bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-21 00:12:58 +02:00

Author	SHA1	Message	Date
Arne Fitzenreiter	d19c82678b	Revert "bash/readline: drop orphaned patches" This reverts commit `95f1c332d8`.	2019-10-15 07:35:22 +00:00
Arne Fitzenreiter	aee52e38d0	Revert "ship updated bash and readline" there are missing files libs/bash/* in the rootfiles and there are addons linked against readline-6.3 so we still need this as readline-compat This reverts commit `5c0345f5c1`.	2019-10-15 07:31:56 +00:00
Michael Tremer	2ad1b18bdb	vpnmain.cgi+ovpnmain.cgi: Fix file upload with new versions of Perl File uploads did not work since Perl was upgraded. This patch fixes that problem by only checking if an object was returned instead of performing a string comparison. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:10:20 +00:00
Arne Fitzenreiter	0fb42e01c5	core137: add qos changes to updater Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:09:39 +00:00
Michael Tremer	d33ad4bdfe	QoS: Increase queue size and quantum for fq_codel This optimises the QoS to process more bandwidth. The limit variable sets the maximum number of packets in the queue which was regularly exceeded on fast connections with the old setting. This now allows up to 10G of data transfer and is set to the default of fq_codel. Quantum sets how many bytes can be read from the queue per iteration. This is now set to the default again, which is the size of an Ethernet frame including its header. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:05:21 +00:00
Michael Tremer	b1c695e872	QoS: No longer set TOS bits for ACK packets Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:05:06 +00:00
Michael Tremer	3174d9c6b6	QoS: Drop support for setting TOS bits per class This is useless since no ISP will evaluate those settings any more and it has a rather large impact on throughput. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:04:53 +00:00
Michael Tremer	bc4d4da870	QoS: Drop support for subclasses This feature was never properly implemented and the UI was dead Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:04:39 +00:00
Michael Tremer	63f7d7475e	QoS: Drop tc filter rules to move marked packets into the correct class This is no longer necessary since we are now using CLASSIFY Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:03:59 +00:00
Michael Tremer	3e151d19f9	QoS: Use CLASSIFY iptables target instead of MARK We have been running into loads of conflicts by using MARK for various components on the OS (suricata, IPsec, QoS, ...) which was sometimes hard to resolve. iptables comes with a target which directly sorts packets into the correct class which results in less code and not using the mark. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:03:44 +00:00
Michael Tremer	424a332fd3	QoS: Move packet classification to FORWARD chain for ingress Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:03:32 +00:00
Michael Tremer	cebad6e2b9	QoS: Suppress an error message when cleaning up from previous runs Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:03:20 +00:00
Michael Tremer	59b9a6bd22	linux+iptables: Drop support for IMQ This is no longer needed since we are using IFB now Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:02:55 +00:00
Michael Tremer	6a9bcd6c1d	QoS: Start qosd immediately Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:02:28 +00:00
Michael Tremer	39ff91ecf8	QoS: Do not delete egress qdisc after classes have been created Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:02:07 +00:00
Michael Tremer	607365bccb	QoS: Silence RRD tool warnings Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:01:50 +00:00
Michael Tremer	e6341c5856	QoS: Process incoming packets in PREROUTING only Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:01:37 +00:00
Michael Tremer	eedf7b06c0	QoS: Tidy up qdiscs after QoS is being stopped Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:01:18 +00:00
Michael Tremer	ec01ebe246	Revert "Make IMQ Switchable between PREROUTING and POSTROUTING" This reverts commit `88b8ffac6b`. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:01:06 +00:00
Michael Tremer	3c33d9d854	QoS: Use Intermediate Functional Block This is an alternative implementation to the Intermediate Queuing Device (IMQ) which is an out-of-tree kernel patch and has been criticised for being slow, especially with mutliple processors. IFB is part of the mainline kernel and a lot less code. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:00:51 +00:00
Michael Tremer	cae6916d59	QoS: Do not manually load iptables modules This should not be necessary and causes the script to wait for two seconds. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 18:00:33 +00:00
Arne Fitzenreiter	ec5b30f39b	core137: add updated sysctl.conf Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:57:58 +00:00
Michael Tremer	58b3c9b58a	sysctl: Adopt more settings from the IBM HPC guidelines https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Welcome%20to%20High%20Performance%20Computing%20%28HPC%29%20Central/page/Linux%20System%20Tuning%20Recommendations Since we have already configured most of our IP/TCP stack for low latency and fast throughput, these settings complete those efforts. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:56:30 +00:00
Arne Fitzenreiter	d3ef457692	core137: add updated 99-geoip-database Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:49:32 +00:00
Michael Tremer	a3f4b8c6f7	99-geoip-database: Fix download This script started a fresh download every time it was called, which is unnecessary. The check to skip the download did not work because it was looking for the old data format. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:47:31 +00:00
Arne Fitzenreiter	bb64cd092c	core137: add updated xt_geoip_update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:46:27 +00:00
Daniel Weismüller	a18addb946	xt_geoip_update: Always call the cleanup function when some step fails Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:45:29 +00:00
Daniel Weismüller	7b2d933055	xt_geoip_update: Do not create temporary directories again These already exist Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:45:27 +00:00
Daniel Weismüller	3cd8d55010	xt_geoip_update: Use /var/tmp for temporary data Since we have some systems that are restricted to only 2GB of space on /, we need to move this to where we have enough space. Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:45:23 +00:00
Daniel Weismüller	0df1839239	xt_geoip_update: Perform cleanup after successful operation The temporary files were never being cleaned up after the script has finished compiling the database. Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:45:20 +00:00
Arne Fitzenreiter	efa43d82b5	core137: add dns.cgi to update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:42:35 +00:00
peter.mueller@ipfire.org	fe9fb38682	fix link to public DNS server list in dns.cgi Fixes: #11851 Reported-by: Dani W <assgex@gmail.com> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:41:49 +00:00
peter.mueller@ipfire.org	41fe437400	fix typo in hostapd initscript Fixes: #11237 Reported-by: Tom Rymes <tomvend@rymes.com> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:40:25 +00:00
peter.mueller@ipfire.org	04a42c81f5	rust: fix year in LFS file Tempus fugit, I know... :-) Cc: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:37:33 +00:00
Arne Fitzenreiter	6f828b103e	core137: add updated ruleset-sources Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:36:36 +00:00
Stefan Schantl	6a56ee2a3e	ruleset-sources: Update snort dl urls. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:34:03 +00:00
Arne Fitzenreiter	ff42e56224	core137: add updated backup.pl Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:30:37 +00:00
Tim FitzGeorge	28797d488e	Restart logging after restoring backup Send SIGHUP to syslogd and suricata after restoring backup. This ensures that if the restored backup includes log files that any new log messages get appended to the restored log files. Otherwise they will be written to the old log files which are pending deletion. httpd is told to restart using apachectl, which is the equivalent of sending a signal. 'graceful' (USR1) is used rather than 'restart' (HUP) because the latter immediately kills the process restoring the backup, preventing converters from running. Fixes: 12196 Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk> Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:27:54 +00:00
Arne Fitzenreiter	57ff953341	core137: add ipset to update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:22:44 +00:00
Erik Kapfer	f3acac7f11	ipset: Update to version 7.3 Some kernel part fixes are included. For a overview of the changelog, take a look in here --> http://ipset.netfilter.org/changelog.html . Signed-off-by: Erik Kapfer <ummeegge@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:15:16 +00:00
peter.mueller@ipfire.org	5c0345f5c1	ship updated bash and readline Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:12:53 +00:00
peter.mueller@ipfire.org	95f1c332d8	bash/readline: drop orphaned patches Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:12:46 +00:00
peter.mueller@ipfire.org	c5f0c44451	readline: add patch 001 for version 8.0 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:12:38 +00:00
peter.mueller@ipfire.org	2c0ee2b962	bash: add patches 001 - 011 for 5.0 version Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:12:09 +00:00
peter.mueller@ipfire.org	f41d936026	update rootfiles for bash and readline Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:12:06 +00:00
peter.mueller@ipfire.org	6e8e8ee41c	readline: update to 8.0 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:12:03 +00:00
peter.mueller@ipfire.org	700f11b305	bash: update to 5.0 Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-14 17:11:59 +00:00
Matthias Fischer	4863f2096c	dhcpcd: Update to 8.1.0 For details see: https://roy.marples.name/blog/dhcpcd-8-1-0-released "DragonFlyBSD: Improved rc.d handling Fix carrier status after a route socket overflow Allow domain spaced options DHCP: Allow not sending Force Renew Nonce or Reconf Accept IPv4LL: Now passes Apple Bonjour test versions 1.4 and 1.5 ARP: Fix a typo and remove pragma (thus working with old gcc) DHCP6: Fix a cosmetic issue with infinite leases DHCP6: SLA 0 and Prefix Len 0 will now add a delegated /64 address Ignore some virtual interfaces such as Tap and Bridge by default BPF: Move validation logic out of BPF and back into dhcpcd" Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-13 06:08:05 +00:00
Arne Fitzenreiter	ff592e1e07	core137: close update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-12 15:57:59 +00:00
Arne Fitzenreiter	fcb0e92dec	core137: restart updated services Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-12 15:56:40 +00:00

1 2 3 4 5 ...

13839 Commits