aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* kernel: bump 4.19 to 4.19.23Koen Vandeputte2019-02-158-17/+17
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.101Koen Vandeputte2019-02-152-3/+3
| | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-3819 Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.158Koen Vandeputte2019-02-151-2/+2
| | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-3819 Compile-tested on: ar7 Runtime-tested on: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* busybox: update to 1.30.1Hannu Nyman2019-02-141-3/+3
| | | | | | | | | | | | | Minor bugfix release. Fixes for * bc/dc * sed (backslash parsing for 'w' command) * ip (vlan fixes) * grep (fixes for -x -v) * ls (-i compat) No need to refresh patches or config defaults Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* ipq40xx: fix ipq40xx_setup_macs for Linksys EA6350v3Oever González2019-02-141-1/+1
| | | | | | | | | | | | | This commit fixes the script that sets the MAC address of the LAN switch. The LAN MAC address should be the WAN MAC address plus one. Without this patch the WAN and the LAN interface will use the same MAC address and an error will be generated. With this patch all interfaces will have a different MAC address, consecutive in the following order: WAN, LAN, radio0 and radio1. Signed-off-by: Oever González <notengobattery@gmail.com>
* ipq8064: Enabling sata port ipq8064 based devicesRoman Glova2019-02-141-0/+2
| | | | | | | | | | | | | | | | | | | | | | (original text here: https://patchwork.kernel.org/patch/8686761/) On some SOCs PORTS_IMPL register value is never programmed by the BIOS and left at zero value. Which means that no sata ports are avaiable for software. AHCI driver used to cope up with this by fabricating the port_map if the PORTS_IMPL register is read zero, but recent patch broke this workaround as zero value was valid for nvme disks. This patch adds ports-implemented dt bindings as workaround for this issue in a way that DT can dictate the port_map incase where the SOCs does not program it already. This patch is equal to commits: 67f8425d0ee1 ("ipq8064: dts: force AP148 SATA port mapping") 2e7a2c91019c ("ARM: dts: qcom: Move common nodes to ipq8064-v.1.0.dtsi") in the upstream linux kernel. Signed-off-by: Roman Glova <roman_glova@epam.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [added upstream commits, reorg' commit message]
* ath79: add support for I-O DATA WN-AC1600DGRINAGAKI Hiroshi2019-02-148-16/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I-O DATA WN-AC1600DGR is a 2.4/5 GHz band 11ac router, based on Qualcomm Atheros QCA9557. Specification: - SoC: Qualcomm Atheros QCA9557 - RAM: 128 MB - Flash: 16 MB - WLAN: 2.4/5 GHz - 2.4 GHz: 2T2R (SoC internal) - 5 GHz: 3T3R (QCA9880) - Ethernet: 5x 10/100/1000 Mbps - Switch: QCA8337N - LED/key: 6x/6x(4x buttons, 1x slide switch) - UART: through-hole on PCB - Vcc, GND, TX, RX from ethernet port side - 115200n8 Flash instruction using factory image: 1. Connect the computer to the LAN port of WN-AC1600DGR 2. Connect power cable to WN-AC1600DGR and turn on it 3. Access to "http://192.168.0.1/" and open firmware update page ("ファームウェア") 4. Select the OpenWrt factory image and click update ("更新") button 5. Wait ~150 seconds to complete flashing Alternative flash instruction using initramfs image: 1. Prepare a computer and TFTP server software with the IP address "192.168.99.8" and renamed OpenWrt initramfs image "uImageWN-AC1600DGR" 2. Connect between WN-AC1600DGR and the computer with UART 3. Connect power cable to WN-AC1600DGR, press "4" on the serial console and enter the U-Boot console 4. execute "tftpboot" command on the console and download initramfs image from the TFTP server 5. execute "bootm" command and boot OpenWrt 6. On initramfs image, download the sysupgrade image to the device and perform sysupgrade with it 7. Wait ~150 seconds to complete flashing This commit also removes unnecessary "qca,no-eeprom" property from the ath10k wifi node. Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
* ath79: fix qca955x dual pci resource allocationSantiago Piccinini2019-02-141-1/+1
| | | | | | | | Tested with a dual pci QCA9558 board (LibreRouter v1) in three configurations: enabling pcie0 only, pcie1 only and both enabled. Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [removed ML notice]
* ath79: fix qca955x pcie0 memory sizeSantiago Piccinini2019-02-141-1/+1
| | | | | | | | | Datasheet states that both PCI ranges are of 0x2000000 size: 0x1000_0000-0x11FF_FFF and 0x1200_0000-0x13FF_0000. Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net> Reviewed-by: Daniel Golle <daniel@makrotopia.org> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [removed ML notice]
* ipq40xx: add support for ASUS LyraMarius Genheimer2019-02-1412-7/+654
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SoC: Qualcomm IPQ4019 (Dakota) 717 MHz, 4 cores RAM: 256 MiB (Nanya NT5CC128M16IP-DI) FLASH: 128 MiB (Macronix NAND) WiFi0: Qualcomm IPQ4019 b/g/n 2x2 WiFi1: Qualcomm IPQ4019 a/n/ac 2x2 WiFi2: Qualcomm Atheros QCA9886 a/n/ac BT: Atheros AR3012 IN: WPS Button, Reset Button OUT: RGB-LED via TI LP5523 9-channel Controller UART: Front of Device - 115200 N-8 Pinout 3.3v - RX - TX - GND (Square is VCC) Installation: 1. Transfer OpenWRT-initramfs image to the device via SSH to /tmp. Login credentials are identical to the Web UI. 2. Login to the device via SSH. 3. Flash the initramfs image using > mtd-write -d linux -i openwrt-image-file 4. Power-cycle the device and wait for OpenWRT to boot. 5. From there flash the OpenWRT-sysupgrade image. Ethernet-Ports: Although labeled identically, the port next to the power socket is the LAN port and the other one is WAN. This is the same behavior as in the stock firmware. Signed-off-by: Marius Genheimer <mail@f0wl.cc> [Dropped setup_mac 02_network in favour of 05_set_iface_mac_ipq40xx.sh, reorderd 02_network entries, added board.bin WA for the QCA9886 from ath79, minor dts touchup, added rng to 4.19 dts] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ipq40xx: ea6350v3: 4.19: enable pseudo rng supportChristian Lamparter2019-02-141-0/+4
| | | | | | | Robert Marko made a big effort to enable the rng on all ipq40xx for 4.19, so let's continue the quest. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* gemini: Name binary "bootpart.tar.gz"Linus Walleij2019-02-141-2/+2
| | | | | | | | | | This factory binary i supposed to actually be unzipped and untarred by the user as part of the installation process (this NAS boots from harddisk), so name it "bootpart.tar.gz" and not "factory.bin" so it is helpful for users. Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: Add missing config option for kernel 4.19Daniel Engberg2019-02-141-0/+1
| | | | | | Add CONFIG_USB_ROLE_SWITCH otherwise Octeon 4.19 fails compile Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mpc85xx: 4.19: add missing symbolPawel Dembicki2019-02-141-0/+1
| | | | | | | | OCEDO Panda was added in b368373f, but only for 4.14 config. This patch fix 4.19 build for generic and p2020 subtarget. Signed-off-by: Pawel Dembicki <p.dembicki@wb.com.pl>
* ramips: change status LED for Buffalo WHR-G300NINAGAKI Hiroshi2019-02-141-6/+5
| | | | | | | | | | | Buffalo WHR-G300N has a LED for power status indication, but it is not connected to the GPIO and cannot be controlled by the kernel. So, WHR-G300N uses "ROUTER" LED as the system status LED instead. This commit changes it to use "DIAG" LED insted of "ROUTER" like WHR-G301N in ath79 target. Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
* ramips: various Netgear R6120 fixesDavid Bauer2019-02-143-12/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The R6120 has no 5GHz WLAN LED, the assigned GPIO in fact controls the WAN LED. Renames the LED accordingly in the device-tree. Removes the 5GHz WLAN LED trigger. Adds the correct WAN port LED trigger. ---- Currently, the MAC address for the Netgear R6120 is read from the NVRAM partition. The offset for the MAC address however is not consistent across devices or firmware versions. Switch to using the factory partition like all other Netgear devices do. ---- The LAN ports of the R6120 are labled in reverse on the casing. Adjust LuCI switchport numbering accordingly. ---- The WiFi eeprom offsets for the R6120 are currently wrong (5GHz offset is bigger than the partition itself). Fixes poor performance on 2.4 and 5 GHz. Signed-off-by: David Bauer <mail@david-bauer.net>
* ramips: add support for I-O DATA WN-AC1167GRINAGAKI Hiroshi2019-02-144-0/+258
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I-O DATA WN-AC1167GR is a 2.4/5 GHz band 11ac router, based on MediaTek MT7620A. Specification: - SoC : MediaTek MT7620A - RAM : DDR2 64 MB - Flash : SPI-NOR 8MB - WLAN : 2.4/5 GHz, 2T2R - 2.4 GHz: MT7620A (SoC) - 5 GHz : MT7612E - Ethernet: 10/100/1000 Mbps (ext. MT7530) - LED/key : 4x/3x (2x buttons, 1x slide-switch) - UART : through-hole on PCB - J2: TX, GND, RX, Vcc from SoC side - 115200n8 Flash instruction using factory image: 1. Boot WN-AC1167GR normaly 2. Access to "http://192.168.0.1/" and open firmware update page ("ファームウェア") 3. Select the OpenWrt factory image and click update ("更新") button to perform firmware update 4. Wait ~150 seconds to complete flashing Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
* ath79: proper indentation in image/common-tp-link.mkPaul Wassi2019-02-141-1/+1
| | | | | | Add two spaces for proper indentation in image/common-tp-link.mk Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* ath79: fix port order on TL-WR841ND-v7Paul Wassi2019-02-141-3/+3
| | | | | | | | The switch ports are seen one to one on the case. Also remove unneeded secondary port numbers in this case statement. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* ath79: change ledtrig on GL.iNet AR150Paul Wassi2019-02-141-1/+1
| | | | | | | | | Change the ledtrig for LAN from netdev to switch. Although eth1 comes out of the device at a single port, this port is a switch-port and therefore the LED must be triggered by that. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* ath79: rename TP-LINK to TP-LinkPaul Wassi2019-02-146-34/+34
| | | | | | Remove inconsistencies in the vendor's name. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* ar71xx: fix TL-MR3220-v2 switch port orderPaul Wassi2019-02-141-1/+1
| | | | | | | Fix the switch port order for proper display on high level interfaces. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* ar71xx: fix TL-WR741ND-v4 switch port orderPaul Wassi2019-02-141-1/+5
| | | | | | | Fix the switch port order for proper display on high level interfaces. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* ath79: rename TL-WR740ND-v4 to TL-WR740N-v4Paul Wassi2019-02-144-7/+7
| | | | | | Give the device the same name it had in ar71xx. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* ath79: fix TL-WR741ND-v4 switch port orderPaul Wassi2019-02-141-1/+1
| | | | | | | Fix the switch port order for proper display on high level interfaces. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* kernel: bump 4.19 to 4.19.21Koen Vandeputte2019-02-146-81/+15
| | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 0007-ARM-dts-Fix-up-the-D-Link-DIR-685-MTD-partition-info.patch Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.99Koen Vandeputte2019-02-1433-121/+71
| | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 950-0434-mmc-bcm2835-Recover-from-MMC_SEND_EXT_CSD.patch Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.156Koen Vandeputte2019-02-143-9/+9
| | | | | | | | | Refreshed all patches. Compile-tested on: ar7 Runtime-tested on: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* dnsmasq: add rapid commit config optionHans Dedecker2019-02-132-1/+2
| | | | | | | Add config option rapidcommit to enable support for DHCPv4 rapid commit (RFC4039) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openssl: add package for openssl.cnf, misc changesEneas U de Queiroz2019-02-122-8/+28
| | | | | | | | | | | | - Add the /etc/ssl/openssl.cnf as a separate package, to avoid breaking the transitional mechanism, allowing libopenssl_1.0* and libopenssl_1.1* to coexist. - Remove the (selecting) dependency on @KERNEL_AIO - Use global SOURCE_DATE_EPOCH Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: optimizations based on ARCH/small flashEneas U de Queiroz2019-02-123-1/+98
| | | | | | | | | | | | | | | | | | | Add a patch to enable the option to change the default ciphersuite list ordering to prefer ChaCha20 over AES-GCM. This is used by default for all platforms, except for x86_64 and aarch64. The assumption is that only the latter have AES-specific CPU instructions and asm code that uses them in openssl. Chacha20Poly1305 is 3x faster than AES-256 in systems without AES instructions, with an equivalent strength. Disable error messages by default except for devices with small flash or RAM, to aid debugging. Disable ASM by default on arm platform with small flash. Size difference on mips and powerpc, the other platforms with small flash devices, are not really relevant (using 100K as a threshold). All of the affected platforms are source-only anyway. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: update to version 1.1.1aEneas U de Queiroz2019-02-1222-492/+774
| | | | | | | | | | | | | | | | | | | | | | | This version adds the following functionality: * TLS 1.3 * AFALG engine support for hardware accelleration * x25519 ECC curve support * CRIME protection: disable use of compression by default * Support for ChaCha20 and Poly1305 Patches fixing bugs in the /dev/crypto engine were applied, from https://github.com/openssl/openssl/pull/7585 This increses the size of the ipk binray on MIPS32 by about 32%: old: 693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk 193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk new: 912.493 bin/packages/mips_24kc/base/libopenssl1.1_1.1.1a-2_mips_24kc.ipk 239.316 bin/packages/mips_24kc/base/openssl-util_1.1.1a-2_mips_24kc.ipk Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: add configuration options, disable ssl3Eneas U de Queiroz2019-02-1214-476/+376
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds the following configuration options: * using optimized assembler code (was always on before) * use of x86 SSE2 instructions * dyanic engine support * include error messages * Camellia, Gost, Idea, MDC2, Seed & Whirlpool algorithms * RFC3779, CMS protocols * VIA padlock hardware acceleration engine Installs openssl.cnf with the library as it is used by engines independent of the openssl util. Fixes DTLS option that was innefective before. Disables insecure SSL3 protocol and SHA0. Adds openwrt-specific targets to Configure script, including asm support for i386, ppc and mips64. Strips building dirs from CFLAGS shown in binary. Skips the fuzz directory during build. Removed include/crypto/devcrypto.h that was included here, to use the cryptodev-linux package, now that it was been moved from the packages feed to the main openwrt repository. This decreses the size of the ipk binray on MIPS32 by about 3.3%: old: 706.957 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk 199.294 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk new: 693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk 193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* base-files: fix ucert verificationFelix Fietkau2019-02-121-1/+2
| | | | | | | | ucert needs to check the firmware part with metadata, but without the signature. Use the new fwtool mode to extract that without altering the firmware image inside the check Signed-off-by: Felix Fietkau <nbd@nbd.name>
* fwtool: add support for extracting the truncated data part to stdoutFelix Fietkau2019-02-121-2/+23
| | | | | | | This allows extracing the firmware + metadata from a signed firmware without altering the original image file Signed-off-by: Felix Fietkau <nbd@nbd.name>
* fwtool: do not strip metadata if extracting signatureFelix Fietkau2019-02-121-1/+3
| | | | | | This allows the signature to cover the metadata area Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix race condition in mesh new peer handlingFelix Fietkau2019-02-121-0/+34
| | | | | | Avoid trying to add the same station to the driver multiple times Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: send wpa_supplicant logging output to syslogFelix Fietkau2019-02-121-1/+1
| | | | | | Helpful for debugging network connectivity issues Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: brcmfmac: backport early changes queued for the Linux 5.1Rafał Miłecki2019-02-1211-3/+2715
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport remaining patches from the Linux 5.0Rafał Miłecki2019-02-1214-3/+1071
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* iproute2: tc: reduce size of dynamic symbol tableTony Ambardar2019-02-112-1/+45
| | | | | | | | | | | In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all* symbols into the dynamic symbol table. Instead, use --dynamic-list to export a smaller set of symbols similar to that defined in static-syms.h in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase. Also increment PKG_RELEASE. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: tc: enable and fix support for using .so pluginsTony Ambardar2019-02-112-1/+107
| | | | | | | | | | | | | | | | | | | | | | | This enables using the tc module m_xt.so, which uses the act_ipt kernel module to allow tc actions based on iptables targets. e.g. tc filter add dev eth0 parent 1: prio 10 protocol ip \ u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE Make the SHARED_LIBS parameter configurable and based on tc package selection. Fix a problem using the tc m_xt.so plugin as also described in https://bugs.debian.org/868059: Sync include/xtables.h from iptables to make sure the right offset is used when accessing structure members defined in libxtables. One could get “Extension does not know id …” otherwise. (See also: #868059) Patch to sync the included xtables.h with system iptables 1.6.x. This continues to work with iptables 1.8.2. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: simplify linking libelf for eBFP/XDP object file supportTony Ambardar2019-02-113-61/+21
| | | | | | | | | | Simplify build and runtime dependencies on libelf, which allows tc and ip to load BPF and XDP object files respectively. Preserve optionality of libelf by having configuration script follow the HAVE_ELF environment variable, used similarly to the HAVE_MNL variable. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: use tc package variant to limit other package sizesTony Ambardar2019-02-111-0/+9
| | | | | | | | | | | | | Replace the old 'tc' with a singleton package variant which will be used to enable additional functionality and limit it only to tc. Non-variant packages will only be installed during 'tiny' variant builds, hence will be configured without extra features, thus preserving previously limited functionality and reduced package sizes. Also set ip-tiny as the default variant, and install 'tiny' versions of development libraries. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: simplify Makefile, patches and fix feature detectionTony Ambardar2019-02-113-20/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | Compile-based feature detection (e.g. xtables, ipset support) was broken due to silent compilation errors in the configure script, caused by a Makefile variable KERNEL_INCLUDE referring to kernel build headers. Use userspace headers by setting the same "user_headers" kernel include path as used for the iptables build. Remove redundant or unused Build/Configure definitions from package Makefile, including KERNEL_INCLUDE, LIBC_INCLUDE and DBM includes. Don't pass LDFLAGS within MAKE_FLAGS as this interferes with LDFLAGS in tc/Makefile and masks a link parameter ("-Wl,-export-dynamic"). Instead, use standard TARGET_LDFLAGS. Replace EXTRA_CCOPTS in MAKE_FLAGS with cleaner TARGET_CPPFLAGS, and also drop now unneeded patch 150-extra-ccopts.patch. Enable defining XT_LIB_DIR from Makefile, needed to set the iptables modules directory to something other than /lib/xtables, and also add libxtables dependency. Both are needed with working xtables detection. Note that libxtables is also pulled in by iptables, firewall or luci, so this change has no size impact in most cases. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: fix broken configuration patchTony Ambardar2019-02-112-7/+12
| | | | | | | | | | Since v4.13, iproute2 switched to a config.mk file with greater use of pkg-config for library/feature detection. Replace the old Config patch with one modifying the configure script but enabling the same changes: - explicitly disable TC_CONFIG_ATM - rely on feature detection for IP_CONFIG_SETNS and TC_CONFIG_XT Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* base-files: enable BPF JIT sysctl by defaultTony Ambardar2019-02-111-0/+2
| | | | | | Set net.core.bpf_jit_enable=1 in /etc/sysctl.d/10-default.conf. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* kernel: enable CONFIG_BPF_JIT by defaultTony Ambardar2019-02-113-3/+3
| | | | | | | | | | | | | | | | | | Enable the built-in BPF JIT compiler for all 4.9, 4.14 and 4.19 kernels, which should speed up cBPF and eBPF-based packet filtering (tc, iptables) and packet sniffing (libpcap, tcpdump, fwknopd, etc). This has minimal kernel size impact, increasing the size of uImage-lzma (normally ~2 MB on mips_24kc or mips64el_mips64) by 5 KB for the MIPS32 arch cBPF JIT and by 9 KB for the MIPS64 arch eBPF JIT, on kernel 4.14. With JIT enabled (cBPF only), the standard BPF test module (test_bpf.ko) running on a DIR-835 (mips_24kc) used 33 CPU seconds, but 68 without JIT. This change aligns with the notion of OpenWRT as the network go-to swiss army knife for packet handling, especially on CPU-constrained platforms. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* kernel/modules: add kmod-bpf-test packageTony Ambardar2019-02-111-0/+11
| | | | | | | | Add the test_bpf module that runs various test vectors against the BPF interpreter or BPF JIT compiler. The module must be manually loaded, as with the kmod-crypto-test module which serves a similar purpose. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* kernel/modules: add kmod-sched-bpf packageTony Ambardar2019-02-111-1/+17
| | | | | | | Add cls_bpf and act_bpf modules for additional tc classifier and action support of cBPF and eBPF. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>