chrissi^ authored 4 years ago and chrissi^ committed 3 years ago

This change let's uradvd deliver the v6 link-local of this node as DNS.
With this change DNS-requests are not affected by the radv-filterd
-rewrites during roaming.

Signed-off-by: Chrissi^ <chris@tinyhost.de>

Jan Luebbe authored 4 years ago and chrissi^ committed 3 years ago

Signed-off-by: Jan Luebbe <jluebbe@debian.org>

Jan Luebbe authored 5 years ago and chrissi^ committed 3 years ago

When multiple routers are in the same local mesh and clients roam from one (A)
to the next (B), the change of global IP and default gateway are not
synchronized. This leads to packets with an address belonging to router A to be
sent via router B (or the other way around). Those packets are then dropped by
wireguard at the concentrator.

To avoid this, we let gluon-radv-filterd monitor router advertisements and keep
a list of neighbouring v6 networks. With this information, it can maintain a
set of ebtables DNAT rules to redirect the packets to the matching gateway.

Signed-off-by: Jan Luebbe <jluebbe@debian.org>

chrissi^ authored 5 years ago and chrissi^ committed 3 years ago

Using this change an VPN-node announces it's own IPv6 as DNS server.
/tmp/addr6 is written by nodeoute.lua during runtime configuration.

Signed-off-by: Chrissi^ <chris@tinyhost.de>

chrissi^ authored 6 years ago and chrissi^ committed 3 years ago

This change alles meshed PARKER-Nodes to forward IPv6 to the next node.

Signed-off-by: Chrissi^ <chris@tinyhost.de>

Jan Luebbe authored 6 years ago and chrissi^ committed 3 years ago

For parker we need DHCP on the client interface. Ths rule
prevents us from doing so.
In addition: make sure old rules will be deleted on upgrade.

Jan Luebbe authored 6 years ago and chrissi^ committed 3 years ago

Signed-off-by: Jan Luebbe <jlu@pengutronix.de>

Dark4MD authored 5 years ago and chrissi^ committed 3 years ago

Edit by Chrissi^:
Patch taken from:
https://github.com/freifunkh/site/blob/master/patches/0003-added-TP-Link-TL-WR841ND-N-Devices-for-8M-and-16M-Va.patch
This Patch adds support for 8M and 16M Flash variants of TP-Link
TL-WR841 with hand-made modifications.

chrissi^ authored 5 years ago and chrissi^ committed 3 years ago

Signed-off-by: Chrissi^ <chris@tinyhost.de>

chrissi^ authored 6 years ago and chrissi^ committed 3 years ago

Well, we don't actually need this. But let's try some patriotism.

chrissi^ authored 6 years ago and chrissi^ committed 3 years ago

Contact Info is no longer added on FFBS nodes since our gluon release of
v2017.1.8. On nodes that have been running before this release this
field is set to "Intentionally left blank".

This Info should not be shown on the statuspage.

Signed-off-by: Chrissi^ <chris@tinyhost.de>

(cherry picked from commit 394bc8e6)

Fixes unmet dependencies:

 The following packages have unmet dependencies:
 libncurses5-dev : Depends: libtinfo5 (= 6.1-1ubuntu1.18.04) but 6.2-0ubuntu2 is to be installed
                   Depends: libncurses5 (= 6.1-1ubuntu1.18.04) but 6.2-0ubuntu2 is to be installed
                   Depends: libtinfo-dev (= 6.1-1ubuntu1.18.04)
 python : PreDepends: python-minimal (= 2.7.15~rc1-1) but it is not going to be installed
          Depends: libpython-stdlib (= 2.7.15~rc1-1) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

Switch to apt-get, because it has a stable API. Same as ca7a8ff5.

fdd4afe6a adblock: fix init status command
5a8a7aeab libreswan: update cu 3.32
7af60cc3e libftdi1: Improve build binary reproducibility
aa3e95ac6 https-dns-proxy: bugfix: correct PROCD firewall object
abb3c7ede mariadb: update to version 10.2.37
cb6509e88 gnutls: patch security issue
41388ed8a php: add fix for updated ICU 68+
353063521 https-dns-proxy: support for additional Force DNS ports
44b301125 bind: update to version 9.16.13
612fbeb58 nnn: update to version 3.4
1952a1c2a python-aiohttp: backport fix for CVE-2021-21330
13ab7af3f icu: update to 68.2
2120a3cf5 icu: update to 68.1
10712797f icu: fix compilation under CentOS 7
79ddd0328 icu: update to 67.1
227597c97 haproxy: Update HAProxy to v2.0.21
a8a405928 tmate: add new package
01ab015a9 msgpack-c: add new package
97beb7d36 minidlna: update to 1.3.0
0494d8706 tor: update to version 0.4.4.8
40d56e46b mwan3: remove mwan3 ubus call on mwan3 iface hotplug ACTION
b66d262d7 net/mosquitto: bump to 1.6.14
e573dac5f CI: backport GitHub action CI
81fa8cf89 nextdns: Update to version 1.11.0
af02206e2 vpn-policy-routing: better processing of custom user files
5c58de5e6 libpam: update to 1.5.1
86a70892d libpam: update to 1.5.0
ef17e4a30 libpam: update to 1.4.0
85d122fdc nano: update to 5.6.1
a6a27c904 ninja: update to 1.10.2
b4adde587 ninja: fix typo
7fd680224 ninja: use for CMake
1299b07ee ninja: update to 1.10.1
86bb11e97 vpn-policy-routing: update to 0.3.2-18
2faeeb18e python-maho-mqtt: bump to versio 1.5.1
5c95dda73 unbound: update to 1.13.1
3abe9d0ae vpn-policy-routing: bugfix: netflix user file missing redirect
904d911c5 vpn-policy-routing: update user netflix file
2666b3d00 nano: update to version 5.6
7d26130b3 vpn-policy-routing: custom user scripts improvements
7d9d8616c libedit: update to version 20210216-3.1
ca01f389d libedit: update to version 20193112-3.1
855023214 adblock: update blocklist sources
39f3941cd knot: update to version 3.0.4
1662ca26b knot: update to 3.0.3
9389a5dd1 knot: disable embedded xdp
7619ff0df knot: update to 3.0.2
5ddcc2e05 knot: disable libnghttp2 autodetection
fb103be86 knot: update to version 3.0.1
523011bf4 screen: backport fix for CVE-2021-26937
8e1b62d4b openvswitch: update to version 2.11.6 (security fix)
5e24f6db6 vpn-policy-routing: update to version 0.3
0d0e4b96b netdata: update to version 1.29.2
2980cb8db netdata: update to version 1.29.1
f05ba1bbc python3: Update to 3.7.10, refresh patches
7be89f1f3 zerotier: bump to 1.6.4
fcf72948a bind: bump to 9.16.12
feb1a188e ksmbd: remove kmod-crypto-arc4 dependency
2f7026e65 htop: update to 3.0.5-1
ad186135a python-paho-mqtt: Update to version 1.5.0
3f0dbcdae isc-dhcp: seeing crashes when attempting to update dynamic dns
95fa96bda ttyd: force enable authentication for login
1a4184c07 https-dns-proxy: support for force DNS/DNS hijacking
b1fec2b7b mosquitto: bump to 1.6.13
5954e5695 getdns: disable static linking of getdns utilities
db69f0b57 zerotier: update to 1.6.3
1cec6bcfa getdns: Fix TLS V1.3 Ciphersuites option in Stubby
d7b42dcaa getdns: fix compilation without deprecated OpenSSL APIs
798c3ba3f keepalived: fix config typo
d41a0b75a keepalived: add script security param to fix warning
dbc66a08f ksmbd: update to 3.3.4
86c880712 ksmbd-tools: update to 3.3.4
dee2e818b keepalived: set default run directory for pid file on build
cf7969564 simple-adblock: remove dependency on jsonfilter & old code
bee91a9d8 sudo: backport patches for CVE-2021-3156
46d327a59 samba4: fix for #13758
e8d15424b nextdns: Update to version 1.10.1
11e9a2e17 php7: Fix prepare target incorrectly referencing 'configure.in' instead of 'configure.ac'
aae5144e7 msmtp: update to version 1.8.14
8e54decfa youtube-dl: update to version 2021.1.16
3b582ebd3 youtube-dl: update to version 2020.12.7
46253b17d https-dns-proxy: bugfix: high CPU utilization
cc38c62ad openwisp-config: update to version 0.5.0
50725c4c8 Revert "libzip: update to 1.7.3"
d8f0ebaa3 libzip: update to 1.7.3
9a0a7f928 libzip: update to 1.7.1 (closes #12512)
5fc922043 libzip: update to 1.6.1
9174036e4 libzip: update to 1.6.0
92f095b21 libzip: fix musl-fts failure
a0d9d76b2 libzip: add package
93d3bfd08 nano: update to 5.5
1224d6c21 idevicerestore: update to 1.0.0
9cfae98a7 idevicerestore: update to 2020-04-20
23f85f8fa idevicerestore: update to 2020-02-17
cb2d40346 idevicerestore: Update to 2019-12-26
202469750 idevicerestore: Add package
646461e2b libirecovery: update to official tarball
4f3b1aa38 libirecovery: fix version
e871dcf6b libirecovery: Update to 1.0.0
4175b8074 libirecovery: Add package
7707d2d78 haproxy: Update HAProxy to v2.0.20
8cc7aef3c nextdns: Update to version 1.9.6
67a324b5e syslog-ng: update to version 3.30.1
9e29bd4de https-dns-proxy: update to 2020-11-25: add HTTP auth and DSCP codepoint support
6d2ea90c3 haveged: update to 1.9.14
64b8dade4 usbmuxd: update to 1.1.1
42f227066 usbmuxd: enable systemd support
13485a4e5 usbmuxd: Update to 2020-01-20
c5aae4a76 usbmuxd: Update to latest master
0d0820d43 usbmuxd: Update to latest git version
46ecb7d58 imobiledevice: backport iOS 14 backup patch.
c71f4a82e libimobiledevice: update to 1.3.0
2ca8db427 libimobiledevice: update to 2020-02-19
2e2775dbc libimobiledevice: Update to 2020-01-20
cbda7d908 libimobiledevice: Update to latest master
f988eff7a libimobiledevice: Update to 2019-11-29
b856f627b libusbmuxd: update to 2.0.2
d59f1c90d libusbmuxd: Several fixes
a17c2aec3 libusbmuxd: Update to 2.0.1
5fc564827 libplist: add missing pkgconfig files in libplist 2.2
7660f6fa2 libplist: update to 2.2.0
8c28123e7 libplist: Several fixes
a60434422 libplist: Update to 2.1.0
3645d2876 libplist: Switch to normal releases
cafbae712 php7: drop patch for openssl deprecated API (fixes #14357)
4d1e525fc netdata: update to version 1.28.0
0563feebc adblock: backport fixes
40c1005f2 htop: update to 3.0.4-1
6bd3f5c37 mwan3: use ping -I for ipv6 after tunnel kernel fix
2a7bbad22 noddos: remove
182264c5b ulogd: Add back autoreconf
6106d1f28 ulogd2: Build IPFIX module
c8730e951 ulogd2: Backport upstream patches
5845691cb net: ulogd2: add myself as maintainer
df1c29679 nut: fix _ handling
e04535e99 qemu: bump PKG_RELEASE
3eb2e140e simple-adblock: config update
dc529c8cd wsdd2: update to git 2020-11-19
adb214338 samba4: update to 4.11.17
304888a37 htop: update to 3.0.3-1
0266f31c9 htop: update to 3.0.2-1
391267fc9 qemu: add patch for qga guest-shutdown command
4626c3bd6 utils/lcd4linux: fix package source
dc015ffe2 simple-adblock: bugfix - config update
9ca6bdaa0 https-dns-proxy: update binary to 2020-08-21
13d999882 zerotier: add patch to avoid including sys/auxv.h
061f81ff6 miniupnpd: Don't override ipv6_listening_ip

(cherry picked from commit 272e30fd)

81266d9001 openssl: bump to 1.1.1k
6165bb0d60 openssl: sync package download URLs with master
c336db7a78 mbedtls: update to 2.16.10
616fff2a94 mwlwifi: add PKG_FLAGS:=nonshared
dce6b118eb scripts: bundle-libraries.sh: fix broken SDK compiler
afdd5dcd0d build: reduce number of files passed to ipk-remove
1fcd833c9a build: call ipkg-remove using xargs if #args>=512
33df82be36 build: package-ipkg: avoid calling wildcard twice
3402334413 kernel: bump 4.14 to 4.14.224
55e9d87754 kernel: bump 4.14 to 4.14.223
c64742a96e wolfssl: bump to v4.7.0-stable
4b19b2db78 hostapd: P2P: Fix a corner case in peer addition based on PD Request
0a08a9a2b4 build: fix checks for GCC11
a5672f6b96 Revert "base-files: source functions.sh in /lib/functions/system.sh"
b4a4d04b91 kernel: bump 4.14 to 4.14.222
86aeac4fc9 base-files: source functions.sh in /lib/functions/system.sh
e9c0c5021c hostapd: backport ignoring 4addr mode enabling error
a36d2ee310 ramips: remove factory image for TP-Link Archer C20 v1

Fixes: CVE-2021-3450, CVE-2021-3449, CVE-2021-3336, CVE-2021-27803
(cherry picked from commit 87209b9f)

No package uses l2tp_ip.

(cherry picked from commit 2ecbe488)

3822f44013cc tunneldigger: remove unneeded kmod-l2tp-ip dependency
95c805c863cd tunneldigger: update to latest upstream (#238)

(cherry picked from commit f68bad11)

Upstream removed the factory images for the Archer C20 v1 as they
potentially brick the device. Remove them from Gluon to avoid build
failures on the next OpenWrt 19.07 bump.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7d100bc4)

e26b474 Merge pull request #644 from ecsv/batadv-for-19.07
369908c alfred: Start up alfred without valid interfaces
97e7600 alfred: Fix procd process handling for disable state
0a3432d Merge pull request #636 from ecsv/batadv-for-19.07
596dc84 batman-adv: Merge bugfixes from 2021.0
862a2df batctl: Merge bugfixes from 2021.0

(cherry picked from commit e511b3bc)

6aef4bc7c3 lantiq: fritz7320: enable USB power supply
6bf5bfc19f openssl: bump to 1.1.1j
f44153038e OpenWrt v19.07.7: revert to branch defaults
d5ae565873 OpenWrt v19.07.7: adjust config defaults
c4a6851c72 kernel: bump 4.14 to 4.14.221
f8b849103d ramips: ethernet: Disable TSO support to improve stability

(cherry picked from commit 6d3da664)

fec1aa6dfb mt76: update to the latest version
224fa47bf9 ramips: mark toggle input on EX6150 as a switch
3a05aa17db mac80211: Remove 357-mac80211-optimize-skb-resizing.patch
171d8bce0c ramips: remove factory image for TP-Link Archer C2 v1
2eb8444363 ath79: fix USB power GPIO for TP-Link TL-WR810N v1
d5a8e85878 wolfssl: Backport fix for CVE-2021-3336
cf5e5204d9 bcm63xx: sprom: override the PCI device ID
4465b44fc1 kernel: bump 4.14 to 4.14.219
4b9ade65ec bcm63xx: R5010UNv2: fix flash partitions for 16MB flash
ab9cb390be hostapd: fix P2P group information processing vulnerability
1e90091c5d opkg: update to latest git HEAD of branch openwrt-19.07
312c05611b kernel: bump 4.14 to 4.14.218
3100649458 wolfssl: enable HAVE_SECRET_CALLBACK
e9d2aa9dc6 wolfssl: Fix hostapd build with wolfssl 4.6.0
2044c01de8 wolfssl: Update to v4.6.0-stable
5ac0b2b431 mvebu: omnia: make initramfs image usable out of the box

(cherry picked from commit 429223b9)

a7a207e18b mt76: update to the latest version
1ce5008597 wireguard: Fix compile with kernel 4.14.217
2ecb22dc51 kernel: bump 4.14 to 4.14.217
11f4918ebb dnsmasq: backport fixes
9999c87d3a netifd: fix IPv6 routing loop on point-to-point links
250dbb3a60 odhcp6c: fix IPv6 routing loop on point-to-point links
d816c6cd31 kernel: bump 4.14 to 4.14.216
c21d59dc11 imagebuilder: pass IB=1 on checking requirements

(cherry picked from commit 39c1f672)

6fc02f2a45 OpenWrt v19.07.6: revert to branch defaults
b12284a14c OpenWrt v19.07.6: adjust config defaults
8055e38794 dnsmasq: Backport some security updates
733e62a8e1 uboot-at91: Add PKG_MIRROR_HASH to fix download
53814dadaf at91bootstrap: Add PKG_MIRROR_HASH to fix download
e30d3ea95f mbedtls: update to 2.16.9
c7b9c85819 kernel: bump 4.14 to 4.14.215
c9388fa986 kernel: bump 4.14 to 4.14.214
e290024717 glibc: update to latest 2.27 commit
2c37993c8a build/prereq: merge ifndef IB block together
79b1fa1702 build, imagebuilder: Do not require compilers
58138df2d5 build, imagebuilder: Do not require libncurses-dev
42e478eb0d build/json: add filesystem information

(cherry picked from commit 9df297bd)

b14eeccdfe ath79: image: fix initramfs for safeloader devices
cb58c7fe73 kernel: bump 4.14 to 4.14.212
fb52c40531 wireless-regdb: Update to version 2020.11.20
7711a5906a wireless-regdb: bump to latest release 2020-04-29
c03f018220 openssl: update to 1.1.1i
0a59e2a76e mac80211: Update to version 4.19.161-1
3f5fecfd33 ramips: enable LED VCC for Asus RT-AC51U

(cherry picked from commit 049625bb)

Fixes warnings about implicit pointer-to-int and int-to-pointer casts.

Fixes: 59a4cd63 ("gluon-respondd: expose OWE clients in nodeinfo")
(cherry picked from commit 17123aa4)

Fixes respondd on 64bit archs, as gluonutil_get_primary_domain() was
assumed to return int without the prototype.

Fixes: bcf57467 ("libgluonutil: implement gluonutil_get_primary_domain()")
(cherry picked from commit 52ee93f1)