aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* base-files: move urandom seed bits into separate packagePetr Štetiar2019-07-225-1/+42
| | | | | | | | So it's possible to install or remove it as needed. Tested-by: Lucian Cristian <lucian.cristian@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 27bfde9c9f789dbfabebf13047e8b042c27cdeef)
* ubox: move getrandom into separate getrandom packagePetr Štetiar2019-07-221-3/+14
| | | | | | | | So it's possible to install or remove it as needed. Tested-by: Lucian Cristian <lucian.cristian@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 9b4de712cae9b3d745ea4331a804242505f58619)
* urngd: add micro non-physical true RNG based on timing jitterPetr Štetiar2019-07-222-0/+65
| | | | | | | | | | | | | | | | | | | μrngd is OpenWrt's micro non-physical true random number generator based on timing jitter. Using the Jitter RNG core, the rngd provides an entropy source that feeds into the Linux /dev/random device if its entropy runs low. It updates the /dev/random entropy estimator such that the newly provided entropy unblocks /dev/random. The seeding of /dev/random also ensures that /dev/urandom benefits from entropy. Especially during boot time, when the entropy of Linux is low, the Jitter RNGd provides a source of sufficient entropy. Acked-by: Jo-Philip Wich <jow@mein.io> Tested-by: Lucian Cristian <lucian.cristian@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 714bd89fceee494282984d0ed76e4a3acde419e0)
* mac80211: brcm: backport first set of 5.4 brcmfmac changesRafał Miłecki2019-07-2119-15/+1875
| | | | | | | | | | | | This doesn't include 9ff8614a3dbe ("brcmfmac: use separate Kconfig file for brcmfmac") due to a few conflicts with backports changes. An important change is: [PATCH 2/7] brcmfmac: change the order of things in brcmf_detach() which fixes a rmmod crash in the brcmf_txfinalize(). Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit db8e08a5a4469f98ed5d9b0ff3189e356f53d924)
* gpio-button-hotplug: unify polled and interrupt codeDavid Bauer2019-07-191-65/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch unifies the polled and interrupt-driven gpio_keys code paths as well implements consistent handling of the debounce interval set for the GPIO buttons and switches. Hotplug events will only be fired if 1. The input changes its state and remains stable for the duration of the debounce interval (default is 5 ms). 2. In the initial stable (no state-change for duration of the debounce interval) state once the driver module gets loaded. Switch type inputs will always report their stable state. Unpressed buttons will not trigger an event for the initial stable state. Whereas pressed buttons will trigger an event. This is consistent with upstream's gpio-key driver that uses the input subsystem (and dont use autorepeat). Prior to this patch, this was handled inconsistently for interrupt-based an polled gpio-keys. Hence this patch unifies the shared logic into the gpio_keys_handle_button() function and modify both implementations to handle the initial state properly. The changes described in 2. ) . can have an impact on the failsafe trigger. Up until now, the script checked for button state changes. On the down side, this allowed to trigger the failsafe by releasing a held button at the right time. On the plus side, the button's polarity setting didn't matter. Now, the failsafe will only engage when a button was pressed at the right moment (same as before), but now it can theoretically also trigger when the button was pressed the whole time the kernel booted and well into the fast-blinking preinit phase. However, the chances that this can happen are really small. This is because the gpio-button module is usually up and ready even before the preinit state is entered. So, the initial pressed button event gets lost and most devices behave as before. Bisectors: If this patch causes a device to permanently go into failsafe or experience weird behavior due to inputs, please check the following: - the GPIO polarity setting for the button - the software-debounce value Run-tested for 'gpio-keys' and 'gpio-keys-polled' on - devolo WiFi pro 1200e - devolo WiFi pro 1750c - devolo WiFi pro 1750x - Netgear WNDR4700 - Meraki MR24 - RT-AC58U Signed-off-by: David Bauer <mail@david-bauer.net> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [further cleanups, simplification and unification] (cherry picked from commit 27f3f493de0610c74de2ea406641b256bfcc13a9)
* gpio-button-hotplug: fix 4.19 build breakage on malta/be64Petr Štetiar2019-07-191-0/+1
| | | | | | | | | | | | | | While testing 4.19 build on malta/be64, I've encountered following error: gpio-button-hotplug/gpio-button-hotplug.c:529:18: error: implicit declaration of function 'gpio_to_desc' which is caused by the missing include fixed by this patch. Signed-off-by: Petr Štetiar <ynezz@true.cz> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit dd6d82112a10796dd5aa0f9e9c76ec8e77e7e211)
* openvpn: fix handling of list optionsMatt Merhar2019-07-172-3/+4
| | | | | | | | | | | | | | | This addresses an issue where the list option specified in /etc/config/openvpn i.e. 'tls_cipher' would instead show up in the generated openvpn-<name>.conf as 'ncp-ciphers'. For context, 'ncp_ciphers' appears after 'tls_cipher' in OPENVPN_LIST from openvpn.options. Also, the ordering of the options in the UCI config file is now preserved when generating the OpenVPN config. The two currently supported list options deal with cipher preferences. Signed-off-by: Matt Merhar <mattmerhar@protonmail.com> (cherry picked from commit 1d4c4cbd20580dd211431ab58460a6eebd5e021e)
* iptables: update to 1.8.3Deng Qingfang2019-07-178-170/+28
| | | | | | | | | | | | | | | | | | | | | | Update iptables to 1.8.3 ChangeLog: https://netfilter.org/projects/iptables/files/changes-iptables-1.8.3.txt Removed upstream patches: - 001-extensions_format-security_fixes_in_libip.patch - 002-include_fix_build_with_kernel_headers_before_4_2.patch - 003-ebtables-vlan-fix_userspace_kernel_headers_collision.patch Altered patches: - 200-configurable_builtin.patch - 600-shared-libext.patch No notable size changes Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [lipibtc ABI_VERSION fix] (cherry picked from commit 299f6cb2da0a443484339aaa51b3d9edcc21ce4e)
* libroxml: bump to the 3.0.2 versionRafał Miłecki2019-07-161-3/+3
| | | | | | | | * Fix for memory leak regression * Support for (un)escaping Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 430d65c544551f9af88cdc6f0b9c6c12364b28f9)
* fstools: add direct dependencies on libblobmsg-json and libjson-cPetr Štetiar2019-07-151-2/+2
| | | | | | | | | | | | | | | | | The OpenWrt buildroot ABI version rebuild tracker does not handle transient dependencies, therefore add all libraries linked by block-mount and blockd as direct dependencies to the corresponding binary package definition. This ensures that block-mount and blockd is automatically rebuilt and relinked if any of these libraries has its ABI_VERSION updated in the future. Fixes: FS#2373 [jow: similar fix for procd and 98.42% of commit message] Signed-off-by: Jo-Philip Wich <jow@mein.io> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit cbae306815bdfc335eeedc35dc5df3d2d4021a2a)
* busybox: strip off ALTERNATIVES specYousong Zhou2019-07-121-19/+3
| | | | | | | | Now that busybox is a known alternatives provider by opkg, we remove the ALTERNATIVES spec and add a note to make the implicit situation clear Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry-picked from commit 62be427067ee3883b68bcfb08dfc0c43dce22fa3)
* opkg: bump to version 2019-06-14Yousong Zhou2019-07-121-3/+3
| | | | | | | | | Opkg starting from this version special-cases busybox as alternatives provider. There should be no need to add entries to ALTERNATIVES of busybox package Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry-picked from commit e51b513f75d28306a744637b0fbe7fdd6e3fb813)
* mac80211: Do not build b43legacy on BRCM47xx mips74 subtargetHauke Mehrtens2019-07-121-1/+1
| | | | | | | | | | | | | | b43legacy needs ssb support and we do not compile the mips74 subtarget of the brcm47xx target with SSB support. This causes a build failure in the mac80211 package and only some of the kernel modules are being created. I am not aware of any device with a BRCM47xx mips74 CPU which uses a b43legacy compatible device. Fixes: FS#2334 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit e05310b9b80f944c718374b449b6fe48d06d412d)
* base-files: Fix path check in get_mac_binaryAdrian Schmutzler2019-07-091-1/+1
| | | | | | | | | | Logic was inverted when changing from string check to file check. Fix it. Fixes: 8592602d0a88 ("base-files: Really check path in get_mac_binary") Reported-by: Matthias Schiffer <mschiffer@universe-factory.net> Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 6ed3349308b24a6bac753643970a1f9f56ff6070)
* wolfssl: Fix package hashHauke Mehrtens2019-07-081-1/+1
| | | | | Fixes: 3167a57f7262 ("wolfssl: update to 3.15.7, fix Makefile") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* netsupport: move out mqprio from kmod-schedKonstantin Demin2019-07-081-1/+1
| | | | | | | | | | | | | Currently, there's unable to install "kmod-sched-mqprio" after "kmod-sched" (or vice versa), because "sch_mqprio.ko" is shipped in both packages. Fixes: f83522fa6361 ("linux: Add kmod-sched-mqprio") Fixes: 6af639e0bf78 ("linux: Add kmod-sched-act-vlan") Fixes: 72c7e2dc467c ("linux: Add kmod-sched-flower") Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> [Add cls_flower and act_vlan] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wolfssl: update to 3.15.7, fix MakefileEneas U de Queiroz2019-07-084-13/+13
| | | | | | | | | | This includes a fix for a medium-level potential cache attack with a variant of Bleichenbacher’s attack. Patches were refreshed. Increased FP_MAX_BITS to allow 4096-bit RSA keys. Fixed poly1305 build option, and some Makefile updates. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 2792daab5ad26e916619052fc7f581cddc1ea53c)
* base-files: Really check path in get_mac_binaryAdrian Schmutzler2019-07-051-1/+1
| | | | | | | | Currently, path argument is only checked for being not empty. This changes behavior to actually check whether path exists. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* fstools: block-mount: fix restart of fstab serviceKarel Kočí2019-06-282-1/+5
| | | | | | | | | | | | | | | | Restarting service causes file-systems to be unmounted without being mounted back. When this service was obsoleted it should have been implemented in a way that all actions are ignored. Up to this commit default handler was called when restart was requested. This default handler just simply calls stop and start. That means that stop called unmount but start just printed that this service is obsoleted. This instead implements restart that just prints same message like start does. It just calls start in reality. This makes restart unavailable for call. Signed-off-by: Karel Kočí <karel.koci@nic.cz> (cherry picked from commit 3ead9e7b743b1fbd3b07f5a72a16999abbec9347)
* mvebu: fix regression for non-generic ESPRESSObin versionsVladimir Vid2019-06-281-0/+3
| | | | | | | | | | | | | | When targets for multiple ESPRESSObin devices were added, not all files were updated which means any ESPRESSObin version beside generic won't have proper networking, sysupgrade and uboot-env. This patch fixes the issue. * fixup network detection * fixup uboot-env * fixup platform.sh for sysupgrade Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr> (cherry picked from commit bc47285cb3c0125424e628521f905f1f0d7b4cef)
* base-files: use OPENWRT prefix for os-release variablesBjørn Mork2019-06-271-8/+8
| | | | | | | | | | | Just stumbled across this LEDE legacy, without finding any real reason to keep it. There is a single LEDE_DEVICE_MANUFACTURER_URL dependency in the luci feed repo which needs to be syncronized. Signed-off-by: Bjørn Mork <bjorn@mork.no> [re-added missing commit message] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 8a34a54b6aa6e9a5e2983d554fd5b97bec97e891)
* uqmi: bump to latest git HEADKoen Vandeputte2019-06-271-4/+4
| | | | | | | | 1965c7139374 uqmi: add explicit check for message type when expecting a response 01944dd7089b uqmi_add_command: fixed command argument assignment Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 47986dc6ea1d643cd348501da09cd2e3ee2f9ee1)
* mac80211: update WDS/4addr fix to the version accepted upstreamStefan Lippers-Hollmann2019-06-221-31/+27
| | | | | | | | | | | | | This updates "{nl,mac}80211: allow 4addr AP operation on crypto controlled devices" to the version (v3), which was accepted into upstream mac80211.git and which is tagged for -stable backporting (v4.18+). https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=33d915d9e8ce811d8958915ccd18d71a66c7c495 Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [format-patch]
* iproute2: update ctinfo supportKevin Darbyshire-Bryant2019-06-201-10/+5
| | | | | | | | | Follow upstream changes - header file changes only no functional or executable changes, hence no package bump required Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit a8f0c02f80fa0c7c55702770b3ca99f6db5405e7)
* base-files: fix uci led oneshot/timer triggerRobinson Wu2019-06-201-0/+1
| | | | | | | | | | | | | | This patch adds a missing type property which prevented the creation of oneshot and timer led triggers when they are specified in the /etc/board.d/01_leds files. i.e.: ucidef_set_led_timer "system" "system" "zhuotk:green:system" "1000" "1000" Fixes: b06a286a4861 ("base-files: cleanup led functions in uci-defaults.sh") Signed-off-by: Robinson Wu <wurobinson@qq.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* mac80211: brcm: backport remaining brcmfmac 5.2 patchesRafał Miłecki2019-06-168-1/+361
| | | | | | | | This improves FullMAC firmware compatibility, adds logging in case of firmware crash and *may* fix "Invalid packet id" errors. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 8888cb725d492ad5cad5b59fc7117b006e1bba5a)
* mac80211: refresh patchesChristian Lamparter2019-06-152-19/+16
| | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* iwinfo: update PKG_MIRROR_HASHChristian Lamparter2019-06-151-1/+1
| | | | | | | This patch updates the PKG_MIRROR_HASH to match the one of the current version. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ath10k-ct: adjust tx power reduction for US regulatory domainSven Eckelmann2019-06-151-0/+101
| | | | | | | | | | | | | | | | | | | | | | | | FCC allows maximum antenna gain of 6 dBi. 15.247(b)(4): > (4) The conducted output power limit > specified in paragraph (b) of this section > is based on the use of antennas > with directional gains that do not exceed > 6 dBi. Except as shown in paragraph > (c) of this section, if transmitting > antennas of directional gain greater > than 6 dBi are used, the conducted > output power from the intentional radiator > shall be reduced below the stated > values in paragraphs (b)(1), (b)(2), > and (b)(3) of this section, as appropriate, > by the amount in dB that the > directional gain of the antenna exceeds > 6 dBi. https://www.gpo.gov/fdsys/pkg/CFR-2013-title47-vol1/pdf/CFR-2013-title47-vol1-sec15-247.pdf Signed-off-by: Sven Eckelmann <sven@narfation.org>
* ath10k-ct: fix max antenna gain unitSven Eckelmann2019-06-151-0/+49
| | | | | | | | | | | | | | | Most of the txpower for the ath10k firmware is stored as twicepower (0.5 dB steps). This isn't the case for max_antenna_gain - which is still expected by the firmware as dB. The firmware is converting it from dB to the internal (twicepower) representation when it calculates the limits of a channel. This can be seen in tpc_stats when configuring "12" as max_antenna_gain. Instead of the expected 12 (6 dB), the tpc_stats shows 24 (12 dB). Tested on QCA9888 and IPQ4019 with firmware 10.4-3.5.3-00057. Signed-off-by: Sven Eckelmann <sven@narfation.org>
* mac80211: ath10k: adjust tx power reduction for US regulatory domainSven Eckelmann2019-06-151-0/+101
| | | | | | | | | | | | | | | | | | | | | | | | FCC allows maximum antenna gain of 6 dBi. 15.247(b)(4): > (4) The conducted output power limit > specified in paragraph (b) of this section > is based on the use of antennas > with directional gains that do not exceed > 6 dBi. Except as shown in paragraph > (c) of this section, if transmitting > antennas of directional gain greater > than 6 dBi are used, the conducted > output power from the intentional radiator > shall be reduced below the stated > values in paragraphs (b)(1), (b)(2), > and (b)(3) of this section, as appropriate, > by the amount in dB that the > directional gain of the antenna exceeds > 6 dBi. https://www.gpo.gov/fdsys/pkg/CFR-2013-title47-vol1/pdf/CFR-2013-title47-vol1-sec15-247.pdf Signed-off-by: Sven Eckelmann <sven@narfation.org>
* mac80211: ath10k: fix max antenna gain unitSven Eckelmann2019-06-151-0/+49
| | | | | | | | | | | | | | | Most of the txpower for the ath10k firmware is stored as twicepower (0.5 dB steps). This isn't the case for max_antenna_gain - which is still expected by the firmware as dB. The firmware is converting it from dB to the internal (twicepower) representation when it calculates the limits of a channel. This can be seen in tpc_stats when configuring "12" as max_antenna_gain. Instead of the expected 12 (6 dB), the tpc_stats shows 24 (12 dB). Tested on QCA9888 and IPQ4019 with firmware 10.4-3.5.3-00057. Signed-off-by: Sven Eckelmann <sven@narfation.org>
* mac80211: ath9k: Increase allowed antenna gain to 6 dBiSven Eckelmann2019-06-151-3/+3
| | | | | | | | | | | | | | | | | | | | | | FCC allows maximum antenna gain of 6 dBi. 15.247(b)(4): > (4) The conducted output power limit > specified in paragraph (b) of this section > is based on the use of antennas > with directional gains that do not exceed > 6 dBi. Except as shown in paragraph > (c) of this section, if transmitting > antennas of directional gain greater > than 6 dBi are used, the conducted > output power from the intentional radiator > shall be reduced below the stated > values in paragraphs (b)(1), (b)(2), > and (b)(3) of this section, as appropriate, > by the amount in dB that the > directional gain of the antenna exceeds > 6 dBi. Signed-off-by: Sven Eckelmann <sven@narfation.org>
* iwinfo: update to latest git HEADKoen Vandeputte2019-06-121-2/+2
| | | | | | 1372f47eff34 iwinfo: Add Mikrotik R11e-5HnDr2 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* dnsmasq: move feature detection inside a shell funcYousong Zhou2019-06-112-7/+10
| | | | | | | Resolves openwrt/packages#9219 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit 04b45d3a31fac45c472ad3c31d98268d1c309763)
* OpenWrt v19.07: set branch defaultsAlexander Couzens2019-06-111-1/+1
| | | | Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* replace links towards lede-project.org with openwrt.orgAlexander Couzens2019-06-111-1/+1
| | | | | | | Modify VERSION_SUPPORT_URL VERSION_REPO Replace BUGS variable in toolchain/gcc/common.mk Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* config: add xfrm interface support scriptsAndré Valentin2019-06-102-0/+103
| | | | | | | | | | | | | | | | | | | | | | | | This package adds scripts for xfrm interfaces support. Example configuration via /etc/config/network: config interface 'xfrm0' option proto 'xfrm' option mtu '1300' option zone 'VPN' option tunlink 'wan' option ifid 30 config interface 'xfrm0_static' option proto 'static' option ifname '@xfrm0' option ip6addr 'fe80::1/64' option ipaddr '10.0.0.1/30' Now set in strongswan IPsec policy: if_id_in = 30 if_id_out = 30 Signed-off-by: André Valentin <avalentin@marcant.net>
* curl: update to 7.65.1Hans Dedecker2019-06-101-2/+2
| | | | | | For changes in 7.65.1; see https://curl.haxx.se/changes.html#7_65_1 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netsupport: add xfrmi interface supportAndré Valentin2019-06-091-0/+16
| | | | | | | | Add support for xfrm interfaces in kernel. XFRM interfaces are used by the IPsec stack for tunneling. XFRM interfaces are available since linux 4.19. Signed-off-by: André Valentin <avalentin@marcant.net>
* gpio-button-hotplug: gpio-keys: fix always missing first eventPetr Štetiar2019-06-091-9/+2
| | | | | | | | | | | | | Commit afc056d7dc83 ("gpio-button-hotplug: support interrupt properties") changed the gpio-keys interrupt handling logic in a way, that it always misses first event, which causes issues with rc.button scripts, so this patch restores the previous behaviour. Fixes: afc056d7dc83 ("gpio-button-hotplug: support interrupt properties") Reported-by: Kristian Evensen <kristian.evensen@gmail.com> Tested-by: Kuan-Yi Li <kyli.tw@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [drop state check]
* gpio-button-hotplug: fix wrong initial seen valuePetr Štetiar2019-06-091-0/+3
| | | | | | | | | | | | | | | Currently the generated event contains wrong seen value, when the button is pressed for the first time: rmmod gpio_button_hotplug; modprobe gpio_button_hotplug [ pressing the wps key immediately after modprobe ] gpio-keys: create event, name=wps, seen=1088, pressed=1 So this patch adds a check for this corner case and makes seen=0 if the button is pressed for the first time. Tested-by: Kuan-Yi Li <kyli.tw@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* gpio-button-hotplug: use pr_debug and pr_errPetr Štetiar2019-06-091-17/+6
| | | | | | | pr_debug can be used with dynamic debugging. Tested-by: Kuan-Yi Li <kyli.tw@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* dnsmasq: skip options that are not compiled inYousong Zhou2019-06-092-3/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is to make life easier for users with customized build of dnsmasq-full variant. Currently dnsmasq config generated by current service script will be rejected by dnsmasq build lacking DHCP feature - Options like --dhcp-leasefile have default values. Deleting them from uci config or setting them to empty value will make them take on default value in the end - Options like --dhcp-broadcast are output unconditionally Tackle this by - Check availablility of features from output of "dnsmasq --version" - Make a list of options guarded by HAVE_xx macros in src/options.c of dnsmasq source code - Ignore these options in xappend() Two things to note in this implementation - The option list is not exhaustive. Supposedly only those options that may cause dnsmasq to reject with "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)" are taken into account here - This provides a way out but users' cooperation is still needed. E.g. option dnssec needs to be turned off, otherwise the service script will try to add --conf-file pointing to dnssec specific anchor file which dnsmasq lacking dnssec support will reject Resolves FS#2281 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netifd: xfrm tunnel supportHans Dedecker2019-06-081-3/+3
| | | | | | 8c6358b netifd: add xfrm tunnel interface support Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* busybox: add ALTERNATIVES for brctlKonstantin Demin2019-06-081-1/+2
| | | | | | | | Busybox brctl applet conflicts with the version from bridge-utils. Fix this by using ALTERNATIVE support for brctl in busybox. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* iproute2: add tc action ctinfo supportKevin Darbyshire-Bryant2019-06-072-1/+595
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the userspace control portion of the backported kernelspace act_ctinfo. ctinfo is a tc action restoring data stored in conntrack marks to various fields. At present it has two independent modes of operation, restoration of DSCP into IPv4/v6 diffserv and restoration of conntrack marks into packet skb marks. It understands a number of parameters specific to this action in additional to the usual action syntax. Each operating mode is independent of the other so all options are optional, however not specifying at least one mode is a bit pointless. Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE] [CONTROL] [index <INDEX>] DSCP mode dscp enables copying of a DSCP stored in the conntrack mark into the ipv4/v6 diffserv field. The mask is a 32bit field and specifies where in the conntrack mark the DSCP value is located. It must be 6 contiguous bits long. eg. 0xfc000000 would restore the DSCP from the upper 6 bits of the conntrack mark. The DSCP copying may be optionally controlled by a statemask. The statemask is a 32bit field, usually with a single bit set and must not overlap the dscp mask. The DSCP restore operation will only take place if the corresponding bit/s in conntrack mark ANDed with the statemask yield a non zero result. eg. dscp 0xfc000000 0x01000000 would retrieve the DSCP from the top 6 bits, whilst using bit 25 as a flag to do so. Bit 26 is unused in this example. CPMARK mode cpmark enables copying of the conntrack mark to the packet skb mark. In this mode it is completely equivalent to the existing act_connmark action. Additional functionality is provided by the optional mask parameter, whereby the stored conntrack mark is logically ANDed with the cpmark mask before being stored into skb mark. This allows shared usage of the conntrack mark between applications. eg. cpmark 0x00ffffff would restore only the lower 24 bits of the conntrack mark, thus may be useful in the event that the upper 8 bits are used by the DSCP function. Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE] [CONTROL] [index <INDEX>] where : dscp MASK is the bitmask to restore DSCP STATEMASK is the bitmask to determine conditional restoring cpmark MASK mask applied to restored packet mark ZONE is the conntrack zone CONTROL := reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX> Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: backport act_ctinfoKevin Darbyshire-Bryant2019-06-061-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ctinfo is a new tc filter action module. It is designed to restore information contained in firewall conntrack marks to other packet fields and is typically used on packet ingress paths. At present it has two independent sub-functions or operating modes, DSCP restoration mode & skb mark restoration mode. The DSCP restore mode: This mode copies DSCP values that have been placed in the firewall conntrack mark back into the IPv4/v6 diffserv fields of relevant packets. The DSCP restoration is intended for use and has been found useful for restoring ingress classifications based on egress classifications across links that bleach or otherwise change DSCP, typically home ISP Internet links. Restoring DSCP on ingress on the WAN link allows qdiscs such as but by no means limited to CAKE to shape inbound packets according to policies that are easier to set & mark on egress. Ingress classification is traditionally a challenging task since iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT lookups, hence are unable to see internal IPv4 addresses as used on the typical home masquerading gateway. Thus marking the connection in some manner on egress for later restoration of classification on ingress is easier to implement. Parameters related to DSCP restore mode: dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the conntrack mark field contain the DSCP value to be restored. statemask - a 32 bit mask of (usually) 1 bit length, outside the area specified by dscpmask. This represents a conditional operation flag whereby the DSCP is only restored if the flag is set. This is useful to implement a 'one shot' iptables based classification where the 'complicated' iptables rules are only run once to classify the connection on initial (egress) packet and subsequent packets are all marked/restored with the same DSCP. A mask of zero disables the conditional behaviour ie. the conntrack mark DSCP bits are always restored to the ip diffserv field (assuming the conntrack entry is found & the skb is an ipv4/ipv6 type) e.g. dscpmask 0xfc000000 statemask 0x01000000 |----0xFC----conntrack mark----000000---| | Bits 31-26 | bit 25 | bit24 |~~~ Bit 0| | DSCP | unused | flag |unused | |-----------------------0x01---000000---| | | | | ---| Conditional flag v only restore if set |-ip diffserv-| | 6 bits | |-------------| The skb mark restore mode (cpmark): This mode copies the firewall conntrack mark to the skb's mark field. It is completely the functional equivalent of the existing act_connmark action with the additional feature of being able to apply a mask to the restored value. Parameters related to skb mark restore mode: mask - a 32 bit mask applied to the firewall conntrack mark to mask out bits unwanted for restoration. This can be useful where the conntrack mark is being used for different purposes by different applications. If not specified and by default the whole mark field is copied (i.e. default mask of 0xffffffff) e.g. mask 0x00ffffff to mask out the top 8 bits being used by the aforementioned DSCP restore mode. |----0x00----conntrack mark----ffffff---| | Bits 31-24 | | | DSCP & flag| some value here | |---------------------------------------| | | v |------------skb mark-------------------| | | | | zeroed | | |---------------------------------------| Overall parameters: zone - conntrack zone control - action related control (reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX>) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Make suitable adjustments for backporting to 4.14 & 4.19 and add to SCHED_MODULES_FILTER Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* layerscape: fix u-boot bootcmdBiwen Li2019-06-063-0/+84
| | | | | | | | | | | Current latest LSDK-19.03 u-boot had a bug that bootcmd environment was always been reset when u-boot started up. This was found on boards with spi NOR boot. Before the proper fix-up is applied, we have to use a workaround to hard code the bootcmd for OpenWrt booting for now. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: drop ppa packageYangbo Lu2019-06-061-84/+0
| | | | | | Drop ppa package since TF-A is used instead. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>