diff --git a/Makefile b/Makefile index 69456c4..1fa3b2d 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ GLUON_BUILD_DIR := gluon-build -GLUON_GIT_URL := https://github.com/freifunk-gluon/gluon.git -GLUON_GIT_REF := v2023.2.4 +GLUON_GIT_URL := https://github.com/ffbs/gluon-parker.git +GLUON_GIT_REF := 75c73a573839e1c8608653be23f780dbba06f63e # latest v2023.2.x-parker PATCH_DIR := ./patches SECRET_KEY_FILE ?= ${HOME}/.gluon-secret-key diff --git a/patches/0001-gluon-core-configure-unreachable-routes.patch b/patches/0001-gluon-core-configure-unreachable-routes.patch deleted file mode 100644 index de5454d..0000000 --- a/patches/0001-gluon-core-configure-unreachable-routes.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 712175c8234f8532e04c9849c20f6df4f63d07dd Mon Sep 17 00:00:00 2001 -From: Jan Luebbe -Date: Sat, 15 Sep 2018 21:37:11 +0200 -Subject: [PATCH 01/38] gluon-core: configure unreachable routes - ---- - .../luasrc/lib/gluon/upgrade/110-network | 33 +++++++++++++++++++ - 1 file changed, 33 insertions(+) - -diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/110-network b/package/gluon-core/luasrc/lib/gluon/upgrade/110-network -index d1493d26..bc195b3d 100755 ---- a/package/gluon-core/luasrc/lib/gluon/upgrade/110-network -+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/110-network -@@ -49,6 +49,21 @@ uci:section('network', 'interface', 'wan', { - auto = true, - }) - -+uci:section('network', 'rule', 'wan_lookup', { -+ mark = '0x01/0x01', -+ lookup = 1, -+}) -+ -+uci:section('network', 'route', 'wan_unreachable', { -+ type = 'unreachable', -+ interface = 'loopback', -+ target = '0.0.0.0', -+ netmask = '0', -+ table = 1, -+ metric = 65535, -+}) -+ -+ - uci:section('network', 'interface', 'wan6', { - proto = wan6.proto or 'dhcpv6', - ip6addr = wan6.ip6addr, -@@ -74,6 +89,24 @@ uci:section('network', 'route6', 'wan6_unreachable', { - metric = 65535, - }) - -+ -+uci:section('network', 'route', 'client_unreachable', { -+ type = 'unreachable', -+ interface = 'loopback', -+ target = '0.0.0.0', -+ netmask = '0', -+ metric = 65535, -+}) -+ -+uci:section('network', 'route6', 'client6_unreachable', { -+ type = 'unreachable', -+ interface = 'loopback', -+ target = '::/0', -+ gateway = '::', -+ metric = 65535, -+}) -+ -+ - uci:save('network') - - --- -2.34.1 - diff --git a/patches/0001-gluon-web-cellular-add-auth-option-to-GUI.patch b/patches/0001-gluon-web-cellular-add-auth-option-to-GUI.patch deleted file mode 100644 index 735d0dc..0000000 --- a/patches/0001-gluon-web-cellular-add-auth-option-to-GUI.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 3e1c937d0eb8946cc8226c7255734f6ffc26b3a5 Mon Sep 17 00:00:00 2001 -From: Tobias <5702338+T0biii@users.noreply.github.com> -Date: Sat, 6 Jul 2024 01:03:28 +0200 -Subject: [PATCH] gluon-web-cellular: add auth option to GUI - ---- - .../luasrc/lib/gluon/upgrade/250-cellular | 2 ++ - package/gluon-web-cellular/i18n/de.po | 15 +++++++++++++++ - .../i18n/gluon-web-cellular.pot | 15 +++++++++++++++ - .../gluon/config-mode/model/admin/cellular.lua | 9 +++++++++ - 4 files changed, 41 insertions(+) - -diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/250-cellular b/package/gluon-core/luasrc/lib/gluon/upgrade/250-cellular -index 27294c4d..300347e3 100755 ---- a/package/gluon-core/luasrc/lib/gluon/upgrade/250-cellular -+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/250-cellular -@@ -21,6 +21,7 @@ local function setup_ncm_qmi(devpath, control_type, delay) - local pincode = uci:get('gluon', 'cellular', 'pin') - local username = uci:get('gluon', 'cellular', 'username') - local password = uci:get('gluon', 'cellular', 'password') -+ local auth = uci:get('gluon', 'cellular', 'auth') - - uci:section('network', 'interface', 'cellular', { - proto = control_type, -@@ -40,6 +41,7 @@ local function setup_ncm_qmi(devpath, control_type, delay) - set_or_delete('network', 'cellular', 'pincode', pincode) - set_or_delete('network', 'cellular', 'username', username) - set_or_delete('network', 'cellular', 'password', password) -+ set_or_delete('network', 'cellular', 'auth', auth) - set_or_delete('network', 'cellular', 'delay', delay) - end - -diff --git a/package/gluon-web-cellular/i18n/de.po b/package/gluon-web-cellular/i18n/de.po -index 81405234..daf464a4 100644 ---- a/package/gluon-web-cellular/i18n/de.po -+++ b/package/gluon-web-cellular/i18n/de.po -@@ -47,3 +47,18 @@ msgstr "" - "Du kannst den Uplink über einen Mobilfunk Service aktivieren. Wenn du " - "dich dafür entscheidest, wird die VPN-Verbindung über das integrierte " - "Mobilfunk-Modem hergestellt." -+ -+msgid "Authentication" -+msgstr "Authentifizierung" -+ -+msgid "None" -+msgstr "Keine" -+ -+msgid "PAP" -+msgstr "" -+ -+msgid "CHAP" -+msgstr "" -+ -+msgid "Both" -+msgstr "Beide" -diff --git a/package/gluon-web-cellular/i18n/gluon-web-cellular.pot b/package/gluon-web-cellular/i18n/gluon-web-cellular.pot -index 5b3b8ae0..cf345329 100644 ---- a/package/gluon-web-cellular/i18n/gluon-web-cellular.pot -+++ b/package/gluon-web-cellular/i18n/gluon-web-cellular.pot -@@ -35,3 +35,18 @@ msgid "" - "You can enable uplink via cellular service. If you decide so, the VPN " - "connection is established using the integrated WWAN modem." - msgstr "" -+ -+msgid "Authentication" -+msgstr "" -+ -+msgid "None" -+msgstr "" -+ -+msgid "PAP" -+msgstr "" -+ -+msgid "CHAP" -+msgstr "" -+ -+msgid "Both" -+msgstr "" -diff --git a/package/gluon-web-cellular/luasrc/lib/gluon/config-mode/model/admin/cellular.lua b/package/gluon-web-cellular/luasrc/lib/gluon/config-mode/model/admin/cellular.lua -index 38a4dd2c..123ed6f2 100644 ---- a/package/gluon-web-cellular/luasrc/lib/gluon/config-mode/model/admin/cellular.lua -+++ b/package/gluon-web-cellular/luasrc/lib/gluon/config-mode/model/admin/cellular.lua -@@ -33,6 +33,14 @@ local password = s:option(Value, "password", translate("Password")) - password:depends(enabled, true) - password.default = uci:get('gluon', 'cellular', 'password') - -+local auth = s:option(ListValue, "auth", translate("Authentication")) -+auth:depends(enabled, true) -+auth:value("none", translate("None")) -+auth:value("pap", translate("PAP")) -+auth:value("chap", translate("CHAP")) -+auth:value("both", translate("Both")) -+auth.default = uci:get('gluon', 'cellular', 'auth') or "none" -+ - function f:write() - local cellular_enabled = false - if enabled.data then -@@ -46,6 +54,7 @@ function f:write() - pin = pin.data, - username = username.data, - password = password.data, -+ auth = auth.data, - }) - - uci:commit('gluon') --- -2.45.1 - diff --git a/patches/0001-kirkwood-add-Linksys-E4200-v2-Viper-Router-3240.patch b/patches/0001-kirkwood-add-Linksys-E4200-v2-Viper-Router-3240.patch deleted file mode 100644 index 8fa40b5..0000000 --- a/patches/0001-kirkwood-add-Linksys-E4200-v2-Viper-Router-3240.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 7a5e752560bb035a6436b82b26892edfee795e8c Mon Sep 17 00:00:00 2001 -From: darkdragon-001 -Date: Tue, 9 Apr 2024 14:15:15 +0200 -Subject: [PATCH 1/2] kirkwood: add Linksys E4200 v2 (Viper) Router (#3240) - ---- - .github/filters.yml | 10 ++++++++++ - .../luasrc/lib/gluon/upgrade/010-primary-mac | 3 +++ - targets/kirkwood-generic | 5 +++++ - targets/targets.mk | 1 + - 4 files changed, 19 insertions(+) - create mode 100644 targets/kirkwood-generic - -diff --git a/.github/filters.yml b/.github/filters.yml -index 2f634f35..41e4b5a2 100644 ---- a/.github/filters.yml -+++ b/.github/filters.yml -@@ -292,6 +292,16 @@ - "targets/targets.mk", - "targets/bcm27xx.inc" - ], -+ "kirkwood-generic": [ -+ "targets/kirkwood-generic", -+ ".github/workflows/build-gluon.yml", -+ "modules", -+ "Makefile", -+ "patches/**", -+ "scripts/**", -+ "targets/generic", -+ "targets/targets.mk" -+ ], - "mvebu-cortexa9": [ - "targets/mvebu-cortexa9", - ".github/workflows/build-gluon.yml", -diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac b/package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac -index fce501a6..a2946d9e 100755 ---- a/package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac -+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac -@@ -119,6 +119,9 @@ local primary_addrs = { - 'openmesh,a42', - 'openmesh,a62', - }}, -+ {'kirkwood', 'generic', { -+ 'linksys,e4200-v2', -+ }}, - {'mpc85xx', 'p1020', { - 'aerohive,hiveap-330', - 'ocedo,panda', -diff --git a/targets/kirkwood-generic b/targets/kirkwood-generic -new file mode 100644 -index 00000000..e36ae484 ---- /dev/null -+++ b/targets/kirkwood-generic -@@ -0,0 +1,5 @@ -+-- Linksys -+ -+device('linksys-e4200-v2', 'linksys_e4200-v2', { -+ broken = true, -- 802.11s untested -+}) -diff --git a/targets/targets.mk b/targets/targets.mk -index 14955134..20224a06 100644 ---- a/targets/targets.mk -+++ b/targets/targets.mk -@@ -29,5 +29,6 @@ $(eval $(call GluonTarget,x86,64)) - ifeq ($(BROKEN),1) - $(eval $(call GluonTarget,bcm27xx,bcm2710)) # BROKEN: Untested - $(eval $(call GluonTarget,bcm27xx,bcm2711)) # BROKEN: No 11s support, no reset button, sys LED issues -+$(eval $(call GluonTarget,kirkwood,generic)) # BROKEN: 11s support untested - $(eval $(call GluonTarget,mvebu,cortexa9)) # BROKEN: No 11s support - endif --- -2.34.1 - diff --git a/patches/0002-gluon-core-allow-v4-nameservers-in-the-mesh.patch b/patches/0002-gluon-core-allow-v4-nameservers-in-the-mesh.patch deleted file mode 100644 index 543595c..0000000 --- a/patches/0002-gluon-core-allow-v4-nameservers-in-the-mesh.patch +++ /dev/null @@ -1,26 +0,0 @@ -From f1a975d67a214f169e2070261a931a6f96a1fe6f Mon Sep 17 00:00:00 2001 -From: Jan Luebbe -Date: Sun, 16 Sep 2018 11:05:09 +0200 -Subject: [PATCH 02/38] gluon-core: allow v4 nameservers in the mesh - -Signed-off-by: Jan Luebbe ---- - package/gluon-core/check_site.lua | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/package/gluon-core/check_site.lua b/package/gluon-core/check_site.lua -index cf72f05f..83c5a621 100644 ---- a/package/gluon-core/check_site.lua -+++ b/package/gluon-core/check_site.lua -@@ -65,7 +65,7 @@ end - need_boolean(in_site({'poe_passthrough'}), false) - - if need_table({'dns'}, nil, false) then -- need_string_array_match({'dns', 'servers'}, '^[%x:]+$') -+ need_string_array_match({'dns', 'servers'}, '^[%x:.]+$') - need_number({'dns', 'cacheentries'}, false) - end - --- -2.34.1 - diff --git a/patches/0002-kirkwood-generic-fix-device-name-of-Linksys-E4200-v2.patch b/patches/0002-kirkwood-generic-fix-device-name-of-Linksys-E4200-v2.patch deleted file mode 100644 index 24d33c1..0000000 --- a/patches/0002-kirkwood-generic-fix-device-name-of-Linksys-E4200-v2.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 3634f2126f159c01b55f62190a29ff61ad04e7ad Mon Sep 17 00:00:00 2001 -From: Matthias Schiffer -Date: Mon, 24 Jun 2024 23:18:28 +0200 -Subject: [PATCH 2/2] kirkwood-generic: fix device name of Linksys E4200 v2 - -The model name has a codename suffix: -https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=target/linux/kirkwood/files/arch/arm/boot/dts/kirkwood-e4200-v2.dts;h=bfd708a677c96a9f3bdf80ead2db4498487ac5f8;hb=refs/heads/openwrt-23.05#l6 ---- - targets/kirkwood-generic | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/targets/kirkwood-generic b/targets/kirkwood-generic -index e36ae484..0c61da01 100644 ---- a/targets/kirkwood-generic -+++ b/targets/kirkwood-generic -@@ -1,5 +1,5 @@ - -- Linksys - --device('linksys-e4200-v2', 'linksys_e4200-v2', { -+device('linksys-e4200-v2-viper', 'linksys_e4200-v2', { - broken = true, -- 802.11s untested - }) --- -2.34.1 - diff --git a/patches/0003-gluon-core-place-ipv4-wan-routes-into-table-1.patch b/patches/0003-gluon-core-place-ipv4-wan-routes-into-table-1.patch deleted file mode 100644 index b257d56..0000000 --- a/patches/0003-gluon-core-place-ipv4-wan-routes-into-table-1.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 993845aec292c3882767e470702cd87810e69f51 Mon Sep 17 00:00:00 2001 -From: Jan Luebbe -Date: Sun, 16 Sep 2018 12:08:31 +0200 -Subject: [PATCH 03/38] gluon-core: place ipv4 wan routes into table 1 - ---- - package/gluon-core/luasrc/lib/gluon/upgrade/110-network | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/110-network b/package/gluon-core/luasrc/lib/gluon/upgrade/110-network -index bc195b3d..f950abdb 100755 ---- a/package/gluon-core/luasrc/lib/gluon/upgrade/110-network -+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/110-network -@@ -47,6 +47,7 @@ uci:section('network', 'interface', 'wan', { - multicast_querier = false, - peerdns = false, - auto = true, -+ ip4table = 1, - }) - - uci:section('network', 'rule', 'wan_lookup', { --- -2.34.1 - diff --git a/patches/0004-gluon-mesh-vpn-core-support-libpacketmark-for-dns.patch b/patches/0004-gluon-mesh-vpn-core-support-libpacketmark-for-dns.patch deleted file mode 100644 index bb6bb1c..0000000 --- a/patches/0004-gluon-mesh-vpn-core-support-libpacketmark-for-dns.patch +++ /dev/null @@ -1,21 +0,0 @@ -From 5f382c8c514c79a66afdbbe28ccc33eabfdf6ef6 Mon Sep 17 00:00:00 2001 -From: Jan Luebbe -Date: Sun, 16 Sep 2018 12:21:16 +0200 -Subject: [PATCH 04/38] gluon-mesh-vpn-core: support libpacketmark for dns - ---- - .../gluon-mesh-vpn-core/files/lib/gluon/mesh-vpn/iptables.rules | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/package/gluon-mesh-vpn-core/files/lib/gluon/mesh-vpn/iptables.rules b/package/gluon-mesh-vpn-core/files/lib/gluon/mesh-vpn/iptables.rules -index 771fb40c..2d5998b9 100644 ---- a/package/gluon-mesh-vpn-core/files/lib/gluon/mesh-vpn/iptables.rules -+++ b/package/gluon-mesh-vpn-core/files/lib/gluon/mesh-vpn/iptables.rules -@@ -1,3 +1,4 @@ - *nat - -I OUTPUT -m owner --gid-owner gluon-mesh-vpn -o lo -d 127.0.0.1 -p udp --dport 53 -j DNAT --to-destination :54 -+-I OUTPUT -m mark --mark 1 -o lo -d 127.0.0.1 -p udp --dport 53 -j DNAT --to-destination :54 - COMMIT --- -2.34.1 - diff --git a/patches/0005-radvd-use-range-from-tmp-range6-instead-of-site.patch b/patches/0005-radvd-use-range-from-tmp-range6-instead-of-site.patch deleted file mode 100644 index 9fcea61..0000000 --- a/patches/0005-radvd-use-range-from-tmp-range6-instead-of-site.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 0fbff07d12f5ad7e7e50d8b4cc54bbbc5ba5676d Mon Sep 17 00:00:00 2001 -From: Kasalehlia -Date: Sat, 23 Feb 2019 19:13:14 +0100 -Subject: [PATCH 05/38] radvd: use range from /tmp/range6 instead of site - ---- - .../luasrc/lib/gluon/radvd/arguments | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -index c7f43e11..94e1e1db 100755 ---- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -+++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -@@ -2,8 +2,13 @@ - - local site = require "gluon.site" - --io.write("-i local-node -p " .. site.prefix6()) -+local f = io.open("/tmp/range6","r") -+if f then -+ local range6 = f:read('*a') -+ f:close() -+ io.write("-i local-node -p " .. range6) - --if site.dns.servers() and site.next_node.ip6() then -- io.write(" --rdnss " .. site.next_node.ip6()) -+ if site.dns.servers() and site.next_node.ip6() then -+ io.write(" --rdnss " .. site.next_node.ip6()) -+ end - end --- -2.34.1 - diff --git a/patches/0006-uradvd-announce-on-client-bridge.patch b/patches/0006-uradvd-announce-on-client-bridge.patch deleted file mode 100644 index 33c3a8f..0000000 --- a/patches/0006-uradvd-announce-on-client-bridge.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 8b655710263639b916e3645126226f4f70316f0d Mon Sep 17 00:00:00 2001 -From: Kasalehlia -Date: Sun, 24 Feb 2019 12:06:41 +0100 -Subject: [PATCH 06/38] uradvd: announce on client bridge - ---- - package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -index 94e1e1db..fd214c29 100755 ---- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -+++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -@@ -6,7 +6,7 @@ local f = io.open("/tmp/range6","r") - if f then - local range6 = f:read('*a') - f:close() -- io.write("-i local-node -p " .. range6) -+ io.write("-i br-client -p " .. range6) - - if site.dns.servers() and site.next_node.ip6() then - io.write(" --rdnss " .. site.next_node.ip6()) --- -2.34.1 - diff --git a/patches/0007-gluon-mesh-batman-adv-Remove-ebtables-filter-for-bat.patch b/patches/0007-gluon-mesh-batman-adv-Remove-ebtables-filter-for-bat.patch deleted file mode 100644 index 130b1ac..0000000 --- a/patches/0007-gluon-mesh-batman-adv-Remove-ebtables-filter-for-bat.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 290f6352f21627dc12a5a8e1a1141a230ed990a0 Mon Sep 17 00:00:00 2001 -From: Chrissi^ -Date: Sun, 24 Feb 2019 15:22:53 +0100 -Subject: [PATCH 07/38] gluon-mesh-batman-adv: Remove ebtables filter for bat0 - -This change alles meshed PARKER-Nodes to forward IPv6 to the next node. - -Signed-off-by: Chrissi^ ---- - .../luasrc/lib/gluon/ebtables/300-radv-input-output | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/ebtables/300-radv-input-output b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/ebtables/300-radv-input-output -index 377d11cd..e69de29b 100644 ---- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/ebtables/300-radv-input-output -+++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/ebtables/300-radv-input-output -@@ -1,2 +0,0 @@ --rule 'INPUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-solicitation -i bat0 -j DROP' --rule 'OUTPUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-advertisement -o bat0 -j DROP' --- -2.34.1 - diff --git a/patches/0008-radvd-announce-IPv6-of-VPN-node-as-DNS-Server.patch b/patches/0008-radvd-announce-IPv6-of-VPN-node-as-DNS-Server.patch deleted file mode 100644 index 26cdd35..0000000 --- a/patches/0008-radvd-announce-IPv6-of-VPN-node-as-DNS-Server.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 9b22dd34a39b396f6cdf89c5025c6912587d3a3d Mon Sep 17 00:00:00 2001 -From: Chrissi^ -Date: Sun, 1 Sep 2019 13:09:33 +0200 -Subject: [PATCH 08/38] radvd: announce IPv6 of VPN-node as DNS-Server - -Using this change an VPN-node announces it's own IPv6 as DNS server. -/tmp/addr6 is written by nodeoute.lua during runtime configuration. - -Signed-off-by: Chrissi^ ---- - .../luasrc/lib/gluon/radvd/arguments | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -index fd214c29..d450b81e 100755 ---- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -+++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -@@ -3,12 +3,14 @@ - local site = require "gluon.site" - - local f = io.open("/tmp/range6","r") --if f then -+local g = io.open("/tmp/addr6", "r") -+ -+if f and g then - local range6 = f:read('*a') -+ local addr6 = g:read('*a') - f:close() -- io.write("-i br-client -p " .. range6) -+ g:close() - -- if site.dns.servers() and site.next_node.ip6() then -- io.write(" --rdnss " .. site.next_node.ip6()) -- end -+ io.write("-i br-client -p " .. range6) -+ io.write(" --rdnss " .. addr6) - end --- -2.34.1 - diff --git a/patches/0009-gluon-radv-filterd-redirect-IPv6-packets-to-correct-.patch b/patches/0009-gluon-radv-filterd-redirect-IPv6-packets-to-correct-.patch deleted file mode 100644 index 72f1523..0000000 --- a/patches/0009-gluon-radv-filterd-redirect-IPv6-packets-to-correct-.patch +++ /dev/null @@ -1,259 +0,0 @@ -From 1a431d38c50664dd8bdbc07cb57aa6d944a7820b Mon Sep 17 00:00:00 2001 -From: Jan Luebbe -Date: Wed, 4 Mar 2020 21:56:10 +0100 -Subject: [PATCH 09/38] gluon-radv-filterd: redirect IPv6 packets to correct - router - -When multiple routers are in the same local mesh and clients roam from one (A) -to the next (B), the change of global IP and default gateway are not -synchronized. This leads to packets with an address belonging to router A to be -sent via router B (or the other way around). Those packets are then dropped by -wireguard at the concentrator. - -To avoid this, we let gluon-radv-filterd monitor router advertisements and keep -a list of neighbouring v6 networks. With this information, it can maintain a -set of ebtables DNAT rules to redirect the packets to the matching gateway. - -Signed-off-by: Jan Luebbe ---- - .../lib/gluon/ebtables/400-radv-filterd | 4 + - .../src/gluon-radv-filterd.c | 133 +++++++++++++++--- - package/gluon-radv-filterd/src/respondd.c | 1 + - 3 files changed, 119 insertions(+), 19 deletions(-) - -diff --git a/package/gluon-radv-filterd/luasrc/lib/gluon/ebtables/400-radv-filterd b/package/gluon-radv-filterd/luasrc/lib/gluon/ebtables/400-radv-filterd -index 178084d4..4e4f247b 100644 ---- a/package/gluon-radv-filterd/luasrc/lib/gluon/ebtables/400-radv-filterd -+++ b/package/gluon-radv-filterd/luasrc/lib/gluon/ebtables/400-radv-filterd -@@ -1,3 +1,7 @@ - chain('RADV_FILTER', 'DROP') - rule 'FORWARD -p IPv6 -i bat0 --ip6-protocol ipv6-icmp --ip6-icmp-type router-advertisement -j RADV_FILTER' - rule 'RADV_FILTER -j ACCEPT' -+ -+chain('REDIRECT', 'RETURN', 'nat') -+rule('PREROUTING -p IPv6 --logical-in br-client --ip6-destination 2000::/3 -j REDIRECT', 'nat') -+rule('OUTPUT -p IPv6 --logical-out br-client --ip6-destination 2000::/3 -j REDIRECT', 'nat') -diff --git a/package/gluon-radv-filterd/src/gluon-radv-filterd.c b/package/gluon-radv-filterd/src/gluon-radv-filterd.c -index 7a777752..a0b363af 100644 ---- a/package/gluon-radv-filterd/src/gluon-radv-filterd.c -+++ b/package/gluon-radv-filterd/src/gluon-radv-filterd.c -@@ -2,6 +2,8 @@ - /* SPDX-FileCopyrightText: 2017 Sven Eckelmann */ - /* SPDX-License-Identifier: BSD-2-Clause */ - -+// #define DEBUG -+ - #include - #include - #include -@@ -30,6 +32,8 @@ - #include - #include - -+#include -+ - #include - #include - #include -@@ -87,6 +91,9 @@ struct router { - struct timespec eol; - struct ether_addr originator; - uint16_t tq; -+ bool redirected; -+ struct in6_addr lladdr; -+ struct in6_addr prefix; - }; - - static struct global { -@@ -156,6 +163,10 @@ static void cleanup(void) { - if (fork_execvp_timeout(&timeout, "ebtables-tiny", (const char *[]) - { "ebtables-tiny", "-A", G.chain, "-j", "ACCEPT", NULL })) - DEBUG_MSG("warning: adding new rule to ebtables chain %s failed", G.chain); -+ -+ if (fork_execvp_timeout(&timeout, "ebtables-tiny", (const char *[]) -+ { "ebtables-tiny", "-t", "nat", "-F", "REDIRECT", NULL})) -+ DEBUG_MSG("warning: flushing ebtables nat chain REDIRECT failed", G.chain); - } - } - -@@ -232,7 +243,7 @@ static int init_packet_socket(unsigned int ifindex) { - - struct sockaddr_ll bind_iface = { - .sll_family = AF_PACKET, -- .sll_protocol = htons(ETH_P_IPV6), -+ .sll_protocol = htons(ETH_P_ALL), /* seems needed to recieve packets on bat0 */ - .sll_ifindex = ifindex, - }; - ret = bind(sock, (struct sockaddr *)&bind_iface, sizeof(bind_iface)); -@@ -317,40 +328,85 @@ static struct router *router_add(const struct ether_addr *mac) { - return router; - } - --static void router_update(const struct ether_addr *mac, uint16_t timeout) { -- struct router *router; -- -- router = router_find_src(mac); -- if (!router) -- router = router_add(mac); -- if (!router) -- return; -- -- clock_gettime(CLOCK_MONOTONIC, &router->eol); -- router->eol.tv_sec += timeout; --} -- - static void handle_ra(int sock) { - struct sockaddr_ll src; - struct ether_addr mac; - socklen_t addr_size = sizeof(src); - ssize_t len; -+ uint8_t *ptr; - struct { -- struct ip6_hdr ip6; -- struct nd_router_advert ra; -+ struct { -+ struct ip6_hdr ip6; -+ struct nd_router_advert ra; -+ } hdr; -+ uint8_t options[128]; - } pkt; -+ struct router *router; -+ char addr_str[INET6_ADDRSTRLEN]; - - len = recvfrom(sock, &pkt, sizeof(pkt), 0, (struct sockaddr *)&src, &addr_size); - CHECK(len >= 0); - - // BPF already checked that this is an ICMPv6 RA of a default router -- CHECK((size_t)len >= sizeof(pkt)); -- CHECK(ntohs(pkt.ip6.ip6_plen) + sizeof(struct ip6_hdr) >= sizeof(pkt)); -+ CHECK((size_t)len >= sizeof(pkt.hdr)); -+ CHECK(ntohs(pkt.hdr.ip6.ip6_plen) + sizeof(struct ip6_hdr) >= sizeof(pkt.hdr)); - - memcpy(&mac, src.sll_addr, sizeof(mac)); - DEBUG_MSG("received valid RA from " F_MAC, F_MAC_VAR(mac)); - -- router_update(&mac, ntohs(pkt.ra.nd_ra_router_lifetime)); -+ router = router_find_src(&mac); -+ if (!router) -+ router = router_add(&mac); -+ if (!router) -+ return; -+ -+ clock_gettime(CLOCK_MONOTONIC, &router->eol); -+ router->eol.tv_sec += ntohs(pkt.hdr.ra.nd_ra_router_lifetime); -+ -+ memcpy(&router->lladdr, &pkt.hdr.ip6.ip6_src, sizeof(router->lladdr)); -+ -+ DEBUG_MSG("%d bytes in packet", len); -+ -+ // find prefix option -+ len -= sizeof(pkt.hdr); -+ ptr = (uint8_t*)&pkt + sizeof(pkt.hdr); -+ -+ while (len >= 8) { -+ unsigned int o_type = ptr[0]; -+ unsigned int o_len = (unsigned int)ptr[1] << 3; -+ struct nd_opt_prefix_info *o_pi; -+ -+ if (o_type != 3) { -+ ptr += o_len; -+ len -= o_len; -+ DEBUG_MSG("skipping option %d (size %d)", o_type, o_len); -+ continue; -+ } -+ CHECK(len >= o_len); -+ DEBUG_MSG("found option option %d (size %d)", o_type, o_len); -+ -+ o_pi = (struct nd_opt_prefix_info*)ptr; -+ memcpy(&router->prefix, &o_pi->nd_opt_pi_prefix, sizeof(router->prefix)); -+ -+ -+ ptr += o_len; -+ len -= o_len; -+ break; -+ } -+ -+ DEBUG_MSG("%d bytes remaining", len); -+ -+ if (inet_ntop(AF_INET6, &router->lladdr, addr_str, sizeof(addr_str))) { -+ DEBUG_MSG("lladdr: %s", addr_str); -+ } else { -+ DEBUG_MSG("lladdr: error"); -+ } -+ -+ if (inet_ntop(AF_INET6, &router->prefix, addr_str, sizeof(addr_str))) { -+ DEBUG_MSG("prefix: %s", addr_str); -+ } else { -+ DEBUG_MSG("prefix: error"); -+ } - - check_failed: - return; -@@ -595,6 +651,43 @@ static void update_tqs(void) { - } - } - -+static void update_redirect(void) { -+ struct router *router; -+ struct timespec timeout = { -+ .tv_nsec = EBTABLES_TIMEOUT, -+ }; -+ -+ foreach(router, G.routers) { -+ char mac[F_MAC_LEN + 1]; -+ char addr[INET6_ADDRSTRLEN]; -+ char prefix[INET6_ADDRSTRLEN]; -+ -+ if (router->redirected) -+ continue; -+ router->redirected = true; -+ -+ snprintf(mac, sizeof(mac), F_MAC, F_MAC_VAR(router->src)); -+ -+ if (inet_ntop(AF_INET6, &router->prefix, addr, sizeof(addr)) == NULL) { -+ error_message(0, 0, "warning: failed to format prefix"); -+ continue; -+ } -+ snprintf(prefix, sizeof(prefix), "%s/64", addr); -+ -+ if (fork_execvp_timeout(&timeout, "ebtables-tiny", (const char *[]) -+ { "ebtables-tiny", "-t", "nat", "-A", "REDIRECT", -+ "-p", "IPv6", -+ "--ip6-source", prefix, -+ "--ip6-destination", "!", prefix, -+ "-d", "!", mac, -+ "-j", "dnat", -+ "--to-destination", mac, -+ NULL })) -+ error_message(0, 0, "warning: adding new rule to ebtables chain REDIRECT failed"); -+ } -+} -+ -+ - static int fork_execvp_timeout(struct timespec *timeout, const char *file, const char *const argv[]) { - int ret; - pid_t child; -@@ -770,6 +863,8 @@ int main(int argc, char *argv[]) { - timespec_diff(&now, &next_update, &diff)) { - expire_routers(); - -+ update_redirect(); -+ - // all routers could have expired, check again - if (G.routers != NULL) { - if(timespec_diff(&now, &next_invalidation, &diff)) { -diff --git a/package/gluon-radv-filterd/src/respondd.c b/package/gluon-radv-filterd/src/respondd.c -index 8c2c7eb4..bfa9257a 100644 ---- a/package/gluon-radv-filterd/src/respondd.c -+++ b/package/gluon-radv-filterd/src/respondd.c -@@ -4,6 +4,7 @@ - #include - #include - #include -+#include - - #include "mac.h" - --- -2.34.1 - diff --git a/patches/0010-radvd-Announce-v6-as-linklocal.patch b/patches/0010-radvd-Announce-v6-as-linklocal.patch deleted file mode 100644 index 9f7a9da..0000000 --- a/patches/0010-radvd-Announce-v6-as-linklocal.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 1f4341f0cb2051be0053ae33a58f385e1a67ab03 Mon Sep 17 00:00:00 2001 -From: Chrissi^ -Date: Sun, 24 May 2020 15:53:12 +0200 -Subject: [PATCH 10/38] radvd: Announce v6 as linklocal - -This change let's uradvd deliver the v6 link-local of this node as DNS. -With this change DNS-requests are not affected by the radv-filterd --rewrites during roaming. - -Signed-off-by: Chrissi^ ---- - .../luasrc/lib/gluon/radvd/arguments | 13 +++++++------ - 1 file changed, 7 insertions(+), 6 deletions(-) - -diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -index d450b81e..5fd7c2c7 100755 ---- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -+++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -@@ -1,16 +1,17 @@ - #!/usr/bin/lua - --local site = require "gluon.site" -+local json=require("jsonc") -+local f = assert(io.popen("ip -6 -br -j addr show dev br-client scope link", 'r')) -+local s = assert(f:read('*a')) -+f:close() -+local ll = json.parse(s)[1]["addr_info"][2]["local"] - - local f = io.open("/tmp/range6","r") --local g = io.open("/tmp/addr6", "r") - --if f and g then -+if f then - local range6 = f:read('*a') -- local addr6 = g:read('*a') - f:close() -- g:close() - - io.write("-i br-client -p " .. range6) -- io.write(" --rdnss " .. addr6) -+ io.write(" --rdnss " .. ll) - end --- -2.34.1 - diff --git a/patches/0011-gluon-radv-filterd-only-redirect-packets-addressed-t.patch b/patches/0011-gluon-radv-filterd-only-redirect-packets-addressed-t.patch deleted file mode 100644 index aeafe6b..0000000 --- a/patches/0011-gluon-radv-filterd-only-redirect-packets-addressed-t.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 7f22bd7f43afb8d4f079f85df2503afbb3876c99 Mon Sep 17 00:00:00 2001 -From: Jan Luebbe -Date: Sat, 16 Jan 2021 12:19:51 +0100 -Subject: [PATCH 11/38] gluon-radv-filterd: only redirect packets addressed to - routers - -Packets which have a destination MAC of other local nodes should not be -redirected, as this possibly results in routing loops in networks with more -than one uplink. - -Signed-off-by: Jan Luebbe ---- - .../luasrc/lib/gluon/ebtables/400-radv-filterd | 5 +++-- - package/gluon-radv-filterd/src/gluon-radv-filterd.c | 11 +++++++++++ - 2 files changed, 14 insertions(+), 2 deletions(-) - -diff --git a/package/gluon-radv-filterd/luasrc/lib/gluon/ebtables/400-radv-filterd b/package/gluon-radv-filterd/luasrc/lib/gluon/ebtables/400-radv-filterd -index 4e4f247b..afe06299 100644 ---- a/package/gluon-radv-filterd/luasrc/lib/gluon/ebtables/400-radv-filterd -+++ b/package/gluon-radv-filterd/luasrc/lib/gluon/ebtables/400-radv-filterd -@@ -2,6 +2,7 @@ chain('RADV_FILTER', 'DROP') - rule 'FORWARD -p IPv6 -i bat0 --ip6-protocol ipv6-icmp --ip6-icmp-type router-advertisement -j RADV_FILTER' - rule 'RADV_FILTER -j ACCEPT' - -+chain('REDIRECT_FILTER', 'RETURN', 'nat') - chain('REDIRECT', 'RETURN', 'nat') --rule('PREROUTING -p IPv6 --logical-in br-client --ip6-destination 2000::/3 -j REDIRECT', 'nat') --rule('OUTPUT -p IPv6 --logical-out br-client --ip6-destination 2000::/3 -j REDIRECT', 'nat') -+rule('PREROUTING -p IPv6 --logical-in br-client --ip6-destination 2000::/3 -j REDIRECT_FILTER', 'nat') -+rule('OUTPUT -p IPv6 --logical-out br-client --ip6-destination 2000::/3 -j REDIRECT_FILTER', 'nat') -diff --git a/package/gluon-radv-filterd/src/gluon-radv-filterd.c b/package/gluon-radv-filterd/src/gluon-radv-filterd.c -index a0b363af..3506b351 100644 ---- a/package/gluon-radv-filterd/src/gluon-radv-filterd.c -+++ b/package/gluon-radv-filterd/src/gluon-radv-filterd.c -@@ -164,6 +164,10 @@ static void cleanup(void) { - { "ebtables-tiny", "-A", G.chain, "-j", "ACCEPT", NULL })) - DEBUG_MSG("warning: adding new rule to ebtables chain %s failed", G.chain); - -+ if (fork_execvp_timeout(&timeout, "ebtables-tiny", (const char *[]) -+ { "ebtables-tiny", "-t", "nat", "-F", "REDIRECT_FILTER", NULL})) -+ DEBUG_MSG("warning: flushing ebtables nat chain REDIRECT_FILTER failed", G.chain); -+ - if (fork_execvp_timeout(&timeout, "ebtables-tiny", (const char *[]) - { "ebtables-tiny", "-t", "nat", "-F", "REDIRECT", NULL})) - DEBUG_MSG("warning: flushing ebtables nat chain REDIRECT failed", G.chain); -@@ -674,6 +678,13 @@ static void update_redirect(void) { - } - snprintf(prefix, sizeof(prefix), "%s/64", addr); - -+ if (fork_execvp_timeout(&timeout, "ebtables-tiny", (const char *[]) -+ { "ebtables-tiny", "-t", "nat", "-A", "REDIRECT_FILTER", -+ "-d", mac, -+ "-j", "REDIRECT", -+ NULL })) -+ error_message(0, 0, "warning: adding new rule to ebtables chain REDIRECT_FILTER failed"); -+ - if (fork_execvp_timeout(&timeout, "ebtables-tiny", (const char *[]) - { "ebtables-tiny", "-t", "nat", "-A", "REDIRECT", - "-p", "IPv6", --- -2.34.1 - diff --git a/patches/0012-parker-remove-prefix6-and-prefix4.patch b/patches/0012-parker-remove-prefix6-and-prefix4.patch deleted file mode 100644 index aeee3e5..0000000 --- a/patches/0012-parker-remove-prefix6-and-prefix4.patch +++ /dev/null @@ -1,119 +0,0 @@ -From c1c07422b2340cd39c33c47c3700f64263821ad0 Mon Sep 17 00:00:00 2001 -From: Chris Fiege -Date: Sat, 27 Mar 2021 14:31:26 +0100 -Subject: [PATCH 12/38] parker: remove prefix6 and prefix4 - -This change removes the prefix4 and prefix6 attributes from the -site.conf. These do not make sense in the context of parker. - -Packages that are usually used in parker do not use these anymore. Some -other packages do - you should not enable those :-) - -With this change a ipv6 route to prefix_6 will no longer be set on -br-client. Systems that already have this route will keep it. - -With this change the (not working) redirect in the http status page has -been removed. We should consider to add this later on. ---- - package/gluon-client-bridge/check_site.lua | 4 ---- - .../310-gluon-client-bridge-local-node | 3 +-- - package/gluon-core/check_site.lua | 4 ---- - .../lib/gluon/upgrade/400-respondd-firewall | 8 -------- - .../status-page/controller/status-page.lua | 19 +------------------ - 5 files changed, 2 insertions(+), 36 deletions(-) - -diff --git a/package/gluon-client-bridge/check_site.lua b/package/gluon-client-bridge/check_site.lua -index b077f87b..e32ff32e 100644 ---- a/package/gluon-client-bridge/check_site.lua -+++ b/package/gluon-client-bridge/check_site.lua -@@ -1,9 +1,5 @@ - need_string_match(in_domain({'next_node', 'mac'}), '^%x[02468aAcCeE]:%x%x:%x%x:%x%x:%x%x:%x%x$', false) - --if need_string_match(in_domain({'next_node', 'ip4'}), '^%d+.%d+.%d+.%d+$', false) then -- need_string_match(in_domain({'prefix4'}), '^%d+.%d+.%d+.%d+/%d+$') --end -- - need_string_match(in_domain({'next_node', 'ip6'}), '^[%x:]+$', false) - - -diff --git a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/310-gluon-client-bridge-local-node b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/310-gluon-client-bridge-local-node -index e67dc7d5..6f3f3110 100755 ---- a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/310-gluon-client-bridge-local-node -+++ b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/310-gluon-client-bridge-local-node -@@ -22,8 +22,7 @@ uci:section('network', 'device', 'local_node_dev', { - local ip4, ip6 - - if next_node.ip4 then -- local plen = site.prefix4():match('/%d+$') -- ip4 = next_node.ip4 .. plen -+ ip4 = next_node.ip4 .. '/32' - end - - if next_node.ip6 then -diff --git a/package/gluon-core/check_site.lua b/package/gluon-core/check_site.lua -index 83c5a621..4e382009 100644 ---- a/package/gluon-core/check_site.lua -+++ b/package/gluon-core/check_site.lua -@@ -26,10 +26,6 @@ need_string(in_site({'timezone'})) - - need_string_array({'ntp_servers'}, false) - --need_string_match(in_domain({'prefix4'}), '^%d+.%d+.%d+.%d+/%d+$', false) --need_string_match(in_domain({'prefix6'}), '^[%x:]+/64$') --need_string_array_match(in_domain({'extra_prefixes6'}), '^[%x:]+/%d+$', false) -- - local supported_rates = {6000, 9000, 12000, 18000, 24000, 36000, 48000, 54000} - for _, config in ipairs({'wifi24', 'wifi5'}) do - if need_table({config}, nil, false) then -diff --git a/package/gluon-respondd/luasrc/lib/gluon/upgrade/400-respondd-firewall b/package/gluon-respondd/luasrc/lib/gluon/upgrade/400-respondd-firewall -index 74a2e11b..6e529043 100755 ---- a/package/gluon-respondd/luasrc/lib/gluon/upgrade/400-respondd-firewall -+++ b/package/gluon-respondd/luasrc/lib/gluon/upgrade/400-respondd-firewall -@@ -33,14 +33,6 @@ uci:section('firewall', 'rule', 'mesh_respondd_ll', { - target = 'ACCEPT', - }) - --uci:section('firewall', 'rule', 'mesh_respondd_siteprefix', { -- name = 'mesh_respondd_siteprefix', -- src = 'mesh', -- src_ip = site.prefix6(), -- dest_port = '1001', -- proto = 'udp', -- target = 'ACCEPT', --}) - - uci:delete_all('firewall', 'rule', function(rule) - return rule['.name']:find('^mesh_respondd_extraprefix') -diff --git a/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua b/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua -index 80c5e50a..ac2ac2d0 100644 ---- a/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua -+++ b/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua -@@ -63,24 +63,7 @@ end - entry({}, call(function(http, renderer) - local nodeinfo = json.parse(util.exec('exec gluon-neighbour-info -d ::1 -p 1001 -t 3 -c 1 -r nodeinfo')) - -- local node_ip = parse_ip(http:getenv('SERVER_ADDR')) -- if node_ip and ( -- match(node_ip, parse_ip(site.next_node.ip4()), 8) or -- match(node_ip, parse_ip(site.next_node.ip6()), 8) -- ) then -- -- The user has visited the status page via a next-node address -- -- Redirect the user to a unique address to avoid switching nodes -- local prefix = parse_ip(site.prefix6():match('^[^/]+')) -- for _, addr in ipairs(nodeinfo.network.addresses) do -- if match(prefix, parse_ip(addr), 4) then -- http:header('Cache-Control', 'no-cache, no-store, must-revalidate') -- http:redirect('http://[' .. addr .. ']' .. http:getenv('REQUEST_URI')) -- http:close() -- return -- end -- end -- end -- -+ -- TODO: Add a redirect to a local v6 addr for parker - - renderer.render('status-page', { nodeinfo = nodeinfo, site = site }, 'gluon-status-page') - end)) --- -2.34.1 - diff --git a/patches/0013-gluon-radvd-filterd-Do-not-write-respondd-info-if-ba.patch b/patches/0013-gluon-radvd-filterd-Do-not-write-respondd-info-if-ba.patch deleted file mode 100644 index e4902fe..0000000 --- a/patches/0013-gluon-radvd-filterd-Do-not-write-respondd-info-if-ba.patch +++ /dev/null @@ -1,46 +0,0 @@ -From cdaee56616f534586207fc7c9385aed7d0406460 Mon Sep 17 00:00:00 2001 -From: Kasalehlia -Date: Sun, 30 May 2021 13:14:51 +0200 -Subject: [PATCH 13/38] gluon-radvd-filterd: Do not write respondd info if - batman server - ---- - package/gluon-radv-filterd/src/respondd.c | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/package/gluon-radv-filterd/src/respondd.c b/package/gluon-radv-filterd/src/respondd.c -index bfa9257a..9a2a9fc0 100644 ---- a/package/gluon-radv-filterd/src/respondd.c -+++ b/package/gluon-radv-filterd/src/respondd.c -@@ -5,6 +5,8 @@ - #include - #include - #include -+#include -+#include - - #include "mac.h" - -@@ -37,6 +39,19 @@ static struct json_object * get_radv_filter() { - } - - static struct json_object * respondd_provider_statistics() { -+ char buf[6]; -+ int fd = open("/sys/class/net/bat0/mesh/gw_mode", O_RDONLY); -+ if (fd == -1) { -+ perror("error opening gateway info file"); -+ return NULL; -+ } -+ memset(buf, 0, sizeof(buf)); -+ read(fd, buf, sizeof(buf)); -+ close(fd); -+ if (strncmp(buf, "server", 6) == 0) { -+ // We are a batman gateway, do not write gateway6 -+ return NULL; -+ } - struct json_object *ret = json_object_new_object(); - - json_object_object_add(ret, "gateway6", get_radv_filter()); --- -2.34.1 - diff --git a/patches/0014-status-page-Reinstate-redirection-to-own-ip-on-local.patch b/patches/0014-status-page-Reinstate-redirection-to-own-ip-on-local.patch deleted file mode 100644 index 5d08b6b..0000000 --- a/patches/0014-status-page-Reinstate-redirection-to-own-ip-on-local.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 840187bb35440210274dfd14b85d4e268eaac966 Mon Sep 17 00:00:00 2001 -From: Kasalehlia -Date: Sun, 30 May 2021 16:08:30 +0200 -Subject: [PATCH 14/38] status-page: Reinstate redirection to own ip on local - node request - ---- - .../status-page/controller/status-page.lua | 38 ++++++++++++++++++- - 1 file changed, 37 insertions(+), 1 deletion(-) - -diff --git a/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua b/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua -index ac2ac2d0..56463d79 100644 ---- a/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua -+++ b/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua -@@ -63,7 +63,43 @@ end - entry({}, call(function(http, renderer) - local nodeinfo = json.parse(util.exec('exec gluon-neighbour-info -d ::1 -p 1001 -t 3 -c 1 -r nodeinfo')) - -- -- TODO: Add a redirect to a local v6 addr for parker -+ local node_ip = parse_ip(http:getenv('SERVER_ADDR')) -+ if node_ip then -+ if match(node_ip, parse_ip(site.next_node.ip6()), 8) then -+ -- The user has visited the status page via the ipv6 next-node address -+ -- Redirect the user to a unique ipv6 address to avoid switching nodes -+ -- if there is an address matching the first 64bit of the requesting address -+ local remote_ip = parse_ip(http:getenv('REMOTE_ADDR')) -+ if remote_ip then -+ for _, addr in ipairs(nodeinfo.network.addresses) do -+ if match(remote_ip, parse_ip(addr), 4) then -+ http:header('Cache-Control', 'no-cache, no-store, must-revalidate') -+ http:redirect('http://[' .. addr .. ']' .. http:getenv('REQUEST_URI')) -+ http:close() -+ return -+ end -+ end -+ end -+ end -+ if match(node_ip, parse_ip(site.next_node.ip4()), 4) then -+ -- The user has visited the status page via the ipv4 next-node address -+ -- Redirect the user to our unique ipv4 address to avoid switching nodes -+ local process = io.popen('ip -br -4 address show br-client', 'r') -+ if process then -+ local output = process:read('*a') -+ process:close() -+ if output then -+ local addr = string.match(output, '%d+%.%d+%.%d+%.%d+') -+ if addr then -+ http:header('Cache-Control', 'no-cache, no-store, must-revalidate') -+ http:redirect('http://' .. addr .. http:getenv('REQUEST_URI')) -+ http:close() -+ return -+ end -+ end -+ end -+ end -+ end - - renderer.render('status-page', { nodeinfo = nodeinfo, site = site }, 'gluon-status-page') - end)) --- -2.34.1 - diff --git a/patches/0015-gluon-radv-filterd-never-return-NULL-to-respondd.patch b/patches/0015-gluon-radv-filterd-never-return-NULL-to-respondd.patch deleted file mode 100644 index 5f2152c..0000000 --- a/patches/0015-gluon-radv-filterd-never-return-NULL-to-respondd.patch +++ /dev/null @@ -1,42 +0,0 @@ -From cec5d18828cd0978cdd3078d6387dd690b767ca2 Mon Sep 17 00:00:00 2001 -From: Jan Luebbe -Date: Wed, 9 Jun 2021 20:51:33 +0200 -Subject: [PATCH 15/38] gluon-radv-filterd: never return NULL to respondd - -respondd drops existing json object if any provider returns NULL, so we need to -return an empty object instead. ---- - package/gluon-radv-filterd/src/respondd.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/package/gluon-radv-filterd/src/respondd.c b/package/gluon-radv-filterd/src/respondd.c -index 9a2a9fc0..34b70222 100644 ---- a/package/gluon-radv-filterd/src/respondd.c -+++ b/package/gluon-radv-filterd/src/respondd.c -@@ -39,20 +39,20 @@ static struct json_object * get_radv_filter() { - } - - static struct json_object * respondd_provider_statistics() { -+ struct json_object *ret = json_object_new_object(); - char buf[6]; - int fd = open("/sys/class/net/bat0/mesh/gw_mode", O_RDONLY); - if (fd == -1) { - perror("error opening gateway info file"); -- return NULL; -+ return ret; - } - memset(buf, 0, sizeof(buf)); - read(fd, buf, sizeof(buf)); - close(fd); - if (strncmp(buf, "server", 6) == 0) { - // We are a batman gateway, do not write gateway6 -- return NULL; -+ return ret; - } -- struct json_object *ret = json_object_new_object(); - - json_object_object_add(ret, "gateway6", get_radv_filter()); - --- -2.34.1 - diff --git a/patches/0016-Remove-DHCP-block-from-interface-client.patch b/patches/0016-Remove-DHCP-block-from-interface-client.patch deleted file mode 100644 index dd63605..0000000 --- a/patches/0016-Remove-DHCP-block-from-interface-client.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 01b4ab7723b768a71fe16e20f4c77dc1ea7e578e Mon Sep 17 00:00:00 2001 -From: Jan Luebbe -Date: Sun, 2 Dec 2018 12:22:08 +0100 -Subject: [PATCH 16/38] Remove DHCP-block from interface "client" - -For parker we need DHCP on the client interface. Ths rule -prevents us from doing so. -In addition: make sure old rules will be deleted on upgrade. ---- - .../luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network -index 3d4dbac3..7f501e67 100755 ---- a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network -+++ b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/300-gluon-client-bridge-network -@@ -46,5 +46,7 @@ uci:section('dhcp', 'dhcp', 'local_client', { - ignore = true, - }) - -+uci:delete('dhcp', 'local_client') -+ - uci:save('dhcp') - uci:save('firewall') --- -2.34.1 - diff --git a/patches/0017-radvd-use-next-node-for-dns.patch b/patches/0017-radvd-use-next-node-for-dns.patch deleted file mode 100644 index d2b9467..0000000 --- a/patches/0017-radvd-use-next-node-for-dns.patch +++ /dev/null @@ -1,28 +0,0 @@ -From c5d3612abd2918c19b3c0d8f78b8944747a7183b Mon Sep 17 00:00:00 2001 -From: Chris Fiege -Date: Sun, 16 Apr 2023 13:28:42 +0200 -Subject: [PATCH 17/38] radvd: use next-node for dns - ---- - .../gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -index 5fd7c2c7..b228233b 100755 ---- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -+++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments -@@ -1,10 +1,7 @@ - #!/usr/bin/lua - - local json=require("jsonc") --local f = assert(io.popen("ip -6 -br -j addr show dev br-client scope link", 'r')) --local s = assert(f:read('*a')) --f:close() --local ll = json.parse(s)[1]["addr_info"][2]["local"] -+local ll = "2001:bf7:382::1" - - local f = io.open("/tmp/range6","r") - --- -2.34.1 - diff --git a/patches/0018-gluon-radv-filterd-respondd-update-to-use-netlink-in.patch b/patches/0018-gluon-radv-filterd-respondd-update-to-use-netlink-in.patch deleted file mode 100644 index f899709..0000000 --- a/patches/0018-gluon-radv-filterd-respondd-update-to-use-netlink-in.patch +++ /dev/null @@ -1,105 +0,0 @@ -From d4ecf86613b982958fd763fe1e55c0b7817c8106 Mon Sep 17 00:00:00 2001 -From: Jan Luebbe -Date: Sun, 16 Apr 2023 17:44:09 +0200 -Subject: [PATCH 18/38] gluon-radv-filterd: respondd: update to use netlink - instead of sysfs - ---- - package/gluon-radv-filterd/src/respondd.c | 72 +++++++++++++++++++---- - 1 file changed, 62 insertions(+), 10 deletions(-) - -diff --git a/package/gluon-radv-filterd/src/respondd.c b/package/gluon-radv-filterd/src/respondd.c -index 34b70222..4577730d 100644 ---- a/package/gluon-radv-filterd/src/respondd.c -+++ b/package/gluon-radv-filterd/src/respondd.c -@@ -8,8 +8,57 @@ - #include - #include - -+#include -+#include -+#include -+#include -+ - #include "mac.h" - -+struct mode_netlink_opts { -+ bool is_server; -+ struct batadv_nlquery_opts query_opts; -+}; -+ -+static const enum batadv_nl_attrs mode_mandatory[] = { -+ BATADV_ATTR_GW_MODE, -+}; -+ -+static int parse_mode_netlink_cb(struct nl_msg *msg, void *arg) -+{ -+ struct nlattr *attrs[BATADV_ATTR_MAX+1]; -+ struct nlmsghdr *nlh = nlmsg_hdr(msg); -+ struct batadv_nlquery_opts *query_opts = arg; -+ struct genlmsghdr *ghdr; -+ struct mode_netlink_opts *opts; -+ uint8_t mode; -+ -+ opts = batadv_container_of(query_opts, struct mode_netlink_opts, -+ query_opts); -+ -+ if (!genlmsg_valid_hdr(nlh, 0)) -+ return NL_OK; -+ -+ ghdr = nlmsg_data(nlh); -+ -+ if (ghdr->cmd != BATADV_CMD_GET_MESH_INFO) -+ return NL_OK; -+ -+ if (nla_parse(attrs, BATADV_ATTR_MAX, genlmsg_attrdata(ghdr, 0), -+ genlmsg_len(ghdr), batadv_genl_policy)) -+ return NL_OK; -+ -+ if (batadv_genl_missing_attrs(attrs, mode_mandatory, -+ BATADV_ARRAY_SIZE(mode_mandatory))) -+ return NL_OK; -+ -+ mode = nla_get_u8(attrs[BATADV_ATTR_GW_MODE]); -+ -+ opts->is_server = mode == BATADV_GW_MODE_SERVER; -+ -+ return NL_OK; -+} -+ - static struct json_object * get_radv_filter() { - FILE *f = popen("exec ebtables-tiny -L RADV_FILTER", "r"); - char *line = NULL; -@@ -40,16 +89,19 @@ static struct json_object * get_radv_filter() { - - static struct json_object * respondd_provider_statistics() { - struct json_object *ret = json_object_new_object(); -- char buf[6]; -- int fd = open("/sys/class/net/bat0/mesh/gw_mode", O_RDONLY); -- if (fd == -1) { -- perror("error opening gateway info file"); -- return ret; -- } -- memset(buf, 0, sizeof(buf)); -- read(fd, buf, sizeof(buf)); -- close(fd); -- if (strncmp(buf, "server", 6) == 0) { -+ -+ struct mode_netlink_opts opts = { -+ .is_server = false, -+ .query_opts = { -+ .err = 0, -+ }, -+ }; -+ -+ batadv_genl_query("bat0", BATADV_CMD_GET_MESH_INFO, -+ parse_mode_netlink_cb, 0, -+ &opts.query_opts); -+ -+ if (opts.is_server) { - // We are a batman gateway, do not write gateway6 - return ret; - } --- -2.34.1 - diff --git a/patches/0019-gluon-status-page-Fix-redirect-to-actual-IPv4-addr.patch b/patches/0019-gluon-status-page-Fix-redirect-to-actual-IPv4-addr.patch deleted file mode 100644 index 8be13e7..0000000 --- a/patches/0019-gluon-status-page-Fix-redirect-to-actual-IPv4-addr.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 69a85af0f84be53eed682db45ff97ddf651cae2d Mon Sep 17 00:00:00 2001 -From: Chris Fiege -Date: Thu, 20 Apr 2023 23:04:55 +0200 -Subject: [PATCH 19/38] gluon-status-page: Fix redirect to actual IPv4 addr - -Finding the actual IPv4 address of the node relied on "-br" of ip. -Since Gluon v2022 we must live with busybox ip... -This change works around this change... ---- - .../luasrc/lib/gluon/status-page/controller/status-page.lua | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua b/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua -index 56463d79..ab394494 100644 ---- a/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua -+++ b/package/gluon-status-page/luasrc/lib/gluon/status-page/controller/status-page.lua -@@ -84,7 +84,7 @@ entry({}, call(function(http, renderer) - if match(node_ip, parse_ip(site.next_node.ip4()), 4) then - -- The user has visited the status page via the ipv4 next-node address - -- Redirect the user to our unique ipv4 address to avoid switching nodes -- local process = io.popen('ip -br -4 address show br-client', 'r') -+ local process = io.popen('ip -4 a show dev br-client','r') - if process then - local output = process:read('*a') - process:close() --- -2.34.1 - diff --git a/patches/0020-gluon-radv-filterd-Increase-timeout-when-calling-ebt.patch b/patches/0020-gluon-radv-filterd-Increase-timeout-when-calling-ebt.patch deleted file mode 100644 index 9caecb5..0000000 --- a/patches/0020-gluon-radv-filterd-Increase-timeout-when-calling-ebt.patch +++ /dev/null @@ -1,61 +0,0 @@ -From ed009edb3613ddbaac182f25973e3f893e836ff8 Mon Sep 17 00:00:00 2001 -From: Chris Fiege -Date: Sun, 29 Oct 2023 15:25:49 +0100 -Subject: [PATCH 20/38] gluon-radv-filterd: Increase timeout when calling - `ebtables` - -A popen of `ebtables` can block, when there is already another instance -running. -This timeout was intended to be 1 second. -So we should wait at least that long. - -Signed-off-by: Chris Fiege ---- - package/gluon-radv-filterd/src/gluon-radv-filterd.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/package/gluon-radv-filterd/src/gluon-radv-filterd.c b/package/gluon-radv-filterd/src/gluon-radv-filterd.c -index 3506b351..067cfd55 100644 ---- a/package/gluon-radv-filterd/src/gluon-radv-filterd.c -+++ b/package/gluon-radv-filterd/src/gluon-radv-filterd.c -@@ -53,8 +53,8 @@ - // seconds). Re-read it from the transtable afterwards. - #define ORIGINATOR_CACHE_TTL 300 - --// max execution time of a single ebtables call in nanoseconds --#define EBTABLES_TIMEOUT 500000000 // 500ms -+// max execution time of a single ebtables call in seconds -+#define EBTABLES_TIMEOUT 2 - - // TQ value assigned to local routers - #define LOCAL_TQ 512 -@@ -143,7 +143,7 @@ static int timespec_diff(struct timespec *tv1, struct timespec *tv2, - static void cleanup(void) { - struct router *router; - struct timespec timeout = { -- .tv_nsec = EBTABLES_TIMEOUT, -+ .tv_sec = EBTABLES_TIMEOUT, - }; - - close(G.sock); -@@ -658,7 +658,7 @@ static void update_tqs(void) { - static void update_redirect(void) { - struct router *router; - struct timespec timeout = { -- .tv_nsec = EBTABLES_TIMEOUT, -+ .tv_sec = EBTABLES_TIMEOUT, - }; - - foreach(router, G.routers) { -@@ -770,7 +770,7 @@ static bool election_required(void) - - static void update_ebtables(void) { - struct timespec timeout = { -- .tv_nsec = EBTABLES_TIMEOUT, -+ .tv_sec = EBTABLES_TIMEOUT, - }; - char mac[F_MAC_LEN + 1]; - struct router *router; --- -2.34.1 - diff --git a/patches/0021-gluon-radv-filterd-expire-routers-for-redirect.patch b/patches/0021-gluon-radv-filterd-expire-routers-for-redirect.patch deleted file mode 100644 index f037bc3..0000000 --- a/patches/0021-gluon-radv-filterd-expire-routers-for-redirect.patch +++ /dev/null @@ -1,133 +0,0 @@ -From e78457b2dbcc6ff5b7b732ec94a6e3f32bce7522 Mon Sep 17 00:00:00 2001 -From: Rouven Czerwinski -Date: Sun, 26 May 2024 16:43:55 +0200 -Subject: [PATCH 21/38] gluon-radv-filterd: expire routers for redirect - -For the redirect login implemented for parker, it is beneficial to keep -a list of seen routers and mark them as expired instead of removing them -from the global routers list. This way we don't enter a new redirect -entry for the same router when it shows up again after a mesh link -failure. - -All foreach loops should be adjusted to correctly ignore expired -routers. - -Signed-off-by: Rouven Czerwinski ---- - .../src/gluon-radv-filterd.c | 33 +++++++++++++++---- - 1 file changed, 26 insertions(+), 7 deletions(-) - -diff --git a/package/gluon-radv-filterd/src/gluon-radv-filterd.c b/package/gluon-radv-filterd/src/gluon-radv-filterd.c -index 067cfd55..1c0bc5f2 100644 ---- a/package/gluon-radv-filterd/src/gluon-radv-filterd.c -+++ b/package/gluon-radv-filterd/src/gluon-radv-filterd.c -@@ -92,6 +92,7 @@ struct router { - struct ether_addr originator; - uint16_t tq; - bool redirected; -+ bool expired; - struct in6_addr lladdr; - struct in6_addr prefix; - }; -@@ -300,6 +301,9 @@ static struct router *router_find_src(const struct ether_addr *src) { - struct router *router; - - foreach(router, G.routers) { -+ if (router->expired) -+ continue; -+ - if (ether_addr_equal(router->src, *src)) - return router; - } -@@ -311,6 +315,9 @@ static struct router *router_find_orig(const struct ether_addr *orig) { - struct router *router; - - foreach(router, G.routers) { -+ if (router->expired) -+ continue; -+ - if (ether_addr_equal(router->originator, *orig)) - return router; - } -@@ -321,6 +328,13 @@ static struct router *router_find_orig(const struct ether_addr *orig) { - static struct router *router_add(const struct ether_addr *mac) { - struct router *router; - -+ foreach(router, G.routers) { -+ if (ether_addr_equal(router->src, *mac)) { -+ router->expired = false; -+ return router; -+ } -+ } -+ - router = calloc(1, sizeof(*router)); - if (!router) - return NULL; -@@ -417,7 +431,6 @@ check_failed: - } - - static void expire_routers(void) { -- struct router **prev_ptr = &G.routers; - struct router *router; - struct router *safe; - struct timespec now; -@@ -425,15 +438,12 @@ static void expire_routers(void) { - - clock_gettime(CLOCK_MONOTONIC, &now); - -- foreach_safe(router, safe, G.routers) { -+ foreach(router, G.routers) { - if (timespec_diff(&now, &router->eol, &diff)) { - DEBUG_MSG("router " F_MAC " expired", F_MAC_VAR(router->src)); -- *prev_ptr = router->next; - if (G.best_router == router) - G.best_router = NULL; -- free(router); -- } else { -- prev_ptr = &router->next; -+ router->expired = true; - } - } - } -@@ -628,6 +638,9 @@ static void update_tqs(void) { - - // if all routers have a TQ value, we don't need to check translocal - foreach(router, G.routers) { -+ if (router->expired) -+ continue; -+ - if (router->tq == 0) - break; - } -@@ -641,6 +654,9 @@ static void update_tqs(void) { - } - - foreach(router, G.routers) { -+ if (router->expired) -+ continue; -+ - if (router->tq == 0) { - if (ether_addr_equal(router->originator, unspec)) - DEBUG_MSG( -@@ -666,7 +682,7 @@ static void update_redirect(void) { - char addr[INET6_ADDRSTRLEN]; - char prefix[INET6_ADDRSTRLEN]; - -- if (router->redirected) -+ if (router->redirected || router->expired) - continue; - router->redirected = true; - -@@ -784,6 +800,9 @@ static void update_ebtables(void) { - } - - foreach(router, G.routers) { -+ if (router->expired) -+ continue; -+ - if (router->tq == G.max_tq) { - snprintf(mac, sizeof(mac), F_MAC, F_MAC_VAR(router->src)); - break; --- -2.34.1 - diff --git a/patches/0022-status-page-add-wireguard-pubkey.patch b/patches/0022-status-page-add-wireguard-pubkey.patch deleted file mode 100644 index c42b8d7..0000000 --- a/patches/0022-status-page-add-wireguard-pubkey.patch +++ /dev/null @@ -1,36 +0,0 @@ -From e5d6419ac8f079f4808e66f795d134b9ac862856 Mon Sep 17 00:00:00 2001 -From: Kasalehlia -Date: Sun, 9 Jan 2022 15:37:15 +0100 -Subject: [PATCH 22/38] status-page: add wireguard pubkey - ---- - .../files/lib/gluon/status-page/view/status-page.html | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html b/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html -index fddb4f1f..a98eded8 100644 ---- a/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html -+++ b/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html -@@ -117,6 +117,8 @@ - statistics(key .. '/bytes', 'bytes') - ) - end -+ -+ local wg_pubkey = util.readfile('/etc/parker/wg-pubkey') - - http:prepare_content("text/html") - -%> -@@ -205,6 +207,10 @@ -
batman-adv <%| nodeinfo.software['batman-adv'].version %> (compat<%| nodeinfo.software['batman-adv'].compat %>)
- <%- end %> - <%- end %> -+ <% if wg_pubkey then -%> -+
Wireguard Key
-+
<%| wg_pubkey %>
-+ <%- end %> - - -
--- -2.34.1 - diff --git a/patches/0023-mesh-vpn-recognise-parker-as-vpn-type.patch b/patches/0023-mesh-vpn-recognise-parker-as-vpn-type.patch deleted file mode 100644 index 5a6b4d0..0000000 --- a/patches/0023-mesh-vpn-recognise-parker-as-vpn-type.patch +++ /dev/null @@ -1,58 +0,0 @@ -From a8a703d813df4b95824a42a6182ebbe04f0bc59a Mon Sep 17 00:00:00 2001 -From: Kasalehlia -Date: Sat, 10 Oct 2020 17:10:23 +0200 -Subject: [PATCH 23/38] mesh-vpn: recognise parker as vpn type - -This change overrides the gluon-core vpn-provider logic and makes sure -that mesh-vpn get's enabled when the user set the corresponding option -in the wizzard. -It also sets the simple-tc traffic limits. ---- - .../luasrc/lib/gluon/mesh-vpn/update-config | 27 +++++++------------ - 1 file changed, 9 insertions(+), 18 deletions(-) - -diff --git a/package/gluon-mesh-vpn-core/luasrc/lib/gluon/mesh-vpn/update-config b/package/gluon-mesh-vpn-core/luasrc/lib/gluon/mesh-vpn/update-config -index 935d0b9a..a78576a4 100755 ---- a/package/gluon-mesh-vpn-core/luasrc/lib/gluon/mesh-vpn/update-config -+++ b/package/gluon-mesh-vpn-core/luasrc/lib/gluon/mesh-vpn/update-config -@@ -1,7 +1,6 @@ - #!/usr/bin/lua - - local uci = require('simple-uci').cursor() --local vpn_name, vpn = require('gluon.mesh-vpn').get_active_provider() - - local vpn_config = { - enabled = uci:get_bool('gluon', 'mesh_vpn', 'enabled'), -@@ -10,20 +9,12 @@ local vpn_config = { - limit_ingress = uci:get('gluon', 'mesh_vpn', 'limit_ingress'), - } - --if vpn_name ~= 'fastd' then -- uci:set('fastd', 'mesh_vpn', 'enabled', false) -- uci:save('fastd') --end -- --if vpn_name ~= 'tunneldigger' then -- uci:set('tunneldigger', 'mesh_vpn', 'enabled', false) -- uci:save('tunneldigger') --end -- --vpn.enable(vpn_config.enabled) --if vpn_config.limit_enabled then -- vpn.set_limit(vpn_config.limit_ingress, vpn_config.limit_egress) --else -- vpn.set_limit(nil, nil) --end -- -+uci:delete('simple-tc', 'client') -+uci:section('simple-tc', 'interface', 'client', { -+ ifname = 'br-client', -+ enabled = vpn_config.limit_enabled, -+ -- limits are flipped here -+ limit_ingress = vpn_config.limit_egress, -+ limit_egress = vpn_config.limit_ingress, -+}) -+uci:commit('simple-tc') --- -2.34.1 - diff --git a/patches/0024-config-mode-show-mesh-vpn-options-if-parker-is-used.patch b/patches/0024-config-mode-show-mesh-vpn-options-if-parker-is-used.patch deleted file mode 100644 index acdfe51..0000000 --- a/patches/0024-config-mode-show-mesh-vpn-options-if-parker-is-used.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 5a6d1e7566e5715c2395c6a66a6fb3e39b1ca913 Mon Sep 17 00:00:00 2001 -From: Kasalehlia -Date: Sat, 10 Oct 2020 19:10:42 +0200 -Subject: [PATCH 24/38] config-mode: show mesh-vpn options if parker is used - ---- - .../luasrc/lib/gluon/config-mode/wizard/0300-mesh-vpn.lua | 7 ------- - 1 file changed, 7 deletions(-) - -diff --git a/package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/wizard/0300-mesh-vpn.lua b/package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/wizard/0300-mesh-vpn.lua -index da17af3a..261dfbd4 100644 ---- a/package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/wizard/0300-mesh-vpn.lua -+++ b/package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/wizard/0300-mesh-vpn.lua -@@ -1,11 +1,4 @@ --local vpn = require 'gluon.mesh-vpn' --local _, active_vpn = vpn.get_active_provider() -- - return function(form, uci) -- if active_vpn == nil then -- return -- end -- - local pkg_i18n = i18n 'gluon-config-mode-mesh-vpn' - - local msg = pkg_i18n.translate( --- -2.34.1 - diff --git a/patches/0025-WIP-gluon-modules.patch b/patches/0025-WIP-gluon-modules.patch deleted file mode 100644 index 7df8f7d..0000000 --- a/patches/0025-WIP-gluon-modules.patch +++ /dev/null @@ -1,548 +0,0 @@ -From 525f12b7ad72f4f6143df241ae5a77d731757bc3 Mon Sep 17 00:00:00 2001 -From: Chris Fiege -Date: Sat, 19 Oct 2024 12:21:41 +0200 -Subject: [PATCH 25/38] WIP: gluon-modules - -modules: version bump onto v2021.1.x - -modulfix - -modules: update gluon packages to pick the ebtables-tiny locking fix - -packages: Bump version to include: 'ebtables-tiny: reduce wait on missisng lock' - -modules: Bump gluon-packages to v2023.2.x-ffbs-next - -This drops patches for uradvd. This package has been moved to -openwrt-packages and will be re-added in a later commit. - -modules: Move openwrt-packages to an ffbs-fork including patched uradvd - -* 8a7f020cd WIP: Build uradvd from ffbs fork - -modules: Bump gluon packages onto v2023.2.2 - -This bumps ffbs/packages.git to a version rebased onto what gluon uses -in v2023.2.2. - -New commits in packages since v2023.2(.0): -* 3d08b0f wgpeerselector: fix undefined variable peer - -modules: Bump openwrt packages onto gluon v2023.2.2 - -This bumps ffbs/openwrt-packages.git to a version rebased onto what gluon uses -in v2023.2.2. - -New commits in packages since v2023.2(.0): - -* 229175a0b libwslay: remove, nothing depends on it since h2o is gone -* b1b33235b dnsdist: disable XSK to fix the build -* 15ab42c47 dnsdist: update to 1.9.0 -* 14c9d6172 dnsdist: Enable custom load-balancing policies in the light version -* c55605659 dnsdist: update to 1.8.3 -* 218769f99 h2o: remove, nothing depends on it anymore -* 1504a153b nghttp3: fix pkgconfig file -* c2350acb6 clamav: update to 1.3.0 -* fe210e7cb knot: update to version 3.3.5 -* eaa6026dd acme-common: use validation_method option instead of guessing -* 6c7b6bf20 ntpclient: remove -* 06fb98b27 syslog-ng: update to version 4.6.0 -* 002297b47 syslog-ng: conf: fix deprecated stats_freq -* fd9ccec73 v2ray-core: Update to 5.14.1 -* 210468d0c c-ares: update to 1.27.0 -* af4d84746 apfree-wifidog: update to 7.02.1977 -* f629091e8 apfree-wifidog: fix some bugs in the wifidogx.init file -* 817246f59 Merge pull request #23573 from stangri/openwrt-23.05-https-dns-proxy -* 667ac9d8e banip: update 0.9.4-3 -* 30cd11d03 natmap: update to 20240303 -* 81c1d4449 v2raya: Update to 2.2.5.1 -* 4778acec8 dnsproxy: Update to 0.65.2 -* 244320826 golang: Update to 1.21.7 -* 8d38305fa v2raya: Update to 2.2.5 -* ac96098e3 banip: update 0.9.4-2 -* 2e4d1635d banip: release 0.9.4-1 -* 4442726ba rclone: add fuse3-utils as dependency -* e3521f16c yq: Update to 4.42.1 -* cadd900f0 v2fly-geodata: Update to latest version -* 44febef1c cloudflared: Update to 2024.2.1 -* 9e20e91de btop: Update to 1.3.2 -* 751c3a580 v2raya: Update to 2.2.4.7 -* 00f32a022 yq: Update to 4.41.1 -* 5e5e0592d yq: Update to 4.40.7 -* 9b57a8a68 cloudflared: Update to 2024.2.0 -* 0d013a38b v2ray-geodata: Update to latest version -* 7bc7eb58f https-dns-proxy: update to upstream 2023-11-19 -* 3c3477267 rtl-sdr: update to v2.0.1 -* b6f2bef08 rtl_433: update to 23.11 -* 5ecbe0797 travelmate: update 2.1.2-5 -* 166e8d2d3 adblock: update 4.1.5-9 -* ab651824e ragel: new package to build vectorscan -* cd5f6637f snort3: build against gperftools-runtime -* 525321667 snort3: update to 3.1.81.0 -* 28aeff87b gperftools: add new package -* f589b5880 hyperscan: new package for speeding up regex ops -* c9dff69de dockerd: Update to 25.0.3 -* 755e6f783 docker: Update to 25.0.3 -* 984b65bf7 containerd: Update to 1.7.13 -* a697eea62 runc: Update to 1.1.12 -* b3270866f tailscale: Update to 1.58.2 -* bd5a36867 tailscale: Update to 1.58.0 -* 1ff74e644 travelmate: update 2.1.2-4 -* fa68279e3 Merge pull request #23485 from mhei/23.05-php8-update-to-8.2.16 -* e5c557be0 travelmate: update 2.1.2-3 -* 309ee2c26 git: update to 2.43.2 -* 53fa23900 git: update to 2.43.0 -* f628aaa30 lighttpd: update to lighttpd 1.4.74 release hash -* 06b0d0cce ovn: bump to 22.03.5 -* 0000f307c openvswitch: bump to 2.17.9 -* 65883df9a squid: fix configure options -* 57acafa66 unbound: update to latest upstream release version 1.19.1 -* 76aaa3059 libuv: fix CVE-2024-24806 -* 1a4c42d69 haproxy: update to v2.8.6 -* b23808a54 ocserv: updated config -* 8e9ad0e3c ocserv: use better separator for sed -* a19f8a1f1 openconnect: make host dependency more resilient -* 22e304ecf openconnect: update to 9.12 -* 679b9cf55 openconnect: add support for option --pfs -* 3d7193cde php8: update to 8.2.16 -* 9164fa255 lxc: update to 5.0.3 -* c5ad47372 zabbix: update to version 6.4.7 -* 583af1248 yt-dlp: bump to version 2023.12.30 -* abba8cff8 yt-dlp: bump to version 2023.11.16 -* a696cd44b yt-dlp: add missing dependencies -* f12547cf1 node: February 14 2024 Security Releases -* 9d8882fe4 Merge pull request #23407 from stangri/openwrt-23.05-adblock-fast -* 95f45c24b bind: bump to 9.18.24 -* 1159b8ec3 bind: bump to 9.18.19 -* 74cd5e095 bind: update to version 9.18.18 -* dc3fec89a bind: bump to 9.18.16 -* 2451d5a69 pdns-recursor: update to 4.8.6 (fixes CVE-2023-50387, CVE-2023-50868) -* ae10fd6db Merge pull request #23415 from systemcrash/p910nd_picks -* 836047068 squid: update to 6.7 -* f711c7e24 p910nd: bump release -* 0f0962ee1 p910nd: hotplug shellcheck fixes -* 1e8c78fcc p910nd: init: check device (/dev/usb/lpX) existence -* 111228675 p910nd: init: partial fix for openwrt/packages#10496 -* 238e16f97 p910nd: hotplug+init: include extra ieee1284 properties -* 00d14e9bb p910nd: hotplug: minor bug fixes -* b7a11d611 p910nd: hotplug: small refactor -* 92d1d4a77 p910nd: init: add txtvers=1 to mDNS properties -* c847cac8f p910nd: init: line-break and conditionalize mDNS properties -* 9ea1d672b p910nd: init: only run mDNS changes if mdns is set to on -* 7eeb756a2 p910nd: init script -* 3cac4412d p910nd: hotplug script -* abe112566 adblock-fast: add force_dns_interface setting -* 280b81c7a stlink: add packages -* d844df9a4 crowdsec: new upstream release version 1.6.0 -* 91c5ca7ba openssh: fix build failure on powerpc_8548 https://github.com/openssh/openssh-portable/commit/1036d77b34a5fa15e56f516b81b9928006848cbd -* 89fcc9e27 openssh: bump to 9.6p1 -* fad7e0ae1 tailscale: create combined tailscale/tailscaled -* cf0b1e0ed knot: update to version 3.3.4 -* de34798be knot: update to version 3.3.3 -* f83e01a4b dawn: Add PKG_BUILD_FLAGS:=no-lto because lto causes strange SegFaults -* a062c2a51 dawn: Update to 2023-05-14 -* dbb40a890 snowflake: update to 2.8.1 -* 26c24e579 mosquitto: reenable options wrongly turned off -* db28d99be python-ble2mqtt: update to 0.2.2 -* c2ae7b95d python-dbus-fast: upgrade to 2.21.1 -* 63f6af4bc nextdns: Update to version 1.42.0 -* 6d6e398c7 Openvpn: add missing script-security -* bce14a016 cloudflared: refine config.yml -* 892ce0645 dnsproxy: Update to 0.64.1 -* 3ffac159c inih: Update to r58 -* a3c2cd8fb rclone: Update to 1.65.2 -* 8c8ec8106 cloudflared: Update to 2024.1.5 -* 6cb714722 dos2unix: Update to 7.5.2 -* 05c602c8c Merge pull request #23253 from stangri/openwrt-23.05-curl -* ff387bd30 Merge remote-tracking branch 'yggdrasil-openwrt/yggdrasil-for-23.05' into openwrt-23.05 -* 8d02881d4 curl: update to 8.6.0 -* b2bf8f26b Merge pull request #23227 from stangri/openwrt-23.05-nebula -* dcff607ba nebula: update to 1.8.2-2 -* 810bd106d Merge pull request #23201 from mhei/23.05-php8-update-to-8.2.15 -* 905afb0ed xz: Update to 5.4.6 -* 92a07db7d php8: update to 8.2.15 -* 1167ef72e python-dbus-fast: update version 2.21.0 -* e6d3a7892 python3-bleak: add missing python3-typing-extensions dependency -* 0da0a501e natmap: update to 20240126 -* 67dcaa5d7 sing-box: update to 1.8.4 -* f87af4985 banip: update 0.9.3-5 -* b61930ad7 v2ray-geodata: Update to latest version -* 9a26ff67e v2raya: do not allow changing config/log directory -* 4267c8776 dnsproxy: Update to 0.63.1 -* 63a022a87 rclone: Update to 1.65.1 -* d07aa2f0f xray-core: Update to 1.8.7 -* d9d4acfd9 cloudflared: Update to 2024.1.4 -* ebddc07c1 cloudflared: Update to 2024.1.2 -* ef606d4b2 Merge pull request #23137 from nmav/tmp-new-ocserv-23.05 -* 4da835d3e gnutls: updated to 3.8.3 -* 5aabddf75 ocserv: updated to 1.2.4 -* 564e6e08d Openvpn: add missing script event options -* 0707d98c1 htop: update to 3.3.0 -* d877e4493 Merge pull request #23127 from stangri/openwrt-23.05-adblock-fast -* ac2736542 adblock-fast: update to 1.1.1-3 -* 2c2bc1709 Merge pull request #23117 from stangri/openwrt-23.05-adblock-fast -* 58a7c28aa adblock-fast: sync with main branch -* 144cacc12 Merge pull request #23101 from stangri/openwrt-23.05-nebula -* ee11377b7 nebula: update to 1.8.2 -* eb7db48b6 yggdrasil: bump to 0.5.4 -* 315f5c41b yggdrasil: bump to 0.5.3 -* be2b05436 yggdrasil: support public key in config generation -* 4b5d833e6 yggdrasil: overhaul package with netifd support - package is bumped to 0.5.2 - new protocol changes prevent peering with 0.4.x peers - @turretkeeper revamps package with netifd support - do not use with luci-app-yggdrasil please install luci-proto-yggdrasil - -modules: OpenWRT-packages onto v2023.2.3 - -Out fork of openwrt-packages has been rebased onto what Gluon v2023.2.3 -references. - -New commits: - -* 3db4314e2 delve: update to 1.23.0 -* 6e2e3240d xray-core: update to 1.8.21 -* c2422e740 p910nd: set bidi only if not already set -* a8c75f103 make: update to 4.4.1 -* 3016416c5 autoconf: update to 2.72 -* bf11148e5 automake: update to 1.16.5 -* 2d98802b1 xray-core: update to 1.8.20 -* 66e793f9c unbound: Update to 1.20.0 -* 7ebcd8c81 transmission: update to version 4.0.6 -* 733e6808f transmission: fix compile with MbedTLS 3.X -* 16446a3b2 bind: bump to 9.18.27 -* dbac39060 ddns-scripts: Update knot resolver regexp -* f2044c19c exim: update to 4.98 -* 1b51b17c7 xray-core: update to 1.8.19 -* 89955ee71 Merge pull request #24572 from mhei/23.05-php8-update-to-8.2.21 -* d14e460b5 dockerd: fix breaks IPv6 routing -* 8403d1466 v2ray-geodata: Update to latest version -* 7e77e583f v2ray-geodata: Update to latest version -* 2ac9aba4e v2ray-geodata: Update to latest version -* c7cebd6ca v2raya: update to 2.2.5.7 -* 08e499044 xray-core: update to 1.8.18 -* dc6172ecc banip: update 1.0.0-5 -* 46c43fc4b krb5: update to 1.21.3 -* 62fffe1a4 xray-core: update to 1.8.17 -* 658aeee10 dnsproxy: Update to 0.67.0 -* 05a0fbe21 php8: update to 8.2.21 -* 37a65f217 adguardhome: Update to 0.107.46 -* 9042b657d adguardhome: Update to 0.107.42 -* 6908bf51a adguardhome: wait for interfaces to be up at boot -* 62febf216 Merge pull request #24546 from ynezz/ynezz/openwrt-23.05/license-fixes-backports -* b7665f4f6 v2raya: update to 2.2.5.6 -* f19d10782 v2raya: update to 2.2.5.5 -* b092cb779 apfree-wifidog: Update to 7.07.2018 -* da130e8bb apfree-wifidog: support wildcard domain -* f24f16576 lang/python/python-paho-mqtt: fix license -* 8b613973b net/ntpd: fix license -* e6e5f761b utils/lsof: fix license -* e24386b3e libs/libgd: fix license -* f0780bb91 libs/tiff: fix license -* 92a4808a2 libs/libev: fix license -* e2e463171 net/tor: add license -* 652cce0ed devel/automake: fix license -* a4d7058fe utils/vim: add license info -* 0d4d322e6 libassuan: Fix license -* 10babb22c gpgme: Fix license -* cf2ef8337 node: July 8, 2024 Security Releases -* e1b996e98 golang: Update to 1.21.12 -* e56f8ebef sms-tool: version bump to 2023-09-21 -* 6d08bdf37 rust: select correct architecture for armv5 -* a0bf47605 rust: add patch to fix remote filesystem issue -* e081cb182 rust: Update to 1.78.0 -* 35b740e4e jq: Add PKG_CPE_ID -* 32c5137a1 uwsgi: Add PKG_CPE_ID -* 4fe6b2c67 mxml: Add PKG_CPE_ID -* 8746e3a3d net/iperf: assign PKG_CPE_ID -* 367b77884 net/iperf3: assign PKG_CPE_ID -* b493b3e5b net/i2pd: assign PKG_CPE_ID -* 557fc52d6 libs/libvpx: fix PKG_CPE_ID -* d31e6b044 libs/apr: fix PKG_CPE_ID -* 73c3c2bac libs/libestr: assign PKG_CPE_ID -* f0195d89d net/tcpreplay: fix PKG_CPE_ID -* 22d6d7132 utils/cryptsetup: assign PKG_CPE_ID -* 3b9d7313b libs/fmtlib: assign PKG_CPE_ID -* a490b7063 net/atftp: assign PKG_CPE_ID -* 990440705 libs/libyang: assign PKG_CPE_ID -* ff916f3d3 multimedia/gst1-plugins-bad: assign PKG_CPE_ID -* b1fd4362f lang/vala: assign PKG_CPE_ID -* 6d8a44764 libs/freetype: fix PKG_CPE_ID -* 1535d8ca8 utils/domoticz: assign PKG_CPE_ID -* 8c7241778 libs/libinput: assign PKG_CPE_ID -* 2af503f31 net/fail2ban: assign PKG_CPE_ID -* 9131151ef utils/crun: assign PKG_CPE_ID -* 9f3b98ae0 utils/pax-utils: assign PKG_CPE_ID -* 5934d6908 lang/python/python-docker: assign PKG_CPE_ID -* 3521fa98f admin/atop: assign PKG_CPE_ID -* 2e12f6109 libs/libmbim: assign PKG_CPE_ID -* f878002e9 net/fastd: assign PKG_CPE_ID -* 5e947756d utils/augeas: assign PKG_CPE_ID -* b56db1542 utils/cgroupfs-mount: assign PKG_CPE_ID -* cd78db517 utils/acl: assign PKG_CPE_ID -* 029aede36 net/bwm-ng: assign PKG_CPE_ID -* 0d8817c58 libs/libgee: assign PKG_CPE_ID -* 72f0ab05e libs/libpam: fix PKG_CPE_ID -* dc88a5923 net/krb5: fix PKG_CPE_ID -* 4fc01ae35 libs/vips: fix PKG_CPE_ID -* 4fcfa3e9b admin/sudo: fix PKG_CPE_ID -* a8345ffad utils/squashfs-tools: fix PKG_CPE_ID -* 8bb8ac555 lang/python/python-aiohttp: fix PKG_CPE_ID -* 2f0211988 lang/python/python-urllib3: fix PKG_CPE_ID -* 9c14028de lang/python/python-requests: fix PKG_CPE_ID -* e32911eaf libs/redis: fix PKG_CPE_ID -* c89911693 net/vsftpd: fix PKG_CPE_ID -* 50f8f6aea net/tinc: fix PKG_CPE_ID -* cd311ffe1 net/tinyproxy: fix PKG_CPE_ID -* e7714d692 utils/tmux: fix PKG_CPE_ID -* f04d71055 utils/zsh: fix PKG_CPE_ID -* 504faf4ba net/boinc: fix PKG_CPE_ID -* 5c1e4ca0e utils/lrzsz: fix PKG_CPE_ID -* df3b0d47e libs/expat: fix PKG_CPE_ID -* ca577d40e libs/libidn2: fix PKG_CPE_ID -* 19c07a2ef net/miniupnpc: fix PKG_CPE_ID -* eea8ccef9 multimedia/motion: fix PKG_CPE_ID -* 888418531 net/nbd: fix PKG_CPE_ID -* 866f4dabc lang/python/python-pip: fix PKG_CPE_ID -* af3ae451d utils/gpsd: fix PKG_CPE_ID -* 8a13733a2 utils/ntfs-3g: fix PKG_CPE_ID -* 84d7eb7af treewide: assign PKG_CPE_ID -* 19dd98e9f lang/python/python-yaml: fix PKG_CPE_ID -* bbb20bd57 treewide: fix licence typos -* a9ee98f9e openssh: bump to 9.8p1 -* 8d8f0b461 dockerd: Update to 27.0.3 -* 5a013e8d1 docker: Update to 27.0.3 -* 07003b75d docker: Update to 27.0.2 -* 532f64e5b runc: Update to 1.1.13 -* d39340140 dockerd: Update to 27.0.2 -* e61095661 dockerd: Update to 26.1.4 -* 1660023b9 containerd: Update to 1.7.18 -* c8c946ef1 docker: Update to 26.1.4 -* da532f52c adblock: update 4.1.5-11 -* cac8cba09 jool: update to 4.1.12 -* 86cd13e81 jool: update documentation -* 1de4596df jool: update to 4.1.11 -* 286a830c3 jool: update package to version 4.1.10 -* 55ef99398 cloudflared: Update to 2024.4.1 -* 341665c75 cloudflared: Fix incorrect uci config syntax -* f01fbf891 cloudflared: Add more run parameters in UCI -* 39b307f1d adblock: update 4.1.5-10 -* 5747af1a5 aardvark-dns: update to 1.11.0 -* c2f35ddc2 aardvark-dns: update to 1.10.0 -* f47158a63 libjwt: add package -* 153984a8f powertop: update to 2.15 -* 6502d4ca2 xray-core: update to 1.8.16 -* 7bd5f1dc2 xray-core: update to 1.8.15 -* 62f50a26d natmap: reset PKG_RELEASE to 1 -* 3a0073c4d natmap: update to 20240603 -* 15c2051ea banip: update 1.0.0-4 -* 44231285d golang: Update to 1.21.11 -* 4eb73df5e lighttpd: fix missing dependency for OpenSSL crypto library -* 0302f8cf6 lighttpd: add option to use OpenSSL crypto library -* 8e683037f schroot: fix compilation with GCC14 -* 2cfcb0893 stlink: fix compilation with GCC 14 -* d25180284 prometheus-node-exporter-lua: Add optional mwan3 collector -* 87a831fa8 prometheus-node-exporter-lua: Add "node_textfile_mtime_seconds" metric -* 611b37244 prometheus-node-exporter-lua: remove duplicated nat samples -* 2fbca34c7 prometheus-node-exporter-lua: fix netclass duplicate TYPE lines -* 49ff5da74 prometheus-node-exporter-lua-hostapd_stations: fix not reporting metrics -* 8cb0a16d1 prometheus-node-exporter-lua: add missing libubus-lua dependency -* d1db488d9 prometheus-node-exporter-lua: bump package version -* fc1b9071a prometheus-node-exporter-lua: add basic hwmon exporter -* 7b683fd65 prometheus-node-exporter-lua: Add thermal collector -* 464ca5325 banip: update 1.0.0-3 -* 6d81b33c8 apfree-wifidog: update to 7.06.2008 -* 0e098b8fe apfree-wifidog: support rule group and websocket&dns proxy flag -* 287d5b865 ruby: update to 3.2.4 -* 2919fae48 banip: update 1.0.0-2 -* 76bb48944 sing-box: update to 1.9.3 -* 6da721a4c sing-box: update to 1.9.2 -* 564866110 sing-box: update to 1.9.1 -* e0d786351 unbound: pull in adblock-fast generated adb_list -* 36cf3cfb3 Merge pull request #24340 from mhei/23.05-php8-update-to-8.2.20 -* 6be3892dc iperf3: fix usage with big endian -* 98811c336 iperf3: update to 3.17.1 -* c9829c92e banip: release 1.0 -* 03e0dd76c php8: update to 8.2.20 -* a18384954 libpfring: backport patch fixing compilation error for sa_data -* 29b1b8301 libpfring: update to 8.4.0 -* 0f0c24a81 hev-socks5-server: update to 2.6.6 -* d36268241 Merge pull request #24317 from p-w-p/xray-core_update -* d81d04aaf xray-core: update to 1.8.13 -* 5ad306413 node: bump to v18.20.3 -* b131f8ef8 sing-box: update to 1.9.0 -* 37dc80403 banip: update 0.9.6-3 -* 93b43c2b9 apache: add compile fix for libxml-2.12.x -* e621c8f67 banip: update 0.9.6-2 -* e5a9ac21e xfrpc: update to 3.05.661 -* 123ee5222 xfrpc: Revised the config file and adjusted the corresponding init file -* 57d3da509 ocserv: use a more neutral character for sed -* 221949b6c nextdns: Update to version 1.43.5 -* dbcbbb27e sing-box: update to 1.8.14 -* 64d2e702f dnsdist: update to 1.9.4 -* 20f58e465 haproxy: update to v2.8.9 -* d8cb9f1af banip: release 0.9.6-1 -* a14bb12df openconnect: introduced URI parameter -* 233405f68 openconnect: backport fix for anyconnect compatibility -* 913cda459 gptfdisk: update to 1.0.10 -* 2da338d5c golang: Update to 1.21.10 -* 00cf7e87a Merge pull request #24139 from stangri/openwrt-23.05-adblock-fast -* 4369aa026 pdns-recursor: update to 4.8.8 -* c230bf75a adblock-fast: update to 1.1.2-1 -* ade006dc9 ocserv: updated to 1.3.0 -* e983686bf banip: update 0.9.5-5 -* 9527d8f02 docker: Update to 26.1.0 * Removed unnecessary GO lang variables -* 484cd2a93 dockerd: Update to 26.1.0 * Removed unnecessary GO lang variables -* fad630db7 containerd: Update to 1.7.15 * Explicitly list GO_PKG_INSTALL_EXTRA * Removed unnecessary GO lang variables -* 16b5d1072 uspot: update to Git HEAD (2024-05-03) -* 4702db286 xray-core: Update to 1.8.11 -* f47b6403c xray-core: Update to 1.8.10 -* 525643f83 xray-core: Update to 1.8.9 -* f61012a01 v2ray-core: Update to 5.16.0 -* 4bc116560 v2ray-geodata: Update to latest version -* 798738c9b acme-acmesh: use validation_method option instead of guessing -* ff8429b3c hev-socks5-server: add new package -* e525a3f0f nano: update to 8.0 -* 9aa2479ca banip: update 0.9.5-4 -* 27488be21 nextdns: Update to version 1.43.3 -* 2955c2db8 dnsproxy: add three new features -* 7aec92689 msmtp: update to version 1.8.25 -* 7492e8cc9 transmission: update to version 4.0.5 -* 94fca3f1f sing-box: update to 1.8.12 -* f00ce8a58 Merge pull request #24023 from rs/nextdns-1.43.0-openwrt-23.05 -* f9e15a7b0 nextdns: Update to version 1.43.0 -* 24e2a32bd libndpi: backport patch for PCRE2 support -* 988181e6a openssh: bump to 9.7p1 -* 4854a5983 librespeed-go: improve the description -* cbb2e66cc librespeed-go: Reload the daemon after modifying the tls certificate -* ca4569ead v2ray-core: Update to 5.15.3 -* 4979ade99 banip: update 0.9.5-3 -* a08e087dc banip: update 0.9.5-2 -* a4732b76b banip: release 0.9.5-1 -* 34a650bba syslog-ng: update to version 4.7.1 -* 12adb901d CI: remove CircleCI for now -* ea65457f1 Merge pull request #24014 from stangri/openwrt-23.05-adblock-fast -* 21efddca3 adblock-fast: bugfix: unbound-related fixes -* 3d63a10cb Merge pull request #24006 from stangri/openwrt-23.05-nebula -* 4e6eb8f5b nebula: Use APK style release number -* d51ad546b natmap: add log_std{out,err} options -* fd4899e7b node: bump to v18.20.2 -* 4fac0d532 ntpd: update to version 4.2.8p17 -* 0f82c9b85 uwsgi: bump to latest 2.0.25.1 release -* 86b9791db uwsgi: add experimental pcre2 patch and drop pcre -* d5b7ea545 uwsgi: bump to release 2.0.22 -* 7414685bf v2ray-geodata: Update to latest version -* 9967432bd v2ray-geodata: Update to latest version -* 7286ea81b cloudflared: Update to 2024.4.0 -* 9caf90f75 tor: update to 0.4.8.10 stable -* e1ae68ee3 Merge pull request #23947 from mhei/23.05-php8-update-to-8.2.18 -* b301e8c28 Merge pull request #23871 from graysky2/snort-backport-fix -* 8940a6256 exim: update to 4.97.1 -* 51ce5a553 cryptsetup: update to version 2.7.1 -* ac9096d32 lvm2: update to LVM2 2.03.17 and libdm Version 1.02.187 -* 17cac25f9 gnunet: update to version v0.21.0 -* f0368a249 gnunet: update to version 0.20.0 -* 181e09b7d gnunet: update to version 0.19.4 -* 2f1f27d47 libcurl-gnutls: update to verison 8.7.1 -* d5ae95aa1 libcurl-gnutls: fix build -* d291474db libcurl-gnutls: update to version 8.6.0 -* 2f4aa5376 libcurl-gnutls: update to version 8.5.0 -* 7c3d2ef63 libcurl-gnutls: update to version 8.2.1 -* f1e6365bc php8: update to 8.2.18 -* 6dfe66fd8 golang: Update to 1.21.9 -* 8fb4719f2 lighttpd: update to lighttpd 1.4.76 release hash -* 802b4c3af Merge pull request #23874 from stangri/openwrt-23.05-adblock-fast -* d742be207 Merge pull request #23815 from stangri/openwrt-23.05-curl -* e6fde07dd lualanes: update to version 3.16.3 and use tarball -* 1a9c3d093 lualanes: Version bump to v3.16.2 -* 68421b9a2 hwdata: update to 0.379 -* f7251c4f8 libs/libdaq3: assign PKG_LICENSE_FILES -* e1f0df951 libdaq3: update to 3.0.14 -* 4acf815dd libdaq3: update to 3.0.13 -* 19c641a26 libdaq3: update to 3.0.11 -* 5596fa277 snort3: remove symbol @HAS_LUAJIT_ARCH -* 4bbd27065 snort3: update to 3.1.82.0 -* aef7a4a8e adblock-fast: improve Makefile's prerm -* 8602f63b8 node: April 3, 2024 Security Releases -* 76bc13be7 irqbalance: update to version 1.9.4 -* 39b8d5c7a irqbalance Update init script to remove duplicate spaces -* d9d6eb1d8 nano: fix syntax highlighting for raw ucode scripts -* a3a26de00 nano: add syntax highlighting for ucode scripts -* 84bfbcb6c curl: update to 8.7.1 -* 35773ec8c kmsbd-tools: switch to use tagged release -* c14e0805f ksmbd-tools: update to 3.5.1 -* 876b0bc19 docker-compose: add PKG_NAME to PKG_SOURCE -* 66894032d acme: standardize key_type -* 015e212ad sing-box: update to 1.8.10 -* b1363fa06 sing-box: restart if the specified interfaces start up -* 6c75a9dae sing-box: update to 1.8.7 -* 73bee1f9b acme-common: backport config fixes from master -* a0ad76b2d rust: update to 1.77.0 -* 6578b79b0 rust: update to 1.76.0 -* cbf854218 uspot: update to Git HEAD (2024-03-25) -* 7ffb90e93 dnsproxy: Update to 0.66.0 -* 096ef93f5 cloudflared: Update to 2024.3.0 -* c781bc0d9 v2ray-geodata: Update to latest version -* f282cdf59 v2ray-core: Update to 5.15.1 -* d51c6bb7a rclone: Update to 1.66.0 -* 2d5f789cc p910nd: fix running multiple instances -* a49c7d20f golang: Update to 1.21.8 -* 91628e80b syslog-ng: enable http module based on zlib support in curl -* 69870fc94 ci: set correct arch for rootfs tests -* 53896bd1a Merge pull request #23736 from stangri/openwrt-23.05-https-dns-proxy -* 2423a6e93 https-dns-proxy: prepare migration to APK -* 283f7a06f Merge pull request #23719 from stangri/openwrt-23.05-https-dns-proxy -* 69910d2f4 Merge pull request #23720 from stangri/openwrt-23.05-adblock-fast -* e8cf63f09 Merge pull request #23718 from stangri/openwrt-23.05-nebula -* 95a40179f knot-resolver: Update to version 5.7.1 -* 92bb77af4 knot-resolver: enable dnstap module build by default -* fd10fa17a knot-resolver: do not overwrite -Ddnstap=enabled configuration -* ed3cba66e lighttpd: update to lighttpd 1.4.75 release hash -* bc08d6e0e nebula: prepare migration to APK -* bdc9d4a5c https-dns-proxy: prepare migration to APK -* fcfac651c adblock-fast: prepare migration to APK -* 063b2393c django: bump to version 4.2.11 -* 5782faa66 Merge pull request #23691 from EricLuehrsen/unbound_1193_wrt23 -* ce8fb7aa9 unbound: update to 1.19.3 -* d76cb891f unbound: spell fix -* 6d2657fc8 unbound: add file parameter to service instance -* e65ce6218 unbound: remove date/time from config headers -* b713fe7d2 travelmate: update 2.1.2-6 -* 266846a36 p910nd: restart daemon even if no driver file is needed -* bc2c2cc29 shared-mime-info: update to 2.4 -* 46595ddc0 shared-mime-info: update to 2.2 -* 60ab78341 shadowsocks-libev: add remote server ips to dst bypass ipset - -modules: Bump packages - -This change is a no-op. The following commit has been rewritten: - -* 953a6a9 ebtables-tiny: reduce wait on missisng lock - -modules: Rebase onto v2023.2.4 ---- - modules | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/modules b/modules -index d9813cf6..c7b3e167 100644 ---- a/modules -+++ b/modules -@@ -4,12 +4,13 @@ OPENWRT_REPO=https://github.com/openwrt/openwrt.git - OPENWRT_BRANCH=openwrt-23.05 - OPENWRT_COMMIT=533235182141392d8031a6d2edb9d7edc91bfd5a - --PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git --PACKAGES_GLUON_COMMIT=3d08b0fee8dc5d96d8bcdb985fad1d5564de4022 -+PACKAGES_GLUON_REPO=https://gitli.stratum0.org/ffbs/packages.git -+PACKAGES_GLUON_COMMIT=953a6a9dde028491e1eba4a85d4ca2ebbf3d1bc0 -+PACKAGES_GLUON_BRANCH=v2023.2.x-ffbs-next - --PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git --PACKAGES_PACKAGES_BRANCH=openwrt-23.05 --PACKAGES_PACKAGES_COMMIT=33858483a03f322ec1233a98816c3d3197c177dd -+PACKAGES_PACKAGES_REPO=https://gitli.stratum0.org/ffbs/openwrt-packages.git -+PACKAGES_PACKAGES_BRANCH=openwrt-23.05-ffbs-next -+PACKAGES_PACKAGES_COMMIT=9c0bcfd73989e53136a78eeed114c1921ede64eb - - PACKAGES_ROUTING_REPO=https://github.com/openwrt/routing.git - PACKAGES_ROUTING_BRANCH=openwrt-23.05 --- -2.34.1 -