Issue: HOP-7421 - [DNS] unbound is failing to resolve internal dns name
Signed-off-by: sahbot <sahbot@softathome.com>
GitOrigin-RevId: a47f0b104fe7dc06f5efff43703ac3a4eb18e38d
When an unprivileged container is running with an inheritted network
namespace, then the ip addresses of the container are not shown with
'lxc-ls -f'. This patch will let lxc first enter the net namespace
before entering the user namespace, to prevent permission errors.
Issue: LCMFT-425 network config of unprivileged containers is not shown
Issue: PPW-285 - Network config KO in unprivileged mode
GitOrigin-RevId: fe6df59a1019e3f2d436ffa6a6f76b5bbe0c345d
Signed-off-by: Matthias FRANCK <matthias.franck@softathome.com>
Problem: [UPnP-IGD] PCP entries created by UPnP-IGD are not cleared when the UPnP-IGD is disabled
Cause: This behaviour isn't supported
Solution: Add this behaviour support and disable the miniupnp lease file because it causes desynchronisation
between lease file and DM. We don't need two sync files.
Issue: HOP-7253 - [UPnP-IGD] PCP entries created by UPnP-IGD are not cleared when the UPnP-IGD is disabled
GitOrigin-RevId: c84cbf8594ad2e989f07162dff06e6bf9716f088
Issue: HOP-6872 - [tr181-upnp] the port opened by UPnP is not closed after 20 minutes of inactivity
Signed-off-by: sahbot <sahbot@softathome.com>
GitOrigin-RevId: 88a587e02b0e6e02b998e26f3c28a0317efcf485
This backports commit eb6939fdeb from the openwrt packages feed.
Issue: PCF-1315 LXC executables are very big in size and this increases the image size a lot
GitOrigin-RevId: 4c197322e03951fad9c2e75b5958d29c35aea952
If a container is started unprivileged with a shared namespace, then it is not possible to attach to the container with error:
lxc-attach netns 20240513090718.131 ERROR attach - ../src/lxc/attach.c:__attach_namespaces_nsfd:666 - Operation not permitted - Failed to attach to net namespace of 6468 lxc-attach netns 20240513090718.131 ERROR attach - ../src/lxc/attach.c:lxc_attach:1590 - Failed to enter namespaces
This is reproducible on lxc 5.0.2 and master (6.0.0) on linux < 5.8 since from 5.8 __attach_namespaces_pidfd is called which works.
Issue reported to the lxc maintainer: https://github.com/lxc/lxc/issues/4443
Issue: LCMFT-325 lxc attach not working in unprivileged mode
GitOrigin-RevId: 2bbbf2454133db8939e50ab8906014a03529b569
Issue: HOP-6697 - [CDROUTER][UPNP][REGRESSION] IPv6 Pinholes are not effective. traffic not forwarded
GitOrigin-RevId: e9ec54120b3655ab63e4db03284dab484fccda75
This way tr069-manager can depend on libwebsockets4 in feed_tr69. Another libwebsockets4 package is available in feed-prpl. Hence, feed_tr69 can be used in both environments.
GitOrigin-RevId: 3f9147a91e0cd46135365c1b5fcaf446b19992a9
When we converted chrony to chrony-prpl, this line should have been changed as well. Now the chrony-prpl package was building with nts support.
It turns out chrony has some mechanism to detect if gnutls is available in the environment. In this case, when nts support is enabled and when gnutls is available, the package is build with gnutls. If gnutls is not available, the package is simply build without gnutls support.
As a result, the chrony package is sometimes build with gnutls and sometimes without, depending on openwrt compilation order. By disabling nts support, we also disable the gnutls support.
GitOrigin-RevId: 9c78f7bba2342b4cd1ff799de88a4a892ed53f40
Issue: HOP-5606 [CDROUTER][UPNP][IPv6] The box is accepting LeaseTime Update via UpdatePinhole Action [fix]
GitOrigin-RevId: 754c61d2daf2944c24bd6444879701a8336a1f46
The Makefile for miniupnpd-prpl overwrites the UNPACK_CMD to unpack a
subdirectory of the sources to the build directory.
Since autotools is used, OpenWrt provides a set of variables to define
the location of the 'configure' file, but also the path to build the
sources. Therefore, the UNPACK_CMD can be omitted.
GitOrigin-RevId: 7d80648be071214848f61f69ce9e5bf529f3356b
Issue: HOP-4284 Delete NAT.PortMapping entries created by miniupnpd when PCP is enabled [fix]
Issue: HOP-5153 [CDROUTER][UPNP][IPv6] IPv4 forwarding rule cannot be deleted via UPnP [fix]
GitOrigin-RevId: 37fc5a1d05e512b6ebaade39b014183b0208896b
Issue: HOP-2738 Cannot add a IPv4 Portmapping using UPnP over IPv6 for the same host [fix]
Issue: HOP-3136 [UPnP-IGD][PCP] When PCP is enabled UPNP AddPortMapping must be translated to PCP requests [new]
Issue: HOP-3205 [CDROUTER][UPNP][IPv6] It's not possible to add a Pinhole, 501 ActionFailed received instead [new]
Issue: HOP-3901 [tr181-upnp] The UPnP doesn't work when behind a CG-NAT or double NAT network [fix]
Issue: HOP-4116 [UPNP] miniupnpd is crashing when receiving a portmapping that should overwrite an existing rule [fix]
Issue: HOP-4124 Subscription tests fails: No Notify sent and cannot unsubscribe after subscription [fix]
Issue: HOP-4132 Added Portmappings present random forward issues [fix]
GitOrigin-RevId: a3535d3af7ba57647196113edb9df01da1259872
This miniupnpd-amx package replaces the CONFIG_MINIUPNP_TR181-FIREWALL config option. At the same time, the UCI files for miniupnpd are completely removed when compiling the miniupnpd-amx package.
GitOrigin-RevId: fc8a21f2056061c891658d3bd20e165ea7500d26
Change configuration arguments of miniupnpd to add --strict. This change will enable more check such as, for SSDP: ignore M-SEARCH that doesn't have an MX header field and for PMP ensure that new internal address is the same as the used client address.
GitOrigin-RevId: 37d1b38f8228aea478569f7ca058f3470aae1dae
To enable tr181-firewall support in your build, use CONFIG_MINIUPNP_TR181-FIREWALL=y
Issue: HOP-3003 Port miniupnpd to openwrt22
This is a rework of the openwrt19 patch to be compatible with openwrt22
53a59aea78
GitOrigin-RevId: 1c2acc71ecea9c377e6d4a4e1b6cf4df2709c5c4
Support for libevent was enabled to allow proper integration with
ambiorix. Even if theoricaly an other event loop coud be used only
libevent was thouroughly tested.
Upstreaming progress can be tracked in PCF-650
GitOrigin-RevId: 16a088a41ccbcca3ea29c084470480846d7edae3
This package is available as libwebsockets4 on feed-prpl.
* LWS_MAX_SMP option is needed on libwebsocket to allow cwmpd to reuse
the same port when restarted (happens when WAN toggles). 10 is just a
safe value, in case a system as rather long socket timeout configured.
* CMAKE_POSITION_INDEPENDENT_CODE Enabling Position independent code
is just one of our security requirement, especially for code that is
handling external connectivity.
* LWS_WITH_LIBEVENT was enabled to allow proper integration with
ambiorix. Even if theoricaly an other event loop coud be used only
libevent was thouroughly tested
Upstreaming progress can be tracked in PCF-650
GitOrigin-RevId: e2d4a64ef113f66f3f08f053058219c9d95f599d
This is the openwrt23.05 version. This version is needed to be compatible with the opensslv3 upstep.
GitOrigin-RevId: 96bad7cd33bd80921a7453e2d9ab13fec099bdab
