* various optimizations & corner case fixes
* removed no longer needed debug information
* polished up for forthcoming LEDE release ;-)
Signed-off-by: Dirk Brenken <dev@brenken.org>
This is a long-needed clean-up.
These applications are not gone! They live in the
luci repo now, where all their friends already are.
Signed-off-by: Dan Luedtke <mail@danrl.com>
Makefile had sed commands in "prepare" step that modified the
source files directly. That lead to feed update failure at the
buildbot.
Remove those commands as the first aid.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
According to the snmpd.conf man page, the engineID of an snmp agent
should be consistent through time. However, it seems that the engineID
changes every reboot. Add options to configure how the engineID is
generated. The default setting generates it based on the MAC address of
the eth0 interface.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
When for example 'package/net/adblock' and DNSSEC vs NTP robustness
is enabled, significant restart thrashing can occur at boot up. DHCP
lease triggers may be occuring at the same time. Unbounds DNS-DHCP
may be incomplete until new DHCP solicit events. Solve this by
leaving a passive but complete host conf file during lease trigger.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
This reverts commit 79b6e9dc61.
Undo the recent vnstat update due to upstream bugs preventing database
restoration.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Bug fix dhcp4_slaac6 option was adding to all IP6 routes.
Filtering was added to this process to only include addresses
served from "this dhcp interface."
adblock 2.3.0 file output is now detected and automatically
integrated into Unbound local-zones. adblock deposites its
block site zone-files into /var/lib/unbound. If this is not
desired, then disable adblock or reconfigure to avoid Unbound.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
* automatically selects dnsmasq or unbound as dns backend
* add the new 'adguard' source, a combined/quite effective block list
* remove needless dns backend restarts
* optimize adblock restart behavior
* optimize block list processing on inotify enabled filesystems
* better return code checking on block list download
* fix boot function/startup on Chaos Calmer
* fix a bug in blocklist removal function
* add more (optional) debug output
* move backup options to global config
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
fixed: stop function used to kill the hotplug file
fixed: despite ubus wait_for network.interface.wan and WAN-IF hotplug, sometimes we'd get no WAN ip on start
Signed-off-by: Stan Grishin <stangri@melmac.net>
Update nginx to version 1.10.3.
Add new configuration options to enable the following optional
modules (disabled by default):
- http_auth_request_module
- http_v2_module
- http_realip_module
- http_secure_link_module
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
The needed shaper modules are now in kmod-sched-core, so we don't need
to depend on the full kmod-sched anymore.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
samba.org has apparently started to enforce https-only downloads,
so update the download links for rsync and cifs-utils.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: fixed renamed option in stop_service
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: fixed typo in makefile, switch FW_MARK to 0x010000 to play nice with SQM/mwan (thanks Hannu)
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: proper masking in setting mark
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: separating luci-app-vpnbypass into different tree
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: fixed incorrect use of procd_add_reload_interface_trigger according to http://wiki.prplfoundation.org/wiki/Procd_reference
Signed-off-by: Stan Grishin <stangri@melmac.net>
Unbound+DHCP (server of your choice) should be able to replicate
a lot of what dnsmasq provides. With this change set Unbound
still works with dnsmasq, but also it can work with a plain
DHCP server. Features have been added within the UCI itself
to act like dnsmasq.
- alone: name each interface relative to router hostname
- alone: prevent upstream leakage of your domain and '.local'
- dnsmasq: use dnsmasq UCI to configure forwarding clauses
- dhcp: work with odhcpd as example of companion DHCP-DNS
- dhcp: convert DHCPv4 leases into EUI64 SLAAC for DNS records
- all: enable encrypted remote unbound-control using splice conf
- all: allow user spliced conf-files for hybrid UCI and manual conf
-- 'unbound_srv.conf' will be spliced into the 'server:' clause
-- 'unbound_ext.conf' will add clauses to the end, example 'forward:'
README HOW TO for dnsmasq-in-serial, dnsmasq-in-parallel, and
unbound-with-odhcpd have better/added UCI starters. HOW TO for
including unbound_srv.conf and unbound_ext.conf are added.
Document new UCI: add_local_fqdn, add_wan_fqdn, dhcp4_slaac6,
dhcp_link, domain, and domain_type
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
This is bare minimum change in 'unbound.sh' and
'dnsmasq.sh' to migrate the UCI option set for
more flexibility. The boolean(s) to link to
dnsmasq are being changed to a state to include
odhcpd. It is executable but a small step for
clear change management.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
The UCI for Unbound already links to dnsmasq, but what
if with Unbound, we want to configure a plain dhcp server.
Most servers can call a script for lease events. That
script can then formulate DNS records and load them
with unbound-control (dependency).
The files added here work with OpenWRT/LEDE odhcpd, such
that it can be run alone. They can be used as examples
for any dhcp server. 'odhcpd.sh' is to be called by
odhcpd when a lease event occurs. 'odhcpd.awk' is called
internal to the shell script. The awk script handles
any tricky reformating that may be required.
/etc/config/dhcp
config odhcpd 'odhcpd'
option leasetrigger '/usr/lib/unbound/odhcpd.sh'
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
If Unbound was disabled and at later time enabled, then it
would operate in DNSSEC less-secure mode. When NTP hotplug
was called, the timestamp file was not updated. This was
found testing Unbound vs other tools (bind, dnsmasq).
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>