Release 8.11.2719 / 版本发布 8.11.2719

Release 8.11.2719

This release includes significant improvements and bug fixes since version 7.10.2082.

🚀 Major Features

Portal Authentication Enhancements

• Add portal authentication configuration and checks in API handlers and firewall operations
• Skip firewall checks and domain parsing when portal authentication is disabled
• Implement direct firewall reload mechanism with proper locking and error handling
• Add portal authentication check before updating counters

WebSocket & Real-time Communication

• Enhance auth server status detection via WebSocket connection
• Add WebSocket client information query interface
• Improve WebSocket key generation and message processing with enhanced validation
• Enhance WebSocket message processing and heartbeat management

DNS Monitoring & xDPI

• Implement DNS statistics export functionality for aw-bpfctl integration
• Add program array map for tail calls and refactor DNS egress handler
• Enhance domain entry structure with access count and timestamps for improved tracking
• Relax DNS header validation and enhance logging for better debugging
• Add domain whitelist settings in firewall initialization
• Improve DNS event handling with enhanced input validation and size checks
• Implement loading of predefined L7 protocols

System Information & Monitoring

• Enhance status reporting with detailed system, network, and firewall information
• Add system information retrieval handler for WebSocket requests
• Add CPU temperature retrieval and integrate into system info
• Add JSON status endpoints for client, auth, and wifidogx
• Add online time calculation to status text output

WiFi Configuration

• Complete WiFi configuration interface with full OpenWrt wireless and mesh configuration support
• Update WiFi configuration interface documentation based on latest implementation
• Limit available_networks to return only proto=static network interfaces
• Remove network interface IP configuration functionality, keep only interface list retrieval
• Remove mesh_fwding and mesh_rssi_threshold fields

Documentation & GitHub Pages

• Add initial HTML structure and CSS styles for the ApFree WiFiDog portal
• Add new documentation files and translate to Chinese
• Create xDPI overview and quick start guide in Chinese
• Update README files to include links to English and Chinese versions
• Add Chinese version of README with project overview and contribution guidelines
• Optimize contact section UI

🐛 Bug Fixes

Kernel Compatibility

• Update device class creation for kernel 6.6+ compatibility
• Update proc_ops to file_operations for compatibility
• Replace _IOW/_IOR macros with simple integer constants for IOCTL commands to enhance kernel module compatibility

Memory & Safety

• Allocate memory for domain list in xdpi_proc_ioctl to prevent stack overflow
• Enhance DNS question and answer parsing to prevent unaligned access issues
• Fix DNS egress processing SEC marking to ensure correct packet handling

IOCTL Operations

• Update ioctl operations to use character device instead of proc file
• Enhance permissions for ioctl operations
• Include ioctl.h for proper IOCTL command definitions
• Improve code structure in xdpi_proc_ioctl for better readability and maintainability

Client Management

• Improve client disconnection handling and status response logging
• Fix wifidog_uptime being 0 issue in get_sys_info
• Initialize first_login to current time if not set
• Use int64 for client counters in JSON object creation
• Update client info when get client info
• Improve command parameter handling and status reporting in wdctl_cmd_process

Authentication & Firewall

• Skip HTTPS and HTTP services if portal authentication is disabled, with appropriate logging
• Skip applying auth server firewall rule during local auth
• Add null check for auth_server->ips_auth_server in firewall functions
• Enhance firewall rule checking with debouncing and failure tracking

URL Handling

• Update wd_get_orig_url to accept is_ssl parameter for scheme determination
• Improve URL reconstruction logic in wd_get_orig_url function
• Fix URI joining check in wd_get_orig_url function

Error Handling & Logging

• Enhance error logging for domain synchronization and addition in xDPI kernel module
• Improve JSON request handling and update auth server configuration logic
• Change logging level to DEBUG for top domains reporting
• Reduce unnecessary logs in dns_monitor
• Remove redundant checks for zero rates in SID statistics printing and JSON parsing

♻️ Refactoring & Code Quality

Architecture Improvements

• Remove enable_dhcp_cpi configuration and DHCP-related functionality
• Remove enable_dns_forward configuration and DNS forwarding functionality
• Remove SSH client implementation files
• Remove proc file operations and related code from xdpi-bpf.c
• Remove unused xDPI constants and structures from dns_monitor.c

Code Organization

• Enhance thread termination and signal handling with improved error checks
• Improve UCI configuration handling with input validation and error checks
• Enhance documentation in safe.c/h for memory management functions
• Add SPDX license identifiers and copyright notices to multiple source files
• Remove redundant _GNU_SOURCE definitions from multiple source files
• Update debug.h for improved documentation and use of pragma once
• Improve documentation in http.h and reorganize callback function declarations

WebSocket Thread

• Refactor ws_thread with improved structure
• Enhance handle_kickoff_response, handle_auth_response, handle_tmp_pass_response functions
• Improve ws_read_cb documentation and input handling
• Enhance create_ws_bufferevent documentation and code readability
• Simplify input buffer reading logic and improve overflow handling in ws_read_cb

Authentication System

• Enhance process_auth_server_roam with improved documentation and error handling
• Improve process_auth_server_login_v2 function with enhanced error handling
• Enhance get_auth_counter_v2_uri function with improved documentation
• Enhance parse_auth_server_response and process_auth_server_logout functions
• Streamline error handling in authentication functions and enhance documentation
• Reorganize and clarify request and response definitions in centralserver.h

General Refactoring

• Rename ssl_redir to tls_thread and update related references
• Update CMake configuration for improved structure and clarity
• Simplify ECDH setup in ssl_redirect_loop function
• Add cleanup function for firewall destruction before exit
• Optimize substring replacement logic in HTTP processing
• Update domain management to use ioctl for loading domains and improve domain entry handling
• Add function to set inner domains as trusted and enable GNU extensions in safe.c

Build & CI/CD

• Add libmosquitto-dev installation to build-on-ubuntu.yml workflow
• Rename linux.yml to build-on-ubuntu.yml and enhance workflow with firewall version input

📊 Statistics

• Total Commits: 638
• Version Range: 7.10.2082 → 8.11.2719
• Intermediate Versions: 8.10.2701, 8.09.2681

🙏 Contributors

Thanks to all contributors who made this release possible!

---

For complete commit history, see: 7.10.2082...8.11.2719

---

版本发布 8.11.2719

此版本包含自 7.10.2082 版本以来的重大改进和错误修复。

🚀 主要功能

Portal 认证增强

• 在 API 处理器和防火墙操作中添加 portal 认证配置和检查
• 当 portal 认证禁用时跳过防火墙检查和域名解析
• 实现直接防火墙重载机制，具有适当的锁定和错误处理
• 在更新计数器之前添加 portal 认证检查

WebSocket 和实时通信

• 通过 WebSocket 连接增强认证服务器状态检测
• 添加 WebSocket 客户端信息查询接口
• 改进 WebSocket 密钥生成和消息处理，增强验证
• 增强 WebSocket 消息处理和心跳管理

DNS 监控和 xDPI

• 实现 DNS 统计导出功能，用于 aw-bpfctl 集成
• 添加程序数组映射用于尾调用，并重构 DNS 出口处理器
• 增强域名条目结构，添加访问计数和时间戳以改进跟踪
• 放宽 DNS 头验证并增强日志记录以便更好地调试
• 在防火墙初始化中添加域名白名单设置
• 改进 DNS 事件处理，增强输入验证和大小检查
• 实现预定义 L7 协议的加载

系统信息和监控

• 增强状态报告，提供详细的系统、网络和防火墙信息
• 为 WebSocket 请求添加系统信息检索处理器
• 添加 CPU 温度检索并集成到系统信息中
• 为客户端、认证和 wifidogx 添加 JSON 状态端点
• 在状态文本输出中添加在线时间计算

WiFi 配置

• 完善 WiFi 配置接口，支持完整的 OpenWrt 无线和 mesh 配置
• 根据最新实现更新 WiFi 配置接口文档
• 限制 available_networks 只返回 proto=static 的网络接口
• 移除网络接口 IP 配置功能，只保留接口列表获取
• 移除 mesh_fwding 和 mesh_rssi_threshold 字段

文档和 GitHub 页面

• 为 ApFree WiFiDog portal 添加初始 HTML 结构和 CSS 样式
• 添加新文档文件并翻译成中文
• 创建中文版 xDPI 概述和快速入门指南
• 更新 README 文件，包含英文和中文版本链接
• 添加中文版 README，包含项目概述和贡献指南
• 优化联系部分 UI

🐛 错误修复

内核兼容性

• 更新设备类创建以兼容 kernel 6.6+
• 将 proc_ops 更新为 file_operations 以提高兼容性
• 将 _IOW/_IOR 宏替换为简单整数常量以增强内核模块兼容性

内存和安全性

• 在 xdpi_proc_ioctl 中为域名列表分配内存以防止栈溢出
• 增强 DNS 问题和应答解析以防止未对齐访问问题
• 修正 DNS egress 处理程序的 SEC 标记，确保正确处理数据包

IOCTL 操作

• 更新 ioctl 操作以使用字符设备而不是 proc 文件
• 增强 ioctl 操作的权限
• 包含 ioctl.h 以获取正确的 IOCTL 命令定义
• 改进 xdpi_proc_ioctl 中的代码结构以提高可读性和可维护性

客户端管理

• 改进客户端断开连接处理和状态响应日志记录
• 修复 get_sys_info 中 wifidog_uptime 为 0 的问题
• 如果未设置，则将 first_login 初始化为当前时间
• 在 JSON 对象创建中使用 int64 作为客户端计数器
• 获取客户端信息时更新客户端信息
• 改进 wdctl_cmd_process 中的命令参数处理和状态报告

认证和防火墙

• 如果 portal 认证被禁用，则跳过 HTTPS 和 HTTP 服务，并进行适当的日志记录
• 在本地认证期间跳过应用认证服务器防火墙规则
• 在防火墙函数中为 auth_server->ips_auth_server 添加空检查
• 通过防抖和失败跟踪增强防火墙规则检查

URL 处理

• 更新 wd_get_orig_url 以接受 is_ssl 参数进行 scheme 确定
• 改进 wd_get_orig_url 函数中的 URL 重建逻辑
• 修复 wd_get_orig_url 函数中的 URI 连接检查

错误处理和日志记录

• 增强 xDPI 内核模块中域名同步和添加的错误日志记录
• 改进 JSON 请求处理并更新认证服务器配置逻辑
• 将顶级域名报告的日志级别更改为 DEBUG
• 减少 dns_monitor 中的不必要日志
• 移除 SID 统计打印和 JSON 解析中对零速率的冗余检查

♻️ 重构和代码质量

架构改进

• 移除 enable_dhcp_cpi 配置和 DHCP 相关功能
• 移除 enable_dns_forward 配置和 DNS 转发功能
• 移除 SSH 客户端实现文件
• 从 xdpi-bpf.c 中移除 proc 文件操作和相关代码
• 从 dns_monitor.c 中移除未使用的 xDPI 常量和结构

代码组织

• 通过改进的错误检查增强线程终止和信号处理
• 通过输入验证和错误检查改进 UCI 配置处理
• 增强 safe.c/h 中内存管理函数的文档
• 向多个源文件添加 SPDX 许可证标识符和版权声明
• 从多个源文件中删除冗余的 _GNU_SOURCE 定义
• 更新 debug.h 以改进文档并使用 pragma once
• 改进 http.h 中的文档并重新组织回调函数声明

WebSocket 线程

• 重构 ws_thread，改进结构
• 增强 handle_kickoff_response、handle_auth_response、handle_tmp_pass_response 函数
• 改进 ws_read_cb 文档和输入处理
• 增强 create_ws_bufferevent 文档和代码可读性
• 简化 ws_read_cb 中的输入缓冲区读取逻辑并改进溢出处理

认证系统

...

7.10.2082

apfree wifidog 7.10.2082 Release Notes

---

中文版本发布说明：

7.10.2082 版本更新内容：

1. 修复通过认证的用户信息不上报的bug

2. 增加本地无认证服务器认证功能：

   • 用户可手动配置本地portal展示页面
   • 添加用户本地放行接口
   • 优化无认证服务器下的ping、auth及websocket接口流程

3. websocket接口增加踢认证用户下线功能：

   • 用户无需等待1分钟即可踢下线

4. 优化logout、login及login2接口

5. 本地HTTP和HTTPS服务的优化：

   • 增加IPv6的支持
   • 修复https拦截认证的bug

6. 修复认证服务器在CDN环境下的bug：

   • CDN环境下IP频繁变动导致白名单失效的问题已解决

7. 修复IPv6环境下认证失效的bug

8. 修改网关无法获取IPv6地址时退出的问题

9. websocket功能优化：

   • 添加websocket单独配置功能，支持与认证服务器分开部署
   • 优化websocket连接服务器端的容错处理
   • 修复websocket连接服务器端退出的问题

10. 重构fw3和fw4的代码处理，停止对fw3的支持

11. 启动时清理现有会话，用户下线时删除用户会话

12. 修复并完善防火墙规则：

    • 防止非80和443端口服务在无认证状态下访问网络
    • 确保网关设备可以无认证访问网络

13. 添加防火墙规则重启功能，并保留已认证用户及其流量统计信息

14. 修复其它已知问题

版本视频说明

---

English Version Release Notes:

What’s New in Version 7.10.2082:

1. Fixed the bug where authenticated user information was not reported

2. Added local authentication feature without a remote authentication server:

   • Users can manually configure a local portal display page
   • Added a local user bypass interface
   • Optimized ping, auth, and websocket flows for environments without an authentication server

3. WebSocket interface now supports kicking authenticated users offline instantly:

   • No need to wait for 1 minute to disconnect users

4. Optimized the logout, login, and login2 interfaces

5. Improvements to local HTTP & HTTPS services:

   • Added support for IPv6
   • Fixed bugs related to HTTPS interception for authentication

6. Fixed bugs with authentication servers in CDN environments:

   • Resolved issues where dynamic IP changes in CDN setups caused whitelist failures

7. Fixed authentication failures in IPv6 environments

8. Resolved issues where gateways would exit when IPv6 addresses could not be obtained

9. WebSocket optimizations:

   • Added a standalone WebSocket configuration, allowing it to be deployed separately from the authentication server
   • Improved fault tolerance when connecting to the WebSocket server
   • Fixed disconnection issues with the WebSocket server

10. Refactored code handling for fw3 and fw4; discontinued support for fw3

11. Cleared all active sessions at startup and removed user sessions upon disconnection

12. Enhanced firewall rules:

    • Prevent unauthorized access to non-80/443 ports
    • Ensure gateway devices can access the network without authentication

13. Added firewall rule restart functionality, while preserving authenticated users and their traffic statistics

14. Fixed other known bugs

version 7.08.2035 release

7.08.2355版本更新内容：

1. 修复内存泄露问题：修复了在HTTPS跳转过程中未释放URL内存的漏洞。

2. 多网关认证支持：

   • 引入device_id作为设备唯一标识。
   • 新增gateway_setting对象，每个对象可指定不同的认证模式，并通过gateway_id标识。
   • 每个gateway_setting对象都有对应的通道（channel），支持不同的认证方式。
   • auth counter_v2接口扩展，支持多网关认证。
   • ping接口扩展，支持多网关认证。

3. 跳转URL生成逻辑修正：根据HTTP或HTTPS协议动态设置gw_port，以确保服务匹配。

4. IPv6支持：增强防火墙规则，并全面支持IPv6地址。

5. WebSocket模块更新及修复：

   • 扩展心跳接口，增加所有网关信息的上报功能。
   • 新增心跳回包处理机制，用于判断和调整网关的认证模式。
   • 扩展connect接口，获取并初始化网关认证模式。
   • 修复了当认证服务器离线时，WebSocket线程可能导致进程崩溃的Bug。

6. 支持WSS协议。

7. 优化QUIC协议处理。

8. 修复TLS连接问题：增强对认证服务器HTTPS连接的支持。

9. Popular Server添加：增加对Google域名的支持。

10. ping接口扩展：更新ping接口以支持多网关认证功能。

---

Version 7.08.2355 Update Content:

1. Memory Leak Fix: Resolved an issue where URL memory was not released during HTTPS redirection.

2. Multi-Gateway Authentication Support:

   • Introduced device_id as a unique identifier for each device.
   • Added gateway_setting objects, where each object can specify a different authentication mode, identified by gateway_id.
   • Each gateway_setting object has a corresponding channel, supporting different authentication methods.
   • Extended the auth counter_v2 interface to support multi-gateway authentication.
   • Extended the ping interface to support multi-gateway authentication.

3. Redirection URL Logic Fix: Dynamically set gw_port based on HTTP or HTTPS protocols to ensure service compatibility.

4. IPv6 Support: Enhanced firewall rules and added full support for IPv6 addresses.

5. WebSocket Module Updates and Fixes:

   • Expanded the heartbeat interface to include reporting of all gateway information.
   • Added a mechanism to handle heartbeat response packets to assess and adjust gateway authentication modes.
   • Extended the connect interface to retrieve and initialize gateway authentication modes.
   • Fixed an issue where the WebSocket thread could cause a process crash when the authentication server was offline.

6. WSS Protocol Support.

7. QUIC Protocol Optimization.

8. TLS Connection Fix: Improved support for HTTPS connections to the authentication server.

9. Popular Server Addition: Added support for Google domains.

10. Ping Interface Extension: Updated the ping interface to support multi-gateway authentication.

7.07.2018 release

Apfree-Wifidog 7.07.2018 Release Notes

English:

1. Optimized the handling of a lock.
2. Modified the DNS server for domain name resolution to the local DNS server.
3. Fixed a bug where HTTP/3 was not intercepted.
4. Fixed a crash issue when the authentication server was offline.
5. Changed the default temporary pass-through time from 5 minutes to 1 minute.

---

Chinese (中文):

1. 优化了一处锁的处理。
2. 修改域名解析DNS服务器为本地DNS服务器。
3. 修复了HTTP/3未被拦截的bug。
4. 修复了认证服务器不在线情况下崩溃的问题。
5. 将默认临时放行时间由5分钟调整为1分钟。

7.06.2008 release

Release Note

English

1. Added support for wildcard domain whitelisting through the DNS proxy forwarding method.
2. Introduced a flag to enable or disable WebSocket support.
3. Introduced a flag to enable or disable DNS proxy support.
4. Refactored the wdctlx command for improved functionality.
5. Fixed various bugs to enhance system stability.

中文

1. 通过DNS转发代理的方式添加了通配符域名白名单功能。
2. 添加了一个标志来打开或关闭WebSocket支持。
3. 添加了一个标志来打开或关闭DNS代理支持。
4. 重构了wdctlx命令以改进功能。
5. 修复了一些漏洞以增强系统稳定性。

v7.02.1977 release

Features:

1. Added a temporary internet access interface for clients.
2. Added the ability to specify trusted domains, IPs, and MAC addresses.
3. Added display of apfree-wifidog and firmware version in ping request.
4. Added websocket client thread for improved communication.
5. Added support for allowing clients access from the authentication server side through websocket.
6. Added support for temporary internet access from the authentication server side through websocket.

Fixed:

1. Resolved the COPS problem.
2. Implemented automatic reconnection when websocket disconnects.
3. Fixed the bug in nft set set_wifidogx_bypass_clients.

---

功能:

1. 为客户端添加临时访问互联网接口。
2. 添加信任的域名、IP和MAC地址。
3. 在ping协议中添加了apfree-wifidog和固件版本。
4. 添加websocket客户端线程以改善通信。
5. 支持通过websocket从认证服务器端允许客户端上网功能。
6. 支持通过websocket从认证服务器端临时访问互联网。

修复:

1. 解决了COPS问题。
2. 当websocket断开连接时，重新连接。
3. 修复了nft set set_wifidogx_bypass_clients中的错误。

6.08.1950

fix some memory leak bug

6.02.1939 release

openwrt fw4 support

apfree-wifidog version 4.08.1771 release

1. add COUNTER_V2 interface document
2. fix compiliation with lower openssl version
3. fix roam feature bug: device roam function invalid
4. fix compilation with GCC10

apfree-wifidog version 3.10.1696 release

replace libhttpd with libevent library