Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03
Description:
opennds (10.2.0) - This version is a minor upgrade that introduces some significant additional functionality.
In addition it includes numerous enhancements bug fixes and cosmetic fixes.
Additional functionality includes:
* Pre-emptive Client Lists
* Autonomous Block Lists
* Internet hosted https FAS support for resource limited routers
* Fair Usage Policy
Details can be found here:
https://github.com/openNDS/openNDS/releases/tag/v10.2.0
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03
Description:
opennds (10.1.3)
Security Advisory. This version contains fixes for multiple potential security vulnerabilities
Credit - Stanislav Dashevskyi - standash.github.io [standash]
It also contains some minor bug fixes
* Fix - Buffer overflow causing segfault - CVE-2023-41101 [bluewavenet]
* Fix - Memory leaks due to passing allocated buffer into safe_asprintf() - CVE-2023-41102 [bluewavenet]
* Fix - Remove deprecated preauth option [bluewavenet]
* Fix - missing free in show_preauth_page if MHD does not respond [bluewavenet]
* Fix - more safe_asprintf memory leaks [bluewavenet]
* Fix - missing free for mark_auth [bluewavenet]
* Fix - memory leak after starting authmon daemon [bluewavenet]
* Fix - memory leak in encode_and_redirect_to_splashpage [bluewavenet]
* Fix - Community themespec, voucher css and logo image [bluewavenet]
* Fix - ThemeSpec, path to logo in page footer [bluewavenet]
* Fix - ensure gatewayurl is urldecoded to fix broken css and images in themespec [bluewavenet]
* Add - set default fas remote fqdn to disabled [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03
Description:
opennds (10.1.2)
Security Advisory. This version contains fixes for multiple potential security vulnerabilities
Credit - Stanislav Dashevskyi - standash.github.io [standash]
It also contains some minor bug fixes
* Fix - Generate unique sha256 faskey if not set in config - CVE-2023-38324 [bluewavenet]
* Fix - NULL pointer dereference if user_agent is NULL - CVE-2023-38320, CVE-2023-38322 [bluewavenet]
* Fix - NULL pointer dereference if authdir is called with an incomplete or missing query string - CVE-2023-38313, CVE-2023-38314, CVE-2023-38315 [bluewavenet]
* Fix - remove deprecated and non-functioning unescape callback - CVE-2023-38316 [bluewavenet]
* Fix - prevent potential recursive dependency and detect if conflicting package is installed [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03
opennds (10.1.1)
* This version contains some minor bug fixes and documentation updates
* Fix - send only contents of buffer, not entire buffer when serving page511 [bluewavenet]
* Fix - Set fas_remotefqdn to gw_fqdn when overriding FAS settings [bluewavenet]
* Fix - use absolute path for css and images in ThemeSpec [bluewavenet]
* Fix - revert to old option names without underscores [bluewavenet]
* Fix - FAS URL when fas_remotefqdn is not set [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03
opennds (10.1.0)
This version is a major upgrade including full migration to nftables
and native uci configuration support even for generic Linux distributions.
It also includes a significant refactoring of inbuilt memory management,
improving long term reliability, fixing several memory leaks, buffer overflows and several edge case crashes.
* Add - support for included custom binauth script [bluewavenet]
* Add - emit a useful stderr message if auth_restore fails [bluewavenet]
* Add - procd respawn threshold, respawn timeout and respawn retry parameters [bluewavenet]
* Add - user friendly commandline message if already running [bluewavenet]
* Fix - Enabling of Data volume quotas [bluewavenet]
* Fix - use get_list_from_config instead of get_option_from_config [bluewavenet]
* Fix - compiler warning - unused variable [bluewavenet]
* Fix - remove redundant function call ipsetconf [bluewavenet]
* Fix - walledgarden for both nftset and ipset on OpenWrt [bluewavenet]
* Add - more meaningful output if attempt is made to restart when already running [bluewavenet]
* Fix - resolve gatewayfqdn after startup [bluewavenet]
* Fix - Choose forground or background running according to commandline arguments [bluewavenet]
* Fix - remove superfluous debug message [bluewavenet]
* Fix - replace sleep with procd_set_param term_timeout [bluewavenet]
* Fix - make option enabled default to enabled [bluewavenet]
* Fix - report authmon pid instead of opennds pid from authmon [bluewavenet]
* Fix - ensure correct pid obtained for opennds [bluewavenet]
* Add - StartLimitIntervalSec and StartLimitBurst to systemd service script [bluewavenet]
* Fix - refactor remote downloads [bluewavenet]
* Fix - suppress error message on ipset test failure [bluewavenet]
* Fix - send non-syslog debug information to stdout by default [bluewavenet]
* Add - C function to check heartbeat watchdog [bluewavenet]
* Fix - Update generic Linux makefile [bluewavenet]
* Fix - remove redundant ruleset struct definition [bluewavenet]
* Fix - potential buffer overflow issue during config stage [bluewavenet]
* Fix - remove unnecessary calls to free() in page 404 processing [bluewavenet]
* Fix - remove redundant code from fw_iptables [bluewavenet]
* Add - updates to binauth_log script [bluewavenet]
* Add - updates for service startup, systemd and procd [bluewavenet]
* Add - refactoring of commandline processing [bluewavenet]
* Fix - remove debugging message [bluewavenet]
* Fix - typo in client ruleset [bluewavenet]
* Add - Refactor to use uci config directly even for Generic Linux [bluewavenet]
* Add - Parsing for multi item lists with spaces in items [bluewavenet]
* Add - use common library call get_option_fom_config [bluewavenet]
* Add - support for direct use of uci format config file - string and integer parameters [bluewavenet]
* Fix - Remove deprecated syslog_facility config setting [bluewavenet]
* Add - thread busy message to ndsctl [bluewavenet]
* Add - refactor configure_log_location [bluewavenet]
* Fix - suppress LOG_NOTICE message when getting mac of interface [bluewavenet]
* Fix - ndsctl error message [bluewavenet]
* Fix - get_client_interface for levels 2 and 3 [bluewavenet]
* Add - use common library write_log function [bluewavenet]
* Add - Refactor memory management [bluewavenet]
* Fix - fix and refactor upload rate limiting rules [bluewavenet]
* Fix - Change a debug message from err to info [bluewavenet]
* Add - refine common buffer sizes [bluewavenet]
* Add - use initialised heap memory for redirect_to_splashpage [bluewavenet]
* Add - user message to themespec [bluewavenet]
* Add - auth_restore support ie reauth clients after a restart by default. [bluewavenet]
* Add - Library call to preemptively re-auth clients after a restart or crash [bluewavenet]
* Add - BinAuth, write an authenticated clients list [bluewavenet]
* Add - library call "check_heartbeat" [bluewavenet]
* Fix - Tidy up redundant code [bluewavenet]
* Fix - change warning message to debug message when iw not installed [bluewavenet]
* Add - library call to log to syslog [bluewavenet]
* Fix - use initialised heap memory for client list entries [bluewavenet]
* Fix - ignore legacy ipset firewall rule [bluewavenet]
* Fix - refactor memory management for MHD calls - use heap memory for buffers etc [bluewavenet]
* Fix - missing free causing memory leak [bluewavenet]
* Fix - predefine and initialise buffer for send_redirect_temp [bluewavenet]
* Add - support protocol "all" in firewall ruleset [bluewavenet]
* Add - pre-allocation of initialised buffers [bluewavenet]
* Fix - prevent buffer overrun on removing client [bluewavenet]
* Add - update MHD connection timeout and connection limit [bluewavenet]
* Add - chain ndsDLR for dynamic client download rate limiting rules [bluewavenet]
* Add - Use Internal Polling Thread / Thread Per Connection in MHD [bluewavenet]
* Add - some new default values [bluewavenet]
* Fix - remove some redundant code and fix some compiler warnings [bluewavenet]
* Fix - remove redundant library command string [bluewavenet]
* Fix - Tidy up redundant iptables code [bluewavenet]
* Add - convert trusted client support to nftables [bluewavenet]
* Add - refer to nftables [bluewavenet]
* Add - move code for generating authentication mark string to initial setup [bluewavenet]
* Add - full nftset support with ipset import where required [bluewavenet]
* Add - nftset support library calls [bluewavenet]
* Add - ipset_to_nftset library call [bluewavenet]
* Add - support for nftables version of append_ruleset and nftables_compile [bluewavenet]
* Fix - buffer overflow in page_511 generation [bluewavenet]
* Add - more nftables migration including rate quotas [bluewavenet]
* Fix - change GatewayInterface to lower case [bluewavenet]
* Add - upload and download limiting client flags for future use [bluewavenet]
* add - lib calls "pad_string" and "replace_client_rule" [bluewavenet]
* Add - further nftables migration [bluewavenet]
* Fix - correctly parse options from legacy conf file [bluewavenet]
* Fix - some compiler warnings and set min iptables version [bluewavenet]
* Add - Generic Linux configure walledgarden [bluewavenet]
* Add - Implementation of nftsets for walledgarden [bluewavenet]
* Add - migration to nftables, next phase. [bluewavenet]
* Add - library function delete_client_rule [bluewavenet]
* Fix - remove duplicate definition [bluewavenet]
* Add - First stage migration to nftables [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 22.03
opennds (9.10.0)
* This version adds new functionality, and fixes some issues
* Fix - unable to read client upload traffic volume on some versions of iptables-nft (generic Linux) [bluewavenet]
* Fix - compatibility with bash shell on generic Linux [bluewavenet]
* Fix - compiler warning, unused variable [bluewavenet]
* Fix - silently continue if fw4 table is not found [bluewavenet]
* Add - Start daemon earlier on boot [bluewavenet]
* Fix - compatibility with legacy iptables packages [bluewavenet]
* Add - call to delete nft chains [bluewavenet]
* Fix - stop using legacy INPUT and FORWARD chains [bluewavenet]
* Add - watchdog restart if openNDS nftables ruleset is missing [bluewavenet]
* Add - automated rule setting/deleting for users_to_router [bluewavenet]
* Add - Change fwhook to add users to router rule to fw4 on OpenWrt [bluewavenet]
* Add - Set allow or passthrough mode for users_to_router rules [bluewavenet]
* Fix - set fwhook default to disabled to prevent restart on hotplug event [bluewavenet]
* Fix - fas-aes-https description comments [bluewavenet]
* Fix - icon overspill on splash pages [bluewavenet]
* Fix - missing config option in community script [bluewavenet]
* Fix - urlencode handling of "$" character and add htmlentity encode/decode library call [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 22.03
opennds (9.9.1)
* This version fixes some issues
* Fix - minimalise deprecated legacy .conf file
* Fix - Prevent rate limit refresh if rate limit is set to 0 [bluewavenet]
* Fix - Mute some unneccessary debug messages [bluewavenet]
* Fix - do not write unconfigured (null) parameters to client id file (cidfile) [bluewavenet]
* Fix - Prevent error "Command process exited due to signal 13" when executing an external script [bluewavenet]
* Fix - use WTERMSIG() return code for _execute_ret when execute fails [bluewavenet]
* Fix - use correct response type for error 503 [bluewavenet]
* Update Makefile description [bluewavenet]
* Add - Community Local FAS install script [bluewavenet]
* Update - Mention TCP port 80 requires AutonomousWG [afriza]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 22.03
opennds (9.9.0)
* This version adds new functionality, and fixes some issues
* Add - Community ThemeSpec to support legacy splash.html [bluewavenet]
* Fix - ensure nat_traversal_poll_interval defaults to 10 seconds [bluewavenet]
* Add - process send_to_fas_deauthed and send_to_fas_custom in fas-aes-https [bluewavenet]
* Add - support for send_to_fas_deauthed library call in binauth_log.sh [bluewavenet]
* Add - heartbeat file containing timestamp [bluewavenet]
* Add - send_to_fas_deauthed and send_to_fas_custom library calls [bluewavenet]
* Add - Save authmon daemon startup arguments for libopennds [bluewavenet]
* Fix - potential divide by zero errors [bluewavenet]
* Add - option nat_traversal_poll_interval [bluewavenet]
* Add - Library calls for urlencode and urldecode[bluewavenet]
* Fix - Don't download remotes if ThemeSpec not configured [bluewavenet]
* Add - Error report in syslog if dhcp database is not found [bluewavenet]
* Add - library calls, deauth and daemon_deauth [bluewavenet]
* Fix - change WTERMSIG log from WARNING to NOTICE [bluewavenet]
* Add - Set minimum bucket size to 5 regardless of configured bucket ratio [bluewavenet]
* Fix - safe_vasprint return value [bluewavenet]
* Add - test if safe_calloc failed and serve error 503 [bluewavenet]
* Add - use calloc instead of malloc[bluewavenet]
* fix - safe functions to return error rather than exit [bluewavenet]
* Add - b64decode custom string received by binauth script [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 22.03
* This version adds new functionality, and fixes some issues
* Fix - suppress stderr in client_params in generic linux [bluewavenet]
* Fix - client_params on generic linux, remote logo not supported yet [bluewavenet]
* Fix - compiler warning [bluewavenet]
* Fix - set voucher script as executable [bluewavenet]
* Update OpenWrt Makefile [bluewavenet]
* Add - format footer in Themespec scripts [bluewavenet]
* Update footer on all scripts [bluewavenet]
* Update - Community Voucher Themespec [bluewavenet]
* Add - Check on startup for Y2.038K bug (32 bit time) [bluewavenet]
* Fix - Remove deprecated Debian specific files [bluewavenet]
* Add - More css updates [bluewavenet]
* Add - user friendly RFC8910 page511 text and remove refresh button [bluewavenet]
* Fix - MHD becomes unresponsive serving page 511 for rfc8910 clients [bluewavenet]
* Add - extra startup settings - ignore_sigpipe and write nds info [bluewavenet]
* Add - set MHD connection limit to 100, set MHD listen backlog size to 128, set MHD_HTTP_HEADER_CONNECTION "close" [bluewavenet]
* Fix - Add missing LOG_CRIT in debug [bluewavenet]
* Add - some useful diagnostic output in authmon [bluewavenet]
* Fix - Move testing to community [bluewavenet]
* Fix - Community - Use tmpfs by default for vouchers.txt file [bluewavenet]
* Add - README with use instructions and notice about flash wearout [fservida]
* Fix - Refactor folder structure for community themespec [fservida]
* Add - Create vouchers.txt [fservida]
* Add - Create theme_voucher.sh [fservida]
* Update - README.md [bluewavenet]
* Add - image download info message [bluewavenet]
* Add - css updates [dianariyanto]
* Add - allow downloaded remotes refresh for all modes [bluewavenet]
* Add - download_resources.sh to installed files [bluewavenet]
* Add - support for download of custom images and files in the status.client page [bluewavenet]
* Remove - Debian man page support [bluewavenet]
* Fix - Add missing mkdir command in Makefile [dzatoah]
* Fix - typos in src/{conf, main}.c [dzatoah]
Signed-off-by: Rob White <rob@blue-wave.net>
The opennds software interfaces with netfilter using `iptables` commands,
it does not rely on a specific implementation of the iptables frontend.
Furthermore, the semantically wrong conflict with iptables-legacy
introcduces recursive dependencies in the build system, even for people
not using opendns.
Remove the explicit conflict marker for iptables-legacy.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64, on snapshot
* This version adds new functionality, and fixes some issues
* Fix - syntax error (missing comma) in awk command in bash on generic Linux [bluewavenet]
* Add - option to append serial number suffix to gatewayname [bluewavenet]
* Add - block use of ip aliases on gateway interface [doctor-ox] [bluewavenet]
* Fix - ndsctl json syntax error [bluewavenet]
* Add - check for null variables in key value pairs in MHD callbacks [bluewavenet]
* Fix - changed some notice messages into debug messages [bluewavenet]
* Fix - possible return of incorrect pid [doctor-ox] [bluewavenet]
* Fix - possible abiguities resulting in failure to parse parameters correctly [bluewavenet]
* Fix - Remove deprecated get_client_token.sh [bluewavenet]
* Fix - Prevent possible malformed mac address returned from dhcpcheck() [doctor-ox] [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
- Reorder things
- Fixed SPDX License Identifier
- Added PKG_LICENSE_FILES
- Use two spaces instead of tab
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, gl-inet b1300, gl-inet mt300n-v2, Snapshot, 21.02.1, 19.07.8
Description:
This version adds new functionality, and fixes some issues
* Fix - correctly display return buffer in syslog [bluewavenet]
* Add - use heap allocation for library call return buffer [bluewavenet]
* Fix - OpenWrt, fhook request for fw3 [bluewavenet]
* Add - spider remote urls before downloading [bluewavenet]
* Add - OpenWrt, revert uncommitted uci updates at startup and shutdown [bluewavenet]
* Fix - remove unneccesary flash writes and fix hosts updates [doctor-ox] [bluewavenet]
* Add - Updated splash images [bluewavenet]
* Add - OpenWrt makefile for nft or ipt dependencies [bluewavenet]
* Fix - grep by word to prevent any ambiguity [doctor-ox] [bluewavenet]
* Fix - ensure rate limiting is disabled if rate thresholds are set to zero [bluewavenet]
* Add - querystring support for client status page [bluewavenet]
* Add - Advanced/standard status page checkbox [bluewavenet]
* Add - set default session timeout to 24 hours [bluewavenet]
* Fix - potential buffer overflow [bluewavenet]
* Fix - Restrict max packet limit to iptables maximum [bluewavenet]
* Fix - descriptive labels on ndsctl status output [bluewavenet]
* Add - update of README.md [bluewavenet]
* Fix - Added required variable to FAS return string example documentation [dorkone]
* Add - Default checkinterval set to 15 seconds [bluewavenet]
* Fix - incoming and outgoing counters when unlimited bursting is enabled [bluewavenet]
* Add - maximum bucket size configuration [bluewavenet]
* Add - calculate moving average packet size for rate limiting [bluewavenet]
* Add - some operational default values [bluewavenet]
* Add - initial rate limits when unrestricted bursting is disabled [bluewavenet]
* Add - Require clients to be in the dhcp database [bluewavenet]
* Add - dhcpcheck library call [bluewavenet]
* Fix - Remove trailing whitespace when getting clientaddress if client not active [bluewavenet]
* Fix - Segfault when FAS fails to Return customstring [dorkone] [bluewavenet]
* Add - Enable/Disable unrestricted bursting [bluewavenet]
* Add - gatewayurl to querystring and use in place of originurl in FAS [bluewavenet]
* Fix - more accurate debug message [bluewavenet]
* Fix - Show packet rate correctly as packets per minute [bluewavenet]
* Add - Report Packet Rate and Bucket Size in ndsctl status and json and status client page [bluewavenet]
* Add - rate limit refresh to client limit rules [bluewavenet]
* Fix - code readability [bluewavenet]
* Fix - Documentation for data sent to Authmon Daemon [bluewavenet]
* Add - Show unrestricted burst intervals in ndsctl status [bluewavenet]
* Add - Set default bucket ratios to 10 [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, gl-inet b1300, gl-inet mt300n-v2, Snapshot, 21.02.1, 19.07.8
Description:
This version adds new functionality, and fixes some issues
* Fix - ThemeSpec file downloads when mwan3 is running [bluewavenet]
* Fix - Preemptive auth failure after previous deauth [minhng99] [bluewavenet]
From v9.5.0
* Add - use average packet size instead of MTU when implementing rate limiting [bluewavenet]
* Fix - typo in iptables command and remove a redundant command [bluewavenet]
* Add - startdaemon() and stopdaemon() utility functions [bluewavenet]
* Add - combined interface/ipaddress external gateway status monitoring [bluewavenet]
* Fix - potential online/offline detection problem when mwan3 is running [bluewavenet]
* Add - get_debug_level and syslog library calls [bluewavenet]
* Fix - correctly reset upload and download rate rules [bluewavenet]
* Add - extend upstream gateway checking for use with mwan3 loadbalance/failover [bluewavenet]
* Fix - Potential NULL pointer segfault in http_microhttpd on calling authenticated() [bluewavenet]
* Fix - Potential NULL pointer segfault in http_microhttpd on calling preauthenticated() [dddaniel]
* Add - Calculate Bucket size based on achieved burst rate [bluewavenet]
* Fix - prevent parameter parsing if clientip not known [bluewavenet]
* Add - disable rate quotas by setting bucket ratio to zero [bluewavenet]
* Fix - suppress some debug messages [bluewavenet]
* Add - more libraries documentation [bluewavenet]
* Add - library calls startdaemon and stopdaemon [bluewavenet]
* Fix - Increase buffer length for longer interface names [koivunen]
* Add - Update README.md [bluewavenet]
* Add - bucket ratio option to config file [bluewavenet]
* Add - upload and download bucket ratio config values [bluewavenet]
* Fix - flag initial debuglevel to externals [bluewavenet]
* Add - limit-burst tuning to rate quotas [bluewavenet]
* Fix - add trailing space to defaultip [bluewavenet]
* Add - record pre-emptive authentication in local log [bluewavenet]
* Add - Write to local log function to libopennds [bluewavenet]
* Add - set client_type and custom string for Pre-emptive authentication [bluewavenet]
* Fix - Remove trailing newline from library call response [bluewavenet]
* Fix - attempt to remove cid file only if client->cid is set [bluewavenet]
* Add - a skip option for custom downloads to speed up serving page from themespec [bluewavenet]
* Add - put client_type into query string when type is cpd canary [bluewavenet]
* Add - set refresh=0 before loading images [bluewavenet]
* Fix - Truncated return status [bluewavenet]
* Add - Acknowlegement from call to dnsconfig [bluewavenet]
* Fix - potential buffer overflow in debug output [bluewavenet]
* Add - processing of custom data and client type [bluewavenet]
* Add - Client Type for RFC8908 and RFC8910 clients [bluewavenet]
* Add - rfc8908 replies for external FAS and refactor memory management for MHD calls [bluewavenet]
* Add - send error 403 if client is not on openNDS subnet [bluewavenet]
* Fix - remove uneccessary safe_asprint in auth.c [bluewavenet]
* Fix - Initialise buffer to prevent receiving spurious characters [bluewavenet]
* Add - encoded custom data support to ndsctl json, themespec and binauth [bluewavenet]
* Add - advert_1.htm to thankyou page of theme_click-to-continue-custom-placeholders.sh [bluewavenet]
* Add - library call get_interface_by_ip [bluewavenet]
* Add - function encode_custom() for encoding custom data to be sent to openNDS [bluewavenet]
* Fix - error 511, make all html refrences absolute to enforce link to MHD [bluewavenet]
* Add - check status_path exists and is executeable [bluewavenet]
* Fix - regression causing error 511 to be served from default script [bluewavenet]
* Add - venue-info-url and can-extend-session json keys [bluewavenet]
* Add - RFC 8908 initial experimental support [bluewavenet]
* Add - debug message when resetting client [bluewavenet]
* Fix - Ensure the ndscids directory exists before trying to write to it. [bluewavenet]
* Fix - use eval in do_ndsctl to allow quoting of arguments [bluewavenet]
* Fix - ensure client hid and client cid file is reset correctly [bluewavenet]
* Fix - Titles of example ThemeSpec Files [bluewavenet]
* Fix - Ensure ThemeSpec Files are executable [bluewavenet]
* Remove - deprecated Allowed and Blocked entries in ndsctl status output [bluewavenet]
* Add - Deprecate option macmechanism, allowedmaclist and blockedmaclist [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, gl-inet b1300, gl-inet mt300n-v2, Snapshot, 21.02.0, 19.07.8
Description:
This version adds new functionality, and fixes some issues
* Add - Error message in fas-aes-https if shared key is mismatched [bluewave.net]
* Fix - and refactor error 511 page generation[bluewave.net]
* Fix - and refactor dnsmasq configuration [bluewave.net]
* Fix - Typographic error preventing RFC8910 disable [bluewave.net]
* Add - gateway address and gatewayfqdn to ndsctl json output [bluewave.net]
* Add - RFC8910 housekeeping on startup and shutdown [bluewave.net]
* Add - correctly apply dhcp option 114 for generic Linux [bluewave.net]
* Add - reading of configured ndsctlsocket in ndsctl utility[bluewave.net]
* Add - use send_error 200 for MHD watchdog [bluewave.net]
* Add - generation of page_511 html by library script [bluewave.net]
* Add - extend debuglevel support to library scripts [bluewave.net]
* Refactor - fas-aes-https to simplify and make customisation of http easier [bluewave.net]
* Add - library script for error 511 page, allowing customisation [bluewave.net]
* Add - make authmon report connection error details [bluewave.net]
* Fix- remove unwanted debug message in ndsctl [bluewave.net]
* Add - RFC8910 support by default [bluewave.net]
* Add - display status page when accessing /login when authenticated [bluewave.net]
* Add - MHD response to RFC8910 requests [bluewave.net]
* Add - Dnsmasq RFC8910 configuration [bluewave.net]
* Add - send error 511 in response to unsupported http method [bluewave.net]
* Add - Check for ca-bundle on OpenWrt, if not installed, add syslog messages and terminate [bluewave.net]
* Add - Make ndsctl use the configured value for socket path if set and deprecate -s option [bluewave.net]
* Add - Warning message when Walled Garden port 80 is allowed [bluewave.net]
* Fix - remove un-needed pthread_kill in termination_handler() [bluewave.net] [T-X]
* Fix - debug messages from authmon.sh [bluewave.net]
* Fix - Allow disabling gateway fqdn, facilitating access to router port 80 [bluewave.net]
* Fix - Segfault in ndsctl when -s option is used incorrectly [bluewave.net] [T-X]
* Fix - Typo making calculation of ul/dl rates incorrect [bluewave.net]
* Fix - Allow port 80 to be configured in the Walled Garden [bluewave.net]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, gl-inet b1300, gl-inet mt300n-v2, Snapshot, 21.02.0-rc3, 19.07.7
Description:
This version adds new functionality, and fixes some issues
* Add - firewall passthrough mode for authenticated users [bluewave.net]
* Add - use configured debuglevel in authmon [bluewave.net]
* Add - automated log rotation and client_zone to binauth_log [bluewave.net]
* Add - increased timeout interval for file downloads [bluewave.net]
* Add - local interface to MeshZone and remove unneeded call to ip utility [bluewave.net]
* Add - log_mountpoint and max_log_entries options [bluewave.net]
* Add - config variables ext_interface and ext_gateway [bluewave.net]
* Add - Start initial download of remotes only if online [bluewave.net]
* Add - Router online/offline watchdog [bluewave.net]
* Fix - Segfault when gatewayfqdn is disabled [bluewave.net]
* Fix - missing clientmac when not using themespec [bluewave.net]
* Fix - some compiler warnings [bluewave.net]
* Fix - use configured value for webroot for remote image symlink to images folder [bluewave.net]
* Fix - remove refrences to login.sh in documentation and comments [bluewave.net]
* Fix - Prevent potential read overrun within the MHD page buffer [bluewave.net]
* Remove - legacy get_ext_iface() function [bluewave.net]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, gl-inet b1300, gl-inet mt300n-v2, Snapshot, 21.02.0-rc3, 19.07.7
Description:
This version adds new functionality, improves performance, adds documentation and fixes an issue
* Add - new config options to ndsctl status [bluewave.net]
* Add - Readthedocs / man documentation for configuration options [bluewave.net]
* Add - Faster convergence of average rates to configured rate quotas [bluewave.net]
* Add - BinAuth parse authenticated client database for client data [bluewave.net]
* Add - Use heap allocation for http page buffer allowing large page sizes [bluewave.net]
* Fix - fail to serve downloaded images on custom themespec [bluewave.net]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White rob@blue-wave.net
Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, gl-inet b1300, gl-inet mt300n-v2, Snapshot, 21.02.0-rc3, 19.07.7
Description:
This version fixes a compiler error, some compiler warnings and mutes a debug message
* Fix - Compiler error, missing mode in call to open() [bluewave.net]
* Fix - Compiler warning, ignored return value from call to lockf() [bluewave.net]
* Fix - Compiler warning, ignored return value from call to system() [bluewave.net]
* Fix - Compiler warning, ignored return value from call to fgets() [bluewave.net]
* Fix - Remove debug message from call to get_client_interface library [bluewave.net]
Signed-off-by: Rob White <rob@blue-wave.net>
This version introduces major new functionality, some changes and fixes.
New Themed Splash pages are introduced, enabling rapid customisation. Theme placeholders can be populated from information provided in the config file. Remote files and image sources can be defined in the config file and these will be automatically downloaded as required.
Deprecated legacy code from previous versions has been removed.
Tested on OpenWrt, OpenSuse and Debian.
Signed-off-by: rob <rob@blue-wave.net>
This release fixes an issue where some firewall rules containing
the keyword "block" would cause openNDS to fail in startup.
Signed-off-by: Rob White <rob@blue-wave.net>
This version introduces major new functionality and some major changes
* Rationalisation of support for multiple Linux distributions [bluewavenet]
* Refactor login.sh script introducing base64 encoding and hashed token (hid) support [bluewavenet]
* Refactor fas-hid script introducing base64 encoding and simplifying customisation of the script [bluewavenet]
* Refactor binauth_log.sh and log BinAuth custom data as url encoded [bluewavenet]
* Refactor fas-aes, simplifying customisation of the script [bluewavenet]
* Refactor fas-aes-https, simplifying customisation of the script [bluewavenet]
* Change - Use hid instead of tok when fas_secure_enabled >= 1 [bluewavenet]
* Add - base64 encoding to fas_secure_enabled level 1 [bluewavenet]
* Add - gatewyname, clientif, session_start, session_end and last_active to ndsctl json [bluewavenet]
* Add - support for RFC6585 Status Code 511 - Network Authentication Required [bluewavenet]
* Add - Client Status Page UI with Logout [bluewavenet]
* Add - GatewayFQDN option [bluewavenet]
* Add - client interface to status page query string [bluewavenet]
* Add - support using base 64 encoded custom string for BinAuth and replace tok with hid [bluewavenet]
* Add - base 64 decode option to ndsctl [bluewavenet]
* Add - b64 encoding of querystring for level 1 [bluewavenet]
* Add - Improved performance/user-experience on congested/slow systems using php FAS scripts [bluewavenet]
* Add - support for ndsctl auth by hid in client_list [bluewavenet]
* Add - Ensure faskey is set to default value (always enabled) [bluewavenet]
* Add - Display error page on login failure in login.sh [bluewavenet]
* Add - splash.html, add deprecation notice [bluewavenet]
* Add - authmon, improved lock checking and introduce smaller loopinterval [bluewavenet]
* Add - client_params, wait for ndsctl if it is busy [bluewavenet]
* Add - fas-aes-https, allow progressive output to improve user experience on slow links [bluewavenet]
* Fix - Block access to /opennds_preauth/ if PreAuth not enabled [bluewavenet]
* Fix - On startup, call iptables_fw_destroy before doing any other setup [bluewavenet]
* Fix - missing final redirect to originurl in fas-hid [bluewavenet]
* Fix - ensure gatewayname is always urlencoded [bluewavenet]
* Fix - client session end not set by binauth [bluewavenet]
* Fix - Session timeout, if client setting is 0, default to global value [bluewavenet]
* Fix - missing trailing separator on query and fix some compiler errors [bluewavenet]
* Fix - ensure authmon daemon is killed if left running from previous crash [bluewavenet]
* Fix - add missing query separator for custom FAS parameters [bluewavenet]
* Fix - ndsctl auth, do not set quotas if client is already authenticated [bluewavenet]
* Fix - client_params, show "Unlimited" when "null" is received from ndsctl json [bluewavenet]
* Update configuration files [bluewavenet]
* update documentation [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
This version introduces major new enhancements and the disabling or removal of deprecated functionality.
* Add - built in autonomous Walled Garden operation [bluewavenet]
* Add - Support for Custom Parameters [bluewavenet]
* Add - Quota and rate reporting to ndsctl json. Format output and fix json syntax errors [bluewavenet]
* Add - global quotas to output of ndsctl status [bluewavenet]
* Add - Report Rate Check Window in ndsctl status and show client quotas [bluewavenet]
* Add - gatewaymac to the encrypted query string [bluewavenet]
* Add - support for login mode in PreAuth [bluewavenet]
* Fix - get_iface_ip in case of interface is vif or multihomed [bluewavenet]
* Fix - Add missing client identifier argument in ndsctl help text [bluewavenet]
* Fix - fix missing delimiter in fas-hid [bluewavenet]
* Fix - get_client_interface for case of iw utility not available [bluewavenet]
* Fix - php notice for pedantic php servers in post-request [bluewavenet]
* Remove - support for deprecated RedirectURL [bluewavenet]
* Deprecate - ndsctl clients option [bluewavenet]
* Deprecate - legacy splash.html and disable it [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
* This version - for Openwrt after 19.07 - for compatibility with new MHD API
* Set - minimum version of MHD to 0.9.71 for new MHD API [bluewavenet]
* Set - use_outdated_mhd to 0 (disabled) as default [bluewavenet]
* Add - Multifield PreAuth login script with css update [bluewavenet]
* Add - Documentation and config option descriptions for configuring Walled Garden IP Sets
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White <rob@blue-wave.net>
Compiled and tested on snapshot SDK for mipsel_24kc, mips_24kc and arm_cortex-a7_neon-vfpv4
This release provides a fix for a Path Traversal Attack vulnerability present in libmicrohttpd's built in unescape functionality.
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Rob White <rob@blue-wave.net>
Compiled and tested on snapshot SDK for mipsel_24kc, mips_24kc and arm_cortex-a7_neon-vfpv4
This is the first release from the OpenNDS project.
The decision has been made by the developers of the NoDogSplash project, to create a new project, beginning at v5.0.0
The two resulting projects are:
* **OpenNDS**, the new project, optimised for development of custom captive portal solutions using the built in Forwarding authentication Services API and associated libraries.
* **NoDogSplash**, the original project, optimised for hardware with very restricted resources (eg legacy 8/32 devices) and supporting only simple templated splash pages.
At v5.0.0 of both projects share a common code base.
However, the two packages will inevitably and rapidly diverge, as OpenNDS is actively developing, whereas NoDogSplash is feature complete for its optimised target use.
Signed-off-by: Rob White <rob@blue-wave.net>
Rob White