| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |/ /
| |
| |
| | |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | |
| |
| | |
Signed-off-by: Misha Bragin <bangvalo@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow use of rules as-defined, and don't override their actions. This
is generally the best way to use the ruleset, and overriding their
actions should only be undertaken when you fully understand how it
affects their use.
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This PR adds the ability of snort to process rules that target
swf and pdf files requiring lzma decompression to look for
malicious payloads therein. This change only increases the size
of the snort3 executable by a fraction of a KB and the added
dependency of liblzma (based on currently offered 5.4.4-1) is
only a 169 KB shared object. Based on CPU requirements of snort,
x86 users likely represent the majority user-base and space their
rootfs is not an issue as it may be for lower-powered SoCs.
Size of snort3-3.1.76.0-2: 7354403 bytes
Size of snort3-3.1.76.0-3: 7354435 bytes
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Maintainer: @mkrkn @neheb
Compile tested: aarch64, cortex-a53, OpenWRT Master
Run tested: Dynalink DL-WRX36
Description:
[A previous commit](https://github.com/openwrt/packages/commit/f8a8b71e26b9bdbf86fbb7d4d1482637af7f3ba4) has added more script event options.
However it looked like that commit was not complete as it stops the use of the script events route-up, route-pre-down, and ipchange when those are placed in the openvpn config file.
This PR fixes a regression that makes it problematic to specify certain event options in the OpenVPN configuration file.
Discussion in [this thread](https://forum.openwrt.org/t/openvpn-custom-route-up-script-in-23-05-rc2/167105/13) and [here](https://forum.openwrt.org/t/openvpn-route-up-and-route-pre-down-broken-in-23-05/176568)
Please have a look and consider implementing or make it possible to use all script event options in the openvpn config file in another way.
Pull request has been discussed and improved with the help of @AuthorReflex, see: https://github.com/openwrt/packages/pull/21732
Signed-off-by: Erik Conijn <egc112@msn.com>
|
| | |
| |
| |
| | |
Signed-off-by: Ben Klang <bklang@wirehack.net>
|
| | |
| |
| |
| | |
Signed-off-by: W. Michael Petullo <mike@flyn.org>
|
| | |
| |
| |
| | |
Signed-off-by: W. Michael Petullo <mike@flyn.org>
|
| | |
| |
| |
| |
| |
| |
| | |
Changelog:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/v2.8.1/ChangeLog
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| | |
| |
| |
| | |
Signed-off-by: Anya Lin <hukk1996@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
|
| | |
| |
| |
| |
| |
| | |
* more init fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* rework the device/interface auto-detection (only layer-3 network devices will be detetcted correctly), disable the auto-detection e.g. for special tunnel interfaces
* supports now full gawk (preferred, if installed) and busybox awk
* raise the default boot timeout to 20 seconds (if 'ban_triggerdelay' is not set)
* various small fixes and improvements
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | |
| |
| |
| | |
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove append_params and use shell expressions instead e.g. ${port:+-p $port}.
Note that we can't do that with ProxyCommand because it has to be quoted.
The order of options was changed from more important like hostname to just static -nN.
The CompressionLevel option is removed from SSH2.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The ProxyCommand may have spaces so it must be quoted.
So we must use the procd_append_param.
Currently the option is not supported by Dropbear.
But it has -J instead which in OpenSSH means ProxyJump.
So we can't use it to avoid conflict.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
* https://github.com/slackhq/nebula/releases/tag/v1.8.1
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| | |
| |
| |
| | |
Signed-off-by: Shi JiaYang <shi05275@163.com>
|
| |\ \
| | |
| | | |
strongswan: trigger reload when interfaces are specified
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes #20848
Add interface triggers if interfaces to listen to are specified in
`/etc/config/ipsec`. This fixes the "running with no instances" scenario
after rebooting a router.
Signed-off-by: Joel Low <joel@joelsplace.sg>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changelog: https://github.com/snort3/snort3/releases/tag/3.1.77.0
,,_ -*> Snort++ <*-
o" )~ Version 3.1.77.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.13
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.12 24 Oct 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3
Using Hyperscan version 5.4.2 2023-12-20
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
v0.20.0:
- GNUNET_TESTING_get_testname_from_underscore renamed to GNUNET_STRINGS_get_suffix_from_binary_name and moved from libgnunettesting to libgnuneutil
- Move GNUNET_s into libgnunetutil.
- re-introduce compiler annotation for array size in signature
- function-signature adjustment due to compiler error
- GNUNET_PQ_get_oid removed, GNUNET_PQ_get_oid_by_name improved
- Added GNUNET_PQ_get_oid_by_name
- added GNUNET_PQ_get_oid()
- Added new CCA-secure KEM and use in IDENTITY encryption
- Add KEM API to avoid ephemeral private key management
- Add new GNUNET_PQ_event_do_poll() API to gnunet_pq_lib.h
- Added API to support arrays in query results
- Improve PQ API documentation.
- API for array types extended for times
- API extended for array query types
- relevant array-types in queries (not results) in postgresql added
- just style fixes, int to enum
- initial steps towards support of array-types in posgresql
- adds GNUNET_JSON_spec_object_const() and GNUNET_JSON_spec_array_const()
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |\ \ \
| | | |
| | | | |
openvpn: start openvpn connection located under '/etc/openvpn' not only on system start
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
OpenVPN configurations that have a uci entry, the enable/enabled option can
be used to control whether the OpenVPN connection should be started at
system startup or not.
OpenVPN configurations that are located under '/etc/openvpn/' are always
started at system boot. To ensure that these connections can also be
started later, they must 'not' be started automatically during system boot.
This can be prevented with the following entry in the OpenVPN configuration.
config globals 'globals'
option autostart '0'
These OpenVPN configurations can then be started later with the command.
'/etc/init.d/openvpn start <name>'
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commit adds the possibility that an OpenVPN instance located under
'/etc/openvpn' can also be started with the command.
'/etc/init.d/openvpn start <name>'
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commit moves the part for starting an instance to a sub function.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Move the start of the OpenVPN configurations in '/etc/openvpn' in a function.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Preparation commit to make it clear that this is a uci configuration.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
AList is a file list/WebDAV program that supports multiple storages,
powered by Gin and Solidjs.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Alan Luck <luckyhome2008@gmail.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Update the mdio-netlink kmod and userspace mdio-tools to version 1.3.1.
[v1.3.1] - 2023-12-02
---------------------
Fixes mvls to work with kernels 6.2 and onwards.
- mdio: Multiple registers can now be dumped at once, via the generic
dump operation.
- mvls: Relax the driver matching to accept the strings used in
kernels 6.2 and newer.
Signed-off-by: Robert Marko <robimarko@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://curl.se/changes.html#8_5_0
Pick upstream patch to fix build with gnuTLS and verbose strings removed.
The patch should be removed with the next version bump.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
The mosh-server and mosh-client packages are related to SSH.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
|
| | | |
| | |
| | |
| | |
| | | |
Signed-off-by: Paul Doran <ruralroots@gmail.com>
[remove upstream patch included in 2.8.1]
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When the service is started, wait for the clock to be synchronized for
up to 5 minutes and provide the stratum action once for ntp hotplug
scripts.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
|
| |/ /
| |
| |
| | |
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
|
| |\ \
| | |
| | | |
wifidog: make it compile again with recent version of WolfSSL
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Recent version of WolfSSL dropped CyaSSL shims and made the package not
compilable. Converting it to the WolfSSL library is simple enough as the
API used are very basic and can be converted directly. Add patch that
fully convert the package to WolfSSL and doesn't use the compat shim
anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
libxml2 restructured includes, thus another include is now required
otherwise build fails.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jan Hák <jan.hak@nic.cz>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Delete legacy configuration files homenet.lua and local.lua
- Add snort config 'include' to allow user customizations in the lua
- Enhance 'check' to test generated nftables file
- Suppress inclusion of rules file when doing silent config check
- Suppress warnings on configuration check unless '-v'erbose
- Replace text logging with json logging to reduce footprint and make reports easier
- Fix some typos in the snort.uc template
- Fix up some error messages suggesting solutions
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* move reload/restart logic from json() to config_cache()
* improve fw4 restart decision logic
* no longer store reload/restart info in ubus/status json file
* rename variables pointing to run-time information
* create dns_set_output_values to reuse code in principal all and luci app
* improve append_url to store collected URLs in an alternative variable
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |\ \ \
| | | |
| | | | |
haproxy: update to v2.8.5
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.8.git;a=shortlog
Signed-off-by: Christian Lachner <gladiac@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Release Notes:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/blob/v2.8.0/ChangeLog
Signed-off-by: Nick Hainke <vincent@systemli.org>
|