aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* firewall4: bump to git HEADStijn Tintel2022-07-011-3/+3
| | | | | | | | | | | | | | | | | | | 11f5c7b fw4.uc: fix zone helper assignment b9d35ff fw4.uc: don't skip zone for unavailable helper e35e26b tests: add test for zone helpers a063317 ruleset: fix conntrack helpers e1cb763 ruleset: reuse zone-jump.uc template for notrack and helper chain jumps 11410b8 ruleset: reorder declarations & output tweaks 880dd31 fw4: fix skipping invalid IPv6 ipset entries 5994466 fw4: simplify `is_loopback_dev()` 53886e5 fw4: fix crash in parse_cthelper() if no helpers are present 11256ff fw4: add support for configurable includes 3b5a033 tests: add test coverage for firewall includes d79911c fw4: support sets with timeout capability but without default expiry 15c3831 fw4: add support for `option log` in rule and redirect sections Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit e8433fb4336b72e44a40cb667ee2eb06e0a31109)
* iptables: default to ip(6)tables-nftEtienne Champetier2022-06-291-19/+12
| | | | | | | | | | | | | | | | OpenWrt now uses firewall4 (nft) by default, so iptables should also default to nftables backend. When multiple packages provide the same virtual package, opkg pick the first one by alphabetical order, so we rename iptables-legacy to iptables-zz-legacy and add iptables-legacy in PROVIDES. We also need to remove IPTABLES_NFTABLES config as this cause recursive dependencies. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> (cherry picked from commit 35fec487e30f05c81bd135326a993dad7f861812)
* dropbear: cherry-pick upstream commit 544f28a0Konstantin Demin2022-06-271-0/+134
| | | | | | | | Resolves #10081 Reported-By: Chen Minqiang <ptpt52@gmail.com> Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit f98bb1ffe5327d7309f11a3647efd8116d637b33)
* 464xlat: delete SNATed conntracks on interface teardownAlin Nastac2022-06-272-1/+4
| | | | | | | | | | Existing conntracks will continue to be SNATed to 192.0.0.1 even after 464xlat interface gets teared down. To prevent this, matching conntracks must be killed. Signed-off-by: Alin Nastac <alin.nastac@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase] (cherry picked from commit 289c46869b969864676cf9abde4e1e0df33bcf37)
* hostapd: add owe_transition_ifnameDavid Bauer2022-06-161-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the owe_transition_ifname config option to wifi-ifaces. This allows to configure OWE transition VAPs without adding SSID / BSSID to the uci conifg but instead autodiscovering these parameters from other networks on the same PHY. The following configuration creates a OWE transition mode network constellation. config wifi-iface 'open0' option device 'radio0' option ifname 'open0' option network 'lan' option mode 'ap' option ssid 'FreeNet' option encryption 'none' option owe_transition_ifname 'owe0' config wifi-iface 'owe0' option device 'radio0' option ifname 'owe0' option network 'lan' option mode 'ap' option ssid 'owe_tm.FreeNet' option encryption 'owe' option hidden '1' option owe_transition_ifname 'open0' Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 574539ee2cdbb3dd54086423c6dfdd19bb1c06a6)
* ltq-vdsl-app: disconnect when service is stoppedJan Hoffmann2022-06-073-3/+78
| | | | | | | | | | | | | | | Stop the connection when the control daemon is terminated. The code is a modified version of the termination routine in version 4.23.1 of the daemon (which doesn't support VR9 modems anymore). This could also be implemented by calling the acos and acs commands via dsl_cpe_pipe.sh in the init script. However, doing it in the daemon itself has the advantage of also working if it is terminated in another way (for example during sysupgrade). Signed-off-by: Jan Hoffmann <jan@3e8.eu> Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> (cherry picked from commit 1daaef31b35201a9c15a2084e25dac41b48c1867)
* ltq-vdsl-app: set MAC address for vectoring error reportsJan Hoffmann2022-06-071-6/+14
| | | | | | | | | | | | | This tells the modem about the WAN MAC address, which is used as source address for vectoring error reports that are generated by the firmware. It needs to be set early, as the MEI driver only actually writes the value to the modem when is in reset state (i.e. the firmware has been loaded, but connection has not started yet). Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Signed-off-by: Jan Hoffmann <jan@3e8.eu> (cherry picked from commit b35d33c8b8a7b96f06179982b5d944cde7234004)
* netifd: update to git HEADDaniel Golle2022-06-051-3/+3
| | | | | | | | 2e1fcf4 netifd: fix hwmode for 60g band 39ef9fe interface-ip: fix memory corruption bug when using jail network namespaces Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 7eb83b20159aadeeb5ca4679bdb428bd3052f19c)
* netifd: update to the latest versionFelix Fietkau2022-06-051-3/+3
| | | | | | | | 4b4849cf5e5a interface-ip: unify host and proto route handling 507c0513d176 interface-ip: add support for excluding interfaces in host route lookup Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 24cc341fdc917460721e7c09708f5676c1361c91)
* uqmi: update to git HEADDaniel Golle2022-06-051-3/+3
| | | | | | | | 56cb2d4 nas: add decoding of cell_id 9a9019a uqmi: wms - added storage to read text messages Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 51c442c265a8661427441193e7dc585b1539a915)
* firewall4: update to latest Git HEADJo-Philipp Wich2022-06-011-3/+3
| | | | | | | | | | | | | | | 210991d fw4: prefer /dev/stdin if available 4e5e322 fw4: make `fw4 restart` behavior more robust 221040e ruleset: emit time ranges when both start and stop times are specified 30a7d47 fw4: fix datetime parsing fb9a6b2 ruleset: correct mangle_output chain type 6dd2617 fw4: fix logic flaw in testing hw flow offloading support c7c9c84 fw4: ensure that negative bitcounts are properly translated c4a78ed fw4: fix typo in emitted set types Fixes: #9764, #9923, #9927, #9935, #9955 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit a7ddef6ef122a935d6bdf38d7ead686b12738007)
* firewall4: update to latest Git HEADJo-Philipp Wich2022-05-201-3/+3
| | | | | | | | | | | | | | | | | | | | c22eeef fw4: support negative CIDR bit notation 628d791 hotplug: reliably handle interfaces with ubus zone hints d005293 fw4: store zone associations from ubus in statefile as well b268225 fw4: filter non hw-offload capable devices when resolving lower devices 57984e0 fw4: always resolve lower flowtable devices 7782017 tests: fix mocked `fd.read("line")` api 72b196d config: remove restictions on DHCPv6 allow rule f0cc317 fw4: refactor family selection for forwarding rules b0b8122 treewide: use modern syntax 05995f1 fw4: fix emitting device jump rules for family restricted zones b479815 fw4: fix family auto-selection for config nat rules 2816a82 ruleset: ensure that family-agnostic ICMP rules cover ICMPv6 as well 2379c3d tests: add test coverage for zone family selection logic Fixes: #5066, #9611, #9765, #9854 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 2df17604a4f891447beb66988e3d83e23ab3a3b0)
* firewall: config: remove restictions on DHCPv6 allow ruleTiago Gaspar2022-05-042-4/+2
| | | | | | | | | | | | | | | Remove restrictions on source and destination addresses, which aren't specified on RFC8415, and for some reason in openwrt are configured to allow both link-local and ULA addresses. As cleared out in issue #5066 there are some ISPs that use Gloabal Unicast addresses, so fix this rule to allow them. Fixes: #5066 Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com> [rebase onto firewall3, clarify subject, bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 65258f5d6093809c541050256646795bc0a460a9)
* dnsmasq: add logfacility file to jail mountsDaniel Golle2022-05-011-2/+6
| | | | | | | | | If logfacility is a path to a file it needs to be r/w mounted in the sandbox as well for dnsmasq to work. Reported-by: @iointerrupt Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 2b5fa44f60165d66d74131778df0b64b706887e2)
* iwinfo: update to latest HEADDavid Bauer2022-04-271-3/+3
| | | | | | | dc6847e iwinfo: nl80211: omit A-hwmode on non-5GHz hardware Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit f757a8a09885e3c8bb76371e037b8c0731111980)
* firewall4: update to latest Git HEADJo-Philipp Wich2022-04-251-4/+4
| | | | | | | | | | | | | | fc83d46 ruleset: set auto-merge directive for interval sets 9bce873 fw4: fix skipping invalid ipset entries 425ea8a fw4: fix applying zone flags for source bound rules a378883 fw4: fix emitting family specific redirect rules without any addrs 11feddf fw4: bracketize IPv6 addresses in dnat addr:port notation 9972f7d fw4: ensure to capitalize weekday names fde8070 treewide: forward compatibility changes Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commits 1a35ac99905adc35059489d6e19c7de42ef4cc01 and af02a12d7ccb64a3abbd9683dd22275b538f6d50)
* iwinfo: update to latest HEADDavid Bauer2022-04-241-3/+3
| | | | | | | a479b9b devices: remove whitespace 562d015 iwinfo: nl80211: fix hwmode parsing for multi-band NICs Signed-off-by: David Bauer <mail@david-bauer.net>
* comgt: support ZTE MF286R modemCezary Jackiewicz2022-04-172-1/+23
| | | | | | | | | | | | | The modem is based on Marvell PXA1826 and uses ACM+RNDIS interface to establish connection with custom commands specific to ZTE modems. Two variants of modems were discovered, some identifying themselves as "ZTE", and others as plain "Marvell", the chipset manufacturer. The modem itself runs a fork of OpenWrt inside, which root shell can be accessed via ADB interface. Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl> Signed-off-by: Lech Perczak <lech.perczak@gmail.com> (cherry picked from commit e02fb42c53bad5dd36726c6ef5a46bfe31d2e400)
* comgt: ncm: try to detect interface for ttyACM portsLech Perczak2022-04-171-0/+4
| | | | | | | | | | | | Some modems expose ttyACM as their control ports, which have the "device" symlink pointing one level down in sysfs tree. Try to find network interfaces for them as well, this is commonly used for modems exposing ACM + RNDIS or ACM + ECM interface combinations. Co-developed-by: Cezary Jackiewicz <cezary@eko.one.pl> Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl> Signed-off-by: Lech Perczak <lech.perczak@gmail.com> (cherry picked from commit ed7957810c0aee04943559be9b0ed23431ee0654)
* comgt: ncm: select first available network interface for deviceLech Perczak2022-04-171-3/+4
| | | | | | | | | | | | | | Some modems expose multiple network interfaces on the same USB device, causing the connection setup script to fail, because glob matching in the detection phase causes 'ls' to output more than one interface name plus their base directories in sysfs. Avoid that by listing the directories explicitly and then selecting first available interface. This is the case for some variants of ZTE MF286R built-in modem, which exposes both RNDIS and CDC-ECM network interfaces, causing the connection setup to fail. Signed-off-by: Lech Perczak <lech.perczak@gmail.com> (cherry picked from commit b2940bb8b2878ce193f2edaee3e7d4c44f4a2065)
* comgt: ncm: allow specification of interface nameLech Perczak2022-04-171-14/+18
| | | | | | | | | | | | | Add ifname property to UCI, which can be used to override the autodetected interface name in case the detection fails due to having none or more than one interface exposed by the modem, which is not explicitly linked to TTY port. This is needed on certain variants of ZTE MF286R built-in modem, which exposes both RNDIS and CDC-ECM interfaces on the modem, on which the automatic detection may select the wrong network interface. Signed-off-by: Lech Perczak <lech.perczak@gmail.com> (cherry picked from commit a67629bbe25ef3d0e159db1e0c6ca81affd06898)
* hostapd: add ubus link-measurements notificationsDavid Bauer2022-04-173-0/+43
| | | | | | | Notify external ubus subscribers of received link-measurement reports. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit f6445cfa1acb32676723c49da3e3158b64a4b3d2)
* hostapd: add ubus method for requesting link measurementsDavid Bauer2022-04-171-0/+65
| | | | | | | | | | | Add a ubus method to request link-measurements from connected STAs. In addition to the STAs address, the used and maximum transmit power can be provided by the external process for the link-measurement. If they are not provided, 0 is used as the default value. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 965aa33a18c76bb2d5a1eeb0cfa01501b08e784a)
* hostapd: add support for enabling link measurementsDavid Bauer2022-04-171-0/+10
| | | | | | | | Allow external processes to enable advertisement of link-measurement RRM capability. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 2ca5c3da04c3f05a7477ae484768e03d4ca30711)
* netifd: relax check in dhcp proto handlerDaniel Golle2022-04-151-1/+1
| | | | | | | | | | Checking whether /sbin/udhcpc is a symbolic link breaks using the DHCP proto handler inside procd-ujail where bind-mounts are used for the resolved link. Check whether /sbin/udhcpc is executable instead to allow using the proto handler for DHCP-provisioned containers. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit c5f113c43f43c20555298c8500bf91bffbe1f58b)
* nftables: add CONFLICT between versionsEneas U de Queiroz2022-04-111-1/+2
| | | | | | | Have nftables-json conflict with nftables-nojson. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 1135b75d1fd26049a0644b304b7199e4a73c6a08)
* dropbear: bump to 2022.82Konstantin Demin2022-04-109-66/+90
| | | | | | | | | | | | | | | | | | | | | | | - update dropbear to latest stable 2022.82; for the changes see https://matt.ucc.asn.au/dropbear/CHANGES - use $(AUTORELEASE) in PKG_RELEASE - use https for all uris - refresh all patches - rewrite patches: - 100-pubkey_path.patch - 130-ssh_ignore_x_args.patch binary/pkg size changes: - ath79/generic, mips: - binary: 215112 -> 219228 (+4116) - pkg: 111914 -> 113404 (+1490) - ath79/tiny, mips: - binary: 172501 -> 172485 (-16) - pkg: 89871 -> 90904 (+1033) Tested-by: Stijn Segers <foss@volatilesystems.org> Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit 65256aee23a5104eb0c78411fdc73640c0b757ea)
* dnsmasq: add procd interface index trackingValentyn Datsko2022-04-101-0/+5
| | | | | | | | | | | | | | Problem exist when dnsmasq is exclusively bind to particular interface. After reconfiguring or restarting this interface, its index changes, but dnsmasq uses the old one. When this problem occurs, dnsmasq does not listen on the correct interface so DHCP does not work, and clients do not get an IP address. Procd netdev param can be added to restart dnsmasq when the interface index is changed. Signed-off-by: Valentyn Datsko <valikk.d@gmail.com> [combined into a single &&-connected statement] Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 76f55e3c3f32dea63a385e9b3c8eaed1322089c7)
* uqmi: fix acquiring PIN statusDaniel Golle2022-03-271-4/+8
| | | | | | | | | | | | | Evaluating the return value of 'json_load' didn't work in the intended way resulting in PIN status no longer being read on modems where --get-pin-status doesn't fail. Fix this by trying --get-pin-status first and checking if pin1_status field exists in JSON, and if it doesn't try again with --uim-get-sim-state. Fixes: #9501 Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit ee7cb5e885118b78fb5f692d8ed6c93bb7e35853)
* qosify: update to the latest versionFelix Fietkau2022-03-221-3/+3
| | | | | | | | | | | | | | | | | 391a9fbd5ace dns: fix parsing vlan encapsulated protocol 6aeeddbc91ad interface: extend dns filters to cover vlan tagged traffic as well 1ab53d4ca601 bpf: return TC_ACT_UNSPEC to allow other filters to proceed ca21e729af23 interface: switch to using clsact for filters 5d158f6b3c15 interface: run ingress bpf filter on main device ingress instead of ifb egress bdfcb11847ce interface: fix duplicated dns filter line b97405aa632a Revert "ubus: remove dnsmasq subscriber" 8fbaf39dbc95 interface: rework adding/removing filters, do not delete clsact d7ba5804eae4 interface: replace open-coded ifb-dns string with QOSIFY_DNS_IFNAME 91cf440db9e2 loader: fix use of deprecated functions 57c7817f91c2 qosify: fix dscp values of ubus-added dns host entries Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit af434e0da2485bd7a82895b5bb63b1182154b98e)
* iptables: bump PKG_RELEASEEtienne Champetier2022-03-191-1/+1
| | | | | | Following {arp,eb}tables-nft addition, bump PKG_RELEASE Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iptables: add {arp,eb}tables-nftEtienne Champetier2022-03-192-0/+145
| | | | | | | Add a patch to add some missing init_extensions{a,b}() calls Package lib{arp,eb}t_*.so Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iptables: add xtables-nft packageEtienne Champetier2022-03-191-3/+14
| | | | | | | This allows to install ip6tables-nft without iptables-nft This prepare the addition of {arp,eb}tables-nft Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iptables: add xtables-legacy packageEtienne Champetier2022-03-191-3/+14
| | | | | | This allows to install ip6tables-legacy without iptables-legacy Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* ebtables: rename to ebtables-legacyEtienne Champetier2022-03-191-14/+21
| | | | | | | | This prepare the introduction of ebtables-nft. Add PROVIDES so dependencies are not broken, use ALTERNATIVES. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* arptables: rename package to arptables-legacyEtienne Champetier2022-03-191-4/+7
| | | | | | | | This prepare the introduction of arptables-nft. Add PROVIDES so dependencies are not broken, use ALTERNATIVES. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iwinfo: update to latest Git headJosef Schlehofer2022-03-191-3/+3
| | | | | | | | | Changelog: 90bfbb9 devices: Add Cypress CYW43455 234075b devices: fix AMD RZ608 format 0e2a318 devices: add AMD RZ608 device-id Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* bpftools: fix library path on 64 bit systemsFelix Fietkau2022-03-191-3/+3
| | | | | | | drop the use of LIB_SUFFIX Fixes: 00cbf6f6ab1d ("bpftools: update to standalone bpftools + libbpf, use the latest version") Signed-off-by: Felix Fietkau <nbd@nbd.name>
* bpftools: update to standalone bpftools + libbpf, use the latest versionFelix Fietkau2022-03-196-117/+64
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iptables: backport missing init_extensions6() callsEtienne Champetier2022-03-132-1/+69
| | | | | | | This fixes ip6tables-nft no being able to use built-in extensions like icmp6. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* ipset: add backport patch for IPv6 nftables ipset-translationFlorian Eckert2022-03-132-1/+83
| | | | | | | | | | | | | | When porting mwan3 from iptables to nftables I tried the new translation tool for ipset ipset-translate. I noticed that no IPv6 ipset can be created with the tool. I have reported the problem to the upstream project and the following patch fixes the problem. Until this upsream is included in a new release, this patch should be used in Openwrt. https://lore.kernel.org/netfilter-devel/20220228190217.2256371-1-pablo@netfilter.org/T/#m09cc3cb738f2e42024c7aecf5b7240d9f6bbc19c Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: update to git HEADDaniel Golle2022-03-121-3/+3
| | | | | | 44dd095 uqmi: corrected too short received SMS Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uqmi: set CID during 'query-data-status' operationLech Perczak2022-03-121-2/+2
| | | | | | | | | | | | | Modems used in ZTE mobile broadband routers require to query the data session status using the same CID as one used to establish the session, otherwise they will report the session as "disconnected" despite reporting correct PDH in previous step. Without this change, IPv6 connection on these modems doesn't establish properly. In IPv4 this bug is present as well, but for some reason querying of IPv4 status works using temporary CID, this however seems noncompliant with QMI specifications, so fix it as well. Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
* iptables: add iptables-mod-socketYousong Zhou2022-03-101-4/+15
| | | | | | | | | Previously libxt_socket.so was included in iptables-mod-tproxy. It was missed out when trying to make kmod-ipt-socket and kmod-ipt-tproxy separate packages Fixes: 4f443c88 ("netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy") Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* nftables: update to version 1.0.2Josef Schlehofer2022-03-073-47/+32
| | | | | | | | | | | | | | | | | | | | | | | | | Changelog: https://lwn.net/ml/netdev/YhO5Pn+6+dgAgSd9@salvia/ Patches: removed: - 001-parser-allow-quoted-string-in-flowtable_expr_member: it is now part of upstream release [1] added: - 001-examples-compile-with-make-check.patch: backported from [2], it fixes: nft-json-file.c:3:10: fatal error: nftables/libnftables.h: No such file or directory 3 | #include <nftables/libnftables.h> | ^~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. [1] https://git.netfilter.org/nftables/commit/?h=v1.0.2&id=07af4429241c9832a613cb8620331ac54257d9df [2] https://git.netfilter.org/nftables/commit/?id=18a08fb7f0443f8bde83393bd6f69e23a04246b3 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* qosify: update to the latest versionFelix Fietkau2022-03-061-3/+3
| | | | | | | | | | | 3276aed81c73 move run_cmd() to main.c 558eabc13c64 map: move dns host based lookup code to a separate function 6ff06d66c36c dns: add code for snooping dns packets a78bd43c4a54 ubus: remove dnsmasq subscriber 9773ffa70f1f map: process dns patterns in the order in which they were defined f13b67c9a786 dns: allow limiting dns entry matching to cname name Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iproute2: Remove libxtables from some tc variantsHauke Mehrtens2022-03-051-3/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the new tc-bpf variant and removes libxtables dependency from the tc-tiny variant. The tc-full variant stays like before and contains everything. This allows to use tc without libxtables. The variants have the following sizes: root@OpenWrt:/# ls -al /usr/libexec/tc-* -rwxr-xr-x 1 root root 282453 Mar 1 21:55 /usr/libexec/tc-bpf -rwxr-xr-x 1 root root 282533 Mar 1 21:55 /usr/libexec/tc-full -rwxr-xr-x 1 root root 266037 Mar 1 21:55 /usr/libexec/tc-tiny They are linking the following shared libraries: root@OpenWrt:/# ldd /usr/libexec/tc-tiny /lib/ld-musl-mips-sf.so.1 (0x77d6e000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d4a000) libc.so => /lib/ld-musl-mips-sf.so.1 (0x77d6e000) root@OpenWrt:/# ldd /usr/libexec/tc-bpf /lib/ld-musl-mips-sf.so.1 (0x77da6000) libbpf.so.0 => /usr/lib/libbpf.so.0 (0x77d60000) libelf.so.1 => /usr/lib/libelf.so.1 (0x77d3e000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d1a000) libc.so => /lib/ld-musl-mips-sf.so.1 (0x77da6000) libz.so.1 => /usr/lib/libz.so.1 (0x77cf6000) root@OpenWrt:/# ldd /usr/libexec/tc-full /lib/ld-musl-mips-sf.so.1 (0x77de8000) libbpf.so.0 => /usr/lib/libbpf.so.0 (0x77da2000) libelf.so.1 => /usr/lib/libelf.so.1 (0x77d80000) libxtables.so.12 => /usr/lib/libxtables.so.12 (0x77d66000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d42000) libc.so => /lib/ld-musl-mips-sf.so.1 (0x77de8000) libz.so.1 => /usr/lib/libz.so.1 (0x77d1e000) This is based on a patch from Tiago Gaspar. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* qosify: bump to git HEADStijn Tintel2022-03-042-4/+4
| | | | | | | | interface: disable autorate-ingress by default Also change the example config to reflect this. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* qosify: add PKG_RELEASEStijn Tintel2022-03-041-0/+1
| | | | | | | | | Without PKG_RELEASE, it's impossible to trigger package updates when changing files included in the package that are not in the qosify git repository. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Felix Fietkau <nbd@nbd.name>
* ipset: update to 7.15Florian Eckert2022-03-012-2/+14
| | | | | | | | | Update to the latest upstream version. In this version there is a new tool with which you can convert ipsets into nftables sets. Since we are now using nftables as default firewall, this could be a useful tool for porting ipsets to nftables sets. Signed-off-by: Florian Eckert <fe@dev.tdt.de>