* re-order all regional lists in adblocklist/easylist format
* add polish blocklist
* add chinese blocklist
* lists called now 'reg_<ch|pl|ro|ru>'
* changed interface trigger default in config to 'wan' only
* update / sync LuCI frontend (see luci repo for details)
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
[RELEASE] Released version 1.7.5 due to bug in compression
Released version 1.7.5 with the following main changes :
- BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
- BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
- BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
- BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
- DOC: fix parenthesis and add missing "Example" tags
- DOC: update the contributing file
- DOC: log-format/tcplog/httplog update
- MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
haproxy's Makefile already happens include/ after specifying PCRE_DIR
which would result in the following build errors on an external
toolchain that does not automatically search for headers in
$(STAGING_DIR):
mipsel-linux-gnu-gcc -Iinclude -Iebtree -Wall -O2 -g
-fno-strict-aliasing -Wdeclaration-after-statement -DBUFSIZE=16384
-DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530 -DCONFIG_HAP_LINUX_SPLICE
-DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB
-DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS
-DUSE_ACCEPT4 -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_REGPARM=3
-DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_LUA
-I/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/lua-5.3.3/include
-DUSE_PCRE
-I/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/include/include
-DUSE_PCRE_JIT -DCONFIG_HAPROXY_VERSION=\"1.7.4-patch02\"
-DCONFIG_HAPROXY_DATE=\"2017/04/01\" \
-DBUILD_TARGET='"linux2628"' \
-DBUILD_ARCH='""' \
-DBUILD_CPU='"generic"' \
-DBUILD_CC='"mipsel-linux-gnu-gcc"' \
-DBUILD_CFLAGS='"-O2 -g -fno-strict-aliasing
-Wdeclaration-after-statement -DBUFSIZE=16384 -DMAXREWRITE=1030
-DSYSTEM_MAXCONN=165530"' \
-DBUILD_OPTIONS='"USE_LINUX_SPLICE=1 USE_LINUX_TPROXY=1
USE_ZLIB=yes USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
USE_PCRE_JIT=1"' \
-c -o src/haproxy.o src/haproxy.c
In file included from include/types/proxy.h:33:0,
from include/proto/log.h:32,
from include/common/cfgparse.h:29,
from src/haproxy.c:65:
include/common/regex.h:31:18: fatal error: pcre.h: No such file or
directory
#include <pcre.h>
Fix this by stripping the additional include/ being added.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Some external toolchaind don't automatically search for headers in
$(STAGING_DIR), make sure we do pass TARGET_CPPFLAGS as appropriate.
This fixes build errors such as:
mipsel-linux-gnu-gcc -O2 -Wall -Wextra -DLUA_COMPAT_5_2 -DLUA_USE_LINUX
-c -o lua.o lua.c
lua.c:80:31: fatal error: readline/readline.h: No such file or directory
#include <readline/readline.h>
^
compilation terminated.
<builtin>: recipe for target 'lua.o' failed
make[6]: *** [lua.o] Error 1
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Fixes build errors with toolchains that don't automatically search for
headers in STAGING_DIR (such as external toolchains) resulting in the
following build failures:
mipsel-linux-gnu-gcc -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc
-fno-caller-saves -Wno-unused-result -D_FORTIFY_SOURCE=1 -Wl,-z,now
-Wl,-z,relro -DUSE_SSL_CRYPTO -c options.c
In file included from options.c:62:0:
auth_algo.h:53:26: fatal error: openssl/hmac.h: No such file or
directory
#include <openssl/hmac.h>
^
compilation terminated.
Makefile:95: recipe for target 'options.o' failed
make[4]: *** [options.o] Error 1
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* rework automatic mode (active scan/re-connection handling):
* much more procd & resource friendly
* now enabled by default
* save runtime information in ubus service (data section)
* final backend preparation for new LuCI-GUI (still WIP!)
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
Use CFLAGS_DEBUG which is already used for TARGET_CFLAGS to also pass
TARGET_CPPFLAGS.
This fixes build issues with toolchains that don't automatically search
for header files (e.g: sys/capability.h), such as stbgcc-4.8-1.5
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This allows users to use an external config file if required (for
example matching packets based on SNI hostname or REGEX patterns).
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
Signed-off-by: Mircea Horea IONICĂ <mionica@gmail.com>
[RELEASE] Released version 1.7.4
Released version 1.7.4 with the following main changes :
- MINOR: config: warn when some HTTP rules are used in a TCP proxy
- BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
- BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
- BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
- BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
- BUG/MINOR: Fix "get map <map> <value>" CLI command
- BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
- BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
- BUG/MINOR: checks: attempt clean shutw for SSL check
- CONTRIB: tcploop: add limits.h to fix build issue with some compilers
- CONTRIB: tcploop: make it build on FreeBSD
- CONTRIB: tcploop: fix time format to silence build warnings
- CONTRIB: tcploop: report action 'K' (kill) in usage message
- CONTRIB: tcploop: fix connect's address length
- CONTRIB: tcploop: use the trash instead of NULL for recv()
- BUG/MEDIUM: listener: do not try to rebind another process' socket
- BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
- BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
- BUG/MEDIUM: connection: ensure to always report the end of handshakes
- BUG: payload: fix payload not retrieving arbitrary lengths
- BUG/MAJOR: http: fix typo in http_apply_redirect_rule
- MINOR: doc: 2.4. Examples should be 2.5. Examples
- BUG/MEDIUM: stream: fix client-fin/server-fin handling
- MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
- BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
- DOC/MINOR: Fix typos in proxy protocol doc
- DOC: Protocol doc: add checksum, TLV type ranges
- DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
- DOC: Protocol doc: add noop TLV
- MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
- BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
- MINOR: server: irrelevant error message with 'default-server' config file keyword.
- MINOR: doc: fix use-server example (imap vs mail)
- BUG/MEDIUM: tcp: don't require privileges to bind to device
- BUILD: make the release script use shortlog for the final changelog
- BUILD: scripts: fix typo in announce-release error message
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
Update vnStat to 1.17 which fixes database issue.
Remove unecessary patch
Based on:
commit 79b6e9dc61 by
Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
If mwan3track detects a failure the interval check will change to
"failure_interval" value until this interface is declared "offline".
After interface gets "offline" normal "interval" value is used again.
If interface ping is successful again "recovery_interval" value is used until
interface is declared "online" again.
Using the different intervals will accelerate the wan line detections on
failure and recovery.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
procd interface triggers may be busy. Unbound hard restarts will
flush the cache. This might happen frequently depending on how
interface triggers occur.
Change the procd trigger to reduce occurences. Load this trigger
prior to netifd (START=20), but only truly start Unbound from
the trigger rather than immediately in init. Clean up log entries
in scripts after Unbound, NTP, and DNSSEC are established.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
* revamp LuCI GUI (see luci repo for details)
* integrated runtime statistics in normal adblock ubus service instance
(see readme)
* simplified boot/init
* no longer use raw interface trigger
* use only network interface trigger, pre-configured for
'wan/wwan/lan' interfaces (see readme)
* fixed a reload issue
* removed switch to disable tld compression (seems to be pretty stable)
* muted awk parser if source list contains incorrect records
* raise dns backend timeout to 20 seconds
* documentation update
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
The init script already supports four plugins: dns cache, dns/ip blocking,
ipv6 blocking and dns logging. If enabled this option installs these four
plugins and also adds libldns as a dependency. If enabled the total size
increase is around 125 kB.
Signed-off-by: Terry Stockert <stockert@inkblotadmirer.me>
On interfaces with interface proto "qmi|ncm" and option dhcp
enabled the interface will be changed to $iface_4 | $iface_6. The
interface mapping in mwan3 will not recognize this interface. To fix
this issue an ubus call will check if an upper interface exists.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
User scripts conversion from luci-app-wan3 will be simplified if the variables
are passed by env instead of arguments.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This commit modifies the dnscrypt-proxy plugin's `dnscrypt-proxy.init`
script to allow specifying a custom dnscrypt resolver. Prior to this
commit users of the dnscrypt-proxy plugin are only able to choose from
a dnscrypt resolver that is present in the packaged `ResolversList` CSV
file.
To specify a custom resolver three new configuration parameters are
required[0]: `ProviderName`, `ProviderKey` and `ResolverAddress`.
The `dnscrypt-proxy.init` script now maps `providername`, `providerkey`,
and `resolveraddress` values (if present) from a `dnscrypt-proxy.config`
file into the generated DNSCrypt configuration file.
`PKG_RELEASE` is increased from 1 to 2 to reflect the new functionality.
[0]: 9eee474770/dnscrypt-proxy.conf (L28:L32)
Signed-off-by: Daniel McCarney <daniel@binaryparadox.net>
Unbound is configured to restart on hotplug/iface but this can result
in numerous restarts at boot. Unbound also has a restart for NTP.
This was observed to generate trouble and even with procd robustness
too many crashes might occur (rare). Unbound would not be running.
Give more care to /var/lib/unbound/root.key during restarts. Use procd
for iface restarts. Check pidof() to wait one more second for Unbound.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
The checks in the incdefs.sh script do not fully work when cross
compiling. It probably checks the hosts libc. Just provide the settings
manually, as our musl at least supports all these features.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>