Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
Bumping across one of our scripts with very long trailing whitespaces, I
thought it might be a good idea to clean these up. Doing so, some
missing or inconsistent licence headers were fixed.
There is no need in shipping all these files en bloc, as their
functionality won't change.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
* Add a Summary and Services field to all pak lfs files
* Replace occurances of INSTALL_INITSCRIPT with new INSTALL_INITSCRIPTS
macro in all pak lfs files.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 0.2.1 to 0.3
- Update of rootfile not required
- Changelog
2021-01-04 18:40:01 +0100 Pali Rohár <pali.rohar@gmail.com>
* Release version 0.3
2020-09-05 13:52:50 +0200 Pali Rohár <pali.rohar@gmail.com>
* Remove duplicate code in mcgroup.c file
Existing functionality is provided by k_join and k_leave functions.
2020-09-05 13:07:38 +0200 Pali Rohár <pali.rohar@gmail.com>
* Fix initialization and deinitialization of mrouter socket
Ensure that uninitialized socket is invalid (-1) and not stdin (0).
2020-09-05 13:07:00 +0200 Pali Rohár <pali.rohar@gmail.com>
* Use main mrouter socket also for sending join/leave messages to upstream router
There is no need to open additional UDP socket which is used just for calling
IP_ADD_MEMBERSHIP/IP_DROP_MEMBERSHIP setsockopt. Main mrouter socket is can
be used for these operations too.
2020-05-20 09:59:11 +0200 Uglymotha <uglymotha@wizdom.nu>
* Free BSD Compilation Patch
On FreeBSD compilation failed due to missing includes in os-freebsd.h.
This was causing errors about undefined structs and types in missing includes.
Also defines __BSD_VISIBLE due to FreeBSD not providing u_int, u_long etc
in a default _POSIX_C_SOURCE environment.
Fixes: https://github.com/pali/igmpproxy/issues/68
2020-05-08 22:54:06 +0200 Pali Rohár <pali.rohar@gmail.com>
* Remove MAX_MC_VIFS macro
Its value is same as MAXVIFS, so use MAXVIFS instead.
2020-03-06 11:51:21 +0100 Pali Rohár <pali.rohar@gmail.com>
* Improve downstream host tracking for quickleave mode
Use bit based per multicast route hash table for tracking downstream hosts.
For hasing function is used 32bit MurmurHash3 with pseudorandom seed and
size of hash table can be configured via a new "hashtablesize" token in
config file. Default size of hash table is 32 bytes, so it can store
approximatelly 128 hosts which is half of /24 subnet. For home networks
this should be sane default value.
Fixes: https://github.com/pali/igmpproxy/pull/57
2020-02-26 20:27:08 +0100 Pali Rohár <pali.rohar@gmail.com>
* Show error message when IP_ADD_MEMBERSHIP fails with errno ENOBUFS
Also on Linux show hint how to increase maximum number of multicast groups.
Fixes: https://github.com/pali/igmpproxy/issues/30
2020-02-25 23:46:57 +0100 Pali Rohár <pali.rohar@gmail.com>
* Fix gcc-7 and clang-9 on Travis
2020-02-25 23:24:26 +0100 Pali Rohár <pali.rohar@gmail.com>
* Update Travis config file
2019-06-26 17:42:15 +0200 Pali Rohár <pali.rohar@gmail.com>
* Use AS_IF macro for C99 check in configure.ac
2018-09-30 00:28:05 +0200 Pali Rohár <pali.rohar@gmail.com>
* Fix makefile rules for generating AUTHORS and ChangeLog files
2018-02-13 20:17:30 +0100 Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Not sure why this has ever been there. This simply makes it
nicer to read and edit because we can have line-breaks now.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This updates the package to its latest upstream version and should
be able to support IGMPv3.
Fixes: #12074
Suggested-by: Marc Roland <marc.roland@outlook.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Major change in these patches for the user is the addition
of a whitelist item for up and downstream interfaces.
Excerpt from one of patches:
Defines a whitelist for multicast groups. The network address must be in the following
format 'a.b.c.d/n'. If you want to allow one single group use a network mask of /32,
i.e. 'a.b.c.d/32'.
By default all multicast groups are allowed on any downstream interface. If at least one
whitelist entry is defined, all igmp membership reports for not explicitly whitelisted
multicast groups will be ignored and therefore not be served by igmpproxy. This is especially
useful, if your provider does only allow a predefined set of multicast groups. These whitelists
are only obeyed by igmpproxy itself, they won't prevent any other igmp client running on the
same machine as igmpproxy from requesting 'unallowed' multicast groups.
You may specify as many whitelist entries as needed. Although you should keep it as simple as
possible, as this list is parsed for every membership report and therefore this increases igmp
response times. Often used or large groups should be defined first, as parsing ends as soon as
a group matches an entry.
