Remove nft rules file generated by ss-rules if ss-rules was or should be
turned off for by configuration. Use "fw4 restart" instead of "fw4
reload" to force the runtime rule reloading
Ref: https://github.com/openwrt/packages/pull/17937#issuecomment-1207357037
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 04ee032699)
Change notes:
Updated Makefile package version and hash.
Added libpcre2 dependency
Removed USELIBPCRE make flag (no longer optional within sslh)
Updated patch 001 to work with new sslh Makefile
Signed-off-by: Martin Moreno <fett3270@yahoo.com>
(cherry picked from commit 9b90bb37ee)
89d5d2e091 only patched importing
MutableMapping from collections, but importing Mapping has to be patched
too
Closes: #18681
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 4bd2169e73)
The decision to switch the default to wolfSSL was taken because of
hostapd back from when curl was in base. Unfortunately, not only is
wolfSSL bigger but it has also been causing issues recently. There's
also no relation between hostapd and curl.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0a65e4c6fa)
edca4d2 network: rework network status callbacks
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 28ca76d29bc0703474fd44815ceca6bd7b28efe6)
10fb043 network: dump detail on ping pong received
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 1f60c232966b12b2f6e35a2705dc63883eec61c2)
bb362db datastorage: fix ap_array_unlink_entry always returns NULL
47e98ef network: ping pong keepalive for tcp connections
eba0354 network: add timeout for client connections
In the dawn config the con_timeout needs to be added:
option con_timeout '60'
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 204fd77bbc810e64602bbd758af4bef6c76844b1)
Needs an extra header. pthread.h is also no longer implicitly included.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 4605f98b41)
e596ff1 ubus.c: only add nr entries matching our own SSID
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit bb0d45ed355264ca606d01699ca59edaf6848eab)
* fix another vpn corner case
* add support for javascript based captive portals (location.href)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 3ae7a46b82)
* various vpn fixes/optimizations (run tested by forum users)
* refine several log statements
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit cf1f9dc933)
Use nft instead of iptables to open port 80 in the firewall when getting a
cert. Since nft doesn't allow deleting a rule by its contents, capture and
save the handle when creating the rule, and use that to delete.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
(cherry picked from commit d926da5182)
luajit provides higher performance for requests handled in Lua hooks.
It also enables access to dnsdist functionality only exposed via FFI,
and allows configurations/hooks to call functions in any C library
without providing separate bindings.
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit 283b269c7c)
* the domain whitelist feature has been extended to free up multiple nested captive portal domains.
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 0ee0aa2b53)
1. Switched to use prebuilt web files to get rid of massive Node.js.
2. Increased nofile limitation to avoid "too many open files" error.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit d629a6f8b2)
Rosen Penev
Yousong Zhou
Jo-Philipp Wich
Martin Moreno
Boris Krasnovskiy
Michal Vasilek
ZiMing Mo
Jan Hák
Nick Hainke
David Bauer
Stijn Tintel
Tianling Shen
Dirk Brenken
Peter van Dijk
Stan Grishin
Ivan Pavlov
Stijn Segers
Toke Høiland-Jørgensen
Lucian Cristian
W. Michael Petullo
Josef Schlehofer
Shengjiang Quan