On Sun, 2016-05-15 at 20:50 +0800, Yousong Zhou wrote:
> > > I remember `proto_add_host_dependency` can be used to instruct
> > > netifd
> > > to setup such a route. But it looks like the relevant code for
> > > openconnect.sh is now commented out.
> > It was causing an infinite loop, and I could
On Sat, 2016-05-14 at 18:29 +0800, Yousong Zhou wrote:
> On 14 May 2016 at 16:18, Nikos Mavrogiannopoulos
> wrote:
> >
> > Hi,
> > A user of openconnect VPN is trying to use openconnect as a
> > default
> > route on his router [0]. Currently this works by s
Hi,
A user of openconnect VPN is trying to use openconnect as a default
route on his router [0]. Currently this works by setting defaultroute=1
on his /etc/config/network, however, once the default route is setup
the VPN connection drops because there is no direct route to the VPN
gateway.
Obviou
On Sun, 2016-01-03 at 11:17 -0800, Chris Marchesi wrote:
> Hey!
>
> I tried to change the default passwd algorithm used by busybox to
> sha512, but got some strange looking hashes back by passwd after
> changing.
> They basically had the algorithm and the salt (maybe) squashed, like
> below.
>
On Thu, 2015-06-11 at 09:20 +0100, Bruno Randolf wrote:
> On 06/11/2015 07:32 AM, Nikos Mavrogiannopoulos wrote:
> > In issue 574 [0] there is a big discussion of the behavior of
> > transmission in openwrt. To summarize it:
> > * By default when transmission downloads, it may
In issue 574 [0] there is a big discussion of the behavior of
transmission in openwrt. To summarize it:
* By default when transmission downloads, it may crash the router due to
high memory consumption and OOB. That crash may lead to reboot or not.
* To avoid that, some memory limitations can be set
On Sat, 2015-02-14 at 15:31 -0800, David Lang wrote:
> > I've also enabled the ocserv package to use seccomp if configured to,
> > but in order for that protection to become meaningful for other
> > programs to use as well, it would also need the default kernel option to
> > enable seccomp filter.
On Sat, 2015-02-14 at 14:54 +0100, Etienne Champetier wrote:
> Hi Nikos,
> Can you send size with/without seccomp option
I compiled openwrt on lantiq (3.18.7) and the size with seccomp filter
is:
1481440 Feb 14 19:12 openwrt-lantiq-xway-WBMR-uImage
3695419 Feb 14 19:12 openwrt-lantiq-xway-WBMR-uIm
Hello,
I've added libseccomp into packages. That library allows
programs to easily restrict the system calls they are allowed to use.
In turn that uses the kernel's seccomp filter. That's one of the most
reliable ways to restrict/sandbox processes into specific tasks which
cannot be overriden eve
Hello,
After some of experimentation, I've put up some instructions on how to
setup ocserv clients to interact easily with lan. I've abolished the
approach of adding each client into a vpn zone, and I now suggest adding
an interface for "vpns+" devices, which will simplify both setup and
number of
On Fri, Jan 9, 2015 at 12:25 PM, Steven Barth wrote:
> Our dnsmasq init script registers /tmp/dnsmasq.d as an additional
> configuration dir, so you can place files there and restart it. However I'm
> not sure as to how much we want netifd to do dnsmasq-specific stuff or how
> we would do it.
Wel
On Fri, Jan 9, 2015 at 9:48 AM, Hans Dedecker wrote:
> On Thu, Jan 8, 2015 at 5:43 PM, Nikos Mavrogiannopoulos
> wrote:
>> Currently a protocol can register a dns server with netifd using the
>> proto_add_dns_server function. That however, does not allow
>> regist
Currently a protocol can register a dns server with netifd using the
proto_add_dns_server function. That however, does not allow
registering a DNS server for a specific domain. I checked the netifd
code and there is no provision for that. Would it make sense to add
such functionality to netifd, or
On Mon, Jan 5, 2015 at 8:00 AM, Gottfried Haider
wrote:
>> It seems that you use openconnect to set a default route, and that's why
>> I couldn't reproduce it. I don't think that openconnect handles default
>> routes differently, so it could be an issue in netifd. As I see default
>> routes are re
On Sun, 2015-01-04 at 09:18 +0100, Gottfried Haider wrote:
> Hello Nikos,
>
> >> * Bringing the VPN interface down again doesn't restore regular
> >> internet access. It seems the routes (and DNS?) that came with the VPN
> >> stay also after running ifdown.
> > I don't seem to have this issue, ple
Hello,
What are the rules for updating packages in the "for-14.09" branch? Is
this branch inactive, or bug fixes and CVEs should get in?
regards,
Nikos
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mail
On Tue, 2014-10-07 at 19:24 +0200, Jo-Philipp Wich wrote:
> Hi.
>
> I think about abandoning the LuCI Trac entirely and only accept patches
> sent to the mailinglist, I lack time and resources to keep it running
> and spam-free.
>
> So please resend the patches to the LuCI list in case you haven'
On Fri, Oct 3, 2014 at 11:32 AM, Christian Schoenebeck
wrote:
> Hi,
> we got a new ticket inside OpenWrt Ticket #18018 with problems inside LuCI
> app.
> This is normally not an OpenWrt ticket it's a LuCI ticket, but the user don't
> know.
> If the user try to post the ticket at LuCI trac it tak
On Fri, Oct 3, 2014 at 11:32 AM, Christian Schoenebeck
wrote:
> Hi,
> we got a new ticket inside OpenWrt Ticket #18018 with problems inside LuCI
> app.
> This is normally not an OpenWrt ticket it's a LuCI ticket, but the user don't
> know.
> If the user try to post the ticket at LuCI trac it tak
On Fri, 2014-09-19 at 18:39 -0700, David Lang wrote
> > Well being used to something bad, doesn't mean things cannot get better.
> > Routers (to which I have some experience at), rarely have processes
> > running that wouldn't matter if they are randomly killed; on a desktop
> > system you immedia
On Tue, 2014-09-16 at 22:29 +, Karl P wrote:
> Alternatively, if you know which process it is, set it's oom_adj_score so
> that
> it gets killed first.
> Some other people are kinda used to things behaving as
> they are, for better or worse. (Turning off overcommit on an openwrt device
Hello,
It seems I have a memory leak in a process that runs under openwrt, and
occasionally the watchdog process is being killed by the oom-killer
causing a reboot. Seen that, I think that having the default overcommit
settings of the linux kernel is quite an overkill for a system like
openwrt whe
On Sun, 2014-08-31 at 12:14 +0200, Felix Fietkau wrote:
> > To have small binaries is nice, but I guess that a growing amount of
> > Openwrt
> > users are power users with modern routers with more flash space and having
> > interest for VPNs etc. And for them mips16 may have brought more troubl
On Sat, 2014-08-30 at 21:33 +0200, Felix Fietkau wrote:
> On 2014-08-30 21:27, Nikos Mavrogiannopoulos wrote:
> > On Sat, 2014-08-30 at 20:10 +0200, Felix Fietkau wrote:
> >
> >> > This could be a problem caused by mips16. We use that in BB to create
> >>
On Sat, 2014-08-30 at 20:10 +0200, Felix Fietkau wrote:
> > This could be a problem caused by mips16. We use that in BB to create
> > smaller binaries. but Jonas saw a performance problem in some
> > applications, mostly stuff doing crypto (big integer calculations).
> > Can you try to build the B
On Tue, 2014-08-12 at 12:47 +0100, Stephen Parry wrote:
> Hi Nikos,
> The linux-pam tarball location has been changed:
> PKG_RELEASE:=4
> PKG_SOURCE:=Linux-PAM-$(PKG_VERSION).tar.bz2
> -PKG_SOURCE_URL:=http://www.linux-pam.org/
> +PKG_SOURCE_URL:=http://www.linux-pam.org/library/
> PKG_MD5SUM:=
On 28 July 2014 12:53:17 CEST, David Woodhouse wrote:
>On Thu, 2014-06-05 at 08:18 +0200, Nikos Mavrogiannopoulos wrote:
>> Hello,
>> I'm trying to resubmit the scripts for openconnect in openwrt's luci
>> interface. Currently the most difficult part in the
On Thu, 2014-07-24 at 21:17 +0200, Christian Schoenebeck wrote:
> Hi,
>
> I would offer to do the job, but I down know what I need to do.
> What are the requirements?
> - technically (hardware/software equipment)
> - knowledge (I don't call myself a programmer)
> - permissions to
On Sat, 2014-06-07 at 00:19 +0200, Nikos Mavrogiannopoulos wrote:
> > This applies to ocserv at the github packages repository of openwrt:
> > https://github.com/openwrt/packages
>
> Hello any comments one the above two additions? I'm mostly worried how
> can that
On Mon, Jun 16, 2014 at 10:53 AM, wrote:
>> On the contrary I'd prefer if it doesn't. Nettle is an open project
>> under LGPL that anyone can contribute and can be reused by a variety
>> of software; polarssl is closed commercial project under a commercial
>> license with a GPLv2 exception.
> acc
On Mon, Jun 16, 2014 at 10:31 AM, Steven Barth wrote:
> Hi Nikos,
> Is there a reason for not having dnssec by default? If there is a way
> to disable it, I believe it will only be beneficial to have it in.
> The main problem here is that this increase the default image size
> significantly plus w
On Mon, Jun 16, 2014 at 10:12 AM, Andre Heider wrote:
>> could you please add nettle-mini support and make this a build variant
>> instead of a config option, please?
>> Build variant has the advantage that we can precompile it as ipks because we
>> cannot enable dnssec by default.
> I posted a pa
On Sat, 2014-06-14 at 17:34 +0200, Andre Heider wrote:
> Hi,
>
> this set adds DNSSEC validation to dnsmasq, tested on ar71xx.
>
> The set is pretty small and should be self explanatory.
>
> There's room for improvement though:
> - compilation will fail under CONFIG_LIBNETTLE_MINI. I failed to e
On Wed, 2014-06-11 at 00:16 +0300, Hannu Nyman wrote:
> The current buildbot run was the first after the default feed change, and as
> "oldpackages" are not built by buildbot, many packages will be missing from
> the snapshot directory as of today... So I expect to see a flow of bugs for
> missi
On Tue, 2014-06-03 at 13:25 +0200, Steven Barth wrote:
> Hello Developers,
>
> it has been some time since our latest stable release, so we are
> currently busy preparing the first RC for Barrier Breaker. But before we
> want to do the actual builds we need to take care of the packages feed
> w
This patch adds a configuration menu for ocserv. As it is my first
attempt in luci I'd appreciate any comments.
Signed-off-by: Nikos Mavrogiannopoulos
---
applications/luci-ocserv/Makefile | 4 ++
.../luci-ocserv/luasrc/controller/ocserv.lua | 26 +
...
This is a follow-up on the previous patch; it fixes an issue on big
endian systems, and adds some uci configuration options.
Signed-off-by: Nikos Mavrogiannopoulos
---
net/ocserv/Makefile| 6 ++-
net/ocserv/files/ocserv-config | 8 +++
net/ocserv
Signed-off-by: Nikos Mavrogiannopoulos
---
libs/gnutls/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libs/gnutls/Makefile b/libs/gnutls/Makefile
index 9544ffb..d1f8919 100644
--- a/libs/gnutls/Makefile
+++ b/libs/gnutls/Makefile
@@ -8,12 +8,12 @@
include
Signed-off-by: Nikos Mavrogiannopoulos
---
net/ocserv/Config.in | 4 +--
net/ocserv/Makefile | 28 -
net/ocserv/files/ocserv.conf | 71 +---
net/ocserv/files/ocserv.init | 7 +++--
4 files changed, 82 insertions(+), 28
Signed-off-by: Nikos Mavrogiannopoulos
---
libs/gnutls/Config.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libs/gnutls/Config.in b/libs/gnutls/Config.in
index d55743f..0160cf0 100644
--- a/libs/gnutls/Config.in
+++ b/libs/gnutls/Config.in
@@ -14,7 +14,7 @@ config
Signed-off-by: Nikos Mavrogiannopoulos
---
utils/cryptodev-linux/Makefile | 74 ++
1 file changed, 74 insertions(+)
create mode 100644 utils/cryptodev-linux/Makefile
diff --git a/utils/cryptodev-linux/Makefile b/utils/cryptodev-linux/Makefile
new file
On Wed, 2014-05-07 at 18:23 -0700, Florian Fainelli wrote:
> 2014-05-07 14:56 GMT-07:00 Nikos Mavrogiannopoulos :
> >
> > Signed-off-by: Nikos Mavrogiannopoulos
>
> Applied in r40721, had to disable cryptodev since it was missing a
> bunch of definitions to build. thanks
These tools aren't compiled in that case.
Signed-off-by: Nikos Mavrogiannopoulos
---
libs/gnutls/Makefile | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libs/gnutls/Makefile b/libs/gnutls/Makefile
index 997532b..9544ffb 100644
--- a/libs/gnutls/Makefile
+++ b/libs/g
This server is compatible with the openconnect client,
and cisco's anyconnect clients.
Signed-off-by: Nikos Mavrogiannopoulos
---
net/ocserv/Config.in | 14 +++
net/ocserv/Makefile | 74 +++
net/ocserv/files/ocserv.conf
On Wed, 2014-05-07 at 14:44 -0700, Florian Fainelli wrote:
> Could you resubmit these patches with your Signed-off-by tag? They
> look good otherwise, thank you!
Thanks for checking them. Just resubmitted.
regards,
Nikos
___
openwrt-devel mailing list
Signed-off-by: Nikos Mavrogiannopoulos
---
libs/gnutls/Makefile | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libs/gnutls/Makefile b/libs/gnutls/Makefile
index c2a010a..997532b 100644
--- a/libs/gnutls/Makefile
+++ b/libs/gnutls/Makefile
@@ -75,7 +75,7 @@ endef
Signed-off-by: Nikos Mavrogiannopoulos
---
libs/gnutls/Config.in | 33 +++
libs/gnutls/Makefile | 62 ++-
2 files changed, 89 insertions(+), 6 deletions(-)
create mode 100644 libs/gnutls/Config.in
diff --git a/libs
---
libs/gnutls/Makefile | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libs/gnutls/Makefile b/libs/gnutls/Makefile
index c2a010a..997532b 100644
--- a/libs/gnutls/Makefile
+++ b/libs/gnutls/Makefile
@@ -75,7 +75,7 @@ endef
define Package/libgnutls
$(call Package/gnutl
G_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2
-PKG_MD5SUM:=300e5f413054e2f4719c1c3b5179a611
+PKG_MD5SUM:=807bbf14a5b6c81a9249fffab5c3982b
PKG_MAINTAINER:=Nikos Mavrogiannopoulos
PKG_INSTALL:=1
@@ -21,6 +21,7 @@ PKG_LIBTOOL_PATHS:=. lib
include $(
On Sun, Mar 2, 2014 at 1:06 PM, Hauke Mehrtens wrote:
> We will not add any new packages without an maintainer, because we
> already have too many outdated packages. You should also take over
> maintainer ship for that package you want to add and send patches if
> there are problems with that pack
Signed-off-by: Nikos Mavrogiannopoulos
---
libs/openconnect/Makefile | 49
libs/openconnect/files/openconnect.sh | 56 +
libs/openconnect/files/vpnc-script| 156 ++
net/openconnect/Config.in
Signed-off-by: Nikos Mavrogiannopoulos
---
libs/gnutls/Makefile | 70 +++
libs/gnutls/patches/001-no_doc_tests_po.patch | 65 -
2 files changed, 29 insertions(+), 106 deletions(-)
delete mode 100644 libs/gnutls/patches
Signed-off-by: Nikos Mavrogiannopoulos
---
libs/nettle/Makefile | 72
1 file changed, 72 insertions(+)
create mode 100644 libs/nettle/Makefile
diff --git a/libs/nettle/Makefile b/libs/nettle/Makefile
new file mode 100644
index 000
On 03/02/2014 01:06 PM, Hauke Mehrtens wrote:
>>> This library is needed for DNSSEC support in dnsmasq, and to update
>>> gnutls to a more recent version.
>> [...]
>>> +ifeq ($(CPU_SUBTYPE),neon)
>>> +CONFIGURE_ARGS += \
>>> + --enable-arm-neon
>>> +endif
>>
>> It seems my neon detection is wron
On 02/28/2014 09:27 PM, Nikos Mavrogiannopoulos wrote:
> This library is needed for DNSSEC support in dnsmasq, and to update
> gnutls to a more recent version.
[...]
> +ifeq ($(CPU_SUBTYPE),neon)
> +CONFIGURE_ARGS += \
> + --enable-arm-neon
> +endif
It seems my neon detectio
This library is needed for DNSSEC support in dnsmasq, and to update
gnutls to a more recent version.
Signed-off-by: Nikos Mavrogiannopoulos
---
libs/nettle/Makefile | 72
1 file changed, 72 insertions(+)
create mode 100644 libs/nettle
Signed-off-by: Nikos Mavrogiannopoulos
---
libs/gmp/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libs/gmp/Makefile b/libs/gmp/Makefile
index 0a07990..4f6e167 100644
--- a/libs/gmp/Makefile
+++ b/libs/gmp/Makefile
@@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
On 11/03/2010 09:49 AM, Roberto Riggio wrote:
> Hi,
>
> how would you track a memory leak in a kernel module? Is there
> something equivalent to valgrind for kernel debugging?
[...]
A not very efficient way might be /proc/slabinfo. There you can find the
allocation size of the leak and this might
On Fri, Jul 30, 2010 at 9:45 PM, Stefan Monnier
wrote:
>>> I inherited from a DSL modem+router whose firmware describe as a "Solos
>>> 4610 RD / Solos 461x CSP v1.0", and telnet shows me a big
>>> `conexant' banner.
>
>> Just going from the hardware, this seems to be a Connexant CX96410
>> based d
Hello,
I've noticed that to export the crypto accelerators to userspace
(i.e. openssl/gnutls) you use the OCF kernel subsystem. I'd like to
ask what are the reasons for this decision. Is it because the
supported accelerators in the linux kernel are less than those in OCF?
Do they provide better or
edgar.sol...@web.de wrote:
> I discovered a currently not used option of jffs2. It allows the setting
> of a compression mode. Because size matters on embedded devices I wonder
> why this is not enabled. Attached a patch that does that. I tried it and
> it works.
Indeed this is a sensible option a
Stefan Monnier wrote:
>> This patch will add lzma support to the jffs2 filesystem. It adds
>
> I'm curious: when I looked at it, it seemed like it might be problematic
> on small machines like the WRT54G because of its memory use. Was I just
> imagining it, or is it indeed something to watch out
62 matches
Mail list logo
