Enabling fast sampling to support four digit (e.g., 1.0000) precision in reports' timestamps. Useful for sub-millisecond sampling.
Changelog: https://sourceforge.net/p/iperf2/code/ci/2-1-8/tree/README
Signed-off-by: Alberto Martinez-Alvarez <amteza@gmail.com>
Maintainer: @nbd168
Compile tested: ath79, ramips, bcm27xx
The original PR for this change is #16373, where it's cleary stated it
doesn't work. This should have never been merged. It causes the
following recursive dependency:
tmp/.config-package.in:122354:error: recursive dependency detected!
tmp/.config-package.in:122354: symbol PACKAGE_strongswan-default depends on PACKAGE_strongswan-mod-socket-default
tmp/.config-package.in:123534: symbol PACKAGE_strongswan-mod-socket-default is selected by PACKAGE_strongswan-default
This reverts commit 603f70e96b.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
With the new OW release approaching, it might be better to get an officially
tagged upstream release in as PR#19087 just contained a fix for CVE-2022-29154
which itself introduced a few bugs.
Signed-off-by: John Audia <therealgraysky@proton.me>
The rsync package is vulnerable to CVE-2022-29154[1], which is not yet in a
non-preview release. This commit applies the upstream commit to fix it and
several subsequent commits needed to fix bugs the initial fix introduced[2].
1. https://rsync.samba.org/ftp/rsync/NEWS#SECURITY_FIXES-3.2.5
2. https://bugs.archlinux.org/task/75558
Signed-off-by: John Audia <therealgraysky@proton.me>
One of common use cases for SMB3 server in routers is sharing hotplugged
drives. Users make many attempts setting that up which often are not
optimal.
This script handles it in the cleanest way by using:
1. hotplug.d mount subsystem
2. runtime config in the /var/run/config/
It provides a working basic solution that can be later adjusted by
modifying provided hotplug script.
A pretty much idential solution was part of the samba36 package. It was
added in the OpenWrt commit ef1efa756e0d0 ("samba36: add package with
hotplug.d script for auto sharing") as an answer for feature required by
the Rosinson company.
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Dynamically created shares shouldn't be stored in the /etc/config/
because of:
1. Flash wearing
2. Risk of inconsistent state on reboots
With this change all automation/hotplug.d scripts can store runtime in
the /var/run/config/samba. It's useful e.g. for USB drives that user
wants to be automatically shared.
Also: automated scripts should never call "uci [foo] commit" as that
could flush incomplete config. This problem also gets solved.
Identical feature was added to samba36 in the OpenWrt commit
5a59e2c059866 ("samba36: append config from /var/run/config/ for runtime
shares") but wasn't ported to ksmbd until now.
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Remove nft rules file generated by ss-rules if ss-rules was or should be
turned off for by configuration. Use "fw4 restart" instead of "fw4
reload" to force the runtime rule reloading
Ref: https://github.com/openwrt/packages/pull/17937#issuecomment-1207357037
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Allow connection via a proxy server (required on some sites where
direct outbound HTTP(S) access is not permitted).
Signed-off-by: Michael Brown <mbrown@fensystems.co.uk>
- add package apinger-rrd for RRD graphs
- add RPC to get an overview and update graphs
- fix interface hotplug to restart apinger instance
- add patch to split alarms list in the status
Signed-off-by: Jaymin Patel <jem.patel@gmail.com>
The decision to switch the default to wolfSSL was taken because of
hostapd back from when curl was in base. Unfortunately, not only is
wolfSSL bigger but it has also been causing issues recently. There's
also no relation between hostapd and curl.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
bb362db datastorage: fix ap_array_unlink_entry always returns NULL
47e98ef network: ping pong keepalive for tcp connections
eba0354 network: add timeout for client connections
In the dawn config the con_timeout needs to be added:
option con_timeout '60'
Signed-off-by: Nick Hainke <vincent@systemli.org>
The update fixes GCC-10 (or newer) builds. Remove 010-uclibc.patch as it
has been applied upstream in this new version.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Global Socket allows two workstations on different private networks to
communicate with each other. Through firewalls and through NAT - like
there is no firewall.
The TCP connection is secured with AES-256 and using OpenSSL's SRP
protocol (RFC 5054). It does not require a PKI and has forward
secrecy and (optional) TOR support.
The gsocket tools derive temporary session keys and IDs and connect
two TCP pipes through the Global Socket Relay Network (GSRN). This is
done regardless and independent of the local IP Address or geographical
location.
The session keys (secrets) never leave the workstation. The GSRN sees only
the encrypted traffic.
The workhorse is 'gs-netcat' which opens a ssh-like interactive PTY
command shell to a remote workstation (which resides on a private and
remote network and/or behind a firewall).
Also added test.sh file to run test it inside containeer
Signed-off-by: Ralf Kaiser <skyper@thc.org>
- convert apinger into procd instances
- generate instance specific apinger.conf from uci
- hotplug handling for apinger alarms
- restart apinger interface instance on ifup action of interface
- don't exit on packet count mismatch, allows to use apinger as monitor
for multiple targets handling
- add srcip option to target configuration, allows specifying source ip
used to monitor target
- allow creating status file in script parseable format
Patches are ported against latest version of apinger and referenced from
https://git.pld-linux.org/?p=packages/apinger.git;a=summary
Signed-off-by: Jaymin Patel <jem.patel@gmail.com>
Usually, no other local service depends on the start of ser2net, so
let's start it later in the boot process.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
A network restart where netifd is cleanly restarted involves bringing
the network interfaces down. The 'modemmanager' protocol handler will
run a mmcli --simple-disconnect in this case, but only if there are
bearer objects found.
If the network restart happened *during* the connection attempt
procedure, while the modem is e.g. being registered in the network, no
bearer objects exist yet, and so, we would skip doing anything during
the interface teardown operation. This would lead to the original
connection attempt succeeding, so leaving the modem in ModemManager
in connected state, while the associated interface in netifd is
reported down.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Kea expects /var/run/kea to exist. Without it, errors occur:
Mon Jun 13 10:31:45 2022 daemon.err kea-dhcp6[2977]: Unable to use interprocess sync lockfile (No such file or directory): /var/run/kea/logger_lockfile
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
From the changelog…
o Major bugfixes (congestion control, TROVE-2022-001):
- Fix a scenario where RTT estimation can become wedged, seriously
degrading congestion control performance on all circuits. This
impacts clients, onion services, and relays, and can be triggered
remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
bug 40626; bugfix on 0.4.7.5-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on June 17, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/06/17.
o Minor bugfixes (linux seccomp2 sandbox):
- Allow the rseq system call in the sandbox. This solves a crash
issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
40601; bugfix on 0.3.5.11.
o Minor bugfixes (logging):
- Demote a harmless warn log message about finding a second hop to
from warn level to info level, if we do not have enough
descriptors yet. Leave it at notice level for other cases. Fixes
bug 40603; bugfix on 0.4.7.1-alpha.
- Demote a notice log message about "Unexpected path length" to info
level. These cases seem to happen arbitrarily, and we likely will
never find all of them before the switch to arti. Fixes bug 40612;
bugfix on 0.4.7.5-alpha.
o Minor bugfixes (relay, logging):
- Demote a harmless XOFF log message to from notice level to info
level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
- convert autossh into procd instances
- add new uci config options to handle local and remote
port forwarding
- remove hotplug down actions causing service to stop on
any interface down event
Signed-off-by: Jaymin Patel <jem.patel@gmail.com>
Remove upstreamed patches:
- 100-fix-setstacksize-for-glibc-2.34.patch
Refresh patches:
- 200-logdest-on-foreground.patch
Changes:
Misc:
- OpenSSL 3.0 compatibility
Bug Fixes:
- Fix refused startup with openssl <1.1
- Fix compiler issue for Fedora 33 on s390x
- Fix small memory leak in config parser
- Fix lazy certificate check when connecting to TLS servers
- Fix connect is aborted if first host in list has invalid certificate
- Fix setstacksize for glibc 2.34
- Fix system defaults/settings for TLS version not honored
Signed-off-by: Nick Hainke <vincent@systemli.org>
Maintainer: Tom Stöveken <tom@naaa.de>, Markus Weippert handed over, see: https://github.com/openwrt/packages/pull/18715#issuecomment-1153567619
Compile tested: SDK for OpenWrt 21.02.3
Run tested: x86/64, J&W Technologies I1171D001 Intel(R) Celeron(R) CPU N3160 @ 1.60GHz, OpenWrt 21.02.3
Description:
Updated to version 0.11.0
Added new configuration parameters
Signed-off-by: Tom Stöveken <tom@naaa.de>
luajit provides higher performance for requests handled in Lua hooks.
It also enables access to dnsdist functionality only exposed via FFI,
and allows configurations/hooks to call functions in any C library
without providing separate bindings.
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
- New major LTS release (https://www.mail-archive.com/haproxy@formilux.org/msg42371.html)
- Sadly, no QUIC/H3 support for now because the QuicTLS library - which is a fork of OpenSSL - would be needed. However, we do not have a package for that and I currently do not want to build and statically link it into the haproxy package
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
89d5d2e091 only patched importing
MutableMapping from collections, but importing Mapping has to be patched
too
Closes: #18681
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
1. Switched to use prebuilt web files to get rid of massive Node.js.
2. Increased nofile limitation to avoid "too many open files" error.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
mdio-tools have a app dedicated to reading Marvell Link Street switch
properties which is really usefull to not have to manually do it via
MDIO.
So, install the mvls binary as well.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Update the mdio-netlink kmod and userspace mdio-tools to version 1.1.1.
mdio-tools required a musl time64 compatibility fix that I have an PR
open for already.
Changelog:
[v1.1.1] - 2022-05-23
---------------------
Tiny bugfix release.
- mdio: The bench operation is now much more reliable when stacked on
other devices than regular PHYs (e.g. paged PHYs or Marvell
switches).
- mvls: The STU can now be dumped chips from the Peridot generation.
[v1.1.0] - 2022-05-04
---------------------
A sprawling release, adding various mvls related introspection
features. mvls also gains a JSON output format.
- mvls: The STU can now be dumped (requires Linux 5.17 or later). This
is useful now that mv88e6xxx supports offloading of MST states
- mvls: Output can now be formatted as JSON for easier scripting
- mdio: mvls: A subset of MIB counters can now be dumped. This let's
you get at counters for DSA ports, which are not reachable from
ethtool
- mdio: mvls: The LAG mask and LAG map tables can now be dumped
- mdio: Improve usage message by including the examples from the
manual
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
This fixes "too many open files" error caused by max-file limitation
when xray processes large traffic.
Reported-by: Terry Ding <terryding77@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Major changes are:
Add support for Heimdal as the Kerberos 5 implementation.
Add smbd max io size parameter.
Accept global share options.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Previously it was using killall with procd respand enabled
This was causing yggdrasil to restart after being killed
root@r3test-hap:/# service yggdrasil stop ; echo $? ; sleep 10s ; ps | grep yggdrasil
Terminated
143
6701 root 653m S /usr/sbin/yggdrasil -useconffile /tmp/yggdrasil.conf
6748 root 1308 S grep yggdrasil
Now it's just using whatever procd is using and see there, it actually stops
root@r3test-hap:/# service yggdrasil stop ; echo $? ; sleep 10s ; ps | grep yggdrasil
0
6802 root 1308 S grep yggdrasil
I assume there was some procd bug that kept it from being used properly
Signed-off-by: Maciej Krüger <mkg20001@gmail.com>
According to David Woodhouse, OpenConnect has no issues reconnecting on any
interface. Make the host dependency optional, as it can cause issues in multiple
WAN scenarios.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
The --juniper switch has been deprecated in favour of --protocol=nc. Fix the
proto script thusly, while keeping compatibility with existing configurations.
Note that, as far as UCI is concerned, if both options juniper and vpn_protocol
are specified, the latter takes precedence.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Using resolveip is more robust and predictable than depending on nslookup and
awk.
This reverts commit 131ec7b3bd.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
banIP 0.7.x is not compatible with new nft firewall (default in master and 22.03).
Mark the package as BROKEN for now.
Signed-off-by: Dirk Brenken <dev@brenken.org>
Force restart stubby if any of the trigger interfaces goes up or down.
Avoids DoT DNS lookup timeouts when default route changes, in case of multiple
upstream interfaces.
Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
This commit fixes two issues on macos:
1. Added a patch to fix 'echo -n' issue with MacOS shell
(backported from upstream)
2. Redefined sys.platform='linux' for target build if build host is
MacOS (otherwise, build script tries to use MacOS logic for
OpenWrt(Linux) target build)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Use nft instead of iptables to open port 80 in the firewall when getting a
cert. Since nft doesn't allow deleting a rule by its contents, capture and
save the handle when creating the rule, and use that to delete.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Backport a patch in order to allow building OpenConnect against OpenSSL 1.1.x
without the need for deprecated API (further fixes will be required for OpenSSL
3.x, though).
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
On systems using seccomp, the hostapd socket files will be owned by the
'network' user/group ([source][0]). In this case, if wifi-presence is
run as root/root, then it does not have permissions to open the
hostapd socket files. This was discussed in awilliams/wifi-presence#3.
This change allows the process user/group to be specified in
/etc/config/wifi-presence. If no explicit user/group is set, then the
init script will use the owner of the socket files in /var/run/hostapd/
to determine the appropriate process user/group.
[0]: ec6293febc/package/network/services/hostapd/files/wpad.init (L35-L36)
Signed-off-by: Adam Williams <pwnfactory@gmail.com>
softflowd can filter the traffic with an optional bpf program,
specified on the command-line as a BPF expression
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
1. Fixed init script would kill itself when trying to stop a service.
2. Upgrade privoxy release to 3.0.33
3. Set PKG_RELEASE to AUTORELEASE
Signed-off-by: He Xian <hexian000@outlook.com>
at least driver apcsmart-old (maybe more) allow for specifying the
type of cable used. My old UPS does will not function when cable type
is not specified.
This will add support for configuration option 'cable'
Signed-off-by: Rob J. Epping <epping@renf.us>
Now with basic support for the Array Networks SSL VPN protocol.
Also fix the OpenSSL build. OpenConnect requires support for deprecated APIs,
for the time being, so select them if compiling against OpenSSL.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
This adds support for the child SA to be rekeyed through the byte/packet
threshold. The default is blank (which disables the byte/packet thresholds).
Signed-off-by: Joel Low <joel@joelsplace.sg>
Otherwise it will fail as follows:
failed to find a module named mdio-netlink
ERROR: mdio-netlink module not detected, and could not be loaded.
Run-tested on: ramips/mt7621
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
To fix the errors:
Sun Apr 10 14:19:41 2022 daemon.err transmission-daemon[29831]: [2022-04-10 14:19:41.098] watchdir Failed to open directory "/mnt/sda1/openwrt/transmission/watch" (2): No such file or directory (watchdir.c:358)
and
Sun Apr 10 14:20:18 2022 daemon.err transmission-daemon[30175]: [2022-04-10 14:20:18.641] Couldn't create "/mnt/sda1/openwrt/transmission/incomplete": Permission denied (file-posix.c:243)
References:
- https://github.com/openwrt/packages/issues/17674
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
* add new 'hblock' compilation source (XL, see https://hblock.molinero.dev for reference)
* print runtime/date information in ISO-8601 standard format
* minor cleanups
Signed-off-by: Dirk Brenken <dev@brenken.org>
The dependency has a PACKAGE_uacme-ualpn condition so that libev won't
be unnecessarily built if uacme-ualpn is not selected.
Remove PKG_USE_MIPS16:=0, as it is not necessary when not using the
libev that is bundled with uacme.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
