Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc and arm_cortex-a7_neon-vfpv4
This release adds significant new functionality yet is compatible with the previous version.
From the changelog:
* Add Client Network Zone detection supporting local interfaces and 802.11s mesh [bluewavenet]
* Add client zone and user agent to FAS/PreAuth logs [bluewavenet]
* Add requirements for retrieving https remote image for login page [bluewavenet]
* Add htmlentity encode and decode to preauth scripts [bluewavenet]
* Implement unescape callback for MHD allowing url special characters to be used in login forms [bluewavenet]
* Create get_client_interface library utility [bluewavenet]
* Create unescape library utility [bluewavenet]
* Update demo-preauth, login-option and fas scripts [bluewavenet]
* Update fwhook restart - do not use ndsctl to check if nds is running [bluewavenet]
* Update config files [bluewavenet]
* Fix - allow comma space to be used in PreAuth variables [bluewavenet]
* Fix - final redirect for fas-aes [bluewavenet]
* Fix - ignore trusted mac if invalid [bluewavenet]
* Documentation updates [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
* support latest kernels (3.16 - 5.5)
* coding style cleanups and refactoring
* bugs squashed:
- fix DAT candidate selection on little endian systems
Signed-off-by: Sven Eckelmann <sven@narfation.org>
After 284918bfaf2f6d7e46fb11377bb9a537b35dd58a commit in openwrt/luci, every app which uses cbi requires luci-compat package.
Signed-off-by: George Iv <57254463+zhoreeq@users.noreply.github.com>
This changes the package version string so it does not start
with "openwrt", but with the base version we are modifying:
So far: openwrt-2019.4-1
Now: 2019.4-openwrt-1
Since it's us modifying version 2019.4 (in this case), this order
is more convenient (and also closer to what the kernel version
string does).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This changes the package version string so it does not start
with "openwrt", but with the base version we are modifying:
So far: openwrt-2019.4-1
Now: 2019.4-openwrt-1
Since it's us modifying version 2019.4 (in this case), this order
is more convenient (and also closer to what the kernel version
string does).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This changes the package version string so it does not start
with "openwrt", but with the base version we are modifying:
So far: openwrt-2019.4-1
Now: 2019.4-openwrt-1
Since it's us modifying version 2019.4 (in this case), this order
is more convenient (and also closer to what the kernel version
string does).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc and arm_cortex-a7_neon-vfpv4
This version fixes two issues that can cause NDS to lock or crash, one, a coding error that leads to memory corruption and two, deadlocks in iptables and ndsctl. Both of these issues occur at high loads and/or at high CPD detection rates.
In addition, in some circumstances, a deauthenticated client running a vpn may have suffered from querystring truncation causing vpn failure.
Some minor updates are also included.
Extract from changelog:
* Fix Memory corruption at high loads [bluewavenet]
* Prevent iptables and ndsctl deadlocks [lynxis]
* Prevent query string truncation for deauthenticated client when client is using some types of vpn software [bluewavenet]
* Add debuglevel logging in the case of a firewall restart in OpenWrt [bluewavenet]
* Return error 403(forbidden) when client attempts to use a forbidden http method [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc and arm_cortex-a7_neon-vfpv4
This release has major new functionality in the form of token hashing,
(extension to fas_secure level 1) mitigating the problems with remote FAS
where access to the local ndsctl would be otherwise required.
Although not as flexible as level 2, this extension has much smaller
memory and storage requirements so is ideal for implementation on
legacy hardware.
There are also numerous enhancements, updates and fixes.
All changes are compatible with the previous release.
Latest changelog:
* Create switch option to select preinstalled templated splash or preauth login [bluewavenet]
* Limit PreAuth and BinAuth log size in example scripts [bluewavenet]
* Reduce memory requirements and autoselect logfile location [bluewavenet]
* Create fas-hid example script [bluewavenet]
* Update FAS, PreAuth and BinAuth example scripts [bluewavenet]
* Hash client token (hid) for remote FAS enabling secure FAS for legacy/low-flash/low-ram hardware [bluewavenet]
* Fix NDS Uptime if NTP client is enabled [bluewavenet]
* Documentation updates for this release [bluewavenet]
* Fix numerous compiler warnings [mwarning]
* Fix openwrt fw_mark option type [mwarning]
Signed-off-by: Rob White rob@blue-wave.net
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc and arm_cortex-a7_neon-vfpv4
This release adds significant functionality in the form of capturing the client User-Agent string and passing to both PreAuth and BinAuth scripts. Compatibility is maintained with previous versions.
Changelog since last OpenWrt release:
* BinAuth - Send User Agent string and client-ip to the binauth script [bluewavenet]
* BinAuth - Update the two example BinAuth scripts showing use of passed arguments [bluewavenet]
* Documentation - Update BinAuth section [bluewavenet]
* PreAuth - Send User Agent string to the preauth script [bluewavenet]
* PreAuth - Update the example PreAuth script showing use of passed arguments [bluewavenet]
* Documentation - Update PreAuth section [bluewavenet]
* BinAuth - Send redir variable to the binauth script, allow passing of custom variable payload [bluewavenet]
* BinAuth - Provide two example BinAuth scripts [bluewavenet]
* Documentation - Rework Binauth section plus numerous minor updates [bluewavenet]
* Deprecate RedirectURL config option as it is rendered obsolete by many CPD implementations, use FAS instead [bluewavenet]
* Numerous minor updates to html, css and script files [bluewavenet]
* Fix bug - faskey, exit gracefully if not set and fas_secure_enabled = 2 [bluewavenet]
* Fix bug - Systemd, Do not set debug level in nodogsplash.service [bluewavenet]
* Fix bug - ndsctl, delete lock file if NDS is not started [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
The extra MAKE_ARGS were no longer taken into account resulting in
erros. Also more path fixes and some longline splitting.
Signed-off-by: Paul Spooren <mail@aparcar.org>
More example filters are provided, and new options such as "type" or
"pref_src" are given as example.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
20 August 2019: babeld-1.9.1
* Fixed a crash that could happen when unicast and RTT estimation are
both enabled on an interface. Thanks to Dave Taht.
* Fixed compilation under BSD. Thanks to Dave Taht.
4 August 2019: babeld-1.9.0
* Reworked buffering of unicast packets to use a per-neighbour buffer
rather than a single buffer per interface. This makes unicast as
efficient as multicast, at the cost of slightly higher memory usage.
* Added option "unicast" that allows sending most TLVs over unicast.
This is necessary for the DTLS extension.
* Implemented parsing of unicast Hellos. This makes it possible to
interoperate with neighbours that only speak unicast (e.g. over some
kinds of tunnels that only do unicast).
* Implemented sending of unscheduled unicast Hellos. This makes the
RTT extension work over unicast too.
* Reworked the xroute data structures to use binary search and
linear-time comparison.
* Don't attempt to modify the rp_filter sysctl if it already has the
desired value; this makes it possible to run babeld in an
unpriviledged container. Thanks to Christof Schulze.
* Reinstated logging of late hellos. Thanks to Dave Taht.
* Don't send wildcard requests or Hellos to newish nodes. This makes
acquisition of new neighbours slower, but drastically reduces noise at
startup. Thanks to Teco Boot.
* Remove an arbitrary limit on the number of interfaces. Thanks to
Christof Schulze.
* Removed class E from martian filter. Thanks to Dave Taht.
* Added the ability to set the preferred source address in install filters.
Thanks to Killian Lufau.
* Fixed a number of read-only buffer overflows. Thanks to Leo Stefanesco.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This applies some style improvements to make this ready for
migration to openwrt/packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Changes:
* Fixed a bug that caused confustion between learned routes and
imported routes (thanks to Fabian Bläse).
* Fixed a bug that prevented install filters from being evaluated
(thanks to Killian Lufau).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Killing anything with -9 is a bad idea. When killed this way, babeld
won't be able to properly disassociate from its neighbours, withdraw its
announced routes or remove routes from the kernel.
This got introduced in bab933d4ca ("babeld: Update to version 1.8.3 +
fix init") with an unrelated change. The purpose of the change is unclear
because stopping and restarting babeld worked fine without this change.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc
This release has numerous bug fixes and enhancements:
* Fix bug - fas_remotefqdn not supported with option fas_secure_enabled 0 [bluewavenet]
* Fix bug - prevent deadlock causing ndsctl to hang and NDS to become unresponsive [bluewavenet]
* PreAuth - Override FAS settings making configuration foolproof [bluewavenet]
* ndsctl - make json parsing consistent for all client variables [bluewavenet]
* Fix memory leak in template generation [lynxis]
* When executing the ndsctl stop command, cleanup all structures [lynxis]
* Check for positive errno in thread_ndsctl [lynxis]
Signed-off-by: Rob White <rob@blue-wave.net>
The batman-adv kernel module can be build without sysfs support. This will
stop the kernel module from creating the "mesh" directory. The alfred init
script must not depend on this folder to start the daemon up.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The alfred daemon allows to be started with multiple interfaces. The first
interface is used for communication and to calculate the source mac
address. The rest of the interfaces are only used for communication.
Signed-off-by: Sven Eckelmann <sven@narfation.org>