Split configuration in global and per-network sections.
This change breaks existing configurations.
The following per-network settings are available:
* allow_managed
* allow_global
* allow_default
* allow_dns
See https://docs.zerotier.com/config/#network-specific-configuration
Signed-off-by: Óscar García Amor <contact@ogarcia.me>
Reviewed-by: Moritz Warning <moritzwarning@web.de>
Sometimes mdns-repeater quits or crashes, leaving service stopped. This commit should fix that by enabling respawn in procd.
Signed-off-by: Tina DiPierro <tina@dipier.ro>
Upstream repository[1] is now read-only.
It seems daemonlogger is no longer maintained.
[1] https://github.com/Cisco-Talos/Daemonlogger
Signed-off-by: Yanase Yuki <dev@zpc.st>
Makefile:
* remove pbr-iptables flavour
Init-script:
* improve detection of wireguard server and client instances
* integrate wg_server_and_client into init script
* remove traffic_killswitch() and trap() and related options/code
* remove internal nft_file_support variable as fw4 nft file is the only running mode
* improve debug() and is_supported_interface() functions
* improve detection of incompatible user script files
* double-quote some strings due to shellcheck errors
* flush ip rules from pbr tables instead of deleting last one
Other files:
* remove /usr/share/pbr/pbr.user.wg_server_and_client as obsolete
* remove references to the file above in config on update thru uci-defaults
* minor updates to netifd uci-defaults script
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Adjust openssh's versioning to be compatible with apk:
8.9p1-r2 --> 8.9_p1-r2
"_p" is an allowed semantic suffix, so use that.
(Alternative might have been 8.9.1-r2)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Sometimes the wan connection needs time to be established (e.g. cold
boot after power loss) and the service may crash as the internet is
yet available. Add a trigger to reload the service once the wan
interface is up.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
netbird supports the wireguard kernel module, but it can work without it in userspace,
losing some performance, but we know in advance that netbird will run as root,
therefore supporting the wireguard kernelspace with better performance.
Signed-off-by: Wesley Gimenes <wehagy@proton.me>
Extends DDNS support for the Porkbun v3 JSON API with a custom update
script and service configuration.
See: https://porkbun.com/api/json/v3/documentation
Depends on cURL (with SSL) for transport. Porkbun authentication API keys
and secret keys are passed through the ddns-scripts "username" and
"password" variables, respectively. As Porkbun DNS is currently backed by
Cloudflare, also support ddns-scripts "rec_id" variable for specific
record targeting.
Signed-off-by: Ansel Horn <dev@cahorn.net>
ovh.com supports https and IPv6 since March 2024.
New API operates under domain dns.eu.ovhapis.com
Add IPv6 support, use https and updated domain for ovh.com.
Signed-off-by: Karol Kolacinski <kolacinskikarol@live.com>
Update ZNC to latest release 1.9.1.
Changelog:
* https://wiki.znc.in/ChangeLog/1.9.1
Since we never provided modtcl, OpenWrt was never affected by
CVE-2024-39844.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* bugfix: users reported unexpected side effects with the newly introduced rpc-sys ubus service, reverted that part
*bugfix: made "tcpdump" optional
Signed-off-by: Dirk Brenken <dev@brenken.org>
The basicstation build fails since the change to the new major version
3.x of mbedtls, because of API changes in the new mbedtls version.
To fix the compilation for new mbedtls version, the waiting pullrequest
is backported as a patch.
Thanks to 'Glenn Strauss' to create this PR:
https://github.com/lorabasics/basicstation/pull/198
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* get rid of the opkg dependency
* fixed remaining hagezi category issues
* adblock still depends on 'gawk', but also accepts busybox awk. The readme describes two officially unsupported installation variants.
Signed-off-by: Dirk Brenken <dev@brenken.org>
For cnames with a local data target the A RR is not resolved and
missing in the response. As most applications don't send another
query and fail, these entries are placed in a rpz zone instead.
Signed-off-by: Tobias Waldvogel <tobias.waldvogel@gmail.com>
* added full 1Hosts feed support (4 categories)
* changed the OISD list sources to alternate wildcard domains syntax
* used only the adguard source in default config
* fixed a needless reload delay plus a few cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* new gawk dependency
* full hagezi support (all 32 categories)
* refine Stevenblack support
* refine whitelist handling
* fixed tcpdump command line for ports other than 53 (see #24685)
Signed-off-by: Dirk Brenken <dev@brenken.org>
ModemManager does not depend on Lua by its own, so make it possible to
not have a requirement on Lua if the rpcd integration is not needed.
Signed-off-by: Christian Svensson <blue@cmd.nu>
This version is the final version supporting iptables and:
* it separates the old iptables/nft-capable init script from the new nft-only init script
* the new nft-script is a significant rewrite of the old recursive calls/policy parsing
and tries to create inline nft sets which offers performance improvements
Signed-off-by: Stan Grishin <stangri@melmac.ca>
clamav needs rust toolchain to build, add $(RUST_ARCH_DEPENDS) to
dependencies to avoid building on unsupported architectures.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
We no longer use "epoll()", but a new library dependency "liburcu"
(user-space RCU) has been added.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
wgsd is written in Go, add $(GO_ARCH_DEPENDS) to dependencies to avoid
building on unsupported architectures.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Matthew Hagan has been absent for two years and this package lacks
proper maintenance. As I'm a user of this package, take over the
maintainership.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
- do not touch default configuration
- put the binary into /usr/bin as it's not a "system" application
- update GO_PKG path
- remove useless init script[1]
- other minor clean up
1. The database directory will be automatically created by the program.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This version brings two significant updates:
* support for text labels/names for the external lists
* better processing of the config update files, which cleans up
entries with missing URLs
Also:
* new config file contains names for all lists
* it tries to match existing URLs with the names from the new config file
and update user config as part of uci-defaults script
* contains minor updates to copyright/license/upstream URL/README
* updates the config update script to remove sysctl.org list as it's outdated
* adds two new remote lists: Hagezi and 1Hosts
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Makefile:
* update to latest upstream version
* remove PKG_SOURCE_DATE/PKG_SOURCE_RELEASE as they are no longer needed
* set TARGET_CFLAGS/TARGET_LDFLAGS
* update CMAKE_OPTIONS
* add CONFIGURE_ARGS to prepare for building with HTTP/3
* update package URL to upstream repo instead of documentation
* update package/description
* add README.md with link to documentation
init-script:
* do not run within image builder
* add a line which can be uncommented to remove outdated doh_server entries
020-src-options.c-add-version.patch:
* remove it, as it's no longer needed with version set in CMAKE_OPTIONS
Signed-off-by: Stan Grishin <stangri@melmac.ca>
The awk expression in mwan3_delete_iface_rules splits the `ip rule list`
output by spaces, therefore $1 contains the trailing colon (e.g., "1:",
"1000:"). The < and > operators compare such values as strings instead
of numbers, producing unexpected results (for example, "1:" > "1000").
Change the field separator to ":" for correct number comparison, so that
the right rules are removed.
An example error message that may appear before the fix:
Error: argument "1:" is wrong: preference value is invalid
It happens because `substr($1,0,4)` selects short numbers along with
the colon. In other cases wrong rules may be removed, for example, if
there is rule 10051, then rule 1005 will be removed.
Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
UPnP rules now may have an optional regex filter on requester's
descriptions. This is a countermeasure against some UPnP exploiters
without shutting down UPnP service completely, albeit they can bypass it
by reporting innocent's descriptions maliciously.
Since the filter specifier is optional, existing valid config files will
still work.
This increases the executable's size by 1.3 kB from original 147.7 kB on
i386.
Signed-off-by: David Yang <mmyangfl@gmail.com>
With the recent update, it was discovered that curl causes high CPU usage,
until the solution is found, let's revert the commit.
Fixes: https://github.com/openwrt/packages/issues/24693
This reverts commit e29aaab606.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This commit writes the option hostname obtained via uci_get
system.@system[0].hostname to the snmpd.conf file if sysName
is not defined in /etc/config/snmpd.
Signed-off-by: Christian Korber <ckorber@tdt.de>
This is a bugfix release
Bug fixes:
- the fix for CVE-2024-5594 (refuse control channel messages with nonprintable characters) was too strict, breaking user configurations
with AUTH_FAIL messages having trailing CR/NL characters. This often happens if the AUTH_FAIL reason is set by a script.
- Http-proxy: fix bug preventing proxy credentials caching
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.12/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
The output format of `khost` has changed. This commit fixes the regexp
for IPv4. It fixes the issue of using a custom DNS to resolve current
address.
```bash
root@localhost:~# khost ns2.afraid.org
ns2.afraid.org. has IPv4 address 69.65.50.223
ns2.afraid.org. has IPv6 address 2001:1850:1:5:800::6b
Host ns2.afraid.org. has no MX record
root@localhost:~# khost --version
khost (Knot DNS), version 3.3.5
```
Signed-off-by: Denis Shulyaka <Shulyaka@gmail.com>
ci: Fix up Docker images' tag from version number
chore(deps): bump github.com/gin-contrib/cors from 1.3.1 to 1.6.0
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Handle not having a dynamic pool correctly without ipcalc.sh
generating noise about it.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The 'modemmanager' uses the 'dbus'. Status information can be retrieved
with the 'mmcli' command, this can also be output in json format.
This commit adds a new 'ubus' backend with which this information can
be easily accessed via ubus.
* ubus call modemmanager info
* ubus call modemmanager dump
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The upstream project is declared as bugfix-only and received no update
for about 2 years. The developement focus there has shifted. It does
not compile with current openwrt main branch.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
extensions/ACCOUNT/Makefile.am
change ${top_srcdir} to ../../ (used in 3.24) to fix the following error
cp: cannot stat '/Volumes/x64/openwrt/build_dir/target-x86_64_musl/linux-x86_64/xtables-addons-3.26/ipkg-install/usr/lib/iptables/libxt_ACCOUNT.so': No such file or directory
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Merge the following patches
201-fix-lua-packetscript.patch
210-freebsd-build-fix.patch
since they modify files created by 200-add-lua-packetscript.patch
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Fixes
make[6]: Entering directory '/Volumes/x64/openwrt/build_dir/target-x86_64_musl/linux-x86_64/linux-6.6.36'
CC [M] /Volumes/x64/openwrt/build_dir/target-x86_64_musl/linux-x86_64/xtables-addons-3.24/extensions/LUA/prot_buf_ip.o
In file included from /Volumes/x64/openwrt/build_dir/target-x86_64_musl/linux-x86_64/xtables-addons-3.24/extensions/LUA/prot_buf_ip.c:20:
./include/net/checksum.h: In function 'csum_shift':
./include/net/checksum.h:90:40: error: implicit declaration of function 'ror32' [-Werror=implicit-function-declaration]
90 | return (__force __wsum)ror32((__force u32)sum, 8);
| ^~~~~
In file included from ./include/linux/kernel.h:22,
from ./include/linux/skbuff.h:13,
from ./include/linux/tcp.h:17,
from ./include/net/tcp.h:20,
from /Volumes/x64/openwrt/build_dir/target-x86_64_musl/linux-x86_64/xtables-addons-3.24/extensions/LUA/prot_buf_ip.c:21:
./include/linux/bitops.h: At top level:
./include/linux/bitops.h:135:21: error: conflicting types for 'ror32'; have '__u32(__u32, unsigned int)' {aka 'unsigned int(unsigned int, unsigned int)'}
135 | static inline __u32 ror32(__u32 word, unsigned int shift)
| ^~~~~
./include/net/checksum.h:90:40: note: previous implicit declaration of 'ror32' with type 'int()'
90 | return (__force __wsum)ror32((__force u32)sum, 8);
| ^~~~~
cc1: some warnings being treated as errors
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Backport pending patch, which was submitted to upstream via GitHub
to use modified function to compile it against miniupnpc 2.2.8.
Signed-off-by: Karol Kolacinski <kolacinskikarol@live.com>
Squashed using these commits:
- wifischedule: use `service` instead of direct path
- wifischedule: use `sort -u` instead of `uniq`
- wifischedule: restart cron only at the end of batch instead of after every change
- wifischedule: remove `[[` bash-isms
- wifischedule: trim trailing ws
- wifischedule: reduce `if` blocks
- wifischedule: quote variables and remove some more bash-isms
- wifischedule: simplify _get_uci_value`
- wifischedule: don't exit whole script just because `uci get somekey` fails somewhere
- wifischedule: revamp `_should_enable_wifi()`
- wifischedule: revamp `_format_daysofweek_list()`
- wifischedule: revamp `_enable_wifi_schedule()`
- wifischedule: minor refactoring
- wifischedule: mega revamp
- wifischedule: fixes
- wifischedule: touch-ups
- wifischedule: use only `awk` in `_cfg_list_entries()` to filter `uci`
- wifischedule: improve code docs
- wifischedule: inline `_crontab_format_dow_field()`
- wifischedule: refactor `_crontab_append_line()`
- wifischedule: add `_uci_bool()` and refactor `_arith_bool()`
- wifischedule: rename some functions
- wifischedule: refactor using shellcheck
- wifischedule: refactor `_wifi_get_interfaces()`
- wifischedule: refactor `_wifi_get_devices()`
- wifischedule: shellcheck fixes
- wifischedule: use logger instead of a logfile
- wifischedule: refactor global consts
- wifischedule: introduce main() func
- wifischedule: bump version
Signed-off-by: Jan Chren ~rindeal <dev.rindeal@gmail.com>
The `ssh_systemd_notify` function is causing compilation errors
when built against GCC 14.1. This is due to an incompatible pointer
type being passed to the connect function.
The connect function expects a pointer to `struct sockaddr`, but
was receiving a pointer to `struct sockaddr_un`.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
External scripts may only be specified with script-security 2 or higher,
otherwise OpenVPN fails at tunnel startup with an error.
This changes the previously hardcoded hotplug scripts to only be added if
script-security is 2 or higher is used.
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
Release notes: https://www.openssh.com/txt/release-9.8
* 9.8p1 fixes CVE-2024-6387
* Adjusted Makefile to provide /usr/lib/sshd-session
* Given the troubles with -fzero-call-used-regs and all the
broken checks, makes sense to skip it
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
* removed an accidentally commited flag of the upcoming adblock 5.x, this fixes a startup regression without trigger interface
Signed-off-by: Dirk Brenken <dev@brenken.org>
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Package tested: with manual install on different partition tested
Description: update to latest version of upstream
- Take advantage of bug fix in jsonfilter to get rid of array hack, should
improve memory footprint quite a bit
- Implement substring matching in dates so you can collect data for a specific
day, hour or run bin reports for histograms
- Report title now contains specified date range, footer percentages
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Fix incorrect uci config syntax, caused by a careless newbie contributer.
Modify function append_param_arg() in init script, to support hyphenated
arguments.
Add more command parameters as uci options, no value is set to keep it default.
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
description: Since IPv6 is present in everyday use, we need to include
information about IPv6 addresses & routes in SNMP
example:
IP-MIB::ipAddressOrigin.ipv6
IP-MIB::ipAddressOrigin[ipv6]["00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:01"] = manual
IP-MIB::ipAddressOrigin[ipv6]["fd:00:00:09:02:55:00:00:00:00:00:00:00:00:01:01"] = manual
IP-MIB::ipAddressOrigin[ipv6]["fe:80:00:00:00:00:00:00:0c:00:09:ff:fe:06:01:01"] = linklayer
IP-MIB::ipAddressOrigin[ipv6]["fe:80:00:00:00:00:00:00:0c:02:09:ff:fe:00:01:01"] = linklayer
IP-MIB::ipAddressOrigin[ipv6]["fe:80:00:00:00:00:00:00:ae:84:c6:ff:fe:25:8c:ce"] = linklayer
tested:
23.05-snapshot
master snapshot
with LibreNMS, OpenWRT device IPv6 Addresses & Routes are properly recognized
Signed-off-by: Peca Nesovanovic <peca.nesovanovic@sattrakt.com>
This commit adds a uci configuration file and makes the gatling server
controllable by procd.
Co-authored-by: Moritz Warning <moritzwarning@web.de>
Signed-off-by: Martin Hübner <martin.hubner@web.de>
Allow measuring ping latency and CPU details at idle as a baseline before
measuring under data transfer loading. This allows better determination of
Latency Under Load, a critical bufferbloat parameter. The CPU details can
also be used to verify idle conditions or examine CPU frequency against
ping variations and jitter.
Change the default test duration to 30 seconds, which is adequate for SQM
tuning while reducing bandwidth consumption for upstream netperf servers.
Change the default ping host from gstatic.com to one.one.one.one, which is
widely available and generally shows lower latency.
When warning of internal netperf errors, suggest running netperf directly
to view error details.
Other minor updates include:
- clear tmp file names for safety in case of traps
- simplify ping code, argument parsing and number validation
- fix cases of wrong protocol usage with hostname as ping target
- drop unneeded egrep usage
Also update README accordingly, with clearer usage text and terminology.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
As per @Ansuel's not about ctx cleanup in error path, decided to rework
the patch.
Changes and Improvements:
Smart Pointers for Memory Management:
* The `EVP_PKEY_ptr` and `X509_NAME_ptr` smart pointers
are used to manage the memory of `EVP_PKEY` and `X509_NAME`
objects respectively to ensure proper cleanup.
Error Handling:
* Improved error messages and exception handling to provide
more information about what went wrong.
Resource Cleanup:
* Ensured all allocated resources are now properly freed
in case of an error to prevent memory leaks.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Previously the "use" command had the following shortcomings:
* a subprocess was created instead of replacing the shell process
* whitespace in arguments was not handled correctly
Implementation detail:
In shell context the `"$@"` expression should be used (instead of `$*`).
This allows the safe handling of arguments containing whitespace.
Closes: #20001
Signed-off-by: Lars Kruse <devel@sumpfralle.de>
Currently, the nfs-kernel-server package exports /mnt by default after
it is installed. This is not a good default behavior, as it may expose
sensitive data to the network if a user mounts something on /mnt. This
commit commented out the line that exports /mnt, so the user has to
enable it explicitly.
Signed-off-by: Yangyu Chen <cyy@cyyself.name>
* relax the firewall pre-check if fw4 is not running
* replace former stale tor feed source with 'https://www.dan.me.uk/torlist/?exit'
* add openvpn log term/search pattern example to the readme
* the default config now includes only log terms for dropbear and LuCI, all others are optional
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
Tianling Shen