diff options
Diffstat (limited to 'package/network/utils')
75 files changed, 2078 insertions, 1586 deletions
diff --git a/package/network/utils/arptables/Makefile b/package/network/utils/arptables/Makefile index d1168ae68f0..7f32ed13954 100644 --- a/package/network/utils/arptables/Makefile +++ b/package/network/utils/arptables/Makefile @@ -1,40 +1,42 @@ -# Copyright (C) 2006-2016 OpenWrt.org +# SPDX-License-Identifier: GPL-2.0-only # -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. +# Copyright (C) 2006-2016 OpenWrt.org # include $(TOPDIR)/rules.mk PKG_NAME:=arptables +PKG_VERSION:=0.0.5 PKG_RELEASE:=1 -PKG_SOURCE_URL:=https://git.netfilter.org/arptables -PKG_SOURCE_PROTO:=git -PKG_SOURCE_DATE:=2015-05-20 -PKG_SOURCE_VERSION:=f4ab8f63f11a72f14687a6646d04ae1bae3fa45f -PKG_MIRROR_HASH:=84bc660be4c9f70be91046acfd87785add930eceab7c543036058e1a9de2e9d9 +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://ftp.netfilter.org/pub/arptables +PKG_HASH:=4f9a0656ce5c90868f551cd4deeb2d04f33899667e1fb2818b64e432fe8f629c PKG_LICENSE:=GPL-2.0 +PKG_LICENSE_FILES:=COPYING include $(INCLUDE_DIR)/package.mk -define Package/arptables +define Package/arptables-legacy SECTION:=net CATEGORY:=Network SUBMENU:=Firewall TITLE:=ARP firewalling software DEPENDS:=+kmod-arptables URL:=https://git.netfilter.org/arptables/ + PROVIDES:=arptables + ALTERNATIVES:=\ + 200:/usr/sbin/arptables:/usr/sbin/arptables-legacy endef MAKE_FLAGS += \ COPT_FLAGS="$(TARGET_CFLAGS) -D__OPTIMIZE__=1" \ KERNEL_DIR="$(LINUX_DIR)" -define Package/arptables/install +define Package/arptables-legacy/install $(INSTALL_DIR) $(1)/usr/sbin - $(CP) $(PKG_BUILD_DIR)/$(PKG_NAME) $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/arptables-legacy $(1)/usr/sbin/arptables-legacy endef -$(eval $(call BuildPackage,arptables)) +$(eval $(call BuildPackage,arptables-legacy)) diff --git a/package/network/utils/bpftool/Makefile b/package/network/utils/bpftool/Makefile new file mode 100644 index 00000000000..2782a307353 --- /dev/null +++ b/package/network/utils/bpftool/Makefile @@ -0,0 +1,99 @@ +# +# Copyright (C) 2020-2023 Tony Ambardar <itugrok@yahoo.com> +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=bpftools +PKG_VERSION:=7.3.0 +PKG_RELEASE:=1 + +PKG_SOURCE_URL:=https://github.com/libbpf/bpftool +PKG_MIRROR_HASH:=c8fe336005019fee4d4fd416ce68a749fb479786dead69d6a0b3b04bcd903b98 +PKG_SOURCE_PROTO:=git +PKG_SOURCE_VERSION:=v7.3.0 + +PKG_MAINTAINER:=Tony Ambardar <itugrok@yahoo.com> + +PKG_BUILD_FLAGS:=no-mips16 +PKG_BUILD_PARALLEL:=1 +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/nls.mk + +define Package/bpftool/Default + SECTION:=net + CATEGORY:=Network + TITLE:=bpftool - eBPF subsystem utility + LICENSE:=GPL-2.0-only OR BSD-2-Clause + URL:=http://www.kernel.org + DEPENDS:=+libelf +endef + +define Package/bpftool-minimal + $(call Package/bpftool/Default) + TITLE+= (Minimal) + VARIANT:=minimal + DEFAULT_VARIANT:=1 + PROVIDES:=bpftool + ALTERNATIVES:=200:/usr/sbin/bpftool:/usr/libexec/bpftool-minimal +endef + +define Package/bpftool-full + $(call Package/bpftool/Default) + TITLE+= (Full) + VARIANT:=full + PROVIDES:=bpftool + ALTERNATIVES:=300:/usr/sbin/bpftool:/usr/libexec/bpftool-full + DEPENDS+= +libbfd +libopcodes +endef + +define Package/bpftool-minimal/description + A tool for inspection and simple manipulation of eBPF programs and maps. +endef + +define Package/bpftool-full/description + A tool for inspection and simple manipulation of eBPF programs and maps. + This full version uses libbfd and libopcodes to support disassembly of + eBPF programs and jited code. +endef + +TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto +TARGET_LDFLAGS += -Wl,--gc-sections -flto + +ifeq ($(BUILD_VARIANT),full) + full:=1 +else + full:=0 +endif + +MAKE_VARS = \ + EXTRA_CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS)" \ + LDFLAGS="$(TARGET_LDFLAGS)" + +MAKE_FLAGS += \ + OUTPUT="$(PKG_BUILD_DIR)/" \ + prefix="/usr" \ + $(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='') \ + check_feat=0 \ + feature-clang-bpf-co-re=0 \ + feature-libbfd=$(full) \ + feature-llvm=0 \ + feature-libcap=0 \ + feature-disassembler-four-args=1 \ + feature-disassembler-init-styled=1 + +MAKE_PATH = src + +define Package/bpftool-$(BUILD_VARIANT)/install + $(INSTALL_DIR) $(1)/usr/libexec + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/bpftool \ + $(1)/usr/libexec/bpftool-$(BUILD_VARIANT) +endef + +$(eval $(call BuildPackage,bpftool-full)) +$(eval $(call BuildPackage,bpftool-minimal)) diff --git a/package/network/utils/bpftool/patches/001-cflags.patch b/package/network/utils/bpftool/patches/001-cflags.patch new file mode 100644 index 00000000000..39cef10c72a --- /dev/null +++ b/package/network/utils/bpftool/patches/001-cflags.patch @@ -0,0 +1,10 @@ +--- a/libbpf/src/Makefile ++++ b/libbpf/src/Makefile +@@ -34,6 +34,7 @@ ALL_CFLAGS := $(INCLUDES) + + SHARED_CFLAGS += -fPIC -fvisibility=hidden -DSHARED + ++CFLAGS = $(EXTRA_CFLAGS) + CFLAGS ?= -g -O2 -Werror -Wall -std=gnu89 + ALL_CFLAGS += $(CFLAGS) \ + -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 \ diff --git a/package/network/utils/bpftool/patches/002-includes.patch b/package/network/utils/bpftool/patches/002-includes.patch new file mode 100644 index 00000000000..ac1b5fcc228 --- /dev/null +++ b/package/network/utils/bpftool/patches/002-includes.patch @@ -0,0 +1,26 @@ +--- a/libbpf/include/linux/list.h ++++ b/libbpf/include/linux/list.h +@@ -3,6 +3,8 @@ + #ifndef __LINUX_LIST_H + #define __LINUX_LIST_H + ++#include <linux/types.h> ++ + #define LIST_HEAD_INIT(name) { &(name), &(name) } + #define LIST_HEAD(name) \ + struct list_head name = LIST_HEAD_INIT(name) +--- a/src/Makefile ++++ b/src/Makefile +@@ -73,10 +73,10 @@ CFLAGS += -W -Wall -Wextra -Wno-unused-p + CFLAGS += $(filter-out -Wswitch-enum -Wnested-externs,$(EXTRA_WARNINGS)) + CFLAGS += -DPACKAGE='"bpftool"' -D__EXPORTED_HEADERS__ \ + -I$(or $(OUTPUT),.) \ +- -I$(LIBBPF_INCLUDE) \ + -I$(srctree)/src/kernel/bpf/ \ + -I$(srctree)/include \ +- -I$(srctree)/include/uapi ++ -I$(srctree)/include/uapi \ ++ -I$(LIBBPF_INCLUDE) + ifneq ($(BPFTOOL_VERSION),) + CFLAGS += -DBPFTOOL_VERSION='"$(BPFTOOL_VERSION)"' + endif diff --git a/package/network/utils/bpftools/Makefile b/package/network/utils/bpftools/Makefile deleted file mode 100644 index f044cc81f85..00000000000 --- a/package/network/utils/bpftools/Makefile +++ /dev/null @@ -1,169 +0,0 @@ -# -# Copyright (C) 2020 Tony Ambardar <itugrok@yahoo.com> -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=bpftools -PKG_VERSION:=5.11.16 -PKG_RELEASE:=1 - -PKG_SOURCE:=linux-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=@KERNEL/linux/kernel/v5.x -PKG_HASH:=21163681d130cbce5a6be39019e2c69e44f284855ddd70b1a3bd039249540f43 - -PKG_MAINTAINER:=Tony Ambardar <itugrok@yahoo.com> - -PKG_USE_MIPS16:=0 -PKG_BUILD_PARALLEL:=1 -PKG_INSTALL:=1 - -LINUX_VERSION:=$(PKG_VERSION) -LINUX_TLD:=linux-$(LINUX_VERSION) - -BPF_FILES:= \ - kernel/bpf scripts tools/Makefile tools/bpf tools/perf/perf-sys.h \ - tools/arch tools/build tools/include tools/lib tools/scripts -TAR_OPTIONS+= \ - --transform="s;$(LINUX_TLD)/;$(PKG_NAME)-$(PKG_VERSION)/;" \ - $(addprefix $(LINUX_TLD)/,$(BPF_FILES)) - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/nls.mk - -define Package/bpftool/Default - SECTION:=net - CATEGORY:=Network - TITLE:=bpftool - eBPF subsystem utility - LICENSE:=GPL-2.0-only OR BSD-2-Clause - URL:=http://www.kernel.org - DEPENDS:=+libelf -endef - -define Package/bpftool-minimal - $(call Package/bpftool/Default) - TITLE+= (Minimal) - VARIANT:=minimal - DEFAULT_VARIANT:=1 - PROVIDES:=bpftool - ALTERNATIVES:=200:/usr/sbin/bpftool:/usr/libexec/bpftool-minimal -endef - -define Package/bpftool-full - $(call Package/bpftool/Default) - TITLE+= (Full) - VARIANT:=full - PROVIDES:=bpftool - ALTERNATIVES:=300:/usr/sbin/bpftool:/usr/libexec/bpftool-full - DEPENDS+= +libbfd +libopcodes -endef - -define Package/bpftool-minimal/description - A tool for inspection and simple manipulation of eBPF programs and maps. -endef - -define Package/bpftool-full/description - A tool for inspection and simple manipulation of eBPF programs and maps. - This full version uses libbfd and libopcodes to support disassembly of - eBPF programs and jited code. -endef - -define Package/libbpf - SECTION:=libs - CATEGORY:=Libraries - TITLE:=libbpf - eBPF helper library - VARIANT:=lib - LICENSE:=LGPL-2.1 OR BSD-2-Clause - ABI_VERSION:=0 - URL:=http://www.kernel.org - DEPENDS:=+libelf -endef - -define Package/libbpf/description - libbpf is a library for loading eBPF programs and reading and manipulating eBPF objects from user-space. -endef - - -# LTO not compatible with DSO using PIC -ifneq ($(BUILD_VARIANT),lib) - TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto - TARGET_LDFLAGS += -Wl,--gc-sections -endif - -MAKE_VARS = \ - EXTRA_CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS)" \ - LDFLAGS="$(TARGET_LDFLAGS)" - -MAKE_FLAGS += \ - BPFTOOL_VERSION="$(LINUX_VERSION)" \ - FEATURES_DUMP="$(PKG_BUILD_DIR)/FEATURE-DUMP.openwrt" \ - OUTPUT="$(PKG_BUILD_DIR)/" \ - prefix="/usr" \ - $(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='') - -ifeq ($(BUILD_VARIANT),full) - HAVE_LIBBFD:=1 - HAVE_LIBCAP:=0 - HAVE_CLANG:=0 - MAKE_PATH:=tools/bpf/bpftool -else ifeq ($(BUILD_VARIANT),minimal) - HAVE_LIBBFD:=0 - HAVE_LIBCAP:=0 - HAVE_CLANG:=0 - MAKE_PATH:=tools/bpf/bpftool -else ifeq ($(BUILD_VARIANT),lib) - HAVE_LIBBFD:=0 - HAVE_LIBCAP:=0 - HAVE_CLANG:=0 - MAKE_PATH:=tools/lib/bpf -endif - -# Perform a "throw-away" make to create a FEATURE-DUMP.* file to edit later. -# The "//" in the make target is actually needed, very unPOSIXly. -define Build/Configure - +$(MAKE_VARS) $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/tools/bpf/bpftool \ - $(MAKE_FLAGS) FEATURES_DUMP= $(PKG_BUILD_DIR)//libbpf/libbpf.a - (cd $(PKG_BUILD_DIR); cat FEATURE-DUMP.bpftool libbpf/FEATURE-DUMP.libbpf \ - | sort | uniq > FEATURE-DUMP.openwrt) - $(SED) 's/feature-libbfd=1/feature-libbfd=$(HAVE_LIBBFD)/' \ - -e 's/feature-libcap=1/feature-libcap=$(HAVE_LIBCAP)/' \ - -e 's/feature-clang-bpf-co-re=1/feature-clang-bpf-co-re=$(HAVE_CLANG)/' \ - $(PKG_BUILD_DIR)/FEATURE-DUMP.openwrt -endef - -define Build/InstallDev/libbpf - $(INSTALL_DIR) $(1)/usr/include/bpf - $(CP) $(PKG_INSTALL_DIR)/usr/include/bpf/*.h $(1)/usr/include/bpf/ - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib$(LIB_SUFFIX)/libbpf.{a,so*} \ - $(1)/usr/lib/ - $(INSTALL_DIR) $(1)/usr/lib/pkgconfig - $(CP) $(PKG_INSTALL_DIR)/usr/lib$(LIB_SUFFIX)/pkgconfig/libbpf.pc \ - $(1)/usr/lib/pkgconfig/ - $(SED) 's,/usr/include,$$$${prefix}/include,g' \ - $(1)/usr/lib/pkgconfig/libbpf.pc - $(SED) 's,/usr/lib,$$$${exec_prefix}/lib,g' \ - $(1)/usr/lib/pkgconfig/libbpf.pc -endef - -ifeq ($(BUILD_VARIANT),lib) - Build/InstallDev=$(Build/InstallDev/libbpf) -endif - -define Package/bpftool-$(BUILD_VARIANT)/install - $(INSTALL_DIR) $(1)/usr/libexec - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/bpftool \ - $(1)/usr/libexec/bpftool-$(BUILD_VARIANT) -endef - -define Package/libbpf/install - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib$(LIB_SUFFIX)/libbpf.so.* $(1)/usr/lib/ -endef - -$(eval $(call BuildPackage,libbpf)) -$(eval $(call BuildPackage,bpftool-full)) -$(eval $(call BuildPackage,bpftool-minimal)) diff --git a/package/network/utils/bpftools/patches/005-tools-arch-powerpc-fix-EDEADLOCK-redefinition-errors.patch b/package/network/utils/bpftools/patches/005-tools-arch-powerpc-fix-EDEADLOCK-redefinition-errors.patch deleted file mode 100644 index 996ffc43ee5..00000000000 --- a/package/network/utils/bpftools/patches/005-tools-arch-powerpc-fix-EDEADLOCK-redefinition-errors.patch +++ /dev/null @@ -1,51 +0,0 @@ -From afe3f4c765b17ced23811fe652c7f7adf7a0c0cf Mon Sep 17 00:00:00 2001 -From: Tony Ambardar <Tony.Ambardar@gmail.com> -Date: Mon, 14 Sep 2020 23:05:26 -0700 -Subject: [PATCH] tools/arch/powerpc: fix EDEADLOCK redefinition errors in - errno.h - -A few archs like powerpc have different errno.h values for macros -EDEADLOCK and EDEADLK. In code including both libc and linux versions of -errno.h, this can result in multiple definitions of EDEADLOCK in the -include chain. Definitions to the same value (e.g. seen with mips) do -not raise warnings, but on powerpc there are redefinitions changing the -value, which raise warnings and errors (with "-Werror"). - -Guard against these redefinitions to avoid build errors like the following, -first seen cross-compiling libbpf v5.8.9 for powerpc using GCC 8.4.0 with -musl 1.1.24: - - In file included from ../../arch/powerpc/include/uapi/asm/errno.h:5, - from ../../include/linux/err.h:8, - from libbpf.c:29: - ../../include/uapi/asm-generic/errno.h:40: error: "EDEADLOCK" redefined [-Werror] - #define EDEADLOCK EDEADLK - - In file included from toolchain-powerpc_8540_gcc-8.4.0_musl/include/errno.h:10, - from libbpf.c:26: - toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/errno.h:58: note: this is the location of the previous definition - #define EDEADLOCK 58 - - cc1: all warnings being treated as errors - make[5]: *** [target-powerpc_8540_musl/bpftools-5.8.9/tools/build/Makefile.build:97: /home/kodidev/openwrt-project/build_dir/target-powerpc_8540_musl/bpftools-minimal/bpftools-5.8.9//libbpf/staticobjs/libbpf.o] Error 1 - -Fixes: 95f28190aa01 ("tools include arch: Grab a copy of errno.h for arch's - supported by perf") -Fixes: c3617f72036c ("UAPI: (Scripted) Disintegrate arch/powerpc/include/asm") - -Reported-by: Rosen Penev <rosenp@gmail.com> -Signed-off-by: Tony Ambardar <Tony.Ambardar@gmail.com> ---- - tools/arch/powerpc/include/uapi/asm/errno.h | 1 + - 1 file changed, 1 insertion(+) - ---- a/tools/arch/powerpc/include/uapi/asm/errno.h -+++ b/tools/arch/powerpc/include/uapi/asm/errno.h -@@ -2,6 +2,7 @@ - #ifndef _ASM_POWERPC_ERRNO_H - #define _ASM_POWERPC_ERRNO_H - -+#undef EDEADLOCK - #include <asm-generic/errno.h> - - #undef EDEADLOCK diff --git a/package/network/utils/comgt/Makefile b/package/network/utils/comgt/Makefile index db5ea574735..429c9386027 100644 --- a/package/network/utils/comgt/Makefile +++ b/package/network/utils/comgt/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=comgt PKG_VERSION:=0.32 -PKG_RELEASE:=33 +PKG_RELEASE:=35 PKG_SOURCE:=$(PKG_NAME).$(PKG_VERSION).tgz PKG_SOURCE_URL:=@SF/comgt @@ -79,6 +79,7 @@ define Package/comgt/install $(INSTALL_DATA) ./files/getcarrier.gcom $(1)/etc/gcom/getcarrier.gcom $(INSTALL_DATA) ./files/getcnum.gcom $(1)/etc/gcom/getcnum.gcom $(INSTALL_DATA) ./files/getimsi.gcom $(1)/etc/gcom/getimsi.gcom + $(INSTALL_DATA) ./files/runcommand.gcom $(1)/etc/gcom/runcommand.gcom $(INSTALL_DIR) $(1)/etc/hotplug.d/tty $(INSTALL_CONF) ./files/3g.usb $(1)/etc/hotplug.d/tty/30-3g $(INSTALL_DIR) $(1)/lib/netifd/proto @@ -96,7 +97,6 @@ endef define Package/comgt-ncm/install $(INSTALL_DIR) $(1)/etc/gcom $(INSTALL_DATA) ./files/ncm.json $(1)/etc/gcom/ncm.json - $(INSTALL_DATA) ./files/runcommand.gcom $(1)/etc/gcom/runcommand.gcom $(INSTALL_DIR) $(1)/lib/netifd/proto $(INSTALL_BIN) ./files/ncm.sh $(1)/lib/netifd/proto/ncm.sh endef diff --git a/package/network/utils/comgt/files/3g.sh b/package/network/utils/comgt/files/3g.sh index 9220cbf5a0a..42ba894e595 100644 --- a/package/network/utils/comgt/files/3g.sh +++ b/package/network/utils/comgt/files/3g.sh @@ -72,6 +72,8 @@ proto_3g_setup() { *) CODE="2,2";; esac export MODE="AT^SYSCFG=${CODE},3FFFFFFF,2,4" + elif echo "$cardinfo" | grep -q "MikroTik"; then + COMMAND="AT+CFUN=1" gcom -d "$device" -s /etc/gcom/runcommand.gcom || return 1 fi if [ -n "$pincode" ]; then diff --git a/package/network/utils/comgt/files/ncm.json b/package/network/utils/comgt/files/ncm.json index bbdb30c5eeb..5f68b134967 100644 --- a/package/network/utils/comgt/files/ncm.json +++ b/package/network/utils/comgt/files/ncm.json @@ -74,5 +74,67 @@ "connect": "AT+CGACT=1,${profile}", "finalize": "AT+CGDATA=\\\"M-MBIM\\\",${profile},1", "disconnect": "AT+CGACT=0,${profile}" + }, + "quectel": { + "initialize": [ + "AT+CFUN=1" + ], + "configure": [ + "at+qicsgp=${profile},${context_type},\\\"${apn}\\\",\\\"${username}\\\",\\\"${password}\\\",0" + ], + "modes": { + "lte": "AT+QCFG=\\\"nwscanmode\\\",3", + "umts": "AT+QCFG=\\\"nwscanmode\\\",2", + "gsm": "AT+QCFG=\\\"nwscanmode\\\",1", + "auto": "AT+QCFG=\\\"nwscanmode\\\",0" + }, + "connect": "AT+qnetdevctl=1,${profile},1", + "disconnect": "AT+qnetdevctl=0,${profile},0" + }, + "\"zte": { + "initialize": [ + "AT+CFUN=1" + ], + "configure": [ + "AT+ZGDCONT=${profile},\\\"${pdptype}\\\",\\\"${apn}\\\",\\\"\\\",0,0", + "AT+ZGPCOAUTH=${profile},\\\"${username}\\\",\\\"${password}\\\",0" + ], + "connect": "AT+ZGACT=1,${profile}", + "disconnect": "AT+ZGACT=0,${profile}" + }, + "\"marvell\"": { + "initialize": [ + "AT+CFUN=1" + ], + "configure": [ + "AT+ZGDCONT=${profile},\\\"${pdptype}\\\",\\\"${apn}\\\",\\\"\\\",0,0", + "AT+ZGPCOAUTH=${profile},\\\"${username}\\\",\\\"${password}\\\",0" + ], + "connect": "AT+ZGACT=1,${profile}", + "disconnect": "AT+ZGACT=0,${profile}" + }, + "\"mikrotik\"": { + "configure": [ + "AT+CFUN=4", + "AT+ZGDCONT=${profile},\\\"${pdptype}\\\",\\\"${apn}\\\",0", + "AT+ZDHCPLEASE=10", + "AT+CFUN=1" + ], + "waitforconnect": "\\\"+ZCONSTAT: 1,${context_type}\\\",\\\"+ZGIPDNS: ${context_type}\\\"", + "connect": "AT+ZGACT=1,${context_type}", + "finalize": "AT+ZDHCPLEASE=0", + "disconnect": "AT+ZGACT=0,1" + }, + "spreadtrum": { + "initialize": [ + "AT+CFUN=1", + "AT+CCED=2,8", + "AT+SPTTYROUTER=1" + ], + "configure": [ + "AT+CGDCONT=${profile},\\\"${pdptype}\\\"${apn:+,\\\"$apn\\\"}" + ], + "connect": "AT+SPTZCMD=\\\"Y29ubm1hbmN0bCBuZGlzZGlhbCBBVF5ORElTRFVOPSJ1c2IwIiwxLDE=\\\"", + "disconnect": "AT+SPTZCMD=\\\"Y29ubm1hbmN0bCBuZGlzZGlhbCBBVF5ORElTRFVOPSJ1c2IwIiwwLDE=\\\"" } } diff --git a/package/network/utils/comgt/files/ncm.sh b/package/network/utils/comgt/files/ncm.sh index 6545091c82f..dec058712d0 100644 --- a/package/network/utils/comgt/files/ncm.sh +++ b/package/network/utils/comgt/files/ncm.sh @@ -10,6 +10,7 @@ proto_ncm_init_config() { no_device=1 available=1 proto_config_add_string "device:device" + proto_config_add_string ifname proto_config_add_string apn proto_config_add_string auth proto_config_add_string username @@ -25,10 +26,12 @@ proto_ncm_init_config() { proto_ncm_setup() { local interface="$1" - local manufacturer initialize setmode connect finalize ifname devname devpath + local manufacturer initialize setmode connect finalize devname devpath ifpath - local device apn auth username password pincode delay mode pdptype profile $PROTO_DEFAULT_OPTIONS - json_get_vars device apn auth username password pincode delay mode pdptype profile $PROTO_DEFAULT_OPTIONS + local device ifname apn auth username password pincode delay mode pdptype profile $PROTO_DEFAULT_OPTIONS + json_get_vars device ifname apn auth username password pincode delay mode pdptype profile $PROTO_DEFAULT_OPTIONS + + local context_type [ "$metric" = "" ] && metric="0" @@ -37,6 +40,10 @@ proto_ncm_setup() { pdptype=$(echo "$pdptype" | awk '{print toupper($0)}') [ "$pdptype" = "IP" -o "$pdptype" = "IPV6" -o "$pdptype" = "IPV4V6" ] || pdptype="IP" + [ "$pdptype" = "IPV4V6" ] && context_type=3 + [ -z "$context_type" -a "$pdptype" = "IPV6" ] && context_type=2 + [ -n "$context_type" ] || context_type=1 + [ -n "$ctl_device" ] && device=$ctl_device [ -n "$device" ] || { @@ -53,17 +60,25 @@ proto_ncm_setup() { return 1 } - devname="$(basename "$device")" - case "$devname" in - 'tty'*) - devpath="$(readlink -f /sys/class/tty/$devname/device)" - ifname="$( ls "$devpath"/../../*/net )" - ;; - *) - devpath="$(readlink -f /sys/class/usbmisc/$devname/device/)" - ifname="$( ls "$devpath"/net )" - ;; - esac + [ -z "$ifname" ] && { + devname="$(basename "$device")" + case "$devname" in + 'ttyACM'*) + devpath="$(readlink -f /sys/class/tty/$devname/device)" + ifpath="$devpath/../*/net" + ;; + 'tty'*) + devpath="$(readlink -f /sys/class/tty/$devname/device)" + ifpath="$devpath/../../*/net" + ;; + *) + devpath="$(readlink -f /sys/class/usbmisc/$devname/device/)" + ifpath="$devpath/net" + ;; + esac + ifname="$(ls $(ls -1 -d $ifpath | head -n 1))" + } + [ -n "$ifname" ] || { echo "The interface could not be found." proto_notify_error "$interface" NO_IFACE @@ -71,10 +86,25 @@ proto_ncm_setup() { return 1 } - [ -n "$delay" ] && sleep "$delay" - - manufacturer=$(gcom -d "$device" -s /etc/gcom/getcardinfo.gcom | awk 'NF && $0 !~ /AT\+CGMI/ { sub(/\+CGMI: /,""); print tolower($1); exit; }') - [ $? -ne 0 -o -z "$manufacturer" ] && { + start=$(date +%s) + while true; do + manufacturer=$(gcom -d "$device" -s /etc/gcom/getcardinfo.gcom | awk 'NF && $0 !~ /AT\+CGMI/ { sub(/\+CGMI: /,""); print tolower($1); exit; }') + [ "$manufacturer" = "error" ] && { + manufacturer="" + } + [ -n "$manufacturer" ] && { + break + } + [ -z "$delay" ] && { + break + } + sleep 1 + elapsed=$(($(date +%s) - start)) + [ "$elapsed" -gt "$delay" ] && { + break + } + done + [ -z "$manufacturer" ] && { echo "Failed to get modem information" proto_notify_error "$interface" GETINFO_FAILED return 1 diff --git a/package/network/utils/ebtables/Makefile b/package/network/utils/ebtables/Makefile index 732e9bf2b54..f35b768b437 100644 --- a/package/network/utils/ebtables/Makefile +++ b/package/network/utils/ebtables/Makefile @@ -17,33 +17,40 @@ PKG_SOURCE_VERSION:=48cff25dfea5b37e16ba5dc6601e98ab140f5f99 PKG_MIRROR_HASH:=1327cdc3402e5e3056819e4e9b6f9d4a5bfd401f2c4f58447afb2c3c73fc8aac PKG_LICENSE:=GPL-2.0 +PKG_CPE_ID:=cpe:/a:netfilter:ebtables include $(INCLUDE_DIR)/package.mk -define Package/ebtables +define Package/ebtables-legacy SECTION:=net CATEGORY:=Network SUBMENU:=Firewall DEPENDS:=+kmod-ebtables TITLE:=Ethernet bridge firewall administration utility URL:=http://ebtables.sourceforge.net/ + PROVIDES:=ebtables + ALTERNATIVES:=\ + 200:/usr/sbin/ebtables:/usr/sbin/ebtables-legacy endef -define Package/ebtables-utils - $(call Package/ebtables) - DEPENDS += ebtables +define Package/ebtables-legacy-utils + $(call Package/ebtables-legacy) + DEPENDS:=ebtables-legacy TITLE:=ebtables save/restore utilities + PROVIDES:=ebtables-utils + ALTERNATIVES:=\ + 200:/usr/sbin/ebtables-restore:/usr/sbin/ebtables-legacy-restore endef -define Package/ebtables/description +define Package/ebtables-legacy/description The ebtables program is a filtering tool for a bridging firewall. The filtering is focussed on the Link Layer Ethernet frame fields. Apart from filtering, it also gives the ability to alter the Ethernet MAC addresses and implement a brouter. endef -define Package/ebtables-utils/description - $(call Package/ebtables/description) +define Package/ebtables-legacy-utils/description + $(call Package/ebtables-legacy/description) endef MAKE_VARS += EXT_LIBSI="$(LIBGCC_S)" @@ -52,21 +59,22 @@ MAKE_FLAGS += \ CFLAGS="$(TARGET_CFLAGS)" \ LIBDIR="/usr/lib/ebtables" -define Package/ebtables/install +define Package/ebtables-legacy/install $(INSTALL_DIR) $(1)/etc $(INSTALL_DATA) $(PKG_BUILD_DIR)/ethertypes $(1)/etc/ $(INSTALL_DIR) $(1)/usr/lib/ebtables $(INSTALL_BIN) $(PKG_BUILD_DIR)/lib*.so $(1)/usr/lib/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/extensions/*.so $(1)/usr/lib/ebtables/ $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/ebtables $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/ebtables $(1)/usr/sbin/ebtables-legacy endef -define Package/ebtables-utils/install +define Package/ebtables-legacy-utils/install $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/ebtables-save $(1)/usr/sbin/ - $(INSTALL_BIN) $(PKG_BUILD_DIR)/ebtables-restore $(1)/usr/sbin/ + #ebtables-save depends on perl and is just broken + #$(INSTALL_BIN) $(PKG_BUILD_DIR)/ebtables-save $(1)/usr/sbin/ebtables-legacy-save + $(INSTALL_BIN) $(PKG_BUILD_DIR)/ebtables-restore $(1)/usr/sbin/ebtables-legacy-restore endef -$(eval $(call BuildPackage,ebtables)) -$(eval $(call BuildPackage,ebtables-utils)) +$(eval $(call BuildPackage,ebtables-legacy)) +$(eval $(call BuildPackage,ebtables-legacy-utils)) diff --git a/package/network/utils/ethtool/Makefile b/package/network/utils/ethtool/Makefile index d645cf9bbb1..bc2b13e4234 100644 --- a/package/network/utils/ethtool/Makefile +++ b/package/network/utils/ethtool/Makefile @@ -8,23 +8,22 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ethtool -PKG_VERSION:=5.12 +PKG_VERSION:=6.6 PKG_RELEASE:=1 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name> PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@KERNEL/software/network/ethtool -PKG_HASH:=f5ddfa9c75053d8011b8c8c99ec4e2d3c83cd1972f638692d62e37fa3ef36f07 +PKG_HASH:=833a8493cb9cd5809ab59743092d9a38742c282290800e9626407511bbcebf9e PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING +PKG_CPE_ID:=cpe:/a:kernel:ethtool PKG_FIXUP:=autoreconf PKG_INSTALL:=1 PKG_BUILD_PARALLEL:=1 -PKG_CONFIG_DEPENDS:=CONFIG_ETHTOOL_PRETTY_DUMP - include $(INCLUDE_DIR)/package.mk define Package/ethtool @@ -32,6 +31,17 @@ define Package/ethtool CATEGORY:=Network TITLE:=Display or change ethernet card settings URL:=http://www.kernel.org/pub/software/network/ethtool/ + VARIANT:=tiny + CONFLICTS:=ethtool-full +endef + +define Package/ethtool-full + $(Package/ethtool) + TITLE += (full) + VARIANT:=full + PROVIDES:=ethtool + DEPENDS:=+libmnl + CONFLICTS:= endef define Package/ethtool/description @@ -39,18 +49,12 @@ define Package/ethtool/description network interface endef -define Package/ethtool/config - config ETHTOOL_PRETTY_DUMP - depends on PACKAGE_ethtool - bool "Enable pretty printing" -endef - -CONFIGURE_ARGS += --disable-netlink +Package/ethtool-full/description:=$(Package/ethtool/description) -ifeq ($(CONFIG_ETHTOOL_PRETTY_DUMP),y) -CONFIGURE_ARGS += --enable-pretty-dump +ifeq ($(BUILD_VARIANT),full) +CONFIGURE_ARGS += --enable-netlink --enable-pretty-dump else -CONFIGURE_ARGS += --disable-pretty-dump +CONFIGURE_ARGS += --disable-netlink --disable-pretty-dump endif define Package/ethtool/install @@ -58,4 +62,7 @@ define Package/ethtool/install $(INSTALL_BIN) $(PKG_BUILD_DIR)/ethtool $(1)/usr/sbin endef +Package/ethtool-full/install=$(Package/ethtool/install) + $(eval $(call BuildPackage,ethtool)) +$(eval $(call BuildPackage,ethtool-full)) diff --git a/package/network/utils/iproute2/Makefile b/package/network/utils/iproute2/Makefile index 54165636c7c..2f9d2f2bc98 100644 --- a/package/network/utils/iproute2/Makefile +++ b/package/network/utils/iproute2/Makefile @@ -8,17 +8,19 @@ include $(TOPDIR)/rules.mk PKG_NAME:=iproute2 -PKG_VERSION:=5.11.0 -PKG_RELEASE:=4 +PKG_VERSION:=6.7.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=@KERNEL/linux/utils/net/iproute2 -PKG_HASH:=c5e2ea108212b3445051b35953ec267f9f3469e1d5c67ac034ab559849505c54 +PKG_HASH:=ff942dd9828d7d1f867f61fe72ce433078c31e5d8e4a78e20f02cb5892e8841d PKG_BUILD_PARALLEL:=1 PKG_BUILD_DEPENDS:=iptables PKG_LICENSE:=GPL-2.0 PKG_CPE_ID:=cpe:/a:iproute2_project:iproute2 +PKG_BUILD_FLAGS:=gc-sections lto + include $(INCLUDE_DIR)/kernel.mk include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/nls.mk @@ -57,7 +59,16 @@ $(call Package/iproute2/Default) DEFAULT_VARIANT:=1 PROVIDES:=tc ALTERNATIVES:=200:/sbin/tc:/usr/libexec/tc-tiny - DEPENDS:=+kmod-sched-core +libxtables +tc-mod-iptables +(PACKAGE_devlink||PACKAGE_rdma):libmnl + DEPENDS:=+kmod-sched-core +(PACKAGE_devlink||PACKAGE_rdma):libmnl +endef + +define Package/tc-bpf +$(call Package/iproute2/Default) + TITLE:=Traffic control utility (bpf) + VARIANT:=tcbpf + PROVIDES:=tc + ALTERNATIVES:=300:/sbin/tc:/usr/libexec/tc-bpf + DEPENDS:=+kmod-sched-core +(PACKAGE_devlink||PACKAGE_rdma):libmnl +libbpf endef define Package/tc-full @@ -65,14 +76,15 @@ $(call Package/iproute2/Default) TITLE:=Traffic control utility (full) VARIANT:=tcfull PROVIDES:=tc - ALTERNATIVES:=300:/sbin/tc:/usr/libexec/tc-full - DEPENDS:=+kmod-sched-core +libxtables +tc-mod-iptables +libbpf +(PACKAGE_devlink||PACKAGE_rdma):libmnl + ALTERNATIVES:=400:/sbin/tc:/usr/libexec/tc-full + DEPENDS:=+kmod-sched-core +(PACKAGE_devlink||PACKAGE_rdma):libmnl +libbpf +libxtables +tc-mod-iptables endef define Package/tc-mod-iptables $(call Package/iproute2/Default) TITLE:=Traffic control module - iptables action - DEPENDS:=+libxtables + VARIANT:=tcfull + DEPENDS:=+libxtables +libbpf endef define Package/genl @@ -123,13 +135,29 @@ endif ifeq ($(BUILD_VARIANT),tctiny) LIBBPF_FORCE:=off +endif + +ifeq ($(BUILD_VARIANT),tcbpf) + HAVE_ELF:=y + LIBBPF_FORCE:=on SHARED_LIBS:=y endif ifeq ($(BUILD_VARIANT),tcfull) + #enable iptables/xtables requirement only if tciptables variant is selected + TC_CONFIG_XT:=y + TC_CONFIG_XT_OLD:=y + TC_CONFIG_XT_OLD_H:=y + TC_CONFIG_IPSET:=y HAVE_ELF:=y LIBBPF_FORCE:=on SHARED_LIBS:=y +else + #disable iptables requirement by default + TC_CONFIG_XT:=n + TC_CONFIG_XT_OLD:=n + TC_CONFIG_XT_OLD_H:=n + TC_CONFIG_IPSET:=n endif ifdef CONFIG_PACKAGE_devlink @@ -145,12 +173,11 @@ define Build/Configure > $(PKG_BUILD_DIR)/include/SNAPSHOT.h endef -TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto -TARGET_LDFLAGS += -Wl,--gc-sections -Wl,--as-needed +TARGET_LDFLAGS += -Wl,--as-needed TARGET_CPPFLAGS += -I$(STAGING_DIR)/usr/include/libnl-tiny MAKE_FLAGS += \ - KERNEL_INCLUDE="$(LINUX_DIR)/user_headers/include" \ + KERNEL_INCLUDE="$(LINUX_DIR)/include/uapi" \ SHARED_LIBS=$(SHARED_LIBS) \ IP_CONFIG_TINY=$(IP_CONFIG_TINY) \ BUILD_VARIANT=$(BUILD_VARIANT) \ @@ -158,8 +185,13 @@ MAKE_FLAGS += \ HAVE_ELF=$(HAVE_ELF) \ HAVE_MNL=$(HAVE_MNL) \ HAVE_CAP=$(HAVE_CAP) \ + HAVE_TIRPC=n \ IPT_LIB_DIR=/usr/lib/iptables \ XT_LIB_DIR=/usr/lib/iptables \ + TC_CONFIG_XT=$(TC_CONFIG_XT) \ + TC_CONFIG_XT_OLD=$(TC_CONFIG_XT_OLD) \ + TC_CONFIG_XT_OLD_H=$(TC_CONFIG_XT_OLD_H) \ + TC_CONFIG_IPSET=$(TC_CONFIG_IPSET) \ FPIC="$(FPIC)" \ $(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='') @@ -190,6 +222,11 @@ define Package/tc-tiny/install $(INSTALL_BIN) $(PKG_BUILD_DIR)/tc/tc $(1)/usr/libexec/tc-tiny endef +define Package/tc-bpf/install + $(INSTALL_DIR) $(1)/usr/libexec + $(INSTALL_BIN) $(PKG_BUILD_DIR)/tc/tc $(1)/usr/libexec/tc-bpf +endef + define Package/tc-full/install $(INSTALL_DIR) $(1)/usr/libexec $(INSTALL_BIN) $(PKG_BUILD_DIR)/tc/tc $(1)/usr/libexec/tc-full @@ -232,9 +269,12 @@ endef $(eval $(call BuildPackage,ip-tiny)) $(eval $(call BuildPackage,ip-full)) +# build tc-mod-iptables before its dependents, to avoid +# spurious rebuilds when building multiple variants. +$(eval $(call BuildPackage,tc-mod-iptables)) $(eval $(call BuildPackage,tc-tiny)) +$(eval $(call BuildPackage,tc-bpf)) $(eval $(call BuildPackage,tc-full)) -$(eval $(call BuildPackage,tc-mod-iptables)) $(eval $(call BuildPackage,genl)) $(eval $(call BuildPackage,ip-bridge)) $(eval $(call BuildPackage,ss)) diff --git a/package/network/utils/iproute2/patches/100-configure.patch b/package/network/utils/iproute2/patches/100-configure.patch deleted file mode 100644 index f70b7199b66..00000000000 --- a/package/network/utils/iproute2/patches/100-configure.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/configure -+++ b/configure -@@ -39,7 +39,8 @@ int main(int argc, char **argv) { - } - EOF - -- if $CC -I$INCLUDE -o $TMPDIR/atmtest $TMPDIR/atmtest.c -latm >/dev/null 2>&1; then -+# OpenWrt: disable ATM support even if present on host system -+ if [ 1 -eq 0 ]; then - echo "TC_CONFIG_ATM:=y" >>$CONFIG - echo yes - else diff --git a/package/network/utils/iproute2/patches/110-darwin_fixes.patch b/package/network/utils/iproute2/patches/110-darwin_fixes.patch index 1f3eb101ea4..06ae59f8b4d 100644 --- a/package/network/utils/iproute2/patches/110-darwin_fixes.patch +++ b/package/network/utils/iproute2/patches/110-darwin_fixes.patch @@ -1,6 +1,6 @@ --- a/netem/maketable.c +++ b/netem/maketable.c -@@ -10,7 +10,9 @@ +@@ -11,7 +11,9 @@ #include <stdio.h> #include <stdlib.h> #include <math.h> @@ -12,7 +12,7 @@ #include <sys/stat.h> --- a/netem/normal.c +++ b/netem/normal.c -@@ -8,8 +8,12 @@ +@@ -9,8 +9,12 @@ #include <string.h> #include <limits.h> @@ -27,7 +27,7 @@ #define TABLEFACTOR NETEM_DIST_SCALE --- a/netem/pareto.c +++ b/netem/pareto.c -@@ -7,8 +7,12 @@ +@@ -8,8 +8,12 @@ #include <math.h> #include <limits.h> @@ -42,7 +42,7 @@ #define TABLESIZE 16384 --- a/netem/paretonormal.c +++ b/netem/paretonormal.c -@@ -14,10 +14,13 @@ +@@ -15,10 +15,13 @@ #include <string.h> #include <math.h> #include <limits.h> diff --git a/package/network/utils/iproute2/patches/115-add-config-xtlibdir.patch b/package/network/utils/iproute2/patches/115-add-config-xtlibdir.patch index 8702d5fd2d1..c32863c3648 100644 --- a/package/network/utils/iproute2/patches/115-add-config-xtlibdir.patch +++ b/package/network/utils/iproute2/patches/115-add-config-xtlibdir.patch @@ -1,6 +1,6 @@ --- a/tc/Makefile +++ b/tc/Makefile -@@ -128,6 +128,9 @@ CFLAGS += -DCONFIG_GACT -DCONFIG_GACT_PR +@@ -119,6 +119,9 @@ CFLAGS += -DCONFIG_GACT -DCONFIG_GACT_PR ifneq ($(IPT_LIB_DIR),) CFLAGS += -DIPT_LIB_DIR=\"$(IPT_LIB_DIR)\" endif diff --git a/package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man.patch b/package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man.patch deleted file mode 100644 index e3faee0d8ff..00000000000 --- a/package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Makefile -+++ b/Makefile -@@ -55,7 +55,7 @@ WFLAGS += -Wmissing-declarations -Wold-s - CFLAGS := $(WFLAGS) $(CCOPTS) -I../include -I../include/uapi $(DEFINES) $(CFLAGS) - YACCFLAGS = -d -t -v - --SUBDIRS=lib ip tc bridge misc netem genl tipc devlink rdma dcb man -+SUBDIRS=lib ip tc bridge misc genl devlink rdma - - LIBNETLINK=../lib/libutil.a ../lib/libnetlink.a - LDLIBS += $(LIBNETLINK) diff --git a/package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch b/package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch new file mode 100644 index 00000000000..8c70c144891 --- /dev/null +++ b/package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch @@ -0,0 +1,14 @@ +--- a/Makefile ++++ b/Makefile +@@ -68,9 +68,9 @@ WFLAGS += -Wmissing-declarations -Wold-s + CFLAGS := $(WFLAGS) $(CCOPTS) -I../include -I../include/uapi $(DEFINES) $(CFLAGS) + YACCFLAGS = -d -t -v + +-SUBDIRS=lib ip tc bridge misc netem genl man ++SUBDIRS=lib ip tc bridge misc genl + ifeq ($(HAVE_MNL),y) +-SUBDIRS += tipc devlink rdma dcb vdpa ++SUBDIRS += devlink rdma + endif + + LIBNETLINK=../lib/libutil.a ../lib/libnetlink.a diff --git a/package/network/utils/iproute2/patches/140-allow_pfifo_fast.patch b/package/network/utils/iproute2/patches/140-allow_pfifo_fast.patch index 13de48f4128..8f5a7d352e5 100644 --- a/package/network/utils/iproute2/patches/140-allow_pfifo_fast.patch +++ b/package/network/utils/iproute2/patches/140-allow_pfifo_fast.patch @@ -1,6 +1,6 @@ --- a/tc/q_fifo.c +++ b/tc/q_fifo.c -@@ -95,5 +95,6 @@ struct qdisc_util pfifo_head_drop_qdisc_ +@@ -90,5 +90,6 @@ struct qdisc_util pfifo_head_drop_qdisc_ struct qdisc_util pfifo_fast_qdisc_util = { .id = "pfifo_fast", diff --git a/package/network/utils/iproute2/patches/140-keep_libmnl_optional.patch b/package/network/utils/iproute2/patches/140-keep_libmnl_optional.patch index a11a2a3fab2..0d228757517 100644 --- a/package/network/utils/iproute2/patches/140-keep_libmnl_optional.patch +++ b/package/network/utils/iproute2/patches/140-keep_libmnl_optional.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -367,7 +367,7 @@ check_selinux() +@@ -391,7 +391,7 @@ check_tirpc() check_mnl() { diff --git a/package/network/utils/iproute2/patches/145-keep_libelf_optional.patch b/package/network/utils/iproute2/patches/145-keep_libelf_optional.patch index c780022d1ad..bffacddb217 100644 --- a/package/network/utils/iproute2/patches/145-keep_libelf_optional.patch +++ b/package/network/utils/iproute2/patches/145-keep_libelf_optional.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -235,7 +235,7 @@ EOF +@@ -246,7 +246,7 @@ EOF check_elf() { diff --git a/package/network/utils/iproute2/patches/150-keep_libcap_optional.patch b/package/network/utils/iproute2/patches/150-keep_libcap_optional.patch index 8cd4e4ae6aa..570e9c7038b 100644 --- a/package/network/utils/iproute2/patches/150-keep_libcap_optional.patch +++ b/package/network/utils/iproute2/patches/150-keep_libcap_optional.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -425,7 +425,7 @@ EOF +@@ -449,7 +449,7 @@ EOF check_cap() { diff --git a/package/network/utils/iproute2/patches/155-keep_tirpc_optional.patch b/package/network/utils/iproute2/patches/155-keep_tirpc_optional.patch new file mode 100644 index 00000000000..4d7fb763086 --- /dev/null +++ b/package/network/utils/iproute2/patches/155-keep_tirpc_optional.patch @@ -0,0 +1,11 @@ +--- a/configure ++++ b/configure +@@ -378,7 +378,7 @@ check_selinux() + + check_tirpc() + { +- if ${PKG_CONFIG} libtirpc --exists; then ++ if [ "${HAVE_TIRPC}" = "y" ] && ${PKG_CONFIG} libtirpc --exists; then + echo "HAVE_RPC:=y" >>$CONFIG + echo "yes" + diff --git a/package/network/utils/iproute2/patches/170-ip_tiny.patch b/package/network/utils/iproute2/patches/170-ip_tiny.patch index d5e5b36936e..71081c36bcc 100644 --- a/package/network/utils/iproute2/patches/170-ip_tiny.patch +++ b/package/network/utils/iproute2/patches/170-ip_tiny.patch @@ -1,6 +1,6 @@ --- a/ip/Makefile +++ b/ip/Makefile -@@ -17,6 +17,13 @@ RTMONOBJ=rtmon.o +@@ -19,6 +19,13 @@ RTMONOBJ=rtmon.o include ../config.mk @@ -12,9 +12,9 @@ +STATIC_SYM_SOURCES:=$(filter-out $(STATIC_SYM_FILTER),$(wildcard *.c)) + ALLOBJ=$(IPOBJ) $(RTMONOBJ) - SCRIPTS=ifcfg rtpr routel routef + SCRIPTS=routel TARGETS=ip rtmon -@@ -46,7 +53,7 @@ else +@@ -48,7 +55,7 @@ else ip: static-syms.o static-syms.o: static-syms.h @@ -25,24 +25,25 @@ sed -n '/'$$s'[^ ]* =/{s:.* \([^ ]*'$$s'[^ ]*\) .*:extern char \1[] __attribute__((weak)); if (!strcmp(sym, "\1")) return \1;:;p}' $$files ; \ --- a/ip/ip.c +++ b/ip/ip.c -@@ -64,10 +64,16 @@ static void usage(void) +@@ -61,11 +61,17 @@ static void usage(void) fprintf(stderr, "Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }\n" " ip [ -force ] -batch filename\n" +#ifndef IPROUTE2_TINY - "where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |\n" - " tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |\n" - " netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila |\n" - " vrf | sr | nexthop | mptcp }\n" + "where OBJECT := { address | addrlabel | amt | fou | help | ila | ioam | l2tp |\n" + " link | macsec | maddress | monitor | mptcp | mroute | mrule |\n" + " neighbor | neighbour | netconf | netns | nexthop | ntable |\n" + " ntbl | route | rule | sr | tap | tcpmetrics |\n" + " token | tunnel | tuntap | vrf | xfrm }\n" +#else -+ "where OBJECT := { link | address | route | rule | neigh | tunnel | maddress |\n" -+ " mroute | mrule | monitor | netns | macsec | token | ila |\n" -+ " vrf | sr }\n" ++ "where OBJECT := { address | link | maddress | monitor |\n" ++ " neighbor | neighbour | netns | route |\n" ++ " rule | token | tunnel }\n" +#endif " OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n" " -h[uman-readable] | -iec | -j[son] | -p[retty] |\n" " -f[amily] { inet | inet6 | mpls | bridge | link } |\n" -@@ -90,36 +96,50 @@ static const struct cmd { +@@ -88,37 +94,49 @@ static const struct cmd { int (*func)(int argc, char **argv); } cmds[] = { { "address", do_ipaddr }, @@ -62,9 +63,9 @@ +#ifndef IPROUTE2_TINY { "l2tp", do_ipl2tp }, { "fou", do_ipfou }, -+#endif { "ila", do_ipila }, { "macsec", do_ipmacsec }, ++#endif { "tunnel", do_iptunnel }, { "tunl", do_iptunnel }, +#ifndef IPROUTE2_TINY @@ -77,22 +78,21 @@ { "monitor", do_ipmonitor }, +#ifndef IPROUTE2_TINY { "xfrm", do_xfrm }, -+#endif { "mroute", do_multiroute }, { "mrule", do_multirule }, ++#endif { "netns", do_netns }, +#ifndef IPROUTE2_TINY { "netconf", do_ipnetconf }, -+#endif { "vrf", do_ipvrf}, { "sr", do_seg6 }, -+#ifndef IPROUTE2_TINY { "nexthop", do_ipnh }, { "mptcp", do_mptcp }, + { "ioam", do_ioam6 }, +#endif { "help", do_help }, + { "stats", do_ipstats }, { 0 } - }; --- a/lib/Makefile +++ b/lib/Makefile @@ -3,6 +3,10 @@ include ../config.mk @@ -105,4 +105,4 @@ + UTILOBJ = utils.o utils_math.o rt_names.o ll_map.o ll_types.o ll_proto.o ll_addr.o \ inet_proto.o namespace.o json_writer.o json_print.o json_print_math.o \ - names.o color.o bpf_legacy.o bpf_glue.o exec.o fs.o cg_map.o + names.o color.o bpf_legacy.o bpf_glue.o exec.o fs.o cg_map.o ppp_proto.o diff --git a/package/network/utils/iproute2/patches/175-reduce-dynamic-syms.patch b/package/network/utils/iproute2/patches/175-reduce-dynamic-syms.patch index da961a183bd..aef51395a95 100644 --- a/package/network/utils/iproute2/patches/175-reduce-dynamic-syms.patch +++ b/package/network/utils/iproute2/patches/175-reduce-dynamic-syms.patch @@ -1,6 +1,6 @@ --- a/tc/Makefile +++ b/tc/Makefile -@@ -114,7 +114,7 @@ LDLIBS += -L. -lm +@@ -106,7 +106,7 @@ LDLIBS += -L. -lm ifeq ($(SHARED_LIBS),y) LDLIBS += -ldl @@ -9,7 +9,7 @@ endif TCLIB := tc_core.o -@@ -144,7 +144,7 @@ MODDESTDIR := $(DESTDIR)$(LIBDIR)/tc +@@ -135,7 +135,7 @@ MODDESTDIR := $(DESTDIR)$(LIBDIR)/tc all: tc $(TCSO) tc: $(TCOBJ) $(LIBNETLINK) libtc.a @@ -18,21 +18,22 @@ libtc.a: $(TCLIB) $(QUIET_AR)$(AR) rcs $@ $^ -@@ -166,6 +166,7 @@ install: all +@@ -157,6 +157,7 @@ install: all clean: rm -f $(TCOBJ) $(TCLIB) libtc.a tc *.so emp_ematch.tab.h; \ rm -f emp_ematch.tab.* + rm -f dynsyms.list - q_atm.so: q_atm.c - $(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fpic -o q_atm.so q_atm.c -latm -@@ -205,4 +206,15 @@ static-syms.h: $(wildcard *.c) + m_xt.so: m_xt.c + $(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fpic -o m_xt.so m_xt.c $$($(PKG_CONFIG) xtables --cflags --libs) +@@ -193,4 +194,16 @@ static-syms.h: $(wildcard *.c) sed -n '/'$$s'[^ ]* =/{s:.* \([^ ]*'$$s'[^ ]*\) .*:extern char \1[] __attribute__((weak)); if (!strcmp(sym, "\1")) return \1;:;p}' $$files ; \ done > $@ +else + +tc: dynsyms.list ++m_xt.so: dynsyms.list +dynsyms.list: $(wildcard *.c) + files="$(filter-out $(patsubst %.so,%.c,$(TCSO)), $^)" ; \ + echo "{" > $@ ; \ diff --git a/package/network/utils/iproute2/patches/180-drop_FAILED_POLICY.patch b/package/network/utils/iproute2/patches/180-drop_FAILED_POLICY.patch index 95b37ae4426..9ce7dd9a13e 100644 --- a/package/network/utils/iproute2/patches/180-drop_FAILED_POLICY.patch +++ b/package/network/utils/iproute2/patches/180-drop_FAILED_POLICY.patch @@ -11,7 +11,7 @@ Subject: [PATCH] add support for dropping with FAILED_POLICY --- a/ip/rtm_map.c +++ b/ip/rtm_map.c -@@ -54,6 +54,8 @@ char *rtnl_rtntype_n2a(int id, char *buf +@@ -49,6 +49,8 @@ char *rtnl_rtntype_n2a(int id, char *buf return "nat"; case RTN_XRESOLVE: return "xresolve"; @@ -20,7 +20,7 @@ Subject: [PATCH] add support for dropping with FAILED_POLICY default: snprintf(buf, len, "%d", id); return buf; -@@ -89,6 +91,8 @@ int rtnl_rtntype_a2n(int *id, char *arg) +@@ -84,6 +86,8 @@ int rtnl_rtntype_a2n(int *id, char *arg) res = RTN_UNICAST; else if (strcmp(arg, "throw") == 0) res = RTN_THROW; @@ -31,7 +31,7 @@ Subject: [PATCH] add support for dropping with FAILED_POLICY if (!end || end == arg || *end || res > 255) --- a/include/uapi/linux/rtnetlink.h +++ b/include/uapi/linux/rtnetlink.h -@@ -249,6 +249,7 @@ enum { +@@ -265,6 +265,7 @@ enum { RTN_THROW, /* Not in this table */ RTN_NAT, /* Translate this address */ RTN_XRESOLVE, /* Use external resolver */ diff --git a/package/network/utils/iproute2/patches/185-libbpf-add-limits-h.patch b/package/network/utils/iproute2/patches/185-libbpf-add-limits-h.patch deleted file mode 100644 index 07dbbc65b9f..00000000000 --- a/package/network/utils/iproute2/patches/185-libbpf-add-limits-h.patch +++ /dev/null @@ -1,45 +0,0 @@ -From c77310119f9a5f99221dd967c5eb0c7a26094b41 Mon Sep 17 00:00:00 2001 -From: Tony Ambardar <Tony.Ambardar@gmail.com> -Date: Wed, 3 Mar 2021 10:29:24 -0800 -Subject: [PATCH] lib/bpf: add missing limits.h includes - -Several functions in bpf_glue.c and bpf_libbpf.c rely on PATH_MAX, which is -normally included from <limits.h> in other iproute2 source files. - -It fixes errors seen using gcc 10.2.0, binutils 2.35.1 and musl 1.1.24: - -bpf_glue.c: In function 'get_libbpf_version': -bpf_glue.c:46:11: error: 'PATH_MAX' undeclared (first use in this function); -did you mean 'AF_MAX'? - 46 | char buf[PATH_MAX], *s; - | ^~~~~~~~ - | AF_MAX - -Reported-by: Rui Salvaterra <rsalvaterra@gmail.com> -Signed-off-by: Tony Ambardar <Tony.Ambardar@gmail.com> ---- - lib/bpf_glue.c | 2 ++ - lib/bpf_libbpf.c | 1 + - 2 files changed, 3 insertions(+) - ---- a/lib/bpf_glue.c -+++ b/lib/bpf_glue.c -@@ -4,6 +4,8 @@ - * Authors: Hangbin Liu <haliu@redhat.com> - * - */ -+#include <limits.h> -+ - #include "bpf_util.h" - #ifdef HAVE_LIBBPF - #include <bpf/bpf.h> ---- a/lib/bpf_libbpf.c -+++ b/lib/bpf_libbpf.c -@@ -13,6 +13,7 @@ - #include <stdint.h> - #include <errno.h> - #include <fcntl.h> -+#include <limits.h> - - #include <libelf.h> - #include <gelf.h> diff --git a/package/network/utils/iproute2/patches/190-fix-nls-rpath-link.patch b/package/network/utils/iproute2/patches/190-fix-nls-rpath-link.patch index d0f8cec6331..765e4ad2e87 100644 --- a/package/network/utils/iproute2/patches/190-fix-nls-rpath-link.patch +++ b/package/network/utils/iproute2/patches/190-fix-nls-rpath-link.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -259,7 +259,7 @@ int main(int argc, char **argv) { +@@ -270,7 +270,7 @@ int main(int argc, char **argv) { } EOF @@ -9,7 +9,7 @@ local ret=$? rm -f $TMPDIR/libbpf_test.c $TMPDIR/libbpf_test -@@ -277,7 +277,7 @@ int main(int argc, char **argv) { +@@ -288,7 +288,7 @@ int main(int argc, char **argv) { } EOF diff --git a/package/network/utils/iproute2/patches/195-build_variant_ip_tc.patch b/package/network/utils/iproute2/patches/195-build_variant_ip_tc.patch index 13418662eea..8156adbf050 100644 --- a/package/network/utils/iproute2/patches/195-build_variant_ip_tc.patch +++ b/package/network/utils/iproute2/patches/195-build_variant_ip_tc.patch @@ -1,9 +1,9 @@ --- a/ip/Makefile +++ b/ip/Makefile -@@ -26,7 +26,7 @@ STATIC_SYM_SOURCES:=$(filter-out $(STATI +@@ -28,7 +28,7 @@ STATIC_SYM_SOURCES:=$(filter-out $(STATI ALLOBJ=$(IPOBJ) $(RTMONOBJ) - SCRIPTS=ifcfg rtpr routel routef + SCRIPTS=routel -TARGETS=ip rtmon +TARGETS=$(findstring ip,$(BUILD_VARIANT)) rtmon @@ -11,7 +11,7 @@ --- a/tc/Makefile +++ b/tc/Makefile -@@ -141,7 +141,7 @@ MODDESTDIR := $(DESTDIR)$(LIBDIR)/tc +@@ -132,7 +132,7 @@ MODDESTDIR := $(DESTDIR)$(LIBDIR)/tc $(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fpic $< -o $@ diff --git a/package/network/utils/iproute2/patches/200-drop_libbsd_dependency.patch b/package/network/utils/iproute2/patches/200-drop_libbsd_dependency.patch index bf335e08009..92bf5cb66d8 100644 --- a/package/network/utils/iproute2/patches/200-drop_libbsd_dependency.patch +++ b/package/network/utils/iproute2/patches/200-drop_libbsd_dependency.patch @@ -1,12 +1,12 @@ --- a/configure +++ b/configure -@@ -411,14 +411,8 @@ EOF +@@ -435,14 +435,8 @@ EOF if $CC -I$INCLUDE -o $TMPDIR/strtest $TMPDIR/strtest.c >/dev/null 2>&1; then echo "no" else - if ${PKG_CONFIG} libbsd --exists; then -- echo 'CFLAGS += -DHAVE_LIBBSD' `${PKG_CONFIG} libbsd --cflags` >>$CONFIG -- echo 'LDLIBS +=' `${PKG_CONFIG} libbsd --libs` >> $CONFIG +- echo 'CFLAGS += -DHAVE_LIBBSD' "$(${PKG_CONFIG} libbsd --cflags)" >>$CONFIG +- echo 'LDLIBS +=' "$(${PKG_CONFIG} libbsd --libs)" >> $CONFIG - echo "no" - else - echo 'CFLAGS += -DNEED_STRLCPY' >>$CONFIG diff --git a/package/network/utils/iproute2/patches/300-selinux-configurable.patch b/package/network/utils/iproute2/patches/300-selinux-configurable.patch index 33c5279aec9..a611ba75f0f 100644 --- a/package/network/utils/iproute2/patches/300-selinux-configurable.patch +++ b/package/network/utils/iproute2/patches/300-selinux-configurable.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -354,7 +354,7 @@ check_libbpf() +@@ -365,7 +365,7 @@ check_libbpf() check_selinux() # SELinux is a compile time option in the ss utility { diff --git a/package/network/utils/ipset/Makefile b/package/network/utils/ipset/Makefile index bc4945e0f6c..b0aac8fe36e 100644 --- a/package/network/utils/ipset/Makefile +++ b/package/network/utils/ipset/Makefile @@ -9,15 +9,16 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=ipset -PKG_VERSION:=7.6 +PKG_VERSION:=7.17 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=http://ipset.netfilter.org -PKG_HASH:=0e7d44caa9c153d96a9b5f12644fbe35a632537a5a7f653792b72e53d9d5c2db +PKG_SOURCE_URL:=https://ipset.netfilter.org +PKG_HASH:=be49c9ff489dd6610cad6541e743c3384eac96e9f24707da7b3929d8f2ac64d8 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io> PKG_LICENSE:=GPL-2.0 +PKG_CPE_ID:=cpe:/a:netfilter:ipset PKG_FIXUP:=autoreconf PKG_INSTALL:=1 @@ -62,6 +63,7 @@ endef define Package/ipset/install $(INSTALL_DIR) $(1)/usr/sbin $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ipset $(1)/usr/sbin/ + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ipset-translate $(1)/usr/sbin/ endef define Package/libipset/install diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index 42d9af14b07..45a2b49070e 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -9,17 +9,18 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=iptables -PKG_VERSION:=1.8.7 -PKG_RELEASE:=1 +PKG_VERSION:=1.8.8 +PKG_RELEASE:=2 PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_HASH:=c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5e8d8f0 +PKG_HASH:=71c75889dc710676631553eb1511da0177bbaaf1b551265b912d236c3f51859f PKG_FIXUP:=autoreconf PKG_FLAGS:=nonshared PKG_INSTALL:=1 +PKG_BUILD_FLAGS:=gc-sections no-lto PKG_BUILD_PARALLEL:=1 PKG_LICENSE:=GPL-2.0 PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables @@ -41,31 +42,27 @@ endef define Package/iptables/Module $(call Package/iptables/Default) - DEPENDS:=iptables $(1) + DEPENDS:=+libxtables $(1) endef -define Package/iptables +define Package/xtables-legacy $(call Package/iptables/Default) TITLE:=IP firewall administration tool - MENU:=1 - DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables + DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libiptext +IPV6:libiptext6 +libxtables endef -define Package/iptables/config - config IPTABLES_CONNLABEL - bool "Enable Connlabel support" - default n - help - This enable connlabel support in iptables. - - config IPTABLES_NFTABLES - bool "Enable Nftables support" - default n - help - This enable nftables support in iptables. +define Package/iptables-zz-legacy +$(call Package/iptables/Default) + TITLE:=IP firewall administration tool + DEPENDS+= +xtables-legacy + PROVIDES:=iptables iptables-legacy + ALTERNATIVES:=\ + 200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \ + 200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \ + 200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi endef -define Package/iptables/description +define Package/iptables-zz-legacy/description IP firewall administration tool. Matches: @@ -105,10 +102,43 @@ IP firewall administration tool. endef +define Package/xtables-nft +$(call Package/iptables/Default) + TITLE:=IP firewall administration tool nft + DEPENDS:=+libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat +endef + +define Package/arptables-nft +$(call Package/iptables/Default) + DEPENDS:=+kmod-nft-arp +xtables-nft +kmod-arptables + TITLE:=ARP firewall administration tool nft + PROVIDES:=arptables + ALTERNATIVES:=\ + 300:/usr/sbin/arptables:/usr/sbin/xtables-nft-multi \ + 300:/usr/sbin/arptables-restore:/usr/sbin/xtables-nft-multi \ + 300:/usr/sbin/arptables-save:/usr/sbin/xtables-nft-multi +endef + +define Package/ebtables-nft +$(call Package/iptables/Default) + DEPENDS:=+kmod-nft-bridge +xtables-nft +kmod-ebtables + TITLE:=Bridge firewall administration tool nft + PROVIDES:=ebtables + ALTERNATIVES:=\ + 300:/usr/sbin/ebtables:/usr/sbin/xtables-nft-multi \ + 300:/usr/sbin/ebtables-restore:/usr/sbin/xtables-nft-multi \ + 300:/usr/sbin/ebtables-save:/usr/sbin/xtables-nft-multi +endef + define Package/iptables-nft $(call Package/iptables/Default) TITLE:=IP firewall administration tool nft - DEPENDS:=iptables @IPTABLES_NFTABLES +libxtables-nft + DEPENDS:=+kmod-ipt-core +xtables-nft + PROVIDES:=iptables + ALTERNATIVES:=\ + 300:/usr/sbin/iptables:/usr/sbin/xtables-nft-multi \ + 300:/usr/sbin/iptables-restore:/usr/sbin/xtables-nft-multi \ + 300:/usr/sbin/iptables-save:/usr/sbin/xtables-nft-multi endef define Package/iptables-nft/description @@ -121,7 +151,7 @@ Extra iptables nftables nft binaries. endef define Package/iptables-mod-conntrack-extra -$(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw) +$(call Package/iptables/Module, +kmod-ipt-conntrack-extra) TITLE:=Extra connection tracking extensions endef @@ -222,19 +252,6 @@ iptables extensions for extra NAT targets. - NETMAP endef -define Package/iptables-mod-ulog -$(call Package/iptables/Module, +kmod-ipt-ulog) - TITLE:=user-space packet logging -endef - -define Package/iptables-mod-ulog/description -iptables extensions for user-space packet logging. - - Targets: - - ULOG - -endef - define Package/iptables-mod-nflog $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog) TITLE:=Netfilter NFLOG target @@ -393,6 +410,19 @@ iptables extension for triggering a LED. endef +define Package/iptables-mod-socket +$(call Package/iptables/Module, +kmod-ipt-socket) + TITLE:=Socket match iptables extensions +endef + +define Package/iptables-mod-socket/description +Socket match iptables extensions. + + Matches: + - socket + +endef + define Package/iptables-mod-tproxy $(call Package/iptables/Module, +kmod-ipt-tproxy) TITLE:=Transparent proxy iptables extensions @@ -401,9 +431,6 @@ endef define Package/iptables-mod-tproxy/description Transparent proxy iptables extensions. - Matches: - - socket - Targets: - TPROXY @@ -444,42 +471,51 @@ define Package/iptables-mod-checksum/description iptables extension for the CHECKSUM calculation target endef -define Package/ip6tables +define Package/ip6tables-zz-legacy $(call Package/iptables/Default) - DEPENDS:=@IPV6 +kmod-ip6tables +iptables + DEPENDS:=@IPV6 +kmod-ip6tables +xtables-legacy CATEGORY:=Network TITLE:=IPv6 firewall administration tool - MENU:=1 + PROVIDES:=ip6tables ip6tables-legacy + ALTERNATIVES:=\ + 200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \ + 200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \ + 200:/usr/sbin/ip6tables-save:/usr/sbin/xtables-legacy-multi endef define Package/ip6tables-nft $(call Package/iptables/Default) - DEPENDS:=ip6tables @IPTABLES_NFTABLES +libxtables-nft + DEPENDS:=@IPV6 +kmod-ip6tables +xtables-nft TITLE:=IP firewall administration tool nft + PROVIDES:=ip6tables + ALTERNATIVES:=\ + 300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi \ + 300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi \ + 300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi endef define Package/ip6tables-nft/description Extra ip6tables nftables nft binaries. - iptables-nft - iptables-nft-restore - iptables-nft-save - iptables-translate - iptables-restore-translate + ip6tables-nft + ip6tables-nft-restore + ip6tables-nft-save + ip6tables-translate + ip6tables-restore-translate endef define Package/ip6tables-extra $(call Package/iptables/Default) - DEPENDS:=ip6tables +kmod-ip6tables-extra + DEPENDS:=+libxtables +kmod-ip6tables-extra TITLE:=IPv6 header matching modules endef -define Package/ip6tables-mod-extra/description +define Package/ip6tables-extra/description iptables header matching modules for IPv6 endef define Package/ip6tables-mod-nat $(call Package/iptables/Default) - DEPENDS:=ip6tables +kmod-ipt-nat6 + DEPENDS:=+libxtables +kmod-ipt-nat6 TITLE:=IPv6 NAT extensions endef @@ -493,7 +529,6 @@ $(call Package/iptables/Default) CATEGORY:=Libraries TITLE:=IPv4 firewall - shared libiptc library ABI_VERSION:=2 - DEPENDS:=+libxtables endef define Package/libip6tc @@ -502,27 +537,51 @@ $(call Package/iptables/Default) CATEGORY:=Libraries TITLE:=IPv6 firewall - shared libiptc library ABI_VERSION:=2 - DEPENDS:=+libxtables endef -define Package/libxtables +define Package/libiptext $(call Package/iptables/Default) SECTION:=libs CATEGORY:=Libraries - TITLE:=IPv4/IPv6 firewall - shared xtables library - ABI_VERSION:=12 - DEPENDS:= \ - +IPTABLES_CONNLABEL:libnetfilter-conntrack \ - +IPTABLES_NFTABLES:libnftnl + TITLE:=IPv4 firewall - shared libiptext library + ABI_VERSION:=0 + DEPENDS:=+libxtables +endef + +define Package/libiptext6 + $(call Package/iptables/Default) + SECTION:=libs + CATEGORY:=Libraries + TITLE:=IPv6 firewall - shared libiptext library + ABI_VERSION:=0 + DEPENDS:=+libxtables +endef + +define Package/libiptext-nft + $(call Package/iptables/Default) + SECTION:=libs + CATEGORY:=Libraries + TITLE:=IPv4/IPv6 firewall - shared libiptext nft library + ABI_VERSION:=0 + DEPENDS:=+libxtables endef -define Package/libxtables-nft +define Package/libxtables $(call Package/iptables/Default) SECTION:=libs CATEGORY:=Libraries - TITLE:=IPv4/IPv6 firewall - shared xtables nft library + TITLE:=IPv4/IPv6 firewall - shared xtables library + MENU:=1 ABI_VERSION:=12 - DEPENDS:=libxtables + DEPENDS:=+IPTABLES_CONNLABEL:libnetfilter-conntrack +endef + +define Package/libxtables/config + config IPTABLES_CONNLABEL + bool "Enable Connlabel support" + default n + help + This enable connlabel support in iptables. endef TARGET_CPPFLAGS := \ @@ -533,12 +592,8 @@ TARGET_CPPFLAGS := \ TARGET_CFLAGS += \ -I$(PKG_BUILD_DIR)/include \ -I$(LINUX_DIR)/user_headers/include \ - -ffunction-sections -fdata-sections \ -DNO_LEGACY -TARGET_LDFLAGS += \ - -Wl,--gc-sections - CONFIGURE_ARGS += \ --enable-shared \ --enable-static \ @@ -547,7 +602,6 @@ CONFIGURE_ARGS += \ --with-xtlibdir=/usr/lib/iptables \ --with-xt-lock-name=/var/run/xtables.lock \ $(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \ - $(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \ $(if $(CONFIG_IPV6),,--disable-ipv6) MAKE_FLAGS := \ @@ -580,7 +634,6 @@ define Build/InstallDev $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/ $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/ $(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/ - $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/ $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/ $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/ @@ -595,23 +648,45 @@ define Build/InstallDev $(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/ endef -define Package/iptables/install +define Package/xtables-legacy/install $(INSTALL_DIR) $(1)/usr/sbin $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/ - $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore,-save} $(1)/usr/sbin/ +endef + +define Package/iptables-zz-legacy/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-legacy{,-restore,-save} $(1)/usr/sbin/ $(INSTALL_DIR) $(1)/usr/lib/iptables endef -define Package/iptables-nft/install +define Package/xtables-nft/install $(INSTALL_DIR) $(1)/usr/sbin $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/ +endef + +define Package/arptables-nft/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/arptables-nft{,-restore,-save} $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/usr/lib/iptables + $(CP) $(PKG_BUILD_DIR)/extensions/libarpt_*.so $(1)/usr/lib/iptables/ +endef + +define Package/ebtables-nft/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ebtables-nft{,-restore,-save} $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/usr/lib/iptables + $(CP) $(PKG_BUILD_DIR)/extensions/libebt_*.so $(1)/usr/lib/iptables/ +endef + +define Package/iptables-nft/install + $(INSTALL_DIR) $(1)/usr/sbin $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/ endef -define Package/ip6tables/install +define Package/ip6tables-zz-legacy/install $(INSTALL_DIR) $(1)/usr/sbin - $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/ + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-legacy{,-restore,-save} $(1)/usr/sbin/ endef define Package/ip6tables-nft/install @@ -623,26 +698,34 @@ endef define Package/libip4tc/install $(INSTALL_DIR) $(1)/usr/lib $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/ - $(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/ endef define Package/libip6tc/install $(INSTALL_DIR) $(1)/usr/lib $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/ - $(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/ endef -define Package/libxtables/install +define Package/libiptext/install $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/ $(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/ + $(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/ +endef + +define Package/libiptext6/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/ endef -define Package/libxtables-nft/install +define Package/libiptext-nft/install $(INSTALL_DIR) $(1)/usr/lib $(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/ endef +define Package/libxtables/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/ +endef + define BuildPlugin define Package/$(1)/install $(INSTALL_DIR) $$(1)/usr/lib/iptables @@ -658,11 +741,17 @@ define BuildPlugin endef $(eval $(call BuildPackage,libxtables)) -$(eval $(call BuildPackage,libxtables-nft)) $(eval $(call BuildPackage,libip4tc)) $(eval $(call BuildPackage,libip6tc)) -$(eval $(call BuildPackage,iptables)) +$(eval $(call BuildPackage,libiptext)) +$(eval $(call BuildPackage,libiptext6)) +$(eval $(call BuildPackage,libiptext-nft)) +$(eval $(call BuildPackage,xtables-legacy)) +$(eval $(call BuildPackage,xtables-nft)) +$(eval $(call BuildPackage,arptables-nft)) +$(eval $(call BuildPackage,ebtables-nft)) $(eval $(call BuildPackage,iptables-nft)) +$(eval $(call BuildPackage,iptables-zz-legacy)) $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m))) $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m))) $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m))) @@ -674,10 +763,10 @@ $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m))) $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m))) $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m))) $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m))) -$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m))) $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m))) $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m))) $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m))) +$(eval $(call BuildPlugin,iptables-mod-socket,$(IPT_SOCKET-m))) $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m))) $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m))) $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m))) @@ -685,8 +774,8 @@ $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m))) $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m))) $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m))) $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m))) -$(eval $(call BuildPackage,ip6tables)) $(eval $(call BuildPackage,ip6tables-nft)) +$(eval $(call BuildPackage,ip6tables-zz-legacy)) $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m))) $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m))) diff --git a/package/network/utils/iptables/patches/020-treewide-use-uint-instead-of-u_int.patch b/package/network/utils/iptables/patches/020-treewide-use-uint-instead-of-u_int.patch new file mode 100644 index 00000000000..e4b0cd92dea --- /dev/null +++ b/package/network/utils/iptables/patches/020-treewide-use-uint-instead-of-u_int.patch @@ -0,0 +1,144 @@ +From f319389525b066b7dc6d389c88f16a0df3b8f189 Mon Sep 17 00:00:00 2001 +From: Nick Hainke <vincent@systemli.org> +Date: Mon, 16 May 2022 18:16:41 +0200 +Subject: treewide: use uint* instead of u_int* + +Gcc complains about missing types. Some commits introduced u_int* instead +of uint*. Use uint treewide. + +Fixes errors in the form of: +In file included from xtables-legacy-multi.c:5: +xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'? + 83 | set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, + | ^~~~~~~~~ + | uint16_t +make[6]: *** [Makefile:712: xtables_legacy_multi-xtables-legacy-multi.o] Error 1 + +Avoid libipq API breakage by adjusting libipq.h include accordingly. For +arpt_mangle.h kernel uAPI header, apply same change as in kernel commit +e91ded8db5747 ("uapi: netfilter_arp: use __u8 instead of u_int8_t"). + +Signed-off-by: Nick Hainke <vincent@systemli.org> +Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + extensions/libxt_conntrack.c | 2 +- + include/libipq/libipq.h | 8 ++++---- + include/libiptc/libxtc.h | 2 +- + include/linux/netfilter_arp/arpt_mangle.h | 2 +- + iptables/xshared.c | 2 +- + iptables/xshared.h | 2 +- + libipq/ipq_create_handle.3 | 2 +- + libipq/ipq_set_mode.3 | 2 +- + 8 files changed, 11 insertions(+), 11 deletions(-) + +--- a/extensions/libxt_conntrack.c ++++ b/extensions/libxt_conntrack.c +@@ -778,7 +778,7 @@ matchinfo_print(const void *ip, const st + + static void + conntrack_dump_ports(const char *prefix, const char *opt, +- u_int16_t port_low, u_int16_t port_high) ++ uint16_t port_low, uint16_t port_high) + { + if (port_high == 0 || port_low == port_high) + printf(" %s%s %u", prefix, opt, port_low); +--- a/include/libipq/libipq.h ++++ b/include/libipq/libipq.h +@@ -24,7 +24,7 @@ + #include <errno.h> + #include <unistd.h> + #include <fcntl.h> +-#include <sys/types.h> ++#include <stdint.h> + #include <sys/socket.h> + #include <sys/uio.h> + #include <asm/types.h> +@@ -48,19 +48,19 @@ typedef unsigned long ipq_id_t; + struct ipq_handle + { + int fd; +- u_int8_t blocking; ++ uint8_t blocking; + struct sockaddr_nl local; + struct sockaddr_nl peer; + }; + +-struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol); ++struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol); + + int ipq_destroy_handle(struct ipq_handle *h); + + ssize_t ipq_read(const struct ipq_handle *h, + unsigned char *buf, size_t len, int timeout); + +-int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len); ++int ipq_set_mode(const struct ipq_handle *h, uint8_t mode, size_t len); + + ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf); + +--- a/include/libiptc/libxtc.h ++++ b/include/libiptc/libxtc.h +@@ -10,7 +10,7 @@ extern "C" { + #endif + + #ifndef XT_MIN_ALIGN +-/* xt_entry has pointers and u_int64_t's in it, so if you align to ++/* xt_entry has pointers and uint64_t's in it, so if you align to + it, you'll also align to any crazy matches and targets someone + might write */ + #define XT_MIN_ALIGN (__alignof__(struct xt_entry)) +--- a/include/linux/netfilter_arp/arpt_mangle.h ++++ b/include/linux/netfilter_arp/arpt_mangle.h +@@ -13,7 +13,7 @@ struct arpt_mangle + union { + struct in_addr tgt_ip; + } u_t; +- u_int8_t flags; ++ __u8 flags; + int target; + }; + +--- a/iptables/xshared.c ++++ b/iptables/xshared.c +@@ -1025,7 +1025,7 @@ static const int inverse_for_options[NUM + }; + + void +-set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, ++set_option(unsigned int *options, unsigned int option, uint16_t *invflg, + bool invert) + { + if (*options & option) +--- a/iptables/xshared.h ++++ b/iptables/xshared.h +@@ -80,7 +80,7 @@ struct xtables_target; + #define IPT_INV_ARPHRD 0x0800 + + void +-set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, ++set_option(unsigned int *options, unsigned int option, uint16_t *invflg, + bool invert); + + /** +--- a/libipq/ipq_create_handle.3 ++++ b/libipq/ipq_create_handle.3 +@@ -24,7 +24,7 @@ ipq_create_handle, ipq_destroy_handle \( + .br + .B #include <libipq.h> + .sp +-.BI "struct ipq_handle *ipq_create_handle(u_int32_t " flags ", u_int32_t " protocol ");" ++.BI "struct ipq_handle *ipq_create_handle(uint32_t " flags ", uint32_t " protocol ");" + .br + .BI "int ipq_destroy_handle(struct ipq_handle *" h ); + .SH DESCRIPTION +--- a/libipq/ipq_set_mode.3 ++++ b/libipq/ipq_set_mode.3 +@@ -24,7 +24,7 @@ ipq_set_mode \(em set the ip_queue queui + .br + .B #include <libipq.h> + .sp +-.BI "int ipq_set_mode(const struct ipq_handle *" h ", u_int8_t " mode ", size_t " range ); ++.BI "int ipq_set_mode(const struct ipq_handle *" h ", uint8_t " mode ", size_t " range ); + .SH DESCRIPTION + The + .B ipq_set_mode diff --git a/package/network/utils/iptables/patches/030-revert-fix-build-for-missing-ETH_ALEN-definition.patch b/package/network/utils/iptables/patches/030-revert-fix-build-for-missing-ETH_ALEN-definition.patch new file mode 100644 index 00000000000..6c8e3deb5c3 --- /dev/null +++ b/package/network/utils/iptables/patches/030-revert-fix-build-for-missing-ETH_ALEN-definition.patch @@ -0,0 +1,60 @@ +From 0e7cf0ad306cdf95dc3c28d15a254532206a888e Mon Sep 17 00:00:00 2001 +From: Phil Sutter <phil@nwl.cc> +Date: Wed, 18 May 2022 16:04:09 +0200 +Subject: Revert "fix build for missing ETH_ALEN definition" +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This reverts commit c5d9a723b5159a28f547b577711787295a14fd84 as it broke +compiling against musl libc. Might be a bug in the latter, but for the +time being try to please both by avoiding the include and instead +defining ETH_ALEN if unset. + +While being at it, move netinet/ether.h include up. + +Fixes: 1bdb5535f561a ("libxtables: Extend MAC address printing/parsing support") +Signed-off-by: Phil Sutter <phil@nwl.cc> +Reviewed-by: Maciej Żenczykowski <maze@google.com> +--- + libxtables/xtables.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/libxtables/xtables.c ++++ b/libxtables/xtables.c +@@ -28,6 +28,7 @@ + #include <stdlib.h> + #include <string.h> + #include <unistd.h> ++#include <netinet/ether.h> + #include <sys/socket.h> + #include <sys/stat.h> + #include <sys/statfs.h> +@@ -45,7 +46,6 @@ + + #include <xtables.h> + #include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */ +-#include <linux/if_ether.h> /* ETH_ALEN */ + #include <linux/netfilter_ipv4/ip_tables.h> + #include <linux/netfilter_ipv6/ip6_tables.h> + #include <libiptc/libxtc.h> +@@ -72,6 +72,10 @@ + #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe" + #endif + ++#ifndef ETH_ALEN ++#define ETH_ALEN 6 ++#endif ++ + /* we need this for ip6?tables-restore. ip6?tables-restore.c sets line to the + * current line of the input file, in order to give a more precise error + * message. ip6?tables itself doesn't need this, so it is initialized to the +@@ -2245,8 +2249,6 @@ void xtables_print_num(uint64_t number, + printf(FMT("%4lluT ","%lluT "), (unsigned long long)number); + } + +-#include <netinet/ether.h> +- + static const unsigned char mac_type_unicast[ETH_ALEN] = {}; + static const unsigned char msk_type_unicast[ETH_ALEN] = {1}; + static const unsigned char mac_type_multicast[ETH_ALEN] = {1}; diff --git a/package/network/utils/iptables/patches/040-xshared-Fix-build-for-Werror-format-security.patch b/package/network/utils/iptables/patches/040-xshared-Fix-build-for-Werror-format-security.patch new file mode 100644 index 00000000000..f7e5e34c731 --- /dev/null +++ b/package/network/utils/iptables/patches/040-xshared-Fix-build-for-Werror-format-security.patch @@ -0,0 +1,23 @@ +From b72eb12ea5a61df0655ad99d5048994e916be83a Mon Sep 17 00:00:00 2001 +From: Phil Sutter <phil@nwl.cc> +Date: Fri, 13 May 2022 16:51:58 +0200 +Subject: [PATCH] xshared: Fix build for -Werror=format-security + +Gcc complains about the omitted format string. + +Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + iptables/xshared.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/iptables/xshared.c ++++ b/iptables/xshared.c +@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct + return; + + if (args->family != NFPROTO_ARP) +- xtables_error(PARAMETER_PROBLEM, msg); ++ xtables_error(PARAMETER_PROBLEM, "%s", msg); + + fprintf(stderr, "%s", msg); + } diff --git a/package/network/utils/iptables/patches/050-build-fix-error-during-out-of-tree-build.patch b/package/network/utils/iptables/patches/050-build-fix-error-during-out-of-tree-build.patch new file mode 100644 index 00000000000..acfca96e0fe --- /dev/null +++ b/package/network/utils/iptables/patches/050-build-fix-error-during-out-of-tree-build.patch @@ -0,0 +1,28 @@ +From 0ebf52fc951b2a4d98a166afb34af4f364bbeece Mon Sep 17 00:00:00 2001 +From: Ben Brown <ben@demerara.io> +Date: Wed, 25 May 2022 16:26:13 +0100 +Subject: build: Fix error during out of tree build + +Fixes the following error: + + ../../libxtables/xtables.c:52:10: fatal error: libiptc/linux_list.h: No such file or directory + 52 | #include <libiptc/linux_list.h> + +Fixes: f58b0d7406451 ("libxtables: Implement notargets hash table") +Signed-off-by: Ben Brown <ben@demerara.io> +Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + libxtables/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/libxtables/Makefile.am ++++ b/libxtables/Makefile.am +@@ -1,7 +1,7 @@ + # -*- Makefile -*- + + AM_CFLAGS = ${regular_CFLAGS} +-AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables ${kinclude_CPPFLAGS} ++AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables -I${top_srcdir} ${kinclude_CPPFLAGS} + + lib_LTLIBRARIES = libxtables.la + libxtables_la_SOURCES = xtables.c xtoptions.c getethertype.c diff --git a/package/network/utils/iptables/patches/060-libxtables-unexport-init_extensions-declarations.patch b/package/network/utils/iptables/patches/060-libxtables-unexport-init_extensions-declarations.patch new file mode 100644 index 00000000000..559b93eea43 --- /dev/null +++ b/package/network/utils/iptables/patches/060-libxtables-unexport-init_extensions-declarations.patch @@ -0,0 +1,82 @@ +From ef108943f69a6e20533d58823740d3f0534ea8ec Mon Sep 17 00:00:00 2001 +From: Phil Sutter <phil@nwl.cc> +Date: Wed, 1 Jun 2022 19:15:06 +0200 +Subject: libxtables: Unexport init_extensions*() declarations + +The functions are used for static builds to initialize extensions after +libxtables init. Regular library users should not need them, but the +empty declarations introduced in #else case (and therefore present in +user's env) may clash with existing symbol names. + +Avoid problems and guard the whole block declaring the function +prototypes and mangling extensions' _init functions by XTABLES_INTERNAL. + +Reported-by: Nick Hainke <vincent@systemli.org> +Fixes: 6c689b639cf8e ("Simplify static build extension loading") +Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + include/xtables.h | 44 ++++++++++++++++++++++---------------------- + 1 file changed, 22 insertions(+), 22 deletions(-) + +--- a/include/xtables.h ++++ b/include/xtables.h +@@ -585,27 +585,6 @@ static inline void xtables_print_mark_ma + xtables_print_val_mask(mark, mask, NULL); + } + +-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) +-# ifdef _INIT +-# undef _init +-# define _init _INIT +-# endif +- extern void init_extensions(void); +- extern void init_extensions4(void); +- extern void init_extensions6(void); +- extern void init_extensionsa(void); +- extern void init_extensionsb(void); +-#else +-# define _init __attribute__((constructor)) _INIT +-# define EMPTY_FUNC_DEF(x) static inline void x(void) {} +- EMPTY_FUNC_DEF(init_extensions) +- EMPTY_FUNC_DEF(init_extensions4) +- EMPTY_FUNC_DEF(init_extensions6) +- EMPTY_FUNC_DEF(init_extensionsa) +- EMPTY_FUNC_DEF(init_extensionsb) +-# undef EMPTY_FUNC_DEF +-#endif +- + extern const struct xtables_pprot xtables_chain_protos[]; + extern uint16_t xtables_parse_protocol(const char *s); + +@@ -663,9 +642,30 @@ void xtables_announce_chain(const char * + # define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x))) + # endif + ++#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) ++# ifdef _INIT ++# undef _init ++# define _init _INIT ++# endif ++ extern void init_extensions(void); ++ extern void init_extensions4(void); ++ extern void init_extensions6(void); ++ extern void init_extensionsa(void); ++ extern void init_extensionsb(void); ++#else ++# define _init __attribute__((constructor)) _INIT ++# define EMPTY_FUNC_DEF(x) static inline void x(void) {} ++ EMPTY_FUNC_DEF(init_extensions) ++ EMPTY_FUNC_DEF(init_extensions4) ++ EMPTY_FUNC_DEF(init_extensions6) ++ EMPTY_FUNC_DEF(init_extensionsa) ++ EMPTY_FUNC_DEF(init_extensionsb) ++# undef EMPTY_FUNC_DEF ++#endif ++ + extern void _init(void); + +-#endif ++#endif /* XTABLES_INTERNAL */ + + #ifdef __cplusplus + } /* extern "C" */ diff --git a/package/network/utils/iptables/patches/070-extensions-string-Review-parse_string-function.patch b/package/network/utils/iptables/patches/070-extensions-string-Review-parse_string-function.patch new file mode 100644 index 00000000000..cfcb6c77f38 --- /dev/null +++ b/package/network/utils/iptables/patches/070-extensions-string-Review-parse_string-function.patch @@ -0,0 +1,40 @@ +From da5b32fb4656ab69fe1156eb7e36c7c961839e8a Mon Sep 17 00:00:00 2001 +From: Phil Sutter <phil@nwl.cc> +Date: Wed, 8 Jun 2022 13:45:13 +0200 +Subject: [PATCH] extensions: string: Review parse_string() function + +* Compare against sizeof(info->pattern) which is more clear than having + to know that this buffer is of size XT_STRING_MAX_PATTERN_SIZE + +* Invert the check and error early to reduce indenting + +* Pass info->patlen to memcpy() to avoid reading past end of 's' + +Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + extensions/libxt_string.c | 13 ++++++------- + 1 file changed, 6 insertions(+), 7 deletions(-) + +--- a/extensions/libxt_string.c ++++ b/extensions/libxt_string.c +@@ -78,14 +78,13 @@ static void string_init(struct xt_entry_ + + static void + parse_string(const char *s, struct xt_string_info *info) +-{ ++{ + /* xt_string does not need \0 at the end of the pattern */ +- if (strlen(s) <= XT_STRING_MAX_PATTERN_SIZE) { +- memcpy(info->pattern, s, XT_STRING_MAX_PATTERN_SIZE); +- info->patlen = strnlen(s, XT_STRING_MAX_PATTERN_SIZE); +- return; +- } +- xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s); ++ if (strlen(s) > sizeof(info->pattern)) ++ xtables_error(PARAMETER_PROBLEM, "STRING too long \"%s\"", s); ++ ++ info->patlen = strnlen(s, sizeof(info->pattern)); ++ memcpy(info->pattern, s, info->patlen); + } + + static void diff --git a/package/network/utils/iptables/patches/101-remove-check-already.patch b/package/network/utils/iptables/patches/101-remove-check-already.patch index 16afafec2d5..bd49224c70b 100644 --- a/package/network/utils/iptables/patches/101-remove-check-already.patch +++ b/package/network/utils/iptables/patches/101-remove-check-already.patch @@ -1,6 +1,6 @@ --- a/libxtables/xtables.c +++ b/libxtables/xtables.c -@@ -968,12 +968,6 @@ void xtables_register_match(struct xtabl +@@ -1093,12 +1093,6 @@ void xtables_register_match(struct xtabl struct xtables_match **pos; bool seen_myself = false; @@ -13,7 +13,7 @@ if (me->version == NULL) { fprintf(stderr, "%s: match %s<%u> is missing a version\n", xt_params->program_name, me->name, me->revision); -@@ -1152,12 +1146,6 @@ void xtables_register_target(struct xtab +@@ -1277,12 +1271,6 @@ void xtables_register_target(struct xtab struct xtables_target **pos; bool seen_myself = false; diff --git a/package/network/utils/iptables/patches/102-iptables-disable-modprobe.patch b/package/network/utils/iptables/patches/102-iptables-disable-modprobe.patch index b8e19c781a1..710f481cac8 100644 --- a/package/network/utils/iptables/patches/102-iptables-disable-modprobe.patch +++ b/package/network/utils/iptables/patches/102-iptables-disable-modprobe.patch @@ -1,6 +1,15 @@ --- a/libxtables/xtables.c +++ b/libxtables/xtables.c -@@ -403,6 +403,7 @@ static char *get_modprobe(void) +@@ -476,7 +476,7 @@ char *xtables_strdup(const char *s) + return dup; + } + +-static char *get_modprobe(void) ++__attribute__((unused)) static char *get_modprobe(void) + { + int procfile; + char *ret; +@@ -511,6 +511,7 @@ static char *get_modprobe(void) int xtables_insmod(const char *modname, const char *modprobe, bool quiet) { @@ -8,7 +17,7 @@ char *buf = NULL; char *argv[4]; int status; -@@ -437,6 +438,7 @@ int xtables_insmod(const char *modname, +@@ -545,6 +546,7 @@ int xtables_insmod(const char *modname, free(buf); if (WIFEXITED(status) && WEXITSTATUS(status) == 0) return 0; diff --git a/package/network/utils/iptables/patches/200-configurable_builtin.patch b/package/network/utils/iptables/patches/200-configurable_builtin.patch index 6d7b5b5822c..75c29e1e9ca 100644 --- a/package/network/utils/iptables/patches/200-configurable_builtin.patch +++ b/package/network/utils/iptables/patches/200-configurable_builtin.patch @@ -60,7 +60,7 @@ .SECONDARY: -@@ -161,11 +181,11 @@ libext4.a: initext4.o ${libext4_objs} +@@ -163,11 +183,11 @@ libext4.a: initext4.o ${libext4_objs} libext6.a: initext6.o ${libext6_objs} ${AM_VERBOSE_AR} ${AR} crs $@ $^; diff --git a/package/network/utils/iptables/patches/600-shared-libext.patch b/package/network/utils/iptables/patches/600-shared-libext.patch index 819f628f9ef..838b1ffa660 100644 --- a/package/network/utils/iptables/patches/600-shared-libext.patch +++ b/package/network/utils/iptables/patches/600-shared-libext.patch @@ -18,7 +18,7 @@ -include .*.d -@@ -164,22 +164,22 @@ xt_connlabel_LIBADD = @libnetfilter_conn +@@ -166,22 +166,22 @@ xt_connlabel_LIBADD = @libnetfilter_conn # handling code in the Makefiles. # lib%.o: ${srcdir}/lib%.c diff --git a/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch index cc451ef9593..09db3900066 100644 --- a/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch +++ b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch @@ -1,6 +1,6 @@ --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c -@@ -1395,6 +1395,7 @@ static int conntrack3_mt6_xlate(struct x +@@ -1399,6 +1399,7 @@ static int conntrack3_mt6_xlate(struct x } static struct xtables_match conntrack_mt_reg[] = { @@ -8,7 +8,7 @@ { .version = XTABLES_VERSION, .name = "conntrack", -@@ -1470,6 +1471,7 @@ static struct xtables_match conntrack_mt +@@ -1474,6 +1475,7 @@ static struct xtables_match conntrack_mt .alias = conntrack_print_name_alias, .x6_options = conntrack2_mt_opts, }, @@ -16,7 +16,7 @@ { .version = XTABLES_VERSION, .name = "conntrack", -@@ -1502,6 +1504,7 @@ static struct xtables_match conntrack_mt +@@ -1506,6 +1508,7 @@ static struct xtables_match conntrack_mt .x6_options = conntrack3_mt_opts, .xlate = conntrack3_mt6_xlate, }, @@ -24,7 +24,7 @@ { .family = NFPROTO_UNSPEC, .name = "state", -@@ -1532,6 +1535,8 @@ static struct xtables_match conntrack_mt +@@ -1536,6 +1539,8 @@ static struct xtables_match conntrack_mt .x6_parse = state_ct23_parse, .x6_options = state_opts, }, @@ -33,7 +33,7 @@ { .family = NFPROTO_UNSPEC, .name = "state", -@@ -1561,6 +1566,7 @@ static struct xtables_match conntrack_mt +@@ -1565,6 +1570,7 @@ static struct xtables_match conntrack_mt .x6_parse = state_parse, .x6_options = state_opts, }, @@ -77,7 +77,7 @@ void _init(void) --- a/extensions/libxt_multiport.c +++ b/extensions/libxt_multiport.c -@@ -571,6 +571,7 @@ static int multiport_xlate6_v1(struct xt +@@ -591,6 +591,7 @@ static int multiport_xlate6_v1(struct xt } static struct xtables_match multiport_mt_reg[] = { @@ -85,7 +85,7 @@ { .family = NFPROTO_IPV4, .name = "multiport", -@@ -601,6 +602,7 @@ static struct xtables_match multiport_mt +@@ -621,6 +622,7 @@ static struct xtables_match multiport_mt .x6_options = multiport_opts, .xlate = multiport_xlate6, }, diff --git a/package/network/utils/iw/Makefile b/package/network/utils/iw/Makefile index 8e11046189c..528f6868b23 100644 --- a/package/network/utils/iw/Makefile +++ b/package/network/utils/iw/Makefile @@ -8,16 +8,18 @@ include $(TOPDIR)/rules.mk PKG_NAME:=iw -PKG_VERSION:=5.9-8fab0c9e -PKG_RELEASE:=$(AUTORELEASE) - -PKG_SOURCE_PROTO:=git -PKG_SOURCE_URL:=https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git -PKG_SOURCE_VERSION:=8fab0c9ee9db217587a58efcc37421c86edcb638 -PKG_MIRROR_HASH:=797b322bc03952f3127ae0a7da476c14ada1bbe9a9ae234a56dd6f864c568e16 +PKG_VERSION:=5.19 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz +PKG_SOURCE_URL:=@KERNEL/software/network/iw +PKG_HASH:=f167bbe947dd53bb9ebc0c1dcef5db6ad73ac1d6084f2c6f9376c5c360cc4d4e PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name> PKG_LICENSE:=GPL-2.0 +PKG_CPE_ID:=cpe:/a:kernel:iw + +PKG_BUILD_FLAGS:=gc-sections lto include $(INCLUDE_DIR)/package.mk @@ -47,8 +49,7 @@ TARGET_CPPFLAGS:= \ -I$(STAGING_DIR)/usr/include/libnl-tiny \ $(TARGET_CPPFLAGS) \ -DCONFIG_LIBNL20 \ - -D_GNU_SOURCE \ - -flto + -D_GNU_SOURCE ifeq ($(BUILD_VARIANT),full) TARGET_CPPFLAGS += -DIW_FULL @@ -56,8 +57,8 @@ ifeq ($(BUILD_VARIANT),full) endif MAKE_FLAGS += \ - CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -ffunction-sections -fdata-sections" \ - LDFLAGS="$(TARGET_LDFLAGS) -Wl,--gc-sections -flto" \ + CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \ + LDFLAGS="$(TARGET_LDFLAGS)" \ NL1FOUND="" NL2FOUND=Y \ NLLIBNAME="libnl-tiny" \ LIBS="-lm -lnl-tiny" \ diff --git a/package/network/utils/iw/patches/001-nl80211_h_sync.patch b/package/network/utils/iw/patches/001-nl80211_h_sync.patch deleted file mode 100644 index 1d6ea0fae0f..00000000000 --- a/package/network/utils/iw/patches/001-nl80211_h_sync.patch +++ /dev/null @@ -1,302 +0,0 @@ ---- a/nl80211.h -+++ b/nl80211.h -@@ -655,6 +655,9 @@ - * When a security association was established on an 802.1X network using - * fast transition, this event should be followed by an - * %NL80211_CMD_PORT_AUTHORIZED event. -+ * Following a %NL80211_CMD_ROAM event userspace can issue -+ * %NL80211_CMD_GET_SCAN in order to obtain the scan information for the -+ * new BSS the card/driver roamed to. - * @NL80211_CMD_DISCONNECT: drop a given connection; also used to notify - * userspace that a connection was dropped by the AP or due to other - * reasons, for this the %NL80211_ATTR_DISCONNECTED_BY_AP and -@@ -757,7 +760,8 @@ - * of any other interfaces, and other interfaces will again take - * precedence when they are used. - * -- * @NL80211_CMD_SET_WDS_PEER: Set the MAC address of the peer on a WDS interface. -+ * @NL80211_CMD_SET_WDS_PEER: Set the MAC address of the peer on a WDS interface -+ * (no longer supported). - * - * @NL80211_CMD_SET_MULTICAST_TO_UNICAST: Configure if this AP should perform - * multicast to unicast conversion. When enabled, all multicast packets -@@ -1177,6 +1181,10 @@ - * includes the contents of the frame. %NL80211_ATTR_ACK flag is included - * if the recipient acknowledged the frame. - * -+ * @NL80211_CMD_SET_SAR_SPECS: SAR power limitation configuration is -+ * passed using %NL80211_ATTR_SAR_SPEC. %NL80211_ATTR_WIPHY is used to -+ * specify the wiphy index to be applied to. -+ * - * @NL80211_CMD_MAX: highest used command number - * @__NL80211_CMD_AFTER_LAST: internal use - */ -@@ -1407,6 +1415,8 @@ enum nl80211_commands { - - NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS, - -+ NL80211_CMD_SET_SAR_SPECS, -+ - /* add new commands above here */ - - /* used to define NL80211_CMD_MAX below */ -@@ -1750,8 +1760,9 @@ enum nl80211_commands { - * specify just a single bitrate, which is to be used for the beacon. - * The driver must also specify support for this with the extended - * features NL80211_EXT_FEATURE_BEACON_RATE_LEGACY, -- * NL80211_EXT_FEATURE_BEACON_RATE_HT and -- * NL80211_EXT_FEATURE_BEACON_RATE_VHT. -+ * NL80211_EXT_FEATURE_BEACON_RATE_HT, -+ * NL80211_EXT_FEATURE_BEACON_RATE_VHT and -+ * NL80211_EXT_FEATURE_BEACON_RATE_HE. - * - * @NL80211_ATTR_FRAME_MATCH: A binary attribute which typically must contain - * at least one byte, currently used with @NL80211_CMD_REGISTER_FRAME. -@@ -1955,8 +1966,15 @@ enum nl80211_commands { - * @NL80211_ATTR_PROBE_RESP: Probe Response template data. Contains the entire - * probe-response frame. The DA field in the 802.11 header is zero-ed out, - * to be filled by the FW. -- * @NL80211_ATTR_DISABLE_HT: Force HT capable interfaces to disable -- * this feature. Currently, only supported in mac80211 drivers. -+ * @NL80211_ATTR_DISABLE_HT: Force HT capable interfaces to disable -+ * this feature during association. This is a flag attribute. -+ * Currently only supported in mac80211 drivers. -+ * @NL80211_ATTR_DISABLE_VHT: Force VHT capable interfaces to disable -+ * this feature during association. This is a flag attribute. -+ * Currently only supported in mac80211 drivers. -+ * @NL80211_ATTR_DISABLE_HE: Force HE capable interfaces to disable -+ * this feature during association. This is a flag attribute. -+ * Currently only supported in mac80211 drivers. - * @NL80211_ATTR_HT_CAPABILITY_MASK: Specify which bits of the - * ATTR_HT_CAPABILITY to which attention should be paid. - * Currently, only mac80211 NICs support this feature. -@@ -2077,7 +2095,8 @@ enum nl80211_commands { - * until the channel switch event. - * @NL80211_ATTR_CH_SWITCH_BLOCK_TX: flag attribute specifying that transmission - * must be blocked on the current channel (before the channel switch -- * operation). -+ * operation). Also included in the channel switch started event if quiet -+ * was requested by the AP. - * @NL80211_ATTR_CSA_IES: Nested set of attributes containing the IE information - * for the time while performing a channel switch. - * @NL80211_ATTR_CNTDWN_OFFS_BEACON: An array of offsets (u16) to the channel -@@ -2527,6 +2546,23 @@ enum nl80211_commands { - * override mask. Used with NL80211_ATTR_S1G_CAPABILITY in - * NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT. - * -+ * @NL80211_ATTR_SAE_PWE: Indicates the mechanism(s) allowed for SAE PWE -+ * derivation in WPA3-Personal networks which are using SAE authentication. -+ * This is a u8 attribute that encapsulates one of the values from -+ * &enum nl80211_sae_pwe_mechanism. -+ * -+ * @NL80211_ATTR_SAR_SPEC: SAR power limitation specification when -+ * used with %NL80211_CMD_SET_SAR_SPECS. The message contains fields -+ * of %nl80211_sar_attrs which specifies the sar type and related -+ * sar specs. Sar specs contains array of %nl80211_sar_specs_attrs. -+ * -+ * @NL80211_ATTR_RECONNECT_REQUESTED: flag attribute, used with deauth and -+ * disassoc events to indicate that an immediate reconnect to the AP -+ * is desired. -+ * -+ * @NL80211_ATTR_WIPHY_ANTENNA_GAIN: Configured antenna gain. Used to reduce -+ * transmit power to stay within regulatory limits. u32, dBi. -+ * - * @NUM_NL80211_ATTR: total number of nl80211_attrs available - * @NL80211_ATTR_MAX: highest attribute number currently defined - * @__NL80211_ATTR_AFTER_LAST: internal use -@@ -3016,6 +3052,16 @@ enum nl80211_attrs { - NL80211_ATTR_S1G_CAPABILITY, - NL80211_ATTR_S1G_CAPABILITY_MASK, - -+ NL80211_ATTR_SAE_PWE, -+ -+ NL80211_ATTR_RECONNECT_REQUESTED, -+ -+ NL80211_ATTR_SAR_SPEC, -+ -+ NL80211_ATTR_DISABLE_HE, -+ -+ NL80211_ATTR_WIPHY_ANTENNA_GAIN, -+ - /* add attributes here, update the policy in nl80211.c */ - - __NL80211_ATTR_AFTER_LAST, -@@ -5896,6 +5942,19 @@ enum nl80211_feature_flags { - * @NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP: Driver/device supports - * unsolicited broadcast probe response transmission - * -+ * @NL80211_EXT_FEATURE_BEACON_RATE_HE: Driver supports beacon rate -+ * configuration (AP/mesh) with HE rates. -+ * -+ * @NL80211_EXT_FEATURE_SECURE_LTF: Device supports secure LTF measurement -+ * exchange protocol. -+ * -+ * @NL80211_EXT_FEATURE_SECURE_RTT: Device supports secure RTT measurement -+ * exchange protocol. -+ * -+ * @NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE: Device supports management -+ * frame protection for all management frames exchanged during the -+ * negotiation and range measurement procedure. -+ * - * @NUM_NL80211_EXT_FEATURES: number of extended features. - * @MAX_NL80211_EXT_FEATURES: highest extended feature index. - */ -@@ -5956,6 +6015,10 @@ enum nl80211_ext_feature_index { - NL80211_EXT_FEATURE_SAE_OFFLOAD_AP, - NL80211_EXT_FEATURE_FILS_DISCOVERY, - NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP, -+ NL80211_EXT_FEATURE_BEACON_RATE_HE, -+ NL80211_EXT_FEATURE_SECURE_LTF, -+ NL80211_EXT_FEATURE_SECURE_RTT, -+ NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE, - - /* add new features before the definition below */ - NUM_NL80211_EXT_FEATURES, -@@ -6253,11 +6316,13 @@ struct nl80211_vendor_cmd_info { - * @NL80211_TDLS_PEER_HT: TDLS peer is HT capable. - * @NL80211_TDLS_PEER_VHT: TDLS peer is VHT capable. - * @NL80211_TDLS_PEER_WMM: TDLS peer is WMM capable. -+ * @NL80211_TDLS_PEER_HE: TDLS peer is HE capable. - */ - enum nl80211_tdls_peer_capability { - NL80211_TDLS_PEER_HT = 1<<0, - NL80211_TDLS_PEER_VHT = 1<<1, - NL80211_TDLS_PEER_WMM = 1<<2, -+ NL80211_TDLS_PEER_HE = 1<<3, - }; - - /** -@@ -6849,6 +6914,9 @@ enum nl80211_peer_measurement_ftm_capa { - * if neither %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED nor - * %NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED is set, EDCA based - * ranging will be used. -+ * @NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK: negotiate for LMR feedback. Only -+ * valid if either %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED or -+ * %NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED is set. - * - * @NUM_NL80211_PMSR_FTM_REQ_ATTR: internal - * @NL80211_PMSR_FTM_REQ_ATTR_MAX: highest attribute number -@@ -6867,6 +6935,7 @@ enum nl80211_peer_measurement_ftm_req { - NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC, - NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED, - NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED, -+ NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK, - - /* keep last */ - NUM_NL80211_PMSR_FTM_REQ_ATTR, -@@ -7124,4 +7193,115 @@ enum nl80211_unsol_bcast_probe_resp_attr - NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX = - __NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_LAST - 1 - }; -+ -+/** -+ * enum nl80211_sae_pwe_mechanism - The mechanism(s) allowed for SAE PWE -+ * derivation. Applicable only when WPA3-Personal SAE authentication is -+ * used. -+ * -+ * @NL80211_SAE_PWE_UNSPECIFIED: not specified, used internally to indicate that -+ * attribute is not present from userspace. -+ * @NL80211_SAE_PWE_HUNT_AND_PECK: hunting-and-pecking loop only -+ * @NL80211_SAE_PWE_HASH_TO_ELEMENT: hash-to-element only -+ * @NL80211_SAE_PWE_BOTH: both hunting-and-pecking loop and hash-to-element -+ * can be used. -+ */ -+enum nl80211_sae_pwe_mechanism { -+ NL80211_SAE_PWE_UNSPECIFIED, -+ NL80211_SAE_PWE_HUNT_AND_PECK, -+ NL80211_SAE_PWE_HASH_TO_ELEMENT, -+ NL80211_SAE_PWE_BOTH, -+}; -+ -+/** -+ * enum nl80211_sar_type - type of SAR specs -+ * -+ * @NL80211_SAR_TYPE_POWER: power limitation specified in 0.25dBm unit -+ * -+ */ -+enum nl80211_sar_type { -+ NL80211_SAR_TYPE_POWER, -+ -+ /* add new type here */ -+ -+ /* Keep last */ -+ NUM_NL80211_SAR_TYPE, -+}; -+ -+/** -+ * enum nl80211_sar_attrs - Attributes for SAR spec -+ * -+ * @NL80211_SAR_ATTR_TYPE: the SAR type as defined in &enum nl80211_sar_type. -+ * -+ * @NL80211_SAR_ATTR_SPECS: Nested array of SAR power -+ * limit specifications. Each specification contains a set -+ * of %nl80211_sar_specs_attrs. -+ * -+ * For SET operation, it contains array of %NL80211_SAR_ATTR_SPECS_POWER -+ * and %NL80211_SAR_ATTR_SPECS_RANGE_INDEX. -+ * -+ * For sar_capa dump, it contains array of -+ * %NL80211_SAR_ATTR_SPECS_START_FREQ -+ * and %NL80211_SAR_ATTR_SPECS_END_FREQ. -+ * -+ * @__NL80211_SAR_ATTR_LAST: Internal -+ * @NL80211_SAR_ATTR_MAX: highest sar attribute -+ * -+ * These attributes are used with %NL80211_CMD_SET_SAR_SPEC -+ */ -+enum nl80211_sar_attrs { -+ __NL80211_SAR_ATTR_INVALID, -+ -+ NL80211_SAR_ATTR_TYPE, -+ NL80211_SAR_ATTR_SPECS, -+ -+ __NL80211_SAR_ATTR_LAST, -+ NL80211_SAR_ATTR_MAX = __NL80211_SAR_ATTR_LAST - 1, -+}; -+ -+/** -+ * enum nl80211_sar_specs_attrs - Attributes for SAR power limit specs -+ * -+ * @NL80211_SAR_ATTR_SPECS_POWER: Required (s32)value to specify the actual -+ * power limit value in units of 0.25 dBm if type is -+ * NL80211_SAR_TYPE_POWER. (i.e., a value of 44 represents 11 dBm). -+ * 0 means userspace doesn't have SAR limitation on this associated range. -+ * -+ * @NL80211_SAR_ATTR_SPECS_RANGE_INDEX: Required (u32) value to specify the -+ * index of exported freq range table and the associated power limitation -+ * is applied to this range. -+ * -+ * Userspace isn't required to set all the ranges advertised by WLAN driver, -+ * and userspace can skip some certain ranges. These skipped ranges don't -+ * have SAR limitations, and they are same as setting the -+ * %NL80211_SAR_ATTR_SPECS_POWER to any unreasonable high value because any -+ * value higher than regulatory allowed value just means SAR power -+ * limitation is removed, but it's required to set at least one range. -+ * It's not allowed to set duplicated range in one SET operation. -+ * -+ * Every SET operation overwrites previous SET operation. -+ * -+ * @NL80211_SAR_ATTR_SPECS_START_FREQ: Required (u32) value to specify the start -+ * frequency of this range edge when registering SAR capability to wiphy. -+ * It's not a channel center frequency. The unit is kHz. -+ * -+ * @NL80211_SAR_ATTR_SPECS_END_FREQ: Required (u32) value to specify the end -+ * frequency of this range edge when registering SAR capability to wiphy. -+ * It's not a channel center frequency. The unit is kHz. -+ * -+ * @__NL80211_SAR_ATTR_SPECS_LAST: Internal -+ * @NL80211_SAR_ATTR_SPECS_MAX: highest sar specs attribute -+ */ -+enum nl80211_sar_specs_attrs { -+ __NL80211_SAR_ATTR_SPECS_INVALID, -+ -+ NL80211_SAR_ATTR_SPECS_POWER, -+ NL80211_SAR_ATTR_SPECS_RANGE_INDEX, -+ NL80211_SAR_ATTR_SPECS_START_FREQ, -+ NL80211_SAR_ATTR_SPECS_END_FREQ, -+ -+ __NL80211_SAR_ATTR_SPECS_LAST, -+ NL80211_SAR_ATTR_SPECS_MAX = __NL80211_SAR_ATTR_SPECS_LAST - 1, -+}; -+ - #endif /* __LINUX_NL80211_H */ diff --git a/package/network/utils/iw/patches/010-Revert-iw-allow-specifying-CFLAGS-LIBS-externally.patch b/package/network/utils/iw/patches/010-Revert-iw-allow-specifying-CFLAGS-LIBS-externally.patch new file mode 100644 index 00000000000..1254efa9c70 --- /dev/null +++ b/package/network/utils/iw/patches/010-Revert-iw-allow-specifying-CFLAGS-LIBS-externally.patch @@ -0,0 +1,68 @@ +From 1f3706d10812d70adefe32fe0d7d3a3ec25374f0 Mon Sep 17 00:00:00 2001 +From: Hauke Mehrtens <hauke@hauke-m.de> +Date: Sun, 21 Nov 2021 00:02:57 +0100 +Subject: Revert "iw: allow specifying CFLAGS/LIBS externally" + +This reverts commit 1325244b77d56fd7a16d1e35fdae0efc151920b1. + +The OpenWrt build system provides the CFLAGS and LIBS names from the +package Makefile to overwrite them for libnl-tiny. This is not possible +after this upstream change which we revert here any more + +Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> +--- + Makefile | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -45,30 +45,30 @@ NLLIBNAME = libnl-1 + endif + + ifeq ($(NL2FOUND),Y) +-override CFLAGS += -DCONFIG_LIBNL20 +-override LIBS += -lnl-genl ++CFLAGS += -DCONFIG_LIBNL20 ++LIBS += -lnl-genl + NLLIBNAME = libnl-2.0 + endif + + ifeq ($(NL3xFOUND),Y) + # libnl 3.2 might be found as 3.2 and 3.0 + NL3FOUND = N +-override CFLAGS += -DCONFIG_LIBNL30 +-override LIBS += -lnl-genl-3 ++CFLAGS += -DCONFIG_LIBNL30 ++LIBS += -lnl-genl-3 + NLLIBNAME = libnl-3.0 + endif + + ifeq ($(NL3FOUND),Y) +-override CFLAGS += -DCONFIG_LIBNL30 +-override LIBS += -lnl-genl ++CFLAGS += -DCONFIG_LIBNL30 ++LIBS += -lnl-genl + NLLIBNAME = libnl-3.0 + endif + + # nl-3.1 has a broken libnl-gnl-3.1.pc file + # as show by pkg-config --debug --libs --cflags --exact-version=3.1 libnl-genl-3.1;echo $? + ifeq ($(NL31FOUND),Y) +-override CFLAGS += -DCONFIG_LIBNL30 +-override LIBS += -lnl-genl ++CFLAGS += -DCONFIG_LIBNL30 ++LIBS += -lnl-genl + NLLIBNAME = libnl-3.1 + endif + +@@ -76,8 +76,8 @@ ifeq ($(NLLIBNAME),) + $(error Cannot find development files for any supported version of libnl) + endif + +-override LIBS += $(shell $(PKG_CONFIG) --libs $(NLLIBNAME)) +-override CFLAGS += $(shell $(PKG_CONFIG) --cflags $(NLLIBNAME)) ++LIBS += $(shell $(PKG_CONFIG) --libs $(NLLIBNAME)) ++CFLAGS += $(shell $(PKG_CONFIG) --cflags $(NLLIBNAME)) + endif # NO_PKG_CONFIG + + ifeq ($(V),1) diff --git a/package/network/utils/iw/patches/120-antenna_gain.patch b/package/network/utils/iw/patches/120-antenna_gain.patch deleted file mode 100644 index f8d537fe1ed..00000000000 --- a/package/network/utils/iw/patches/120-antenna_gain.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- a/phy.c -+++ b/phy.c -@@ -855,3 +855,30 @@ static int handle_get_txq(struct nl80211 - COMMAND(get, txq, "", - NL80211_CMD_GET_WIPHY, 0, CIB_PHY, handle_get_txq, - "Get TXQ parameters."); -+ -+static int handle_antenna_gain(struct nl80211_state *state, -+ struct nl_msg *msg, -+ int argc, char **argv, -+ enum id_input id) -+{ -+ char *endptr; -+ int dbm; -+ -+ /* get the required args */ -+ if (argc != 1) -+ return 1; -+ -+ dbm = strtol(argv[0], &endptr, 10); -+ if (*endptr) -+ return 2; -+ -+ NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_GAIN, dbm); -+ -+ return 0; -+ -+ nla_put_failure: -+ return -ENOBUFS; -+} -+COMMAND(set, antenna_gain, "<antenna gain in dBm>", -+ NL80211_CMD_SET_WIPHY, 0, CIB_PHY, handle_antenna_gain, -+ "Specify antenna gain."); diff --git a/package/network/utils/iw/patches/200-reduce_size.patch b/package/network/utils/iw/patches/200-reduce_size.patch index 83e11405cbd..86219945242 100644 --- a/package/network/utils/iw/patches/200-reduce_size.patch +++ b/package/network/utils/iw/patches/200-reduce_size.patch @@ -1,6 +1,6 @@ --- a/event.c +++ b/event.c -@@ -956,6 +956,7 @@ static int print_event(struct nl_msg *ms +@@ -971,6 +971,7 @@ static int print_event(struct nl_msg *ms } switch (gnlh->cmd) { @@ -8,7 +8,7 @@ case NL80211_CMD_NEW_WIPHY: printf("renamed to %s\n", nla_get_string(tb[NL80211_ATTR_WIPHY_NAME])); break; -@@ -991,6 +992,7 @@ static int print_event(struct nl_msg *ms +@@ -1006,6 +1007,7 @@ static int print_event(struct nl_msg *ms case NL80211_CMD_SCHED_SCAN_RESULTS: printf("got scheduled scan results\n"); break; @@ -16,7 +16,7 @@ case NL80211_CMD_WIPHY_REG_CHANGE: case NL80211_CMD_REG_CHANGE: if (gnlh->cmd == NL80211_CMD_WIPHY_REG_CHANGE) -@@ -1073,6 +1075,7 @@ static int print_event(struct nl_msg *ms +@@ -1088,6 +1090,7 @@ static int print_event(struct nl_msg *ms mac_addr_n2a(macbuf, nla_data(tb[NL80211_ATTR_MAC])); printf("del station %s\n", macbuf); break; @@ -24,9 +24,9 @@ case NL80211_CMD_JOIN_IBSS: mac_addr_n2a(macbuf, nla_data(tb[NL80211_ATTR_MAC])); printf("IBSS %s joined\n", macbuf); -@@ -1271,9 +1274,9 @@ static int print_event(struct nl_msg *ms - case NL80211_CMD_CH_SWITCH_NOTIFY: - parse_ch_switch_notify(tb, gnlh->cmd); +@@ -1295,9 +1298,9 @@ static int print_event(struct nl_msg *ms + case NL80211_CMD_ASSOC_COMEBACK: /* 147 */ + parse_assoc_comeback(tb, gnlh->cmd); break; +#endif default: @@ -38,7 +38,7 @@ --- a/info.c +++ b/info.c -@@ -216,6 +216,7 @@ next: +@@ -309,6 +309,7 @@ next: } } @@ -46,7 +46,7 @@ if (tb_band[NL80211_BAND_ATTR_RATES]) { printf("\t\tBitrates (non-HT):\n"); nla_for_each_nested(nl_rate, tb_band[NL80211_BAND_ATTR_RATES], rem_rate) { -@@ -232,6 +233,7 @@ next: +@@ -325,6 +326,7 @@ next: printf("\n"); } } @@ -54,7 +54,7 @@ } } -@@ -297,6 +299,7 @@ next: +@@ -390,6 +392,7 @@ next: printf("\tCoverage class: %d (up to %dm)\n", coverage, 450 * coverage); } @@ -62,7 +62,7 @@ if (tb_msg[NL80211_ATTR_CIPHER_SUITES]) { int num = nla_len(tb_msg[NL80211_ATTR_CIPHER_SUITES]) / sizeof(__u32); int i; -@@ -308,6 +311,7 @@ next: +@@ -401,6 +404,7 @@ next: cipher_name(ciphers[i])); } } @@ -70,21 +70,19 @@ if (tb_msg[NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX] && tb_msg[NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX]) -@@ -327,11 +331,13 @@ next: - printf("\t\t * %s\n", iftype_name(nla_type(nl_mode))); - } +@@ -418,9 +422,11 @@ next: + print_iftype_list("\tSupported interface modes", "\t\t", + tb_msg[NL80211_ATTR_SUPPORTED_IFTYPES]); +#ifdef IW_FULL - if (tb_msg[NL80211_ATTR_SOFTWARE_IFTYPES]) { - printf("\tsoftware interface modes (can always be added):\n"); - nla_for_each_nested(nl_mode, tb_msg[NL80211_ATTR_SOFTWARE_IFTYPES], rem_mode) - printf("\t\t * %s\n", iftype_name(nla_type(nl_mode))); - } + if (tb_msg[NL80211_ATTR_SOFTWARE_IFTYPES]) + print_iftype_list("\tsoftware interface modes (can always be added)", + "\t\t", tb_msg[NL80211_ATTR_SOFTWARE_IFTYPES]); +#endif if (tb_msg[NL80211_ATTR_INTERFACE_COMBINATIONS]) { struct nlattr *nl_combi; -@@ -428,6 +434,7 @@ broken_combination: +@@ -510,6 +516,7 @@ broken_combination: printf("\tinterface combinations are not supported\n"); } @@ -92,7 +90,7 @@ if (tb_msg[NL80211_ATTR_SUPPORTED_COMMANDS]) { printf("\tSupported commands:\n"); nla_for_each_nested(nl_cmd, tb_msg[NL80211_ATTR_SUPPORTED_COMMANDS], rem_cmd) -@@ -525,6 +532,7 @@ broken_combination: +@@ -607,6 +614,7 @@ broken_combination: printf("\t\t * wake up on TCP connection\n"); } } @@ -100,7 +98,7 @@ if (tb_msg[NL80211_ATTR_ROAM_SUPPORT]) printf("\tDevice supports roaming.\n"); -@@ -563,6 +571,7 @@ broken_combination: +@@ -645,6 +653,7 @@ broken_combination: } } @@ -108,7 +106,7 @@ if (tb_msg[NL80211_ATTR_FEATURE_FLAGS]) { unsigned int features = nla_get_u32(tb_msg[NL80211_ATTR_FEATURE_FLAGS]); -@@ -627,6 +636,7 @@ broken_combination: +@@ -709,6 +718,7 @@ broken_combination: if (features & NL80211_FEATURE_ND_RANDOM_MAC_ADDR) printf("\tDevice supports randomizing MAC-addr in net-detect scans.\n"); } @@ -116,7 +114,7 @@ if (tb_msg[NL80211_ATTR_TDLS_SUPPORT]) printf("\tDevice supports T-DLS.\n"); -@@ -762,6 +772,7 @@ TOPLEVEL(list, NULL, NL80211_CMD_GET_WIP +@@ -774,6 +784,7 @@ TOPLEVEL(list, NULL, NL80211_CMD_GET_WIP "List all wireless devices and their capabilities."); TOPLEVEL(phy, NULL, NL80211_CMD_GET_WIPHY, NLM_F_DUMP, CIB_NONE, handle_info, NULL); @@ -124,7 +122,7 @@ static int handle_commands(struct nl80211_state *state, struct nl_msg *msg, int argc, char **argv, enum id_input id) { -@@ -773,6 +784,7 @@ static int handle_commands(struct nl8021 +@@ -785,6 +796,7 @@ static int handle_commands(struct nl8021 } TOPLEVEL(commands, NULL, NL80211_CMD_GET_WIPHY, 0, CIB_NONE, handle_commands, "list all known commands and their decimal & hex value"); @@ -187,23 +185,29 @@ }; static void print_wifi_wpa(const uint8_t type, uint8_t len, const uint8_t *data, -@@ -2326,6 +2331,7 @@ void print_ies(unsigned char *ie, int ie - ieprinters[ie[0]].flags & BIT(ptype)) { - print_ie(&ieprinters[ie[0]], - ie[0], ie[1], ie + 2, &ie_buffer); +@@ -2080,8 +2085,10 @@ static void print_wifi_wps(const uint8_t + + static const struct ie_print wifiprinters[] = { + [1] = { "WPA", print_wifi_wpa, 2, 255, BIT(PRINT_SCAN), }, +#ifdef IW_FULL - } else if (ie[0] == 221 /* vendor */) { - print_vendor(ie[1], ie + 2, unknown, ptype); - } else if (ie[0] == 255 /* extension */) { -@@ -2337,6 +2343,7 @@ void print_ies(unsigned char *ie, int ie - for (i=0; i<ie[1]; i++) - printf(" %.2x", ie[2+i]); - printf("\n"); + [2] = { "WMM", print_wifi_wmm, 1, 255, BIT(PRINT_SCAN), }, + [4] = { "WPS", print_wifi_wps, 0, 255, BIT(PRINT_SCAN), }, +#endif - } - ielen -= ie[1] + 2; - ie += ie[1] + 2; -@@ -2377,6 +2384,7 @@ static void print_capa_non_dmg(__u16 cap + }; + + static inline void print_p2p(const uint8_t type, uint8_t len, +@@ -2244,6 +2251,10 @@ static void print_vendor(unsigned char l + return; + } + ++#ifdef IW_FULL ++ return; ++#endif ++ + if (len >= 4 && memcmp(data, wfa_oui, 3) == 0) { + if (data[3] < ARRAY_SIZE(wfa_printers) && + wfa_printers[data[3]].name && +@@ -2377,6 +2388,7 @@ static void print_capa_non_dmg(__u16 cap printf(" ESS"); if (capa & WLAN_CAPABILITY_IBSS) printf(" IBSS"); @@ -211,7 +215,7 @@ if (capa & WLAN_CAPABILITY_CF_POLLABLE) printf(" CfPollable"); if (capa & WLAN_CAPABILITY_CF_POLL_REQUEST) -@@ -2405,6 +2413,7 @@ static void print_capa_non_dmg(__u16 cap +@@ -2405,6 +2417,7 @@ static void print_capa_non_dmg(__u16 cap printf(" DelayedBACK"); if (capa & WLAN_CAPABILITY_IMM_BACK) printf(" ImmediateBACK"); @@ -219,7 +223,7 @@ } static int print_bss_handler(struct nl_msg *msg, void *arg) -@@ -2489,8 +2498,10 @@ static int print_bss_handler(struct nl_m +@@ -2489,8 +2502,10 @@ static int print_bss_handler(struct nl_m if (bss[NL80211_BSS_FREQUENCY]) { int freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); printf("\tfreq: %d\n", freq); @@ -230,7 +234,7 @@ } if (bss[NL80211_BSS_BEACON_INTERVAL]) printf("\tbeacon interval: %d TUs\n", -@@ -2684,6 +2695,7 @@ static int handle_stop_sched_scan(struct +@@ -2684,6 +2699,7 @@ static int handle_stop_sched_scan(struct return 0; } @@ -238,7 +242,7 @@ COMMAND(scan, sched_start, SCHED_SCAN_OPTIONS, NL80211_CMD_START_SCHED_SCAN, 0, CIB_NETDEV, handle_start_sched_scan, -@@ -2694,3 +2706,4 @@ COMMAND(scan, sched_start, +@@ -2694,3 +2710,4 @@ COMMAND(scan, sched_start, COMMAND(scan, sched_stop, "", NL80211_CMD_STOP_SCHED_SCAN, 0, CIB_NETDEV, handle_stop_sched_scan, "Stop an ongoing scheduled scan."); @@ -288,7 +292,7 @@ ifeq ($(NO_PKG_CONFIG),) --- a/station.c +++ b/station.c -@@ -777,10 +777,12 @@ static int handle_station_set_plink(stru +@@ -791,10 +791,12 @@ static int handle_station_set_plink(stru nla_put_failure: return -ENOBUFS; } @@ -301,7 +305,7 @@ static int handle_station_set_vlan(struct nl80211_state *state, struct nl_msg *msg, -@@ -875,11 +877,13 @@ static int handle_station_set_mesh_power +@@ -889,11 +891,13 @@ static int handle_station_set_mesh_power nla_put_failure: return -ENOBUFS; } @@ -317,7 +321,7 @@ struct nl_msg *msg, --- a/interface.c +++ b/interface.c -@@ -627,9 +627,11 @@ static int handle_interface_wds_peer(str +@@ -629,9 +629,11 @@ static int handle_interface_wds_peer(str nla_put_failure: return -ENOBUFS; } @@ -329,7 +333,7 @@ static int set_mcast_rate(struct nl80211_state *state, struct nl_msg *msg, -@@ -719,6 +721,7 @@ static int handle_chan(struct nl80211_st +@@ -721,6 +723,7 @@ static int handle_chan(struct nl80211_st return handle_chanfreq(state, msg, true, argc, argv, id); } @@ -337,7 +341,7 @@ SECTION(switch); COMMAND(switch, freq, "<freq> [NOHT|HT20|HT40+|HT40-|5MHz|10MHz|80MHz] [beacons <count>] [block-tx]\n" -@@ -990,3 +993,4 @@ COMMAND(set, tidconf, "[peer <MAC addres +@@ -992,3 +995,4 @@ COMMAND(set, tidconf, "[peer <MAC addres " $ iw dev wlan0 set tidconf peer xx:xx:xx:xx:xx:xx tids 0x2 bitrates auto\n" " $ iw dev wlan0 set tidconf peer xx:xx:xx:xx:xx:xx tids 0x2 bitrates limit vht-mcs-5 4:9\n" ); diff --git a/package/network/utils/iwinfo/Makefile b/package/network/utils/iwinfo/Makefile index 9dbf91efe9f..4fef2babbb2 100644 --- a/package/network/utils/iwinfo/Makefile +++ b/package/network/utils/iwinfo/Makefile @@ -11,13 +11,15 @@ PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/iwinfo.git -PKG_SOURCE_DATE:=2021-07-11 -PKG_SOURCE_VERSION:=a0a0e02dd91d14a50155390d5fd3b95d6ec87bf4 -PKG_MIRROR_HASH:=7b4f745c2cace836e57bd116399973d9ac32cee7f98d4628a17395caa3d0cebc +PKG_SOURCE_DATE:=2023-11-19 +PKG_SOURCE_VERSION:=a34977c0760c93480491c8eb94da656b57d7f4cc +PKG_MIRROR_HASH:=cb01671a2a9155f8ba55751ab1fe28488c5821212dd97ba5b79653640abb787e PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io> PKG_LICENSE:=GPL-2.0 -IWINFO_ABI_VERSION:=20210430 +PKG_BUILD_FLAGS:=no-lto + +IWINFO_ABI_VERSION:=20230701 include $(INCLUDE_DIR)/package.mk diff --git a/package/network/utils/layerscape/restool/Makefile b/package/network/utils/layerscape/restool/Makefile index 73fa8e4d9ea..5919f42ff2a 100644 --- a/package/network/utils/layerscape/restool/Makefile +++ b/package/network/utils/layerscape/restool/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=restool -PKG_VERSION:=LSDK-20.04 -PKG_RELEASE:=2 +PKG_VERSION:=21.08 +PKG_RELEASE:=4 PKG_SOURCE_PROTO:=git -PKG_SOURCE_URL:=https://source.codeaurora.org/external/qoriq/qoriq-components/restool -PKG_SOURCE_VERSION:=f0cec094e4c6d1c975b377203a3bf994ba9325a9 -PKG_MIRROR_HASH:=1863acfaef319e6b277671fead51df0a31bdddb59022080d86b7d81da0bc8490 +PKG_SOURCE_URL:=https://github.com/nxp-qoriq/restool +PKG_SOURCE_VERSION:=LSDK-21.08 +PKG_MIRROR_HASH:=0396644927b8f3da20183227562f695c8063d3d4c6bb606e8f31dda450e962e4 PKG_FLAGS:=nonshared diff --git a/package/network/utils/layerscape/restool/patches/0001-restool-fix-get_device_file-function.patch b/package/network/utils/layerscape/restool/patches/0001-restool-fix-get_device_file-function.patch deleted file mode 100644 index 2745fd02a0e..00000000000 --- a/package/network/utils/layerscape/restool/patches/0001-restool-fix-get_device_file-function.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 37f0f1550e7822584b858edde416a694fb902236 Mon Sep 17 00:00:00 2001 -From: Ioana Ciornei <ioana.ciornei@nxp.com> -Date: Tue, 31 Jul 2018 13:33:20 +0300 -Subject: [PATCH] restool: fix get_device_file() function - -This patch fixes multiple problems encountered in the -get_device_file() function: - - The deprecated atoi() function is replaced by strtoul - - An invalid memory access was being performed by using - memory from dir->d_name even after closedir(). This is - fixed by a strdup() on the device filename. - - Also, error prints now print any relevant error code. - -Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> ---- - restool.c | 44 ++++++++++++++++++++++++++++---------------- - 1 file changed, 28 insertions(+), 16 deletions(-) - -diff --git a/restool.c b/restool.c -index 7553659..78fd1bf 100644 ---- a/restool.c -+++ b/restool.c -@@ -1185,8 +1185,13 @@ out: - - static int get_device_file(void) - { -+ int num_dev_files = 0; -+ struct dirent *dir; - int error = 0; -+ char *device; - int num_char; -+ long val; -+ DIR *d; - - memset(restool.device_file, '\0', DEV_FILE_SIZE); - -@@ -1214,10 +1219,6 @@ static int get_device_file(void) - goto out; - } - } else { -- DIR *d; -- struct dirent *dir; -- int num_dev_files = 0; -- char *dprc_index; - - d = opendir("/dev"); - if (!d) { -@@ -1227,26 +1228,34 @@ static int get_device_file(void) - } - while ((dir = readdir(d)) != NULL) { - if (strncmp(dir->d_name, "dprc.", 5) == 0) { -- dprc_index = &dir->d_name[5]; -- num_dev_files += 1; -+ if (num_dev_files == 0) -+ device = strdup(dir->d_name); -+ num_dev_files++; - } - } - closedir(d); - - if (num_dev_files == 1) { -- int temp_len = strlen(dprc_index); -+ errno = 0; -+ val = strtoul(&device[5], NULL, 0); -+ if ((errno == ERANGE && val == LONG_MAX) || -+ ( errno != 0 && val == 0 )) { -+ ERROR_PRINTF("error: device file malformed\n"); -+ error = -1; -+ goto out_free_device;; -+ } -+ restool.root_dprc_id = val; - -- temp_len += 10; -- num_char = sprintf(restool.device_file, "/dev/dprc.%s", -- dprc_index); -- if (num_char != temp_len) { -- ERROR_PRINTF("sprintf error\n"); -+ num_char = snprintf(restool.device_file, DEV_FILE_SIZE, -+ "/dev/dprc.%d", restool.root_dprc_id); -+ if (num_char < 0 || num_char >= DEV_FILE_SIZE) { -+ ERROR_PRINTF("error: device file malformed\n"); - error = -1; -- goto out; -+ goto out_free_device; - } -- restool.root_dprc_id = atoi(dprc_index); -- if (access(restool.device_file, F_OK) != 0) -- printf("no such dev file\n"); -+ error = access(restool.device_file, F_OK); -+ if (error != 0) -+ ERROR_PRINTF("error: access(%s) = %d\n", restool.device_file, error); - } else { - error = -1; - if (num_dev_files == 0) -@@ -1255,6 +1264,9 @@ static int get_device_file(void) - ERROR_PRINTF("error: multiple root containers\n"); - } - } -+ -+out_free_device: -+ free(device); - out: - return error; - } --- -2.17.1 - diff --git a/package/network/utils/layerscape/restool/patches/remove-manpage.patch b/package/network/utils/layerscape/restool/patches/remove-manpage.patch new file mode 100644 index 00000000000..5cb9e0a55fc --- /dev/null +++ b/package/network/utils/layerscape/restool/patches/remove-manpage.patch @@ -0,0 +1,18 @@ +--- a/Makefile ++++ b/Makefile +@@ -53,14 +53,13 @@ restool: $(OBJ) + %.1: %.md + pandoc --standalone --to man $^ -o $@ + +-install: restool scripts/ls-main scripts/ls-append-dpl scripts/ls-debug scripts/restool_completion.sh $(MANPAGE) ++install: restool scripts/ls-main scripts/ls-append-dpl scripts/ls-debug scripts/restool_completion.sh + install -D -m 755 restool $(DESTDIR)$(bindir)/restool + install -D -m 755 scripts/ls-main $(DESTDIR)$(bindir)/ls-main + install -D -m 755 scripts/ls-append-dpl $(DESTDIR)$(bindir)/ls-append-dpl + install -D -m 755 scripts/ls-debug $(DESTDIR)$(bindir)/ls-debug + $(foreach symlink, $(RESTOOL_SCRIPT_SYMLINKS), sh -c "cd $(DESTDIR)$(bindir) && ln -sf ls-main $(symlink)" ;) + install -D -m 755 scripts/restool_completion.sh $(DESTDIR)$(bindir_completion)/restool +- install -m 0644 -D $(MANPAGE) $(call get_manpage_destination,$(MANPAGE)) + + clean: + rm -f $(OBJ) $(MANPAGE) \ diff --git a/package/network/utils/linux-atm/Makefile b/package/network/utils/linux-atm/Makefile index c74febcbbc3..43f4b6556b5 100644 --- a/package/network/utils/linux-atm/Makefile +++ b/package/network/utils/linux-atm/Makefile @@ -21,6 +21,7 @@ PKG_BUILD_PARALLEL:=1 PKG_LICENSE:=GPL-2.0+ PKG_CPE_ID:=cpe:/a:linux-atm:linux-atm PKG_FIXUP:=autoreconf +PKG_FLAGS:=nonshared include $(INCLUDE_DIR)/package.mk @@ -98,6 +99,8 @@ endef $(foreach t,$(ATM_DEBUG_TOOLS),$(eval $(call GenAtmPlugin,atm-$(t),$(t)))) +TARGET_CFLAGS += -I$(LINUX_DIR)/user_headers/include + define Build/Configure $(call Build/Configure/Default) # prevent autoheader invocation diff --git a/package/network/utils/ltq-dsl-base/Makefile b/package/network/utils/ltq-dsl-base/Makefile index 2ff069ca4dc..b51851f076e 100644 --- a/package/network/utils/ltq-dsl-base/Makefile +++ b/package/network/utils/ltq-dsl-base/Makefile @@ -17,7 +17,7 @@ define Package/ltq-dsl-base CATEGORY:=Network TITLE:=DSL related files for Intel/Lantiq DSL Chipsets URL:=http://openwrt.org/ - DEPENDS:=@TARGET_lantiq +jshn + DEPENDS:=@(TARGET_lantiq||TARGET_ipq40xx) +jshn endef define Package/ltq-dsl-base/description diff --git a/package/network/utils/nftables/Makefile b/package/network/utils/nftables/Makefile index 7830596e847..38a8199d11d 100644 --- a/package/network/utils/nftables/Makefile +++ b/package/network/utils/nftables/Makefile @@ -1,24 +1,27 @@ -# Copyright (C) 2015 OpenWrt.org +# SPDX-License-Identifier: GPL-2.0-only # -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. +# Copyright (C) 2015 OpenWrt.org # include $(TOPDIR)/rules.mk PKG_NAME:=nftables -PKG_VERSION:=0.9.6 -PKG_RELEASE:=2 +PKG_VERSION:=1.0.9 +PKG_RELEASE:=1 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://netfilter.org/projects/$(PKG_NAME)/files -PKG_HASH:=68d6fdfe8ab02303e6b1f13968a4022da5b0120110eaee3233d806857937b66e +PKG_HASH:=a3c304cd9ba061239ee0474f9afb938a9bb99d89b960246f66f0c3a0a85e14cd + PKG_MAINTAINER:= PKG_LICENSE:=GPL-2.0 +PKG_LICENSE_FILES:=COPYING PKG_FIXUP:=autoreconf PKG_INSTALL:=1 +PKG_BUILD_FLAGS:=lto + include $(INCLUDE_DIR)/package.mk DISABLE_NLS:= @@ -45,6 +48,7 @@ define Package/nftables-nojson TITLE+= no JSON support VARIANT:=nojson DEFAULT_VARIANT:=1 + CONFLICTS:=nftables-json endef define Package/nftables-json @@ -58,8 +62,14 @@ ifeq ($(BUILD_VARIANT),json) CONFIGURE_ARGS += --with-json endif -TARGET_CFLAGS += -flto -TARGET_LDFLAGS += -flto +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/lib $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/include/nftables $(1)/usr/include/ + $(INSTALL_DIR) $(1)/usr/lib/pkgconfig + $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libnftables.pc \ + $(1)/usr/lib/pkgconfig/ +endef define Package/nftables/install/Default $(INSTALL_DIR) $(1)/usr/sbin diff --git a/package/network/utils/rssileds/Makefile b/package/network/utils/rssileds/Makefile index 2282d8c5b1a..5adc25e8d80 100644 --- a/package/network/utils/rssileds/Makefile +++ b/package/network/utils/rssileds/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=rssileds -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_LICNESE:=GPL-2.0+ include $(INCLUDE_DIR)/package.mk diff --git a/package/network/utils/tcpdump/Makefile b/package/network/utils/tcpdump/Makefile index f333cf98d2a..d2e933a1a1a 100644 --- a/package/network/utils/tcpdump/Makefile +++ b/package/network/utils/tcpdump/Makefile @@ -8,19 +8,19 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tcpdump -PKG_VERSION:=4.9.3 -PKG_RELEASE:=3 +PKG_VERSION:=4.99.4 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://www.us.tcpdump.org/release/ \ - http://www.tcpdump.org/release/ -PKG_HASH:=2cd47cb3d460b6ff75f4a9940f594317ad456cfbf2bd2c8e5151e16559db6410 +PKG_SOURCE_URL:=https://www.tcpdump.org/release/ +PKG_HASH:=0232231bb2f29d6bf2426e70a08a7e0c63a0d59a9b44863b7f5e2357a6e49fea PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name> PKG_LICENSE:=BSD-3-Clause PKG_CPE_ID:=cpe:/a:tcpdump:tcpdump PKG_INSTALL:=1 +PKG_BUILD_FLAGS:=gc-sections PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk @@ -49,9 +49,6 @@ CONFIGURE_ARGS += \ --without-crypto \ $(call autoconf_bool,CONFIG_IPV6,ipv6) -TARGET_CFLAGS += -ffunction-sections -fdata-sections -TARGET_LDFLAGS += -Wl,--gc-sections - ifeq ($(BUILD_VARIANT),mini) TARGET_CFLAGS += -DTCPDUMP_MINI CONFIGURE_ARGS += --disable-smb @@ -59,8 +56,8 @@ ifeq ($(BUILD_VARIANT),mini) endif define Package/tcpdump/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/tcpdump $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/tcpdump $(1)/usr/bin/ endef Package/tcpdump-mini/install = $(Package/tcpdump/install) diff --git a/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch b/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch index 3da979dd35e..1988587029b 100644 --- a/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch +++ b/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch @@ -1,8 +1,8 @@ --- a/configure +++ b/configure -@@ -6183,97 +6183,6 @@ $as_echo "no" >&6; } - fi - fi +@@ -6568,97 +6568,6 @@ fi + + -# -# Check for special debugging functions diff --git a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch index 17477d27997..8a014cabf0b 100644 --- a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch +++ b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch @@ -1,13 +1,14 @@ --- a/Makefile.in +++ b/Makefile.in -@@ -72,6 +72,80 @@ DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@ +@@ -73,6 +73,86 @@ DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@ - CSRC = setsignal.c tcpdump.c + CSRC = fptype.c tcpdump.c +ifdef TCPDUMP_MINI + +LIBNETDISSECT_SRC=\ + netdissect.c \ ++ netdissect-alloc.c \ + addrtoname.c \ + addrtostr.c \ + af.c \ @@ -15,17 +16,18 @@ + checksum.c \ + cpack.c \ + gmpls.c \ -+ gmt2local.c \ + in_cksum.c \ + ipproto.c \ + l2vpn.c \ + machdep.c \ ++ ntp.c \ + nlpid.c \ + oui.c \ + parsenfsfh.c \ + print.c \ + print-802_11.c \ + print-aodv.c \ ++ print-arista.c \ + print-arp.c \ + print-ascii.c \ + print-bootp.c \ @@ -39,6 +41,7 @@ + print-icmp.c \ + print-icmp6.c \ + print-igmp.c \ ++ print-ip-demux.c \ + print-ip.c \ + print-ip6.c \ + print-ip6opts.c \ @@ -47,6 +50,7 @@ + print-llc.c \ + print-lldp.c \ + print-loopback.c \ ++ print-macsec.c \ + print-nfs.c \ + print-ntp.c \ + print-null.c \ @@ -72,6 +76,8 @@ + print-telnet.c \ + print-tftp.c \ + print-udp.c \ ++ print-unsupported.c \ ++ print-whois.c \ + signature.c \ + strtoaddr.c \ + util-print.c @@ -81,19 +87,19 @@ LIBNETDISSECT_SRC=\ addrtoname.c \ addrtostr.c \ -@@ -237,6 +311,8 @@ LIBNETDISSECT_SRC=\ +@@ -254,6 +334,8 @@ LIBNETDISSECT_SRC=\ strtoaddr.c \ util-print.c +endif + LOCALSRC = @LOCALSRC@ - GENSRC = version.c LIBOBJS = @LIBOBJS@ + --- a/addrtoname.c +++ b/addrtoname.c -@@ -578,8 +578,10 @@ linkaddr_string(netdissect_options *ndo, - if (type == LINKADDR_ETHER && len == ETHER_ADDR_LEN) +@@ -680,8 +680,10 @@ linkaddr_string(netdissect_options *ndo, + if (type == LINKADDR_ETHER && len == MAC_ADDR_LEN) return (etheraddr_string(ndo, ep)); +#ifndef TCPDUMP_MINI @@ -103,7 +109,7 @@ tp = lookup_bytestring(ndo, ep, len); if (tp->bs_name) -@@ -1214,6 +1216,7 @@ init_addrtoname(netdissect_options *ndo, +@@ -1260,6 +1262,7 @@ init_addrtoname(netdissect_options *ndo, init_ipxsaparray(ndo); } @@ -111,7 +117,7 @@ const char * dnaddr_string(netdissect_options *ndo, u_short dnaddr) { -@@ -1230,6 +1233,7 @@ dnaddr_string(netdissect_options *ndo, u +@@ -1276,6 +1279,7 @@ dnaddr_string(netdissect_options *ndo, u return(tp->name); } @@ -119,138 +125,45 @@ /* Return a zero'ed hnamemem struct and cuts down on calloc() overhead */ struct hnamemem * ---- a/print.c -+++ b/print.c -@@ -48,6 +48,7 @@ static const struct printer printers[] = - #ifdef DLT_IPNET - { ipnet_if_print, DLT_IPNET }, - #endif -+#ifndef TCPDUMP_MINI - #ifdef DLT_IEEE802_15_4 - { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, - #endif -@@ -57,12 +58,14 @@ static const struct printer printers[] = - #ifdef DLT_PPI - { ppi_if_print, DLT_PPI }, - #endif -+#endif - #ifdef DLT_NETANALYZER - { netanalyzer_if_print, DLT_NETANALYZER }, - #endif - #ifdef DLT_NETANALYZER_TRANSPARENT - { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, - #endif -+#ifndef TCPDUMP_MINI - #if defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H) - { nflog_if_print, DLT_NFLOG}, - #endif -@@ -75,10 +78,12 @@ static const struct printer printers[] = - #ifdef DLT_IP_OVER_FC - { ipfc_if_print, DLT_IP_OVER_FC }, - #endif -+#endif - { null_if_print, DLT_NULL }, - #ifdef DLT_LOOP - { null_if_print, DLT_LOOP }, - #endif -+#ifndef TCPDUMP_MINI - #ifdef DLT_APPLE_IP_OVER_IEEE1394 - { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, - #endif -@@ -92,7 +97,9 @@ static const struct printer printers[] = - #ifdef DLT_ARCNET_LINUX - { arcnet_linux_if_print, DLT_ARCNET_LINUX }, - #endif -+#endif - { raw_if_print, DLT_RAW }, -+#ifndef TCPDUMP_MINI - #ifdef DLT_IPV4 - { raw_if_print, DLT_IPV4 }, - #endif -@@ -116,17 +123,21 @@ static const struct printer printers[] = - #ifdef DLT_HDLC - { chdlc_if_print, DLT_HDLC }, - #endif -+#endif - #ifdef DLT_PPP_ETHER - { pppoe_if_print, DLT_PPP_ETHER }, - #endif -+#ifndef TCPDUMP_MINI - #if defined(DLT_PFLOG) && defined(HAVE_NET_IF_PFLOG_H) - { pflog_if_print, DLT_PFLOG }, - #endif - { token_if_print, DLT_IEEE802 }, - { fddi_if_print, DLT_FDDI }, -+#endif - #ifdef DLT_LINUX_SLL - { sll_if_print, DLT_LINUX_SLL }, - #endif -+#ifndef TCPDUMP_MINI - #ifdef DLT_FR - { fr_if_print, DLT_FR }, - #endif -@@ -198,6 +209,7 @@ static const struct printer printers[] = - #ifdef DLT_PKTAP - { pktap_if_print, DLT_PKTAP }, - #endif -+#endif - #ifdef DLT_IEEE802_11_RADIO - { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, - #endif -@@ -214,12 +226,14 @@ static const struct printer printers[] = - #ifdef DLT_PPP_WITHDIRECTION - { ppp_if_print, DLT_PPP_WITHDIRECTION }, - #endif -+#ifndef TCPDUMP_MINI - #ifdef DLT_PPP_BSDOS - { ppp_bsdos_if_print, DLT_PPP_BSDOS }, - #endif - #ifdef DLT_PPP_SERIAL - { ppp_hdlc_if_print, DLT_PPP_SERIAL }, - #endif -+#endif - { NULL, 0 }, - }; - --- a/print-ether.c +++ b/print-ether.c -@@ -342,6 +342,7 @@ ethertype_print(netdissect_options *ndo, - arp_print(ndo, p, length, caplen); +@@ -545,6 +545,7 @@ ethertype_print(netdissect_options *ndo, + arp_print(ndo, p, length, caplen); return (1); +#ifndef TCPDUMP_MINI case ETHERTYPE_DN: decnet_print(ndo, p, length, caplen); return (1); -@@ -368,6 +369,7 @@ ethertype_print(netdissect_options *ndo, - } +@@ -575,6 +576,7 @@ ethertype_print(netdissect_options *ndo, + ND_TCHECK_LEN(p, 1); isoclns_print(ndo, p + 1, length - 1); return(1); +#endif case ETHERTYPE_PPPOED: case ETHERTYPE_PPPOES: -@@ -380,9 +382,11 @@ ethertype_print(netdissect_options *ndo, - eap_print(ndo, p, length); +@@ -587,9 +589,11 @@ ethertype_print(netdissect_options *ndo, + eapol_print(ndo, p); return (1); +#ifndef TCPDUMP_MINI - case ETHERTYPE_RRCP: - rrcp_print(ndo, p, length, src, dst); + case ETHERTYPE_REALTEK: + rtl_print(ndo, p, length, src, dst); return (1); +#endif case ETHERTYPE_PPP: if (length) { -@@ -391,6 +395,7 @@ ethertype_print(netdissect_options *ndo, +@@ -598,6 +602,7 @@ ethertype_print(netdissect_options *ndo, } return (1); +#ifndef TCPDUMP_MINI case ETHERTYPE_MPCP: - mpcp_print(ndo, p, length); + mpcp_print(ndo, p, length); return (1); -@@ -403,6 +408,7 @@ ethertype_print(netdissect_options *ndo, +@@ -610,19 +615,23 @@ ethertype_print(netdissect_options *ndo, case ETHERTYPE_CFM_OLD: cfm_print(ndo, p, length); return (1); @@ -258,17 +171,25 @@ case ETHERTYPE_LLDP: lldp_print(ndo, p, length); -@@ -412,6 +418,7 @@ ethertype_print(netdissect_options *ndo, + return (1); + ++#ifndef TCPDUMP_MINI + case ETHERTYPE_NSH: + nsh_print(ndo, p, length); + return (1); ++#endif + + case ETHERTYPE_LOOPBACK: loopback_print(ndo, p, length); - return (1); + return (1); +#ifndef TCPDUMP_MINI case ETHERTYPE_MPLS: case ETHERTYPE_MPLS_MULTI: mpls_print(ndo, p, length); -@@ -441,6 +448,7 @@ ethertype_print(netdissect_options *ndo, - case ETHERTYPE_MEDSA: - medsa_print(ndo, p, length, caplen, src, dst); +@@ -652,6 +661,7 @@ ethertype_print(netdissect_options *ndo, + case ETHERTYPE_PTP: + ptp_print(ndo, p, length); return (1); +#endif @@ -276,7 +197,7 @@ case ETHERTYPE_SCA: --- a/print-gre.c +++ b/print-gre.c -@@ -216,6 +216,7 @@ gre_print_0(netdissect_options *ndo, con +@@ -207,6 +207,7 @@ gre_print_0(netdissect_options *ndo, con case ETHERTYPE_IPV6: ip6_print(ndo, bp, len); break; @@ -284,104 +205,63 @@ case ETHERTYPE_MPLS: mpls_print(ndo, bp, len); break; -@@ -231,6 +232,7 @@ gre_print_0(netdissect_options *ndo, con +@@ -219,6 +220,7 @@ gre_print_0(netdissect_options *ndo, con + case ETHERTYPE_GRE_ISO: + isoclns_print(ndo, bp, len); + break; ++#endif case ETHERTYPE_TEB: - ether_print(ndo, bp, len, ndo->ndo_snapend - bp, NULL, NULL); + ether_print(ndo, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL); break; +--- a/print-icmp6.c ++++ b/print-icmp6.c +@@ -1371,7 +1371,7 @@ get_upperlayer(netdissect_options *ndo, + nh = GET_U_1(fragh->ip6f_nxt); + hlen = sizeof(struct ip6_frag); + break; +- ++#ifndef TCPDUMP_MINI + case IPPROTO_AH: + ah = (const struct ah *)bp; + if (!ND_TTEST_1(ah->ah_len)) +@@ -1379,7 +1379,7 @@ get_upperlayer(netdissect_options *ndo, + nh = GET_U_1(ah->ah_nxt); + hlen = (GET_U_1(ah->ah_len) + 2) << 2; + break; +- +#endif - default: - ND_PRINT((ndo, "gre-proto-0x%x", prot)); - } + default: /* unknown or undecodable header */ + *prot = nh; /* meaningless, but set here anyway */ + return(NULL); --- a/print-igmp.c +++ b/print-igmp.c -@@ -306,6 +306,7 @@ igmp_print(netdissect_options *ndo, - ND_TCHECK2(bp[4], 4); - ND_PRINT((ndo, "igmp leave %s", ipaddr_string(ndo, &bp[4]))); +@@ -269,6 +269,7 @@ igmp_print(netdissect_options *ndo, + case 0x17: + ND_PRINT("igmp leave %s", GET_IPADDR_STRING(bp + 4)); break; +#ifndef TCPDUMP_MINI case 0x13: - ND_PRINT((ndo, "igmp dvmrp")); + ND_PRINT("igmp dvmrp"); if (len < 8) -@@ -317,6 +318,7 @@ igmp_print(netdissect_options *ndo, - ND_PRINT((ndo, "igmp pimv1")); +@@ -280,6 +281,7 @@ igmp_print(netdissect_options *ndo, + ND_PRINT("igmp pimv1"); pimv1_print(ndo, bp, len); break; +#endif case 0x1e: - print_mresp(ndo, bp, len); + print_mtrace(ndo, "mresp", bp, len); break; ---- a/print-ip6.c -+++ b/print-ip6.c -@@ -305,6 +305,7 @@ ip6_print(netdissect_options *ndo, const - return; - nh = *cp; - break; -+#ifndef TCPDUMP_MINI - case IPPROTO_FRAGMENT: - advance = frag6_print(ndo, cp, (const u_char *)ip6); - if (advance < 0 || ndo->ndo_snapend <= cp + advance) -@@ -328,6 +329,7 @@ ip6_print(netdissect_options *ndo, const - return; - nh = *cp; - return; -+#endif - case IPPROTO_ROUTING: - ND_TCHECK(*cp); - advance = rt6_print(ndo, cp, (const u_char *)ip6); -@@ -335,12 +337,14 @@ ip6_print(netdissect_options *ndo, const - return; - nh = *cp; - break; -+#ifndef TCPDUMP_MINI - case IPPROTO_SCTP: - sctp_print(ndo, cp, (const u_char *)ip6, len); - return; - case IPPROTO_DCCP: - dccp_print(ndo, cp, (const u_char *)ip6, len); - return; -+#endif - case IPPROTO_TCP: - tcp_print(ndo, cp, len, (const u_char *)ip6, fragmented); - return; -@@ -350,6 +354,7 @@ ip6_print(netdissect_options *ndo, const - case IPPROTO_ICMPV6: - icmp6_print(ndo, cp, len, (const u_char *)ip6, fragmented); - return; -+#ifndef TCPDUMP_MINI - case IPPROTO_AH: - advance = ah_print(ndo, cp); - if (advance < 0) -@@ -382,6 +387,7 @@ ip6_print(netdissect_options *ndo, const - case IPPROTO_PIM: - pim_print(ndo, cp, len, (const u_char *)ip6); - return; -+#endif - - case IPPROTO_OSPF: - ospf6_print(ndo, cp, len); -@@ -395,9 +401,11 @@ ip6_print(netdissect_options *ndo, const - ip_print(ndo, cp, len); - return; - -+#ifndef TCPDUMP_MINI - case IPPROTO_PGM: - pgm_print(ndo, cp, len, (const u_char *)ip6); - return; -+#endif - - case IPPROTO_GRE: - gre_print(ndo, cp, len); ---- a/print-ip.c -+++ b/print-ip.c -@@ -344,6 +344,7 @@ ip_print_demux(netdissect_options *ndo, +--- a/print-ip-demux.c ++++ b/print-ip-demux.c +@@ -48,6 +48,7 @@ ip_demux_print(netdissect_options *ndo, again: - switch (ipds->nh) { + switch (nh) { +#ifndef TCPDUMP_MINI case IPPROTO_AH: - if (!ND_TTEST(*ipds->cp)) { - ND_PRINT((ndo, "[|AH]")); -@@ -382,7 +383,9 @@ again: + if (!ND_TTEST_1(bp)) { + ndo->ndo_protocol = "ah"; +@@ -85,7 +86,9 @@ again: */ break; } @@ -389,61 +269,94 @@ +#ifndef TCPDUMP_MINI case IPPROTO_SCTP: - sctp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len); + sctp_print(ndo, bp, iph, length); break; -@@ -390,6 +393,7 @@ again: +@@ -93,7 +96,7 @@ again: case IPPROTO_DCCP: - dccp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len); + dccp_print(ndo, bp, iph, length); break; +- +#endif - case IPPROTO_TCP: - /* pass on the MF bit plus the offset to detect fragments */ -@@ -409,6 +413,7 @@ again: - ipds->off & (IP_MF|IP_OFFMASK)); + tcp_print(ndo, bp, length, iph, fragmented); + break; +@@ -122,6 +125,7 @@ again: + } break; +#ifndef TCPDUMP_MINI case IPPROTO_PIGP: /* * XXX - the current IANA protocol number assignments -@@ -429,14 +434,17 @@ again: +@@ -142,14 +146,17 @@ again: case IPPROTO_EIGRP: - eigrp_print(ndo, ipds->cp, ipds->len); + eigrp_print(ndo, bp, length); break; +#endif case IPPROTO_ND: - ND_PRINT((ndo, " nd %d", ipds->len)); + ND_PRINT(" nd %u", length); break; +#ifndef TCPDUMP_MINI case IPPROTO_EGP: - egp_print(ndo, ipds->cp, ipds->len); + egp_print(ndo, bp, length); break; +#endif case IPPROTO_OSPF: - ospf_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip); -@@ -469,6 +477,7 @@ again: - gre_print(ndo, ipds->cp, ipds->len); + if (ver == 6) +@@ -186,6 +193,7 @@ again: + gre_print(ndo, bp, length); break; +#ifndef TCPDUMP_MINI case IPPROTO_MOBILE: - mobile_print(ndo, ipds->cp, ipds->len); + mobile_print(ndo, bp, length); break; -@@ -497,6 +506,7 @@ again: +@@ -205,6 +213,7 @@ again: case IPPROTO_PGM: - pgm_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip); + pgm_print(ndo, bp, length, iph); break; +#endif - default: - if (ndo->ndo_nflag==0 && (p_name = netdb_protoname(ipds->nh)) != NULL) + case IPPROTO_ETHERNET: + if (ver == 6) +--- a/print-ip6.c ++++ b/print-ip6.c +@@ -135,10 +135,11 @@ ip6_finddst(netdissect_options *ndo, nd_ + * Only one routing header to a customer. + */ + goto done; +- ++#ifndef TCPDUMP_MINI + case IPPROTO_AH: + case IPPROTO_ESP: + case IPPROTO_IPCOMP: ++#endif + default: + /* + * AH and ESP are, in the RFCs that describe them, +@@ -375,6 +376,7 @@ ip6_print(netdissect_options *ndo, const + nh = GET_U_1(cp); + break; + ++#ifndef TCPDUMP_MINI + case IPPROTO_FRAGMENT: + advance = frag6_print(ndo, cp, (const u_char *)ip6); + if (advance < 0 || ndo->ndo_snapend <= cp + advance) { +@@ -405,7 +407,7 @@ ip6_print(netdissect_options *ndo, const + nh = GET_U_1(cp); + nd_pop_packet_info(ndo); + return; +- ++#endif + case IPPROTO_ROUTING: + ND_TCHECK_1(cp); + advance = rt6_print(ndo, cp, (const u_char *)ip6); --- a/print-llc.c +++ b/print-llc.c -@@ -206,6 +206,7 @@ llc_print(netdissect_options *ndo, const +@@ -207,6 +207,7 @@ llc_print(netdissect_options *ndo, const hdrlen = 4; /* DSAP, SSAP, 2-byte control field */ } @@ -451,7 +364,7 @@ if (ssap_field == LLCSAP_GLOBAL && dsap_field == LLCSAP_GLOBAL) { /* * This is an Ethernet_802.3 IPX frame; it has an -@@ -228,6 +229,7 @@ llc_print(netdissect_options *ndo, const +@@ -229,6 +230,7 @@ llc_print(netdissect_options *ndo, const ipx_print(ndo, p, length); return (0); /* no LLC header */ } @@ -459,7 +372,7 @@ dsap = dsap_field & ~LLC_IG; ssap = ssap_field & ~LLC_GSAP; -@@ -291,6 +293,7 @@ llc_print(netdissect_options *ndo, const +@@ -292,6 +294,7 @@ llc_print(netdissect_options *ndo, const return (hdrlen); } @@ -467,7 +380,7 @@ if (ssap == LLCSAP_IPX && dsap == LLCSAP_IPX && control == LLC_UI) { /* -@@ -304,6 +307,7 @@ llc_print(netdissect_options *ndo, const +@@ -305,6 +308,7 @@ llc_print(netdissect_options *ndo, const ipx_print(ndo, p, length); return (hdrlen); } @@ -475,7 +388,7 @@ #ifdef ENABLE_SMB if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI -@@ -322,12 +326,13 @@ llc_print(netdissect_options *ndo, const +@@ -323,12 +327,13 @@ llc_print(netdissect_options *ndo, const return (hdrlen); } #endif @@ -490,15 +403,15 @@ if (!ndo->ndo_eflag) { if (ssap == dsap) { if (src == NULL || dst == NULL) -@@ -480,6 +485,7 @@ snap_print(netdissect_options *ndo, cons +@@ -484,6 +489,7 @@ snap_print(netdissect_options *ndo, cons case OUI_CISCO: switch (et) { +#ifndef TCPDUMP_MINI case PID_CISCO_CDP: - cdp_print(ndo, p, length, caplen); + cdp_print(ndo, p, length); return (1); -@@ -492,6 +498,7 @@ snap_print(netdissect_options *ndo, cons +@@ -496,6 +502,7 @@ snap_print(netdissect_options *ndo, cons case PID_CISCO_VTP: vtp_print(ndo, p, length); return (1); @@ -506,7 +419,7 @@ case PID_CISCO_PVST: case PID_CISCO_VLANBRIDGE: stp_print(ndo, p, length); -@@ -504,6 +511,7 @@ snap_print(netdissect_options *ndo, cons +@@ -508,6 +515,7 @@ snap_print(netdissect_options *ndo, cons case OUI_RFC2684: switch (et) { @@ -514,7 +427,7 @@ case PID_RFC2684_ETH_FCS: case PID_RFC2684_ETH_NOFCS: /* -@@ -565,6 +573,7 @@ snap_print(netdissect_options *ndo, cons +@@ -569,6 +577,7 @@ snap_print(netdissect_options *ndo, cons */ fddi_print(ndo, p, length, caplen); return (1); @@ -542,25 +455,25 @@ /* unknown AF_ value */ --- a/print-ppp.c +++ b/print-ppp.c -@@ -1367,6 +1367,7 @@ trunc: - return 0; - } - +@@ -1355,6 +1355,7 @@ trunc: + * The length argument is the on-the-wire length, not the captured + * length; we can only un-escape the captured part. + */ +#ifndef TCPDUMP_MINI static void ppp_hdlc(netdissect_options *ndo, - const u_char *p, int length) -@@ -1445,6 +1446,7 @@ trunc: - free(b); - ND_PRINT((ndo, "[|ppp]")); + const u_char *p, u_int length) +@@ -1451,17 +1452,19 @@ trunc: + ndo->ndo_snapend = se; + nd_print_trunc(ndo); } +- +#endif - /* PPP */ -@@ -1452,10 +1454,12 @@ static void + static void handle_ppp(netdissect_options *ndo, - u_int proto, const u_char *p, int length) + u_int proto, const u_char *p, u_int length) { +#ifndef TCPDUMP_MINI if ((proto & 0xff00) == 0x7e00) { /* is this an escape code ? */ @@ -571,7 +484,7 @@ switch (proto) { case PPP_LCP: /* fall through */ -@@ -1488,6 +1492,7 @@ handle_ppp(netdissect_options *ndo, +@@ -1494,6 +1497,7 @@ handle_ppp(netdissect_options *ndo, case PPP_IPV6: ip6_print(ndo, p, length); break; @@ -579,33 +492,30 @@ case ETHERTYPE_IPX: /*XXX*/ case PPP_IPX: ipx_print(ndo, p, length); -@@ -1499,6 +1504,7 @@ handle_ppp(netdissect_options *ndo, +@@ -1505,6 +1509,7 @@ handle_ppp(netdissect_options *ndo, case PPP_MPLS_MCAST: mpls_print(ndo, p, length); break; +#endif case PPP_COMP: - ND_PRINT((ndo, "compressed PPP data")); + ND_PRINT("compressed PPP data"); break; -@@ -1639,6 +1645,7 @@ ppp_if_print(netdissect_options *ndo, - return (0); +@@ -1652,6 +1657,7 @@ ppp_if_print(netdissect_options *ndo, + ppp_print(ndo, p, length); } +#ifndef TCPDUMP_MINI /* * PPP I/F printer to use if we know that RFC 1662-style PPP in HDLC-like * framing, or Cisco PPP with HDLC framing as per section 4.3.1 of RFC 1547, -@@ -1866,6 +1873,7 @@ printx: +@@ -1895,3 +1901,4 @@ printx: #endif /* __bsdi__ */ - return (hdrlength); + ndo->ndo_ll_hdr_len += hdrlength; } +#endif - - - /* --- a/print-sll.c +++ b/print-sll.c -@@ -249,12 +249,14 @@ recurse: +@@ -465,12 +465,14 @@ recurse: */ switch (ether_type) { @@ -622,22 +532,24 @@ /* --- a/print-tcp.c +++ b/print-tcp.c -@@ -589,12 +589,14 @@ tcp_print(netdissect_options *ndo, - ND_PRINT((ndo, " %u", utoval)); +@@ -614,6 +614,7 @@ tcp_print(netdissect_options *ndo, + ND_PRINT(" %u", utoval); break; +#ifndef TCPDUMP_MINI case TCPOPT_MPTCP: - datalen = len - 2; - LENCHECK(datalen); - if (!mptcp_print(ndo, cp-2, len, flags)) + { + const u_char *snapend_save; +@@ -637,7 +638,7 @@ tcp_print(netdissect_options *ndo, goto bad; break; + } +- +#endif - case TCPOPT_FASTOPEN: datalen = len - 2; -@@ -670,6 +672,7 @@ tcp_print(netdissect_options *ndo, + LENCHECK(datalen); +@@ -722,6 +723,7 @@ tcp_print(netdissect_options *ndo, return; } @@ -645,7 +557,7 @@ if (ndo->ndo_packettype) { switch (ndo->ndo_packettype) { case PT_ZMTP1: -@@ -681,28 +684,36 @@ tcp_print(netdissect_options *ndo, +@@ -737,6 +739,7 @@ tcp_print(netdissect_options *ndo, } return; } @@ -653,9 +565,10 @@ if (IS_SRC_OR_DST_PORT(TELNET_PORT)) { telnet_print(ndo, bp, length); - } else if (IS_SRC_OR_DST_PORT(SMTP_PORT)) { - ND_PRINT((ndo, ": ")); - smtp_print(ndo, bp, length); +@@ -746,24 +749,31 @@ tcp_print(netdissect_options *ndo, + } else if (IS_SRC_OR_DST_PORT(WHOIS_PORT)) { + ND_PRINT(": "); + whois_print(ndo, bp, length); - } else if (IS_SRC_OR_DST_PORT(BGP_PORT)) + } +#ifndef TCPDUMP_MINI @@ -667,12 +580,14 @@ +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(REDIS_PORT)) resp_print(ndo, bp, length); + else if (IS_SRC_OR_DST_PORT(SSH_PORT)) + ssh_print(ndo, bp, length); +#endif #ifdef ENABLE_SMB else if (IS_SRC_OR_DST_PORT(NETBIOS_SSN_PORT)) nbt_tcp_print(ndo, bp, length); - else if (IS_SRC_OR_DST_PORT(SMB_PORT)) - smb_tcp_print(ndo, bp, length); + else if (IS_SRC_OR_DST_PORT(SMB_PORT)) + smb_tcp_print(ndo, bp, length); #endif +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(BEEP_PORT)) @@ -681,41 +596,40 @@ openflow_print(ndo, bp, length); +#endif else if (IS_SRC_OR_DST_PORT(FTP_PORT)) { - ND_PRINT((ndo, ": ")); + ND_PRINT(": "); ftp_print(ndo, bp, length); -@@ -725,6 +736,7 @@ tcp_print(netdissect_options *ndo, - * XXX packet could be unaligned, it can go strange - */ - ns_print(ndo, bp + 2, length - 2, 0); +@@ -776,12 +786,14 @@ tcp_print(netdissect_options *ndo, + } else if (IS_SRC_OR_DST_PORT(NAMESERVER_PORT)) { + /* over_tcp: TRUE, is_mdns: FALSE */ + domain_print(ndo, bp, length, TRUE, FALSE); +#ifndef TCPDUMP_MINI } else if (IS_SRC_OR_DST_PORT(MSDP_PORT)) { msdp_print(ndo, bp, length); } else if (IS_SRC_OR_DST_PORT(RPKI_RTR_PORT)) { -@@ -732,6 +744,7 @@ tcp_print(netdissect_options *ndo, - } - else if (length > 0 && (IS_SRC_OR_DST_PORT(LDP_PORT))) { + rpki_rtr_print(ndo, bp, length); + } else if (IS_SRC_OR_DST_PORT(LDP_PORT)) { ldp_print(ndo, bp, length); +#endif - } - else if ((IS_SRC_OR_DST_PORT(NFS_PORT)) && - length >= 4 && ND_TTEST2(*bp, 4)) { + } else if ((IS_SRC_OR_DST_PORT(NFS_PORT)) && + length >= 4 && ND_TTEST_4(bp)) { + /* --- a/print-udp.c +++ b/print-udp.c -@@ -430,10 +430,12 @@ udp_print(netdissect_options *ndo, regis - vat_print(ndo, (const void *)(up + 1), up); +@@ -435,10 +435,12 @@ udp_print(netdissect_options *ndo, const + vat_print(ndo, cp, length); break; +#ifndef TCPDUMP_MINI case PT_WB: udpipaddr_print(ndo, ip, sport, dport); - wb_print(ndo, (const void *)(up + 1), length); + wb_print(ndo, cp, length); break; +#endif case PT_RPC: - rp = (const struct sunrpc_msg *)(up + 1); -@@ -462,10 +464,12 @@ udp_print(netdissect_options *ndo, regis - snmp_print(ndo, (const u_char *)(up + 1), length); + rp = (const struct sunrpc_msg *)cp; +@@ -467,10 +469,12 @@ udp_print(netdissect_options *ndo, const + snmp_print(ndo, cp, length); break; +#ifndef TCPDUMP_MINI @@ -727,131 +641,221 @@ case PT_TFTP: udpipaddr_print(ndo, ip, sport, dport); -@@ -483,6 +487,7 @@ udp_print(netdissect_options *ndo, regis +@@ -488,6 +492,7 @@ udp_print(netdissect_options *ndo, const radius_print(ndo, cp, length); break; +#ifndef TCPDUMP_MINI case PT_VXLAN: udpipaddr_print(ndo, ip, sport, dport); - vxlan_print(ndo, (const u_char *)(up + 1), length); -@@ -497,6 +502,7 @@ udp_print(netdissect_options *ndo, regis + vxlan_print(ndo, cp, length); +@@ -510,6 +515,7 @@ udp_print(netdissect_options *ndo, const udpipaddr_print(ndo, ip, sport, dport); - lmp_print(ndo, cp, length); + someip_print(ndo, cp, length); break; +#endif - } - return; - } -@@ -574,31 +580,40 @@ udp_print(netdissect_options *ndo, regis - ns_print(ndo, (const u_char *)(up + 1), length, 0); + case PT_DOMAIN: + udpipaddr_print(ndo, ip, sport, dport); + /* over_tcp: FALSE, is_mdns: FALSE */ +@@ -596,29 +602,37 @@ udp_print(netdissect_options *ndo, const else if (IS_SRC_OR_DST_PORT(MULTICASTDNS_PORT)) - ns_print(ndo, (const u_char *)(up + 1), length, 1); + /* over_tcp: FALSE, is_mdns: TRUE */ + domain_print(ndo, cp, length, FALSE, TRUE); +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(TIMED_PORT)) - timed_print(ndo, (const u_char *)(up + 1)); + timed_print(ndo, (const u_char *)cp); +#endif else if (IS_SRC_OR_DST_PORT(TFTP_PORT)) - tftp_print(ndo, (const u_char *)(up + 1), length); + tftp_print(ndo, cp, length); else if (IS_SRC_OR_DST_PORT(BOOTPC_PORT) || IS_SRC_OR_DST_PORT(BOOTPS_PORT)) - bootp_print(ndo, (const u_char *)(up + 1), length); + bootp_print(ndo, cp, length); +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(RIP_PORT)) - rip_print(ndo, (const u_char *)(up + 1), length); + rip_print(ndo, cp, length); +#endif else if (IS_SRC_OR_DST_PORT(AODV_PORT)) - aodv_print(ndo, (const u_char *)(up + 1), length, + aodv_print(ndo, cp, length, ip6 != NULL); +#ifndef TCPDUMP_MINI - else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT)) - isakmp_print(ndo, (const u_char *)(up + 1), length, bp2); -+ - else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT_NATT)) - isakmp_rfc3948_print(ndo, (const u_char *)(up + 1), length, bp2); - #if 1 /*???*/ - else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT_USER1) || IS_SRC_OR_DST_PORT(ISAKMP_PORT_USER2)) - isakmp_print(ndo, (const u_char *)(up + 1), length, bp2); - #endif + else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT)) + isakmp_print(ndo, cp, length, bp2); + else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT_NATT)) + isakmp_rfc3948_print(ndo, cp, length, bp2, IP_V(ip), fragmented, ttl_hl); + else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT_USER1) || IS_SRC_OR_DST_PORT(ISAKMP_PORT_USER2)) + isakmp_print(ndo, cp, length, bp2); +#endif else if (IS_SRC_OR_DST_PORT(SNMP_PORT) || IS_SRC_OR_DST_PORT(SNMPTRAP_PORT)) - snmp_print(ndo, (const u_char *)(up + 1), length); + snmp_print(ndo, cp, length); else if (IS_SRC_OR_DST_PORT(NTP_PORT)) - ntp_print(ndo, (const u_char *)(up + 1), length); + ntp_print(ndo, cp, length); +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(KERBEROS_PORT) || IS_SRC_OR_DST_PORT(KERBEROS_SEC_PORT)) - krb_print(ndo, (const void *)(up + 1)); + krb_print(ndo, (const u_char *)cp); +#endif else if (IS_SRC_OR_DST_PORT(L2TP_PORT)) - l2tp_print(ndo, (const u_char *)(up + 1), length); + l2tp_print(ndo, cp, length); #ifdef ENABLE_SMB -@@ -609,6 +624,7 @@ udp_print(netdissect_options *ndo, regis +@@ -629,6 +643,7 @@ udp_print(netdissect_options *ndo, const #endif else if (dport == VAT_PORT) - vat_print(ndo, (const void *)(up + 1), up); + vat_print(ndo, cp, length); +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(ZEPHYR_SRV_PORT) || IS_SRC_OR_DST_PORT(ZEPHYR_CLT_PORT)) - zephyr_print(ndo, (const void *)(up + 1), length); + zephyr_print(ndo, cp, length); /* -@@ -621,8 +637,11 @@ udp_print(netdissect_options *ndo, regis +@@ -641,8 +656,11 @@ udp_print(netdissect_options *ndo, const (const u_char *) ip); else if (IS_SRC_OR_DST_PORT(RIPNG_PORT)) - ripng_print(ndo, (const u_char *)(up + 1), length); + ripng_print(ndo, cp, length); +#endif + else if (IS_SRC_OR_DST_PORT(DHCP6_SERV_PORT) || IS_SRC_OR_DST_PORT(DHCP6_CLI_PORT)) - dhcp6_print(ndo, (const u_char *)(up + 1), length); + dhcp6_print(ndo, cp, length); +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(AHCP_PORT)) - ahcp_print(ndo, (const u_char *)(up + 1), length); + ahcp_print(ndo, cp, length); else if (IS_SRC_OR_DST_PORT(BABEL_PORT) || IS_SRC_OR_DST_PORT(BABEL_PORT_OLD)) -@@ -636,6 +655,7 @@ udp_print(netdissect_options *ndo, regis - wb_print(ndo, (const void *)(up + 1), length); +@@ -656,6 +674,7 @@ udp_print(netdissect_options *ndo, const + wb_print(ndo, cp, length); else if (IS_SRC_OR_DST_PORT(CISCO_AUTORP_PORT)) - cisco_autorp_print(ndo, (const void *)(up + 1), length); + cisco_autorp_print(ndo, cp, length); +#endif else if (IS_SRC_OR_DST_PORT(RADIUS_PORT) || IS_SRC_OR_DST_PORT(RADIUS_NEW_PORT) || IS_SRC_OR_DST_PORT(RADIUS_ACCOUNTING_PORT) || -@@ -643,15 +663,18 @@ udp_print(netdissect_options *ndo, regis +@@ -663,15 +682,18 @@ udp_print(netdissect_options *ndo, const IS_SRC_OR_DST_PORT(RADIUS_CISCO_COA_PORT) || IS_SRC_OR_DST_PORT(RADIUS_COA_PORT) ) - radius_print(ndo, (const u_char *)(up+1), length); + radius_print(ndo, cp, length); +#ifndef TCPDUMP_MINI else if (dport == HSRP_PORT) - hsrp_print(ndo, (const u_char *)(up + 1), length); + hsrp_print(ndo, cp, length); else if (IS_SRC_OR_DST_PORT(LWRES_PORT)) - lwres_print(ndo, (const u_char *)(up + 1), length); + lwres_print(ndo, cp, length); else if (IS_SRC_OR_DST_PORT(LDP_PORT)) - ldp_print(ndo, (const u_char *)(up + 1), length); + ldp_print(ndo, cp, length); +#endif else if (IS_SRC_OR_DST_PORT(OLSR_PORT)) - olsr_print(ndo, (const u_char *)(up + 1), length, + olsr_print(ndo, cp, length, (IP_V(ip) == 6) ? 1 : 0); +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(MPLS_LSP_PING_PORT)) - lspping_print(ndo, (const u_char *)(up + 1), length); - else if (dport == BFD_CONTROL_PORT || -@@ -669,10 +692,12 @@ udp_print(netdissect_options *ndo, regis - lwapp_control_print(ndo, (const u_char *)(up + 1), length, 0); - else if (IS_SRC_OR_DST_PORT(LWAPP_DATA_PORT)) - lwapp_data_print(ndo, (const u_char *)(up + 1), length); -+#endif - else if (IS_SRC_OR_DST_PORT(SIP_PORT)) - sip_print(ndo, (const u_char *)(up + 1), length); - else if (IS_SRC_OR_DST_PORT(SYSLOG_PORT)) - syslog_print(ndo, (const u_char *)(up + 1), length); -+#ifndef TCPDUMP_MINI - else if (IS_SRC_OR_DST_PORT(OTV_PORT)) - otv_print(ndo, (const u_char *)(up + 1), length); - else if (IS_SRC_OR_DST_PORT(VXLAN_PORT)) -@@ -689,7 +714,9 @@ udp_print(netdissect_options *ndo, regis - if (ndo->ndo_vflag) - ND_PRINT((ndo, "kip ")); - llap_print(ndo, cp, length); -- } else { -+ } -+#endif -+ else { - if (ulen > length) - ND_PRINT((ndo, "UDP, bad length %u > %u", - ulen, length)); + lspping_print(ndo, cp, length); + else if (sport == BCM_LI_PORT) +@@ -693,10 +715,12 @@ udp_print(netdissect_options *ndo, const + lwapp_control_print(ndo, cp, length, 0); + else if (IS_SRC_OR_DST_PORT(LWAPP_DATA_PORT)) + lwapp_data_print(ndo, cp, length); ++#endif + else if (IS_SRC_OR_DST_PORT(SIP_PORT)) + sip_print(ndo, cp, length); + else if (IS_SRC_OR_DST_PORT(SYSLOG_PORT)) + syslog_print(ndo, cp, length); ++#ifndef TCPDUMP_MINI + else if (IS_SRC_OR_DST_PORT(OTV_PORT)) + otv_print(ndo, cp, length); + else if (IS_SRC_OR_DST_PORT(VXLAN_PORT)) +@@ -722,6 +746,7 @@ udp_print(netdissect_options *ndo, const + ptp_print(ndo, cp, length); + } else if (IS_SRC_OR_DST_PORT(SOMEIP_PORT)) + someip_print(ndo, cp, length); ++#endif + else { + if (ulen > length && !fragmented) + ND_PRINT("UDP, bad length %u > %u", +--- a/print.c ++++ b/print.c +@@ -48,6 +48,7 @@ struct printer { + }; + + static const struct printer printers[] = { ++#ifndef TCPDUMP_MINI + #ifdef DLT_APPLE_IP_OVER_IEEE1394 + { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, + #endif +@@ -86,7 +87,9 @@ static const struct printer printers[] = + #ifdef DLT_ENC + { enc_if_print, DLT_ENC }, + #endif ++#endif + { ether_if_print, DLT_EN10MB }, ++#ifndef TCPDUMP_MINI + { fddi_if_print, DLT_FDDI }, + #ifdef DLT_FR + { fr_if_print, DLT_FR }, +@@ -94,6 +97,7 @@ static const struct printer printers[] = + #ifdef DLT_FRELAY + { fr_if_print, DLT_FRELAY }, + #endif ++#endif + #ifdef DLT_IEEE802_11 + { ieee802_11_if_print, DLT_IEEE802_11}, + #endif +@@ -103,6 +107,7 @@ static const struct printer printers[] = + #ifdef DLT_IEEE802_11_RADIO + { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, + #endif ++#ifndef TCPDUMP_MINI + #ifdef DLT_IEEE802_15_4 + { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, + #endif +@@ -115,9 +120,11 @@ static const struct printer printers[] = + #ifdef DLT_IP_OVER_FC + { ipfc_if_print, DLT_IP_OVER_FC }, + #endif ++#endif + #ifdef DLT_IPNET + { ipnet_if_print, DLT_IPNET }, + #endif ++#ifndef TCPDUMP_MINI + #ifdef DLT_IPOIB + { ipoib_if_print, DLT_IPOIB }, + #endif +@@ -172,19 +179,23 @@ static const struct printer printers[] = + #ifdef DLT_MFR + { mfr_if_print, DLT_MFR }, + #endif ++#endif + #ifdef DLT_NETANALYZER + { netanalyzer_if_print, DLT_NETANALYZER }, + #endif + #ifdef DLT_NETANALYZER_TRANSPARENT + { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, + #endif ++#ifndef TCPDUMP_MINI + #ifdef DLT_NFLOG + { nflog_if_print, DLT_NFLOG}, + #endif ++#endif + { null_if_print, DLT_NULL }, + #ifdef DLT_LOOP + { null_if_print, DLT_LOOP }, + #endif ++#ifndef TCPDUMP_MINI + #ifdef DLT_PFLOG + { pflog_if_print, DLT_PFLOG }, + #endif +@@ -200,6 +211,7 @@ static const struct printer printers[] = + #ifdef DLT_PPP_SERIAL + { ppp_hdlc_if_print, DLT_PPP_SERIAL }, + #endif ++#endif + { ppp_if_print, DLT_PPP }, + #ifdef DLT_PPP_PPPD + { ppp_if_print, DLT_PPP_PPPD }, +@@ -211,6 +223,7 @@ static const struct printer printers[] = + { prism_if_print, DLT_PRISM_HEADER }, + #endif + { raw_if_print, DLT_RAW }, ++#ifndef TCPDUMP_MINI + #ifdef DLT_IPV4 + { raw_if_print, DLT_IPV4 }, + #endif +@@ -243,6 +256,7 @@ static const struct printer printers[] = + #ifdef DLT_VSOCK + { vsock_if_print, DLT_VSOCK }, + #endif ++#endif + { NULL, 0 }, + }; + diff --git a/package/network/utils/tcpdump/patches/101-CVE-2020-8037.patch b/package/network/utils/tcpdump/patches/101-CVE-2020-8037.patch deleted file mode 100644 index 281854777df..00000000000 --- a/package/network/utils/tcpdump/patches/101-CVE-2020-8037.patch +++ /dev/null @@ -1,47 +0,0 @@ ---- a/print-ppp.c -+++ b/print-ppp.c -@@ -1368,19 +1368,29 @@ trunc: - } - - #ifndef TCPDUMP_MINI -+/* -+ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes. -+ * The length argument is the on-the-wire length, not the captured -+ * length; we can only un-escape the captured part. -+ */ - static void - ppp_hdlc(netdissect_options *ndo, - const u_char *p, int length) - { -+ u_int caplen = ndo->ndo_snapend - p; - u_char *b, *t, c; - const u_char *s; -- int i, proto; -+ u_int i; -+ int proto; - const void *se; - -+ if (caplen == 0) -+ return; -+ - if (length <= 0) - return; - -- b = (u_char *)malloc(length); -+ b = (u_char *)malloc(caplen); - if (b == NULL) - return; - -@@ -1389,10 +1399,10 @@ ppp_hdlc(netdissect_options *ndo, - * Do this so that we dont overwrite the original packet - * contents. - */ -- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { -+ for (s = p, t = b, i = caplen; i != 0; i--) { - c = *s++; - if (c == 0x7d) { -- if (i <= 1 || !ND_TTEST(*s)) -+ if (i <= 1) - break; - i--; - c = *s++ ^ 0x20; diff --git a/package/network/utils/umbim/Makefile b/package/network/utils/umbim/Makefile index a0f5e4756b8..56e1a6f3785 100644 --- a/package/network/utils/umbim/Makefile +++ b/package/network/utils/umbim/Makefile @@ -1,19 +1,20 @@ include $(TOPDIR)/rules.mk PKG_NAME:=umbim -PKG_RELEASE:=$(AUTORELEASE) +PKG_RELEASE:=24 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/umbim.git -PKG_SOURCE_DATE:=2019-09-11 -PKG_SOURCE_VERSION:=184b707ddaa0acee84d02e0ffe599cb8b67782bd -PKG_MIRROR_HASH:=482ff69144f81fafed99035840f5a24e772472f2df2f3ac0219d6de791ac5835 +PKG_SOURCE_DATE:=2022-08-13 +PKG_SOURCE_VERSION:=146bc77c98ace3d1cc672986669650d2e1da71f3 +PKG_MIRROR_HASH:=3cf04858ff5c3f529904f9789b094aa9645ad41c91f553e6fc3fcd3cb341d359 PKG_MAINTAINER:=John Crispin <john@phrozen.org> PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:= PKG_FLAGS:=nonshared +PKG_BUILD_FLAGS:=gc-sections include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk @@ -32,9 +33,7 @@ define Package/umbim/description endef TARGET_CFLAGS += \ - -I$(STAGING_DIR)/usr/include -ffunction-sections -fdata-sections - -TARGET_LDFLAGS += -Wl,--gc-sections + -I$(STAGING_DIR)/usr/include define Package/umbim/install $(INSTALL_DIR) $(1)/sbin diff --git a/package/network/utils/umbim/files/lib/netifd/proto/mbim.sh b/package/network/utils/umbim/files/lib/netifd/proto/mbim.sh index abbabd6625c..50913e7fa04 100755 --- a/package/network/utils/umbim/files/lib/netifd/proto/mbim.sh +++ b/package/network/utils/umbim/files/lib/netifd/proto/mbim.sh @@ -14,19 +14,42 @@ proto_mbim_init_config() { proto_config_add_string apn proto_config_add_string pincode proto_config_add_string delay + proto_config_add_boolean allow_roaming + proto_config_add_boolean allow_partner proto_config_add_string auth proto_config_add_string username proto_config_add_string password + [ -e /proc/sys/net/ipv6 ] && proto_config_add_string ipv6 + proto_config_add_string dhcp + proto_config_add_string dhcpv6 + proto_config_add_string pdptype + proto_config_add_int mtu proto_config_add_defaults } +_proto_mbim_get_field() { + local field="$1" + shift + local mbimconfig="$@" + echo "$mbimconfig" | while read -r line; do + variable=${line%%:*} + [ "$variable" = "$field" ] || continue; + value=${line##* } + echo -n "$value " + done +} + _proto_mbim_setup() { local interface="$1" local tid=2 local ret - local device apn pincode delay $PROTO_DEFAULT_OPTIONS - json_get_vars device apn pincode delay auth username password $PROTO_DEFAULT_OPTIONS + local device apn pincode delay auth username password allow_roaming allow_partner + local dhcp dhcpv6 pdptype ip4table ip6table mtu $PROTO_DEFAULT_OPTIONS + json_get_vars device apn pincode delay auth username password allow_roaming allow_partner + json_get_vars dhcp dhcpv6 pdptype ip4table ip6table mtu $PROTO_DEFAULT_OPTIONS + + [ ! -e /proc/sys/net/ipv6 ] && ipv6=0 || json_get_var ipv6 ipv6 [ -n "$ctl_device" ] && device=$ctl_device @@ -65,6 +88,8 @@ _proto_mbim_setup() { echo "mbim[$$]" "Reading capabilities" umbim $DBG -n -d $device caps || { echo "mbim[$$]" "Failed to read modem caps" + tid=$((tid + 1)) + umbim $DBG -t $tid -d "$device" disconnect proto_notify_error "$interface" PIN_FAILED return 1 } @@ -74,6 +99,8 @@ _proto_mbim_setup() { echo "mbim[$$]" "Sending pin" umbim $DBG -n -t $tid -d $device unlock "$pincode" || { echo "mbim[$$]" "Unable to verify PIN" + tid=$((tid + 1)) + umbim $DBG -t $tid -d "$device" disconnect proto_notify_error "$interface" PIN_FAILED proto_block_restart "$interface" return 1 @@ -82,8 +109,11 @@ _proto_mbim_setup() { tid=$((tid + 1)) echo "mbim[$$]" "Checking pin" - umbim $DBG -n -t $tid -d $device pinstate || { + umbim $DBG -n -t $tid -d $device pinstate + [ $? -eq 2 ] && { echo "mbim[$$]" "PIN required" + tid=$((tid + 1)) + umbim $DBG -t $tid -d "$device" disconnect proto_notify_error "$interface" PIN_FAILED proto_block_restart "$interface" return 1 @@ -93,55 +123,177 @@ _proto_mbim_setup() { echo "mbim[$$]" "Checking subscriber" umbim $DBG -n -t $tid -d $device subscriber || { echo "mbim[$$]" "Subscriber init failed" + tid=$((tid + 1)) + umbim $DBG -t $tid -d "$device" disconnect proto_notify_error "$interface" NO_SUBSCRIBER return 1 } tid=$((tid + 1)) echo "mbim[$$]" "Register with network" - umbim $DBG -n -t $tid -d $device registration || { - echo "mbim[$$]" "Subscriber registration failed" + connected=0 + umbim $DBG -n -t $tid -d $device registration + reg_status=$? + case $reg_status in + 0) echo "mbim[$$]" "Registered in home mode" + tid=$((tid + 1)) + connected=1;; + 4) if [ "$allow_roaming" = "1" ]; then + echo "mbim[$$]" "Registered in roaming mode" + tid=$((tid + 1)) + connected=1 + fi;; + 5) if [ "$allow_partner" = "1" ]; then + echo "mbim[$$]" "Registered in partner mode" + tid=$((tid + 1)) + connected=1 + fi;; + esac + if [ $connected -ne 1 ]; then + echo "mbim[$$]" "Subscriber registration failed (code $reg_status)" + tid=$((tid + 1)) + umbim $DBG -t $tid -d "$device" disconnect proto_notify_error "$interface" NO_REGISTRATION return 1 - } - tid=$((tid + 1)) + fi echo "mbim[$$]" "Attach to network" umbim $DBG -n -t $tid -d $device attach || { echo "mbim[$$]" "Failed to attach to network" + tid=$((tid + 1)) + umbim $DBG -t $tid -d "$device" disconnect proto_notify_error "$interface" ATTACH_FAILED return 1 } tid=$((tid + 1)) + pdptype=$(echo "$pdptype" | awk '{print tolower($0)}') + [ "$ipv6" = 0 ] && pdptype="ipv4" + + local req_pdptype="" # Pass "default" PDP type to umbim if unconfigured + [ "$pdptype" = "ipv4" -o "$pdptype" = "ipv6" -o "$pdptype" = "ipv4v6" ] && req_pdptype="$pdptype:" + + local connect_state echo "mbim[$$]" "Connect to network" - while ! umbim $DBG -n -t $tid -d $device connect "$apn" "$auth" "$username" "$password"; do + connect_state=$(umbim $DBG -n -t $tid -d $device connect "$req_pdptype$apn" "$auth" "$username" "$password") || { + echo "mbim[$$]" "Failed to connect bearer" tid=$((tid + 1)) - sleep 1; - done + umbim $DBG -t $tid -d "$device" disconnect + proto_notify_error "$interface" CONNECT_FAILED + return 1 + } tid=$((tid + 1)) - uci_set_state network $interface tid "$tid" + echo "$connect_state" + local iptype="$(echo "$connect_state" | grep iptype: | awk '{print $4}')" + + echo "mbim[$$]" "Connected" + + local zone="$(fw3 -q network "$interface" 2>/dev/null)" + + echo "mbim[$$]" "Setting up $ifname" + local mbimconfig="$(umbim $DBG -n -t $tid -d $device config)" + echo "$mbimconfig" + tid=$((tid + 1)) - echo "mbim[$$]" "Connected, starting DHCP" proto_init_update "$ifname" 1 proto_send_update "$interface" - json_init - json_add_string name "${interface}_4" - json_add_string ifname "@$interface" - json_add_string proto "dhcp" - proto_add_dynamic_defaults - json_close_object - ubus call network add_dynamic "$(json_dump)" - - json_init - json_add_string name "${interface}_6" - json_add_string ifname "@$interface" - json_add_string proto "dhcpv6" - json_add_string extendprefix 1 - proto_add_dynamic_defaults - ubus call network add_dynamic "$(json_dump)" + [ -z "$dhcp" ] && dhcp="auto" + [ -z "$dhcpv6" ] && dhcpv6="auto" + + [ "$iptype" != "ipv6" ] && { + json_init + json_add_string name "${interface}_4" + json_add_string ifname "@$interface" + ipv4address=$(_proto_mbim_get_field ipv4address "$mbimconfig") + if [ -n "$ipv4address" -a "$dhcp" != 1 ]; then + json_add_string proto "static" + + json_add_array ipaddr + for address in $ipv4address; do + json_add_string "" "$address" + done + json_close_array + + json_add_string gateway $(_proto_mbim_get_field ipv4gateway "$mbimconfig") + elif [ "$dhcp" != 0 ]; then + echo "mbim[$$]" "Starting DHCP on $ifname" + json_add_string proto "dhcp" + fi + + [ "$peerdns" = 0 -a "$dhcp" != 1 ] || { + json_add_array dns + for server in $(_proto_mbim_get_field ipv4dnsserver "$mbimconfig"); do + json_add_string "" "$server" + done + json_close_array + } + + proto_add_dynamic_defaults + [ -n "$zone" ] && json_add_string zone "$zone" + [ -n "$ip4table" ] && json_add_string ip4table "$ip4table" + json_close_object + ubus call network add_dynamic "$(json_dump)" + } + + [ "$iptype" != "ipv4" ] && { + json_init + json_add_string name "${interface}_6" + json_add_string ifname "@$interface" + ipv6address=$(_proto_mbim_get_field ipv6address "$mbimconfig") + if [ -n "$ipv6address" -a "$dhcpv6" != 1 ]; then + json_add_string proto "static" + + json_add_array ip6addr + for address in $ipv6address; do + json_add_string "" "$address" + done + json_close_array + + json_add_array ip6prefix + for address in $ipv6address; do + json_add_string "" "$address" + done + json_close_array + + json_add_string ip6gw $(_proto_mbim_get_field ipv6gateway "$mbimconfig") + + elif [ "$dhcpv6" != 0 ]; then + echo "mbim[$$]" "Starting DHCPv6 on $ifname" + json_add_string proto "dhcpv6" + json_add_string extendprefix 1 + fi + + [ "$peerdns" = 0 -a "$dhcpv6" != 1 ] || { + json_add_array dns + for server in $(_proto_mbim_get_field ipv6dnsserver "$mbimconfig"); do + json_add_string "" "$server" + done + json_close_array + } + + proto_add_dynamic_defaults + [ -n "$zone" ] && json_add_string zone "$zone" + [ -n "$ip6table" ] && json_add_string ip6table "$ip6table" + json_close_object + ubus call network add_dynamic "$(json_dump)" + } + + [ -z "$mtu" ] && { + local ipv4mtu=$(_proto_mbim_get_field ipv4mtu "$mbimconfig") + ipv4mtu="${ipv4mtu:-0}" + local ipv6mtu=$(_proto_mbim_get_field ipv6mtu "$mbimconfig") + ipv6mtu="${ipv6mtu:-0}" + + mtu=$((ipv6mtu > ipv4mtu ? ipv6mtu : ipv4mtu)) + } + [ -n "$mtu" -a "$mtu" != 0 ] && { + echo Setting MTU of $ifname to $mtu + /sbin/ip link set dev $ifname mtu $mtu + } + + uci_set_state network $interface tid "$tid" } proto_mbim_setup() { @@ -169,7 +321,7 @@ proto_mbim_teardown() { echo "mbim[$$]" "Stopping network" [ -n "$tid" ] && { - umbim $DBG -t$tid -d "$device" disconnect + umbim $DBG -t $tid -d "$device" disconnect uci_revert_state network $interface tid } diff --git a/package/network/utils/uqmi/Makefile b/package/network/utils/uqmi/Makefile index 53ca67230b6..6753e47cdb7 100644 --- a/package/network/utils/uqmi/Makefile +++ b/package/network/utils/uqmi/Makefile @@ -1,19 +1,20 @@ include $(TOPDIR)/rules.mk PKG_NAME:=uqmi -PKG_RELEASE:=3 +PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/uqmi.git -PKG_SOURCE_DATE:=2020-11-22 -PKG_SOURCE_VERSION:=0a19b5b77140465c29e2afa7d611fe93abc9672f -PKG_MIRROR_HASH:=0a6641f8e167efd21d464b0b2aeb1fec5f974dddcdb8822fbd5d7190d0b741b4 +PKG_SOURCE_DATE:=2024-01-16 +PKG_SOURCE_VERSION:=c3488b831ce6285c8107704156b9b8ed7d59deb3 +PKG_MIRROR_HASH:=3ca47f2ae22bc1adcb05560e6dbea824063fa914670c13f107e7e78f33399779 PKG_MAINTAINER:=Matti Laakso <malaakso@elisanet.fi> PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:= PKG_FLAGS:=nonshared +PKG_BUILD_FLAGS:=gc-sections include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk @@ -32,9 +33,9 @@ define Package/uqmi/description endef TARGET_CFLAGS += \ - -I$(STAGING_DIR)/usr/include -ffunction-sections -fdata-sections - -TARGET_LDFLAGS += -Wl,--gc-sections + -I$(STAGING_DIR)/usr/include \ + -Wno-error=dangling-pointer \ + -Wno-error=maybe-uninitialized CMAKE_OPTIONS += \ -DDEBUG=1 diff --git a/package/network/utils/uqmi/files/lib/netifd/proto/qmi.sh b/package/network/utils/uqmi/files/lib/netifd/proto/qmi.sh index c0134f44dde..49fd87ff9d1 100755 --- a/package/network/utils/uqmi/files/lib/netifd/proto/qmi.sh +++ b/package/network/utils/uqmi/files/lib/netifd/proto/qmi.sh @@ -11,6 +11,7 @@ proto_qmi_init_config() { no_device=1 proto_config_add_string "device:device" proto_config_add_string apn + proto_config_add_string v6apn proto_config_add_string auth proto_config_add_string username proto_config_add_string password @@ -19,6 +20,7 @@ proto_qmi_init_config() { proto_config_add_string modes proto_config_add_string pdptype proto_config_add_int profile + proto_config_add_int v6profile proto_config_add_boolean dhcp proto_config_add_boolean dhcpv6 proto_config_add_boolean autoconnect @@ -31,14 +33,15 @@ proto_qmi_init_config() { proto_qmi_setup() { local interface="$1" local dataformat connstat plmn_mode mcc mnc - local device apn auth username password pincode delay modes pdptype - local profile dhcp dhcpv6 autoconnect plmn timeout mtu $PROTO_DEFAULT_OPTIONS + local device apn v6apn auth username password pincode delay modes pdptype + local profile v6profile dhcp dhcpv6 autoconnect plmn timeout mtu $PROTO_DEFAULT_OPTIONS local ip4table ip6table local cid_4 pdh_4 cid_6 pdh_6 local ip_6 ip_prefix_length gateway_6 dns1_6 dns2_6 + local profile_pdptype - json_get_vars device apn auth username password pincode delay modes - json_get_vars pdptype profile dhcp dhcpv6 autoconnect plmn ip4table + json_get_vars device apn v6apn auth username password pincode delay modes + json_get_vars pdptype profile v6profile dhcp dhcpv6 autoconnect plmn ip4table json_get_vars ip6table timeout mtu $PROTO_DEFAULT_OPTIONS [ "$timeout" = "" ] && timeout="10" @@ -81,7 +84,9 @@ proto_qmi_setup() { echo "Waiting for SIM initialization" local uninitialized_timeout=0 - while uqmi -s -d "$device" --get-pin-status | grep '"UIM uninitialized"' > /dev/null; do + # timeout 3s for first call to avoid hanging uqmi + uqmi -d "$device" -t 3000 --get-pin-status > /dev/null 2>&1 + while uqmi -s -d "$device" -t 1000 --get-pin-status | grep '"UIM uninitialized"' > /dev/null; do [ -e "$device" ] || return 1 if [ "$uninitialized_timeout" -lt "$timeout" -o "$timeout" = "0" ]; then let uninitialized_timeout++ @@ -94,9 +99,41 @@ proto_qmi_setup() { fi done - if uqmi -s -d "$device" --get-pin-status | grep '"Not supported"\|"Invalid QMI command"' > /dev/null; then + # Check if UIM application is stuck in illegal state + local uim_state_timeout=0 + while true; do + json_load "$(uqmi -s -d "$device" -t 1000 --uim-get-sim-state)" + json_get_var card_application_state card_application_state + + # SIM card is either completely absent or state is labeled as illegal + # Try to power-cycle the SIM card to recover from this state + if [ -z "$card_application_state" -o "$card_application_state" = "illegal" ]; then + echo "SIM in illegal state - Power-cycling SIM" + + # Try to reset SIM application + uqmi -d "$device" -t 1000 --uim-power-off --uim-slot 1 + sleep 3 + uqmi -d "$device" -t 1000 --uim-power-on --uim-slot 1 + + if [ "$uim_state_timeout" -lt "$timeout" ] || [ "$timeout" = "0" ]; then + let uim_state_timeout++ + sleep 1 + continue + fi + + # Recovery failed + proto_notify_error "$interface" SIM_ILLEGAL_STATE + proto_block_restart "$interface" + return 1 + else + break + fi + done + + if uqmi -s -d "$device" -t 1000 --uim-get-sim-state | grep -q '"Not supported"\|"Invalid QMI command"' && + uqmi -s -d "$device" -t 1000 --get-pin-status | grep -q '"Not supported"\|"Invalid QMI command"' ; then [ -n "$pincode" ] && { - uqmi -s -d "$device" --verify-pin1 "$pincode" > /dev/null || uqmi -s -d "$device" --uim-verify-pin1 "$pincode" > /dev/null || { + uqmi -s -d "$device" -t 1000 --verify-pin1 "$pincode" > /dev/null || uqmi -s -d "$device" -t 1000 --uim-verify-pin1 "$pincode" > /dev/null || { echo "Unable to verify PIN" proto_notify_error "$interface" PIN_FAILED proto_block_restart "$interface" @@ -104,9 +141,12 @@ proto_qmi_setup() { } } else - . /usr/share/libubox/jshn.sh - json_load "$(uqmi -s -d "$device" --get-pin-status)" + json_load "$(uqmi -s -d "$device" -t 1000 --get-pin-status)" json_get_var pin1_status pin1_status + if [ -z "$pin1_status" ]; then + json_load "$(uqmi -s -d "$device" -t 1000 --uim-get-sim-state)" + json_get_var pin1_status pin1_status + fi json_get_var pin1_verify_tries pin1_verify_tries case "$pin1_status" in @@ -127,7 +167,7 @@ proto_qmi_setup() { return 1 } if [ -n "$pincode" ]; then - uqmi -s -d "$device" --verify-pin1 "$pincode" > /dev/null 2>&1 || uqmi -s -d "$device" --uim-verify-pin1 "$pincode" > /dev/null 2>&1 || { + uqmi -s -d "$device" -t 1000 --verify-pin1 "$pincode" > /dev/null 2>&1 || uqmi -s -d "$device" -t 1000 --uim-verify-pin1 "$pincode" > /dev/null 2>&1 || { echo "Unable to verify PIN" proto_notify_error "$interface" PIN_FAILED proto_block_restart "$interface" @@ -144,16 +184,17 @@ proto_qmi_setup() { echo "PIN already verified" ;; *) - echo "PIN status failed ($pin1_status)" + echo "PIN status failed (${pin1_status:-sim_not_present})" proto_notify_error "$interface" PIN_STATUS_FAILED proto_block_restart "$interface" return 1 ;; esac + json_cleanup fi if [ -n "$plmn" ]; then - json_load "$(uqmi -s -d "$device" --get-plmn)" + json_load "$(uqmi -s -d "$device" -t 1000 --get-plmn)" json_get_var plmn_mode mode json_get_vars mcc mnc || { mcc=0 @@ -176,25 +217,17 @@ proto_qmi_setup() { fi fi - if [ -n "$mcc" -a -n "$mnc" ]; then - uqmi -s -d "$device" --set-plmn --mcc "$mcc" --mnc "$mnc" > /dev/null 2>&1 || { - echo "Unable to set PLMN" - proto_notify_error "$interface" PLMN_FAILED - proto_block_restart "$interface" - return 1 - } - fi - # Cleanup current state if any - uqmi -s -d "$device" --stop-network 0xffffffff --autoconnect > /dev/null 2>&1 + uqmi -s -d "$device" -t 1000 --stop-network 0xffffffff --autoconnect > /dev/null 2>&1 + uqmi -s -d "$device" -t 1000 --set-ip-family ipv6 --stop-network 0xffffffff --autoconnect > /dev/null 2>&1 # Go online - uqmi -s -d "$device" --set-device-operating-mode online > /dev/null 2>&1 + uqmi -s -d "$device" -t 1000 --set-device-operating-mode online > /dev/null 2>&1 # Set IP format - uqmi -s -d "$device" --set-data-format 802.3 > /dev/null 2>&1 - uqmi -s -d "$device" --wda-set-data-format 802.3 > /dev/null 2>&1 - dataformat="$(uqmi -s -d "$device" --wda-get-data-format)" + uqmi -s -d "$device" -t 1000 --set-data-format 802.3 > /dev/null 2>&1 + uqmi -s -d "$device" -t 1000 --wda-set-data-format 802.3 > /dev/null 2>&1 + dataformat="$(uqmi -s -d "$device" -t 1000 --wda-get-data-format)" if [ "$dataformat" = '"raw-ip"' ]; then @@ -207,16 +240,33 @@ proto_qmi_setup() { echo "Y" > /sys/class/net/$ifname/qmi/raw_ip fi - uqmi -s -d "$device" --sync > /dev/null 2>&1 + uqmi -s -d "$device" -t 1000 --sync > /dev/null 2>&1 - uqmi -s -d "$device" --network-register > /dev/null 2>&1 + uqmi -s -d "$device" -t 20000 --network-register > /dev/null 2>&1 + + # PLMN selection must happen after the call to network-register + if [ -n "$mcc" -a -n "$mnc" ]; then + uqmi -s -d "$device" -t 1000 --set-plmn --mcc "$mcc" --mnc "$mnc" > /dev/null 2>&1 || { + echo "Unable to set PLMN" + proto_notify_error "$interface" PLMN_FAILED + proto_block_restart "$interface" + return 1 + } + fi + + [ -n "$modes" ] && { + uqmi -s -d "$device" -t 1000 --set-network-modes "$modes" > /dev/null 2>&1 + sleep 3 + # Scan network to not rely on registration-timeout after RAT change + uqmi -s -d "$device" -t 30000 --network-scan > /dev/null 2>&1 + } echo "Waiting for network registration" - sleep 1 + sleep 5 local registration_timeout=0 local registration_state="" while true; do - registration_state=$(uqmi -s -d "$device" --get-serving-system 2>/dev/null | jsonfilter -e "@.registration" 2>/dev/null) + registration_state=$(uqmi -s -d "$device" -t 1000 --get-serving-system 2>/dev/null | jsonfilter -e "@.registration" 2>/dev/null) [ "$registration_state" = "registered" ] && break @@ -224,7 +274,7 @@ proto_qmi_setup() { if [ "$registration_timeout" -lt "$timeout" ] || [ "$timeout" = "0" ]; then [ "$registration_state" = "searching" ] || { echo "Device stopped network registration. Restart network registration" - uqmi -s -d "$device" --network-register > /dev/null 2>&1 + uqmi -s -d "$device" -t 20000 --network-register > /dev/null 2>&1 } let registration_timeout++ sleep 1 @@ -237,17 +287,23 @@ proto_qmi_setup() { fi proto_notify_error "$interface" NETWORK_REGISTRATION_FAILED - proto_block_restart "$interface" return 1 done - [ -n "$modes" ] && uqmi -s -d "$device" --set-network-modes "$modes" > /dev/null 2>&1 echo "Starting network $interface" - pdptype=$(echo "$pdptype" | awk '{print tolower($0)}') + pdptype="$(echo "$pdptype" | awk '{print tolower($0)}')" + [ "$pdptype" = "ip" -o "$pdptype" = "ipv6" -o "$pdptype" = "ipv4v6" ] || pdptype="ip" + # Configure PDP type and APN for profile 1. + # In case GGSN rejects IPv4v6 PDP, modem might not be able to + # establish a non-LTE data session. + profile_pdptype="$pdptype" + [ "$profile_pdptype" = "ip" ] && profile_pdptype="ipv4" + uqmi -s -d "$device" -t 1000 --modify-profile "3gpp,1" --apn "$apn" --pdp-type "$profile_pdptype" > /dev/null 2>&1 + if [ "$pdptype" = "ip" ]; then [ -z "$autoconnect" ] && autoconnect=1 [ "$autoconnect" = 0 ] && autoconnect="" @@ -256,16 +312,16 @@ proto_qmi_setup() { fi [ "$pdptype" = "ip" -o "$pdptype" = "ipv4v6" ] && { - cid_4=$(uqmi -s -d "$device" --get-client-id wds) + cid_4=$(uqmi -s -d "$device" -t 1000 --get-client-id wds) if ! [ "$cid_4" -eq "$cid_4" ] 2> /dev/null; then echo "Unable to obtain client ID" proto_notify_error "$interface" NO_CID return 1 fi - uqmi -s -d "$device" --set-client-id wds,"$cid_4" --set-ip-family ipv4 > /dev/null 2>&1 + uqmi -s -d "$device" -t 1000 --set-client-id wds,"$cid_4" --set-ip-family ipv4 > /dev/null 2>&1 - pdh_4=$(uqmi -s -d "$device" --set-client-id wds,"$cid_4" \ + pdh_4=$(uqmi -s -d "$device" -t 5000 --set-client-id wds,"$cid_4" \ --start-network \ ${apn:+--apn $apn} \ ${profile:+--profile $profile} \ @@ -277,35 +333,38 @@ proto_qmi_setup() { # pdh_4 is a numeric value on success if ! [ "$pdh_4" -eq "$pdh_4" ] 2> /dev/null; then echo "Unable to connect IPv4" - uqmi -s -d "$device" --set-client-id wds,"$cid_4" --release-client-id wds > /dev/null 2>&1 + uqmi -s -d "$device" -t 1000 --set-client-id wds,"$cid_4" --release-client-id wds > /dev/null 2>&1 proto_notify_error "$interface" CALL_FAILED return 1 fi # Check data connection state - connstat=$(uqmi -s -d "$device" --get-data-status) + connstat=$(uqmi -s -d "$device" -t 1000 --set-client-id wds,"$cid_4" --get-data-status) [ "$connstat" == '"connected"' ] || { echo "No data link!" - uqmi -s -d "$device" --set-client-id wds,"$cid_4" --release-client-id wds > /dev/null 2>&1 + uqmi -s -d "$device" -t 1000 --set-client-id wds,"$cid_4" --release-client-id wds > /dev/null 2>&1 proto_notify_error "$interface" CALL_FAILED return 1 } } [ "$pdptype" = "ipv6" -o "$pdptype" = "ipv4v6" ] && { - cid_6=$(uqmi -s -d "$device" --get-client-id wds) + cid_6=$(uqmi -s -d "$device" -t 1000 --get-client-id wds) if ! [ "$cid_6" -eq "$cid_6" ] 2> /dev/null; then echo "Unable to obtain client ID" proto_notify_error "$interface" NO_CID return 1 fi - uqmi -s -d "$device" --set-client-id wds,"$cid_6" --set-ip-family ipv6 > /dev/null 2>&1 + uqmi -s -d "$device" -t 1000 --set-client-id wds,"$cid_6" --set-ip-family ipv6 > /dev/null 2>&1 + + : "${v6apn:=${apn}}" + : "${v6profile:=${profile}}" - pdh_6=$(uqmi -s -d "$device" --set-client-id wds,"$cid_6" \ + pdh_6=$(uqmi -s -d "$device" -t 5000 --set-client-id wds,"$cid_6" \ --start-network \ - ${apn:+--apn $apn} \ - ${profile:+--profile $profile} \ + ${v6apn:+--apn $v6apn} \ + ${v6profile:+--profile $v6profile} \ ${auth:+--auth-type $auth} \ ${username:+--username $username} \ ${password:+--password $password} \ @@ -314,16 +373,16 @@ proto_qmi_setup() { # pdh_6 is a numeric value on success if ! [ "$pdh_6" -eq "$pdh_6" ] 2> /dev/null; then echo "Unable to connect IPv6" - uqmi -s -d "$device" --set-client-id wds,"$cid_6" --release-client-id wds > /dev/null 2>&1 + uqmi -s -d "$device" -t 1000 --set-client-id wds,"$cid_6" --release-client-id wds > /dev/null 2>&1 proto_notify_error "$interface" CALL_FAILED return 1 fi # Check data connection state - connstat=$(uqmi -s -d "$device" --get-data-status) + connstat=$(uqmi -s -d "$device" -t 1000 --set-client-id wds,"$cid_6" --set-ip-family ipv6 --get-data-status) [ "$connstat" == '"connected"' ] || { echo "No data link!" - uqmi -s -d "$device" --set-client-id wds,"$cid_6" --release-client-id wds > /dev/null 2>&1 + uqmi -s -d "$device" -t 1000 --set-client-id wds,"$cid_6" --release-client-id wds > /dev/null 2>&1 proto_notify_error "$interface" CALL_FAILED return 1 } @@ -348,7 +407,7 @@ proto_qmi_setup() { [ -n "$pdh_6" ] && { if [ -z "$dhcpv6" -o "$dhcpv6" = 0 ]; then - json_load "$(uqmi -s -d $device --set-client-id wds,$cid_6 --get-current-settings)" + json_load "$(uqmi -s -d $device -t 1000 --set-client-id wds,$cid_6 --get-current-settings)" json_select ipv6 json_get_var ip_6 ip json_get_var gateway_6 gateway @@ -376,6 +435,7 @@ proto_qmi_setup() { json_init json_add_string name "${interface}_6" json_add_string ifname "@$interface" + [ "$pdptype" = "ipv4v6" ] && json_add_string iface_464xlat "0" json_add_string proto "dhcpv6" [ -n "$ip6table" ] && json_add_string ip6table "$ip6table" proto_add_dynamic_defaults @@ -389,7 +449,7 @@ proto_qmi_setup() { [ -n "$pdh_4" ] && { if [ "$dhcp" = 0 ]; then - json_load "$(uqmi -s -d $device --set-client-id wds,$cid_4 --get-current-settings)" + json_load "$(uqmi -s -d $device -t 1000 --set-client-id wds,$cid_4 --get-current-settings)" json_select ipv4 json_get_var ip_4 ip json_get_var gateway_4 gateway @@ -432,16 +492,16 @@ qmi_wds_stop() { [ -n "$cid" ] || return - uqmi -s -d "$device" --set-client-id wds,"$cid" \ + uqmi -s -d "$device" -t 1000 --set-client-id wds,"$cid" \ --stop-network 0xffffffff \ --autoconnect > /dev/null 2>&1 [ -n "$pdh" ] && { - uqmi -s -d "$device" --set-client-id wds,"$cid" \ + uqmi -s -d "$device" -t 1000 --set-client-id wds,"$cid" \ --stop-network "$pdh" > /dev/null 2>&1 } - uqmi -s -d "$device" --set-client-id wds,"$cid" \ + uqmi -s -d "$device" -t 1000 --set-client-id wds,"$cid" \ --release-client-id wds > /dev/null 2>&1 } diff --git a/package/network/utils/wireguard-tools/Makefile b/package/network/utils/wireguard-tools/Makefile index 5f8da147c16..e2a86c97d8d 100644 --- a/package/network/utils/wireguard-tools/Makefile +++ b/package/network/utils/wireguard-tools/Makefile @@ -7,16 +7,15 @@ # See /LICENSE for more information. include $(TOPDIR)/rules.mk -include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=wireguard-tools -PKG_VERSION:=1.0.20210223 -PKG_RELEASE:=2 +PKG_VERSION:=1.0.20210914 +PKG_RELEASE:=3 PKG_SOURCE:=wireguard-tools-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-tools/snapshot/ -PKG_HASH:=1f72da217044622d79e0bab57779e136a3df795e3761a3fc1dc0941a9055877c +PKG_HASH:=97ff31489217bb265b7ae850d3d0f335ab07d2652ba1feec88b734bc96bd05ac PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING @@ -24,7 +23,6 @@ PKG_LICENSE_FILES:=COPYING PKG_BUILD_PARALLEL:=1 include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/package-defaults.mk MAKE_PATH:=src MAKE_VARS += PLATFORM=linux diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh index 63261aea71d..f6ad967b404 100644 --- a/package/network/utils/wireguard-tools/files/wireguard.sh +++ b/package/network/utils/wireguard-tools/files/wireguard.sh @@ -26,6 +26,7 @@ proto_wireguard_init_config() { proto_wireguard_setup_peer() { local peer_config="$1" + local disabled local public_key local preshared_key local allowed_ips @@ -34,6 +35,7 @@ proto_wireguard_setup_peer() { local endpoint_port local persistent_keepalive + config_get_bool disabled "${peer_config}" "disabled" 0 config_get public_key "${peer_config}" "public_key" config_get preshared_key "${peer_config}" "preshared_key" config_get allowed_ips "${peer_config}" "allowed_ips" @@ -42,6 +44,11 @@ proto_wireguard_setup_peer() { config_get endpoint_port "${peer_config}" "endpoint_port" config_get persistent_keepalive "${peer_config}" "persistent_keepalive" + if [ "${disabled}" -eq 1 ]; then + # skip disabled peers + return 0 + fi + if [ -z "$public_key" ]; then echo "Skipping peer config $peer_config because public key is not defined." return 0 @@ -95,6 +102,23 @@ proto_wireguard_setup_peer() { fi } +ensure_key_is_generated() { + local private_key + private_key="$(uci get network."$1".private_key)" + + if [ "$private_key" == "generate" ]; then + local ucitmp + oldmask="$(umask)" + umask 077 + ucitmp="$(mktemp -d)" + private_key="$("${WG}" genkey)" + uci -q -t "$ucitmp" set network."$1".private_key="$private_key" && \ + uci -q -t "$ucitmp" commit network + rm -rf "$ucitmp" + umask "$oldmask" + fi +} + proto_wireguard_setup() { local config="$1" local wg_dir="/tmp/wireguard" @@ -104,6 +128,8 @@ proto_wireguard_setup() { local listen_port local mtu + ensure_key_is_generated "${config}" + config_load network config_get private_key "${config}" "private_key" config_get listen_port "${config}" "listen_port" diff --git a/package/network/utils/wireguard-tools/files/wireguard_watchdog b/package/network/utils/wireguard-tools/files/wireguard_watchdog index c0a5a0aa33c..fc90f4a25b3 100644 --- a/package/network/utils/wireguard-tools/files/wireguard_watchdog +++ b/package/network/utils/wireguard-tools/files/wireguard_watchdog @@ -17,6 +17,7 @@ check_peer_activity() { local cfg=$1 local iface=$2 + local disabled local public_key local endpoint_host local endpoint_port @@ -24,9 +25,16 @@ check_peer_activity() { local last_handshake local idle_seconds + config_get_bool disabled "${cfg}" "disabled" 0 config_get public_key "${cfg}" "public_key" config_get endpoint_host "${cfg}" "endpoint_host" config_get endpoint_port "${cfg}" "endpoint_port" + + if [ "${disabled}" -eq 1 ]; then + # skip disabled peers + return 0 + fi + persistent_keepalive=$(wg show ${iface} persistent-keepalive | grep ${public_key} | awk '{print $2}') # only process peers with endpoints and keepalive set @@ -51,7 +59,7 @@ check_peer_activity() { } # query ubus for all active wireguard interfaces -wg_ifaces=$(ubus -S call network.interface dump | jsonfilter -e '@.interface[@.up=true]' | jsonfilter -a -e '@[@.proto="wireguard"].interface' | tr "\n" " ") +eval $(ubus -S call network.interface dump | jsonfilter -e 'wg_ifaces=@.interface[@.up=true && @.proto="wireguard"].interface') # check every peer in every active wireguard interface config_load network diff --git a/package/network/utils/wireless-tools/Makefile b/package/network/utils/wireless-tools/Makefile index 52e246a59c8..6ac66a056a0 100644 --- a/package/network/utils/wireless-tools/Makefile +++ b/package/network/utils/wireless-tools/Makefile @@ -8,6 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wireless-tools +PKG_CPE_ID:=cpe:/a:wireless_tools_project:wireless_tools PKG_VERSION:=29 PKG_MINOR:= PKG_RELEASE:=6 diff --git a/package/network/utils/wpan-tools/Makefile b/package/network/utils/wpan-tools/Makefile index 060aaf50468..7b2cfe7a602 100644 --- a/package/network/utils/wpan-tools/Makefile +++ b/package/network/utils/wpan-tools/Makefile @@ -1,18 +1,17 @@ +# SPDX-License-Identifier: GPL-2.0-only # # Copyright (C) 2015 OpenWrt.org # -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# include $(TOPDIR)/rules.mk PKG_NAME:=wpan-tools -PKG_VERSION:=0.7 +PKG_VERSION:=0.9 +PKG_RELEASE=1 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=http://wpan.cakelab.org/releases/ -PKG_HASH:=c16de9d7861c2d9b6a4436a0fac730f9f545ee290b92bc770c538ec6a3f22309 +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://github.com/linux-wpan/wpan-tools/releases/download/$(PKG_NAME)-$(PKG_VERSION)/$(PKG_NAME)-$(PKG_VERSION).tar.gz? +PKG_HASH:=fa76d9c1874220e4b1f91c226f42baf1e372ea8ccf4b892effaf0d164448f608 include $(INCLUDE_DIR)/package.mk @@ -20,7 +19,7 @@ define Package/wpan-tools SECTION:=net CATEGORY:=Network TITLE:=cfg802154 interface configuration utility - URL:=http://wpan.cakelab.org/ + URL:=https://linux-wpan.org/wpan-tools.html DEPENDS:= +libnl endef diff --git a/package/network/utils/wpan-tools/patches/001-src-nl_extras.h-fix-compatibility-with-libnl-3.3.0.patch b/package/network/utils/wpan-tools/patches/001-src-nl_extras.h-fix-compatibility-with-libnl-3.3.0.patch deleted file mode 100644 index 1370854b6b5..00000000000 --- a/package/network/utils/wpan-tools/patches/001-src-nl_extras.h-fix-compatibility-with-libnl-3.3.0.patch +++ /dev/null @@ -1,44 +0,0 @@ -From bb522bd584f05e6658d5dba97f48ca018f46394c Mon Sep 17 00:00:00 2001 -From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> -Date: Sat, 6 May 2017 14:36:08 +0200 -Subject: [PATCH] src/nl_extras.h: fix compatibility with libnl 3.3.0 - -nl_extras.h defines a set of nla_set_s*() functions if not provided by -libnl. They are provided by libnl since version 3.2.26. The test -(LIBNL_VER_MIC <= 26) was working fine while libnl was in the 3.2.x -series, but now that they have incremented the minor version, the -micro version was reset to 0, with the latest libnl version being -3.3.0. - -Due to this, the condition (LIBNL_VER_MIC <= 26) is true, and we get -redefinition errors because nl_extras.h redefines functions already -provided by libnl. - -This commit improves the condition so that nl_extras.h provides the -missing functions only if the minor version is < 2, or if minor is 2 -and micro is < 26. - -Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> ---- - src/nl_extras.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/src/nl_extras.h -+++ b/src/nl_extras.h -@@ -1,7 +1,7 @@ - #ifndef __NL_EXTRAS_H - #define __NL_EXTRAS_H - --#if LIBNL_VER_MIC <= 26 -+#if (LIBNL_VER_MIN < 2) || (LIBNL_VER_MIN == 2) && (LIBNL_VER_MIC <= 26) - - #ifndef NLA_S8 - -@@ -45,6 +45,6 @@ static inline int32_t nla_get_s32(struct - - #endif /* NLA_S64 */ - --#endif /* LIBNL_VER_MIC */ -+#endif /* LIBNL_VER_* */ - - #endif /* __NL_EXTRAS_H */ diff --git a/package/network/utils/wwan/Makefile b/package/network/utils/wwan/Makefile index 1c5a5e6669f..19404383cb7 100644 --- a/package/network/utils/wwan/Makefile +++ b/package/network/utils/wwan/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wwan PKG_VERSION:=2019-04-29 -PKG_RELEASE=5 +PKG_RELEASE=6 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:= diff --git a/package/network/utils/wwan/files/data/0e8d-00a5 b/package/network/utils/wwan/files/data/0e8d-00a5 new file mode 100644 index 00000000000..23a7ce36161 --- /dev/null +++ b/package/network/utils/wwan/files/data/0e8d-00a5 @@ -0,0 +1,5 @@ +{ + "desc": "Medion S4222", + "control": 2, + "data": 0 +} diff --git a/package/network/utils/xdp-tools/Makefile b/package/network/utils/xdp-tools/Makefile new file mode 100644 index 00000000000..dba775e4ea1 --- /dev/null +++ b/package/network/utils/xdp-tools/Makefile @@ -0,0 +1,139 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=xdp-tools +PKG_RELEASE:=1 +PKG_VERSION:=1.2.9 +PKG_HASH:=159ed8d3c8195d812ec3cde83bd736245a72743af372998320d39c2ba69ab142 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/xdp-project/xdp-tools/tar.gz/v$(PKG_VERSION)? +PKG_ABI_VERSION:=$(call abi_version_str,$(PKG_VERSION)) + +PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org> + +PKG_BUILD_DEPENDS:=bpf-headers +PKG_FLAGS:=nonshared + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/bpf.mk +include $(INCLUDE_DIR)/nls.mk + +PKG_BUILD_PARALLEL:=1 +PKG_INSTALL:=1 + +define Package/libxdp + SECTION:=libs + CATEGORY:=Libraries + TITLE:=libxdp - Library for use with XDP + LICENSE:=LGPL-2.1 OR BSD-2-Clause + ABI_VERSION:=$(PKG_ABI_VERSION) + URL:=https://github.com/xdp-project/xdp-tools/ + DEPENDS:=+libbpf $(BPF_DEPENDS) +endef + +define Package/libxdp/description +libxdp - library for attaching XDP programs and using AF_XDP sockets +endef + +define Package/xdp-tools/Default + SECTION:=net + CATEGORY:=Network + LICENSE:=GPL-2.0-only + URL:=https://github.com/xdp-project/xdp-tools/ + DEPENDS:=+libxdp +endef + +define Package/xdp-filter +$(call Package/xdp-tools/Default) + TITLE:=xdp-filter - a simple XDP-powered packet filter +endef + +define Package/xdp-filter/description +xdp-filter is a packet filtering utility powered by XDP. It is deliberately +simple and so does not have the same matching capabilities as, e.g., +netfilter. Instead, thanks to XDP, it can achieve very high drop rates: +tens of millions of packets per second on a single CPU core. +endef + + +define Package/xdp-loader +$(call Package/xdp-tools/Default) + TITLE:=xdp-loader - an XDP program loader +endef + +define Package/xdp-loader/description +xdp-loader is a simple loader for XDP programs with support for attaching +multiple programs to the same interface. To achieve this it exposes the same +load and unload semantics exposed by the libxdp library. +endef + +define Package/xdpdump +$(call Package/xdp-tools/Default) + TITLE:=xdpdump - tool for capturing packets at the XDP layer + DEPENDS+=+libpcap +endef + +define Package/xdpdump/description +xdpdump - a simple tcpdump like tool for capturing packets at the XDP layer +endef + +TARGET_LDFLAGS += $(INTL_LDFLAGS) + +CONFIGURE_VARS += \ + FORCE_SYSTEM_LIBBPF=1 \ + CC="$(TARGET_CC)" \ + CFLAGS="$(TARGET_CFLAGS)" \ + LDFLAGS="$(TARGET_LDFLAGS)" \ + CLANG="$(CLANG)" \ + BPF_TARGET="$(BPF_TARGET)" \ + LLC="$(LLVM_LLC)" + +MAKE_VARS += \ + PREFIX=/usr \ + RUNDIR=/tmp/run + +define Build/Configure + $(call Build/Configure/Default) + echo "BPF_CFLAGS += -I$(BPF_HEADERS_DIR)/tools/lib -fno-stack-protector" >> $(PKG_BUILD_DIR)/config.mk +endef + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include/xdp + $(CP) $(PKG_INSTALL_DIR)/usr/include/xdp/*.h $(1)/usr/include/xdp/ + $(INSTALL_DIR) $(1)/usr/lib/bpf + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxdp.{a,so*} $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/bpf/*.o $(1)/usr/lib/bpf + $(INSTALL_DIR) $(1)/usr/lib/pkgconfig + $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libxdp.pc \ + $(1)/usr/lib/pkgconfig/ + $(SED) 's,/usr/include,$$$${prefix}/include,g' \ + $(1)/usr/lib/pkgconfig/libxdp.pc + $(SED) 's,/usr/lib,$$$${exec_prefix}/lib,g' \ + $(1)/usr/lib/pkgconfig/libxdp.pc +endef + +define Package/xdp-filter/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/xdp-filter $(1)/usr/sbin +endef + +define Package/xdp-loader/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/xdp-loader $(1)/usr/sbin +endef + +define Package/xdpdump/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/xdpdump $(1)/usr/sbin +endef + +define Package/libxdp/install + $(INSTALL_DIR) $(1)/usr/lib/bpf + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxdp.so.* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/bpf/*.o $(1)/usr/lib/bpf +endef + +$(eval $(call BuildPackage,libxdp)) +$(eval $(call BuildPackage,xdp-filter)) +$(eval $(call BuildPackage,xdp-loader)) +$(eval $(call BuildPackage,xdpdump)) diff --git a/package/network/utils/xdp-tools/patches/010-configure-respect-LDFLAGS.patch b/package/network/utils/xdp-tools/patches/010-configure-respect-LDFLAGS.patch new file mode 100644 index 00000000000..e2fbfa57dca --- /dev/null +++ b/package/network/utils/xdp-tools/patches/010-configure-respect-LDFLAGS.patch @@ -0,0 +1,29 @@ +--- a/configure ++++ b/configure +@@ -174,7 +174,7 @@ int main(int argc, char **argv) { + return 0; + } + EOF +- libpcap_err=$($CC -o $TMPDIR/libpcaptest $TMPDIR/libpcaptest.c $LIBPCAP_CFLAGS $LIBPCAP_LDLIBS 2>&1) ++ libpcap_err=$($CC -o $TMPDIR/libpcaptest $TMPDIR/libpcaptest.c $LIBPCAP_CFLAGS $LIBPCAP_LDLIBS $LDFLAGS 2>&1) + if [ "$?" -eq "0" ]; then + echo "HAVE_PCAP:=y" >>$CONFIG + [ -n "$LIBPCAP_CFLAGS" ] && echo 'CFLAGS += ' $LIBPCAP_CFLAGS >> $CONFIG +@@ -222,7 +222,7 @@ int main(int argc, char **argv) { + return 0; + } + EOF +- libbpf_err=$($CC -o $TMPDIR/libbpftest $TMPDIR/libbpftest.c -Werror $LIBBPF_CFLAGS $LIBBPF_LDLIBS 2>&1) ++ libbpf_err=$($CC -o $TMPDIR/libbpftest $TMPDIR/libbpftest.c -Werror $LIBBPF_CFLAGS $LIBBPF_LDLIBS $LDFLAGS 2>&1) + if [ "$?" -eq "0" ]; then + echo "HAVE_FEATURES+=${config_var}" >>"$CONFIG" + echo "yes" +@@ -289,7 +289,7 @@ int main(int argc, char **argv) { + } + EOF + +- libbpf_err=$($CC -o $TMPDIR/libbpftest $TMPDIR/libbpftest.c -Werror $LIBBPF_CFLAGS $LIBBPF_LDLIBS 2>&1) ++ libbpf_err=$($CC -o $TMPDIR/libbpftest $TMPDIR/libbpftest.c -Werror $LIBBPF_CFLAGS $LIBBPF_LDLIBS $LDFLAGS 2>&1) + if [ "$?" -eq "0" ]; then + echo "SYSTEM_LIBBPF:=y" >>$CONFIG + echo "LIBBPF_VERSION=$LIBBPF_VERSION" >>$CONFIG |