Get rid of gnutls dependency introduced in 5bca84b. Needs patching
configure script to make gnutls existence test optional.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
I should have packaged the OVN stuff, VTEP and what-not
earlier, but was not inspired to do this earlier.
I made some time now to package those parts.
Disabling flake8 & python3 explicitly.
They might get detected and cause weird build errors.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Maintainer: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Run tested: LEDE Reboot 17.01.3 r3533-d0bf257c46
Description:
user.err ddns-scripts: IP update not accepted by DDNS Provider
dynv6.com response "unchanged" is OK
Signed-off-by: Ernest Moshkov <e.moshkov@gmail.com>
Fixes bug where sslh was being linked against libconfig, but libconfig
CPPFLAGS were being ignored.
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
1.) pkg version bumped from 6.4.3 to 6.11.5
2.) maintainer changed to me (#4944 dhcpcd: needs a new maintainer)
3.) source changed from bz2 to xz
4.) removed old unnecessary patch
5.) minor style improvements
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
mtu 1400, mru 1400 - on ppp devices, usually we need lower mtu, the existing link mabye is already under a lower MTU
require-mschap-v2 - most of the time l2tp is used in conjunction with windows client who will use this kind of auth
lcp-echo-interval 20, lcp-echo-failure 5 - keep alive 20 seconds interval and dead peer detection after 100 seconds
connect-delay 5000 - wait for up to 5 seconds after the connect script finishes for a valid PPP packet from the peer
nodefaultroute - prevent users from creating default routes with pppd
nodefaultip - disables the default behavior when no local IP address is specified
proxyarp - this will have the effect of making the peer appear to other systems to be on the local ethernet
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
lock is no longer needed and it breaks the setup
explicit added PKG_BUILD_DEPENDS:=libpcap, an indirect depend included in ppp and needed for pfc
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
ClamAV's configure script uses grep to check for bugy zlib version
1.2.1. Since current OpenWrt zlib version is 1.2.11 this check passes
and build fails. This patch will disable this unneeded check and make
sure we are looking for zlib on the right location.
clamdtop was beeing built without it's ncurses dependency. Build system
would link it to the host's ncurses making the program fail at run time.
This patch will disable building of optional clamdtop, otherwise we need
to add ncurses as a dependency and fix the search path.
Increase PKG_RELEASE to reflect changes.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
An unneccesary include in the init file was causing problems when using the package builder.
Signed-off-by: Jonathan Bennett <JBennett@incomsystems.biz>
- fix CVE-2017-9798
- fix#4926
make http2 support configurable, in case of enables libnghttp2
package dont build http2. instead use CONFIG_APACHE_HTTP2 to
enable http2 support
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
Added new "network" section with option "network", which takes network
interface name.
The start-up is migrated to use procd and depend either on the "network"
interface (after resolving it to a physical device), or on the PCAP_INTF
option from "config" section (usual place for raw interface name for
fwknopd). When the uci_enabled option is disabled, the value of PCAP_INTF
is taken from the user-provided fwknopd.conf.
Also fixed UCI_ENABLED variable evaluation.
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
The l7-filter project hasn't been active for a very long time and support in
OpenWrt/LEDE has been dropped making this package orphaned.
Support in qos-script removed: bdb6c313de367280ed17ad234136f133ceb37551
(SVN: r45425)
Support in tree removed: d0ba3bb1e24702e472eee2f3a5b7f9e4646b8ff1
(SVN: r45423)
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Start building with testing enabled as a preparation to eventually
packaging the testbed components.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update to latest stable version and add init script and config file to start
horst in server mode as a service.
Signed-off-by: Bruno Randolf <br1@einfach.org>
Due to a typo in the init scripts, certain parameters are not appended
to the cmdline. (max. # of concurrent sessions).
For backwards compatibility leave both spellings in place.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Dansguardian hasn't seen a release in over 5 years and been deprecated
upstream. We're just doing a disservice providing software that isn't
supported. If functionality is needed please use e2guardian instead (in tree).
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
It seems that UCI can't handle duplicate section names in a single
config file, even if they use different types. After the previous
commit, running `uci export` results in the following error:
uci: Parse error (section of different type overwrites prior section with same name) at line 17, byte 23
Append a 6 to the com2sec6 section names to solve this.
Fixes: 0e1c8b4ccc ("net-snmp: snmpd: listen on IPv6 by default")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Enhance the 'control' option to allow using SSL
to connect to the server. Add the 'extended_stats'
option to match 'extended-statistics: yes.'
Document the 'extended_luci' option; it does not
control Unbound, but changes the LuCI tabs.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
revert the update as the new wget version links to libunistring
that is a rather large library. Better to revert the update now
in order to fix buildbot and then look into solutions.
signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Patch includes updates to packages:
netopeer2: update to version 0.4.0
sysrepo: update to 0.7.0
libnetconf2: update to 0.9.15
libyang: update to 0.13.46
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Notable changes since 3.0.8
ede744a: depends on libcares now instead of libudns
1c64829: new cmdline option --no-delay for not turning off TCP_NODELAY
9201619: ss-local: check if client supports socks5 protocol and no-auth-required method
f8283fc: Fix potential buffer overflow when parsing json config
380fddb: redir: fix conversion from DSCP to ToS
The two patches are now in the offical repo
Modify init script to use standard uci configuration and procd for
process management. We benefit from:
- use of standard LEDE configuration with its ability to revert and
commit changes
- validation of configuration variables
- procd taking care of restarting daemon when config changes and user
wants to reload it
- automatic respawning of daemon process in case it dies
The source is patched to make it possible to run as a daemon in
foreground.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* fix startup issues with backends like dnscrypt-proxy or kresd
which does not come up without an existing block list
* fix a small 'chown' issue
Signed-off-by: Dirk Brenken <dev@brenken.org>
This commit fixed what 6d99b602 was supposed to fix without affecting
interface-bound traffic.
Before 6d99b602 interface-bound traffic was working normally as long
as at least one interface was online. However when the last interface
went offline, it was impossible to ping and such state was
unrecoverable.
Commit 6d99b602 fixed unrecoverable offline state problem (it was
possible to ping -I iface) but messed inteface-bound traffic. Traffic
with interface source address was not working if the interface was in
"offline" state, even if another interface was online.
The problem was caused by an inconsistent "offline" interface state:
iptables-related rules were kept while routing table and policy were
deleted.
The idea behind this commit is to:
1. Keep all the rules for each interface (iptables, routing table,
policy) regardless of its state. This ensures consistency,
2. Make interface state hotplug events affect only iptables'
mwan3_policy_* rules. Interface-related iptables, routing table
and policy is removed only when mwan3 is manually stopped.
To make such changes possible, it's necessary to change the way
mwan3_policy_* rule generator keeps track of interface state hotplug
events.
Until now, it checked for the existence of custom interface-related
routing table (table id 1, 2, 3, ...). Clearly we can no longer rely
on that so each interface state is stored explicitly in file.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* add kresd & turris omnia support
* add dnscrypt-proxy support
* change start priority to 30, to fix possible trigger issues on slow
booting hardware
* simplify suspend/resume handling (no longer use a hideout directory)
* enhanced LuCI frontend
* many small changes & improvements
* default config change (please update your config!), adblock is now
disabled by default
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
Compile & run tested: ar71xx: archer c7 v2
Add myself as another co-maintainer of the package.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Use common function to toggle ip address in /var/state/mwan3.
Change also to use toggle function and not set function. If ip address
is often changed every change is saved to /var/state/mwan3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If enough tracking ip are pinged skip the reset. They are not needed
anymore to mark the interface as up.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
ipset command line utility supports ranges of address: IP-IP, but the
dash character is also valid character in host names. If we have a
remote server ss-00.example.com, ipset may complain that
ipset v6.32: Syntax error: cannot parse ss: resolving to IPv4 address failed
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
ubox 'list' type is for validating multiple elements separated by
tabs/whitespaces in a single value. E.g. The following should not be
accepted
list src_ip_bypass '1.2.3.4 4.3.2.1'
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
======================== ========================================
features dependency
======================== ========================================
HTTPS OSX or GnuTLS or OpenSSL or Windows
SFTP libssh2
BitTorrent None. Optional: libnettle+libgmp or
libgcrypt or OpenSSL
Metalink libxml2 or Expat.
Checksum None. Optional: OSX or libnettle or
libgcrypt or OpenSSL or Windows
gzip, deflate in HTTP zlib
Async DNS C-Ares
Firefox3/Chromium cookie libsqlite3
XML-RPC libxml2 or Expat.
JSON-RPC over WebSocket libnettle or libgcrypt or OpenSSL
======================== ========================================
Add 'CONFIG_' to 'PKG_CONFIG_DEPENDS'.
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
* Add aria2 user and group.
* Use procd to start service.
* Add more supported options.
Compatible with previous version.
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
When building on hosts with lmdb installed, bind configure phase fails:
configure: error: found lmdb include but not library.
Solve this by disabling lmdb. Fixes#4748.
Fixes: eab56b6bee ("bind: version update to 9.11.2")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* backend/frontend: supports a Connection Limit ('trm_maxretry')
of '0', to disable this feature (unlimited retries)
Signed-off-by: Dirk Brenken <dev@brenken.org>
- New UCI options ifnames, dst_default
- UCI options src_ips_xxx now accept cidr as their values
- Export ipset names as part of the interface so that it can be
depended on and used by other programs
- Bypass only remote servers used ss-redir instances, so that it's
possible to let other servers to go through existing re-redir
instances
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Remove an improperly placed semicolon in order to solve the following
compiler error:
.../main.c:144:3: error: this 'if' clause does not guard... [-Werror=misleading-indentation]
if (execl("/bin/busybox", "/bin/busybox", "md5sum", file, NULL));
^~
.../main.c:145:4: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
return NULL;
^~~~~~
cc1: all warnings being treated as errors
Fixes#4723.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fixes the following bugs introduced in commit 815e83d4:
- hotplug: invalid parameter order when initial interface state is "online",
mwan3track expects initial state to be the third argument
- hotplug: missing source ip address when initial interface state is "offline"
- mwan3track: source ip address should be the fourth argument
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
On some environments, connecting to localhost was resolving to ::1,
which didn't match the bind to the explicit 127.0.0.1.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Added many more UCI config options, particularly for bridge connections
The recently introduced username/password options for bridges are kept,
even though they have been deprecated upstream for a while. In keeping
with this, while support is kept in UCI, the generated mosquitto.conf
file will always generate the "modern" remote_username/remote_password
options preferred by mosquitto instead.
Likewise for bridge clientid and remote_clientid options.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Dynu.com already support IPV6 updates using the parameter myipv6, adding to services_ipv6 to enable support in OpenWRT/LEDE
Signed-off-by: Phil John <philjohn@gmail.com>
Define package config files to preserve
/usr/share/nlbwmon/protocols across sysupgrade
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
This is the default value taken by ss-server and ss-redir. After this
change ss_rules section can still use those ss-redir instances who do
not have mode explicitly specified.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Add new globals config section with option local_source.
With this config option the self interface generation will be done now
automatically on hotplug event. You can specify which interface (ip)
sould be used for router traffic. To replace the self intereface in the
config set local_source to "lan".
The default option is none, so it will not change default behavior if a
"self" interface is configured in the network section.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
To know how old the ubus output is, add an age parameter which indicats
how old the check informations on the interface are.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Add new interface config option "inital_state".
If interface comeing up the first time(mwan3 start, boot),
there are now two option for interface behaviour:
- online (default as is now)
Set up interface regardless wether tracking ip are reachable or not.
- offline
Set up interface first to ping tracking ip and if they are reachable set up
the interface completely.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Even though error was fixed the interface checks still fails, if last_resort
was set to blackhole or unreachable.
To fix this issue do not remove failure interface from iptables change on
down event.
Reported-by: Colby Whitney <colby.whitney@luxul.com>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If two interface have the same prefix "wan" for example "wan" and "wan1"
pgrep returns the PID for wan1 also "pgrep -f mwan3track wan".
Before this fix "wan1" was also killed! This is not what we want.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* print only 'missing plugins support warning' if user really configured
'blacklist' or 'block_ipv6' parameter.
Signed-off-by: Dirk Brenken <dev@brenken.org>
When the strongswan service is running, `ipsec status` returns 0. Check
the return value instead of checking its output.
While at it, remove the [[ ]] bashism, use rereadall instead of
(reread)secrets, and move it inside the if statement.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
In commit 36e073d820, some checks were
added to see if the UCI config file exists and if there are any peers
configured in it. Due to these checks, if /etc/config/ipsec exists, but
contains no enabled peers, strongswan will not be started. This is not
ideal, as a user might want to experiment with the UCI config while
keeping existing connections in /etc/ipsec.conf operational.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Since the strongswan-utils package now only contains the aging ipsec
utility, rename it to strongswan-ipsec.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
We currently include the SCEP client in strongswan-utils, which is a
dependency of the strongswan-default meta-package. As it's generally not
recommended to generate keys on embedded devices due to lack of entropy,
move the SCEP client to a separate package, and only depend on it in the
strongswan-full meta-package.
While at it, add scepclient.conf to the package.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
We currently include the PKI tool in strongswan-utils, which is a
dependency of the strongswan-default meta-package. As it's generally not
recommended to generate keys on embedded devices due to lack of entropy,
move the PKI tool to a separate package, and only depend on it in the
strongswan-full meta-package.
While at it, add pki.conf to the package.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* Update nmap-suite to 7.60
* Use PKG_HASH as PKG_MD5SUM is deprecated
* Switch download URL to HTTPS
* Add zlib as dependency and link libpcre dynamically
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* Start dnscrypt-proxy from procd interface trigger rather than
immediately in init, to fix a possible race condition during boot and
get rid of rc.local restarts. You can restrict trigger interface(s) by
'procd_trigger' in new global config section.
* tab/whitespace cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add preliminary kresd dns backend support for turris devices,
see readme (experimental / untested!)
* use tld compression for overall list, too
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Adds support for interface tracking using either ping, arping or
httping. This allows to track interface status on networks with filtered
ICMP traffic or simply to monitor data link layer etc.
To facilitate binding to a specified interface its IP address is passed
as a new mwan3track parameter. It's currently required by httping
and possibly by other tools that may be added in the future.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
