A simple DNS proxy server that supports all existing DNS protocols
including DNS-over-TLS, DNS-over-HTTPS, DNSCrypt, and DNS-over-QUIC.
Moreover, it can work as a DNS-over-HTTPS, DNS-over-TLS or
DNS-over-QUIC server.
For documents, see https://github.com/AdguardTeam/dnsproxy.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
A simple command line utility to make DNS lookups. Supports all known
DNS protocols: plain DNS, DoH, DoT, DoQ, DNSCrypt.
For documents, see https://github.com/ameshkov/dnslookup.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
mdio is a low-level Linux debug tool for communicating with devices attached an MDIO bus. It improves on existing tools in this space in a few important ways:
MDIO buses are directly addressable. Previous solutions relied on at least one Ethernet PHY on the bus being attached to a net device, which is typically not the case when the device is an Ethernet switch for example.
Complex operations can be performed atomically. The old API only supported a single read or write of a single register. mdio sends byte code to the mdio-netlink kernel module that can perform multiple operations, store intermediate values, loop etc. As a result, things like read/mask/write operations and accesses to paged PHYs can be performed safely.
Signed-off-by: Damien Mascord <tusker@tusker.org>
User that don't control both OpenVPN client and server
might still need LZO support, so keep it enable by default for at least
OpenSSL variant.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
The commit updating the seccomp filter didn't bump PKG_RELEASE.
Do that now.
Fixes: 1141ee1e5 ("transmission: add new syscalls to seccomp filter)"
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Testing showed that additional syscalls are needed on ARMv7.
Add "getegid32", "geteuid32", "getgid32" and "getrandom" as they are
all innocent.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
555268b ubus: filter neighbors by SSID when preparing nr
3db9607 data storage: match SSID when searching ap entry
a22f5a7 storage: ensure SSID strings are NULL-terminated
Signed-off-by: Nick Hainke <vincent@systemli.org>
Makefile changes include:
* Remove USE_UCLIBC, as uclibc is no longer supported
* Package output modules
* Move main binary (back) to /usr/sbin, as it is system administration
related and requires superuser privileges
New patches:
* 003-add-space-for-null-byte.patch - from
374cfd2cab
* 004-more-specific-library-linking.patch - from
27b57d9da3
* 005-use-c99-format-macro-constants.patch - from
https://github.com/fln/addrwatch/pull/28
Init script changes include:
* Change from explicit disable to explicit enable, so that the service
is disabled by default and on first install
* Set config option default values to default values of the main binary
* Fix command-line option names and format (from
https://forum.openwrt.org/t/cant-start-addrwatch-service/60499/3)
* Always use the --quiet command-line option, as the procd instance is
not configured to capture stdout/stderr
* Change the syslog config option to start the syslog output module
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Until now the additional tables listed in gobal 'rt_table_lookup' were
not considered for interfaces.
In order to be able to also use interface-defined routes from tables
other than main, consider also tables listed in 'rt_table_lookup'.
Update version to 2.10.10 as requested by maintainer.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* add a tcpdump option to resolve IPs in adblock reporting,
set 'adb_represolve' accordingly (disabled by default). If enabled
tcpdump will perform a reverse DNS (PTR) lookup for each IP address
* add 'stalkerware' source (provided by @astryzia)
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
This option sets the interface of the policy.
Also from Vincent Wiemann <vincent.wiemann@ironai.com>.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Use list's where appropriate for multi-value config variables.
Forbid absolute/relative paths for certificate and key files.
Get rid of last remnants of left/right naming.
Factor invariant code paths.
Drop redundant secrets.rsa.filename section.
Thanks to Vincent Wiemann <vincent.wiemann@ironai.com> for calling
out many of these improvements.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
We enable the option by default, but do not depend on the kernel modules
required for L2TP offloading to avoid wasting space when the feature is
not needed. To use offloading, kmod-l2tp-eth must be installed.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The UMAC-based methods provide higher performance than GMAC and aren't
suspectible to timing attacks when implemented in software (which is
always the case on OpenWrt, as OpenSSL support is disabled). Disable
GMAC by default to save a few KiB.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Switch to AUTORELEASE to avoid bumping PKG_RELEASE all the time.
Run shell scripts through shfmt -w -ci -bn -sr -s in order to have a
standard style.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Noel Kuntze
DENG Qingfang
Tianling Shen
Damien Mascord
Etienne Champetier
Nick Hainke
Rosen Penev
Daniel Golle
Wojciech Dubowik
Florian Eckert
Jeffery To
Peter van Dijk
Olivier Poitrey
Philip Prindeville
Dirk Brenken
David Bauer
Andy Walsh
Matthias Schiffer
Jan Pavlinec