bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-20 07:53:01 +02:00

Author	SHA1	Message	Date
Arne Fitzenreiter	323900264f	Revert "QoS: Use CLASSIFY iptables target instead of MARK" This reverts commit `3e151d19f9`.	2019-10-20 20:18:56 +00:00
Arne Fitzenreiter	bebc33813a	Revert "QoS: Drop tc filter rules to move marked packets into the correct class" This reverts commit `63f7d7475e`.	2019-10-20 20:18:34 +00:00
Arne Fitzenreiter	50e97cd55f	Revert "QoS: Drop support for subclasses" This reverts commit `bc4d4da870`.	2019-10-20 20:18:00 +00:00
Arne Fitzenreiter	6aeaa3a75e	Revert "QoS: Drop support for setting TOS bits per class" This reverts commit `3174d9c6b6`.	2019-10-20 20:17:18 +00:00
Arne Fitzenreiter	ac45e4f3e9	Revert "QoS: No longer set TOS bits for ACK packets" This reverts commit `b1c695e872`.	2019-10-20 20:16:05 +00:00
Arne Fitzenreiter	6e414ea1e0	core137: don't start QoS QoS need to load kernel modules but the currect kernel was removed so it cannot correct start without a reboot. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-20 09:51:04 +00:00
Daniel Weismüller	f48920d84f	core137: Remove imq0 and unload imq module after QoS has been stopped Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-18 21:09:04 +00:00
Arne Fitzenreiter	596c71d07f	kernel: update to 4.14.150 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-18 23:07:44 +02:00
Arne Fitzenreiter	cafef39aa2	Revert "suricata: Enable rust support" This reverts commit `5b87687cb1`.	2019-10-18 20:39:47 +02:00
Arne Fitzenreiter	42c2acc218	core137: add path of qosctrl Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-18 16:19:59 +02:00
Arne Fitzenreiter	0df4cf7105	core137: erase lm_sensors config after collectd start this is needed to research the sensors with updated kernel after next reboot. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-18 16:18:24 +02:00
Arne Fitzenreiter	be967dc920	Revert "firewall: always allow outgoing DNS traffic to root servers" This reverts commit `70cd5c42f0`. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-18 16:13:49 +02:00
Arne Fitzenreiter	eb000cd787	Revert "update rootfiles for bash and readline" This reverts commit `f41d936026`.	2019-10-15 07:37:23 +00:00
Arne Fitzenreiter	aee52e38d0	Revert "ship updated bash and readline" there are missing files libs/bash/* in the rootfiles and there are addons linked against readline-6.3 so we still need this as readline-compat This reverts commit `5c0345f5c1`.	2019-10-15 07:31:56 +00:00
Arne Fitzenreiter	0fb42e01c5	core137: add qos changes to updater Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:09:39 +00:00
Michael Tremer	d33ad4bdfe	QoS: Increase queue size and quantum for fq_codel This optimises the QoS to process more bandwidth. The limit variable sets the maximum number of packets in the queue which was regularly exceeded on fast connections with the old setting. This now allows up to 10G of data transfer and is set to the default of fq_codel. Quantum sets how many bytes can be read from the queue per iteration. This is now set to the default again, which is the size of an Ethernet frame including its header. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:05:21 +00:00
Michael Tremer	b1c695e872	QoS: No longer set TOS bits for ACK packets Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:05:06 +00:00
Michael Tremer	3174d9c6b6	QoS: Drop support for setting TOS bits per class This is useless since no ISP will evaluate those settings any more and it has a rather large impact on throughput. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:04:53 +00:00
Michael Tremer	bc4d4da870	QoS: Drop support for subclasses This feature was never properly implemented and the UI was dead Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:04:39 +00:00
Michael Tremer	63f7d7475e	QoS: Drop tc filter rules to move marked packets into the correct class This is no longer necessary since we are now using CLASSIFY Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:03:59 +00:00
Michael Tremer	3e151d19f9	QoS: Use CLASSIFY iptables target instead of MARK We have been running into loads of conflicts by using MARK for various components on the OS (suricata, IPsec, QoS, ...) which was sometimes hard to resolve. iptables comes with a target which directly sorts packets into the correct class which results in less code and not using the mark. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:03:44 +00:00
Michael Tremer	424a332fd3	QoS: Move packet classification to FORWARD chain for ingress Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:03:32 +00:00
Michael Tremer	cebad6e2b9	QoS: Suppress an error message when cleaning up from previous runs Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:03:20 +00:00
Michael Tremer	59b9a6bd22	linux+iptables: Drop support for IMQ This is no longer needed since we are using IFB now Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:02:55 +00:00
Michael Tremer	6a9bcd6c1d	QoS: Start qosd immediately Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:02:28 +00:00
Michael Tremer	39ff91ecf8	QoS: Do not delete egress qdisc after classes have been created Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:02:07 +00:00
Michael Tremer	607365bccb	QoS: Silence RRD tool warnings Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:01:50 +00:00
Michael Tremer	e6341c5856	QoS: Process incoming packets in PREROUTING only Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:01:37 +00:00
Michael Tremer	eedf7b06c0	QoS: Tidy up qdiscs after QoS is being stopped Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:01:18 +00:00
Michael Tremer	ec01ebe246	Revert "Make IMQ Switchable between PREROUTING and POSTROUTING" This reverts commit `88b8ffac6b`. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:01:06 +00:00
Michael Tremer	3c33d9d854	QoS: Use Intermediate Functional Block This is an alternative implementation to the Intermediate Queuing Device (IMQ) which is an out-of-tree kernel patch and has been criticised for being slow, especially with mutliple processors. IFB is part of the mainline kernel and a lot less code. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:00:51 +00:00
Michael Tremer	cae6916d59	QoS: Do not manually load iptables modules This should not be necessary and causes the script to wait for two seconds. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:00:33 +00:00
Arne Fitzenreiter	ec5b30f39b	core137: add updated sysctl.conf Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:57:58 +00:00
Michael Tremer	58b3c9b58a	sysctl: Adopt more settings from the IBM HPC guidelines https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Welcome%20to%20High%20Performance%20Computing%20%28HPC%29%20Central/page/Linux%20System%20Tuning%20Recommendations Since we have already configured most of our IP/TCP stack for low latency and fast throughput, these settings complete those efforts. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:56:30 +00:00
Arne Fitzenreiter	d3ef457692	core137: add updated 99-geoip-database Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:49:32 +00:00
Arne Fitzenreiter	bb64cd092c	core137: add updated xt_geoip_update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:46:27 +00:00
Arne Fitzenreiter	efa43d82b5	core137: add dns.cgi to update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:42:35 +00:00
Arne Fitzenreiter	6f828b103e	core137: add updated ruleset-sources Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:36:36 +00:00
Stefan Schantl	6a56ee2a3e	ruleset-sources: Update snort dl urls. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:34:03 +00:00
Arne Fitzenreiter	ff42e56224	core137: add updated backup.pl Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:30:37 +00:00
Tim FitzGeorge	28797d488e	Restart logging after restoring backup Send SIGHUP to syslogd and suricata after restoring backup. This ensures that if the restored backup includes log files that any new log messages get appended to the restored log files. Otherwise they will be written to the old log files which are pending deletion. httpd is told to restart using apachectl, which is the equivalent of sending a signal. 'graceful' (USR1) is used rather than 'restart' (HUP) because the latter immediately kills the process restoring the backup, preventing converters from running. Fixes: 12196 Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:27:54 +00:00
Arne Fitzenreiter	57ff953341	core137: add ipset to update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:22:44 +00:00
peter.mueller@ipfire.org	5c0345f5c1	ship updated bash and readline Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:12:53 +00:00
peter.mueller@ipfire.org	f41d936026	update rootfiles for bash and readline Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:12:06 +00:00
Arne Fitzenreiter	fcb0e92dec	core137: restart updated services Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-12 15:56:40 +00:00
Arne Fitzenreiter	2fabddb44d	rust: update armv5tel rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-09 20:23:05 +02:00
Arne Fitzenreiter	194c7b16e4	rust: add i586 and aarch64 rootfile todo: armv5tel is still missing... Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-09 18:11:32 +02:00
Arne Fitzenreiter	f947ce9af1	sane: add special aarch64 rootfile libsane-qcam is not available for aarch64 so we need an extra rootfile Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-09 18:10:23 +02:00
Arne Fitzenreiter	c67519ac7c	sane: rootfile update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-09 18:06:54 +02:00
Arne Fitzenreiter	3791a79239	tshark: rootfile update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-09 18:05:50 +02:00

1 2 3 4 5 ...

6930 Commits