There is already the 'append' command, which assembles all parameters that
are called 'proto_run_command'. Let´s move also the last params to the
top. To ensure that the sequence is correct, the parameters must be added
at the beginning, so that user parameters can overwrite them.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
There is already the 'append' command, which assembles all parameters that
are called 'proto_run_command'. Let´s use that. To ensure that the
sequence is correct, the parameters must be added at the beginning, so that
user parameters can overwrite them.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The common pattern for global variable is, to write the variable name in
capital letters. This improves maintainability in shell scripts.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The variable 'auth_file' is not used in the following programm sequence.
It therefore only makes sense to add it as a call parameter via 'append'
when calling the the 'proto_run_commmand'.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This was forgotten during renameing of this option.
Fixes: e026ce0f ("openvpn: handle ovpnproto exclusively")
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Use the ALTERNATIVES symlink handling to avoid conflicts with busybox
lsusb tool. Otherwise this package can not be installed if you also have
enabled lsusb from busybox.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Use the ALTERNATIVES symlink handling to avoid conflicts with busybox
lspci tool. Otherwise this package can not be installed if you also have
enabled lspci from busybox.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Bump PKG_RELEASE to reflect fixes to UCI init script config
generation for missing/unset options and RestrictOID handling.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
snmpd_access_default_add, snmpd_access_HostName_add, and
snmpd_access_HostIP_add check if RestrictOID is `yes` or `no`
but fail to write a newline for other values of RestrictOID
(e.g., `true`, `false`) or if unset, corrupting the generated config.
Fix by using config_get_bool and restructuring to write either
a complete line or nothing. Also require RestrictedOID to be
non-empty when RestrictOID is enabled.
This is a breaking change for configs where RestrictOID is set
to a value that the old code did not match as `yes` (e.g., `true`,
`1`, `on`, `enabled`) but config_get_bool evaluates as true. In
practice, this is unlikely to affect existing installs unless a
user is unknowingly relying on unintended behavior or is deliberately
relying on the old code's non-standard boolean evaluation; this
latter case is considered unlikely by this commit's author. Configs
where RestrictOID is enabled but RestrictedOID is empty are also
affected; previously a directive with a trailing space was written,
now no directive is written.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
snmpd_access_HostIP_add would write unintended output to the
config file if the IPMask option is not specified. Add an early
return to prevent writing in that case.
This is a breaking change for configs where IPMask is unset.
Previously, an empty IPMask option would result in a malformed
directive containing a trailing slash with no guaranteed newline,
the exact form of which depended on the values of other options.
Now, no directive is written.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
snmpd_access_HostIP_add would write unintended output to the
config file if the HostIP option is not specified. Add an early
return to prevent writing in that case.
This is a breaking change for configs where HostIP is unset.
Previously, an empty HostIP option would result in a malformed
directive containing a bare /mask with no guaranteed newline, the
exact form of which depended on the values of other options.
Now, no directive is written.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
snmpd_access_HostName_add would write unintended output to the
config file if the HostName option is not specified. Add an early
return to prevent writing in that case.
This is a breaking change for configs where HostName is unset.
Previously, an empty HostName option would result in a malformed
directive with a trailing space and no guaranteed newline, the
exact form of which depended on the values of other options.
Now, no directive is written.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
snmpd_access_default_add, snmpd_access_HostName_add, and
snmpd_access_HostIP_add would write unintended output to the
config file if the CommunityName option is not specified. Add an
early return to each function to prevent writing in that case.
This is a breaking change for configs where CommunityName is
unset. Previously, an empty CommunityName option would result in
a malformed directive with a double space and no guaranteed
newline, the exact form of which depended on the values of other
options. Now, no directive is written.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
snmpd_access_default_add, snmpd_access_HostName_add, and
snmpd_access_HostIP_add would write unintended output to the
config file if the Mode option is not specified. Add an early
return to each function to prevent writing in that case.
This is a breaking change for configs where Mode is unset.
Previously, an empty Mode option would result in a malformed
directive with a leading space and no guaranteed newline, the
exact form of which depended on the values of other options.
Now, no directive is written.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.66.2
NetBird `v0.66.x` adds support for exposing a local HTTP service
from the CLI with the `netbird expose`[1] command, but only for
self-hosted deployments. Cloud support is coming.
[1]: https://docs.netbird.io/manage/reverse-proxy/expose-from-cli
---
`0.65.x` highlights
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.65.3
NetBird `v0.65.x` now includes a built-in reverse proxy[1], but only for
self-hosted deployments and is currently in beta. Cloud support is
coming soon.
Important: pre-shared keys or Rosenpass are currently incompatible with
the reverse proxy feature.
[1]: https://docs.netbird.io/manage/reverse-proxy
---
`v0.63.x` highlights
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.63.0
NetBird now supports private DNS zones[1].
[1]: https://docs.netbird.io/manage/dns/custom-zones
---
`v0.62.x` highlights
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.62.3
Upstream minimum Go requirement raised from `v1.24.x` to `v1.25.x`,
see the go.mod[1].
[1]: https://github.com/netbirdio/netbird/blob/v0.62.3/go.mod#L3-L5
---
Building `netbird` with Go 1.26.x fails with errors:
```
[...]
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go126.go:22:2: WaitReasonSelect redeclared in this block
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go125.go:22:2: other declaration of WaitReasonSelect
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go126.go:23:2: WaitReasonChanReceive redeclared in this block
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go125.go:23:2: other declaration of WaitReasonChanReceive
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go126.go:24:2: WaitReasonSemacquire redeclared in this block
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go125.go:24:2: other declaration of WaitReasonSemacquire
[...]
```
Upstream Issue: https://github.com/netbirdio/netbird/issues/5290
Upstream PR: https://github.com/netbirdio/netbird/pull/5447
Signed-off-by: Wesley Gimenes <wehagy@proton.me>
Add `NB_DNS_STATE_FILE="/var/lib/netbird/state.json"` to the init
environment. This moves the state from the directory
`/root/.config/netbird` to the file `/var/lib/netbird/state.json` to
avoid storage wear. Note: the file is not preserved across reboots.
The state file contains information such as locally disabled routes and
other data primarily useful for desktop clients. In OpenWrt setups,
these changes are normally handled by the NetBird `management` server.
This matches the behavior prior to `netbird` v0.52.x, I have not
received any reports that this file caused problems before, so it is
unlikely to cause issues now.
The previous state file `/root/.config/netbird/state.json` can be removed.
Signed-off-by: Wesley Gimenes <wehagy@proton.me>
* the suspend/resume function now uses the external
DNS bridge when this function is used
* refine the f_nftadd function
* more file debug logging
* LuCI: add unfiltered DNS-Server to the DNS bridge selection
* LuCI: minor fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add support for OpenVPN netifd detection (thanks @egc112)
* add support for disable LAN->WAN forwarding when `strict_enforcement` is
set on start and restart (thanks @egc112)
* fix: always create marking chains for interfaces
* fix: insert DSCP/ICMP-related nft rules after marking chains
* fix: shellcheck-related improvements
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* bugfix: always print errors/warnings on non-quiet start
* bugfix: return proper enabled status in RPCD
* bugfix: return stupped status in RPCD when procd data is empty
* bugfix: correctly process verbosity=0
* delete LICENSE file and only keep it upstream
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Use wan_$DEVICENAME naming scheme instead of using consecutive numbering
for the network name.
This makes it easier to match the network interface to the corresponding
network.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Set the device option for the network. This is solely for the ease of
matching the network to the corresponding network interface.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
The previous commit 09c14817 introduced TS_NO_LOGS_NO_SUPPORT but
used procd_set_param for a subsequent environment variable. This
overwrote the previous env setting, causing fw_mode to be missed.
Switch to procd_append_param to ensure all environment variables are
properly passed to the process.
Signed-off-by: Tung-Yi Chen <cmtsij@gmail.com>
bridge-utils is obsolete software because ip command has
bridge functionality. And OpenWrt uses BusyBox's brctl
by default, so most users will not be affected by this change.
Signed-off-by: Yanase Yuki <dev@zpc.st>
This software seems no longer maintained by upstream.
The latest upstream release is 10 years ago,
and no package depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
This software seems no longer maintained by upstream.
The latest upstream commit is 8 years ago,
and no package depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
These LLVM builds get deleted after a certain time, causing Rust builds
to break as the LLVM build can no longer be downloaded.
Fixes#27331.
Signed-off-by: Orne Brocaar <info@brocaar.com>
* fixed the debug errorfile handling
* fixed a typo in the nftadd function
* minor cornercase improvements
* LuCI: minor cleanups & fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
By moving the file to a subdirectory, it is easier to track where the file
is located on the target without having to check the Makefile every time.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
By moving the file to a subdirectory, it is easier to track where the file
is located on the target without having to check the Makefile every time.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Move the 'INSTALL_DIR' creation in the make install target to the location
where the files are also installed. This prevents directories that are no
longer needed from being forgotten during refactoring.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* bugfix: support TMP and final block-list destination on different
partitions
* update pause-related code/defaults/validation
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Florian Eckert
Wei-Ting Yang
Martin Schiller
Eric McDonald
Niklas Thorild
Afiq Nazrie
Chester A. Unal
Vladimir Ulrich
Oliver Sedlbauer
Wesley Gimenes
Dirk Brenken
Stan Grishin
George Sapkin
Tung-Yi Chen
Yanase Yuki
Orne Brocaar
Sandro Jäckel