Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc and arm_cortex-a7_neon-vfpv4
This version fixes two issues that can cause NDS to lock or crash, one, a coding error that leads to memory corruption and two, deadlocks in iptables and ndsctl. Both of these issues occur at high loads and/or at high CPD detection rates.
In addition, in some circumstances, a deauthenticated client running a vpn may have suffered from querystring truncation causing vpn failure.
Some minor updates are also included.
Extract from changelog:
* Fix Memory corruption at high loads [bluewavenet]
* Prevent iptables and ndsctl deadlocks [lynxis]
* Prevent query string truncation for deauthenticated client when client is using some types of vpn software [bluewavenet]
* Add debuglevel logging in the case of a firewall restart in OpenWrt [bluewavenet]
* Return error 403(forbidden) when client attempts to use a forbidden http method [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc and arm_cortex-a7_neon-vfpv4
This release has major new functionality in the form of token hashing,
(extension to fas_secure level 1) mitigating the problems with remote FAS
where access to the local ndsctl would be otherwise required.
Although not as flexible as level 2, this extension has much smaller
memory and storage requirements so is ideal for implementation on
legacy hardware.
There are also numerous enhancements, updates and fixes.
All changes are compatible with the previous release.
Latest changelog:
* Create switch option to select preinstalled templated splash or preauth login [bluewavenet]
* Limit PreAuth and BinAuth log size in example scripts [bluewavenet]
* Reduce memory requirements and autoselect logfile location [bluewavenet]
* Create fas-hid example script [bluewavenet]
* Update FAS, PreAuth and BinAuth example scripts [bluewavenet]
* Hash client token (hid) for remote FAS enabling secure FAS for legacy/low-flash/low-ram hardware [bluewavenet]
* Fix NDS Uptime if NTP client is enabled [bluewavenet]
* Documentation updates for this release [bluewavenet]
* Fix numerous compiler warnings [mwarning]
* Fix openwrt fw_mark option type [mwarning]
Signed-off-by: Rob White rob@blue-wave.net
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc and arm_cortex-a7_neon-vfpv4
This release adds significant functionality in the form of capturing the client User-Agent string and passing to both PreAuth and BinAuth scripts. Compatibility is maintained with previous versions.
Changelog since last OpenWrt release:
* BinAuth - Send User Agent string and client-ip to the binauth script [bluewavenet]
* BinAuth - Update the two example BinAuth scripts showing use of passed arguments [bluewavenet]
* Documentation - Update BinAuth section [bluewavenet]
* PreAuth - Send User Agent string to the preauth script [bluewavenet]
* PreAuth - Update the example PreAuth script showing use of passed arguments [bluewavenet]
* Documentation - Update PreAuth section [bluewavenet]
* BinAuth - Send redir variable to the binauth script, allow passing of custom variable payload [bluewavenet]
* BinAuth - Provide two example BinAuth scripts [bluewavenet]
* Documentation - Rework Binauth section plus numerous minor updates [bluewavenet]
* Deprecate RedirectURL config option as it is rendered obsolete by many CPD implementations, use FAS instead [bluewavenet]
* Numerous minor updates to html, css and script files [bluewavenet]
* Fix bug - faskey, exit gracefully if not set and fas_secure_enabled = 2 [bluewavenet]
* Fix bug - Systemd, Do not set debug level in nodogsplash.service [bluewavenet]
* Fix bug - ndsctl, delete lock file if NDS is not started [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
The extra MAKE_ARGS were no longer taken into account resulting in
erros. Also more path fixes and some longline splitting.
Signed-off-by: Paul Spooren <mail@aparcar.org>
More example filters are provided, and new options such as "type" or
"pref_src" are given as example.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
20 August 2019: babeld-1.9.1
* Fixed a crash that could happen when unicast and RTT estimation are
both enabled on an interface. Thanks to Dave Taht.
* Fixed compilation under BSD. Thanks to Dave Taht.
4 August 2019: babeld-1.9.0
* Reworked buffering of unicast packets to use a per-neighbour buffer
rather than a single buffer per interface. This makes unicast as
efficient as multicast, at the cost of slightly higher memory usage.
* Added option "unicast" that allows sending most TLVs over unicast.
This is necessary for the DTLS extension.
* Implemented parsing of unicast Hellos. This makes it possible to
interoperate with neighbours that only speak unicast (e.g. over some
kinds of tunnels that only do unicast).
* Implemented sending of unscheduled unicast Hellos. This makes the
RTT extension work over unicast too.
* Reworked the xroute data structures to use binary search and
linear-time comparison.
* Don't attempt to modify the rp_filter sysctl if it already has the
desired value; this makes it possible to run babeld in an
unpriviledged container. Thanks to Christof Schulze.
* Reinstated logging of late hellos. Thanks to Dave Taht.
* Don't send wildcard requests or Hellos to newish nodes. This makes
acquisition of new neighbours slower, but drastically reduces noise at
startup. Thanks to Teco Boot.
* Remove an arbitrary limit on the number of interfaces. Thanks to
Christof Schulze.
* Removed class E from martian filter. Thanks to Dave Taht.
* Added the ability to set the preferred source address in install filters.
Thanks to Killian Lufau.
* Fixed a number of read-only buffer overflows. Thanks to Leo Stefanesco.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This applies some style improvements to make this ready for
migration to openwrt/packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Changes:
* Fixed a bug that caused confustion between learned routes and
imported routes (thanks to Fabian Bläse).
* Fixed a bug that prevented install filters from being evaluated
(thanks to Killian Lufau).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Killing anything with -9 is a bad idea. When killed this way, babeld
won't be able to properly disassociate from its neighbours, withdraw its
announced routes or remove routes from the kernel.
This got introduced in bab933d4ca ("babeld: Update to version 1.8.3 +
fix init") with an unrelated change. The purpose of the change is unclear
because stopping and restarting babeld worked fine without this change.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc
This release has numerous bug fixes and enhancements:
* Fix bug - fas_remotefqdn not supported with option fas_secure_enabled 0 [bluewavenet]
* Fix bug - prevent deadlock causing ndsctl to hang and NDS to become unresponsive [bluewavenet]
* PreAuth - Override FAS settings making configuration foolproof [bluewavenet]
* ndsctl - make json parsing consistent for all client variables [bluewavenet]
* Fix memory leak in template generation [lynxis]
* When executing the ndsctl stop command, cleanup all structures [lynxis]
* Check for positive errno in thread_ndsctl [lynxis]
Signed-off-by: Rob White <rob@blue-wave.net>
The batman-adv kernel module can be build without sysfs support. This will
stop the kernel module from creating the "mesh" directory. The alfred init
script must not depend on this folder to start the daemon up.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The alfred daemon allows to be started with multiple interfaces. The first
interface is used for communication and to calculate the source mac
address. The rest of the interfaces are only used for communication.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The '-m' option to select the mesh interface or vlan interfaces was
replaced with device type specific subcommand prefixes:
* meshif <netdev>
* vlan <vdev>
* meshif <netdev> vid <vid>
* hardif <netdev>
This change should also be made in the proto script to allow batctl to drop
the support of '-m' completely in the future.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
* add tcpdump support for MCAST TVLV, unicast fragments and coded packets
* implement support for multicast RTR flags
* avoid some kernel deprecation warning by using more generic netlink over
sysfs
* use type specific prefixes to select mesh interface or vlan instead of '-m'
* add support for hardif specific settings
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc
* Make debuglevel platform independent [mwarning]
* Add/move/reword some debug output lines [mwarning]
* Numerous code cleanups [mwarning]
* Put fas code into block [mwarning]
* Fix coding error in fas-aes.php incorrectly passing redir back to NDS [bluewavenet]
* Numerous documentation updates [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
The legacy init script had various problems in comparison with procd based
init scripts. It wasn't able to correctly track the running process
instance and thus could:
* accidentally kill another (non init controlled) daemon instance when stop
is used
* not restart the daemon depending on config changes when reload is used
* not automatically start/restart daemon when the used netdev was
created/recreated
The information about a running instance and its parameters can now be
handled by a global controller (procd). The process must not fork anymore
and leave the control to procd. The process with its parameters can then be
used by procd to trigger the stop/start of the process at the right time.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The legacy init script had various problems in comparison with procd based
init scripts. It wasn't able to correctly track the running process
instance and thus could:
* accidentally kill another (non init controlled) daemon instance when stop
is used
* not restart the daemon depending on config changes when reload is used
The information about a running instance and its parameters can now be
handled by a global controller (procd). The process must not fork anymore
and leave the control to procd. The process with its parameters can then be
used by procd to trigger the stop/start of the process at the right time.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
batctl isn't using any special rules in Build/Compile. It is cleaner to
directly use the global Build/Compile/Default instead of having a
functional similar copy in the package Makefile
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The Makefile defines the init-y variable but neither this Makefile nor
OpenWrt's common files use this variable.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
alfred isn't using any special rules in Build/Compile. It is cleaner to
directly use the global Build/Compile/Default instead of having a
functional similar copy in the package Makefile
Signed-off-by: Sven Eckelmann <sven@narfation.org>
