aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* x86: Make kmod-drm-radeon and kmod-drm-amdgpu depend on x86Hauke Mehrtens2019-02-201-2/+2
| | | | | | | | | Currently these kernel packages only work on x86, restrict them to that target. Fixes: 2f239c02a031 ("x86: video: add amdgpu DRM kernel package") Fixes: 2f6918ee9be9 ("x86: video: add radeon DRM module support") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Revert "iproute2: use tc package variant to limit other package sizes"Hans Dedecker2019-02-191-9/+0
| | | | | | | | This reverts commit e6d84fa8864e7bbbcec139dd09a2922a06f5b2a0 as it breaks the installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma for the ip-full variant Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "iproute2: simplify linking libelf for eBFP/XDP object file support"Hans Dedecker2019-02-193-21/+61
| | | | | | | | This reverts commit 26681fa6a6fcbec0024906eb8367e9a3160521fb as it breaks the installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma for the ip-full variant Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "iproute2: tc: enable and fix support for using .so plugins"Hans Dedecker2019-02-192-107/+1
| | | | | | | | This reverts commit fc80ef3613465e60257a5ddf0674debe45b09180 as it breaks the installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma for the ip-full variant Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "iproute2: tc: reduce size of dynamic symbol table"Hans Dedecker2019-02-192-45/+1
| | | | | | | | This reverts commit 248797834bf21916ddf663edc96d86ee5377850e as it breaks the installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma for the ip-full variant Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: allow using dnsmasq as the sole resolverYousong Zhou2019-02-192-16/+16
| | | | | | | | | | | | | | | | | | | | Currently it seems impossible to configure /etc/config/dhcp to achieve the following use case - run dnsmasq with no-resolv - re-generate /etc/resolv.conf with "nameserver 127.0.0.1" Before this change, we have to set resolvfile to /tmp/resolv.conf.auto to achive the 2nd effect above, but setting resolvfile requires noresolv being false. A new boolean option "localuse" is added to indicate that we intend to use dnsmasq as the local dns resolver. It's false by default and to align with old behaviour it will be true automatically if resolvfile is set to /tmp/resolv.conf.auto Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* mac80211: rt2x00: backport accepted and pending patches from upstreamDaniel Golle2019-02-1962-201/+1516
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | backport from wireless-drivers-next, replacing some existing patches in our tree (marked with '=' are those which were already present): f483039cf51a rt2x00: use simple_read_from_buffer() =5c656c71b1bf rt2800: move usb specific txdone/txstatus routines to rt2800lib =0b0d556e0ebb rt2800mmio: use txdone/txstatus routines from lib =5022efb50f62 rt2x00: do not check for txstatus timeout every time on tasklet =adf26a356f13 rt2x00: use different txstatus timeouts when flushing =0240564430c0 rt2800: flush and txstatus rework for rt2800mmio 6eba8fd22352 rt2x00: rt2400pci: mark expected switch fall-through 10bb92217747 rt2x00: rt2500pci: mark expected switch fall-through 916e6bbcfcff rt2x00: rt2800lib: mark expected switch fall-throughs 641dd8068ecb rt2x00: rt61pci: mark expected switch fall-through 750afb08ca71 cross-tree: phase out dma_zalloc_coherent() =c2e28ef7711f rt2x00: reduce tx power to nominal level on RT6352 a4296994eb80 rt2x00: Work around a firmware bug with shared keys 2587791d5758 rt2x00: no need to check return value of debugfs_create functions pending on linux-wireless: rt2x00: remove unneeded check rt2x00: remove confusing AGC register rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 rt2800: comment and simplify AGC init for RT6352 rt2x00: do not print error when queue is full rt2800: partially restore old mmio txstatus behaviour rt2800: new flush implementation for SoC devices rt2800: move txstatus pending routine rt2800mmio: fetch tx status changes rt2800mmio: use timer and work for handling tx statuses timeouts rt2x00: remove last_nostatus_check rt2x00: remove not used entry field rt2x00mmio: remove legacy comment While at it also rename some existing patches now that there are separate folders with patches for each driver to make things a bit nicer to handle. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* odhcpd: update to latest git HEADHans Dedecker2019-02-181-3/+3
| | | | | | | | | | | | | | | | | | | 1f01299 config: fix build failure in case DHCPv4 support is disabled 67b3a14 dhcpv4: fix assignment of requested IP address ca8ba91 dhcp: rework static lease logic 36833ea dhcpv6: rapid commit support 1ae316e dhcpv6: fix parsing of DHCPv6 relay messages 80157e1 dhcpv4: fix compile issue 671ccaa dhcpv6-ia: move function definitions to odhcpd.h 0db69b0 dhcpv6: improve code readibility 7847b27 treewide: unify dhcpv6 and dhcpv4 assignments a54cee0 netlink: rework handling of netlink messages 9f25dd8 treewide: use avl tree to store interfaces f21a0a7 treewide: align syslog tracing edc5fb0 dhcpv6-ia: add full CONFIRM support 9d6eadf dhcpv6-ia: rework append_reply() Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* samba36: allow build with no ipv6 supportRosy Song2019-02-171-1/+2
| | | | Signed-off-by: Rosy Song <rosysong@rosinson.com>
* uboot-kirkwood: update to 2019.01Paul Wassi2019-02-1710-80/+83
| | | | | | Update U-Boot to current 2019.01 release for kirkwood platform Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* kernel: Added required dependencies for socket match.Oldřich Jedlička2019-02-171-0/+2
| | | | | | | | | | | | | | This applies to kernel 4.10 and newer. See https://github.com/torvalds/linux/commit/8db4c5be88f62ffd7a552f70687a10c614dc697b The above commit added to kernel 4.10 added new dependency for building the NETFILTER_XT_MATCH_SOCKET (xt_socket.ko) module. The NF_SOCKET_IPVx options (both of them) need to be enabled in order to build the NETFILTER_XT_MATCH_SOCKET module. Without the change the module is not built. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
* x86: video: add amdgpu DRM kernel packageLucian Cristian2019-02-171-0/+22
| | | | | | build amdgpu kernel as modules so it will find the firmware files Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* x86: video: add radeon DRM module supportLucian Cristian2019-02-171-0/+14
| | | | | | add radeon module support so firmware can be loaded from userland Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* linux-firmware: DRM: add amdgpu firmwareLucian Cristian2019-02-171-0/+9
| | | | | | add firmware needed for amdgpu DRM display Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* linux-firmware: DRM: add radeon firmwareLucian Cristian2019-02-171-0/+9
| | | | | | add firmware needed for radeon DRM display Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* strace: Only allow libdw or libunwindHauke Mehrtens2019-02-171-9/+11
| | | | | | | | These two dependencies are mutual exclusive and it is only possible to select one of them, change the select to a chose so it is only possible to select one of them in OpenWrt menu config. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* strace: fix configuration optionsPeter Wagner2019-02-171-6/+14
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* elfutils: fix DEPENDS for libelfPeter Wagner2019-02-171-2/+2
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* sunxi: add support for Sinovoip Banana Pi M2 PlusPawel Dembicki2019-02-171-0/+7
| | | | | | | | | | | | | | | | | | | CPU: H3 Quad-core Cortex-A7 H.265/HEVC 4K @ 1.2 Ghz GPU: Mali400MP2 GPU @ 600MHz (supports OpenGL ES 2.0) Memory: 1GB DDR3 (shared with GPU) Onboard: Storage TF card (Max. 64GB) / MMC card slot Onboard: Network 10/100M Ethernet RJ45 (Realtek RTL8211E) Onboard: Network BT4.0/WiFi 802.11 b/g/n (Ampak AP6212) Onboard header: SPI, I2C, GPIO, UART USB 2.0: Two USB 2.0 HOST, One USB 2.0 OTG Untested: Audio, Video Not working: Bluetooth Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
* linux-firmware: broadcom: package 43430a0 FullMAC firmwarePawel Dembicki2019-02-171-0/+9
| | | | Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
* openssl: patch to fix devcrypto sessions leakEneas U de Queiroz2019-02-171-0/+115
| | | | | | | | Applies a patch from https://github.com/openssl/openssl/pull/8213 that fixes an error where open /dev/crypto sessions were not closed. Thanks to Ansuel Smith for reporting it. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* build: remove leftovers from previous x86 commitsTomasz Maciej Nowak2019-02-171-2/+2
| | | | | | | | | | | | | | | | | VBoxManage is not used and the image is created with proper permisions: 0f5d0f6 image: use internal qemu-img for vmdk and vdi images drop host dependencies on qemu-utils and VirtualBox Unreachable config symbols: 9e0759e x86: merge all geode based subtargets into one No need to define those symbols since x86_64 is subtarget of x86: 196fb76 x86: make x86_64 a subtarget instead of a standalone target Unreachable config symbols, so remove GRUB_ROOT: 371b382 x86: remove the xen_domu subtarget Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
* mdadm: Update to 4.1Rosen Penev2019-02-174-11/+11
| | | | | | Tested on GnuBee PC1. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* iw: update to 5.0.1Deng Qingfang2019-02-175-664/+83
| | | | | | | | | | | | | Refresh patches MIPS IPK size increases: iw-tiny: +3k iw-full: +10k Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn> [Remove sha256, nan, bloom, measurements and ftm from tiny version] [sync nl80211 between backports and iw] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: update to version 4.19.23-1Hauke Mehrtens2019-02-1734-702/+64
| | | | | | | | This updates mac80211 to backports version 4.19.23-1 which includes all the stable fixes from kernel 4.19.23. The removed patches are included in this version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dnsmasq: ensure test and rc order as older than final releasesJonas Gorski2019-02-171-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | Opkg treats text after a version number as higher than without: ~# opkg compare-versions "2.80rc1" "<<" "2.80"; echo $? 1 ~# opkg compare-versions "2.80rc1" ">>" "2.80"; echo $? 0 This causes opkg not offering final release as upgradable version, and even refusing to update, since it thinks the installed version is higher. This can be mitigated by adding ~ between the version and the text, as ~ will order as less than everything except itself. Since 'r' < 't', to make sure that test will be treated as lower than rc we add a second ~ before the test tag. That way, the ordering becomes 2.80~~test < 2.80~rc < 2.80 which then makes opkg properly treat prerelease versions as lower. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* hostapd: update the fix for a race condition in mesh new peer handlingFelix Fietkau2019-02-171-2/+2
| | | | | | | Prevent the mesh authentication state machine from getting reset on bogus new peer discovery Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: enable CONFIG_DEBUG_SYSLOG for wpa_supplicantFelix Fietkau2019-02-174-8/+8
| | | | | | | It was already enabled for wpad builds and since commit 6a15077e2d7fa the script relies on it. Size impact is minimal (2 kb on MIPS .ipk). Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ipset: add support for hash(ip,mac)Alin Nastac2019-02-171-0/+1
| | | | | Signed-off-by: Alin Nastac <alin.nastac@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* busybox: update to 1.30.1Hannu Nyman2019-02-141-3/+3
| | | | | | | | | | | | | Minor bugfix release. Fixes for * bc/dc * sed (backslash parsing for 'w' command) * ip (vlan fixes) * grep (fixes for -x -v) * ls (-i compat) No need to refresh patches or config defaults Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* ipq40xx: add support for ASUS LyraMarius Genheimer2019-02-142-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SoC: Qualcomm IPQ4019 (Dakota) 717 MHz, 4 cores RAM: 256 MiB (Nanya NT5CC128M16IP-DI) FLASH: 128 MiB (Macronix NAND) WiFi0: Qualcomm IPQ4019 b/g/n 2x2 WiFi1: Qualcomm IPQ4019 a/n/ac 2x2 WiFi2: Qualcomm Atheros QCA9886 a/n/ac BT: Atheros AR3012 IN: WPS Button, Reset Button OUT: RGB-LED via TI LP5523 9-channel Controller UART: Front of Device - 115200 N-8 Pinout 3.3v - RX - TX - GND (Square is VCC) Installation: 1. Transfer OpenWRT-initramfs image to the device via SSH to /tmp. Login credentials are identical to the Web UI. 2. Login to the device via SSH. 3. Flash the initramfs image using > mtd-write -d linux -i openwrt-image-file 4. Power-cycle the device and wait for OpenWRT to boot. 5. From there flash the OpenWRT-sysupgrade image. Ethernet-Ports: Although labeled identically, the port next to the power socket is the LAN port and the other one is WAN. This is the same behavior as in the stock firmware. Signed-off-by: Marius Genheimer <mail@f0wl.cc> [Dropped setup_mac 02_network in favour of 05_set_iface_mac_ipq40xx.sh, reorderd 02_network entries, added board.bin WA for the QCA9886 from ath79, minor dts touchup, added rng to 4.19 dts] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* dnsmasq: add rapid commit config optionHans Dedecker2019-02-132-1/+2
| | | | | | | Add config option rapidcommit to enable support for DHCPv4 rapid commit (RFC4039) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openssl: add package for openssl.cnf, misc changesEneas U de Queiroz2019-02-122-8/+28
| | | | | | | | | | | | - Add the /etc/ssl/openssl.cnf as a separate package, to avoid breaking the transitional mechanism, allowing libopenssl_1.0* and libopenssl_1.1* to coexist. - Remove the (selecting) dependency on @KERNEL_AIO - Use global SOURCE_DATE_EPOCH Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: optimizations based on ARCH/small flashEneas U de Queiroz2019-02-123-1/+98
| | | | | | | | | | | | | | | | | | | Add a patch to enable the option to change the default ciphersuite list ordering to prefer ChaCha20 over AES-GCM. This is used by default for all platforms, except for x86_64 and aarch64. The assumption is that only the latter have AES-specific CPU instructions and asm code that uses them in openssl. Chacha20Poly1305 is 3x faster than AES-256 in systems without AES instructions, with an equivalent strength. Disable error messages by default except for devices with small flash or RAM, to aid debugging. Disable ASM by default on arm platform with small flash. Size difference on mips and powerpc, the other platforms with small flash devices, are not really relevant (using 100K as a threshold). All of the affected platforms are source-only anyway. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: update to version 1.1.1aEneas U de Queiroz2019-02-1222-492/+774
| | | | | | | | | | | | | | | | | | | | | | | This version adds the following functionality: * TLS 1.3 * AFALG engine support for hardware accelleration * x25519 ECC curve support * CRIME protection: disable use of compression by default * Support for ChaCha20 and Poly1305 Patches fixing bugs in the /dev/crypto engine were applied, from https://github.com/openssl/openssl/pull/7585 This increses the size of the ipk binray on MIPS32 by about 32%: old: 693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk 193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk new: 912.493 bin/packages/mips_24kc/base/libopenssl1.1_1.1.1a-2_mips_24kc.ipk 239.316 bin/packages/mips_24kc/base/openssl-util_1.1.1a-2_mips_24kc.ipk Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssl: add configuration options, disable ssl3Eneas U de Queiroz2019-02-1214-476/+376
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds the following configuration options: * using optimized assembler code (was always on before) * use of x86 SSE2 instructions * dyanic engine support * include error messages * Camellia, Gost, Idea, MDC2, Seed & Whirlpool algorithms * RFC3779, CMS protocols * VIA padlock hardware acceleration engine Installs openssl.cnf with the library as it is used by engines independent of the openssl util. Fixes DTLS option that was innefective before. Disables insecure SSL3 protocol and SHA0. Adds openwrt-specific targets to Configure script, including asm support for i386, ppc and mips64. Strips building dirs from CFLAGS shown in binary. Skips the fuzz directory during build. Removed include/crypto/devcrypto.h that was included here, to use the cryptodev-linux package, now that it was been moved from the packages feed to the main openwrt repository. This decreses the size of the ipk binray on MIPS32 by about 3.3%: old: 706.957 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk 199.294 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk new: 693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk 193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* base-files: fix ucert verificationFelix Fietkau2019-02-121-1/+2
| | | | | | | | ucert needs to check the firmware part with metadata, but without the signature. Use the new fwtool mode to extract that without altering the firmware image inside the check Signed-off-by: Felix Fietkau <nbd@nbd.name>
* fwtool: add support for extracting the truncated data part to stdoutFelix Fietkau2019-02-121-2/+23
| | | | | | | This allows extracing the firmware + metadata from a signed firmware without altering the original image file Signed-off-by: Felix Fietkau <nbd@nbd.name>
* fwtool: do not strip metadata if extracting signatureFelix Fietkau2019-02-121-1/+3
| | | | | | This allows the signature to cover the metadata area Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix race condition in mesh new peer handlingFelix Fietkau2019-02-121-0/+34
| | | | | | Avoid trying to add the same station to the driver multiple times Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: send wpa_supplicant logging output to syslogFelix Fietkau2019-02-121-1/+1
| | | | | | Helpful for debugging network connectivity issues Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: brcmfmac: backport early changes queued for the Linux 5.1Rafał Miłecki2019-02-1211-3/+2715
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport remaining patches from the Linux 5.0Rafał Miłecki2019-02-1214-3/+1071
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* iproute2: tc: reduce size of dynamic symbol tableTony Ambardar2019-02-112-1/+45
| | | | | | | | | | | In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all* symbols into the dynamic symbol table. Instead, use --dynamic-list to export a smaller set of symbols similar to that defined in static-syms.h in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase. Also increment PKG_RELEASE. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: tc: enable and fix support for using .so pluginsTony Ambardar2019-02-112-1/+107
| | | | | | | | | | | | | | | | | | | | | | | This enables using the tc module m_xt.so, which uses the act_ipt kernel module to allow tc actions based on iptables targets. e.g. tc filter add dev eth0 parent 1: prio 10 protocol ip \ u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE Make the SHARED_LIBS parameter configurable and based on tc package selection. Fix a problem using the tc m_xt.so plugin as also described in https://bugs.debian.org/868059: Sync include/xtables.h from iptables to make sure the right offset is used when accessing structure members defined in libxtables. One could get “Extension does not know id …” otherwise. (See also: #868059) Patch to sync the included xtables.h with system iptables 1.6.x. This continues to work with iptables 1.8.2. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: simplify linking libelf for eBFP/XDP object file supportTony Ambardar2019-02-113-61/+21
| | | | | | | | | | Simplify build and runtime dependencies on libelf, which allows tc and ip to load BPF and XDP object files respectively. Preserve optionality of libelf by having configuration script follow the HAVE_ELF environment variable, used similarly to the HAVE_MNL variable. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: use tc package variant to limit other package sizesTony Ambardar2019-02-111-0/+9
| | | | | | | | | | | | | Replace the old 'tc' with a singleton package variant which will be used to enable additional functionality and limit it only to tc. Non-variant packages will only be installed during 'tiny' variant builds, hence will be configured without extra features, thus preserving previously limited functionality and reduced package sizes. Also set ip-tiny as the default variant, and install 'tiny' versions of development libraries. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: simplify Makefile, patches and fix feature detectionTony Ambardar2019-02-113-20/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | Compile-based feature detection (e.g. xtables, ipset support) was broken due to silent compilation errors in the configure script, caused by a Makefile variable KERNEL_INCLUDE referring to kernel build headers. Use userspace headers by setting the same "user_headers" kernel include path as used for the iptables build. Remove redundant or unused Build/Configure definitions from package Makefile, including KERNEL_INCLUDE, LIBC_INCLUDE and DBM includes. Don't pass LDFLAGS within MAKE_FLAGS as this interferes with LDFLAGS in tc/Makefile and masks a link parameter ("-Wl,-export-dynamic"). Instead, use standard TARGET_LDFLAGS. Replace EXTRA_CCOPTS in MAKE_FLAGS with cleaner TARGET_CPPFLAGS, and also drop now unneeded patch 150-extra-ccopts.patch. Enable defining XT_LIB_DIR from Makefile, needed to set the iptables modules directory to something other than /lib/xtables, and also add libxtables dependency. Both are needed with working xtables detection. Note that libxtables is also pulled in by iptables, firewall or luci, so this change has no size impact in most cases. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: fix broken configuration patchTony Ambardar2019-02-112-7/+12
| | | | | | | | | | Since v4.13, iproute2 switched to a config.mk file with greater use of pkg-config for library/feature detection. Replace the old Config patch with one modifying the configure script but enabling the same changes: - explicitly disable TC_CONFIG_ATM - rely on feature detection for IP_CONFIG_SETNS and TC_CONFIG_XT Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* base-files: enable BPF JIT sysctl by defaultTony Ambardar2019-02-111-0/+2
| | | | | | Set net.core.bpf_jit_enable=1 in /etc/sysctl.d/10-default.conf. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>