Add an option for adding rules based on source interface.
The default 0.0.0.0/0 src and destination ip addresses has been removed. It is unclear
how the 'any' family of rules would have worked, as it appears each rule always required an
ipv4 or ipv6 address src and destination address. With this change, the any family will work
again.
I also cleaned up a bunch of repeated code around adding the iptables rules for
ipv4/ipv6/any in making the change.
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit 5147dfc73a)
An interface can have both a /64 and a /128 from a provider.
In such a case, use the address from the /64 to do the ping check, not
the /128.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
(cherry picked from commit 49cf5eac5c)
This update also:
- enables parallel builds
- moves to the CMake build system
- removes the redundant InstallDev stanza
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Build config validation showed up 1 warning, 1 info
- deprecated sudo
- missing os
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 651b9f9bf1)
Target ar71xx is deprecated and removed in the master branch and makes SDK
not available anymore. Travis fails because of that.
It was superseded by target ath79. These devices have 4 MB flash and/or 32 MB RAM.
However, ath79 is being used by CircleCI if you have it configured for
your repository and if you are contributing to this repository. It
is not good to have two CI for the same target. Let's use powerpc.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 4526fb3eae)
Add alternative to busybox nslookup. Busybox throws an error when
the host does not have an AAAA record.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
(cherry picked from commit 4cb5aa57fd)
Binding in default to IPv6 is preferable but it can be disabled in
kernel and that prevents syslog-ng to start. This setup should not be
that common but syslog is very important service and should survive
that.
This introduces new plugin defining source generator
`network_localhost`. This is used instead of original network source.
Signed-off-by: Karel Kočí <cynerd@email.cz>
(cherry picked from commit 43a8f7072e)
As miniupnpd is running as root, libcap can be used to limit its
capabilities.
libcap is very small, so this isn't a problem.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit ba49c96808)
(switched to use libcap as -ng is not available)
Use the newly introduced configure script.
Use PKG_INSTALL for consistency between packages.
Use PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 2b5028458e)
If miniupnpd is installed but disabled or not running, the hotplug
script will query uci for keys that don't exist and grep a temporary
config file that doesn't exist, resulting in the following errors:
uci: Entry not found
grep: /var/etc/miniupnd.conf: No such file or directory
These would arise when an interface is brought up or down, and are
more confusing than helpful, especially when miniupnpd is disabled.
Suppress these errors.
Signed-off-by: David Ehrmann <ehrmann@gmail.com>
(cherry picked from commit 6ef2b5400b)
The existing interface selection/detection code was incomprehensible at
worst and convoluted at best. The uci config file suggested it
understood an external ipv6 interface but in reality the init script
took no notice. Re-work it so it is at least comprehendible and takes
notice of ipv6 interface details if specified.
Update the hotplug script to use the same interface selection/detection
code as the init script and take note of ipv6 interface selection, only
restarting miniupnpd on interface up events and only if that interface
isn't already known (for that ip class) by miniupnpd.
For me this has solved numerous 'flaky' startup problems, especially
with regard to ipv6.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 295d77943c)
Error was:
The domain 'example.com' seems to have a ECC cert already, please add '--ecc' parameter if you want to use that cert.
Signed-off-by: David Yang <mmyangfl@gmail.com>
Irqbalance defines /run/irqbalance dir for its socket
communication between irqbalance and its UI. /run does not exist
in OpenWrt (although it is defined by the Linux FHS), so the
socket creation fails. Although we do not compile UI and thus
the issue is not critical to us, fix the directory location.
Additionally, the creation is originally handled by a systemd
init script that we do not use.
* patch source to define dir as /var/run/irqbalance
* create the dir in the procd init script.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry-picked from 4f0c847828)
The package Makefile was not taking into consideration that the build
may be using BUILD_NLS with libintl-full and libiconv-full and was
trying to link the wrong versions of these libraries in this case.
The necessary flags are added by nls.mk to TARGET_LDFLAGS and can be
passed to irqbalance's configure script for setting the GLIB2_LIBS
variable instead of the explicit static link to the libiconv stub.
The PKG_BUILD_DEPENDS line should be modified so as to add to and not
override the definition set by nls.mk, which will ensure the right
version of libiconv and libintl is built beforehand.
A DEPENDS:= line should be added to the package definition using the
variables defined in nls.mk, which will add the appropriate version
of libintl and libiconv (vanilla or -full versions)
If USE_GLIBC is true, then libpthread needs to be explicitly passed
to the configure script in the GLIB2_LIBS variable for linking.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
(cherry-picked from 88c25e87a1)
