chrissi^ authored 3 years ago and chrissi^ committed 3 years ago

This change removes the prefix4 and prefix6 attributes from the
site.conf. These do not make sense in the context of parker.

Packages that are usually used in parker do not use these anymore. Some
other packages do - you should not enable those :-)

With this change a ipv6 route to prefix_6 will no longer be set on
br-client. Systems that already have this route will keep it.

With this change the (not working) redirect in the http status page has
been removed. We should consider to add this later on.

Jan Luebbe authored 4 years ago and chrissi^ committed 3 years ago

Packets which have a destination MAC of other local nodes should not be
redirected, as this possibly results in routing loops in networks with more
than one uplink.

Signed-off-by: Jan Luebbe <sho@stratum0.net>

Kasalehlia authored 4 years ago and chrissi^ committed 3 years ago

at least concerning traffic limits

chrissi^ authored 4 years ago and chrissi^ committed 3 years ago

This change let's uradvd deliver the v6 link-local of this node as DNS.
With this change DNS-requests are not affected by the radv-filterd
-rewrites during roaming.

Signed-off-by: Chrissi^ <chris@tinyhost.de>

Jan Luebbe authored 4 years ago and chrissi^ committed 3 years ago

Signed-off-by: Jan Luebbe <jluebbe@debian.org>

Jan Luebbe authored 5 years ago and chrissi^ committed 3 years ago

When multiple routers are in the same local mesh and clients roam from one (A)
to the next (B), the change of global IP and default gateway are not
synchronized. This leads to packets with an address belonging to router A to be
sent via router B (or the other way around). Those packets are then dropped by
wireguard at the concentrator.

To avoid this, we let gluon-radv-filterd monitor router advertisements and keep
a list of neighbouring v6 networks. With this information, it can maintain a
set of ebtables DNAT rules to redirect the packets to the matching gateway.

Signed-off-by: Jan Luebbe <jluebbe@debian.org>

chrissi^ authored 5 years ago and chrissi^ committed 3 years ago

Using this change an VPN-node announces it's own IPv6 as DNS server.
/tmp/addr6 is written by nodeoute.lua during runtime configuration.

Signed-off-by: Chrissi^ <chris@tinyhost.de>

chrissi^ authored 6 years ago and chrissi^ committed 3 years ago

This change alles meshed PARKER-Nodes to forward IPv6 to the next node.

Signed-off-by: Chrissi^ <chris@tinyhost.de>

Jan Luebbe authored 6 years ago and chrissi^ committed 3 years ago

For parker we need DHCP on the client interface. Ths rule
prevents us from doing so.
In addition: make sure old rules will be deleted on upgrade.

Jan Luebbe authored 6 years ago and chrissi^ committed 3 years ago

Signed-off-by: Jan Luebbe <jlu@pengutronix.de>

Dark4MD authored 5 years ago and chrissi^ committed 3 years ago

Edit by Chrissi^:
Patch taken from:
https://github.com/freifunkh/site/blob/master/patches/0003-added-TP-Link-TL-WR841ND-N-Devices-for-8M-and-16M-Va.patch
This Patch adds support for 8M and 16M Flash variants of TP-Link
TL-WR841 with hand-made modifications.

chrissi^ authored 5 years ago and chrissi^ committed 3 years ago

Signed-off-by: Chrissi^ <chris@tinyhost.de>

chrissi^ authored 6 years ago and chrissi^ committed 3 years ago

Well, we don't actually need this. But let's try some patriotism.

chrissi^ authored 6 years ago and chrissi^ committed 3 years ago

Contact Info is no longer added on FFBS nodes since our gluon release of
v2017.1.8. On nodes that have been running before this release this
field is set to "Intentionally left blank".

This Info should not be shown on the statuspage.

Signed-off-by: Chrissi^ <chris@tinyhost.de>

(cherry picked from commit 394bc8e6)

Fixes unmet dependencies:

 The following packages have unmet dependencies:
 libncurses5-dev : Depends: libtinfo5 (= 6.1-1ubuntu1.18.04) but 6.2-0ubuntu2 is to be installed
                   Depends: libncurses5 (= 6.1-1ubuntu1.18.04) but 6.2-0ubuntu2 is to be installed
                   Depends: libtinfo-dev (= 6.1-1ubuntu1.18.04)
 python : PreDepends: python-minimal (= 2.7.15~rc1-1) but it is not going to be installed
          Depends: libpython-stdlib (= 2.7.15~rc1-1) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

Switch to apt-get, because it has a stable API. Same as ca7a8ff5.

fdd4afe6a adblock: fix init status command
5a8a7aeab libreswan: update cu 3.32
7af60cc3e libftdi1: Improve build binary reproducibility
aa3e95ac6 https-dns-proxy: bugfix: correct PROCD firewall object
abb3c7ede mariadb: update to version 10.2.37
cb6509e88 gnutls: patch security issue
41388ed8a php: add fix for updated ICU 68+
353063521 https-dns-proxy: support for additional Force DNS ports
44b301125 bind: update to version 9.16.13
612fbeb58 nnn: update to version 3.4
1952a1c2a python-aiohttp: backport fix for CVE-2021-21330
13ab7af3f icu: update to 68.2
2120a3cf5 icu: update to 68.1
10712797f icu: fix compilation under CentOS 7
79ddd0328 icu: update to 67.1
227597c97 haproxy: Update HAProxy to v2.0.21
a8a405928 tmate: add new package
01ab015a9 msgpack-c: add new package
97beb7d36 minidlna: update to 1.3.0
0494d8706 tor: update to version 0.4.4.8
40d56e46b mwan3: remove mwan3 ubus call on mwan3 iface hotplug ACTION
b66d262d7 net/mosquitto: bump to 1.6.14
e573dac5f CI: backport GitHub action CI
81fa8cf89 nextdns: Update to version 1.11.0
af02206e2 vpn-policy-routing: better processing of custom user files
5c58de5e6 libpam: update to 1.5.1
86a70892d libpam: update to 1.5.0
ef17e4a30 libpam: update to 1.4.0
85d122fdc nano: update to 5.6.1
a6a27c904 ninja: update to 1.10.2
b4adde587 ninja: fix typo
7fd680224 ninja: use for CMake
1299b07ee ninja: update to 1.10.1
86bb11e97 vpn-policy-routing: update to 0.3.2-18
2faeeb18e python-maho-mqtt: bump to versio 1.5.1
5c95dda73 unbound: update to 1.13.1
3abe9d0ae vpn-policy-routing: bugfix: netflix user file missing redirect
904d911c5 vpn-policy-routing: update user netflix file
2666b3d00 nano: update to version 5.6
7d26130b3 vpn-policy-routing: custom user scripts improvements
7d9d8616c libedit: update to version 20210216-3.1
ca01f389d libedit: update to version 20193112-3.1
855023214 adblock: update blocklist sources
39f3941cd knot: update to version 3.0.4
1662ca26b knot: update to 3.0.3
9389a5dd1 knot: disable embedded xdp
7619ff0df knot: update to 3.0.2
5ddcc2e05 knot: disable libnghttp2 autodetection
fb103be86 knot: update to version 3.0.1
523011bf4 screen: backport fix for CVE-2021-26937
8e1b62d4b openvswitch: update to version 2.11.6 (security fix)
5e24f6db6 vpn-policy-routing: update to version 0.3
0d0e4b96b netdata: update to version 1.29.2
2980cb8db netdata: update to version 1.29.1
f05ba1bbc python3: Update to 3.7.10, refresh patches
7be89f1f3 zerotier: bump to 1.6.4
fcf72948a bind: bump to 9.16.12
feb1a188e ksmbd: remove kmod-crypto-arc4 dependency
2f7026e65 htop: update to 3.0.5-1
ad186135a python-paho-mqtt: Update to version 1.5.0
3f0dbcdae isc-dhcp: seeing crashes when attempting to update dynamic dns
95fa96bda ttyd: force enable authentication for login
1a4184c07 https-dns-proxy: support for force DNS/DNS hijacking
b1fec2b7b mosquitto: bump to 1.6.13
5954e5695 getdns: disable static linking of getdns utilities
db69f0b57 zerotier: update to 1.6.3
1cec6bcfa getdns: Fix TLS V1.3 Ciphersuites option in Stubby
d7b42dcaa getdns: fix compilation without deprecated OpenSSL APIs
798c3ba3f keepalived: fix config typo
d41a0b75a keepalived: add script security param to fix warning
dbc66a08f ksmbd: update to 3.3.4
86c880712 ksmbd-tools: update to 3.3.4
dee2e818b keepalived: set default run directory for pid file on build
cf7969564 simple-adblock: remove dependency on jsonfilter & old code
bee91a9d8 sudo: backport patches for CVE-2021-3156
46d327a59 samba4: fix for #13758
e8d15424b nextdns: Update to version 1.10.1
11e9a2e17 php7: Fix prepare target incorrectly referencing 'configure.in' instead of 'configure.ac'
aae5144e7 msmtp: update to version 1.8.14
8e54decfa youtube-dl: update to version 2021.1.16
3b582ebd3 youtube-dl: update to version 2020.12.7
46253b17d https-dns-proxy: bugfix: high CPU utilization
cc38c62ad openwisp-config: update to version 0.5.0
50725c4c8 Revert "libzip: update to 1.7.3"
d8f0ebaa3 libzip: update to 1.7.3
9a0a7f928 libzip: update to 1.7.1 (closes #12512)
5fc922043 libzip: update to 1.6.1
9174036e4 libzip: update to 1.6.0
92f095b21 libzip: fix musl-fts failure
a0d9d76b2 libzip: add package
93d3bfd08 nano: update to 5.5
1224d6c21 idevicerestore: update to 1.0.0
9cfae98a7 idevicerestore: update to 2020-04-20
23f85f8fa idevicerestore: update to 2020-02-17
cb2d40346 idevicerestore: Update to 2019-12-26
202469750 idevicerestore: Add package
646461e2b libirecovery: update to official tarball
4f3b1aa38 libirecovery: fix version
e871dcf6b libirecovery: Update to 1.0.0
4175b8074 libirecovery: Add package
7707d2d78 haproxy: Update HAProxy to v2.0.20
8cc7aef3c nextdns: Update to version 1.9.6
67a324b5e syslog-ng: update to version 3.30.1
9e29bd4de https-dns-proxy: update to 2020-11-25: add HTTP auth and DSCP codepoint support
6d2ea90c3 haveged: update to 1.9.14
64b8dade4 usbmuxd: update to 1.1.1
42f227066 usbmuxd: enable systemd support
13485a4e5 usbmuxd: Update to 2020-01-20
c5aae4a76 usbmuxd: Update to latest master
0d0820d43 usbmuxd: Update to latest git version
46ecb7d58 imobiledevice: backport iOS 14 backup patch.
c71f4a82e libimobiledevice: update to 1.3.0
2ca8db427 libimobiledevice: update to 2020-02-19
2e2775dbc libimobiledevice: Update to 2020-01-20
cbda7d908 libimobiledevice: Update to latest master
f988eff7a libimobiledevice: Update to 2019-11-29
b856f627b libusbmuxd: update to 2.0.2
d59f1c90d libusbmuxd: Several fixes
a17c2aec3 libusbmuxd: Update to 2.0.1
5fc564827 libplist: add missing pkgconfig files in libplist 2.2
7660f6fa2 libplist: update to 2.2.0
8c28123e7 libplist: Several fixes
a60434422 libplist: Update to 2.1.0
3645d2876 libplist: Switch to normal releases
cafbae712 php7: drop patch for openssl deprecated API (fixes #14357)
4d1e525fc netdata: update to version 1.28.0
0563feebc adblock: backport fixes
40c1005f2 htop: update to 3.0.4-1
6bd3f5c37 mwan3: use ping -I for ipv6 after tunnel kernel fix
2a7bbad22 noddos: remove
182264c5b ulogd: Add back autoreconf
6106d1f28 ulogd2: Build IPFIX module
c8730e951 ulogd2: Backport upstream patches
5845691cb net: ulogd2: add myself as maintainer
df1c29679 nut: fix _ handling
e04535e99 qemu: bump PKG_RELEASE
3eb2e140e simple-adblock: config update
dc529c8cd wsdd2: update to git 2020-11-19
adb214338 samba4: update to 4.11.17
304888a37 htop: update to 3.0.3-1
0266f31c9 htop: update to 3.0.2-1
391267fc9 qemu: add patch for qga guest-shutdown command
4626c3bd6 utils/lcd4linux: fix package source
dc015ffe2 simple-adblock: bugfix - config update
9ca6bdaa0 https-dns-proxy: update binary to 2020-08-21
13d999882 zerotier: add patch to avoid including sys/auxv.h
061f81ff6 miniupnpd: Don't override ipv6_listening_ip

(cherry picked from commit 272e30fd)

81266d9001 openssl: bump to 1.1.1k
6165bb0d60 openssl: sync package download URLs with master
c336db7a78 mbedtls: update to 2.16.10
616fff2a94 mwlwifi: add PKG_FLAGS:=nonshared
dce6b118eb scripts: bundle-libraries.sh: fix broken SDK compiler
afdd5dcd0d build: reduce number of files passed to ipk-remove
1fcd833c9a build: call ipkg-remove using xargs if #args>=512
33df82be36 build: package-ipkg: avoid calling wildcard twice
3402334413 kernel: bump 4.14 to 4.14.224
55e9d87754 kernel: bump 4.14 to 4.14.223
c64742a96e wolfssl: bump to v4.7.0-stable
4b19b2db78 hostapd: P2P: Fix a corner case in peer addition based on PD Request
0a08a9a2b4 build: fix checks for GCC11
a5672f6b96 Revert "base-files: source functions.sh in /lib/functions/system.sh"
b4a4d04b91 kernel: bump 4.14 to 4.14.222
86aeac4fc9 base-files: source functions.sh in /lib/functions/system.sh
e9c0c5021c hostapd: backport ignoring 4addr mode enabling error
a36d2ee310 ramips: remove factory image for TP-Link Archer C20 v1

Fixes: CVE-2021-3450, CVE-2021-3449, CVE-2021-3336, CVE-2021-27803
(cherry picked from commit 87209b9f)