788312ca59c5 uqmi: ensure CID is a numeric value before proceeding
b934aa2f2144 kernel: update 17.01 kernel to 4.4.116
b3b16c8ce5c6 uqmi: use built-in command for data-link verification
e9eb219e5a07 uqmi: use correct value for connection checking
5661ac1de4d8 uqmi: use general method for state cleaning
7c259fb98018 uqmi: silence error on pin verification
046222dfaf12 uqmi: fix raw-ip mode for newer lte modems
0393009ec84e net: uqmi: fix blocking in endless loops when unplugging device
31ae7381b8db kernel: refresh patches
3b227103e6a3 kernel: backport raw-ip mode for newer QMI LTE modems
f60be720772c base-files: don't evaluate block-device uevent
623cdc4ffeef ramips: backport mt7530/762x switch fixes
b15d54e659b4 perf: use libunwind
566ff9e6ee69 libunwind: enable build for arm
This patch moves the prefix4 subnet route from the local-node veth
device to br-client (while keeping the next node ipv4 address on the
local node device).
This is in preparation to allow routing over the br-client interface
later.
This package adds filters to limit the amount of ARP Requests
devices are allowed to send into the mesh. The limits are 6 packets
per minute per client device, by MAC address, and 1 per second per
node in total.
A burst of up to 50 ARP Requests is allowed until the rate-limiting
takes effect (see --limit-burst in the ebtables manpage).
Furthermore, ARP Requests with a target IP already present in the
batman-adv DAT Cache are excluded from the rate-limiting,
both regarding counting and filtering, as batman-adv will respond
locally with no burden for the mesh. Therefore, this limiter
should not affect popular target IPs, like gateways.
However it should mitigate the problem of curious people or
smart devices scanning the whole IP range. Which could create
a significant amount of overhead for all participants so far.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
This is needed for the Gluon ARP limiter to work without hiccups in
traffic.
Link: https://patchwork.ozlabs.org/patch/841210/
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Both gluon.sysconfig and libgluonutil already remove the trailing newline
if it exists. It's nicer to avoid files without a trailing newline, e.g.
for printing the file contents in a terminal.
This is currently only implemented in the gluon-mesh-vpn-fastd
package.
Advertising the public key may be deemed problematic when
your threat-model involves protecting the nodes privacy
from tunnel traffic correlation by onlink observers.
It can be enabled by setting site.mesh_vpn.fastd.pubkey_privacy
to `false`.
b1205a9211 ar71xx: /lib/ar71xx.sh: add model detection for TP-Link TL-WR810N
fbeae9d891 iptables: make kmod-ipt-debug part of default ALL build
6ea9a702c5 iptables: Fix target TRACE issue
00fa1e4108 curl: fix libcurl/mbedtls async interface
d5278cc48b kernel: bump 4.4 to 4.4.112 for 17.01
2ae0741f3b dnsmasq: backport validation fix in dnssec security fix
58d60bd283 dnsmasq: backport dnssec security fix for 17.01
d626aa005b mountd: bump to git HEAD version
f0336975be kernel: bump 4.4 to 4.4.111 for 17.01
fb6f21c657 kmod-sched-cake: bump to latest cake bake for 17.01
2e8a3bb35f ar71xx: Netgear WNR2000v4: do not include USB packages [17.01]
3fa86282fa build: fix restoring /etc/opkg with PER_DEVICE_ROOTFS
987a7e3175 ramips: fix lenovo newifi-y1 switch and LED config
dbb5ffaed5 ramips: firewrt: indicate boot status via LED
If a value is unset or optional, an empty choice is added to the selection.
This empty choice will be marked as invalid if the value is not optional.
This is properly supported for the 'select' widget only for now, and not
for 'radio'.
