-Patch for /etc/unbound/unbound.conf
--All work done in /var/lib/unbound/
--chroot or jail to /var/lib/unbound/
-Init script points to /usr/lib/unbound.sh
-Makefile to install new scripts in the package
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
-Unbound RFC 5011 is busy and writes frequently
-RFC 5011 creates working files in same directory
-DNSSEC root.key managed in /var/lib/unbound
-Protect against flash ROM wear out in /etc/unbound
-Scripts will copy back every 7 days instead
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
-Rebind to new interfaces cleanly
-Detach from old interfaces cleanly
-Some conf options do not reload dynamically
-Unbound grows some and this will shrink it
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
* change option 'trm_iw' to boolean,
1 => use iw (default)
0 => use iwinfo
* option 'trm_maxretry' now accepts '0' to disable this check at all
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
The configure script (for libdnet) seems to find <net/bpf.h>
and detect some BSD stuff.
The lidnet's Makefile wants to include eth-bsd.c, arp-bsd.c
and other BSD friends.
This seems to put a cork on it, and no BSD stuff appears anymore.
[at least on my system].
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Adds gitolite package which is a handy administrative tool for
managing shared git repositories.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
- privoxy.init fix handling of config section "system"
- change start/stop to start=95 and stop=10
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Lcdringer is a tool which runs on a Raspberry Pi with an LCD
display. Lcdringer connects to an XMPP server, listens for messages
sent to a particular Jabber ID, and displays these incoming messages
while playing an audible alarm. Lcdringer also responds to the messages
it receives with an indication of whether or not the audible alarm was
acknowledged with a button press.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
-Remove interlaced configuration changes
--Less sensitive to upstream example.conf changes
--Easier to read patch-of-patch work for maintenance
-Use MEMORY CONTROL EXAMPLE from http://unbound.net/
--Review and rework with respect to previous pacakge
--Effectively the same configuration as previous package
-Disable DNSSEC by default due to real-time chicken-n-egg
--Many OpenWrt target devices have no power-off clock (reboot)
--User choice of work around should be conscious
--Initial install should not fail reboot with DNSSEC default
-Add some defaults explicitly to prevent surprises
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
allocation of up to 128MB -- until the connection is closed. Reported by
shilei-c at 360.cn
ec165c392c
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Wrap around dhtcache vs. datacache confusion which prevented
the datacache service from starting.
While at it, sanetize default package selection.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Explicitely disable liblz4 and external libtalloc support in order to avoid
implicit dependencies leading to the following error on build environments
that happen to provide liblz4 and libtalloc:
Package ocserv is missing dependencies for the following libraries:
liblz4.so.1
libtalloc.so.2
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* add new 'envchk'function to check adblock environment only,
i.e. check volatile firewall rules or uhttpd instances
without list updates
* add new optional parm 'adb_loglevel',
set it to "0" to mute output (print only errors)
* set hotplug priority to '90' as well (missed in the last commit)
* documentation update
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
I think re-ordering the assignments is important here,
_and_ using := for PKG_SOURCE_SUBDIR instead of simple =.
I also grouped the assignments to make it more readable,
IMHO at least :-)
While at, we should also specify the license file
and remove the unneeded Compile definition - the default
just works fine.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
- moved from net to mail category
- removed no-ssl package and added ssl support as configuration option (default enabled)
- added configuration option to support extended logging (default disabled)
- disabled build of test tools
- added LEDE compatibility (support for openssl without SSL3)
Signed-off-by: Federico Di Marco <fededim@gmail.com>
This should massively improve performance for (at least) MIPS targets:
* poly1305: optimize unaligned access
This is a very appreciated fix from René van Dorst, adjusting the
arithmetic in Poly1305 to work fast on platforms with slow unaligned
access, such as MIPS. According to his calculation, this gives a 50%
improvement on small MIPS boxes.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
remove postinst (of main package) from Makefile because all is done inside uci-defaults scripts
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
commands to apply changes introduced during release changes, moved from Makefile postinst to /etc/uci-defaults
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Local variable declarations outside of functions are illegal since the Busybox
update to v1.25.0, therfore remove them from the appropriate places.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* now a single config file in /etc/afp.conf
* convert services to procd while at it
* take over maintainership as the original maintainer is
unresponsive (see #1550)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
because otherwise the build of this package in LEDE trunk fails, complaining about lack of libz.so.1
signed off by Alberto Bursi <alberto.bursi@outlook.it>
- if local ip cannot be detected or is invalid then do not exit ddns-scripts #2950,
using multiple url's to detect local ip not jet implemented
- change spdns.de update url and add sydyn.de inside services file #2991
- move transfer- and lookup-program detection to dynamic_dns_functions.sh
so run once at startup in stead of at every transfer/lookup
- add khost, drill and hostip to verify_host_port() function
- updated tld_names.dat
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
The package creates a "mosquitto" user, but the support added for
persistence creates the data directory as root running the init script.
Properly chown the newly created directory to ensure it's writable.
Signed-off-by: Karl Palsson <karlp@etactica.com>
* enhance the new query function:
change the regex to find only the relevant blocklist entries
add a recursive tld search to quickly identify domains for
whitelisting (see documentation)
better result preparation
* add securemecca as new blocklist source
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add a query function to search the active blocklists for a specific
domain (/etc/init.d/adblock query <DOMAIN>)
* fix bug in ap mode/uhttpd port detection
* check general firewall and dnsmasq package dependencies and remove
redundant checks in ap mode
Signed-off-by: Dirk Brenken <dev@brenken.org>
* added a 'window.close()' to adblock landing page to automatically
close any pop-ups that might get loaded with a blocked ad
* simplified dnsmasq check in ap mode
Signed-off-by: Dirk Brenken <dev@brenken.org>
* change the default hphosts list source to ad and tracking servers
only, the overall list includes to many false positives
* new optional config parm 'adb_hotplugif' to restrict hotplug support
to a certain wan interface or to disable it at all
* documentation update
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Update Csocket to a newer version with compile fixes for OpenSSL with
disabled compression support. Since we don't get zlib as an transitive
dependency anymore, also add zlib as an explicit dependency.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Set teardown_on_l3_link_down notifying netifd xl2tpd wants to be
teared down when layer3 link loss is detected
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
while at it, also fix post-install script and no longer ship
gnunet-download-manager.scm, we ain't got guile anyway and it wasn't
touched for 12 years.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This fixes two issues with the freeradius package init scripts:
- The package installs libraries in /usr/lib/freeradius{2,3}, but the
musl dynamic linker won't find them there unless LD_LIBRARY_PATH is
set to include this directory. This adds an appropriate env statement
to the procd init setup.
- procd expects services to stay in the foreground, or it will be unable
to properly shut them down again. This adds the -f flag to radiusd to
achieve that.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This adds a package wrapping the acme.sh script from
https://github.com/Neilpang/acme.sh in Uci config and hooks to interact
correctly with uhttpd.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Before starting chilli instance, it first removes generated
files (/var/run/chilli*) for the instance. While deleting
generated files, it doesn't match full instance name.
Thus if coova-chilli config file (/etc/config/chilli) has
instances wlan11 and wlan1 in order,
when creating coova-chilli instance for wlan1, it is removing
files generated for wlan11 instances also (as it uses wlan1*
in remove command).
Fix issue by matching full instance name while removing old files.
Signed-off-by: Rajan Vaja <rajan.vaja@gmail.com>
Signed-off-by: Bhargav Patel <br13patel@gmail.com>
From the Tor project page:
obfsproxy is a tool that attempts to circumvent censorship, by
transforming the Tor traffic between the client and the bridge. This
way, censors, who usually monitor traffic between the client and the
bridge, will see innocent-looking transformed traffic instead of the
actual Tor traffic.
This depends on:
- pyptlib (#2053)
- twisted (#2052)
Also, txsocksx (#2058) is necessary to use an outgoing SOCKS proxy,
and having either gmpy2 (#2067) or gmpy (#2051) installed will help
speed up calculations.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Tcpreplay is a suite of free Open Source utilities for editing and
replaying previously captured network traffic. Originally designed
to replay malicious traffic patterns to Intrusion Detection/Prevention
Systems, it has seen many evolutions including
capabilities to replay to web servers.
Pretty useful for testing stuff too.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
for working out the interface name
Working:
ubus -S call network.interface dump|jsonfilter -e "@.interface[@.interface=\"wan\"].l3_device"
Broken:
ubus -S call network.interface dump|jsonfilter -e "@.interface[@.interface=\"wan\"].device"
Fix run tested:
root@wifi:/overlay/upper# ps |grep mini_snmpd
1404 root 980 S /usr/bin/mini_snmpd -n -c public -L Undisclosed -C VGB <admin@victimsofgaybullying.com> -t 1 -a -d /overlay,/tmp -i br-lan,pppoe-w
Before it wasn't using the pppoe interface it was using the parent
interface eth0 twice. Small 1 line fix. Merge at your convenience.
Signed-off-by: Luke McKee <hojuruku@gmail.com>
