This is useful to assign all traffic to a fw3 zone, e.g.:
/etc/config/ipsec:
config remote 'test'
list tunnel 'dev'
...
config 'tunnel' 'dev'
option reqid '33'
...
/etc/config/firewall:
config zone
option name wan
option extra_src "-m policy --pol none --dir in"
option extra_dest "-m policy --pol none --dir out"
...
config zone
option name vpn
# subnet needed for firewall3 before 22 Nov 2019, 8174814a
list subnet '0.0.0.0/0'
option extra_src "-m policy --pol ipsec --dir in --reqid 33"
option extra_dest "-m policy --pol ipsec --dir out --reqid 33"
...
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
It seems that OpenSSL is bugged. While OpenSSL uses this code, it doesn't
export these defines anywhere. Match against the API version instead.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* cifsd-tools: fix Assignment of a signed value which has type 'long'
* init: convert hide_dot_files to yes/no option
* 'read only = no' seems bugged for cifsd/smb.conf, so fix via 'writeable = yes'
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
As some ipq40xx CPUs support frequency scaling, enable building
collectd-mod-cpufreq for ipq40xx (for private builds) and
its package architecture brcm2708_bcm2709 (for buildbot)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Change deprecated options to a new one:
DetectBrokenExecutables to AlertBrokenExecutables
ArchiveBlockEncrypted to AlertEncrypted
Fixes: CVE-2019-12900 and CVE-2019-12625
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* cifsd: fix uninitialized fp could be freed
* cifsd: fix potential uninitialized spnego_blob could be freed
* cifsd: smbd: replace spinlock_irqsave with spinlock
* cifsd: smbd: avoid the lack of client's send credits
* cifsd-tools: add version generation script
* cifsd-tools: do not abbrev git describe
* cifsd-tools: use 'unknown' version string if git describe fails
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
- This commit adds a config-option for JIT in libpcre(1).
According to research published on
https://rust-leipzig.github.io/regex/2017/03/28/comparison-of-regex-engines/
this should give a 10x performance increase on JIT operations
which can be desireable for high performance Apache mod_rewrite
or haproxy reqrep operations.
This option is available on all officially supported architecutres
which are listed on https://pcre.org/original/doc/html/pcrejit.html#SEC3.
Furthermore, it is enabled by default on the following
architectures: arm, i686, x86_64.
Signed-off-by: Christian Lachner <gladiac@gmail.com>
* Update nextdns to version 1.1.5 which adds IPv6 dual stack support.
* Add the ability to configure per host configuration id from uci.
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Paul Fertser
Rosen Penev
Stijn Tintel
Andy Walsh
William Fleurant
Michael Heimpold
Jeffery To
Josef Schlehofer
Hannu Nyman
Matthias Schiffer
Dirk Brenken
Daniel Engberg
Christian Lachner
Chao Liu
Kevin Darbyshire-Bryant
Florian Eckert
George Iv
Jan Pavlinec
Olivier Poitrey
Yorkie Liu