Commit Graph

2576 Commits

Author SHA1 Message Date
Linus Lüssing
4911da56e1
gluon-ebtables: Enable concurrent ebtables updates
This enables the ebtables internal locking mechanism which
will avoid race conditions between multiple, concurrent
ebtables calls.

This is a preparation for the upcoming gluon-arp-limiter
daemon, to avoid issues if upon restarting gluon-ebtables
the gluon-arp-limiter daemon tries to modify the tables.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
2018-01-03 19:58:53 +01:00
Sven Eckelmann
cb03183284
ebtables: Use flock() for --concurrent option
The previous locking mechanism was not atomic, hence it was possible
that a killed ebtables process would leave the lock file in place which
in turn made future ebtables processes wait indefinitely for the lock to
become free.

Fix this by using flock(). This also simplifies code quite a bit because
there is no need for a custom signal handler or an __exit routine
anymore.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2018-01-03 19:58:53 +01:00
Matthias Schiffer
9e3ea83093
Refresh patches and fix numbering 2018-01-03 19:54:13 +01:00
David Bauer
9273e56c63 ar71xx: add support for TP-Link Archer C7 v4 (#1289) 2018-01-03 16:50:23 +01:00
Christof Schulze
621eaf3c91 modules: update url to lede-project git repository after upstream move (#1292) 2018-01-03 12:42:18 +01:00
Christof Schulze
bc2fb8cc69 gluon-respondd: firewall should allow access for devices in zone local_client (#1291) 2017-12-31 19:57:57 +01:00
Christof Schulze
910a6c8bb3 gluon-respondd: add current unix time to statistics (#1287) 2017-12-29 23:49:28 +01:00
Matthias Schiffer
d531289dee
Backport patches for rx buffer stalls on QCA953x and QCA956x
Fixes #1101
2017-12-29 16:12:52 +01:00
Matthias Schiffer
21b3dd3259
build: add file size field to manifest lines
We would like to check the file size instead of downloading indefinitely.
The file size is added in another copy of the manifest lines, which is
ignored by older autoupdater implementations.
2017-12-28 22:57:37 +01:00
Matthias Schiffer
245e0f9ecc
Merge pull request #1280 from FreifunkVogtland/libbatadv
libbatadv: Add common batman-adv helper functions library
2017-12-28 14:50:13 +01:00
Christof Schulze
41ab551518
libgluonutil: add function that retrieves the node prefix from site.conf 2017-12-27 23:50:31 +01:00
Ruben Barkow
a92cfa3194 docs: standardize package descriptions and add missing example in site-example (#1179) 2017-12-27 21:48:21 +01:00
Matthias Schiffer
8e6e06c4b8
modules: update Gluon packages
57c6796 tunneldigger: clean up version variables in Makefile
90ecf80 tunneldigger: Update to newest upstream commit: (#178)
8769d07 L3roamd bump (#180) -- use all-nodes mac
79583b3 l3roamd: bump version, fix memleaks, adjust output (#177)
030be55 l3roamd: bump version to 2017-12-11
ffd793a libbabelhelper: update version
e0e4fa2 mmfd: bump version (compile fix) (#176)
25123fe bumping versions of l3roamd, mmfd, libbabelhelper
2017-12-27 17:53:18 +01:00
Sven Eckelmann
6701aa81a5 gluon-status-page-api: Use genl helpers from libbatadv
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2017-12-27 17:40:41 +01:00
Sven Eckelmann
a267cc7ee7 gluon-mesh-batman-adv: Use genl helpers from libbatadv
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2017-12-27 17:40:35 +01:00
Sven Eckelmann
624cffc744 libbatadv: Add library for common batman-adv helpers
Interacting with batman-adv's genl interface requires some code and
definitions which could be shared between different packages. libbatadv is
trying to do this without providing any guarantee for ABI or API stability.
It is only useful in very controlled environments like gluon.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2017-12-27 17:40:30 +01:00
Matthias Schiffer
f799518194
gluon-ebtables-filter-multicast: do not filter out Bridge Loop Avoidance
batman-adv uses gratuitous ARP packets with certain target addresses for
BLA.

Fixes #1198
2017-12-27 17:22:37 +01:00
Karsten
35237c2ca1 gluon-web-network: make 'PoE Power Port[0-9]' translatable (#1173) 2017-12-27 03:11:49 +01:00
Jan-Tarek Butt
f514ec13b5
brcm2708-bcm2709: add manifest_alias for raspberry-pi-2-model-b-rev-1.1 2017-12-27 03:06:19 +01:00
Jan-Tarek Butt
7b61cb16f8
brcm2708-bcm2708: add manifest_alias for raspberry-pi-model-b-rev-2
Signed-off-by: Jan-Tarek Butt <tarek@ring0.de>
2017-12-27 03:05:53 +01:00
Matthias Schiffer
2b1ffb3034
gluon-core, gluon-client-bridge: create local_client zone in core
As core defines basic rules for this zone, it makes sense to create it
there.
2017-12-27 02:43:34 +01:00
Matthias Schiffer
8ea5810bda
gluon-core: firewall: allow inbound ICMPv4 ping on local_node 2017-12-27 02:43:34 +01:00
Matthias Schiffer
39284f00d0
gluon-core: firewall: allow Multicast Listener Discovery on mesh/local_client
Based-on-patch-by: Christof Schulze <christof.schulze@gmx.net>
2017-12-27 02:43:33 +01:00
Matthias Schiffer
a252383918
gluon-core: firewall: remove redundant ICMPv6 output rules
OUTPUT is always accepted, no need to allow ICMPv6 explicitly.
2017-12-27 02:43:33 +01:00
Matthias Schiffer
fe2048e4df
gluon-core: firewall: coding style
Wrap long lines.
2017-12-27 02:43:33 +01:00
Ralf Jung
4bae0a429f docs: dns-cache: explain setting dns.servers a bit more (#1268) 2017-12-27 00:21:08 +01:00
edeso
ab16cea161
build: allow passing relative paths
Allow using relative paths for GLUON_SITEDIR, GLUON_OUTPUTDIR, ...

We also check for whitespace in paths now, as build will not work properly
with whitespace anyways, and Make's abspath would require escaping
otherwise.

[Matthias Schiffer: minor changes, rewrite commit message]
2017-12-25 17:54:42 +01:00
David Bauer
70784cb3b2 ar71xx: add support for TP-Link TL-WR1043N v5 (#1279) 2017-12-19 04:22:44 +01:00
Rotzbua
3e25039012 docs: README.md: switch to https URLs (#1278) 2017-12-14 16:12:10 +01:00
Steffen Förster
9136562517 ramips-rt305x: add D-Link DIR-615 rev D1-D4 2017-12-08 00:00:35 +01:00
Matthias Schiffer
d21c3e4964
modules: update LEDE
7f3dab2fc3 kernel: bump 4.4 to 4.4.102
d3f40aabba wireguard: bump to 20171122
7ec639451d ramips: fix Planex CS-QR10 device packages
6cfa7e5788 ramips: fix DCH-M225 support
e626942c33 dnsmasq: load instance-specific conf-file if exists
d64c0e54a5 rpcd: update to version 2017-11-12
ecaad8b2cb brcm47xx: fix switch port mapping on D-Link DIR-330
d851d7fa56 wireguard: fix portability issue
8751bd771d wireguard: move to kernel build directory
ed571c14e0 wireguard: bump to 0.0.20171111
c9fb48a432 procd: update to latest git HEAD (fixes and improvements)
cda8ec7dd8 openssl: update to 1.0.2m
421754191d brcm47xx: fix switch port mapping on Asus RT-N12 and RT-N16 models
95824b9bf6 rpcd: update to the latest version from 2017-11-09
792559f25b mountd: bump to git HEAD version (optimization fixes)
a0ef1c478a functions.sh: fix default_postinst function
2017-11-26 15:44:41 +01:00
kb-light
17d1c65610
ramips-mt7621: do not tag ubnt-erx(-sfp) as broken
There is no wifi, so there is no bad wifi.

[Matthias Schiffer: rebase onto master]
2017-11-26 12:46:20 +01:00
Karsten Böddeker
64cfd648cb
ramips-mt7621: add support for UBNT EdgeRouter X-SFP
[Matthias Schiffer: remove patch "ramips: simplify ubnt-erx-sfp device
definition", as it depends on other patches that have not been backported]
2017-11-26 12:44:52 +01:00
Christof Schulze
c544846bc5
gluon-neighbour-info: allow respondd replies on mesh and wan interface 2017-11-25 23:31:23 +01:00
Christof Schulze
e5b4d25451
gluon-respondd: allow access to respondd from mesh-internal addresses 2017-11-25 23:31:08 +01:00
Christof Schulze
1c1c9f8fc7
gluon-core: firewall rework, make base policy more restrictive
* gluon-core, gluon-client-bridge: introduce new firewall zone: local_client
 * gluon-core: put clients in local_client zone, introduce drop-zone,
   set dns-rules and zones
 * gluon-respondd: allow respondd on mesh
 * gluon-status-page-api: allow http input on mesh and client
2017-11-25 23:19:08 +01:00
Matthias Schiffer
7351fb5d4a
gluon-web-network: fix reading "legacy" mode settings from UCI
Fixes #1269
2017-11-25 22:08:58 +01:00
Matthias Schiffer
87c741b45e
scripts: run feeds.sh with bash like the other scripts handling modules
Fixes #1262
2017-11-23 17:44:46 +01:00
Andreas Ziegler
1ca402ee46 ramips-mt7621: ZBT-WG3526 has no factory image 2017-11-23 03:09:03 +01:00
Andreas Ziegler
14ef0387ea ramips-mt7621: add ZBT-WG3526 2017-11-23 03:05:58 +01:00
kb-light
f7f659c254
gluon-web-network: make poe_passthrough more generic 2017-11-15 22:45:22 +01:00
Andreas Ziegler
6f7504b48a docs: site-example: site.conf: fix typo 2017-11-15 03:44:53 +01:00
Matthias Schiffer
d147c987c6
modules: update LEDE
6b6578feec wireguard: version bump to 0.0.20171101
9740523763 ar71xx: fix LED config for DIR-869 A1
bdf19eec35 ipq806x: nbg6817: sync MAC addresses to the upstream values
2aff2add31 ipq806x: nbg6817: add kmod-fs-ext4 to device packages
63f6408ccc uclient: update to the latest version, fixes fetch of multiple files
2017-11-05 20:40:20 +01:00
Matthias Schiffer
460830bea1
modules: update Gluon packages
16bf1f9 libpacketmark: fix call of initialization function (again)

Fixes #1245
2017-11-04 20:56:54 +01:00
Matthias Schiffer
3fce6a6836
docs: fix recommended command line to generate site seed
Without -v, hexdump would sometimes replace duplicate bytes with "*" and
a newline.
2017-10-31 22:41:33 +01:00
Christof Schulze
94e7827ac8
gluon-status-page: improve localization (#1241) 2017-10-31 19:25:27 +01:00
Matthias Schiffer
7a53482f86
modules: update LEDE
3eae19acee ramips: fix Youku-YK1 support
8a48a53dcb tools/squashfs4: include sysmacros.h explicitly
8406e50df5 tools/squashfs: include sysmacros.h explicitly
96dbf59e5a tools/mtd-utils: include sysmacros.h explicitly
d2fd6412a6 tools/findutils: include sysmacros.h explicitly
367b4563b4 dnsmasq: restore ability to include/exclude raw device names
ee6fa8d839 lantiq: add missing default lan interface
2bee675d33 ipq806x: fix Zyxel NBG6817 WiFi button
f5935f78a1 ramips: fix default usb support for nexx wt3020-8M
2017-10-29 20:48:31 +01:00
Matthias Schiffer
f7baa2c4df
modules: update OpenWrt packages
Fixes a build issue in kmod-jool.

82ef2fd7 jool: fix PKG_BUILD_DIR to avoid kernel ABI mismatch
fee9a0aa monit: update to 5.24, use https download url
5a6fcfbc monit: update to 5.23
4479fada monit: update to 5.20, use PKG_HASH
9ce3deb8 sqlite3: update to 3.19.3
6bca8579 libs/sqlite3: Update to 3190200
0a279576 sqlite: update to 3.17.0
58a1a733 libwebsockets: add PROVIDES to both variants
e967fd8c icu: fix CVE-2017-14952 Double-Free Vulnerability [lede-17.01]
3c29b149 Revert "Provides a way to acquire the list of installed packages without the"
27bdc743 Revert "add ubus call to perform a sysupgrade and acl file for the attended"
cdcf6ad2 Revert "due to renaming .rpcd was forgotten in the Makefile"
04cbc70c due to renaming .rpcd was forgotten in the Makefile
f6c287f1 add ubus call to perform a sysupgrade and acl file for the attended sysupgrade use case as well uci defaults. Package is a part of the GSoC 17 project implementing easy sysupgrade functionality.
983819f3 Provides a way to acquire the list of installed packages without the need to have opkg available. It is being used for the GSoC 17 project implementing easy sysupgrade functionality.
cd5c4487 wireguard: drop package
9040b270 noddos: new backport of noddos from master branch
72e88678 wireguard: bump to release 0.0.20171005 for 17.01
de79f4c7 bluez: fix CVE-2017-1000250
b56e6504 tor: update to version 0.2.9.12
c69b0774 tor: update to version 0.2.9.11
ea9ca5ed ruby: bump to 2.4.2
fa3a118d collectd: uptime plugin: apply fix from upstream
4739584c mwan3: fix interface-bound traffic when interface is offline
d61bf45c haproxy: update to 1.7.8 and pending patches  - fixes reload issue with hanging process
a6a44f91 pcre: Added fix for CVE-2017-11164 by adding stack recursion limit
1434dbdf pcre: upgrade to version 8.41  - fixes security issues
ad256bbf strongswan: fix typo
a7007291 strongswan: add curve25519 plugin
1143cb9b strongswan: bump to 5.5.3
384e89b3 strongswan: bump to 5.5.2
fe233e35 net/mwan3: update Makefile
42f46570 unbound: update to 1.6.5
a3c78648 net/mwan3: remove lock file on mwan3 stop
282e9001 net/mwan3: fix ping issue if last interface recovers from failure
94a52336 net/mwan3: fix ipset generation in hotplug script with an lock
822bc96b net/mwan3: add lock for mwan3 hotplug script
70d96f5d net/mwan3: add connected network regardless of mwan3 interface enable state
8a111b5b net/mwan3: mwan3track interrupt sleep on signal (trap) event
eefc65b0 net/mwan3: fix hotplug on ACTION ifdown
7fb33ad6 mosquitto: properly use localhost instead of ipv4
75f50611 mosquitto: support more config options in UCI
956ef7a8 acme: Make sure postrm script doesn't fail
788f17e9 acme: Fix for curl linked against mbed TLS. (#4254)
5383fd42 nlbwmon: update to latest version
29fb31fe nlbwmon: add package
ce5ff274 mosquitto: update to 1.4.14
bdac4914 mosquitto: update to 1.4.13
e4e22eb9 zabbix: update to 3.2.6
4ea3c274 zabbix: partially fix zabbix-extra-mac80211
26897f09 zabbix: update to 3.2.4, use PKG_HASH
f2539c58 lighttpd: backport more mod_cgi fixes queued for 1.4.46
46014e36 coreutils: stdbuf: fix missing libstdbuf.so
e8af9ce4 gnutls: updated to 3.5.13
4c26df19 libtasn1: updated to 4.12
b91c48ba openconnect: new option mtu
7af43217 openconnect: drop stale config: interface
9c9571fd openconnect: Bump openconnect to 7.08
72928442 minidlna: backport fixes from 1.1.6 and 1.2.0 releases
ca5d4b08 openldap: update to 2.4.45
dc558eaa mosquitto: fix empty client-nossl package
33d8f9e5 libdmapsharing: update to 2.9.38
53d18a45 tor: update to version 0.2.9.10
2017-10-29 18:47:17 +01:00
Matthias Schiffer
becc90d818
build: delete lede/tmp on module updates
LEDE doesn't always notice that the metadata needs to be refreshed.
2017-10-29 18:44:30 +01:00
Matthias Schiffer
207337b5de
modules: update Gluon packages
5249974 libpacketmark: fix call of initialization function

Fixes #1245
2017-10-25 14:57:05 +02:00