If more then one interface get up/down at once mwan3 could be in a
undefined state, because more then one mwan3 hotplug script are running
and editing the iptables.
Lock the critical section should solve this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
A lot of autoconf-based scripts expect --with-foo-dir=$(STAGING_DIR)/usr
and break if they can't find bin/foo-config as a child of that path.
Putting things in $(STAGING_DIR)/host/bin seems to be suboptimal; I
could change the install path but there's no saying what that would
break.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
With this patch the unbound init routines manage resolv.conf if and only if
when unbound will listen on 127.0.0.1#53 and dnsmasq is not.
Also logs some cases where config values are overriden with sane defaults.
Fixes (partially) LEDE FS#785
Fixesopenwrt/packages#4487
Signed-off-by: Paul Oranje <por@xs4all.nl>
luci2-io-helper: bugfix buckup script read timeout
Reading files from stdin will block for ever. The uhttpd is killing the
backup process after script_timeout.
Switching read to non blocking mode and add a waitpid for the slave
process does not end in a script_timeout anymore.
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* use iwinfo instead iw for wlan scanning,
scanning now works on radio-level
* enhance multiple radio support:
* support STA-only radio configurations,
e.g first radio with local AP, second radio
with a bunch of STAs (without APs)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Add config support which allow snmpd to take a more active role by sending
traps.
Following config options are supported which map directly on snmpd directives:
-trapcommunity
-trapsink
-trap2sink
-informsink
-authtrapenable
-v1trapaddress
-trapsess
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
- use exec directly to eliminate a level in the process tree
- use "$@" instead of "$*" to pass arguments to openconnect
According to openconnect(8), openconnect will call vpnc-script to
cleanup before quit when it received SIGINT(2) and will quit immediately
when it received SIGTERM (the default signal by kill command)
Before and after the change, openconnect process will be killed first
with SIGINT sent from netifd. This was decided by the
'proto_kill_command "$config" 2' notify call in the proto script.
SIGKILL is the only other signal that can be sent from netifd when the
process did not quit on SIGINT on time. There should be no need to trap
on signal 1 3 6 9 (HUP QUIT ABRT KILL)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Fixes build errors with external toolchains:
[ 33%] Building C object CMakeFiles/cgi-io.dir/main.c.o
/home/florian/dev/openwrt/trunk/build_dir/target-mipsel-unknown-linux-gnu_glibc/cgi-io/main.c:30:21:
fatal error: libubus.h: No such file or directory
#include <libubus.h>
^
compilation terminated.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
According to openconnect --help output:
-m, --mtu=MTU Request MTU from server
--base-mtu=MTU Indicate path MTU to/from server
Fixes#2099 by allowing setting tunnel mtu
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
It was introduced with 41f8d5465 ("openconnect: fix a couple of minor
things and add an interface option") and not needed since 4083de9d7
("openconnect: use proto_add_host_dependency")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
We would not be able to search for pcap.h because CFLAGS are not passed
from src/Makefile down to src/wps/Makefile:
make[4]: Entering directory
'/home/florian/dev/openwrt/trunk/build_dir/target-mipsel-unknown-linux-gnu_glibc/reaver-1.4/src/wps'
mipsel-linux-gnu-gcc -I../utils -I ../ wps_attr_build.c -c
mipsel-linux-gnu-gcc -I../utils -I ../ wps_attr_parse.c -c
mipsel-linux-gnu-gcc -I../utils -I ../ wps_attr_process.c -c
mipsel-linux-gnu-gcc -I../utils -I ../ wps.c -c
mipsel-linux-gnu-gcc -I../utils -I ../ wps_common.c -c
mipsel-linux-gnu-gcc -I../utils -I ../ wps_dev_attr.c -c
mipsel-linux-gnu-gcc -I../utils -I ../ wps_enrollee.c -c
mipsel-linux-gnu-gcc -I../utils -I ../ wps_registrar.c -c
In file included from ../misc.h:41:0,
from wps_registrar.c:27:
../defs.h:43:18: fatal error: pcap.h: No such file or directory
#include <pcap.h>
^
compilation terminated.
Makefile:28: recipe for target 'wps_registrar.o' failed
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
There are no other "echo" debug lines in this file, and it seems
clear that this one was accidentally left as a debugging line,
since it misspelled "dependency". So, we just remove this line.
We don't bump the package version, though, because this is
pretty inconsequential.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
From upstream's changelog:
* timers: queue up killing ephemerals only if not already
We fix up a small detail in the timer logic that changed during the last
snapshot.
* receive: trim incoming packets to IP header length
Packets are now trimmed to their actual length, not their length+padding,
before handing to the rest of the network subsystem, so that packets look
pretty in tcpdump. This doesn't actually affect what userspace sees, since the
kernel trims it at a later stage, but it does make pcaps a bit nicer to use.
* curve25519: use more standard label convention in asm
This ensures that perf(1) shows the function name instead of the label name.
* compat: remove padata hotplug code
Fixes building on kernels that have HOTPLUG enabled but no PADATA support.
* config: add new line for style
* device: do-while assignment style
* peer: explicitly initialize atomic
Style.
* noise: fix race when replacing handshake
Handle a situation in which three peers, all running on the same system, begin
a handshake with all three of each other, at exactly the same time, on a
multi-CPU system.
* random: wait for random bytes when generating nonces and ephemerals
We've been working with upstream to add a new API to the kernel for ensuring
that the RNG actually is seeded. Until they merge it for 4.13, we provide a
poly-fill to the compat code. This means that WireGuard will block during
handshakes until the RNG has enough entropy, so that it's never in a
circumstance in which ephemeral keys are generated from bad randomness.
* go test: properly pad message
* go test: correct tai64n and formatting
* external-tests: add keepalive packet
* go test: use x/crypto for blake2s now that we have 128-bit mac
* external-tests: trim the fat
Improvements for the external tests.
* wg-quick: make sure we have empty table for both v6 and v4
* wg-quick: match ipv6 default route more broadly
Tiny nits with wg-quick, one of which should now allow multiple v6-only
wg-quick instances running at the same time.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
backend:
* cosmetics
frontend:
* "Save & Reply" now distinguish between normal and manual/backup mode
and triggers an appropriate reload or a start action
Signed-off-by: Dirk Brenken <dev@brenken.org>
Script priority adjusted.
Custom memory management turned off to save some memory on low-end device.
Signed-off-by: Antonio Paunovic <antonio.paunovic@sartura.hr>
backend:
* add new 'manual mode' to re-use blocklist backups during startup,
get fresh lists only via manual reload or restart action
* additional free memory check during dns restart to prevent OOM errors
* removed palevo tracker from default config,
this tracker has been discontinued
* cosmetics
LuCI frontend (see luci repo):
* add new 'manual mode' under extra options
Signed-off-by: Dirk Brenken <dev@brenken.org>
The smartsnmpd SConstruct file only accepts setting CFLAGS and does not
use CPPFLAGS, so pass both down using CFLAGS.
This fixes build errors with external toolchains that don't
automatically search for headers in $(STAGING_DIR).
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Make sure we pass down TARGET_CPPFLAGS and TARGET_LDFLAGS to fix build
with external toolchains that don't automatically search for headers and
libraries in $(STAGING_DIR).
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This was removed in LEDE commit 0b7ed65cec8084bb98ae0e2758b7aca6c447cd4b
("kernel: remove out of tree direct-io disable hack")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
After checking in the ipkg-install dir of netatalk,
it seems that the permissions it sets to the conf-files
are 644.
# ls -la lede/build_dir/target-mips_24kc_musl/netatalk-3.1.11/ipkg-install/etc
-rw-r--r-- 1 sandu sandu 226 iun 5 20:53 afp.conf
-rw-r--r-- 1 sandu sandu 1948 iun 5 20:53 dbus-session.conf
-rw-r--r-- 1 sandu sandu 25037 iun 5 20:53 extmap.conf
While the Package/netatalk/install build rule overrides
them to 600.
According to
* https://github.com/openwrt/packages/issues/4318
* https://forum.lede-project.org/t/help-with-apple-filesharing-protocol-for-time-machine/3259/5
this is a problem in some setups.
So, this patch changes them to what the netatalk
package creators intended initially (i.e. 644).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The earlier commit ea119211b2 removed 'dsa' as one of the ssh_host_*_key
types that got generated. Problem was that it didn't remove that key
as one of the paths that the server looks for by default. As a
consequence, your log file might fill up with messages like:
2017-06-01T15:43:07-06:00 openwrt sshd[31929]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
The patch is forunately trivial. Don't set the path for the dsa
key file in the server configuration.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The author (@pprindeville) of the original commit noted that the wrong
commit was picked, see
325b7d2cd2 (commitcomment-22387528)
"Err... looks like the wrong fix got committed. I was hoping that this
commit d902e5d would have gone in instead."
This reverts commit 325b7d2cd2.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fixes the following build error with an external toolchain:
./bld/sqlite3.o: In function `fts5Bm25Function':
sqlite3.c:(.text+0x27234): undefined reference to `log'
./bld/piechart.o: In function `piechart_render':
piechart_.c:(.text+0x430): undefined reference to `sincos'
piechart_.c:(.text+0x47c): undefined reference to `sincos'
piechart_.c:(.text+0x548): undefined reference to `sincos'
collect2: error: ld returned 1 exit status
src/main.mk:526: recipe for target 'fossil' failed
make[3]: *** [fossil] Error 1
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This backports a patch that has been accepted upstream in linuxptp:
8b61aa2c3f3103db1d4ca1d1e49bb4f8831c1abf ("udp: Avoid including
netdb.h") to fix build errors with external glibc toolchains that
provide rpc/types.h.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Conserver is an application that allows multiple users to use
serial consoles at the same time, with logging. It has a client-
server design which makes it easy to manage a distributed set
of serial consoles. Logging makes post-crash analyses easier.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Standard assignment is immediate expansion without any extraneous spacing, RFC822 compliant email addresses and consistent section assignments
Signed-off-by: Stephen Walker <stephendwalker+github@gmail.com>
types that got generated. Problem was that it didn't remove that key
as one of the paths that the server looks for by default. As a
consequence, your log file might fill up with messages like:
2017-06-01T15:43:07-06:00 openwrt sshd[31929]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
The patch is forunately trivial. Don't set the path for the dsa
key file in the server configuration.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Peter Wagner <tripolar@gmx.at>
From upstreams changelog:
This rather large snapshot touches quite a few sensitive areas, so I'm
releasing it now rather than later to receive feedback on any possible issues.
It also contains fixes, so everybody should upgrade.
* man: fix psk mention in wg-quick man page
* man: update wg-quick(8) to show Debian resolvconf braindamage
Documentation cleanups.
* wg-quick: use src routing for default routes in v6
ip-rule(8) doesn't do the right thing with source addresses, unless we
explicitly set it inside the route. This fixes wg-quick on IPv6 systems.
* curve25519: actually, do some things on heap sometimes
* curve25519: align the basepoint to 32 bytes
* curve25519: add NEON versions for ARM
* data: enable BH during parallel crypto on ARM/NEON
* chacha20poly1305: move constants to rodata
* chacha20poly1305: add NEON versions for ARM and ARM64
We now have faster primitives on ARM and ARM64 processors, which should
improve performance.
* handshake: process in parallel
Handshakes are now processed in parallel using all cores, which should improve
throughput during a storm.
* noise: no need to store ephemeral public key
* noise: precompute static-static ECDH operation
We can precompute the ECDH(s, s) calculation, which improves handshake
initiation message performance by double.
* style: spaces after for loops
* peer: use iterator macro instead of callback
The most unreadable C ever produced. It might be wise to find a sexier-looking
alternative at some point.
* compat: remove warning for < 4.1
* compat: ship padata if kernel doesn't have it
The usual array of annoying compat things.
* rust test: convert screech test to snow
* rust test: add icmp ping
We now use Jake's snow library for Noise in the test, which we've expanded to
complete a ping.
* config: do not error out when getting if no peers
* tools: allow creating device with no peers
Fixing some small things in the tool/config interaction.
* device: keep going when share_check fails
* routingtable: remove unnecessary check in node_placement()
* config: it's faster to memcpy than strncpy
* timers: fix typo in comment
Nits.
* debug: print interface name in dmesg
For those who compile with `make debug`, you'll be happy to see a bit better
information in dmesg.
* timers: rework handshake reply control flow
* timers: the completion of a handshake also is on key confirmation
* timers: reset retry-attempt counter when not retrying
Tightening up our timer implementation, which is quite important.
Signed-off-by: Dan Luedtke <mail@danrl.com>
Since we're using the kernel's module, this is
un-necessary.
Should speed up the build a bit.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Admittedly I never used those Python libs.
And the setup I was trying it on, did not have
the Python interpreter packaged, so these build failures
went un-noticed.
That's my fault for not trying it out properly on
a full LEDE repo, with all packages.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
