bpfire

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-12 12:15:52 +02:00

Author	SHA1	Message	Date
peter.mueller@ipfire.org	d5ccd924e0	update ca-certificates CA bundle Update the CA certificates list to what Mozilla NSS ships currently. The original file can be retrieved from: https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Acked-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-11-13 18:39:50 +00:00
peter.mueller@ipfire.org	c772b7550c	Tor: fix permissions of /var/ipfire/tor/torrc after installation Fixes #12220 Reported-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-29 19:50:32 +00:00
Arne Fitzenreiter	94c09bd9c4	core138: add firewall-lib.pl to update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-29 13:25:55 +00:00
Stefan Schantl	dba780a784	firewall-lib.pl: Populate GeoIP rules only if location is available. In case a GeoIP related firewall rule should be created, the script now will check if the given location is still available. Fixes #12054. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-29 13:23:43 +00:00
Arne Fitzenreiter	75612f0644	start core138 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-29 13:22:31 +00:00
Michael Tremer	a42dfb216d	speedtest-cli: Use Python 3 instead of Python 2 This seems to be required although the documentation says that Python 2 is supported. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-29 13:17:11 +00:00
Michael Tremer	45a3168ef1	python3: Bump release version to redistribute package Python 3 was linked against an old version of OpenSSL on my system and to avoid this, we need to ship it again being built against the current version of it. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-29 13:17:07 +00:00
Michael Tremer	d704e75d75	QoS: Do no classify as default when L7 filter isn't done We need to allow some more packets to pass through the mangle chains so that the layer 7 filter can determine what protocol it finds. If L7 filter decides that a connection is of type "unknown", we mark it as default, or it is marked with the correct class. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-22 15:57:01 +00:00
Arne Fitzenreiter	41c242bff8	Revert "Revert "Revert "core137: Remove imq0 and unload imq module after QoS has been stopped""" This reverts commit `e4d242da4a`. this fails because we let QoS running and it doesn't like if the imq0 device was removed. (why imq0 can removed when it is up?)	2019-10-22 15:54:37 +00:00
Matthias Fischer	4ba4645d12	bind: Update to 9.11.12 For details see: https://downloads.isc.org/isc/bind9/9.11.12/RELEASE-NOTES-bind-9.11.12.html Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 19:01:32 +00:00
Michael Tremer	b3ce3510ad	grub: Build after Python is available The build sometimes aborted because python was not found when Grub was being built for EFI. Fixes: #12209 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 19:01:03 +00:00
Arne Fitzenreiter	e4d242da4a	Revert "Revert "core137: Remove imq0 and unload imq module after QoS has been stopped"" This reverts commit `39c4ed4427`.	2019-10-21 19:00:19 +00:00
Michael Tremer	615bf6e0f0	QoS: Delete more unused iptables commands Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:36 +00:00
Michael Tremer	76bf53db8b	QoS: Drop support for setting TOS bits per class This is useless since no ISP will evaluate those settings any more and it has a rather large impact on throughput. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:31 +00:00
Michael Tremer	6f07564242	QoS: No longer set TOS bits for ACK packets Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:29 +00:00
Michael Tremer	1e35eeac59	QoS: Remove some IPsec rules which never worked Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:25 +00:00
Michael Tremer	fc09b98296	QoS: Classify incoming traffic in PREROUTING Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:23 +00:00
Daniel Weismüller	4b5aa97393	QoS: Use CONNMARK to mark connections in connection tracking This patch modifies the connection tracking in that ways that it sets a connection mark which will be retrieved when a packet is being redirected to the IFB interface. This way, we can use classification without having the packet being sent through iptables first. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:20 +00:00
Michael Tremer	7d770777e0	Revert "Make IMQ Switchable between PREROUTING and POSTROUTING" This reverts commit `88b8ffac6b`. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:14 +00:00
Michael Tremer	afe23fbb52	QoS: Drop support for subclasses This feature was never properly implemented and the UI was dead Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:12 +00:00
Michael Tremer	8d6b654369	QoS: Suppress an error message when cleaning up from previous runs Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:10 +00:00
Michael Tremer	951a9f9ba0	linux+iptables: Drop support for IMQ This is no longer needed since we are using IFB now Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:08 +00:00
Michael Tremer	50ed363e89	QoS: Do not delete egress qdisc after classes have been created Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:58:06 +00:00
Michael Tremer	677c1f47d7	QoS: Start qosd immediately Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:57:59 +00:00
Michael Tremer	96f16b8501	QoS: Tidy up qdiscs after QoS is being stopped Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:57:53 +00:00
Michael Tremer	0dfb3984d0	QoS: Use Intermediate Functional Block This is an alternative implementation to the Intermediate Queuing Device (IMQ) which is an out-of-tree kernel patch and has been criticised for being slow, especially with mutliple processors. IFB is part of the mainline kernel and a lot less code. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:57:41 +00:00
Michael Tremer	c37af2f004	QoS: Do not manually load iptables modules This should not be necessary and causes the script to wait for two seconds. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-21 18:57:14 +00:00
Arne Fitzenreiter	3670ac5622	core137: remove QoS stop at update Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-20 20:29:50 +00:00
Arne Fitzenreiter	39c4ed4427	Revert "core137: Remove imq0 and unload imq module after QoS has been stopped" This reverts commit `f48920d84f`.	2019-10-20 20:28:10 +00:00
Arne Fitzenreiter	fb41342122	Revert "QoS: Do not manually load iptables modules" This reverts commit `cae6916d59`.	2019-10-20 20:25:24 +00:00
Arne Fitzenreiter	bd122644e4	Revert "QoS: Use Intermediate Functional Block" This reverts commit `3c33d9d854`.	2019-10-20 20:24:43 +00:00
Arne Fitzenreiter	707e0471ce	Revert "Revert "Make IMQ Switchable between PREROUTING and POSTROUTING"" This reverts commit `ec01ebe246`.	2019-10-20 20:24:16 +00:00
Arne Fitzenreiter	5e661eb533	Revert "QoS: Tidy up qdiscs after QoS is being stopped" This reverts commit `eedf7b06c0`.	2019-10-20 20:23:54 +00:00
Arne Fitzenreiter	005fc8ed5d	Revert "QoS: Process incoming packets in PREROUTING only" This reverts commit `e6341c5856`.	2019-10-20 20:23:13 +00:00
Arne Fitzenreiter	d7297c477a	Revert "QoS: Do not delete egress qdisc after classes have been created" This reverts commit `39ff91ecf8`.	2019-10-20 20:21:53 +00:00
Arne Fitzenreiter	fb8d7759b8	Revert "QoS: Start qosd immediately" This reverts commit `6a9bcd6c1d`.	2019-10-20 20:21:23 +00:00
Arne Fitzenreiter	c27fdd8697	Revert "linux+iptables: Drop support for IMQ" This reverts commit `59b9a6bd22`.	2019-10-20 20:20:26 +00:00
Arne Fitzenreiter	fc08e632e3	Revert "QoS: Suppress an error message when cleaning up from previous runs" This reverts commit `cebad6e2b9`.	2019-10-20 20:19:58 +00:00
Arne Fitzenreiter	896f24cc58	Revert "QoS: Move packet classification to FORWARD chain for ingress" This reverts commit `424a332fd3`.	2019-10-20 20:19:21 +00:00
Arne Fitzenreiter	323900264f	Revert "QoS: Use CLASSIFY iptables target instead of MARK" This reverts commit `3e151d19f9`.	2019-10-20 20:18:56 +00:00
Arne Fitzenreiter	bebc33813a	Revert "QoS: Drop tc filter rules to move marked packets into the correct class" This reverts commit `63f7d7475e`.	2019-10-20 20:18:34 +00:00
Arne Fitzenreiter	50e97cd55f	Revert "QoS: Drop support for subclasses" This reverts commit `bc4d4da870`.	2019-10-20 20:18:00 +00:00
Arne Fitzenreiter	6aeaa3a75e	Revert "QoS: Drop support for setting TOS bits per class" This reverts commit `3174d9c6b6`.	2019-10-20 20:17:18 +00:00
Arne Fitzenreiter	ac45e4f3e9	Revert "QoS: No longer set TOS bits for ACK packets" This reverts commit `b1c695e872`.	2019-10-20 20:16:05 +00:00
Arne Fitzenreiter	6e414ea1e0	core137: don't start QoS QoS need to load kernel modules but the currect kernel was removed so it cannot correct start without a reboot. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-20 09:51:04 +00:00
Daniel Weismüller	f48920d84f	core137: Remove imq0 and unload imq module after QoS has been stopped Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-18 21:09:04 +00:00
Arne Fitzenreiter	596c71d07f	kernel: update to 4.14.150 Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-18 23:07:44 +02:00
Arne Fitzenreiter	cafef39aa2	Revert "suricata: Enable rust support" This reverts commit `5b87687cb1`.	2019-10-18 20:39:47 +02:00
Arne Fitzenreiter	52d57e9748	rust: disabled build rust build code with illegal instructions on armv5tel so this need more checking Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-18 20:37:50 +02:00
Arne Fitzenreiter	42c2acc218	core137: add path of qosctrl Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>	2019-10-18 16:19:59 +02:00

1 2 3 4 5 ...

13900 Commits