Update commit 3d59ce6f50 ("lighttpd: update to 1.4.48") resulted in
plain auth regression: it simply stopped working with:
(mod_auth.c.525) password doesn't match for (...)
appearing on every authentication try.
This regression was fixed in 1.4.49 release. Backport the fix instead of
updating to the 1.4.49 to avoid risking more/other regressions.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
If an interface is not tracked by mwan3 or enabled and this interface is
setup by netifd, then the connected ipset is not update by mwan3.
To fix this also call connected ipset update code even if the interface
is not tracked or enabled by mwan3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 7ea690ea3c)
Some resource options bundled many Unbound.conf options and
made customizing on top of UCI difficult. Make it easier to
use Unbound built defaults (blank conf sections).
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Only execute an ifup event with the command "mwan3 ifup <iface>" if the
l3_device is found in the ubus "network.interface.<iface>".
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit ab4e62b885)
backend:
* add generic blocklist archive support
* add support for blacklist archive from Toulouse 1 University Capitole
* add support for urlhaus RPZ domains by abuse.ch
* small bugfixes & enhancements
luci:
* archive sub-categories (shalla & ut_capitole) are now configurable
via LuCI CBI template
* small bugfixes & enhancements
Signed-off-by: Dirk Brenken <dev@brenken.org>
- Add valid responses "good|nochg" so that ddns-script could recognize "badauth"
error that comes with http 200 code
- Switch url to https scheme. "now-dns.com" always returns 302 redirect
to https:// for all plain-text http requests. Since working via default
plain-text http is not possible anyway, forcing url to https prevents
curl sending unencrypted plain-text credentials via basic auth
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
The normal situation should be to use ping without quality_check.
If quality_check option is not set in the default option then ping
quality_check is not performed during tracking. This is and should
be the default situation.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
1. Test link quality based on packet loss & latency w.r.t. pre-defined high and low watermark values.
2. Extended ubus support to provide packet loss & latency information per wan per track_ip
Signed-off-by: Nishant Sharma <codemarauder@gmail.com>
Move default leasefile location from /var to /var/run.
Also rename from upnp.leases to miniupnpd.leases
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Building with --gc-sections & -flto drop ipk size from 72600 to 66345
on MIPS
No misbehaviour due to these optimisations observed.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This is a major release.
https://mosquitto.org/blog/2018/05/version-1-5-released/
Performance, configurability, protection from fuzzing and bad data,
customizable SSL contexts, all sorts of goodies.
Signed-off-by: Karl Palsson <karlp@etactica.com>
The new procd config dependency tracking requires the start method to be
called even on boot. So add a state file that is checked by the run script
to condition the special-case boot run instead of the previous independent
call to the run script.
Ref: https://github.com/openwrt/luci/pull/1769
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Fix buildbot breakage by disabling libidn2 that has been recently
added to the packages.
lftp has apparently switched from libidn to libidn2 some time ago,
so the old configure directive was actually wrong, as can be seen
from build log.
> configure: WARNING: unrecognized options: --without-libidn
> ...
> Package lftp is missing dependencies for the following libraries:
> libidn2.so.0
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Import miniupnpd from routing repo and bump to 20180422.
Drop 102-ipv6-ext-port.patch as this looks upstreamed in the pinhole
code to me.
Consolidate all other patches & update with a view to sending upstream.
Add support for runtime IGDv1 mode switch (default to IGDv2)
(not extensively) Tested-on: ar71xx Archer C7 v2 in IGDv1 compatibility
mode. A variety of devices/applications appear to be able to create
mappings.
Have an attempt at resolving https://github.com/openwrt-routing/packages/issues/286
TL;DR miniupnpd rules get processed before fw3 rules and thus can
override existing/intended redirects. Ideally the miniupnpd rules would
be last in the relevant chains, unfortunately fw3 can sometimes use the
last rule as a REJECT. Put miniupnpd rules as penultimate.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Update source IP of the expected RTP connection according to the SOURCE
attribute value if present in the RTSP SETUP REPLY message.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Rewritten Pull for #5885
When ran from the command line, the script prints
error messages like below. They are caused by supplying
empty "$password" and "$URL_PASS" for some log messages
like "130822 : Detect local IP on 'interface'".
The fix is to check if the values are not empty before running
through sed.
/etc/init.d/ddns start
sed: no previous regexp
Reported by Marc Benoit <marcb62185@gmail.com>
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Package configure script decided to use libidn2 already now that it
became available. This triggered a dependency error:
Package libgnurl is missing dependencies for the following libraries:
libidn2.so.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This commit adds a simple procd init script for bcp38 with the sole purpose
to register a configuration change trigger for /etc/config/bcp38.
The change will allow for automatic firewall reloads triggered by invoking
/sbin/reload_config or through ubus config change events emitted by LuCI.
With the init script in place and started, calling
ubus call service event '{"type":"config.change","data":{"package":"bcp38"}}'
or
/sbin/reload_config
will issue an /etc/init.d/firewall reload if /etc/config/bcp38 has been
modified since the last reload_config call.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of passing a wildcard source to the expected RTP data connection;
use the server IP address of the RTSP SETUP packet or the RTP media source
from the SETUP URI contained in the SETUP packet.
This guarantees RTP data is only accepted from the expected source.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
As acme.sh has releases, switch to using those. Update the version accordingly.
Also rearranged some stuff in the hope that uscan will start tracking releases instead of git commits. Makefile is more simple as a result.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Removed libtalloc dependency and adjusted configure args to skip some tests. Those packages were not being built anyway.
Size difference: 14405 vs. 14125 on mvebu. Also 11275 bytes for libtalloc are gone.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
To fix the shell local issue in the ubus mwan3 rpcd shell script, move
the switch case statment into a function.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
dhcrelay has the ability to monitor interfaces for requests
in a single direction only rather than listening to all
interfaces for requests.
Doing this allows one to suppress the duplication of having
the relay forward requests from the same network that the
DHCP server is on.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
In a tool like this one, you really want an option to establish if the service
should start or not by default on boot time, especially when its configuration
file has to be customized by the user.
In the configuration file, the new 'enabled' option is setted to '0' by default
since the configuration provided by default will not be the one finally used.
In the init script, the new 'enabled' option is setted to '1' by default in
order to support the previous configuration file behaviour.
Signed-off-by: Adrià Llaudet <adria.llaudet@gmail.com>
Sometimes it's necessary to set per-host options like:
list dhcp_option 'option:always-broadcast,true'
for hosts that don't understand unicast replies. There might
be other options you might want to set on a per-host basis,
such as extensions-path, dhcp-message-text, etc.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Some /etc/config-destined files are in files/ and suffixed with
.conf while others are in files/etc/config/ which isn't consistent.
Put everything in files/ and call it good.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
It was requested as it can be useful under certain circumstances.
Disabled rpc_whitelist by default. Not only is there a firewall, but it denies access when IP address of the device is changed.
Added group support in UCI. Fixes cases where group does not match the user (nobody:nogroup).
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* union 'automatic' and 'trigger' mode, now much more responsive
if an uplink suddenly disappears
* tidy up (disable) travelmate related uplink connections
if you disable the service
* change default config ('trm_automatic' removal)
* documentation update
* LuCI: remove needless 'automatic' and 'trigger' options
plus small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
Considering that ipv6 NPT/NAT/NETMAP is done manually by user,
mwan3 can balance ipv6 interfaces as it does with ipv4.
Interface wan2 was renamed to wanb as wan2, wan3, ... will eventually
colide with OpenWrt with default wan6 interface when more than 6
interfaces are in use.
New interfaces, members for wan6 and wanb6 where created, both disabled
by default. Policies where adapted as well.
The option "family" is set respectively in each interface. When missing,
mwan3 assumes ipv4, that will fail when interface is IPv6 only.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Add missing globals config section with default values.
Without the correctly named section, mwan3 startup will fail with the error - Warning: mwan3 is global disabled. Usage: /etc/init.d/mwan3 start.
Compile: not required
Run tested: LEDE 17.01.04
Author-name: Rob White
Maintainer: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Rob White <rob@blue-wave.net>
Commit 384c2a8cfd added support for symlinking
net-snmp-config into $(STAGING_DIR)/usr/bin but forgot to install first
$(STAGING_DIR)/usr/bin resulting into a compile issue if
$(STAGING_DIR)/usr/bin is not yet present.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Allow specifying NTP servers, search domains, etc. by the administrator
directly specifying DHCP options (per interface, i.e. per pool).
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Setting a domain now results in 'option domain-name "xyzzy";'
being generated globally.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The IPsec ip route table has the default number 220.
If mwan3 has more then 7 bits set (124 interfaces) then if mwan3 down is
executed the table is also cleared. To solve this set default max 7
bits in the mmx_mask for mwan3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
xinetd.org has been defunct for a long time and it seems the main developer moved everything to GitHub.
Discovered with uscan.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
be35e54 Optimized by use ipset
2dcc126 Optimize kernel module code
08231b4 Remove url param of login api
bf7b435 Support compile kernel module on ubuntu for test
ffca07a Optimize kernel module
b03c757 Optimize code
Signed-off-by: Jianhui Zhao <jianhuizhao329@gmail.com>
Adjust the dependency from ip-full back to ip.
Returning back to "ip" is now possible as busybox does not provide
"ip" any more, making "ip" again reference to ip-tiny or ip-full.
Reference to discussion in #5747
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Bug: If DHCPv4 MAC are used to infer SLAAC and the forth position of
the subnet /64 is 0 (X:X:X:0::/64), then DNS records where malformed.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
- Add domain_forward to permit designated domains to forward instead
of recurse as listed in resolve.conf.auto from DHCP WAN client
- Update rebind_protection and add rebind_interface to protect IP6
GLA locally just like RFC 1918 protection
- Rename trigger to trigger_interface with backwards compatability
- Update odhcpd script for efficiency handling many clients
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
We need always three of the firewall mask value for
* default routing table
* blackhole
* unreachable
the other will be used for the interfaces.
* If we have set the mmx_mask to max 0xFF00 (8 bit set) we could use max 252
interfaces.
* If we have set the mmx_mask to min 0x0E00 (3 bit set) we could use max 4
interfaces.
Only the ones are counting from the firewall mask value.
Minimal three firewall mask bit vaules must be set.
Maximal eight firewall mask bit vaules could be set.
Table overview mmx_mask value bits vs. max interfaces
mmx_mask value bits set 1 -> not usefull
mmx_mask value bits set 2 -> not usefull
mmx_mask value bits set 3 -> 4 Interfaces (mask example 0x0E)
mmx_mask value bits set 4 -> 12 Interfaces
mmx_mask value bits set 5 -> 28 Interfaces
mmx_mask value bits set 6 -> 60 Interfaces
mmx_mask value bits set 7 -> 124 Interfaces
mmx_mask value bits set 8 -> 252 Interfaces (mask example 0xFF)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Add a new ACTIONs:
* connected ACTION is called once if mwan3track reach all configured track_ips
* disconnected ACTION is called once if mwan3track is unable to reach the track_ips
The connected/disconnected will called only by mwan3track in opposite
the ACTIONs ifup/ifdown will also be called by netifd.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
As it currently stands, the version of coova-chilli the packages feed
will not compile against 4fd87220567f1ae3ad209da1f602dc81c6b4d6b1
I've quasi-backported (could not find a single commit which fixes these
particular issues) https://github.com/coova/coova-chilli 's formatting
on the impacted sections, and it compiles.
Once a new version is added to the feed this patch can likely be
dropped.
Signed-off-by: Marty E. Plummer <hanetzer@startmail.com>
The code assumes pre-C99 inlining. This causes issues with GCC7 which assumes C11. Add std=gnu89 to restore proper behavior.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
