Fixes compilation when both libbsd and ptunnel-ng are selected.
libbsd is used for arc4random with a fallback to /dev/random. musl does
not support arc4random.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also lets procd trigger the validation function directly, and
removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Note: this should prevent wget to writing to /root/.wget-hsts
which can lead to flash memory degradation.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
The variables can be empty if not set in the UCI config.
Reported-by: Petr Novák <petrn@me.com>
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
This bug was introduced since dd206b7d0b
mwan3_remon_ipv4 and mwan3_remon_ipv6 is command to run not a variable
I add some comments on them hopefully people will notice it
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
The Go compiler can now manage the build dependencies by itself, as
obfs4proxy has been ported to a Go module.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* fix a json related ressource leak
* add a reload trigger when the wireless config gets changed
* set an interface default 'trm_wwan' (like the LuCI frontend)
* reordered nested loops to optimize the connection handling
Signed-off-by: Dirk Brenken <dev@brenken.org>
Yggdrasil builds end-to-end encrypted networks with IPv6. Beyond the
similarities with cjdns is a different routing algorithm. This
globally-agreed spanning tree uses greedy routing in a metric space.
Back-pressure routing techniques allow advanced link aggregation bonding
on per-stream basis. In turn, a single stream will span across multiple
network interfaces simultaneously with much greater throughput.
Authored by: William Fleurant <meshnet@protonmail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
This one contains only a few CVEs + bugfixes.
* CVE-2019-8381 memory access in do_checksum() (#538)
* CVE-2019-8376 NULL pointer dereference get_layer4_v6() (#537)
* CVE-2019-8377 NULL pointer dereference get_ipv6_l4proto() (#536)
* Rename Ethereal to Wireshark (#545)
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
trafficshaper create QoS rules to limit (or reserve) traffic used
by classes of clients.
Uplink and downlink can be controled (or not controlled) independently.
Client classes are defined by its network addresses (IPv4 or IPv6). Each
client class can define absolute or relative (to wan) bandwith, and also
the use (or not) of spare wan bandwidth when avaiable.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Using shorewall-lite {en|dis}able instead of completely restarting
Shorewall is much more efficient.
But it also makes sense to move the starting of Shorewall from init
to an interface hotplug event. The "lan" interface should be a good
indicator that networking it ready. Besides, Shorewall won't start
until br-lan is available.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>