…removed cloudcheck

Latest GPL merge should now be able to fully work with the original,
public RSAv1 key.

When using netlink, the route_net_gateway ENV var may
end up containing the default gateway of another tunnel instead
of the real default gateway from the main table, breaking things
when multiple clients are running.  The issue isn't unique to
2.6.xx and was reproduced on 4.1.52 as well.

…nown status report

fcctl on these older HND models do not report the state of runner.  Look for the
presence of the pktrunner module instead on these two models.

Also encode HTML entities for <unknown> reports to avoid being parsed
as HTML tags.

…AX58U

… by the user

…00 from GPL tarballs

… image

…, remove option to select sfq as a qsched

There are no reason for anyone to want to use sfq instead of fq_codel.

github: provide issue templates

Required as the router has multiple interfaces and we don't
bind to a specific one.

Seems to resolve various issues, like failing firmware upgrades
and general throughput issues when using the Trend Micro engine.

We need to make some changes to it, and so far both the source file
and the prebuilt are available... for now.

…erver

This allows wsdd2 to still be able to handle multicasts when WAN
interface is down (otherwise it results in "Network is unreachable")

Need to ensure that this fix still works in a scenario where one
might not be requesting a specific interface to bind to at run time.
Maybe only bind multicasts if "-i" was actually specified at run time?

… address"

While this fixes issues when WAN is down, other scenarios no longer work.
Will require more in depth analysis.

This reverts commit 2585ca7.

Temporary workaround for the issue where wsdd2 won't work properly
if started before WAN.  This causes wsdd2 to get restarted when
WAN comes up.

Resolves a few issues such as non-working 160 MHz support for
RT-AC88U SKUs that support it, or missing Instant Guard on some
models.

split() resulting in an empty string will still have a length
of 1 since it's an array with one element of an empty string.

This fixes 6in4 tunnel prefixes that will end with "::"

Asus querying the OUI database stored on their own server would fail when
accessing the webui over https (due to their database being
only reachable over http).  Keep a local copy on the router instead.

Remove the old OUI db implementation (which was JS-based), switching
to the new JSON db.

Allow querying MACs that do not belong to a networkmap client (so
querying site survey MACs is possible).

…functional JFFS

- Move nvram-to-JFFS migration to format.c.

- If JFFS is unaccessible, then create keys in
  /etc/dropbear/ as fallback so SSH can still be
  used even with a non-working JFFS partition.

…-AX86U (fixes #690)

Otherwise, mtd_erase() will return an error as it will abort
at the first bad block encountered on erase.

Seems to be working properly unlike the RT-AC86U which still
floods the kernel log with MDIO errors (could be related to the
BCM SDK version)

Since we no longer allow users to enable/disable the jffs2 partition
there is no point in using a different variable.  The name change is
old legacy code from back when we used to make it user configurable.

This gives more time to the kernel entropy pool to be
properly seeded, otherwise dropbearkey could get forever
stuck at boot time when the user just migrated from stock
firmware and dropbear attempts to create the ed25519 host key
during boot, or if the user just erased his JFFS partition.

Ideally, the new jitter entropy source would need to be backported
from newer kernels, as an alternative to the current interrupt-based
entropy source.

Another option would be to have dropbear fallback to urandom if
getrandom() can't get enough entropy.

Routers are often starved for entropy, leading to delays at boot
time (when services like cfg_mnt try to generate a key/cert, or
when dropbear attempts to generate missing keys).  This daemon
uses timer jitter to fill up the entropy pool very early at boot
time (where there aren't enough interrupts for the kernel to
properly seed the pool on itself).  This will prevent boot
time delays as services await for more entropy to be available,
or even potential deadlocks.  It will also generally improve
entropy, which improves crypto security in general.

Unfortunately the daemon doesn't help on older kernel/platforms,
so this is only enabled for HND models at this time.

Replace timeout to fix delay/sync of clock

Asus's Protect Service daemon already takes care of blacklisting IPs
that generate too many authentication failures on the SSH service.

www: Use interval for clock & boot time

Bug for some time zones where time_zone_dstoff would not be appended to /etc/TZ.

…d023325262429ce3c

Upload classes 1:10 through 1:40 are missing on the upload WAN interface. This commit reverts to the specific code block from 386.1beta4.

rc: fix bad merge in qos.c from GPL_41700

Cake support is implemented as new qos_type of 9 (high
number was used to avoid conflicts in case Asus add more
qos types in the future).  A couple of notes:

- Only supported by kernel 4.1.xx (that's HND models at this time)
- Not compatible with flow cache/runner/archer acceleration,
  so currently not suitable for connections above ~350 Mbps
- In line with the original Cake design philosophy, only a limited
  number of configurable settings are exposed to the user
- If user sets bandwidth to Automatic (or 0) on webui, then set
  bandwidth to unlimited.  ingress-autorate was tested, and
  show to provide very poor performance, so it wasn't implemented
- A diffserv3 setup is used for upstream (so users of ATA/VoIP
  phones with diffserv support can benefit from it), and
  besteffort on downstream
- overhead (including mpu, atm and ptm settings) are supported
  at the webui level
- nat mode is enabled if the router handles NAT

…Merl#710)

* iproute2-4.3: fix display of negative deficit values

* iproute2-4.3: fix display of negative drop_next values

…1.0; disable building unused components

This will make it easier for users to replace the default cake setup
script with their own, and still be able to reuse the settings
generated by the router such as up/downstream bandwidth.

42095 GPLs have different platform.mak, unify them together so it can
handle all HND SDKs.

…m/ptm value

…globally enabled in config_base

Fixes ip being unable to recognize table names