Global Socket allows two workstations on different private networks to
communicate with each other. Through firewalls and through NAT - like
there is no firewall.
The TCP connection is secured with AES-256 and using OpenSSL's SRP
protocol (RFC 5054). It does not require a PKI and has forward
secrecy and (optional) TOR support.
The gsocket tools derive temporary session keys and IDs and connect
two TCP pipes through the Global Socket Relay Network (GSRN). This is
done regardless and independent of the local IP Address or geographical
location.
The session keys (secrets) never leave the workstation. The GSRN sees only
the encrypted traffic.
The workhorse is 'gs-netcat' which opens a ssh-like interactive PTY
command shell to a remote workstation (which resides on a private and
remote network and/or behind a firewall).
Also added test.sh file to run test it inside containeer
Signed-off-by: Ralf Kaiser <skyper@thc.org>
- convert apinger into procd instances
- generate instance specific apinger.conf from uci
- hotplug handling for apinger alarms
- restart apinger interface instance on ifup action of interface
- don't exit on packet count mismatch, allows to use apinger as monitor
for multiple targets handling
- add srcip option to target configuration, allows specifying source ip
used to monitor target
- allow creating status file in script parseable format
Patches are ported against latest version of apinger and referenced from
https://git.pld-linux.org/?p=packages/apinger.git;a=summary
Signed-off-by: Jaymin Patel <jem.patel@gmail.com>
Update to v16.16.0
Release for the following issues:
HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)(CVE-2022-32213)
HTTP Request Smuggling - Improper Delimiting of Header Fields (Medium)(CVE-2022-32214)
HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215)
DNS rebinding in --inspect via invalid IP addresses (High)(CVE-2022-32212)
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
No vulnerabilities related with openssl (uses system openssl)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Usually, no other local service depends on the start of ser2net, so
let's start it later in the boot process.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
libarchive looks for ext2fs headers during configure, and if it finds
them it will expect to find them during compile, or on the rare occasion
when they aren't it will fail:
libarchive/archive_entry.c:59:55: fatal error: ext2fs/ext2_fs.h: No such file or directory
As we just need headers for some type constants, let's re-use headers
from tools/e2fsprogs package which are always available.
Reported-by: Adam Dov <adov@maxlinear.com>
Suggested-by: Paul Eggleton <paul.eggleton@linux.intel.com>
References: https://git.yoctoproject.org/poky/commit/?id=f0b9a7cf9f80be1917e45266fa201f464a28c1e5
Signed-off-by: Petr Štetiar <ynezz@true.cz>
A network restart where netifd is cleanly restarted involves bringing
the network interfaces down. The 'modemmanager' protocol handler will
run a mmcli --simple-disconnect in this case, but only if there are
bearer objects found.
If the network restart happened *during* the connection attempt
procedure, while the modem is e.g. being registered in the network, no
bearer objects exist yet, and so, we would skip doing anything during
the interface teardown operation. This would lead to the original
connection attempt succeeding, so leaving the modem in ModemManager
in connected state, while the associated interface in netifd is
reported down.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Kea expects /var/run/kea to exist. Without it, errors occur:
Mon Jun 13 10:31:45 2022 daemon.err kea-dhcp6[2977]: Unable to use interprocess sync lockfile (No such file or directory): /var/run/kea/logger_lockfile
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Upstream bump and add a patch to use a blue highlight color for the dark
color scheme (--color dark) as some users find the default bright green is
too intense.
Note that invoking ncdu without the --color switch at use uses the upstream
default bright green, so users will need to call ncdu with --color dark in
order to get the blue color.
Signed-off-by: John Audia <therealgraysky@proton.me>
From the changelog…
o Major bugfixes (congestion control, TROVE-2022-001):
- Fix a scenario where RTT estimation can become wedged, seriously
degrading congestion control performance on all circuits. This
impacts clients, onion services, and relays, and can be triggered
remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
bug 40626; bugfix on 0.4.7.5-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on June 17, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/06/17.
o Minor bugfixes (linux seccomp2 sandbox):
- Allow the rseq system call in the sandbox. This solves a crash
issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
40601; bugfix on 0.3.5.11.
o Minor bugfixes (logging):
- Demote a harmless warn log message about finding a second hop to
from warn level to info level, if we do not have enough
descriptors yet. Leave it at notice level for other cases. Fixes
bug 40603; bugfix on 0.4.7.1-alpha.
- Demote a notice log message about "Unexpected path length" to info
level. These cases seem to happen arbitrarily, and we likely will
never find all of them before the switch to arti. Fixes bug 40612;
bugfix on 0.4.7.5-alpha.
o Minor bugfixes (relay, logging):
- Demote a harmless XOFF log message to from notice level to info
level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
