| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Global Socket allows two workstations on different private networks to
communicate with each other. Through firewalls and through NAT - like
there is no firewall.
The TCP connection is secured with AES-256 and using OpenSSL's SRP
protocol (RFC 5054). It does not require a PKI and has forward
secrecy and (optional) TOR support.
The gsocket tools derive temporary session keys and IDs and connect
two TCP pipes through the Global Socket Relay Network (GSRN). This is
done regardless and independent of the local IP Address or geographical
location.
The session keys (secrets) never leave the workstation. The GSRN sees only
the encrypted traffic.
The workhorse is 'gs-netcat' which opens a ssh-like interactive PTY
command shell to a remote workstation (which resides on a private and
remote network and/or behind a firewall).
Also added test.sh file to run test it inside containeer
Signed-off-by: Ralf Kaiser <skyper@thc.org>
|
| |
|
|
| |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| |
|
|
| |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| |\
| |
| | |
apinger: improve uci and procd support
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- convert apinger into procd instances
- generate instance specific apinger.conf from uci
- hotplug handling for apinger alarms
- restart apinger interface instance on ifup action of interface
- don't exit on packet count mismatch, allows to use apinger as monitor
for multiple targets handling
- add srcip option to target configuration, allows specifying source ip
used to monitor target
- allow creating status file in script parseable format
Patches are ported against latest version of apinger and referenced from
https://git.pld-linux.org/?p=packages/apinger.git;a=summary
Signed-off-by: Jaymin Patel <jem.patel@gmail.com>
|
| |\ \
| | |
| | | |
bind: update to version 9.18.4
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes:
- CVE-2022-1183
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Not really needed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
No need for an external one.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Usually, no other local service depends on the start of ser2net, so
let's start it later in the boot process.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Ported similar patch from hidapi.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |/
|/|
| |
| |
| |
| |
| | |
* various vpn fixes/optimizations (run tested by forum users)
* refine several log statements
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | |
| |
| |
| | |
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
change this to satisfy luci-app-xfrpc's need
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A network restart where netifd is cleanly restarted involves bringing
the network interfaces down. The 'modemmanager' protocol handler will
run a mmcli --simple-disconnect in this case, but only if there are
bearer objects found.
If the network restart happened *during* the connection attempt
procedure, while the modem is e.g. being registered in the network, no
bearer objects exist yet, and so, we would skip doing anything during
the interface teardown operation. This would lead to the original
connection attempt succeeding, so leaving the modem in ModemManager
in connected state, while the associated interface in netifd is
reported down.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Kea expects /var/run/kea to exist. Without it, errors occur:
Mon Jun 13 10:31:45 2022 daemon.err kea-dhcp6[2977]: Unable to use interprocess sync lockfile (No such file or directory): /var/run/kea/logger_lockfile
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
From the changelog…
o Major bugfixes (congestion control, TROVE-2022-001):
- Fix a scenario where RTT estimation can become wedged, seriously
degrading congestion control performance on all circuits. This
impacts clients, onion services, and relays, and can be triggered
remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
bug 40626; bugfix on 0.4.7.5-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on June 17, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/06/17.
o Minor bugfixes (linux seccomp2 sandbox):
- Allow the rseq system call in the sandbox. This solves a crash
issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
40601; bugfix on 0.3.5.11.
o Minor bugfixes (logging):
- Demote a harmless warn log message about finding a second hop to
from warn level to info level, if we do not have enough
descriptors yet. Leave it at notice level for other cases. Fixes
bug 40603; bugfix on 0.4.7.1-alpha.
- Demote a notice log message about "Unexpected path length" to info
level. These cases seem to happen arbitrarily, and we likely will
never find all of them before the switch to arti. Fixes bug 40612;
bugfix on 0.4.7.5-alpha.
o Minor bugfixes (relay, logging):
- Demote a harmless XOFF log message to from notice level to info
level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- convert autossh into procd instances
- add new uci config options to handle local and remote
port forwarding
- remove hotplug down actions causing service to stop on
any interface down event
Signed-off-by: Jaymin Patel <jem.patel@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
|
| | |
| |
| |
| | |
Signed-off-by: Moritz Warning <moritzwarning@web.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove upstreamed patches:
- 100-fix-setstacksize-for-glibc-2.34.patch
Refresh patches:
- 200-logdest-on-foreground.patch
Changes:
Misc:
- OpenSSL 3.0 compatibility
Bug Fixes:
- Fix refused startup with openssl <1.1
- Fix compiler issue for Fedora 33 on s390x
- Fix small memory leak in config parser
- Fix lazy certificate check when connecting to TLS servers
- Fix connect is aborted if first host in list has invalid certificate
- Fix setstacksize for glibc 2.34
- Fix system defaults/settings for TLS version not honored
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
5be6819 policy: allow disabling load balancing
80b0b65 main: disable load balancing by default
fca4b87 policy: improve readability
73c424b usteer: add option for probe steering
87de1ab main: disable probe steering by default
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| | |
| |
| |
| | |
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
* refine vpn timeout
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |/
|
|
|
|
| |
* make vpn handling more reliable
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |
|
|
|
|
|
|
|
| |
luajit provides higher performance for requests handled in Lua hooks.
It also enables access to dnsdist functionality only exposed via FFI,
and allows configurations/hooks to call functions in any C library
without providing separate bindings.
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| |
|
|
|
|
| |
* the domain whitelist feature has been extended to free up multiple nested captive portal domains.
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog for versions:
- 5.4.4 [1]
- 5.5.0 [2]
- 5.5.1 [3]
[1] https://www.knot-resolver.cz/2022-01-05-knot-resolver-5.4.4.html
[2] https://www.knot-resolver.cz/2022-03-15-knot-resolver-5.5.0.html
[3] https://www.knot-resolver.cz/2022-06-14-knot-resolver-5.5.1.html
And refresh patch to avoid offset
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
|
|
| |
updated to kernel 5.10.121+ changes
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
|
| |
|
|
|
|
|
|
| |
- New major LTS release (https://www.mail-archive.com/haproxy@formilux.org/msg42371.html)
- Sadly, no QUIC/H3 support for now because the QuicTLS library - which is a fork of OpenSSL - would be needed. However, we do not have a package for that and I currently do not want to build and statically link it into the haproxy package
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
drop maintainership:
* samba4
* ksmbd-tools
* perl-parse-yapp
* libtirpc
* softethervpn5
* wsdd2
* rpcsvc-proto
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |
|
|
|
|
|
| |
It changed the binaries from sbin to bin, breaking the init script.
Change it back.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
| |
Updated geodata to latest version while at it.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
| |
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
|
| |
|
|
| |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
|
|
|
| |
1. Switched to use prebuilt web files to get rid of massive Node.js.
2. Increased nofile limitation to avoid "too many open files" error.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
|
|
| |
It doesn't seem to be used by meson.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\
| |
| | |
Update gensio to 2.4.2 and ser2net to 4.3.6
|
| | |
| |
| |
| |
| |
| |
| | |
We need to add an upstream patch as well, which fixes disabling
the newly introduced PAM support.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| | |
| |
| |
| | |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| | |
| |
| |
| | |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| | |
| |
| |
| |
| |
| | |
88c78b4 memory_utils: fix reallocation
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| | |
| |
| |
| |
| |
| | |
Avoids iconv problems.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
4cf9d0b treewide: code and documentation cleanup
48b12ee datastorage: Minor chnages to kicking algorithm to tidy up some handling.
7b615b6 treewide: improve beacon/probe logging
185f31b treewide: improve beacon request handling
0c2e713 datastorage/ubus: Add "soft" kicking algorithm
38f60c5 treewide: RSSI / RCPI handling updates
aba3e81 documentation: Parameter defaults and documentation
3979fdf treewide: cleanup code
e3b3753 scoring: improve scoring algorithm
33f380f treewide: cleanup code
b42193f kicking: improve kicking algorithm
16deab3 treewide: improve mutex handling
31f0a37 test: cleanup tests and add some test scripts
43ca8b8 treewide: fix bugs from Coverity Scan
8ae2a42 utils/storage: improve descriptions
9a9b4dd ubus: Simplify loops and scans in generating hearing map
c833064 treewide: rework mutex
1df5bc5 (master) network: cleanup and improve network handling
3bd349a utils: cleanup
a855087 utils/storage: cleanup
439fe95 ubus/datastorage/msghandler: cleanup
335ace2 datastorage: improve linked list
40ebf48 ubus/datastorage: cleanup
c13c285 utils: cleanup
0e4fc50 documentation: Heavily revised Markdown documentation files
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |/
|
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
| |
* update to lighttpd 1.4.65 release hash
* specify lua version w/ -Dlua_version=lua to avoid patching meson.build
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
|
| |
|
|
|
|
|
|
|
|
| |
866bc7f Xtables-addons 3.20
aa70669 doc: move changelog to rST
d7de2a9 doc: remove old changelog entries
d7e49a8 build: bump supported kernel version to 5.17
966fa43 extensions: replace PDE_DATA
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
|
|
| |
Add PKG_LICENSE_FILES. Use SPDX.
Signed-off-by: Nick Hainke <vincent@systemli.org>
|