Add missing "inotify_add_watch", "inotify_init1" and "inotify_rm_watch"
syscalls to seccomp filter which are needed in case watch_dir feature
of transmission is used.
Fixes#16972
Reported-by: @siwind
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
As written in the commit message:
Depending on your conntrackd configuration, events might get lost,
leaving stuck entries in the cache forever. Skip checking the conntrack
ID to allow for lazy cleanup by when a new entry that is represented by
the same tuple is added.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Open vSwitch does not bring up ports automatically. This is not a
problem for wireless ports, or for ports configured in
/etc/config/network, but other ports will be down, and require manual
interaction to be brought up. Configuring them with proto none will
cause netifd to do some actions on them, which might cause undefined
results, and will also bloat the UCI config file.
The cleanest solution is to bring all member ports up as part of the
init script.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
statd currently fails to start due to missing /run which doesn't exist
on OpenWrt.
Add a patch moving /run to /tmp/run as the path is hardcoded in several
places and cannot be configured neither at buildtime nor at runtime.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
`time_t` on musl 1.2 is 64bit, while `long` is 32 bit. we will always get zero time with the original source on mips big endian.
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
The PCIe physdev path lookup relies on the 'vendor' and 'device'
attribute files, instead of the 'idVendor' and 'idProduct' ones, which
are USB specific.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
OVN doesn't require Python Six, since about commit
338a6ddb5e
Maybe even earlier than that.
There are some left-over installations of six in their CI, but no usage in
any Python source code.
Refreshed patches.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Python six was required to build the OVS Python libs during the time when
they were supporting both Python 2 & 3.
Python 3 is a minimum requirement for OVS Python's libs since commits:
1ca0323e7cbd90524550
and Six is no longer required since commit
0c4d144a98
The end-goal here is to get rid of the Python Six host-build.
OVS is the only user.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Release notes:
1.8.0
- Upgrade json.hpp dependency to version 3.10.2
- Check if DNS servers need to be applied on macOS
- Set MAC address before bringing up Linux TAP link
- Stop binding to temporary IPv6 addresses
- Fix for mistakenly using v6 source addresses for v4 routes on some platforms
- Fix for MacOS MTU capping issue on feth devices
- Implement a workaround for one potential source of a "coma" bug, which can occur if buggy NATs/routers stop allowing the service to communicate on a given port. ZeroTier now reassigns a new secondary port if it's offline for a while unless a secondary port is manually specified in local.conf. Working around crummy buggy routers is an ongoing effort.
- A completely rewritten desktop UI for Mac and Windows!
1.8.1
- Fix an issue that could cause clobbering of MacOS IP route settings on restart.
- Added additional hardening against address impersonation on networks (also in 1.6.6).
- MacOS IPv6 no longer binds to temporary addresses as these can cause interruptions if they expire.
- Remove support for REALLY ancient 1.1.6 or earlier network controllers.
- Fix numerous UI issues from 1.8.0 (never fully released).
Changed to git as source and added $(AUTORELEASE)
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Client and server software to query DNS over HTTPS, using Google DNS-over-HTTPS protocol and IETF DNS-over-HTTPS (RFC 8484). https://github.com/m13253/dns-over-https
Signed-off-by: Martin Schneider <martschneider@google.com>
Side-effect of dropping capabilities(7) with last commit is now we
need the `/var/run/named/` directory created for us at startup.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reasons to drop this package:
a) this package depends on luci-app-rosy-file-server
Unfortunately, it was marked as broken as it is unmaintained.
See: 34b682afac
b) maintainer is inactive
c) rosinson website does not seem to be working
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Update to the newest versions and switch to $(AUTORELEASE) for the python3 packages (where I am the maintainer).
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
Currently when the connection times out, the interface will disconnect.
Add capability to add persistent option to re-establish connectivity.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
* adopt pypi name and line numbers in patches
* remove custom tar command and patch for using python3 (changed upstream)
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
It never works... And Xray-core needs root access to work.
Bump geodata to latest version while at it.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The following CVE updates are included:
* CVE-2021-25219: The "lame-ttl" option is now forcibly set to 0. This
effectively disables the lame server cache, as it could previously be
abused by an attacker to significantly degrade resolver performance.
* CVE-2021-25218: An assertion failure occurred when named attempted
to send a UDP packet that exceeded the MTU size, if Response Rate
Limiting (RRL) was enabled.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reload the service when interfaces flap; note that libcap support
is required to open new sockets on interfaces coming up during
a reload, otherwise a full restart would be needed.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Use newly introduced procd_add_reload_mount_trigger to reload nfsd
when a mountpoint covering an exported filesystem is added by blockd.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fix uci-defaults for PostgreSQL backends
Add user 'gnunet' to 'postgres' group
Always build with sqlite3 as configure fails when --without-sqlite
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
If an interface doesn't exist yet when vnStat is started, it won't be
monitored, as only existing interfaces can be added to the database via
the vnstat command.
This adds a hotplug script which adds any configured interfaces to the
vnStat database when it goes up.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
By default, vnstatd adds all available interfaces on startup when its
database is empty. The --noadd option prevents this, but it breaks
import of legacy databases, and causes vnstatd to exit immediately
after startup, which breaks reloading.
This changes the init script to add the --noadd option when no legacy
databases need to be imported, and patches vnstatd to keep running
even when no interfaces are configured.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
This has been replaced with the "trust-anchors" keyword, per
section 8.21.1 New Features of the Bind 9 Administrator Reference
Manual:
• In order to clarify the configuration of DNSSEC keys, the trusted-keys and managed-keys statements have been deprecated, and the new trust-anchors statement should now be used for both types of key.
When used with the keyword initial-key, trust-anchors has the same behavior as managed-keys, i.e., it configures a trust anchor that is to be maintained via RFC 5011.
When used with the new keyword static-key, trust-anchors has the same behavior as trusted-keys, i.e., it configures a permanent trust anchor that will not automatically be updated. (This usage is not recommended for the root key.) [GL #6]
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
apxs is used to get information about the apache installation when
building external modules. Currently there are issues:
1.
./staging_dir/target-mips_24kc_musl/usr/bin/apxs -q TARGET
apache2
apxs:Error: ./staging_dir/target-mips_24kc_musl/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/bin/apr-1-config not found!.
This error is fixed by sed script #2.
2.
./staging_dir/target-mips_24kc_musl/usr/bin/apxs -q TARGET
cannot open ./staging_dir/target-mips_24kc_musl/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/share/apache2/build/config_vars.mk: No such file or directory at ./staging_dir/target-mips_24kc_musl/usr/bin/apxs line 213.
This error is fixed by sed scipt #1.
Both sed scripts taken from buildroot (see [1]).
[1] https://github.com/buildroot/buildroot/blob/master/package/apache/apache.mk
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This commits adds the new usteer package to the packages feed.
usteer is a daemon for steering wireless clients across frequency
bands as well as between multiple access points on a network.
Signed-off-by: David Bauer <mail@david-bauer.net>
ospf running in instance mod will keep cpu to 100% so revert offending commit
if daemon is disabled in the file while running also close that daemon
also add the pythontools to support reload
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Some users report that DAWN sometimes crashes after a while. Mostly
this happens after the new update has been rolled out.
Since I would not like to go back to the older version, I add as
a workaround for now that DAWN automatically respawned.
Workaround for:
https://github.com/berlin-open-wireless-lab/DAWN/issues/151
Signed-off-by: Nick Hainke <vincent@systemli.org>
WWAN devices may now be exposed in the new 'wwan' subsystem in the
kernel (since 5.13), initially applicable to devices exposed in PCIe
(no USB), but at some point may also apply to USB devices that until
now were exposed via other subsystems (e.g. usbmisc, tty).
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
* bugfix: change killall param from -HUP to -s HUP
* bugfix: change tmpfs param from status to gateway
Signed-off-by: Stan Grishin <stangri@melmac.net>
* there are reports that 0.3.5-x versions do not work on some configs
* the development of the new features moved to the new package (pbr)
* revert to the last known good version of vpn-policy-routing
Signed-off-by: Stan Grishin <stangri@melmac.net>
* refresh patches
* disabling kres_gen_test is not required anymore for cross compilation, it was fixed upstream with the 5.4.1 release
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
This uses some definitions from <sys/cdefs.h> in gcc 8.4.0, not present
in musl or gcc11.
Also use clock_gettime() instead of syscall(__NR_clock_gettime,...),
which is not currently defined.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* update to [2021-09-27](da2501f542)
* fixes https://github.com/aarond10/https_dns_proxy/issues/125
* restart instead of reload on interface hotplug
* fixes https://github.com/openwrt/packages/issues/16794
* produce output and log entries on service start/stop
* prevent unnecessary dnsmasq restarts if service has previously updated dnsmasq settings
* allow both named and typed dnsmasq instance settings to be updated
* update 010-fix-cmakelists patch file
Signed-off-by: Stan Grishin <stangri@melmac.net>
Default to letsencrypt because the upstream default may change.
Passing --staging is no longer needed, since --serever will
select a staging server if needed.
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
Tested-by: Georgi Valkov <gvalkov@abv.bg>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
/net/crowdsec-firewall-bouncer/
crowdsec-firewall-bouncer will fetch new and old decisions from
a CrowdSec API to add them in a blocklist used by supported firewalls.
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
/net/crowdsec/
Crowdsec - An open-source, lightweight agent to detect
and respond to bad behaviours.
It also automatically benefits from a global community-wide
IP reputation database.
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
* c70773a - datastorage: use signal strength as a metric
* 14e0f83 - Don't display debugging output with DAWN_NO_OUTPUT
* 97e5de1 - uci: add neighbor list priority options
* 2b1a53c - dawn_uci: set default values
* 6eb747b - Use separate configs for 802.11g & 802.11a bands
* 1e34357 - Verify compatibility before parsing config message
* a7a8309 - List all neighbors with same score when kicking
* 3ba0fa4 - Change beacon request fields to appropriate values
* 009aab9 - Change mode config parameter from int to string
Signed-off-by: Nick Hainke <vincent@systemli.org>
Update to GNUnet release 0.15.3.
Note that GNUnet 0.15.x is incompatible with the previous 0.14.x
wire format.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
- Update haproxy download URL and hash
- Make build-target and parameters dependant on configured c-library
- Removed duplicate build-parameters
Signed-off-by: Christian Lachner <gladiac@gmail.com>
This commit fixes an issue where the `AUTOSSH_GATETIME` is not available in the `procd` environment which gets overwritten by the second `procd_set_param env` call.
It now calls the `procd_set_param env` once with the two variables, instead of twice.
Signed-off-by: Leo Soares <leo@hyper.ag>
Switch to AUTORELEASE for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[remove irrelevant part from commit message after splitting changes]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Currently `travelmate` only support `<meta` tag
if it contains `"`. This updates `travelmate.sh` to support
`'` as well.
```html
<meta...content='1; url=
```
Signed-off-by: Kamil Trzciński <ayufan@ayufan.eu>
This patch to remove PowerDNS' check for whether time_t is 64-bit is not needed anymore,
due to OpenWrt now having a more recent musl libc where time_t is 64-bit on all architectures.
Signed-off-by: Wout Bertrums <wout@wbnet.eu>
Switch to AUTORELEASE for simplicity.
Switch to normal tarballs.
Add license information.
Reorganize Makefile for consistency between packages.
Add libtool patch fixing compilation under some conditions.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Testing showed that additional syscalls are needed on ARMv7.
Add "clock_gettime64" and "statx" which seem to be used now instead
of "clock_gettime" and "stat" syscalls which are already listed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When Open vSwitch is configured to use a controller, but is unable to
connect to it, Open vSwitch will setup flows to allow all traffic, if
the failure mode is not configured, or set to standalone.
As this might be a security hazard, it is also possible to configure
Open vSwitch in a secure failure mode. Enabling this mode causes Open
vSwitch to drop all traffic if it is unable to connect to the
controller.
Redirect stderr of the command to /dev/null as it does not support the
--if-exists option.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Due to a copy-paste error, libopenvswitch is missing a dependency when
Open vSwitch is configured to use unbound:
Package openvswitch-libopenvswitch is missing dependencies for the following libraries:
libunbound.so.8
Use the correct config symbol to solve this.
Fixes: 45c8cc9d8a ("openvswitch: make libunbound optional")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The genhash binary is only built when IPVS is enabled, so make its
installation depend on IPVS being enabled.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Add a UCI config option to set the OpenFlow datapath description. This
allows setting a human readable description of the bridge, e.g.
"Building x, Floor y, AP z", which makes it easier to recognize the AP.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Upstream released 1.0.0, so change the package to the git tag 1.0.0
Mainly documentation and argument handling changes
Signed-off-by: Damien Mascord <tusker@tusker.org>
- Added missing conffiles
- Refreshed init srcipt to adapt the new arguments
- Renamed package name to lowercase (suggestion from upstream)
- Updated dependencies and license
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* add wpa-supplicant package dependency
* removed no longer working 'db-bahn.login' and 'wifionice.login' auto-login scripts
* added the new 'wifibahn.login' script for auto-logins to captive portals WIFI@BAHN (DE),
run tested on a single ICE (station logins are currently unsupported!)
* vodafone.login prepared to support free/time limited logins (still WIP!)
* change return code handling in login scripts and travelmate
* refine f_wifi function
* fix a few conercase issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
Some versions of killall do support the `killall -SIGNAL` syntax and
have only `-s SIGNAL` which should be supported everywhere.
I see the problem with *killall (PSmisc) 23.3* on latest TurrisOS 5.2
Signed-off-by: Jan Baier <jan.baier@amagical.net>
Some versions of killall do support the `killall -SIGNAL` syntax and
have only `-s SIGNAL` which should be supported everywhere.
I see the problem with *killall (PSmisc) 23.3* on latest TurrisOS 5.2
Signed-off-by: Jan Baier <jan.baier@amagical.net>
Currently there is a problem with log spam when ipv6 network
is dropped. Fix this by backporting a patch to silence these errors
when verbose logging is not enabled.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
fail2ban v0.11.2 package version 2
Following PR #15098, add fixes to build fail2ban package:
- remove use of fail2ban-python (directly use python3 in script)
- remove link to python3 in /usr/bin (break the package build)
- remove python-tests (reduce the package size)
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
To allow the script to define what it should be run with.
This let's the user use bash if it's available, or python, or perl, etc.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Update PKG_VERSION to 2.10.11
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The "-s -w" flags in GO_PKG_LDFLAGS tells the Go compiler to strip the
binaries it produces. Since the default Go package build process will
strip binaries when CONFIG_USE_STRIP or CONFIG_USE_SSTRIP are selected,
these flags are unnecessary.
When CONFIG_NO_STRIP is selected, these flags override the user's
intention of building unstripped packages.
This removes these flags for all relevant packages.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This will allow the server to know more info about the client like
HWADDR, very useful for managing IoT devices.
See: https://www.mankier.com/8/openvpn#--push-peer-info
Signed-off-by: Nguyen Quang Minh <minhnq31@fpt.com.vn>
Django 1.11 (host-build) is only needed for Seahub.
And won't ever be needed for anything else (hopefully).
This change moves it to the Seahub folder.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
v2rayA is a Linux web GUI client of Project V which supports V2Ray,
Xray, Shadowsocks, ShadowsocksR, Trojan and Pingtunnel.
Wiki: https://github.com/v2rayA/v2rayA/wiki
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* switch to unencrypted http downloads for ipdeny.com due to persistant certificate issues
* compact json generator code (tested with report files > 2MB)
* various code cleanups and optimizations
Signed-off-by: Dirk Brenken <dev@brenken.org>
It has been updated to the latest version shipped by upstream.
This has not been done since v4.2.1, hence the big diff.
Signed-off-by: Wout Bertrums <wout@wbnet.eu>
Recent versions of mosquitto have added a lot more fine grained control
of various options. Add UCI support for all of them, and fix a couple
of things that were configured as per listener, that are actually global
settings.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Maintainer: me
Build system: Arch Linux x86_64
Build tested: ipq806x/R7800
Run tested : ipq806x/R7800
Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
Change the interface protocol prefix from "bonding-" to "bond-".
This allows longer custom interface names and useful for VLANs.
Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
On buildbots the build fails because git isn't finding any git repo and
then AC_INIT refuses to run:
fatal: not a git repository (or any parent up to mount point /)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).
configure.ac:5: error: AC_INIT should be called with package and version arguments
Address this by substituting the git command with $(PKG_VERSION).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
* replaced pipe input for a while/read-loop with a here document/variable as input
(fix various subshell related bugs and oddities)
* further improve abort and re-connection handling
* prevent alleged detected connection failures (false positives) with an additional gw check,
to stabilize VPN connections in particular
Signed-off-by: Dirk Brenken <dev@brenken.org>
This fixes compilation issues with ASLR PIE enabled
We were compiling with '-g -DDEBUG'
https-dns-proxy_2021-07-29-*_arm_cortex-a9_vfpv3-d16.ipk
shrink from 19514 to 19095
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This init script allows to start the Kea Control Agent, the DHCPv4
server, the DHCPv6 server, and the DHCP-DDNS server. It expects the
config files to be where the packages install them.
As this is a single init script that can start 4 different binaries that
are each in their own package, these files cannot be included in any of
these other package, so create a dedicated package for it.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This allows running multiple kea instances in load balancing or
hot-standby mode, minimizing risk of downtime.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* simplify the scan logic, to get rid of nifty IFS tricks
* limit the nearby scan results to process only the strongest uplinks, set 'trm_maxscan' accordingly (default '10')
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
but keep it selected by default as before
so it could be selected if nmbd and/or wssd2
should be used
Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
On hosts that have pcapnav-config installed, there is host lib leakage.
From config.log:
LNAVLIB='-L/usr/lib64 -lpcapnav -lpcap'
LNAV_CFLAGS='-I/usr/include'
Fix this by disabling pcapnav-config, which isn't available anyway.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* support the new travelmate option 'macaddr' to use a pre-defined MAC address (per uplink)
* vpn connections are now handled separately for each uplink
* The autoadd-feature for adding open uplinks will now be limited by the 'trm_maxautoadd' option. The default is '5', '0' disables this limitation.
* more code cleanups und optimizations to reduce the repetitive connection handling workload
* bugfixes regarding multiple radio support
* refine cp detection (no longer write and parse an error file)
Signed-off-by: Dirk Brenken <dev@brenken.org>
TARGET_CXX is added, because PowerDNS now uses C++17.
pdns.conf-dist is updated to the latest version shipped by PowerDNS.
010-time_t-check.patch, which is also used in pdns-recursor and dnsdist,
is added to patch out the check for 64-bit time_t,
because OpenWrt still supports 32-bit devices.
100-pdns-disable-pdns.conf-dist.patch is refreshed.
Signed-off-by: Wout Bertrums <wout@wbnet.eu>
* supports newer shellcheck
* restore EXTRA_COMMANDS compatibility with 19.07
* move status display from various functions to status_service
* bugfix: status_service line break after output
* minor arythmetic fix in status_service
Signed-off-by: Stan Grishin <stangri@melmac.net>
Backport a pending patch in order to DSCP-mark UDP traffic. This allows for
correct binning of traffic in diffserv-capable routers.
Additionally, remove Rosen Penev from the maintainers list, as per his request.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Description: Lack of support of HTTP/2 by default starts to hurt,
for example with https-dns-proxy package, some DoH resolvers (like mullvad)
no longer support HTTP/1 and are not usable.
This enables HTTP/2 support by default (which would bring ~68Kb libnghttp).
Signed-off-by: Stan Grishin <stangri@melmac.net>
* update binary to the latest commit (2021-07-29) to fix#16222 and #16239
* add hotplug.d/iface file and update Makefile to install it
* use Cloudflare's and Google's bootstrap DNS if bootstrap DNS is missing
* minor improvements in append_bool function
* add append_counter function for verbosity setting
* add append_bootstrap function (and supporting functions) to parse/sanitize bootstrap setting
* move firewall array from 'main' instance to the first proxy instance
* delete useless 'main' instace
Signed-off-by: Stan Grishin <stangri@melmac.net>
Open vSwitch supports SSL to connect to an OpenFlow controller. This is
recommended for security. Expand the UCI ovs config section to allow
configuring SSL CA, certificate and private key.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The Open vSwitch init script does not set USE_PROCD=1. Instead, it
defines most of the functions and variables that would be set when
USE_PROCD is set to 1, but with some minor changes.
The basescript variable however, which is used when calling
procd_open_service and procd_kill, is not set. As a result, basename of
the contents of the initscript variable is used as the service name. As
the service is automatically started via its symlink in /etc/rc.d,
S15openvswitch, the service name is S15openvswitch.
Set the basescript variable so that the service name is openvswitch.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
By default, Open vSwitch will generate the OpenFlow datapath ID of a
bridge based on the MAC address of one of its ports. Due to this, it's
possible that the datapath ID changes when new ports are added. When the
datapath ID changes, Open vSwitch disconnects from the controller, as
there is no way to notify the controller that the datapath ID has
changed.
Add an option to set the datapath ID so that the above situation can be
avoided. The option takes either exactly 16 hex characters, or when
prefixed with 0x, between 1 and 16 hex characters.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The config symbol is named CONFIG_OPENVSWITCH_WITH_LIBUNBOUND, so check
for that instead of the non-existent CONFIG_OPENVSWITCH_WITH_UNBOUND.
Fixes: 45c8cc9d8a ("openvswitch: make libunbound optional")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
support for 21.02.0-rc2 and up
support for reloading a single interface on ifup/ifupdate
rename config file
updated shellcheck compatibility
remove obsolete create/remove_lock
interface processing optimizations to speed up reloads
drop dependency on curl in user scripts
uniform styling of functions
Signed-off-by: Stan Grishin <stangri@melmac.net>
Installing openvswitch on an x86/64 snapshot image pulls in a bunch of
dependencies, good for a total size of 3648406 byte. Disabling
libunbound reduces that with 559941 byte, for a total of 3088465 byte.
This is quite a big reduction for a small tradeoff: without libunbound,
hostnames can not be used to specify OpenFlow managers or controllers.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* code cleanup
* add auto login script for Julianahoeve beach resort (NL)
* add auto login script for Vodafone hotspots (DE)
* add auto login script for telekom hotspots (DE)
* enhance captive portal detection to support html redirects as well
* change default captive portal detection url to
'detectportal.firefox.com'
Signed-off-by: Dirk Brenken <dev@brenken.org>
Building without the mirror-tarballs fails to PKG_SOURCE_SUBDIR not
matching the hostapd source subdir name. Fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The current way to add ports to an Open vSwitch bridge does not allow
complex port configurations. Use a dedicated uci config section per port
instead of the current port:type syntax. This way we can easily support
more features like setting the VLAN tag or the OpenFlow port number.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Calling the ovs_bridge_init function when stopping the service will
result in ovs-vsctl being called after ovsdb-server has been shut down.
This causes the following error:
ovs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)
Calling the ovs_bridge_init function when requesting the service status
has no added value.
Only call ovs_bridge_init during start or restart to fix this.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
CI run fails due to dirty patches, so refresh them.
Fixes: f4f1a25e80 ("openvswitch: bump to version 2.15.0")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Include default configuration files to have something to start from.
Also include snort2lua to help convert snort2 rules to snort3 to also
help with bootstrapping the configuration.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
bugfix: domain names bypass
rename config file
update Makefile
updated README link
updated shellcheck compatibility
support for 21.02.0-rc2 and later
updated code for interface triggers
add newline to test.sh
Signed-off-by: Stan Grishin <stangri@melmac.net>
- Bump yggdrasil-go version to v0.4.0
- Update ygguci tool for compatibility with the new yggdrasil-go version
- Yggdrasil's config file is now generated in a separate command before running the daemon
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
This matches an ipv4 change in 21f5cdd2fa and has the same rationale.
Google requires https for both ipv6 and ipv6.
Signed-off-by: Scott Lamb <slamb@slamb.org>
A simple DNS proxy server that supports all existing DNS protocols
including DNS-over-TLS, DNS-over-HTTPS, DNSCrypt, and DNS-over-QUIC.
Moreover, it can work as a DNS-over-HTTPS, DNS-over-TLS or
DNS-over-QUIC server.
For documents, see https://github.com/AdguardTeam/dnsproxy.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
A simple command line utility to make DNS lookups. Supports all known
DNS protocols: plain DNS, DoH, DoT, DoQ, DNSCrypt.
For documents, see https://github.com/ameshkov/dnslookup.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
mdio is a low-level Linux debug tool for communicating with devices attached an MDIO bus. It improves on existing tools in this space in a few important ways:
MDIO buses are directly addressable. Previous solutions relied on at least one Ethernet PHY on the bus being attached to a net device, which is typically not the case when the device is an Ethernet switch for example.
Complex operations can be performed atomically. The old API only supported a single read or write of a single register. mdio sends byte code to the mdio-netlink kernel module that can perform multiple operations, store intermediate values, loop etc. As a result, things like read/mask/write operations and accesses to paged PHYs can be performed safely.
Signed-off-by: Damien Mascord <tusker@tusker.org>
