* no longer misuse ubus/procd service object for travelmate runtime
information, now save all required information directly
in a JSON file/format
* new 'status' init command to print runtime information
* add a configurable interface trigger timeout for
nested & slow modem/router setups, set 'trm_triggerdelay' accordingly
* change start priority & refine reload timings
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* change start priority to get all interface trigger events, even on
fast hardware
* made default trigger delay more conservative to fix possible start up
issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
As reported by @thornley-touchstar, there are some issues in the
showshortport and showport commands on the monitoring channel.
After short dicussion with upstream, the following patches were merged
upstream to fix the issue(s).
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
darkstat's configure script searches for libbsd for different routines,
so if it manages to pick it up, make sure the dependency is reflected.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Use newest acme.sh release (2.6.8).
Remove dependency on ca-certificates and add dependency on ca-bundle.
Update environment variable.
Signed-off-by: Daniel Halmschlager <da@halms.at>
* no longer misuse ubus/procd service object for adblock runtime
information, now save all required information directly
in a JSON file/format (/tmp/adb_runtime.json)
* new 'status' init command to print runtime information
* add a configurable interface trigger timeout for
nested or slow modem/router setups,
set 'adb_triggerdelay' accordingly (default 1 second)
* add support for pure http download utilities like wget-nossl
or uclient-fetch without libustream-ssl (http donwloads only!)
* fix stop action
* fix enabled/disabled action
* fix country code in regional list for china
* LuCI update to reflect all changes
Signed-off-by: Dirk Brenken <dev@brenken.org>
If interface is getting down by netifd (unplug ethernet cable)
mwan3track will not recognize this change. It will also generate an
additional down event when he notice does his tracking interface is offline.
Mwan3track will now be informed by a signal (trap) USR1 during down event
that the interface is already down. An additional down event will not be
generated.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Changelog:
* Fixed a regression of 1.6.4 which caused a crash in modperl/modpython
(not packaged)
* Fixed the behavior of verbose command in the sasl module.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This commit fixes bugs, cleans and enhances init.d script:
1. The first disk and interface was passed to mini_snmpd with extra
leading space.
This bug caused the first monitored disk and interface to be
inaccessible by SNMP daemon.
2. Automatically reload deamon if one of monitored interfaces goes
up/down.
Since mini_snmpd reads interface list only at startup, it won't
detect any interface which appeared after the daemon was started.
Fortunately we can use procd interface triggers to automatically
restart the daemon.
3. Replace hand-written direct ubus calls and json data filtering with
standard network functions.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* re-order all regional lists in adblocklist/easylist format
* add polish blocklist
* add chinese blocklist
* lists called now 'reg_<ch|pl|ro|ru>'
* changed interface trigger default in config to 'wan' only
* update / sync LuCI frontend (see luci repo for details)
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
[RELEASE] Released version 1.7.5 due to bug in compression
Released version 1.7.5 with the following main changes :
- BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
- BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
- BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
- BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
- DOC: fix parenthesis and add missing "Example" tags
- DOC: update the contributing file
- DOC: log-format/tcplog/httplog update
- MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
haproxy's Makefile already happens include/ after specifying PCRE_DIR
which would result in the following build errors on an external
toolchain that does not automatically search for headers in
$(STAGING_DIR):
mipsel-linux-gnu-gcc -Iinclude -Iebtree -Wall -O2 -g
-fno-strict-aliasing -Wdeclaration-after-statement -DBUFSIZE=16384
-DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530 -DCONFIG_HAP_LINUX_SPLICE
-DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB
-DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS
-DUSE_ACCEPT4 -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_REGPARM=3
-DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_LUA
-I/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/lua-5.3.3/include
-DUSE_PCRE
-I/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/include/include
-DUSE_PCRE_JIT -DCONFIG_HAPROXY_VERSION=\"1.7.4-patch02\"
-DCONFIG_HAPROXY_DATE=\"2017/04/01\" \
-DBUILD_TARGET='"linux2628"' \
-DBUILD_ARCH='""' \
-DBUILD_CPU='"generic"' \
-DBUILD_CC='"mipsel-linux-gnu-gcc"' \
-DBUILD_CFLAGS='"-O2 -g -fno-strict-aliasing
-Wdeclaration-after-statement -DBUFSIZE=16384 -DMAXREWRITE=1030
-DSYSTEM_MAXCONN=165530"' \
-DBUILD_OPTIONS='"USE_LINUX_SPLICE=1 USE_LINUX_TPROXY=1
USE_ZLIB=yes USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
USE_PCRE_JIT=1"' \
-c -o src/haproxy.o src/haproxy.c
In file included from include/types/proxy.h:33:0,
from include/proto/log.h:32,
from include/common/cfgparse.h:29,
from src/haproxy.c:65:
include/common/regex.h:31:18: fatal error: pcre.h: No such file or
directory
#include <pcre.h>
Fix this by stripping the additional include/ being added.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Some external toolchaind don't automatically search for headers in
$(STAGING_DIR), make sure we do pass TARGET_CPPFLAGS as appropriate.
This fixes build errors such as:
mipsel-linux-gnu-gcc -O2 -Wall -Wextra -DLUA_COMPAT_5_2 -DLUA_USE_LINUX
-c -o lua.o lua.c
lua.c:80:31: fatal error: readline/readline.h: No such file or directory
#include <readline/readline.h>
^
compilation terminated.
<builtin>: recipe for target 'lua.o' failed
make[6]: *** [lua.o] Error 1
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Fixes build errors with toolchains that don't automatically search for
headers in STAGING_DIR (such as external toolchains) resulting in the
following build failures:
mipsel-linux-gnu-gcc -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc
-fno-caller-saves -Wno-unused-result -D_FORTIFY_SOURCE=1 -Wl,-z,now
-Wl,-z,relro -DUSE_SSL_CRYPTO -c options.c
In file included from options.c:62:0:
auth_algo.h:53:26: fatal error: openssl/hmac.h: No such file or
directory
#include <openssl/hmac.h>
^
compilation terminated.
Makefile:95: recipe for target 'options.o' failed
make[4]: *** [options.o] Error 1
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* rework automatic mode (active scan/re-connection handling):
* much more procd & resource friendly
* now enabled by default
* save runtime information in ubus service (data section)
* final backend preparation for new LuCI-GUI (still WIP!)
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
Use CFLAGS_DEBUG which is already used for TARGET_CFLAGS to also pass
TARGET_CPPFLAGS.
This fixes build issues with toolchains that don't automatically search
for header files (e.g: sys/capability.h), such as stbgcc-4.8-1.5
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This allows users to use an external config file if required (for
example matching packets based on SNI hostname or REGEX patterns).
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
Signed-off-by: Mircea Horea IONICĂ <mionica@gmail.com>
[RELEASE] Released version 1.7.4
Released version 1.7.4 with the following main changes :
- MINOR: config: warn when some HTTP rules are used in a TCP proxy
- BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
- BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
- BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
- BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
- BUG/MINOR: Fix "get map <map> <value>" CLI command
- BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
- BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
- BUG/MINOR: checks: attempt clean shutw for SSL check
- CONTRIB: tcploop: add limits.h to fix build issue with some compilers
- CONTRIB: tcploop: make it build on FreeBSD
- CONTRIB: tcploop: fix time format to silence build warnings
- CONTRIB: tcploop: report action 'K' (kill) in usage message
- CONTRIB: tcploop: fix connect's address length
- CONTRIB: tcploop: use the trash instead of NULL for recv()
- BUG/MEDIUM: listener: do not try to rebind another process' socket
- BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
- BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
- BUG/MEDIUM: connection: ensure to always report the end of handshakes
- BUG: payload: fix payload not retrieving arbitrary lengths
- BUG/MAJOR: http: fix typo in http_apply_redirect_rule
- MINOR: doc: 2.4. Examples should be 2.5. Examples
- BUG/MEDIUM: stream: fix client-fin/server-fin handling
- MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
- BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
- DOC/MINOR: Fix typos in proxy protocol doc
- DOC: Protocol doc: add checksum, TLV type ranges
- DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
- DOC: Protocol doc: add noop TLV
- MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
- BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
- MINOR: server: irrelevant error message with 'default-server' config file keyword.
- MINOR: doc: fix use-server example (imap vs mail)
- BUG/MEDIUM: tcp: don't require privileges to bind to device
- BUILD: make the release script use shortlog for the final changelog
- BUILD: scripts: fix typo in announce-release error message
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
Update vnStat to 1.17 which fixes database issue.
Remove unecessary patch
Based on:
commit 79b6e9dc61 by
Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
If mwan3track detects a failure the interval check will change to
"failure_interval" value until this interface is declared "offline".
After interface gets "offline" normal "interval" value is used again.
If interface ping is successful again "recovery_interval" value is used until
interface is declared "online" again.
Using the different intervals will accelerate the wan line detections on
failure and recovery.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
procd interface triggers may be busy. Unbound hard restarts will
flush the cache. This might happen frequently depending on how
interface triggers occur.
Change the procd trigger to reduce occurences. Load this trigger
prior to netifd (START=20), but only truly start Unbound from
the trigger rather than immediately in init. Clean up log entries
in scripts after Unbound, NTP, and DNSSEC are established.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
* revamp LuCI GUI (see luci repo for details)
* integrated runtime statistics in normal adblock ubus service instance
(see readme)
* simplified boot/init
* no longer use raw interface trigger
* use only network interface trigger, pre-configured for
'wan/wwan/lan' interfaces (see readme)
* fixed a reload issue
* removed switch to disable tld compression (seems to be pretty stable)
* muted awk parser if source list contains incorrect records
* raise dns backend timeout to 20 seconds
* documentation update
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
The init script already supports four plugins: dns cache, dns/ip blocking,
ipv6 blocking and dns logging. If enabled this option installs these four
plugins and also adds libldns as a dependency. If enabled the total size
increase is around 125 kB.
Signed-off-by: Terry Stockert <stockert@inkblotadmirer.me>
On interfaces with interface proto "qmi|ncm" and option dhcp
enabled the interface will be changed to $iface_4 | $iface_6. The
interface mapping in mwan3 will not recognize this interface. To fix
this issue an ubus call will check if an upper interface exists.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
User scripts conversion from luci-app-wan3 will be simplified if the variables
are passed by env instead of arguments.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This commit modifies the dnscrypt-proxy plugin's `dnscrypt-proxy.init`
script to allow specifying a custom dnscrypt resolver. Prior to this
commit users of the dnscrypt-proxy plugin are only able to choose from
a dnscrypt resolver that is present in the packaged `ResolversList` CSV
file.
To specify a custom resolver three new configuration parameters are
required[0]: `ProviderName`, `ProviderKey` and `ResolverAddress`.
The `dnscrypt-proxy.init` script now maps `providername`, `providerkey`,
and `resolveraddress` values (if present) from a `dnscrypt-proxy.config`
file into the generated DNSCrypt configuration file.
`PKG_RELEASE` is increased from 1 to 2 to reflect the new functionality.
[0]: 9eee474770/dnscrypt-proxy.conf (L28):L32
Signed-off-by: Daniel McCarney <daniel@binaryparadox.net>
Unbound is configured to restart on hotplug/iface but this can result
in numerous restarts at boot. Unbound also has a restart for NTP.
This was observed to generate trouble and even with procd robustness
too many crashes might occur (rare). Unbound would not be running.
Give more care to /var/lib/unbound/root.key during restarts. Use procd
for iface restarts. Check pidof() to wait one more second for Unbound.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
The checks in the incdefs.sh script do not fully work when cross
compiling. It probably checks the hosts libc. Just provide the settings
manually, as our musl at least supports all these features.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
On dynamic interface proto (dhcp/pppoe) the hotplug will not execude (exit 9)
because the gateway is already released. The check will now only be made
on a ifup ACTION event.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Fortified headers don't seem to like _GNU_SOURCE in this case,
but we can remove that define since it's not needed. Add a patch
for LEDE until a new horst version is released.
Signed-off-by: Bruno Randolf <br1@einfach.org>
simple-adblock: version 1.5 introduces background processing of downloaded list while the next list is being downloaded
Signed-off-by: Stan Grishin <stangri@melmac.net>
remove answer checking for dnsexit as their API allows for too many return codes to handle them all.
Signed-off-by: Xavier Douville <zorxd@users.noreply.github.com>
options 'add_local_fqdn' and 'add_wan_fqdn' can be affected
by race conditions when they are at level 4. Interface name
may not be returned by network tools. The conf file has bad
record formats and Unbound just will not load. Detect this
and fall back to only the host FQDN (level 3).
squash: improve documentation wording and format codes.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Read UNBOUND_TXT_DOMAIN from main unbound configuration.
This prevents records to be added into Unbound in the default 'lan' zone.
Signed-off-by: Audric Schiltknecht <storm+github@chemicalstorm.org>
For consistency, use full name instead of $(PKG_NAME) in define and eval
lines for all packages.
I've seen reviews that asked to do this before, and I am asking the same
during reviews now. To avoid this in the future, fix this treewide so
when people use existing packages as example, we will not have to
request this change anymore.
This makes all packages consistent with both LEDE and OpenWrt base
repositories.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* optimized connection handling -
removed needless timeouts & wireless commits
* set the pre-configured reload timeout to
a more conservative/realistic value of 30 seconds
* further logging tweaks
Signed-off-by: Dirk Brenken <dev@brenken.org>
includes switch to new CADET implementation.
rps hasn't been ported yet, hence marked as @BROKEN for now.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
vpnbypass: No longer depends on hardcoded WAN interface name).
vpnbypass: Table ID, IPSET name and FW_MARK as well as FW_MASK can be defined in config file.
vpnbypass: Uses iptables, not ip rules for handling local IPs/ranges.
vpnbypass: More reliable creation/destruction of VPNBYPASS iptables chain.
vpnbypass: Updated Web UI enables/start and stops/disables service.
vpnbypass: Beautified output.
Signed-off-by: Stan Grishin <stangri@melmac.net>
* add an "active mode", where travelmate will be restarted
every n seconds (default 60) and checks existing uplink connection
regardless of ifdown event trigger (disabled by default)
* enhance multiple radio support
* fix the ap detection
* respect different radios during scanning & connection handling
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
The lack of LDAP support was one of the things which prevented users
from migrating from freeradius2 to freeradius3.
Enable LDAP in freeradius3 so we can finally burry freeradius2.
Reported-by: Martin Mueller <mm@sig21.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Unbound UCI tries to protect embedded flash from excess
use. Unbound RFC5011 KSK tracking can rewrite root.key
every few minutes to an hour. It also writes and destroys
files in the same directory during the process.
Recommended UCI delays for copying busy work in /var/
back to /etc/ may be too conservative. These are all
changed from 28 to 9 days.
The RFC5011 KSK results were also destroyed by an
init.d restart, even if /var/ is mounted on persistent
storage like USB drive. /var/lib/unbound/root.key is
now preserved during this process, unless a newer key
is installed in /etc/ manually or package update.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
* add tld compression,
this new "top level domain compression" removes up to 40 thousand
needless host entries from the block lists and
lowers the memory footprint for the dns backends by 8-10 MByte
* optimize restart behavior in case of an error
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Adds support for the fwmark option.
FwMark is a 32-bit fwmark for outgoing packets.
If set to 0 or "off", this option is disabled.
Signed-off-by: Dan Luedtke <mail@danrl.com>
Unbound 1.6.1 has a few bug fixes for resource leaks,
configuration robustness, compile environment interaction,
and maintaining the trust anchor. The 2017 trust anchor
(DS) is built into unbound and unbound-anchor.
File /etc/unbound/root.key holds 2010/2017 DS record until 2018
https://www.icann.org/resources/pages/ksk-rolloverhttps://www.iana.org/domains/root
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
To have service working nicely with procd it should be running in the
foreground. Otherwise it's not possible to e.g. stop it with the init.d
script. Luckily for us pptpd has a simple switch that allows it.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Fixes: 15e7f611af ("pptpd: convert init script to procd")
This fixes upstream regression introduced in 1.4.40. It was reported &
debugged in https://redmine.lighttpd.net/issues/2793
This fix is queued for 1.4.46 in the personal/gstrauss/master upstream
branch.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* optimize memory consumption &
enable overall sort only on devices with > 64MB RAM,
this prevents sort related kernel dumps
Signed-off-by: Dirk Brenken <dev@brenken.org>
Update to 1.4.42 introduced a problem with starting lighttpd as
OpenWrt/LEDE service. It was stopping whole init process at sth like:
783 root 1124 S {S50lighttpd} /bin/sh /etc/rc.common /etc/rc.d/S50lighttpd boot
799 root 1164 S /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
It was hanging until getting random pool:
[ 176.340007] random: nonblocking pool is initialized
and then immediately the rest of init process followed:
[ 176.423475] jffs2_scan_eraseblock(): End of filesystem marker found at 0x0
[ 176.430754] jffs2_build_filesystem(): unlocking the mtd device... done.
[ 176.437615] jffs2_build_filesystem(): erasing all blocks after the end marker... done.
This was fixed in 1.4.44, but bump directly to 1.4.45 while at it.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* add 'enabled' check in init script
* support multiple radios (see online doc)
* fix race condition in ap check
Signed-off-by: Dirk Brenken <dev@brenken.org>
* various optimizations & corner case fixes
* removed no longer needed debug information
* polished up for forthcoming LEDE release ;-)
Signed-off-by: Dirk Brenken <dev@brenken.org>
This is a long-needed clean-up.
These applications are not gone! They live in the
luci repo now, where all their friends already are.
Signed-off-by: Dan Luedtke <mail@danrl.com>
Makefile had sed commands in "prepare" step that modified the
source files directly. That lead to feed update failure at the
buildbot.
Remove those commands as the first aid.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
According to the snmpd.conf man page, the engineID of an snmp agent
should be consistent through time. However, it seems that the engineID
changes every reboot. Add options to configure how the engineID is
generated. The default setting generates it based on the MAC address of
the eth0 interface.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
When for example 'package/net/adblock' and DNSSEC vs NTP robustness
is enabled, significant restart thrashing can occur at boot up. DHCP
lease triggers may be occuring at the same time. Unbounds DNS-DHCP
may be incomplete until new DHCP solicit events. Solve this by
leaving a passive but complete host conf file during lease trigger.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
This reverts commit 79b6e9dc61.
Undo the recent vnstat update due to upstream bugs preventing database
restoration.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Bug fix dhcp4_slaac6 option was adding to all IP6 routes.
Filtering was added to this process to only include addresses
served from "this dhcp interface."
adblock 2.3.0 file output is now detected and automatically
integrated into Unbound local-zones. adblock deposites its
block site zone-files into /var/lib/unbound. If this is not
desired, then disable adblock or reconfigure to avoid Unbound.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
* automatically selects dnsmasq or unbound as dns backend
* add the new 'adguard' source, a combined/quite effective block list
* remove needless dns backend restarts
* optimize adblock restart behavior
* optimize block list processing on inotify enabled filesystems
* better return code checking on block list download
* fix boot function/startup on Chaos Calmer
* fix a bug in blocklist removal function
* add more (optional) debug output
* move backup options to global config
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
fixed: stop function used to kill the hotplug file
fixed: despite ubus wait_for network.interface.wan and WAN-IF hotplug, sometimes we'd get no WAN ip on start
Signed-off-by: Stan Grishin <stangri@melmac.net>
Update nginx to version 1.10.3.
Add new configuration options to enable the following optional
modules (disabled by default):
- http_auth_request_module
- http_v2_module
- http_realip_module
- http_secure_link_module
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
The needed shaper modules are now in kmod-sched-core, so we don't need
to depend on the full kmod-sched anymore.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
samba.org has apparently started to enforce https-only downloads,
so update the download links for rsync and cifs-utils.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: fixed renamed option in stop_service
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: fixed typo in makefile, switch FW_MARK to 0x010000 to play nice with SQM/mwan (thanks Hannu)
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: proper masking in setting mark
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: separating luci-app-vpnbypass into different tree
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: fixed incorrect use of procd_add_reload_interface_trigger according to http://wiki.prplfoundation.org/wiki/Procd_reference
Signed-off-by: Stan Grishin <stangri@melmac.net>
Unbound+DHCP (server of your choice) should be able to replicate
a lot of what dnsmasq provides. With this change set Unbound
still works with dnsmasq, but also it can work with a plain
DHCP server. Features have been added within the UCI itself
to act like dnsmasq.
- alone: name each interface relative to router hostname
- alone: prevent upstream leakage of your domain and '.local'
- dnsmasq: use dnsmasq UCI to configure forwarding clauses
- dhcp: work with odhcpd as example of companion DHCP-DNS
- dhcp: convert DHCPv4 leases into EUI64 SLAAC for DNS records
- all: enable encrypted remote unbound-control using splice conf
- all: allow user spliced conf-files for hybrid UCI and manual conf
-- 'unbound_srv.conf' will be spliced into the 'server:' clause
-- 'unbound_ext.conf' will add clauses to the end, example 'forward:'
README HOW TO for dnsmasq-in-serial, dnsmasq-in-parallel, and
unbound-with-odhcpd have better/added UCI starters. HOW TO for
including unbound_srv.conf and unbound_ext.conf are added.
Document new UCI: add_local_fqdn, add_wan_fqdn, dhcp4_slaac6,
dhcp_link, domain, and domain_type
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
This is bare minimum change in 'unbound.sh' and
'dnsmasq.sh' to migrate the UCI option set for
more flexibility. The boolean(s) to link to
dnsmasq are being changed to a state to include
odhcpd. It is executable but a small step for
clear change management.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
The UCI for Unbound already links to dnsmasq, but what
if with Unbound, we want to configure a plain dhcp server.
Most servers can call a script for lease events. That
script can then formulate DNS records and load them
with unbound-control (dependency).
The files added here work with OpenWRT/LEDE odhcpd, such
that it can be run alone. They can be used as examples
for any dhcp server. 'odhcpd.sh' is to be called by
odhcpd when a lease event occurs. 'odhcpd.awk' is called
internal to the shell script. The awk script handles
any tricky reformating that may be required.
/etc/config/dhcp
config odhcpd 'odhcpd'
option leasetrigger '/usr/lib/unbound/odhcpd.sh'
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
If Unbound was disabled and at later time enabled, then it
would operate in DNSSEC less-secure mode. When NTP hotplug
was called, the timestamp file was not updated. This was
found testing Unbound vs other tools (bind, dnsmasq).
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
The virtual package declared by PROVIDES must not have the same name as the
variant declaring it, otherwise buildroot will fail with errors like:
cp: '.../pkginfo/mosquitto.provides' and '.../pkginfo/mosquitto.provides' are the same file
In order to fix the above error, rename the existing "mosquitto" and
"libmosquitto" packages into "mosquitto-ssl" and "libmosquitto-ssl"
respectively.
Also substitute use of $(PKG_NAME) with literal "mosquitto" in
Package/* defines to improve readability of the Makefile.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Compile tested: LEDE HEAD
If unixodbc package is present in the environment, subversion
fails to compile due to missing dependencies.
Fixes the dependency on unixodbc if unixodbc package is selected.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
Update the pen package to upstream release v0.34.0 in order to fix the
following build error reported by the buildbot:
ssl.o: In function `ssl_create_context':
ssl.c:(.text+0x9c): undefined reference to `SSLv3_method'
collect2: error: ld returned 1 exit status
Also switch from PKG_MD5SUM to PKG_HASH with SHA256 while we're at it.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The buildbots fail to build socat due to the following error:
nestlex.c:14:7: error: unknown type name 'ptrdiff_t'
It appears that certain source files do not include all required headers,
depending on the configure options passed to socat.
Work around the error by passing `-include stddef.h` via `TARGET_CFLAGS` to
forcibly inject this header file into all compilation units.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Adding PROVIDES to both the daemon and library and -nossl variants allow
downstream packages to simply declare a single dependency.
mosquitto-client however, still needs to explicitly depend on the ssl or
nossl variant however.
Signed-off-by: Karl Palsson <karlp@etactica.com>
use ntpq to check the status of the ntp server as all other status scripts included in the ntp tarball are
based on perl which would dramatically increase the footprint of ntpd
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Wondershaper has been superseded by both qos-scripts and sqm-scripts, it's time to retire it for good.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Mark the directories containing the keys for hidden services as
conffiles to preserve them over sysupgrade.
Fixes: #2247
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In addition update some configure options and use EXTRA_CFLAGS.
Setting RunAsDaemon to 1 will be overwritten by the init script option
"--runasdaemon 0" anyway and we want it in foreground for procd.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Adds configuration option for NFQ capture, moves often written
configuration files to /var/etc.
Signed-off-by: Jonathan Bennett <JBennett@incomsystems.biz>
Released version 1.7.2 with the following main changes :
- BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2)
- SCRIPTS: git-show-backports: fix a harmless typo
- SCRIPTS: git-show-backports: add -H to use the hash of the commit message
- BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW
- DOC: lua: documentation about time parser functions
- DOC: lua: section declared twice
- BUG/MINOR: lua/cli: bad error message
- DOC: fix small typo in fe_id (backend instead of frontend)
- BUG/MINOR: Fix the sending function in Lua's cosocket
- BUG/MINOR: lua: memory leak executing tasks
- BUG/MINOR: lua: bad return code
- BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake
- BUG/MEDIUM: ssl: avoid double free when releasing bind_confs
- BUG/MINOR: stats: fix be/sessions/current out in typed stats
- BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled
- BUG/MEDIUM: ssl: for a handshake when server-side SNI changes
- BUG/MINOR: systemd: potential zombie processes
- DOC: Add timings events schemas
- BUILD: lua: build failed on FreeBSD.
- BUG/MINOR: option prefer-last-server must be ignored in some case
- MINOR: stats: Support "select all" for backend actions
- BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0
- BUG/MAJOR: channel: Fix the definition order of channel analyzers
- BUG/MINOR: http: report real parser state in error captures
- BUILD: scripts: automatically update the branch in version.h when releasing
- BUG/MAJOR: http: fix risk of getting invalid reports of bad requests
- MINOR: http: custom status reason.
- MINOR: connection: add sample fetch "fc_rcvd_proxy"
- BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options
- BUG/MINOR: tools: fix off-by-one in port size check
- BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family
- MEDIUM: server: split the address and the port into two different fields
- MINOR: tools: make str2sa_range() return the port in a separate argument
- MINOR: server: take the destination port from the port field, not the addr
- MEDIUM: server: disable protocol validations when the server doesn't resolve
- BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0
- BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage
- MINOR: proto_http.c 502 error txt typo.
- DOC: add deprecation notice to "block"
- BUG/MINOR: Reset errno variable before calling strtol(3)
Signed-off-by: heil <heil@terminal-consulting.de>
We believe snmpd-static isn't useful, but download stats show it's still
being downloaded. Instead of dropping it, make it a dummy package that
depends on snmpd.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
This fixes a bug when mosquitto is crosscompiled in LEDE on OS X.
UNAME is explicitly executed on the host, when we want it to be treated
as a regular linux build.
This patch passes the proper UNAME=Linux variable to the mosquitto
make file in order to respect linux as cross-compiler.
Signed-off-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de>
Reviewed-by: Karl Palsson <karlp@tweak.net.au>
This change fixes multiple denial-of-service vulnerabilities:
* CVE-2016-9131: A malformed response to an ANY query can cause an
assertion failure during recursion
* CVE-2016-9147: An error handling a query response containing
inconsistent DNSSEC information could cause an assertion failure
* CVE-2016-9444: An unusually-formed DS record response could cause
an assertion failure
* CVE-2016-9778: An error handling certain queries using the
nxdomain-redirect feature could cause a REQUIRE assertion failure
in db.c
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Per user request ship the sample upsset.conf file so that
upsset functionality can be used with nut-cgi
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
Current maintainer (Martin Rowe) offered to hand over
maintership because I'm interested in doing more with
the package than he requires for his own use, so he
felt it made sense for me to maintain the package.
I accepted, hence this commit.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
Use /var/run/nut as statepath and set appropriate owner
and permissions on /var/run/nut in order to avoid pidfile
for nut being world-readable.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
It looks like serial support was accidentally dropped due to missing
pieces on Config.in and Makefile. Add back serial support by fixing
that.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
With a LuCI app (of which I have one written) ucification makes
sense (and is in fact needed), so ucify the initscripts.
Also, rather than making selection of things to include an image
a matter of selecting compile-time config options, make optional
things into seperate packages that are built in default builds,
and leave selection of what to include or not up to the user
(e.g. using ImageBuilder, or adding packages via opkg).
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
- fix ip extraction if knot host is used together with glue records
- fix ip extraction from nslookup if reverse dns record has ip with dot reported at http://forum.lede-project.org/t/ddns-scripts-error/909
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Add a few mirrors in-front of main site for offloading
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Peter Wagner <tripolar@gmx.at>
As both LEDE and OpenWrt have STAGING_DIR_HOSTPKG now, we can start to rely
on it. See 73b7f55424 for more information on
STAGING_DIR_HOSTPKG.
STAGING_DIR_HOSTPKG won't actually be changed before the first LEDE release
(it is equivalent to $(STAGING_DIR)/host), so this simple search/replace
cleanup is safe to apply. Doing this cleanup now will be useful for the
Gluon project (an OpenWrt/LEDE based firmware framework) for experimenting
with modifying STAGING_DIR_HOSTPKG before doing this in the LEDE upstream.
Also fixes a typo in the dbus Makefile ("STAGIND_DIR").
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Before this change logging was always activated and then IoTivity wrote
a lot of debug messages. Make it now configurable.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Install the header files needed to build something against IoTivity.
This will have it easier to build an application using IoTivity library.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These patches are making it possible to provide the compiler settings
from the environment so LEDE can change them. This replaces the old
patches with the versions send for upstream inclusion.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This does the following changes:
* update to version 1.2.1
* add iotivity-resource-directory-lib, this is needed by most
applications now
* do not activate security support by default, this caused some
problems and needs some more settings to setup.
* use sqlite version from normal package feed instead of using an own
version
* build against LEDE version of mbedtls
* update example security configuration
* remove some patches that went upstream
* add some new patches fixing problems observed in my environment, most
of them are on their way upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
- cloudflare v1 change syntax of option domain to "host.sub@example.com" like already cloudflare v4 and godaddy to prepare logterm remove of public_suffix_list.dat from package
- change Makefile to be backportable to CC15.05 and working on DD
- change ddns.defaults to prepare future releases of ddns-scripts
- minor fixes
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Talked it over with Ben (@scrpi).
He said he'd be fine with taking over maintainership of this.
@scrpi: please confirm this on PR.
Signed-off-by: Ben Kelly <ben@benjii.net>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Copy mime.conf to temporary directory so squid process can properly read the file. Without it squid cannot access mime.conf and throws a warning during startup.
Signed-off by: Adam Gensler <openwrt@a.gnslr.us>
HTTP header content-disposition isn't honored resulting in source tarball name only containing version number.
Switch to GIT repo as workaround to avoid clashing filenames.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Version bumped to 4.3.5. Separated out compile/install steps since
compiling with $DESTDIR yields bogus results. Removed rfc-3527 patch
as something similar (better) is now upstream (well, more complete
error checking anyway). Change relay scripts from '-l ifname' to
'-U ifname' to correspond to upstream changes.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Instead of causing nondeterministing conditional compilation depending on
whether libnl-core happens to be present or not, fixup the net-snmp package
to link against libnl-tiny which is present by default on the majority of
systems.
In order to successfully build against libnl-tiny, a number of things had
to be fixed in both the upstream configure and the outer Makefile:
- Add a patch which fixes the upstream configure macros to properly handle
cases where the cache variables for nl_connect() and netlink.h tests are
predefined. Without this patch, all subsequent link tests in configure
will fail, causing the build system to assume functions like opendir() or
readdir() to be missing, leading to build failures later on due to
conflicting redefinitions of structures and function prototypes
- In the same patch, stop probing the host systems /usr/include/libnl-3 if
ac_cv_header_netlink_netlink_h is given. This brings the proprietary
configure bits in line with the behaviour expected from autoconfig in a
cross compile setting
- Explicitely request nl support by passing the --with-nl flag to configure
- Pass the required cache variables to skip the broken tests for
nl_connect() and netlink.h
- Amend TARGET_CPPFLAGS to let net-snmp's build system discover nl-tiny's
netlink/netlink.h and netlink/socket.h
- Enable the autoreconf fixup to regenerate the broken shipped configure
from patched macros
- Adjust the depends to unconditionally require libnl-tiny
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add support to configure strongswan via uci.
uci support is based on the following sections
-ipsec : Global config items belonging in the strongswan.conf file
-remote : Defines the remote peer(s)
-tunnel : Defines the IPSec connections in tunnel mode
-transport : Defines the IPSec connections in transport mode
-crypto_proposal : Defines the different crypto proposals
Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
Signed-off-by: Gino Peeters <peeters.gino@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commit e73964fa8f incorrectly dropped the
patch 101-update-struct-msghdr.patch. Add it again, and while add it
also add the follow-up patch that was added upstream.
Fixes#3757.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
When libnl-core is enabled, but libnl isn't, build fails because of a
missing dependency on libnl-3.so.200. Depending on libnl-core seems to
work for both cases.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Update to 5.7.3 by refreshing patches; remove 800-format-security
as upstream integrated.
Add libnl dependency in the package Makefile as net-snmp will check
if libnl is enabled in config_os_libs2.
Remove unneeded PKG_FIXUP build variable.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
this installs the default MIBS-files under /usr/share/snmp/mibs .
Also aligns the defines to the same sorting-scheme.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
change download link from git:// to https:// .
Git links are less safe (not encrypted) and, more importantly, they are blocked by company firewalls.
Https links do not have either issue.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Move git hash to PKG_VERSION instead of PKG_RELEASE
Use xz git tarball instead of gz
Add dependency to ustream-mbedtls as mbed TLS 1.3 is deprecated.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
