From 1574f25557d0f1bf9729d61dde9f44f1806d8ede Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 25 Nov 2015 12:47:29 +0000 Subject: [PATCH 1/6] routing.cgi: Fix syntax error that caused an Internal Server Error Signed-off-by: Michael Tremer --- html/cgi-bin/routing.cgi | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/html/cgi-bin/routing.cgi b/html/cgi-bin/routing.cgi index 2c60f67cd..7636d1ec5 100644 --- a/html/cgi-bin/routing.cgi +++ b/html/cgi-bin/routing.cgi @@ -118,10 +118,9 @@ if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { } if ($settings{'ACTION'} eq $Lang::tr{'add'}) { - # Validate inputs - if (!&General::validipandmask($settings{'IP'}))){ - $errormessage = $Lang::tr{'invalid ip'}." / ".$Lang::tr{'invalid netmask'}; + if (!&General::validipandmask($settings{'IP'})){ + $errormessage = $Lang::tr{'invalid ip'}." / ".$Lang::tr{'invalid netmask'}; }else{ #set networkip if not already correctly defined my($ip,$cidr) = split(/\//,$settings{'IP'}); From 8ee2cb78036abab0e96e7a71cd73b0380f573381 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 2 Dec 2015 14:13:04 +0100 Subject: [PATCH 2/6] kernel: enable intel_pstate driver. this is needed to use turbo boost of newer intel processors. Signed-off-by: Arne Fitzenreiter --- config/kernel/kernel.config.i586-ipfire | 6 +++--- config/kernel/kernel.config.i586-ipfire-pae | 6 +++--- config/kernel/kernel.config.x86_64-ipfire | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/config/kernel/kernel.config.i586-ipfire b/config/kernel/kernel.config.i586-ipfire index adac4fb4d..734bea684 100644 --- a/config/kernel/kernel.config.i586-ipfire +++ b/config/kernel/kernel.config.i586-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.53 Kernel Configuration +# Linux/x86 3.14.57 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -586,7 +586,7 @@ CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE=y # CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set # CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set CONFIG_CPU_FREQ_GOV_PERFORMANCE=y -CONFIG_CPU_FREQ_GOV_POWERSAVE=m +CONFIG_CPU_FREQ_GOV_POWERSAVE=y CONFIG_CPU_FREQ_GOV_USERSPACE=y CONFIG_CPU_FREQ_GOV_ONDEMAND=m CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m @@ -594,7 +594,7 @@ CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m # # x86 CPU frequency scaling drivers # -# CONFIG_X86_INTEL_PSTATE is not set +CONFIG_X86_INTEL_PSTATE=y CONFIG_X86_PCC_CPUFREQ=m CONFIG_X86_ACPI_CPUFREQ=m # CONFIG_X86_ACPI_CPUFREQ_CPB is not set diff --git a/config/kernel/kernel.config.i586-ipfire-pae b/config/kernel/kernel.config.i586-ipfire-pae index c94a23538..d6b5a7f5c 100644 --- a/config/kernel/kernel.config.i586-ipfire-pae +++ b/config/kernel/kernel.config.i586-ipfire-pae @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.53 Kernel Configuration +# Linux/x86 3.14.57 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -600,7 +600,7 @@ CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE=y # CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set # CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set CONFIG_CPU_FREQ_GOV_PERFORMANCE=y -CONFIG_CPU_FREQ_GOV_POWERSAVE=m +CONFIG_CPU_FREQ_GOV_POWERSAVE=y CONFIG_CPU_FREQ_GOV_USERSPACE=y CONFIG_CPU_FREQ_GOV_ONDEMAND=m CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m @@ -608,7 +608,7 @@ CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m # # x86 CPU frequency scaling drivers # -# CONFIG_X86_INTEL_PSTATE is not set +CONFIG_X86_INTEL_PSTATE=y CONFIG_X86_PCC_CPUFREQ=m CONFIG_X86_ACPI_CPUFREQ=m # CONFIG_X86_ACPI_CPUFREQ_CPB is not set diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index cc36ada85..09503d7f2 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.53 Kernel Configuration +# Linux/x86 3.14.57 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -558,7 +558,7 @@ CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE=y # CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set # CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set CONFIG_CPU_FREQ_GOV_PERFORMANCE=y -CONFIG_CPU_FREQ_GOV_POWERSAVE=m +CONFIG_CPU_FREQ_GOV_POWERSAVE=y CONFIG_CPU_FREQ_GOV_USERSPACE=y CONFIG_CPU_FREQ_GOV_ONDEMAND=m CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m @@ -566,7 +566,7 @@ CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m # # x86 CPU frequency scaling drivers # -# CONFIG_X86_INTEL_PSTATE is not set +CONFIG_X86_INTEL_PSTATE=y CONFIG_X86_PCC_CPUFREQ=m CONFIG_X86_ACPI_CPUFREQ=m # CONFIG_X86_ACPI_CPUFREQ_CPB is not set From 1f182999bc94325af39c7dc4578a37871b929f70 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 2 Dec 2015 14:17:34 +0100 Subject: [PATCH 3/6] cpufreq: change initscript for intel pstate driver. Signed-off-by: Arne Fitzenreiter --- lfs/cpufrequtils | 4 ++-- src/initscripts/init.d/cpufreq | 44 +++++++++++++++++++++------------- 2 files changed, 30 insertions(+), 18 deletions(-) diff --git a/lfs/cpufrequtils b/lfs/cpufrequtils index c0eb002fa..5a82c33a5 100644 --- a/lfs/cpufrequtils +++ b/lfs/cpufrequtils @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2010 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = x86_64 i586 PROG = cpufrequtils -PAK_VER = 6 +PAK_VER = 7 DEPS = "" diff --git a/src/initscripts/init.d/cpufreq b/src/initscripts/init.d/cpufreq index 0d4cdb95b..6a89414b2 100644 --- a/src/initscripts/init.d/cpufreq +++ b/src/initscripts/init.d/cpufreq @@ -36,23 +36,35 @@ case "${1}" in modprobe cpufreq_powersave modprobe cpufreq_userspace - CPUCOUNT=`ls /sys/devices/system/cpu/cpu*/cpufreq/affected_cpus 2> /dev/null | wc -l `; - let CPUCOUNT-=1 - # Set the governor to ondemand to test if it works - cpufreq-set -g ondemand - if [ ${?} = 0 ]; then - # activate cpufreq collectd module - sed -i -e "s|^#LoadPlugin cpufreq|LoadPlugin cpufreq|g" /etc/collectd.conf + driver=`cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_driver 2>/dev/null` - # Set the governor to ondemand for all cpus - for i in `seq 0 $CPUCOUNT`; - do - cpufreq-set -c $i -g ondemand - done - echo_ok; - else - echo_failure; - fi + case "$driver" in + intel_pstate) + # pstate use internal gov so skip this setting + # activate cpufreq collectd module + sed -i -e "s|^#LoadPlugin cpufreq|LoadPlugin cpufreq|g" /etc/collectd.conf + echo_ok; + ;; + *) + CPUCOUNT=`ls /sys/devices/system/cpu/cpu*/cpufreq/affected_cpus 2> /dev/null | wc -l `; + let CPUCOUNT-=1 + # Set the governor to ondemand to test if it works + cpufreq-set -g ondemand + if [ ${?} = 0 ]; then + # activate cpufreq collectd module + sed -i -e "s|^#LoadPlugin cpufreq|LoadPlugin cpufreq|g" /etc/collectd.conf + + # Set the governor to ondemand for all cpus + for i in `seq 0 $CPUCOUNT`; + do + cpufreq-set -c $i -g ondemand + done + echo_ok; + else + echo_failure; + fi + ;; + esac exit 0; ;; *) From 4c031dc085a750c80030306852e5f64431c45fc6 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 2 Dec 2015 14:36:07 +0100 Subject: [PATCH 4/6] kernel: bump pak version for pae kernel. Signed-off-by: Arne Fitzenreiter --- lfs/linux | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lfs/linux b/lfs/linux index da0578ae1..829b21e3e 100644 --- a/lfs/linux +++ b/lfs/linux @@ -37,7 +37,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) CFLAGS = CXXFLAGS = -PAK_VER = 63 +PAK_VER = 64 DEPS = "" KERNEL_ARCH = $(MACHINE) From f59b59db965b4322c89cd9cf1e6e720d15edd322 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 2 Dec 2015 14:39:19 +0100 Subject: [PATCH 5/6] dhcpcd: revert dhclient config before core91. the new config has some ipv6 defaults that conflict with t-com entertain. Signed-off-by: Arne Fitzenreiter --- config/dhcpc/dhcpcd.conf | 23 +++++++++++++++++++++++ config/rootfiles/core/95/filelists/files | 1 + lfs/dhcpcd | 3 +++ 3 files changed, 27 insertions(+) create mode 100644 config/dhcpc/dhcpcd.conf diff --git a/config/dhcpc/dhcpcd.conf b/config/dhcpc/dhcpcd.conf new file mode 100644 index 000000000..eb625a70c --- /dev/null +++ b/config/dhcpc/dhcpcd.conf @@ -0,0 +1,23 @@ +# A sample configuration for dhcpcd. +# See dhcpcd.conf(5) for details. + +# Inform the DHCP server of our hostname for DDNS. +hostname +# To share the DHCP lease across OSX and Windows a ClientID is needed. +# Enabling this may get a different lease than the kernel DHCP client. +# Some upstream DHCP servers may also require a ClientID, such as FRITZ!Box. +#clientid + +# A list of options to request from the DHCP server. +option domain_name_servers, domain_name, domain_search, host_name +option classless_static_routes +# Most distributions have NTP support. +option ntp_servers +# Respect the network MTU. +option interface_mtu +# A ServerID is required by RFC2131. +require dhcp_server_identifier + +# A hook script is provided to lookup the hostname if not set by the DHCP +# server, but it should not be run by default. +nohook lookup-hostname diff --git a/config/rootfiles/core/95/filelists/files b/config/rootfiles/core/95/filelists/files index 28c9e8e09..2c458a14c 100644 --- a/config/rootfiles/core/95/filelists/files +++ b/config/rootfiles/core/95/filelists/files @@ -22,5 +22,6 @@ usr/local/bin/ipsecctrl usr/local/bin/settime usr/local/bin/timecheck var/ipfire/backup/exclude +var/ipfire/dhcpc/dhcpcd.conf var/ipfire/langs var/ipfire/network-functions.pl diff --git a/lfs/dhcpcd b/lfs/dhcpcd index e73d99c65..ff31821f6 100644 --- a/lfs/dhcpcd +++ b/lfs/dhcpcd @@ -87,5 +87,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) sed -i -e "s|-ge 576|-gt 576|g" $(CONFIG_ROOT)/dhcpc/dhcpcd-hooks/10-mtu + install -m 644 $(DIR_SRC)/config/dhcpc/dhcpcd.conf $(CONFIG_ROOT)/dhcpc/ + chown root:root $(CONFIG_ROOT)/dhcpc/dhcpcd.conf + @rm -rf $(DIR_APP) @$(POSTBUILD) From e5d5819437632e36ccc2950db378e99bb4988443 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Wed, 2 Dec 2015 14:48:01 +0100 Subject: [PATCH 6/6] core95: don't update snort.conf. because this will erase selected rules. Signed-off-by: Arne Fitzenreiter --- config/rootfiles/core/95/exclude | 1 + 1 file changed, 1 insertion(+) diff --git a/config/rootfiles/core/95/exclude b/config/rootfiles/core/95/exclude index fe5e6a52e..d87f175b5 100644 --- a/config/rootfiles/core/95/exclude +++ b/config/rootfiles/core/95/exclude @@ -7,6 +7,7 @@ etc/ipsec.user.conf etc/ipsec.user.secrets etc/localtime etc/shadow +etc/snort/snort.conf etc/ssh/ssh_config etc/ssh/sshd_config etc/ssl/openssl.cnf