support of array-types in posgresql
- adds GNUNET_JSON_spec_object_const() and GNUNET_JSON_spec_array_const()
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update the mdio-netlink kmod and userspace mdio-tools to version 1.3.1.
[v1.3.1] - 2023-12-02
---------------------
Fixes mvls to work with kernels 6.2 and onwards.
- mdio: Multiple registers can now be dumped at once, via the generic
dump operation.
- mvls: Relax the driver matching to accept the strings used in
kernels 6.2 and newer.
Signed-off-by: Robert Marko <robimarko@gmail.com>
OpenVPN configurations that have a uci entry, the enable/enabled option can
be used to control whether the OpenVPN connection should be started at
system startup or not.
OpenVPN configurations that are located under '/etc/openvpn/' are always
started at system boot. To ensure that these connections can also be
started later, they must 'not' be started automatically during system boot.
This can be prevented with the following entry in the OpenVPN configuration.
config globals 'globals'
option autostart '0'
These OpenVPN configurations can then be started later with the command.
'/etc/init.d/openvpn start <name>'
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This commit adds the possibility that an OpenVPN instance located under
'/etc/openvpn' can also be started with the command.
'/etc/init.d/openvpn start <name>'
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
https://curl.se/changes.html#8_5_0
Pick upstream patch to fix build with gnuTLS and verbose strings removed.
The patch should be removed with the next version bump.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When the service is started, wait for the clock to be synchronized for
up to 5 minutes and provide the stratum action once for ntp hotplug
scripts.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
Fixes#20848
Add interface triggers if interfaces to listen to are specified in
`/etc/config/ipsec`. This fixes the "running with no instances" scenario
after rebooting a router.
Signed-off-by: Joel Low <joel@joelsplace.sg>
- Delete legacy configuration files homenet.lua and local.lua
- Add snort config 'include' to allow user customizations in the lua
- Enhance 'check' to test generated nftables file
- Suppress inclusion of rules file when doing silent config check
- Suppress warnings on configuration check unless '-v'erbose
- Replace text logging with json logging to reduce footprint and make reports easier
- Fix some typos in the snort.uc template
- Fix up some error messages suggesting solutions
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
* move reload/restart logic from json() to config_cache()
* improve fw4 restart decision logic
* no longer store reload/restart info in ubus/status json file
* rename variables pointing to run-time information
* create dns_set_output_values to reuse code in principal all and luci app
* improve append_url to store collected URLs in an alternative variable
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Recent version of WolfSSL dropped CyaSSL shims and made the package not
compilable. Converting it to the WolfSSL library is simple enough as the
API used are very basic and can be converted directly. Add patch that
fully convert the package to WolfSSL and doesn't use the compat shim
anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* provides an option to transfer log events on remote servers via cgi interface (disabled by default), see readme for details
* refine the allowlist check to support IP intervals as well before adding an IP to the blocklist
Signed-off-by: Dirk Brenken <dev@brenken.org>
* improve allow-listing reliability by running sed from the script-file
instead of the command-line
* fix user for smartdns files ownership
Signed-off-by: Stan Grishin <stangri@melmac.ca>
New features for v1.7.x:
1. Support excluding custom routes
2. `udp_disable_domain_unmapping` for inbound listen option
3. `HTTPUpgrade` transport
4. Migrate multiplex and UoT server to inbound and multiplexing support is no longer enabled by default and needs to be turned on explicitly in inbound options.
5. TCP Brutal support for multiplex
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
Changelog: https://github.com/snort3/snort3/releases/tag/3.1.76.0
,,_ -*> Snort++ <*-
o" )~ Version 3.1.76.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.13
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.12 24 Oct 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3
Using Hyperscan version 5.4.2 2023-12-03
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
* do not use standalone grep-package dependent syntax to get the remote
file size
* various bugfixes to prevent attempts to change/commit if dnsmasq/smartdns
are not installed
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* bugfix: correct URL to config-update file
* bugfix: check if uci configs exist before chacking for changes
* add support for smartdns ipset-based blocking
* add support for smartfns nftset-based blocking
* disallow non-ascii symbols for smartdns blocking
* add check wherever fw4 restart is needed before calling
procd_set_config_changed firewall
* improve clean-up code in resolver()
* improve case code for different resolver settings
* modify load_validate_config to allow smartdns.ipset and smartdns.nftset
Signed-off-by: Stan Grishin <stangri@melmac.ca>
uspot is an OpenWrt-native captive portal system.
It leverages existing OpenWrt tools such as uhttpd, dnsmasq, firewall4,
ucode, without needing any external kernel module.
It can achieve the maximum performance allowed by nftables (flow
offloading works).
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* add support for smartdns
* switch from using `uci` commands to `uci_` functions
* rename `_resolver_config` to `_dnsmasq_instance_config`
* introduce `_smartdns_instance_config`
* improve resolvers restart code on changes
* update load_validate_config to allow for smartdns option
Signed-off-by: Stan Grishin <stangri@melmac.ca>
If no GSM but only 4G is available and a special APN must be used, it
is necessary to set an inital EPS bearer beforehand. If this is not set,
then modem cannot log in and register in the mobile network.
The new option 'init_epsbearer' could be set to the following options.
* none: No init EPS bearer is used and the old one is deleted (default)
* default: Use init EPS bearer with the following config options
'iptype', 'allowedauth', 'password', 'user' and 'apn' as for the
connection bearer.
* custom: Other parameters are used that do not match those of the
default connection bearer. These have an 'init_' prefix and are named
in the same way as the default connection bearer config options.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
With this change the following modem 'state' are checked before a
connection attempt setup.
* failed: Stop connection attempt because of sim-missing
* locked: Stop connection attempt if no pincode is set
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
- Add many options to config file.
- Move rules and generated snort.lua to /tmp.
- Add script for downloading rules.
- Add preliminary reporting capabilites.
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Fix the problem that cannot create new task after clearing checksum option
Other bug fix and user interface optimization
Support overriding aria2 global settings with empty content when create new download task (#712)
Other bug fix and user interface optimization
Update Traditional Chinese translation (#705, thx @ChiaYen-Kan)
Other bug fix and user interface optimization
Add check-integrity to task settings tab (#693, thx @raytrap)
Fix a spelling mistake (#696, thx @rusq)
fix due to the index.html (1.3.6) cite these 2 png files. To keep the page looks fine without 404, added these 2 png files.
Signed-off-by: Ariel Xiong <ArielHeleneto@outlook.com>
