aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/utils/iproute2
Commit message (Collapse)AuthorAgeFilesLines
* iproute2: separate tc into tiny and full variantsTony Ambardar2021-03-191-27/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change was investigated previously [1] but not deemed necessary. With the recent addition [2] of modern BPF loader support, however, tc gained dependencies on libelf and libbpf, with a larger installation footprint. Similar to ip-tiny/ip-full, split tc into tc-full and tc-tiny variants, where the latter excludes the eBPF loader, uses a smaller executable, and avoids libelf and libbpf package dependencies. Both variants provide the 'tc' virtual package, with tc-tiny as the default. The previous tc package included a loadable module for iptables actions. Separate this out into a common package, tc-mod-iptables, which both variants depend on. Some package sizes on mips_24kc: Before: 148343 tc_5.11.0-1_mips_24kc.ipk After: 144833 tc-full_5.11.0-2_mips_24kc.ipk 138430 tc-tiny_5.11.0-2_mips_24kc.ipk (and no libelf or libbpf) 4115 tc-mod-iptables_5.11.0-2_mips_24kc.ipk Also fix up some Makefile indentation. [1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447619962 [2] b048a305a3d3 ("iproute2: update to 5.11.0") Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* kernel/modules: relocate teql hotplug from iproute2 to kmod-schedTony Ambardar2021-03-192-25/+0
| | | | | | | | | | | | | | The link equalizer sch_teql.ko of package kmod-sched relies on a hotplug script historically included in iproute2's tc package. In previous discussion [1], consensus was the hotplug script is best located together with the module in kmod-sched, but this change was deferred at the time. Relocate the hotplug script now. This change also simplifies adding a tc variant for minimal size with reduced functionality. [1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447923636 Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: add missing limits.h includesTony Ambardar2021-03-191-0/+45
| | | | | | | | | | | | | | | This patch has been submitted upstream to fix an error reported by a few users. One instance seen using gcc 10.2.0, binutils 2.35.1 and musl 1.1.24: bpf_glue.c: In function 'get_libbpf_version': bpf_glue.c:46:11: error: 'PATH_MAX' undeclared (first use in this function); did you mean 'AF_MAX'? 46 | char buf[PATH_MAX], *s; | ^~~~~~~~ | AF_MAX Reported-by: Rui Salvaterra <rsalvaterra@gmail.com> Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: update to 5.11.0Tony Ambardar2021-03-0111-29/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The latest iproute2 version brings various improvements and fixes: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?qt=range&q=v5.10.0..v5.11.0 In particular, ip and tc now use libbpf as the standard way to load BPF programs, rather than the old, limited custom loader. This allows more consistent and featureful BPF program handling e.g. support for global initialized variables. Also fix a longstanding problem with iproute2 builds where unneeded DSO dependencies are added to most utilities, bloating their installation footprint. From research and testing, explicitly using a "--as-needed" linker flag avoids the issue. Update accordingly and drop extra package dependencies from Makefile. Additional build and packaging updates include: - install missing development header to iproute2/bpf_elf.h - propagate OpenWrt verbose flag during build - update and refresh patches Compile and run tested: QEMU/malta-mips32be on kernels 5.4 & 5.10. All iproute2 packages were built and installed to the test image. Some regression testing using ip-full and tc was successfully performed to exercise several kmods, tc modules, and simple BPF programs. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: update to 5.10.0Russell Senior2021-01-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | c8faeca5 (ss: mptcp: fix add_addr_accepted stat print, 2020-11-18) 0d78e8ea (tc: pedit: fix memory leak in print_pedit, 2020-12-11) ec1346ac (devlink: fix memory leak in cmd_dev_flash(), 2020-12-11) 309e6027 (man: tc-flower: fix manpage, 2020-12-11) 376367d9 (uapi: merge in change to bpf.h, 2020-12-14) 2e80ae89 (Merge branch 'gcc-10' into main, 2020-12-03) 755b1c58 (tc/mqprio: json-ify output, 2020-12-02) 975c4944 (ip/netns: use flock when setting up /run/netns, 2020-11-27) fb054cb3 (uapi: update devlink.h, 2020-11-29) c95d63e4 (uapi: update devlink.h, 2020-11-29) cae2e929 (f_u32: fix compiler gcc-10 compiler warning, 2020-11-29) c0149839 (misc: fix compiler warning in ifstat and nstat, 2020-11-29) 2319db90 (tc: fix compiler warnings in ip6 pedit, 2020-11-29) 5bdc4e91 (bridge: fix string length warning, 2020-11-29) f8176999 (devlink: fix uninitialized warning, 2020-11-29) 7a49ff9d (bridge: report correct version, 2020-11-15) 8682f588 (tc-mpls: fix manpage example and help message string, 2020-11-02) 7c7a0fe0 (tc-vlan: fix help and error message strings, 2020-11-02) 72f88bd4 (uapi: update kernel headers from 5.10-rc2, 2020-11-08) b90c39be (rdma: fix spelling error in comment, 2020-11-08) c8424b73 (man: fix spelling errors, 2020-11-08) cbf64817 (tc/m_gate: fix spelling errors, 2020-11-08) 14b189f0 (uapi: updates from 5.10-rc1, 2020-11-03) 9fc5bf73 (libnetlink: define __aligned conditionally, 2020-10-26) eb12cc9a (Merge branch 'main' into next, 2020-10-25) f1298d76 (m_mpls: test the 'mac_push' action after 'modify', 2020-10-22) 2b7a7684 (Merge branch 'tipc-encryption' into next, 2020-10-20) 2bf1ba5a (tipc: add option to set rekeying for encryption, 2020-10-16) 5fb36818 (tipc: add option to set master key for encryption, 2020-10-16) b4edd6a8 (Merge branch 'tc-mpls-l2-vpn' into next Guillaume Nault says:, 2020-10-20) 02a261b5 (m_mpls: add mac_push action, 2020-10-19) d61167dd (m_vlan: add pop_eth and push_eth actions, 2020-10-19) 3342688a (devlink: display elapsed time during flash update, 2020-10-14) cb7ce51c (v5.9.0, 2020-10-15) b5a583fb (Merge branch 'main' into next Signed-off-by: David Ahern <dsahern@gmail.com>, 2020-10-11) 78120128 (genl: ctrl: print op -> policy idx mapping, 2020-10-03) 91c54917 (Merge branch 'bridge-igmpv3-mldv2' into next Nikolay Aleksandrov says:, 2020-10-11) 86588450 (bridge: mdb: print protocol when available, 2020-10-08) 2de81d1e (bridge: mdb: print source list when available, 2020-10-08) 1d28c480 (bridge: mdb: print filter mode when available, 2020-10-08) e331677e (bridge: mdb: show igmpv3/mldv2 flags, 2020-10-08) f94e8b07 (bridge: mdb: print fast_leave flag, 2020-10-08) 547b3197 (bridge: mdb: add support for source address, 2020-10-08) f905191a (Update kernel headers, 2020-10-11) 4322b13c (ip xfrm: support setting XFRMA_SET_MARK_MASK attribute in states, 2020-10-02) 8dc1db80 (devlink: Add health reporter test command support, 2020-10-01) 01216471 (devlink: support setting the overwrite mask attribute, 2020-09-30) 34be2d26 (Update kernel headers, 2020-10-07) d2be31d9 (ss: add support for xdp statistics, 2020-09-24) f481515c (Update kernel headers, 2020-09-29) b8663da0 (ip: promote missed packets to the -s row, 2020-09-16) cec67df9 (Merge branch 'devlink-controller-external-info' into next Parav Pandit says:, 2020-09-22) 748cbad3 (devlink: Show controller number of a devlink port, 2020-09-18) 8fadd011 (devlink: Show external port attribute, 2020-09-18) 454429e8 (Update kernel headers, 2020-09-22) ad34d5fa (iproute2: ss: add support to expose various inet sockopts, 2020-08-19) c8eb4b52 (Update kernel headers, 2020-09-08) abee772f (tipc: support 128bit node identity for peer removing, 2020-08-27) 6fd53b2a (iplink: add support for protodown reason, 2020-08-28) af27494d (ip xfrm: support printing XFRMA_SET_MARK_MASK attribute in states, 2020-08-28) 275eed9b (Merge branch 'main' into next, 2020-09-01) cc889b82 (genl: ctrl: support dumping netlink policy, 2020-08-24) d5acae24 (libnetlink: add nl_print_policy() helper, 2020-08-24) 784fa9f6 (libnetlink: add rtattr_for_each_nested() iteration macro, 2020-08-24) OpenWrt patches unchanged. Successfully built for ramips/mt7621 and x86/geode with: CONFIG_PACKAGE_devlink=m CONFIG_PACKAGE_genl=m CONFIG_PACKAGE_ip-bridge=m CONFIG_PACKAGE_ip-full=m CONFIG_PACKAGE_ip-tiny=m CONFIG_PACKAGE_nstat=m CONFIG_PACKAGE_rdma=m CONFIG_PACKAGE_ss=m CONFIG_PACKAGE_tc=m Minimally run-tested ip-tiny on ramips/mt7621 (ubnt-erx). Signed-off-by: Russell Senior <russell@personaltelco.net>
* iproute2: update to 5.9Hans Dedecker2020-11-143-6/+6
| | | | | | | | | Update iproute2 to latest stable 5.9; for the changes see https://lwn.net/Articles/834755/ Refresh patches Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Acked-by: Hauke Mehrtens <hauke@huake-m.de>
* iproute2: Update to version 5.8Hauke Mehrtens2020-08-306-89/+12
| | | | | | | | | | | | | | | The ipk sizes for mips_24Kc change like this: old: ip-full_5.7.0-2_mips_24kc.ipk 165.786 ip-tiny_5.7.0-2_mips_24kc.ipk 117.730 tc_5.7.0-2_mips_24kc.ipk 144.405 new: ip-full_5.8.0-1_mips_24kc.ipk 169.775 ip-tiny_5.8.0-1_mips_24kc.ipk 119.808 tc_5.8.0-1_mips_24kc.ipk 149.053 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iproute2: disable SELinux for nowDaniel Golle2020-08-131-0/+11
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* iproute2: tc: fix missing em_ipset moduleTony Ambardar2020-07-142-1/+33
| | | | | | | | | | | | | Feature detection doesn't recognize ipset v7 use on kernel v5.x systems and thus disables the tc ematch function em_ipset. - backport patch: * 002-configure-support-ipset-v7.patch: 650591a7a70c configure: support ipset version 7 with kernel version 5 Fixes: 4e0c54bc5bc8 ("kernel: add support for kernel 5.4") Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: tc: fix dynamic symbol table size optimizationTony Ambardar2020-07-141-1/+1
| | | | | | | | | Recent iproute2 5.x versions modified the symbols resolved for plugins, causing "tc .. action xt .." to fail. Update the list of symbols to fix. Fixes: b61495409bb3 ("iproute2: tc: reduce size of dynamic symbol table") Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: update to 5.7.0Hans Dedecker2020-06-132-2/+48
| | | | | | Update iproute2 to latest stable 5.7.0; for the changes see https://lwn.net/Articles/822152/ Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: update to 5.6.0Hans Dedecker2020-04-114-9/+9
| | | | | | Update iproute2 to latest stable 5.6.0; for the changes see https://lwn.net/Articles/816778/ Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: add kmod-netlink-diag for ssRosen Penev2020-04-071-2/+2
| | | | | | | | | | | | | | | | | Allows proper usage of the ss tool. Otherwise, several errors and bad data gets thrown: Cannot open netlink socket: Protocol not supported Cannot open netlink socket: Protocol not supported Cannot open netlink socket: Protocol not supported Cannot open netlink socket: Protocol not supported Cannot open netlink socket: Protocol not supported Cannot open netlink socket: Protocol not supported Cannot open netlink socket: Protocol not supported Originally reported here: https://github.com/openwrt/packages/issues/8232 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* iproute2: revert add libcap support, enabled in ip-fullMathias Kresin2020-03-151-9/+9
| | | | | | | | | | | | | This reverts commit a6da3f9ef746101b84a6f530f5a40de28341b69a. The libcap isn't as optional as the commit messages suggests. A hard dependency to the libcap package is added, which is only available in the external packages feed. Therefore it is impossible to package ip-full without having the external packages feed up and running, which is a regression to the former behaviour. Signed-off-by: Mathias Kresin <dev@kresin.me> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: update to 5.5.0, enable LTODENG Qingfang2020-02-139-16/+16
| | | | | | | Update iproute2 to 5.5.0 Enable LTO to save several KB of size Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* iptables: set-dscpmark follow upstreamimg attemptKevin Darbyshire-Bryant2020-01-311-1/+1
| | | | | | | | | | | I'm having another attempt at trying to getting the 'store dscp into conntrack connmark' functionality into upstream kernel, since the restore function (act_ctinfo) has been accepted. The syntax has changed from 'savedscp' to 'set-dscpmark' since that conforms more closely with existing functionality. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iproute2: update to 5.4.0Hans Dedecker2019-12-063-7/+7
| | | | | | | Update iproute2 to latest stable version, see https://lwn.net/Articles/805654/ for the changes in 5.4.0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: update to 5.3.0DENG Qingfang2019-09-285-26/+31
| | | | | | Update iproute2 to 5.3.0 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* iproute2: update to 5.2.0DENG Qingfang2019-08-244-725/+3
| | | | | | Remove upstream patches Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* iproute2: add libcap support, enabled in ip-fullAlin Nastac2019-08-184-27/+22
| | | | | | | | Preserve optionality of libcap by having configuration script follow the HAVE_CAP environment variable, used similarly to the HAVE_ELF variable. Signed-off-by: Alin Nastac <alin.nastac@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase/refresh patches]
* build: include BUILD_VARIANT in PKG_BUILD_DIRJeffery To2019-08-051-2/+0
| | | | | | | | | | | This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into account (if set), so that packages do not need to manually override PKG_BUILD_DIR just to handle variants. This also updates most base packages with variants to use the updated default PKG_BUILD_DIR. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* iproute2: update to 5.1.0Deng Qingfang2019-07-046-166/+64
| | | | | | | | Update iproute2 to 5.1.0 Remove upstream patch 010-cake-fwmark.patch Backport a patch to fix struct sysinfo redefinition error Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* iproute2: update ctinfo supportKevin Darbyshire-Bryant2019-06-201-10/+5
| | | | | | | | Follow upstream changes - header file changes only no functional or executable changes, hence no package bump required Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iproute2: add tc action ctinfo supportKevin Darbyshire-Bryant2019-06-072-1/+595
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the userspace control portion of the backported kernelspace act_ctinfo. ctinfo is a tc action restoring data stored in conntrack marks to various fields. At present it has two independent modes of operation, restoration of DSCP into IPv4/v6 diffserv and restoration of conntrack marks into packet skb marks. It understands a number of parameters specific to this action in additional to the usual action syntax. Each operating mode is independent of the other so all options are optional, however not specifying at least one mode is a bit pointless. Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE] [CONTROL] [index <INDEX>] DSCP mode dscp enables copying of a DSCP stored in the conntrack mark into the ipv4/v6 diffserv field. The mask is a 32bit field and specifies where in the conntrack mark the DSCP value is located. It must be 6 contiguous bits long. eg. 0xfc000000 would restore the DSCP from the upper 6 bits of the conntrack mark. The DSCP copying may be optionally controlled by a statemask. The statemask is a 32bit field, usually with a single bit set and must not overlap the dscp mask. The DSCP restore operation will only take place if the corresponding bit/s in conntrack mark ANDed with the statemask yield a non zero result. eg. dscp 0xfc000000 0x01000000 would retrieve the DSCP from the top 6 bits, whilst using bit 25 as a flag to do so. Bit 26 is unused in this example. CPMARK mode cpmark enables copying of the conntrack mark to the packet skb mark. In this mode it is completely equivalent to the existing act_connmark action. Additional functionality is provided by the optional mask parameter, whereby the stored conntrack mark is logically ANDed with the cpmark mask before being stored into skb mark. This allows shared usage of the conntrack mark between applications. eg. cpmark 0x00ffffff would restore only the lower 24 bits of the conntrack mark, thus may be useful in the event that the upper 8 bits are used by the DSCP function. Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE] [CONTROL] [index <INDEX>] where : dscp MASK is the bitmask to restore DSCP STATEMASK is the bitmask to determine conditional restoring cpmark MASK mask applied to restored packet mark ZONE is the conntrack zone CONTROL := reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX> Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iproute2: update to 5.0.0Deng Qingfang2019-03-207-50/+19
| | | | | | | | | Update iproute2 to 5.0.0 Remove upstream patch 001-tc-fix-undefined-XATTR_SIZE_MAX Alter patch 170-ip_tiny as support for IPX and DECnet is dropped Update patch 010-cake-fwmark to match upstream commit Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* iproute2: add cake fwmark supportRyan Mounce2019-03-202-1/+156
| | | | Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
* iproute2: tc: reduce size of dynamic symbol tableTony Ambardar2019-03-142-1/+45
| | | | | | | | | | | | | In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all* symbols into the dynamic symbol table. Instead, use --dynamic-list to export a smaller set of symbols similar to that defined in static-syms.h in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase. The symbol set is based on that required by the only plugin, m_xt.so. Also increment PKG_RELEASE. Signed-off-by: Tony Ambardar <itugrok@yahoo.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE fixup]
* iproute2: tc: enable and fix support for using .so pluginsTony Ambardar2019-03-142-1/+107
| | | | | | | | | | | | | | | | | | | | | | | This enables using the tc module m_xt.so, which uses the act_ipt kernel module to allow tc actions based on iptables targets. e.g. tc filter add dev eth0 parent 1: prio 10 protocol ip \ u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE Make the SHARED_LIBS parameter configurable and based on tc package selection. Fix a problem using the tc m_xt.so plugin as also described in https://bugs.debian.org/868059: Sync include/xtables.h from iptables to make sure the right offset is used when accessing structure members defined in libxtables. One could get “Extension does not know id …” otherwise. (See also: #868059) Patch to sync the included xtables.h with system iptables 1.6.x. This continues to work with iptables 1.8.2. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: support eBFP/XDP object file loading, simplify linking libelfTony Ambardar2019-03-143-67/+30
| | | | | | | | | | | | | | Add build and runtime dependencies on libelf, allowing tc and ip-full to load BPF and XDP object files respectively. Define package 'tc' as a singleton package variant, which can be used to enable additional functionality limited only to tc. Also set ip-tiny as the default 'ip' variant. Preserve optionality of libelf by having configuration script follow the HAVE_ELF environment variable, used similarly to the HAVE_MNL variable. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* Revert "iproute2: use tc package variant to limit other package sizes"Hans Dedecker2019-02-191-9/+0
| | | | | | | | This reverts commit e6d84fa8864e7bbbcec139dd09a2922a06f5b2a0 as it breaks the installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma for the ip-full variant Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "iproute2: simplify linking libelf for eBFP/XDP object file support"Hans Dedecker2019-02-193-21/+61
| | | | | | | | This reverts commit 26681fa6a6fcbec0024906eb8367e9a3160521fb as it breaks the installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma for the ip-full variant Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "iproute2: tc: enable and fix support for using .so plugins"Hans Dedecker2019-02-192-107/+1
| | | | | | | | This reverts commit fc80ef3613465e60257a5ddf0674debe45b09180 as it breaks the installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma for the ip-full variant Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "iproute2: tc: reduce size of dynamic symbol table"Hans Dedecker2019-02-192-45/+1
| | | | | | | | This reverts commit 248797834bf21916ddf663edc96d86ee5377850e as it breaks the installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma for the ip-full variant Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: tc: reduce size of dynamic symbol tableTony Ambardar2019-02-112-1/+45
| | | | | | | | | | | In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all* symbols into the dynamic symbol table. Instead, use --dynamic-list to export a smaller set of symbols similar to that defined in static-syms.h in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase. Also increment PKG_RELEASE. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: tc: enable and fix support for using .so pluginsTony Ambardar2019-02-112-1/+107
| | | | | | | | | | | | | | | | | | | | | | | This enables using the tc module m_xt.so, which uses the act_ipt kernel module to allow tc actions based on iptables targets. e.g. tc filter add dev eth0 parent 1: prio 10 protocol ip \ u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE Make the SHARED_LIBS parameter configurable and based on tc package selection. Fix a problem using the tc m_xt.so plugin as also described in https://bugs.debian.org/868059: Sync include/xtables.h from iptables to make sure the right offset is used when accessing structure members defined in libxtables. One could get “Extension does not know id …” otherwise. (See also: #868059) Patch to sync the included xtables.h with system iptables 1.6.x. This continues to work with iptables 1.8.2. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: simplify linking libelf for eBFP/XDP object file supportTony Ambardar2019-02-113-61/+21
| | | | | | | | | | Simplify build and runtime dependencies on libelf, which allows tc and ip to load BPF and XDP object files respectively. Preserve optionality of libelf by having configuration script follow the HAVE_ELF environment variable, used similarly to the HAVE_MNL variable. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: use tc package variant to limit other package sizesTony Ambardar2019-02-111-0/+9
| | | | | | | | | | | | | Replace the old 'tc' with a singleton package variant which will be used to enable additional functionality and limit it only to tc. Non-variant packages will only be installed during 'tiny' variant builds, hence will be configured without extra features, thus preserving previously limited functionality and reduced package sizes. Also set ip-tiny as the default variant, and install 'tiny' versions of development libraries. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: simplify Makefile, patches and fix feature detectionTony Ambardar2019-02-113-20/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | Compile-based feature detection (e.g. xtables, ipset support) was broken due to silent compilation errors in the configure script, caused by a Makefile variable KERNEL_INCLUDE referring to kernel build headers. Use userspace headers by setting the same "user_headers" kernel include path as used for the iptables build. Remove redundant or unused Build/Configure definitions from package Makefile, including KERNEL_INCLUDE, LIBC_INCLUDE and DBM includes. Don't pass LDFLAGS within MAKE_FLAGS as this interferes with LDFLAGS in tc/Makefile and masks a link parameter ("-Wl,-export-dynamic"). Instead, use standard TARGET_LDFLAGS. Replace EXTRA_CCOPTS in MAKE_FLAGS with cleaner TARGET_CPPFLAGS, and also drop now unneeded patch 150-extra-ccopts.patch. Enable defining XT_LIB_DIR from Makefile, needed to set the iptables modules directory to something other than /lib/xtables, and also add libxtables dependency. Both are needed with working xtables detection. Note that libxtables is also pulled in by iptables, firewall or luci, so this change has no size impact in most cases. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: fix broken configuration patchTony Ambardar2019-02-112-7/+12
| | | | | | | | | | Since v4.13, iproute2 switched to a config.mk file with greater use of pkg-config for library/feature detection. Replace the old Config patch with one modifying the configure script but enabling the same changes: - explicitly disable TC_CONFIG_ATM - rely on feature detection for IP_CONFIG_SETNS and TC_CONFIG_XT Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: drop libbsd dependencyHans Dedecker2019-01-291-0/+19
| | | | | | | As the usage of libbsd is no longer limited to glibc, prevent libbsd being picked up by removing the dependency on libbsd. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: replace libelf1 dependency with libelfJo-Philipp Wich2019-01-241-1/+1
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iproute2: update to 4.20.0Deng Qingfang2019-01-237-389/+21
| | | | | | | | | Update to the latest version of iproute2; see https://lwn.net/Articles/776174/ for a full overview of the changes in 4.20. Remove upstream patch 001-fix-print_0xhex-on-32-bit.patch and 002-tc-fix-xtables-incorrect-usage-of-LDFLAGS.patch Introduce a patch to include <linux/limits.h> for XATTR_SIZE_MAX in tc Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* iproute2: require nls infrastructure due to libelf linkingJo-Philipp Wich2018-12-201-1/+2
| | | | | | | | | | | Depending on the global nls support configuration in the buildroot, the linked libelf.so library might depend on libintl.so. Import the nls.mk helper to set library prefixes and flags accordingly in this case. Ref: https://github.com/openwrt/packages/issues/7728#issuecomment-448760140 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iproute2: only link libelf where neededJo-Philipp Wich2018-12-192-2/+62
| | | | | | | | | | | | | | | | | | | | | The iproute2 build system links libelf support to every utility while only the tc program actually requires libelf specific functionality. Unfortunately the BPF ELF functionality is not confined into an own compilation unit but added to the existing bpf.c sources of the shared static libutil.a, causing every iproute2 applet to pick up an implicit libelf.so dependency. In order to avoid this requirement, patch the iproute2 build system to create both a libutil.a and a libutil-elf.a, with the former being built without libelf functionality and to only link the tc applet with the libelf enabled libutil. Finally, make the tc package depend on libelf to solve compilation errors. Ref: https://github.com/openwrt/packages/issues/7728 Fixes: FS#2011 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iproute2: backport patch fixing incorrect usage of LDFLAGSHans Dedecker2018-12-142-1/+36
| | | | | | | Backport upstream patch fixing incorrect passing of -lxtables to LDFLAGS instead of LDLIBS in the tc/Makefile Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: backport upstream patch to fix print_0xhex on 32 bitHans Dedecker2018-12-121-0/+343
| | | | | | | | | The argument to print_0xhex is converted to unsigned long long so the format string give for normal printout has to be some variant of %llx. Backport the patch as otherwise, bogus values will be printed on 32 bit platforms. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: update to 4.19.0Hans Dedecker2018-11-085-1671/+9
| | | | | | | | Update to the latest version of iproute2; see https://lwn.net/Articles/769354/ for a full overview of the changes in 4.19. Remove 190-add-cake-to-tc patch as CAKE qdisc is now supported in 4.19.0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: install ip-tiny and ip-full in /usr/libexecHans Dedecker2018-10-181-7/+7
| | | | | | | Install the ip-tiny and ip-full variants in /usr/libexec as the suffixed ip variants are not meant to be called directly Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: q_cake: Also print nonat, nowash and no-ack-filter keywordsKevin Darbyshire-Bryant2018-09-152-3/+7
| | | | | | | | Pull in latest upstream tweaks: Similar to the previous patch for no-split-gso, the negative keywords for 'nat', 'wash' and 'ack-filter' were not printed either. Add those as well. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iproute2: q_cake: Add printing of no-split-gso optionKevin Darbyshire-Bryant2018-09-122-2/+4
| | | | | | | | When the GSO splitting was turned into dual split-gso/no-split-gso options, the printing of the latter was left out. Add that, so output is consistent with the options passed Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>