Use newest acme.sh release (2.6.8).
Remove dependency on ca-certificates and add dependency on ca-bundle.
Update environment variable.
Signed-off-by: Daniel Halmschlager <da@halms.at>
* no longer misuse ubus/procd service object for adblock runtime
information, now save all required information directly
in a JSON file/format (/tmp/adb_runtime.json)
* new 'status' init command to print runtime information
* add a configurable interface trigger timeout for
nested or slow modem/router setups,
set 'adb_triggerdelay' accordingly (default 1 second)
* add support for pure http download utilities like wget-nossl
or uclient-fetch without libustream-ssl (http donwloads only!)
* fix stop action
* fix enabled/disabled action
* fix country code in regional list for china
* LuCI update to reflect all changes
Signed-off-by: Dirk Brenken <dev@brenken.org>
If interface is getting down by netifd (unplug ethernet cable)
mwan3track will not recognize this change. It will also generate an
additional down event when he notice does his tracking interface is offline.
Mwan3track will now be informed by a signal (trap) USR1 during down event
that the interface is already down. An additional down event will not be
generated.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Changelog:
* Fixed a regression of 1.6.4 which caused a crash in modperl/modpython
(not packaged)
* Fixed the behavior of verbose command in the sasl module.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This commit fixes bugs, cleans and enhances init.d script:
1. The first disk and interface was passed to mini_snmpd with extra
leading space.
This bug caused the first monitored disk and interface to be
inaccessible by SNMP daemon.
2. Automatically reload deamon if one of monitored interfaces goes
up/down.
Since mini_snmpd reads interface list only at startup, it won't
detect any interface which appeared after the daemon was started.
Fortunately we can use procd interface triggers to automatically
restart the daemon.
3. Replace hand-written direct ubus calls and json data filtering with
standard network functions.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* re-order all regional lists in adblocklist/easylist format
* add polish blocklist
* add chinese blocklist
* lists called now 'reg_<ch|pl|ro|ru>'
* changed interface trigger default in config to 'wan' only
* update / sync LuCI frontend (see luci repo for details)
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
[RELEASE] Released version 1.7.5 due to bug in compression
Released version 1.7.5 with the following main changes :
- BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
- BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
- BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
- BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
- DOC: fix parenthesis and add missing "Example" tags
- DOC: update the contributing file
- DOC: log-format/tcplog/httplog update
- MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
haproxy's Makefile already happens include/ after specifying PCRE_DIR
which would result in the following build errors on an external
toolchain that does not automatically search for headers in
$(STAGING_DIR):
mipsel-linux-gnu-gcc -Iinclude -Iebtree -Wall -O2 -g
-fno-strict-aliasing -Wdeclaration-after-statement -DBUFSIZE=16384
-DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530 -DCONFIG_HAP_LINUX_SPLICE
-DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB
-DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS
-DUSE_ACCEPT4 -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_REGPARM=3
-DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_LUA
-I/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/lua-5.3.3/include
-DUSE_PCRE
-I/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/include/include
-DUSE_PCRE_JIT -DCONFIG_HAPROXY_VERSION=\"1.7.4-patch02\"
-DCONFIG_HAPROXY_DATE=\"2017/04/01\" \
-DBUILD_TARGET='"linux2628"' \
-DBUILD_ARCH='""' \
-DBUILD_CPU='"generic"' \
-DBUILD_CC='"mipsel-linux-gnu-gcc"' \
-DBUILD_CFLAGS='"-O2 -g -fno-strict-aliasing
-Wdeclaration-after-statement -DBUFSIZE=16384 -DMAXREWRITE=1030
-DSYSTEM_MAXCONN=165530"' \
-DBUILD_OPTIONS='"USE_LINUX_SPLICE=1 USE_LINUX_TPROXY=1
USE_ZLIB=yes USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
USE_PCRE_JIT=1"' \
-c -o src/haproxy.o src/haproxy.c
In file included from include/types/proxy.h:33:0,
from include/proto/log.h:32,
from include/common/cfgparse.h:29,
from src/haproxy.c:65:
include/common/regex.h:31:18: fatal error: pcre.h: No such file or
directory
#include <pcre.h>
Fix this by stripping the additional include/ being added.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Some external toolchaind don't automatically search for headers in
$(STAGING_DIR), make sure we do pass TARGET_CPPFLAGS as appropriate.
This fixes build errors such as:
mipsel-linux-gnu-gcc -O2 -Wall -Wextra -DLUA_COMPAT_5_2 -DLUA_USE_LINUX
-c -o lua.o lua.c
lua.c:80:31: fatal error: readline/readline.h: No such file or directory
#include <readline/readline.h>
^
compilation terminated.
<builtin>: recipe for target 'lua.o' failed
make[6]: *** [lua.o] Error 1
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Fixes build errors with toolchains that don't automatically search for
headers in STAGING_DIR (such as external toolchains) resulting in the
following build failures:
mipsel-linux-gnu-gcc -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc
-fno-caller-saves -Wno-unused-result -D_FORTIFY_SOURCE=1 -Wl,-z,now
-Wl,-z,relro -DUSE_SSL_CRYPTO -c options.c
In file included from options.c:62:0:
auth_algo.h:53:26: fatal error: openssl/hmac.h: No such file or
directory
#include <openssl/hmac.h>
^
compilation terminated.
Makefile:95: recipe for target 'options.o' failed
make[4]: *** [options.o] Error 1
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* rework automatic mode (active scan/re-connection handling):
* much more procd & resource friendly
* now enabled by default
* save runtime information in ubus service (data section)
* final backend preparation for new LuCI-GUI (still WIP!)
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
Use CFLAGS_DEBUG which is already used for TARGET_CFLAGS to also pass
TARGET_CPPFLAGS.
This fixes build issues with toolchains that don't automatically search
for header files (e.g: sys/capability.h), such as stbgcc-4.8-1.5
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This allows users to use an external config file if required (for
example matching packets based on SNI hostname or REGEX patterns).
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
Signed-off-by: Mircea Horea IONICĂ <mionica@gmail.com>
[RELEASE] Released version 1.7.4
Released version 1.7.4 with the following main changes :
- MINOR: config: warn when some HTTP rules are used in a TCP proxy
- BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
- BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
- BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
- BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
- BUG/MINOR: Fix "get map <map> <value>" CLI command
- BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
- BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
- BUG/MINOR: checks: attempt clean shutw for SSL check
- CONTRIB: tcploop: add limits.h to fix build issue with some compilers
- CONTRIB: tcploop: make it build on FreeBSD
- CONTRIB: tcploop: fix time format to silence build warnings
- CONTRIB: tcploop: report action 'K' (kill) in usage message
- CONTRIB: tcploop: fix connect's address length
- CONTRIB: tcploop: use the trash instead of NULL for recv()
- BUG/MEDIUM: listener: do not try to rebind another process' socket
- BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
- BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
- BUG/MEDIUM: connection: ensure to always report the end of handshakes
- BUG: payload: fix payload not retrieving arbitrary lengths
- BUG/MAJOR: http: fix typo in http_apply_redirect_rule
- MINOR: doc: 2.4. Examples should be 2.5. Examples
- BUG/MEDIUM: stream: fix client-fin/server-fin handling
- MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
- BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
- DOC/MINOR: Fix typos in proxy protocol doc
- DOC: Protocol doc: add checksum, TLV type ranges
- DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
- DOC: Protocol doc: add noop TLV
- MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
- BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
- MINOR: server: irrelevant error message with 'default-server' config file keyword.
- MINOR: doc: fix use-server example (imap vs mail)
- BUG/MEDIUM: tcp: don't require privileges to bind to device
- BUILD: make the release script use shortlog for the final changelog
- BUILD: scripts: fix typo in announce-release error message
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
Update vnStat to 1.17 which fixes database issue.
Remove unecessary patch
Based on:
commit 79b6e9dc61 by
Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
If mwan3track detects a failure the interval check will change to
"failure_interval" value until this interface is declared "offline".
After interface gets "offline" normal "interval" value is used again.
If interface ping is successful again "recovery_interval" value is used until
interface is declared "online" again.
Using the different intervals will accelerate the wan line detections on
failure and recovery.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
procd interface triggers may be busy. Unbound hard restarts will
flush the cache. This might happen frequently depending on how
interface triggers occur.
Change the procd trigger to reduce occurences. Load this trigger
prior to netifd (START=20), but only truly start Unbound from
the trigger rather than immediately in init. Clean up log entries
in scripts after Unbound, NTP, and DNSSEC are established.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
* revamp LuCI GUI (see luci repo for details)
* integrated runtime statistics in normal adblock ubus service instance
(see readme)
* simplified boot/init
* no longer use raw interface trigger
* use only network interface trigger, pre-configured for
'wan/wwan/lan' interfaces (see readme)
* fixed a reload issue
* removed switch to disable tld compression (seems to be pretty stable)
* muted awk parser if source list contains incorrect records
* raise dns backend timeout to 20 seconds
* documentation update
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
The init script already supports four plugins: dns cache, dns/ip blocking,
ipv6 blocking and dns logging. If enabled this option installs these four
plugins and also adds libldns as a dependency. If enabled the total size
increase is around 125 kB.
Signed-off-by: Terry Stockert <stockert@inkblotadmirer.me>
On interfaces with interface proto "qmi|ncm" and option dhcp
enabled the interface will be changed to $iface_4 | $iface_6. The
interface mapping in mwan3 will not recognize this interface. To fix
this issue an ubus call will check if an upper interface exists.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
User scripts conversion from luci-app-wan3 will be simplified if the variables
are passed by env instead of arguments.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>