]>
git.ipfire.org Git - people/dweismueller/ipfire-2.x.git/log
Daniel Weismüller [Wed, 21 Dec 2016 14:16:08 +0000 (15:16 +0100)]
captive portal: removed unused logfile from rootfiles
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Michael Tremer [Sun, 4 Sep 2016 08:57:26 +0000 (09:57 +0100)]
captive: Fix bug with multiple license clients
If one active client with a license existed, any other client
authenticating will overwrite the configuration line.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 4 Sep 2016 08:45:53 +0000 (09:45 +0100)]
captive: Do not generally allow access to TCP/1013
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 4 Sep 2016 08:31:46 +0000 (09:31 +0100)]
captive: Only make CGI script executable in document root
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 4 Sep 2016 08:27:29 +0000 (09:27 +0100)]
captive: Reindent apache configuration
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 4 Sep 2016 08:25:41 +0000 (09:25 +0100)]
captive: Log into default apache log files
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Tue, 12 Jul 2016 06:13:04 +0000 (08:13 +0200)]
Captive-portal: Design changes
When choosing voucher as authentication type there is no need to display the license agreement textbox
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Thu, 7 Jul 2016 09:27:40 +0000 (11:27 +0200)]
BUG11141: Redesign of configuration website
To improve the user experience, the configuration part of generating new vouchers has been reworked.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Tue, 5 Jul 2016 09:39:16 +0000 (11:39 +0200)]
BUG11140: Captive logo dimensions
Now the min and max logo dimensions are shown in webinterface.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Wed, 29 Jun 2016 10:47:55 +0000 (12:47 +0200)]
BUG11137: Captive save action messes up the form
When configuring the captiveportal for the first time the form
will be empty after clicking on save button if not all relevant fields are set.
Now the settings are stored even if there is an error.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Wed, 29 Jun 2016 10:36:18 +0000 (12:36 +0200)]
BUG11139: Captive voucher table too wide
Set table to 100% and the remark textfield to 96% (cellwidth)
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 Jun 2016 19:26:00 +0000 (20:26 +0100)]
Improve the wording of the Captive Portal configuration site
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 Jun 2016 14:50:05 +0000 (15:50 +0100)]
Update translations
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 20 Jun 2016 14:49:26 +0000 (15:49 +0100)]
Rootfile update
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Thu, 11 Feb 2016 06:21:29 +0000 (07:21 +0100)]
Captive-Portal: fix fontsize of generated voucher
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Wed, 10 Feb 2016 14:36:49 +0000 (15:36 +0100)]
Captive-Portal: Fix folder permissions
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Wed, 10 Feb 2016 14:05:35 +0000 (15:05 +0100)]
Captive-Portal: fix some typos and missing dir
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Wed, 10 Feb 2016 09:20:52 +0000 (10:20 +0100)]
Captive-Portal: Add logo upload feature
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Wed, 10 Feb 2016 09:09:23 +0000 (10:09 +0100)]
Captive-portal: Add directory for logo upload
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Michael Tremer [Mon, 8 Feb 2016 16:38:34 +0000 (16:38 +0000)]
captivectrl: Add protection against DNS tunnels
Limit the amount of DNS traffic for each client that
has not registered, yet.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 8 Feb 2016 16:37:21 +0000 (16:37 +0000)]
captivectrl: Skip all lines that start with #
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Mon, 8 Feb 2016 09:56:01 +0000 (10:56 +0100)]
Captive-Portal: fix cleanup script
The cleanup-script did not write back the hash after the expired voucher
was delted
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Thu, 4 Feb 2016 12:26:35 +0000 (13:26 +0100)]
Captive-Portal: add Errormessage when wrong code is entered
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Thu, 4 Feb 2016 11:04:47 +0000 (12:04 +0100)]
Captive-Portal: fix wrong expiretime of unused vouchers
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Thu, 4 Feb 2016 11:01:30 +0000 (12:01 +0100)]
Captive-Portal: fix voucher form
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Thu, 4 Feb 2016 07:10:11 +0000 (08:10 +0100)]
Captive-Portal: add logging to syslog
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Thu, 4 Feb 2016 06:30:05 +0000 (07:30 +0100)]
Captive-Portal: SHow always licencebox in config
Also fix index.cgi to show individual title
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Tue, 2 Feb 2016 13:30:13 +0000 (14:30 +0100)]
Captive-Portal: several design changes
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Mon, 1 Feb 2016 15:14:50 +0000 (16:14 +0100)]
Captive-Portal: redesign Webinterface
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Fri, 29 Jan 2016 11:52:27 +0000 (12:52 +0100)]
Captive-Portal: fix some rootfiles
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Fri, 29 Jan 2016 08:17:22 +0000 (09:17 +0100)]
Captive-Portal: add backup-part
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Fri, 29 Jan 2016 08:02:31 +0000 (09:02 +0100)]
Captive-Portal: add captive logdir to apache2 rootfile
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Fri, 29 Jan 2016 07:56:16 +0000 (08:56 +0100)]
Captive-Portal: add files to configroot rootfile
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Fri, 29 Jan 2016 07:52:32 +0000 (08:52 +0100)]
Captive-Portal: Add files for webinterface tio rootfile
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Fri, 29 Jan 2016 07:44:01 +0000 (08:44 +0100)]
Captive-Portal: add vhost config to apache2 rootfile
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Thu, 28 Jan 2016 15:21:51 +0000 (16:21 +0100)]
Captive-Portal: create dir for cative logfiles
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Thu, 28 Jan 2016 15:14:34 +0000 (16:14 +0100)]
Captive-Portal: add captive dirs and files to configroot
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Thu, 28 Jan 2016 15:08:32 +0000 (16:08 +0100)]
Captive-Portal: add captive chains to firewall initscript
When loading the initscript of the firewall the neccessary chains for
the captive portalneed to be created.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Thu, 28 Jan 2016 15:05:53 +0000 (16:05 +0100)]
Captive-Portal: add crontab and cleanup scripts
The cleanup script is called every hour and deletes expired clients from
the clients file.
every night the captivectrl warpper runs once to flush the chains and
reload rules for active clients
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Alexander Marx [Thu, 28 Jan 2016 10:18:59 +0000 (11:18 +0100)]
Captive-Portal: add web-part
Introduce new Captive-Portal.
Here we add the menu, apache configuration (vhost), IPFire configuration
website and Captive-Portal Access site. Also the languagefiles are
updated.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Michael Tremer [Thu, 4 Feb 2016 14:34:11 +0000 (14:34 +0000)]
captivectrl: Move sure that the settings are always initialised
This just removes a compiler warning.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 4 Feb 2016 14:29:57 +0000 (14:29 +0000)]
wirelessctrl: Disable MAC filter on blue if captive portal is enabled
Fixes #11038
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 31 Jan 2016 21:38:26 +0000 (21:38 +0000)]
captivectrl: Add missing space character
The iptables argument list was botched. Oops. Sorry.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Jan 2016 14:46:55 +0000 (14:46 +0000)]
captivectrl: Support unlimited leases
When the expiry time equals zero, the lease will have
no time constraints. The IP address will also be removed
as it might probably change.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Jan 2016 14:30:13 +0000 (14:30 +0000)]
captivectrl: Allow empty IP addresses
Probably required for very long leases
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 30 Jan 2016 13:55:44 +0000 (13:55 +0000)]
captivectrl: Change format of clients configuration
We store the start of the lease now and the time in
seconds after the lease expires
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 28 Jan 2016 13:24:07 +0000 (14:24 +0100)]
Captive Portal: add c-wrapper captivectrl
This wrapper reads the captive settings and clients and sets the
firewall access rules. It is called every time the config changed or
everytime that a client changes. Also this wrapper is later called once
hourly to flush the chains and rebuild rules for actual clients.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Michael Tremer [Wed, 14 Dec 2016 12:51:46 +0000 (12:51 +0000)]
unbound: EDNS buffer size defaults to 4096
If this is changed, a warning will be shown.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 14 Dec 2016 12:45:07 +0000 (12:45 +0000)]
unbound: Test for working EDNS buffer size and adjust accordingly
Some networks have equipment that fails to forward DNS queries
with EDNS and the DO bit set. They might even lose the replies.
This patch will adjust unbound so that it will not try to receive
too large replies and falls back to TCP earlier. This creates
some higher load on the DNS servers but at least gives us
working DNS.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Tue, 13 Dec 2016 22:29:21 +0000 (23:29 +0100)]
finish core108
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 10 Dec 2016 17:44:03 +0000 (18:44 +0100)]
squid 3.5.22: latest patches (14119-14122)
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 11 Dec 2016 00:22:51 +0000 (01:22 +0100)]
nano: Update to 2.7.1
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 6 Dec 2016 14:20:16 +0000 (14:20 +0000)]
core108: Ship updated squid
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Fri, 2 Dec 2016 22:22:22 +0000 (23:22 +0100)]
squid 3.5.22: latest patches (14114-14118)
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Wed, 30 Nov 2016 17:50:05 +0000 (18:50 +0100)]
squid 3.5.22: latest patches (14103-14113)
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Fri, 28 Oct 2016 07:49:32 +0000 (09:49 +0200)]
squid 3.5.22: latest patches (14100-14102)
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Fri, 21 Oct 2016 18:30:29 +0000 (20:30 +0200)]
squid 3.5.22: latest patch (14099)
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 6 Dec 2016 14:17:05 +0000 (14:17 +0000)]
core108: Ship updated NTP
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Thu, 1 Dec 2016 17:32:31 +0000 (18:32 +0100)]
ntp: Update to 4.2.8p9
"It addresses 1 high-, 2 medium-, 2 medium-/low-, and 5 low-severity
security issues, 28 bugfixes, and contains other improvements over 4.2.8p8."
For a complete list, see:
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 3 Dec 2016 13:30:02 +0000 (13:30 +0000)]
tor: Update to 0.2.8.10
Brings various major bugfixes and privacy enhancements
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 1 Dec 2016 17:13:07 +0000 (17:13 +0000)]
unbound: Fix DNS forwarder test
The previous version aborted when the validation test
suceeded, but this is not always sufficient in case a
provider filters any DNSKEY, DS or RRSIG records.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 29 Nov 2016 12:26:34 +0000 (12:26 +0000)]
unbound: Do not try removing forwarders when unbound is not running
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 29 Nov 2016 12:18:41 +0000 (12:18 +0000)]
Always enable asynchronous logging
This patch always enables asynchronous logging which slows
down the system a lot on slow storage and some virtual environments.
It also removes the configuration options in the web
user interface, since this is not configurable any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 28 Nov 2016 21:51:13 +0000 (21:51 +0000)]
core108: Ship updated ddns
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Stefan Schantl [Fri, 28 Oct 2016 13:48:22 +0000 (15:48 +0200)]
ddns: Import patches for schokokeks.org support.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 28 Nov 2016 21:48:21 +0000 (21:48 +0000)]
Start Core Update 108
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 28 Nov 2016 21:38:29 +0000 (21:38 +0000)]
strongswan: Update to 5.5.1
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 25 Nov 2016 17:45:39 +0000 (17:45 +0000)]
unbound: Deactivate qname-minimization & harden-below-nxdomain
This causes trouble when you try to resolve a record like
a.b.blah.com where b.blah.com responds with NXDOMAIN. unbound
won't try to resolve a.b.blah.com because it is assumed that
everything longer than b.blah.com does not exist which is
probably not good usability.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Alexander Marx [Mon, 31 Oct 2016 11:19:15 +0000 (12:19 +0100)]
BUG11242: Fix for adding 2 VPN Hosts/network with same name
If one has an IPSec network named "aaa" and an OpenVPn Host with the same name
it was not possible to group them together because of the same name.
Now the Network type is also checked wich allows Entries with same name, but different networks.
Fixes: #11242
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Fri, 4 Nov 2016 20:12:25 +0000 (21:12 +0100)]
Merge remote-tracking branch 'origin/master' into next
Arne Fitzenreiter [Fri, 4 Nov 2016 19:52:00 +0000 (20:52 +0100)]
Merge remote-tracking branch 'origin/core107'
Arne Fitzenreiter [Fri, 4 Nov 2016 18:31:07 +0000 (19:31 +0100)]
ntp: init with hardcoded ip if dns not work
DNSSec need the correct time to validate the zones so we need
a workaround to init the time without dns.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Fri, 4 Nov 2016 18:23:25 +0000 (18:23 +0000)]
unbound: Send out replies from where they came in
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Nov 2016 17:46:24 +0000 (17:46 +0000)]
core107: Restart unbound to activate configuration changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Nov 2016 17:43:05 +0000 (17:43 +0000)]
unbound: Allow list of INSECURE_ZONES being set in sysconfig
A list of DNS zones can be given for which DNSSEC validation
will be disabled.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Nov 2016 17:00:24 +0000 (17:00 +0000)]
unbound: Allow recursion from everywhere
Users use the IPFire DNS service from VPNs and other
routed networks.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Thu, 3 Nov 2016 05:51:49 +0000 (06:51 +0100)]
guardian: add path to update-lang-cache
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Wed, 2 Nov 2016 19:26:58 +0000 (20:26 +0100)]
guardian: add languange cache regeneration at (un)install
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Wed, 2 Nov 2016 15:42:40 +0000 (15:42 +0000)]
unbound: Fix for DNS forwarding of .local zones
These are traditionally used for Windows domains and should not
be used for that. However if they are used like this, DNSSEC
validation cannot be used.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 2 Nov 2016 15:42:40 +0000 (15:42 +0000)]
unbound: Fix for DNS forwarding of .local zones
These are traditionally used for Windows domains and should not
be used for that. However if they are used like this, DNSSEC
validation cannot be used.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Mon, 31 Oct 2016 20:31:09 +0000 (21:31 +0100)]
set pakfire version to 107
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Thu, 27 Oct 2016 19:06:16 +0000 (21:06 +0200)]
start core107 updater
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Matthias Fischer [Sat, 22 Oct 2016 22:17:38 +0000 (00:17 +0200)]
log.dat: cosmetical upgrade
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Matthias Fischer [Sun, 23 Oct 2016 14:09:19 +0000 (16:09 +0200)]
hdparm: Update to 9.50
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Sat, 22 Oct 2016 18:20:22 +0000 (20:20 +0200)]
kernel: fix CVE-2016-5159 (Dirty COW)
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 22 Oct 2016 14:36:04 +0000 (16:36 +0200)]
kernel: add support aes-ni support for aes-192 and 256
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Arne Fitzenreiter [Sat, 22 Oct 2016 08:33:46 +0000 (10:33 +0200)]
Merge branch 'master' into next
Arne Fitzenreiter [Sat, 15 Oct 2016 21:52:07 +0000 (23:52 +0200)]
core106: set version to 106
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Michael Tremer [Sat, 15 Oct 2016 21:38:01 +0000 (22:38 +0100)]
Revert "setup: Store passwords in SHA format"
This reverts commit
eef9b2529c3cab522dac4f4bcfa1a0075376514e .
It appears that htpasswd is not salting any passwords that are
stored with the SHA (-s) algorithm. MD5 passwords however are
salted.
That leads us to the conclusion that the "MD5 algorithm" in htpasswd
is more secure than the "SHA algorithm" although the hash function
itself should be stronger.
With a rainbow table, cracking "SHA" is easily done.
A rainbow table for "MD5" + salt would be way too large to be
efficiently stored.
Hence this commit is reverted to old behaviour to avoid the clear
failure of design in SHA.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Michael Tremer [Sat, 15 Oct 2016 21:32:21 +0000 (22:32 +0100)]
unbound: Omit reverse PTRs if address equals GREEN
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Oct 2016 21:32:05 +0000 (22:32 +0100)]
unbound-dhcp-bridge: Make leases unique by IP address
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Oct 2016 17:17:44 +0000 (19:17 +0200)]
unbound-dhcp-bridge: Only update cache when lease was added/removed
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Oct 2016 17:08:22 +0000 (19:08 +0200)]
unbound-dhcp-bridge: Rewrite update algorithm
Before the bridge tries reading any existing leases from unbound
but this makes it difficult to destinguish between what is a DHCP lease,
static host entry or anything else.
This patch will change the bridge back to just remember what has been
added to the cache already which makes it easier to keep track.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Oct 2016 17:06:27 +0000 (19:06 +0200)]
unbound-dhcp-bridge: Skip processing leases with empty hostname
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Oct 2016 15:03:31 +0000 (17:03 +0200)]
unbound-dhcp-bridge: Reading in static hosts
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Arne Fitzenreiter [Thu, 13 Oct 2016 15:21:28 +0000 (17:21 +0200)]
unbound/dhcp: stop lease bridge if dhcp was needed to killed
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Oct 2016 21:32:21 +0000 (22:32 +0100)]
unbound: Omit reverse PTRs if address equals GREEN
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Oct 2016 21:32:05 +0000 (22:32 +0100)]
unbound-dhcp-bridge: Make leases unique by IP address
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Oct 2016 17:17:44 +0000 (19:17 +0200)]
unbound-dhcp-bridge: Only update cache when lease was added/removed
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 15 Oct 2016 17:08:22 +0000 (19:08 +0200)]
unbound-dhcp-bridge: Rewrite update algorithm
Before the bridge tries reading any existing leases from unbound
but this makes it difficult to destinguish between what is a DHCP lease,
static host entry or anything else.
This patch will change the bridge back to just remember what has been
added to the cache already which makes it easier to keep track.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>