There are situation for mobile routers, that the modemmanager can not
stay connected to the mobile network. There can have various reasons.
In order for the system to reconnect automatically, the netifd must be
informed that it must re-establish the connection.
The modem manager already does have a script callback handling which is
already used by the modemmanager in openwrt. Currently the modem is marked
as not unavailable when a disconnected event is detected.
The behavior was changed with this commit, so that a reconnect of the
interface is now triggerd via the netifd if the modem disconnects.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If a 'plmn' is set in the configuration, a registration attempt should be
established before the simple-connect command. If the plmn is set during
the simple-connect, a network change may occur during the connection setup.
To prevent this, the registration is started before the simple-connect with
a separate mmcli command. So that we can be sure that the modem is already
registered in the correct network before the simple-connect command.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Before a new connection attempt is made, the previous connection must be
cleaned up before further connection attempts are made. This is now done
by moving the cleanup and enable sequence to the beginning of the
conection setup.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Moving the openwrt related files to subdirectories as they are installed
on the system. This change makes it immediately apparent during development
where the file is to be installed in the running system.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* add support for destination port & protocol limitations for external feeds (see readme for details),
useful for lan-forward ad- or DoH-blocking, e.g. only tcp ports 80 and 443
* add turris sentinel blocklist feed
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
* update to upstream 2023-11-19
(changes: 489c57efd4)
* bugfix: include resolveip dependency in Makefile
(fixes https://github.com/openwrt/packages/issues/23567)
* minor update for failed healthcheck logging
Signed-off-by: Stan Grishin <stangri@melmac.ca>
The new validation_method option can be: dns, webroot or standalone.
Previously we guessed the challenge type:
1. if the DNS provider is specified then it's dns
2. if standalone=1
3. fallback to webroot
The logic is preserved and if the validation_method wasn't set explicitly we'll guess it in old manner.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
The new validation_method option can be: dns, webroot or standalone.
Previously we guessed the challenge type:
1. if the DNS provider is specified then it's dns
2. if standalone=1
3. fallback to webroot
The logic is preserved and if the validation_method wasn't set explicitly we'll guess it in old manner.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
- ':BOOL' suffix is not needed
- Don't set options which are matching the defaults
- Rename non-existing OT_BORDER_ROUTING_NAT64 to OTBR_NAT64
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
On some builders the package was failing to build:
```
cp: cannot overwrite non-directory '[..]/var' with directory '[..]/var
```
Here we're moving the creation of /var/lib/thread into runtime script,
which eliminates the error.
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
XSK support is set to auto by default and on some hosts it is detected as
on and leads to:
```
In file included from dnsdist-backend.cc:32:
xsk.hh:28:10: fatal error: bits/types/struct_timespec.h: No such file or
directory
28 | #include <bits/types/struct_timespec.h>
```
Here we disable XSK so configure will behave more deterministically and
hopefully fix the builders.
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Update package URLs
- Use local tarball for sources
- Switch to CMake
- Drop obsolete patches including 'minimize' (ipk size +3KB only)
- Add 3 new patches to fix musl, openssl and cmake issues
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Should provide increases in snort3 performance thanks to thread-
caching malloc provided by gperftools. Avg CPU usage is down.
Another user reported higher throughput achieved with snort3
compiled with this on samba transfers on system with CPU-limited
snort3 performance.[1]
1. https://forum.openwrt.org/t/some-help-with-a-makefile-gperftools/165656/22
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Changelog: https://github.com/snort3/snort3/releases/tag/3.1.81.0
,,_ -*> Snort++ <*-
o" )~ Version 3.1.81.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.14
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.13 30 Jan 2024
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3.1
Using Hyperscan version 5.4.2 2024-02-16
Using LZMA version 5.4.6
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
When looping through addrinfo lists in AddrsMatch, keep a copy of the
original addrinfo pointers to free instead of ending up at the terminating
NULLs and trying to free those.
OpenWRT uses musl in which freeaddrinfo(NULL) is not safe (which is
fine, it's not required by the spec) so this fixes a segfault.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
- Switch package URLs to HTTPS
- Use .gz for source archive since .xz is no longer available
- Remove upstreamed patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* various vpn optimizations
* remove obsololete trm_maxscan option
* small fixes for net status and captive portal handling
* add an additional login variant to the h-hotels login script
* fix the wifibahn login script work again with wifionice hotspots again
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
- license change is now complete, and all code has been re-licensed
under the new license (still GPLv2, but with new linking exception
for Apache2 licensed code).
Code that could not be re-licensed has been removed or rewritten.
- add support for building with mbedTLS 3.x.x
- new option "--force-tls-key-material-export" to only accept clients
that can do TLS keying material export to generate session keys
(mostly an internal option to better deal with TLS 1.0 PRF failures).
- Windows: bump vcpkg-ports/pkcs11-helper to 1.30
- Log incoming SSL alerts in easier to understand form and move logging
from "--verb 8" to "--verb 3".
- protocol_dump(): add support for printing "--tls-crypt" packets
and other fixes
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.9/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Refresh and backport patches so that
- ./python path in the source code takes precedence over the same dir in hostpkg
- OVN LTS version 22.03.5 which depends on Open vSwitch 3.0 can compile
with Open vSwitch 2.17
Fixes: https://github.com/openwrt/packages/issues/22744
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- Missing --without-nghttp3 was leaking host includes and breaking the build
- Remove or rename deprecated configure options
- Add --disable-libcurl-option to reduce package size
- Use .xz instead of .bz2 for PKG_SOURCE
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
This makes mwan3rtmon check if mwan3_get_routes returns a route
before removing it. This helps with IPv6 routes with source address
selector removal where multiple original routes are transformed to
the same mwan3 route if one of the source routes is removed while
the others are kept.
Signed-off-by: Jonas Lochmann <git@inkompetenz.org>
Check the conffile existance (with .conf extension), before calling the
function 'start_path_instance'. This fixes errors with non-existing and
wrong spelling instances.
Signed-off-by: Dirk Brenken <dev@brenken.org>
- Update commit description
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Without it, using uci to manipulate ipsec config can result in errors,
making it much difficult to use in uci-defaults for example.
Signed-off-by: Glen Huang <me@glenhuang.com>
Increases snort's IPS fast pattern matching by 2x (compared to
the ac_full engine) and 3x (compared to ac_bfna). This is most
noticeable for users of large rules sets and when doing deep flow
inspection.
For more see: https://blog.snort.org/2020/09/snort-3-hyperscan-.html
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
The recent upgrade of apr included a change with should fix the subversion build.
Unfortunately, this fix resulted in a build regression of apache-mod-php8.
The new approach is to pass the locations of the apr config helpers
to configure via parameter.
Fixes: 68dd7b7cf6 ("apr: update to 1.7.4")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
changelog:
- Fix some FD leaks (#334, thanks to @giuseppe)
As package belongs to network category, I moved it from utils to network folder
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Fixes CVEs:
- CVE-2023-50387: Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof could cause
excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-4408: Parsing DNS messages with many different names could cause
excessive CPU load.
- CVE-2023-5517: Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled.
- CVE-2023-5679: A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these features were
enabled.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
changelogs: https://github.com/containers/netavark/releases
wrapper script and config file removed as they have become obsolete,
firewall driver is now configured in containers.conf
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Retry when resolveip fails as it seems to be causing issues
on startup depending on various unpredictable parameters.
Resolves: #23185
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
softethervpn5: The softethervpn5 package is due for an update from recent source. This PR implements a Makefile update to pull December 2023 release, which includes fixes for recently-disclosed vulnerabilities. The build patches are also updated accordingly.
Signed-off-by: Thomas Winkler <tewinkler86@gmail.com>
Harmless to carry this fix until procd.sh adds the param
This parameter will mean umdns advertises not just "OpenWrt" but a more
appropriate string:
"Apple LaserWriter Pro 630"
Signed-off-by: Paul Donald <newtwen@gmail.com>
Commit driver_home defaults before continuing
Fix missing path for serial number acquisition
Store current device if no previously configured device had one.
Also set CHAR_DEV so the printer can get its driver sent on first run.
Signed-off-by: Paul Donald <newtwen@gmail.com>
The spec https://developer.apple.com/bonjour/printing-specification/bonjourprinting-1.2.1.pdf
notes:
... if the meaning of any of the TXT record keys is changed, the txtvers value
will be incremented. The current value of this key is “1”, and if this key does not exist in
the TXT record, the default value of “1” is assumed. The txtvers SHOULD be the first
key/value pair in the TXT record.
Signed-off-by: Paul Donald <newtwen@gmail.com>
Don't run procd with a name of p9100d or p9101d etc.
Use the original binary name: p910nd.
This way, all supplied parameters should be visible via e.g.:
ps
xargs -0 < /proc/{procid}/cmdline
Revise all p910nd strings to the variable DAEMON_NAME or CONFIG where
appropriate.
Signed-off-by: Paul Donald <newtwen@gmail.com>
Adjust patches for current version changes
Module "disk" renamed to "disk_hw"
Internal type "unknown" changed to "u_int32_t"
Add patch with removing macro syntax checking for successful build
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Florian Eckert