Added a patch to remove BUILDCXXFLAGS. For some reason, TARGET_CXXFLAGS
are leaking.
Removed custom Build/Compile section. There's already PKG_INSTALL.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Updating the system image or the package should not obliterate
the downloaded/unpacked geolocation database. If you use xt_geoip
in /etc/firewall.user you don't want the database disappearing
when sysupgrade runs and then reboots your system as you'll be
left exposed.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
specified for montioring
eg allows ipv4 and ipv6 forwarded traffic to be monitored from
both main network and dmz in single graph
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved
Signed-off-by: Simon Day <email@simonday.info>
specified for montioring
eg allows ipv4 and ipv6 forwarded traffic to be monitored from
both main network and dmz in single graph
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved
Signed-off-by: Simon Day <email@simonday.info>
Major change for version 3.3.1 are:
* Fix a segfault issue in ksmbd.mountd.
* Reorganize ndr write functions.
Major changes for version 3.3.0 are:
* Add samr and lsarpc RPC support.
* Generate subauth values for domain.
* Add Kerberos support.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Unlike ipv4, this option is supposed to be an IP address, otherwise, an
error occurs on startup:
can't parse "br-lan" as valid IPv6 listening address
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
OpenVPN recommends disabling compression, as it may weaken the security
of the connection. For users who need compression, we build with LZ4
support by default. LZO in OpenVPN pulls in liblzo at approx. 32 kB.
OpenWrt users will no longer be able to connect to OpenVPN peers that
require LZO compression, unless they build the OpenVPN package themselves.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
New features:
* Per client tls-crypt keys
* ChaCha20-Poly1305 can be used to encrypt the data channel
* Routes are added/removed via Netlink instead of ifconfig/route
(unless iproute2 support is enabled).
* VLAN support when using a TAP device
Significant changes:
* Server support can no longer be disabled.
* Crypto support can no longer be disabled, remove nossl variant.
* Blowfish (BF-CBC) is no longer implicitly the default cipher.
OpenVPN peers prior to 2.4, or peers with data cipher negotiation
disabled, will not be able to connect to a 2.5 peer unless
option data_fallback_ciphers is set on the 2.5 peer and it contains a
cipher supported by the client.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
reload_server() gracefully with SIGUSR1 to lighttpd
relog() to reopen log files with SIGHUP to lighttpd
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
* update upstream version to lighttpd-1.4.56
* depend on Nettle for MD5, SHA1, SHA256
* multiple TLS options: gnutls, mbedtls, nss, openssl, wolfssl
* new module mod_authn_dbi
* mod_authn_* depend on mod_auth
* mod_authn_file is included if mod_auth is selected in build
* mod_vhostdb_* depend on mod_vhostdb
* mod_deflate subsumes mod_compress
* remove from Makefile the include of nls.mk (no longer needed)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
It's useful to be able to dump sections of the database by country
for scripting or just plain sanity checking.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Snort 3.0.3-1 requires libdaq 3.0.0-beta1, but this version is no longer
compatible with Snort 2. Thus OpenWrt now provides both a libdaq and
libdaq3 package. This modifies the snort3 package to require the latter.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
procd-seccomp switched to OCI-compliant seccomp parser instead of our
(legacy, OpenWrt-specific) format. Convert ruleset to new format.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
iputils upstream changed build params with version s20200821
Latest OpenWRT iputils ping now appears to report the openwrt
version tag, rather than iputils date tag
This commit sends a test ping to localhost to evaluate the
capabilities of iputils ping.
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Allow `mwan3 interfaces` to get uptime via an internal function and
thus remove the dependency on rpcd for `mwan3 interface` calls.
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Upstream commit 90884c62 ("xl2tpd-control refactoring") introduced in
1.3.16 changed command names
The l2tp protocol handler part was from @danvd in pull request
openwrt/packages#13866
Fixes f07319d6 ("xl2tpd: bump to version 1.3.16")
Ref: https://github.com/openwrt/packages/pull/13866
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Maintainer: @codemarauder
Compile tested: Yes
Run tested: x86_64 PCEngines APU
Description:
A Tunnel which Improves your Network Quality on a High-latency Lossy Link by using Forward Error Correction,for All Traffics(TCP/UDP/ICMP)
It does it by sending redundant packets and re-arranging them to account for packet loss over the link. It uses Reed–Solomon code.
Signed-off-by: Nishant Sharma <codemarauder@gmail.com>
Signed-off-by: Andrew Mackintosh <amackint@waikato.ac.nz>
Maintainer: me / @null-cipher
Compile tested: Raspberry Pi 3 / brcm2708-bcm2710, OpenWrt 19.07.4
Hyper-V VM / x86_64, OpenWrt 19.07.4
Run tested: Raspberry Pi 3 / brcm2708-bcm2710, OpenWrt 19.07.4
Hyper-V VM / x86_64, OpenWrt 19.07.4
Description:
The NetStinky IDS is a component of the NetStinky suite of tools. It
monitors the traffic on the LAN interfaces of your router for
Indications of Compromise (IoCs), drawn from an auto-updating list of
definitions. IoCs are subsequently reported to the NetStinky smartphone
applications.
In recent commits, there were removed Transmission SSL variants and
there is just used one variant of transmission-daemon. Let's adjust it here as well.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
It was somewhat opaque how the variable a is questioned. To show this
better the variable is now a string and not a boolean. So you can see
directly what should happen. With a boolean you always have to think
about what it means when 0 or 1 is used.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Replace locks on /var/run/mwan3.lock with locks via procd.
This fixes a deadlock issue where mwan3 stop would have a procd
lock, but a hotplug script would have the /var/run/mwan3.lock
Locking can be removed from mwan3rtmon since:
1) procd will have sent the KILL signal to the process during
shutdown, so it will not add routes to already removed interfaces on
mwan3 shutdown and
2) mwan3rtmon checks if an interface is active based on the
mwan3_iface_in_<IFACE> entry in iptables, and the hotplug script
always adds this before creating the route table and removes it
before deleting the route table
Fixes github issue #13704
(https://github.com/openwrt/packages/issues/13704)
when the network procd service restarts, it flushes the ip rules. We
need to add these rules back. Since hotplug events are triggered when
the networks come back online, adding this call to the hotplug script
is the most convenient place to refresh the rules.
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
he line is too long. For the future it is better to split it into
several lines and make it more clearly arranged. In case of a future
change, not the whole line will be marked as a change.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
