Designed to replace the old NoDogsplash v4.0.3
NoDogSplash v4.0.3 still contains the FAS API but has numerous bugs,
some serious, but is no longer supported as the decision was made to
split into two projects - openNDS with FAS and NoDoGSplash optimised for
devices with minimal resources.
This version of openNDS is functionally the same as v6.0.0, but supports
libmicrohttpd (MHD) versions up to 0.9.70 that use the old MHD API.
There are many additions and bugfixes over NoDogSplash v4.0.3.
eg support for HTTPS remote FAS and support for upload/download quotas.
From the Changelog:
openNDS (5.2.0)
* This version - for backport to Openwrt 19.07 - for compatibility with old MHD API
* Fix - Failure of MHD with some operating systems eg Debian [bluewavenet]
* Fix - potential buffer truncation in ndsctl
* Set - use_outdated_mhd to 1 (enabled) as default [bluewavenet]
* Set - maximum permissible version of MHD to 0.9.70 to ensure old MHD API is used [bluewavenet]
openNDS (5.1.0)
* Add - Generic Linux - install opennds.service [bluewavenet]
* Add - Documentation updates [bluewavenet]
* Add - config file updates [bluewavenet]
* Add - Install sitewide username/password splash support files [bluewavenet]
* Add - quotas to binauth_sitewide [bluewavenet]
* Add - Splash page updates [bluewavenet]
* Add - Implement Rate Quotas [bluewavenet]
* Fix - check if idle preauthenticated [bluewavenet]
* Add - support for rate quotas [bluewavenet]
* Fix - Correctly compare client counters and clean up debuglevel messages [bluewavenet]
* Add - Implement upload/download quotas Update fas-aes-https to support quotas [bluewavenet]
* Add - Rename demo-preauth scripts and install all scripts [bluewavenet]
* Add - fas-aes-https layout update [bluewavenet]
* Add - Set some defaults in fas-aes-https [bluewavenet]
* Add - custom data string to ndsctl auth [bluewavenet]
* Add - custom data string to fas-hid.php [bluewavenet]
* Add - Send custom data field to BinAuth via auth_client method [bluewavenet]
* Fix - missing token value in auth_client [bluewavenet]
* Add - upload/download quota and rate configuration values [bluewavenet]
* Add - Send client token to binauth [bluewavenet]
* Add - Rename upload_limit and download_limit to upload_rate and download_rate [bluewavenet]
* Fix - Pass correct session end time to binauth [bluewavenet]
* Add - some debuglevel 3 messages [bluewavenet]
* Add - description of the favicon and page footer images [bluewavenet]
* Add - Authmon collect authentication parameters from fas-aes-https [bluewavenet]
* Add - sessionlength to ndsctl auth [bluewavenet]
* Fix - Page fault when ndsctl auth is called and client not found [bluewavenet]
* Add - Enable BinAuth / fas_secure_enabled level 3 compatibility [bluewavenet]
* Fix - Correctly set BinAuth session_end [bluewavenet]
* Add - Updates to Templated Splash pages [bluewavenet]
* Add - Community Testing files [bluewavenet]
* Fix - BinAuth error passing client session times [bluewavenet]
* Fix - PHP notice - undefined constant [bluewavenet]
* Fix - OpenWrt CONFLICTS variable in Makefile [bluewavenet]
openNDS (5.0.1)
* Fix - Path Traversal Attack vulnerability allowed by libmicrohttpd's built in unescape functionality [bluewavenet] [lynxis]
openNDS (5.0.0)
* Import - from NoDogSplash 4.5.0 allowing development without compromising NoDogSplash optimisation for minimum resource utilisation [bluewavenet]
* Rename - from NoDogSplash to openNDS [bluewavenet]
* Create - openNDS avatar and splash image [bluewavenet]
* Move - wait_for_interface to opennds C code ensuring consistent start at boot time for all hardware, OpenWrt and Debian [bluewavenet]
* Add - Enable https protocol for remote FAS [bluewavenet]
* Add - trusted devices list to ndsctl json output [bluewavenet]
* Add - option unescape_callback_enabled [bluewavenet]
* Add - get_client_token library utility [bluewavenet]
* Add - utf-8 to PreAuth header [bluewavenet]
* Add - PreAuth Support for hashed id (hid) if sent by NDS [bluewavenet]
* Add - library script shebang warning for systems not running Busybox [bluewavenet]
* Add - htmlentityencode function, encode gatewayname in templated splash page [bluewavenet]
* Add - htmlentity encode gatewayname on login page (PreAuth) [bluewavenet]
* Add - Simple customisation of log file location for PreAuth and BinAuth [bluewavenet]
* Add - option use_outdated_mhd [bluewavenet]
* Add - url-encode and htmlentity-encode gatewayname on startup [bluewavenet]
* Add - Allow special characters in username (PreAuth) [bluewavenet]
* Add - Documentation updates [bluewavenet]
* Add - Various style and cosmetic updates [bluewavenet]
* Fix - Change library script shebang to bash in Debian [bluewavenet]
* Fix - Remove unnecessary characters causing script execution failure in Debian [bluewavenet]
* Fix - Add missing NULL parameter in MHD_OPTION_UNESCAPE_CALLBACK [skra72] [bluewavenet]
* Fix - Script failures running on Openwrt 19.07.0 [bluewavenet]
* Fix - Preauth, status=authenticated [bluewavenet]
* Fix - Prevent ndsctl from running if called from a Binauth script. [bluewavenet]
* Fix - Minor changes in Library scripts for better portability [bluewavenet]
* Fix - Prevent php notices on pedantic php servers [bluewavenet]
* Fix - broken remote image retrieval (PreAuth) [bluewavenet]
* Fix - Allow use of "#" in gatewayname [bluewavenet]
Tested on mips_24kc, mipsel_24kc, arm_cortex-a7_neon-vfpv4 and x86_64 platforms.
Signed-off-by: Rob White <rob@blue-wave.net>
21 April 2020: babeld-1.9.2
* Fixed two issues that could cause IPv4 routes to be represented
incorrectly, with a range of confusing symptoms. Thanks to
Fabian Bläse.
* Fixed incorrect parsing of TLVs with an unknown Address Encoding.
Thanks to Théophile Bastian.
* Fixed access to mis-aligned data structure. Thanks to Antonin Décimo.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
`/etc/init.d/bird restart` or `/etc/init.d/bird reload` has no effects.
This PR fixes this issue by:
- running the service in the foreground to meet the requirements of procd
- sending SIGHUP signal to reload the service
More example filters are provided, and new options such as "type" or
"pref_src" are given as example.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
20 August 2019: babeld-1.9.1
* Fixed a crash that could happen when unicast and RTT estimation are
both enabled on an interface. Thanks to Dave Taht.
* Fixed compilation under BSD. Thanks to Dave Taht.
4 August 2019: babeld-1.9.0
* Reworked buffering of unicast packets to use a per-neighbour buffer
rather than a single buffer per interface. This makes unicast as
efficient as multicast, at the cost of slightly higher memory usage.
* Added option "unicast" that allows sending most TLVs over unicast.
This is necessary for the DTLS extension.
* Implemented parsing of unicast Hellos. This makes it possible to
interoperate with neighbours that only speak unicast (e.g. over some
kinds of tunnels that only do unicast).
* Implemented sending of unscheduled unicast Hellos. This makes the
RTT extension work over unicast too.
* Reworked the xroute data structures to use binary search and
linear-time comparison.
* Don't attempt to modify the rp_filter sysctl if it already has the
desired value; this makes it possible to run babeld in an
unpriviledged container. Thanks to Christof Schulze.
* Reinstated logging of late hellos. Thanks to Dave Taht.
* Don't send wildcard requests or Hellos to newish nodes. This makes
acquisition of new neighbours slower, but drastically reduces noise at
startup. Thanks to Teco Boot.
* Remove an arbitrary limit on the number of interfaces. Thanks to
Christof Schulze.
* Removed class E from martian filter. Thanks to Dave Taht.
* Added the ability to set the preferred source address in install filters.
Thanks to Killian Lufau.
* Fixed a number of read-only buffer overflows. Thanks to Leo Stefanesco.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This applies some style improvements to make this ready for
migration to openwrt/packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Changes:
* Fixed a bug that caused confustion between learned routes and
imported routes (thanks to Fabian Bläse).
* Fixed a bug that prevented install filters from being evaluated
(thanks to Killian Lufau).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Killing anything with -9 is a bad idea. When killed this way, babeld
won't be able to properly disassociate from its neighbours, withdraw its
announced routes or remove routes from the kernel.
This got introduced in bab933d4ca ("babeld: Update to version 1.8.3 +
fix init") with an unrelated change. The purpose of the change is unclear
because stopping and restarting babeld worked fine without this change.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
The patches were accidentally deleted while testing the batman-adv 2019.3
bugfixes with various OpenWrt versions. But OpenWrt 19.07 will be released
with a mac80211 package which still uses the Linux 4.19 API. And thus the
OpenWrt 19.07 openwrt-routing branch still has to retain these compat
patches.
Fixes: a93e68447a ("alfred: Merge bugfixes from 2019.3")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The hardif patches were added to OpenWrt before they were accepted in the
upstream repository. This seemed necessary at that time because OpenWrt
19.07 was alreadu branched of (to be released soon).
But the upstream merged patches contain more cleanups. Having the actual
upstream version in OpenWrt make it easier to integrate potential bugfixes.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
* vis: Use rtnl to query list of hardifs of meshif
* vis: Retrieve hardif status via generic netlink
Signed-off-by: Sven Eckelmann <sven@narfation.org>
This version has numerous fixes and enhancements.
It is compatible with the previous v3.2.1 release and onwards.
Important fixes in this version:
* Fix coding error in fas-aes.php [bluewavenet]
* Make debuglevel platform independent [mwarning]
* Fix memory handling bug, issue nodogsplash/nodogsplash#341 [mwarning] [stevo01]
* ndsctl_thread - ignore interupts when returning from epoll [lynxis]
* auth.c - use correct types to prevent cast and comparement of uint and int [lynxis]
* openwrt/init.d - prevent start of the daemon if configuration generation fails [lynxis]
* Generate Error 403 Forbidden, if Gateway Port is accessed directly [bluewavenet]
* Validate fasremoteip as a valid dotted format IPv4 address [bluewavenet] [mwarning]
* Prevent client CPD "Too Many Redirects" error. [bluewavenet]
Maintainer: Moritz Warning <moritzwarning@web.de>
Signed-off-by: Rob White <rob@blue-wave.net>
Bird 2.0.4 was released on March 1st. Remove upstreamed patches.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
(cherry picked from commit 37f8c509e0)
The ap_isolation setting only supports boolean values. So setting an empty
string as ap_isolation is not supported by batctl.
Fixes: f5205d7d24 ("batman-adv: upgrade package to latest release 2014.2.0")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
B.A.T.M.A.N. V support additional settings which are hardif specific. The
batadv_hardif proto has to expose them to allow automatic configuration.
The default configuration would be:
config interface 'bat0_hardif_eth0'
option proto 'batadv_hardif'
option master 'bat0'
option ifname 'eth0'
option mtu '1536'
option 'elp_interval' 500
# string like '1mbit' is accepted instead of kbit for override
option 'throughput_override' '0'
Signed-off-by: Sven Eckelmann <sven@narfation.org>
batctl currently supports settings which are either mesh interface or vlan
specific. But B.A.T.M.A.N. V introduced two additional settings which are
hard (slave) interface specific.
To support these, an additional command prefix called hardif is implemented
for some sysfs commands:
$ batctl -m bat0 hardif eth0 ..
The usable commands with that are:
* elp_interval
* throughput_override
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The state of slave interfaces are handled differently depending on whether
the interface is up or not. All active interfaces (IFF_UP) will transmit
OGMs. But for B.A.T.M.A.N. IV, also non-active interfaces are scheduling
(low TTL) OGMs on active interfaces. The code which setups and schedules
the OGMs must therefore already be called when the interfaces gets added as
slave interface and the transmit function must then check whether it has to
send out the OGM or not on the specific slave interface.
But v2016.3 moved the setup code from the enable function to the activate
function. The latter is called either when the added slave was already up
when batadv_hardif_enable_interface processed the new interface or when a
NETDEV_UP event was received for this slave interfac. As result, each
NETDEV_UP would schedule a new OGM worker for the interface and thus OGMs
would be send a lot more than expected.
Fixes: 549909f89d ("batman-adv: upgrade package to latest release 2016.3")
Reported-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Sven Eckelmann <sven@narfation.org>