* since openwrt master has merged the depending P/R, the old
extra_help/extra_commands syntax is no longer working, see #13798 for
reference
* removed test.sh script from package
Signed-off-by: Dirk Brenken <dev@brenken.org>
* since openwrt master has merged the depending P/R, the old
extra_help/extra_commands syntax is no longer working, see #13798 for
reference
* removed logd dependency, see #13820 for reference
Signed-off-by: Dirk Brenken <dev@brenken.org>
* since openwrt master has merged the depending P/R, the old
extra_help/extra_commands syntax is no longer working, see #13798 for
reference
Signed-off-by: Dirk Brenken <dev@brenken.org>
libudev-zero as well as libudev-fbsd have PROVIDES:=libudev . These
packages have nothing specific that requires one or the other.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
If procd relaunches the ModemManager daemon after e.g. a crash, we
also want it to notify all cached hotplug events, or otherwise we
would end up leaving the daemon running without the full initial
processing done.
This change modifies the init script to include all the required init
commands as part of the procd instance command, so that procd launches
all of them on every respawn.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Boost headers try to include experimental/string_view when std is less
than c++17. This does not work ith libcxx where this header is not
present.
Refreshed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- DNS Flag Day 2020
(default EDNS buffer size changed from 4096 to 1232 bytes)
-- Added patch, which should be part of the next release
It fixes an issue while cross-compilation (I linked it in the commit
message with issue link)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
When the ModemManager daemon is started by the init script, we're
explicitly calling mm_report_events_from_cache() so that all the
hotplug events that happened before that moment are properly notified
to the newly launched daemon.
This initial reporting of events does a wait for the ModemManager
process to be available in DBus, and if the daemon isn't registered in
the bus in a given time, the process is considered failed:
Sun Sep 6 16:20:02 2020 ModemManager: hotplug: checking if ModemManager is available...
Sun Sep 6 16:20:02 2020 ModemManager: hotplug: ModemManager not yet available
Sun Sep 6 16:20:03 2020 [2180]: <info> ModemManager (version 1.14.6) starting in system bus...
Sun Sep 6 16:20:03 2020 ModemManager: hotplug: checking if ModemManager is available...
Sun Sep 6 16:20:04 2020 ModemManager: hotplug: ModemManager not yet available
Sun Sep 6 16:20:05 2020 ModemManager: hotplug: checking if ModemManager is available...
Sun Sep 6 16:20:05 2020 ModemManager: hotplug: ModemManager not yet available
Sun Sep 6 16:20:06 2020 ModemManager: hotplug: checking if ModemManager is available...
Sun Sep 6 16:20:06 2020 ModemManager: hotplug: ModemManager not yet available
Sun Sep 6 16:20:07 2020 ModemManager: hotplug: checking if ModemManager is available...
Sun Sep 6 16:20:07 2020 ModemManager: hotplug: ModemManager not yet available
Sun Sep 6 16:20:08 2020 ModemManager: hotplug: checking if ModemManager is available...
Sun Sep 6 16:20:08 2020 ModemManager: hotplug: ModemManager not yet available
Sun Sep 6 16:20:09 2020 ModemManager: hotplug: checking if ModemManager is available...
Sun Sep 6 16:20:09 2020 ModemManager: hotplug: ModemManager not yet available
Sun Sep 6 16:20:10 2020 ModemManager: hotplug: checking if ModemManager is available...
Sun Sep 6 16:20:10 2020 ModemManager: hotplug: ModemManager not yet available
Sun Sep 6 16:20:11 2020 ModemManager: hotplug: checking if ModemManager is available...
Sun Sep 6 16:20:11 2020 ModemManager: hotplug: ModemManager not yet available
Sun Sep 6 16:20:12 2020 ModemManager: hotplug: checking if ModemManager is available...
Sun Sep 6 16:20:12 2020 ModemManager: hotplug: ModemManager not yet available
Sun Sep 6 16:20:12 2020 ModemManager: hotplug: error: couldn't report initial kernel events: ModemManager not running
Update the default wait time for this initial event notification from
10s to 60s, because there are cases where the daemon is slower to
boot, e.g. during the first boot after a sysupgrade.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Extend configuration of NTP sources in UCI:
- Add nts option to enable NTS
- Add disabled option to allow inactive sources
Add nts section to UCI with:
- rtccheck option to disable certificate time checks on systems that
don't have an RTC to avoid the chicken-and-egg problem (it is less
secure, but still should be better than no NTS at all)
- systemcerts option to disable system certificates
- trustedcerts option to specify path to trusted certificates
Save NTS keys and cookies by default to avoid unnecessary NTS-KE
sessions when restarted or switching back to an already used NTS source.
Also, save the drift to stabilize the clock after chronyd restart.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
- Use the chronyc onoffline command to update state of all sources
per current routing configuration
- Don't ignore the "ifupdate" action
- Add NTP servers from DHCP for the interface that went up instead of
the wan4+wan6 interfaces
- Save the servers to files loaded by the sourcedir directive to not
lose them when chronyd is restarted, and remove them when the
interface goes down
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
Instead of loading /etc/chrony/chrony.conf from the file generated from
the chrony UCI configuration, use the confdir directive in the main
config to load the generated file. This should make it obvious that
chrony is configured in UCI and it can also be easily disabled.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
If relay/bridge support isn't required, this variant is about 300 kiB smaller
than the full tor daemon.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Extracted from:
http://deb.debian.org/debian/pool/main/i/ifstat/ifstat_1.1-8.1.diff.gz
Note that I also created a new git repository with these fixes:
https://github.com/matttbe/ifstat/
The original author of these modification is:
Goswin von Brederlow <goswin-v-b@web.de>
ChangeLog:
* snmp.c: fix 2 pointer targets differ in signedness warnings
* Adding upport for 64bit /proc/net/dev counters.
* Clean up compiler warnings.
More modifications are available in the patch from the Debian project
but mostly related to the "debian" dir, man page and debug mode. Here I
only took the modifications related to the .c and .h files.
The most important fix is related to the support for 64bit counters in
/proc/net/dev instead of displaying 0 after a while.
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
- support trailing route space from iproute2
- add routes even when iface is down
- fix source_routing argument check
- add quotes in logging to better detect issues with trailing spaces
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Contains following list of changes:
ab4c3471b261 tests: add cram based unit tests
7b4e3241e1bd tests: add cgi-io built with clang sanitizers
21831f45d16d Disable session ACLs during unit testing
2f525417b5df Add initial GitLab CI support
57f1c4f18cb6 Add .gitignore
09f9ac5066ee Fix off-by-one in postdecode_fields
ed8ce0d5d28b Add fuzzing of utility functions
a61581819800 Add fuzzing of multipart_parser
6b0615b728ed Refactor utility functions into static library
a0ed2c9a7a72 Fix clang compiler errors
232659da19a4 Fix possible NULL dereference
8e5719b37a67 Fix warnings reported by clang-10 static analyzer
b99aa8a64cca Remove Makefile
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Allows the Makefile to be cleaned up and to have fewer dependencies.
There's no need for multiple TLS libraries to be installed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
openconnect v8.10 supports 4 VPN protocols
--protocol=anyconnect Compatible with Cisco AnyConnect SSL VPN, as well as ocserv (default)
--protocol=nc Compatible with Juniper Network Connect
--protocol=gp Compatible with Palo Alto Networks (PAN) GlobalProtect SSL VPN
--protocol=pulse Compatible with Pulse Connect Secure SSL VPN
This patch allows user to specify protocol use the new "vpn_protocol"
option and deprecate the old option "juniper" which seems to be missing in
the current openconnect client.
Signed-off-by: Mengyang Li <mayli.he@gmail.com>
version 8.2.6 (October 19, 2020):
- try and address license concerns with LICENSE.md
- replace usleep with nanosleep (Rosen Penev <rosenp@gmail.com>)
- console: Add 'k' option to exit on console-down (Mylène Josserand <mylene.josserand@collabora.com>)
- Fix#48 - apply ipv4 CIDR access list when compiled with ipv6 support
Signed-off-by: Bjørn Mork <bjorn@mork.no>
The additional directory is created and can be used e.g. for configurations
which are created e.g. dynamically from an uci config.
Signed-off-by: Helge Mader <ma@dev.tdt.de>
For applications writing their own xinetd configuration to the /etc/xinetd.d
directory it would be necessary to save them (e.g. a user edits them manually)
Signed-off-by: Helge Mader <ma@dev.tdt.de>
When the interface section was changed, the changed configuration
options were not applied.
This commit adds the service reload handling again.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* switch all safesearch providers to dynamic ips (derived from cname)
* made the new safesearch approach compatible with bind-nslookup
* removed 3.x config compatibility code
Signed-off-by: Dirk Brenken <dev@brenken.org>
Django 3.1 supports relative paths for static_url.
Use it to make it more flexible.
Minor fixes for upgrade:
* ignore-fail-on-non-empty for rmdir /usr/share/etesync-server/etesync_server
* do not stop service (it is stopped already and init file is removed)
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
The underlying `acme.sh` allows custom ACME server URLs (using `--server`). Adding the necessary field to specify a custom ACME server URL from UCI.
Signed-off-by: Jannis Pinter <jannis+openwrt@pinterjann.is>
Use "mwan3 use" to wrap a command with interface bindings so that you can
avoid the mwan3 rules and test behavior on a specific interface.
eg "mwan3 use wan ping -c1 1.1.1.1"
Additional binding arguments to the command will have their system
calls intercepted and ignored.
eg "mwan3 use wan ping -c1 -I tun0 1.1.1.1" will use the
device associated with "wan", rather than "tun0".
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Rather than using a special mwan3 user to manage mwan3track's tracking
packets, this commit implements a small helper library to bind to
device and to set a fwmark so that the tracking packets can be routed
out of the correct interface.
This provides a consistent method for binding to a device rather than
relying on various packages potentially buggy implementations. For
example: #8139 and #12836
This helper issue also allows for more tracking methods to be added
even if they do not have a command line option to bind to device,
such as iperf3 (eg #13050).
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
start all mwan3mon and mwan3track instances on mwan3 start
if an interface is down when mwan3track starts, it waits
for a signal from the hotplug script to start
procd can then handle stopping all of the scripts when mwan3
is halted
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
correctly terminate interface status checks with new lines so that
interface status does not get confused when one interface is a prefix
of another interface.
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
handle creation of routing tables in mwan3rtmon to avoid race
conditions and potentially missing routes
handle ipv6 routes that have expiry
update directly connected ipset when routes are added or deleted
add fall through rules so that the default routing table is not
used if no rule in the interface-specific routing table matches
add option to comply with mwan3 source based routing
get default route parameters from main routing table
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Remove paxctl stuff. pax is not packaged in OpenWrt.
Add reload support.
Install lua cfg file as 644. It's needed to be readable as prosody user
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* Change KEY/HMAC_KEY to __CHANGEME__, which is rejected by fwknopd
during start-up. The value CHANGEME is used only by LuCI package
luci-app-fwknopd - pull request for generating keys directly from
LuCI has been created already.
* Add sensible defaults for ENABLE_IPT_FORWARDING and ENABLE_NAT_DNS,
which both are/were set by luci-app-fwknopd. Move the defaults here.
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
The substring "release_" does not reflect the version number.
In addition, package names will be shorter.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
mbedcrypto should be searched, not mbedtls. Also, there is no pkgconfig
file with mbedtls. Fixed that as well. Removed Makefile hacks.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
No functional changes, just moved the sources into out of tree
project[1] so it's going to be easier to do CI with unit testing,
fuzzing etc.
1. https://git.openwrt.org/?p=project/cgi-io.git;a=shortlog
Signed-off-by: Petr Štetiar <ynezz@true.cz>
AdGuardHome is a network-wide ads and trackers blocking DNS server.
After installing it with opkg, start it like every service:
/etc/init.d/adguardhome start
In order to complete the installation vist http://{YOUR_ROUTERS_IP}:3000.
Then you can setup dnsmasq to forward DNS traffic to AdGuardHome:
uci -q delete dhcp.@dnsmasq[0].server
uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#{PORT_SET_DURING_INSTALL}
uci set dhcp.@dnsmasq[0].noresolv=1
uci commit dhcp
/etc/init.d/dnsmasq restart
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
If lighttpd loads mod-auth, it also automatically tries to load
mod-authn_file, and fails if it's not available. That is a compatibility
feature of lighttpd after the funtionality was split into modules.
Signed-off-by: Jan Kardell <jan.kardell@telliq.com>
