aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic
Commit message (Collapse)AuthorAgeFilesLines
* kernel: netfilter add connmark savedscp supportKevin Darbyshire-Bryant2019-07-252-0/+242
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | savedscp is a method of storing the DSCP of an ip packet into conntrack mark. In combination with a suitable tc filter action (conndscp but may end up being integrated into connmark) DSCP values are able to be stored on egress and restored on ingress across links that otherwise alter or bleach DSCP. This is useful for qdiscs such as CAKE which are able to shape according to policies based on DSCP. Ingress classification is traditionally a challenging task since iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT lookups, hence are unable to see internal IPv4 addresses as used on the typical home masquerading gateway. The ingress problem is solved by the tc filter, but the tc people didn't like the idea of tc setting conntrack mark values, though they are ok with reading conntrack values and hence restoring DSCP from conntrack marks. x_tables CONNMARK with the new savedscp action solves the problem of storing the DSCP to the conntrack mark. It accepts 2 parameters. The mark is a 32bit value with usually one 1 bit set. This bit is set when savedscp saves the DSCP to the mark. This is useful to implement a 'one shot' iptables based classification where the 'complicated' iptables rules are only run once to classify the connection on initial (egress) packet and subsequent packets are all marked/restored with the same DSCP. A mark of zero disables the setting of a status bit/s. The mask is a 32bit value of at least 6 contiguous bits and represents the area where the DSCP will be stored. e.g. iptables -A QOS_MARK_eth0 -t mangle -j CONNMARK --savedscp-mark 0xfc000000/0x01000000 Would store the DSCP in the top 6 bits of the 32bit mark field, and use the LSB of the top byte as the 'DSCP has been stored' marker. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* mac80211: Update to version 5.2-rc7Hauke Mehrtens2019-07-183-217/+1
| | | | | | | | | | | | | | This updates mac80211 to version 5.2-rc7, this contains all the changes to the wireless subsystem up to Linux 5.2-rc7. * The removed patches are applied upstream * b43 now uses kmod-lib-cordic * Update the nl80211.h file in iw to match backports version. * Remove the two backports from kernel 4.9, they were needed for mt76, but that can use the version from backports now, otherwise they collide and cause compile errors. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: generic: fix perf build breakage on 4.19Petr Štetiar2019-07-171-40/+0
| | | | | | | | | | | | Drop 211-host_tools_portability.patch which is breaking perf build on 4.19 kernels by removing the include directory from the host's CFLAGS leading to the following build breakage: pmu-events/jevents.c:48:10: fatal error: linux/list.h: No such file or directory #include <linux/list.h> ^~~~~~~~~~~~~~ Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: cherry pick patch removing __linux__ checkFredrik Olofsson2019-07-102-0/+94
| | | | | | | | | | This is already included in newer upstream. Needed to build BPF programs using the MIPS kernel include files. Without this patch, clang fails with "#error Use a Linux compiler or give up." in sgidefs.h when building BPF programs. Signed-off-by: Fredrik Olofsson <fredrik.olofsson@anyfinetworks.com>
* kernel: bump 4.19 to 4.19.57Koen Vandeputte2019-07-093-6/+6
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.132Koen Vandeputte2019-07-094-7/+7
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kmod-sched-cake: drop out of tree package, use kernel versionKevin Darbyshire-Bryant2019-07-084-0/+487
| | | | | | | | | | | | | | CAKE made it to kernel 4.19 and since OpenWrt now at kernel 4.19 we can drop the out of tree cake package in base repository. Add kmod-sched-cake to netsupport so package dependencies are still met. Similarly CAKE is retained as an optional qdisc module to avoid base scheduler package size implications. Backport upstream patches from k5.1 to address some small bugs and support fwmark usage. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: Add missing includes mtdsplit_*.cHauke Mehrtens2019-07-079-0/+9
| | | | | | | | | | | This fixes the following compile problem with kernel 4.9 on lantiq: drivers/mtd/mtdsplit/mtdsplit_uimage.c:244:34: error: array type has incomplete element type 'struct of_device_id' static const struct of_device_id mtdsplit_uimage_of_match_table[] = { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/mtd/mtdsplit/mtdsplit_uimage.c:245:4: error: field name not in record or union initializer { .compatible = "denx,uimage" }, Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: Fix MIPS bounds check virt_addr_validHauke Mehrtens2019-07-072-0/+66
| | | | | | | | This is pending to get into the upstream kernel. This fixes a bug in the upstream kernel which was added to stable some time ago. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: 4.19: Backport usb dwc2 lpm mode hw checkMartin Schiller2019-07-071-0/+63
| | | | | | | | | | | | | | This patch backports verbatim the commit from Linux 5.2-rc7 that fixes the warnings about invalid lpm related parameters on hardware which don't that. This is the case for e.g. lantiq xrx200 targets. Supported only in Linux 4.17 an later. Signed-off-by: Martin Schiller <ms@dev.tdt.de> [refresh patches, fix commit title] Signed-off-by: Mathias Kresin <dev@kresin.me>
* kernel: generic: add missing 4.19 config symbolPetr Štetiar2019-06-271-0/+2
| | | | | | | | | | | | | | Fixes following kernel build issue on ath79 with CONFIG_KERNEL_FTRACE=y enabled: Tracers (FTRACE) [Y/n/?] y Kernel Function Tracer (FUNCTION_TRACER) [Y/n/?] y Kernel Function Graph Tracer (FUNCTION_GRAPH_TRACER) [Y/n/?] y Enable trace events for preempt and irq disable/enable (PREEMPTIRQ_EVENTS) [N/y/?] (NEW) ... Preempt / IRQ disable delay thread to test latency tracers (PREEMPTIRQ_DELAY_TEST) [N/m/?] (NEW) Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: bump 4.19 to 4.19.56Koen Vandeputte2019-06-252-4/+4
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.130Koen Vandeputte2019-06-251-1/+1
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: generic: add missing 4.19 config symbolPetr Štetiar2019-06-251-0/+1
| | | | | | | | Fixes following kernel build issue on x86/64: PCI PF Stub driver (PCI_PF_STUB) [N/m/y/?] (NEW) Signed-off-by: Petr Štetiar <ynezz@true.cz>
* netfilter: fix crash in flow offload by adding netns supportHsiuWen Yen2019-06-242-3/+13
| | | | | | | | | | | | | | | | | | | | Commit fcb41decf6c6 ("config: enable some useful features on !SMALL_FLASH devices") enabled netns, which in turn lead to the crash in the flow offload target. When the flow offloading framework intends to delete a flow from the hardware table, it is necessary to retrieve the namespace from nf_flowtable->ft_net. However, no one ever wrote the namespace into nf_flowtable->ft_net in advance. So the framework will mistakenly use a NULL namespace to execute dev_get_by_index_rcu(net, ifindex), leading to the kernel panic. Ref: FS#2321 Fixes: fcb41decf6c6 ("config: enable some useful features on !SMALL_FLASH devices") Tested-by: Simon Tretter <simon@mediaarchitectu.re> Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com> [merged patch into offload patch, fix for 4.19, SOB fix, commit subj/msg touches] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: bump 4.19 to 4.19.55Koen Vandeputte2019-06-242-29/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: imx6 Runtime-tested on: imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.129Koen Vandeputte2019-06-244-23/+5
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.183Koen Vandeputte2019-06-243-6/+6
| | | | | | | | | Refreshed all patches. Compile-tested on: none Runtime-tested on: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: add promising "fix loop discard errors" hackChristian Lamparter2019-06-221-0/+164
| | | | | | | | | | | This patch adds a promising upstream patch that claims to help for the treated I/O errors happening on f2fs or ext4 on real block devices. |print_req_error: I/O error, dev loop1, sector 1334 Link: <https://patchwork.kernel.org/cover/10931787/> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: update act_ctinfoKevin Darbyshire-Bryant2019-06-202-20/+58
| | | | | | | Follow upstream changes - header file changes no executable difference at all Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: package Broadcom BNX2X driverPetko Bordjukov2019-06-202-0/+2
| | | | | | | | | | bnx2x driver support for the x86 architecture. Includes module and firmware for Broadcom QLogic 5771x/578xx 10/20-Gigabit ethernet adapters. Signed-off-by: Petko Bordjukov <bordjukov@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [added +kmod-lib-zlib-inflate as well]
* kernel: bump 4.19 to 4.19.53Koen Vandeputte2019-06-202-5/+5
| | | | | | | | | Refreshed all patches. Compile-tested on: imx6 Runtime-tested on: imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.128Koen Vandeputte2019-06-206-15/+15
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: generic: fix MIPS build on non-linux hostsKevin Darbyshire-Bryant2019-06-201-0/+62
| | | | | | | | | | | | | | | | | | | | calc_vmlinuz_load_addr.c requires SZ_64K to be defined for alignment purposes. It included "../../../../include/linux/sizes.h" to define that size, however "sizes.h" tries to include <linux/const.h> which assumes linux system headers. These may not exist eg. the following error was encountered when building Linux for OpenWrt under macOS: In file included from arch/mips/boot/compressed/calc_vmlinuz_load_addr.c:16: arch/mips/boot/compressed/../../../../include/linux/sizes.h:11:10: fatal error: 'linux/const.h' file not found Change makefile to force building on local linux headers instead of system headers. Also change eye-watering relative reference in include file spec. Thanks to Jo-Philip Wich & Petr Štetiar for assistance in tracking this down & fixing. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: generic: add missing DRM panel 4.19 config symbolsPetr Štetiar2019-06-181-0/+6
| | | | | | | While building tegra/generic on 4.19, I've discovered few missing symbols related to DRM panel symbols. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: generic: add missing 4.19 config symbolPetr Štetiar2019-06-181-0/+1
| | | | | | | | Fixes following kernel build issue on ath79/generic: Enable support for latency based cgroup IO protection (BLK_CGROUP_IOLATENCY) [N/y/?] (NEW) Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: bump 4.19 to 4.19.52Koen Vandeputte2019-06-182-1/+2
| | | | | | | | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-11479 - CVE-2019-11478 - CVE-2019-11477 Also fix a malformed patch issue caught during refresh. It was caused by removing a whitespace without altering the index values in a patch which alters a patch. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Fixes: cf6526249298 ("kernel: bump 4.19 to 4.19.51") Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.127Koen Vandeputte2019-06-182-3/+3
| | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-11479 - CVE-2019-11478 - CVE-2019-11477 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.182Koen Vandeputte2019-06-186-11/+11
| | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-11479 - CVE-2019-11478 - CVE-2019-11477 Compile-tested on: none Runtime-tested on: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.19 to 4.19.51Koen Vandeputte2019-06-1810-58/+140
| | | | | | | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch - 220-optimize_inlining.patch - 640-netfilter-nf_flow_table-add-hardware-offload-support.patch This patch also restores the initial implementation of the ath79 perfcount IRQ issue. (78ee6b1a40b5) It was wrongfully backported upstream initially and got reverted now. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.14 to 4.14.126Koen Vandeputte2019-06-183-33/+111
| | | | | | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 220-optimize_inlining.patch - 816-pcie-support-layerscape.patch This patch also restores the initial implementation of the ath79 perfcount IRQ issue. (78ee6b1a40b5) It was wrongfully backported upstream initially and got reverted now. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: backport 4.18 patch adding DMI_PRODUCT_SKURafał Miłecki2019-06-171-0/+57
| | | | | | | | | It's needed for applying some hardware quirks. This fixes: drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c:60:20: error: 'DMI_PRODUCT_SKU' undeclared here (not in a function); did you mean 'DMI_PRODUCT_UUID'? DMI_EXACT_MATCH(DMI_PRODUCT_SKU, "T8"), Fixes: 8888cb725d49 ("mac80211: brcm: backport remaining brcmfmac 5.2 patches") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: Activate CONFIG_OPTIMIZE_INLININGHauke Mehrtens2019-06-164-18/+332
| | | | | | | | | | | | | | | | | | | | | | | This will reduce the size of the kernel if CONFIG_CC_OPTIMIZE_FOR_SIZE is set like for all targets with small_flash feature flag. I haven't seen any changes for an ARM64 target which optimizes the kernel for speed instead. On the ath79/tiny target the uncompressed kernel size was reduced by 3.2% and the compressed kernel size by 2.1% kernel size with CONFIG_OPTIMIZE_INLINING=n 4346412 build_dir/target-mips_24kc_musl/linux-ath79_tiny/vmlinux 1391169 build_dir/target-mips_24kc_musl/linux-ath79_tiny/tplink_tl-wr941-v4-kernel.bin Kernel size with CONFIG_OPTIMIZE_INLINING=y 4212396 build_dir/target-mips_24kc_musl/linux-ath79_tiny/vmlinux 1362051 build_dir/target-mips_24kc_musl/linux-ath79_tiny/tplink_tl-wr941-v4-kernel.bin This change is currently pending for kernel 5.2 and already in linux-next, this updates our patch to match the upstream version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: mt29f_spinand: fix memory leak during page programMantas Pucka2019-06-151-0/+90
| | | | | | | | | Memory is allocated with devm_kzalloc() on every page program and leaks until device is closed (which never happens). Convert to kzalloc() and handle error paths manually. Signed-off-by: Mantas Pucka <mantas@8devices.com>
* kernel: add missing symbol to 4.19 configStijn Tintel2019-06-141-0/+1
| | | | | | | | | | Kernel 4.19.47 added a new kernel config symbol ARM64_ERRATUM_1463225. This causes a build failure for sunxi/cortexa53. Add the symbol to the generic config to fix this, and avoid future build failures on other arm64 targets that expose this symbol. As the erratum only affects Cortex-A76 cores, we can safely disable it. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 4.19 to 4.19.50Koen Vandeputte2019-06-124-26/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.125 (FS#2305 FS#2297)Koen Vandeputte2019-06-124-25/+3
| | | | | | | | | | | | | | | | Refreshed all patches. This bump contains upstream commits which seem to avoid (not properly fix) the errors as seen in FS#2305 and FS#2297 Altered patches: - 403-net-mvneta-convert-to-phylink.patch - 410-sfp-hack-allow-marvell-10G-phy-support-to-use-SFP.patch Compile-tested on: ar71xx, cns3xxx, imx6, mvebu, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.181Koen Vandeputte2019-06-122-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: ar7 Runtime-tested on: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* mpc85xx: convert TL-WDR4900 v1 to simpleImageChristian Lamparter2019-06-102-0/+59
| | | | | | | | | | | | | | | | | Converts the TP-Link WDR4900 v1 to use the simpleImage in the hopes of prolonging the life of the device. While at it, the patch makes the fdt.bin an ARTIFACT and sets the KERNEL_SIZE to 2684 KiB as a precaution since the stock u-boot is using a fixed kernel size. Note: Give the image some time, it will take much longer to extract and boot. [tested for 4.14/4.19] Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Co-authored-by: Pawel Dembicki <paweldembicki@gmail.com> Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
* kernel: re-add bridge allow reception on disabled portChen Minqiang2019-06-073-9/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The "bridge allow reception on disabled port" implementation was broken after these commits: 08802d93e2c1 ("kernel: bump 4.19 to 4.19.37") b765f4be407c ("kernel: bump 4.14 to 4.14.114") 456f486b53a7 ("kernel: bump 4.9 to 4.9.171") This leads to issues when for example WDS is used, tied to a bridge: [ 96.503771] wlan1: send auth to d4:5f:25:eb:09:82 (try 1/3) [ 96.517956] wlan1: authenticated [ 96.526209] wlan1: associate with d4:5f:25:eb:09:82 (try 1/3) [ 97.086156] wlan1: associate with d4:5f:25:eb:09:82 (try 2/3) [ 97.200919] wlan1: RX AssocResp from d4:5f:25:eb:09:82 (capab=0x11 status=0 aid=1) [ 97.208706] wlan1: associated [ 101.312913] wlan1: deauthenticated from d4:5f:25:eb:09:82 (Reason: 2=PREV_AUTH_NOT_VALID) It seems upstream introduced a new patch, [1] so we have to reimplement these patches properly: target/linux/generic/pending-4.9/150-bridge_allow_receiption_on_disabled_port.patch target/linux/generic/pending-4.14/150-bridge_allow_receiption_on_disabled_port.patch target/linux/generic/pending-4.19/150-bridge_allow_receiption_on_disabled_port.patch [1] https://lkml.org/lkml/2019/4/24/1228 Fixes: 08802d93e2c1 ("kernel: bump 4.19 to 4.19.37") Fixes: b765f4be407c ("kernel: bump 4.14 to 4.14.114") Fixes: 456f486b53a7 ("kernel: bump 4.9 to 4.9.171") Signed-off-by: Chen Minqiang <ptpt52@gmail.com> [updated commit message and title] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: backport act_ctinfoKevin Darbyshire-Bryant2019-06-062-0/+1201
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ctinfo is a new tc filter action module. It is designed to restore information contained in firewall conntrack marks to other packet fields and is typically used on packet ingress paths. At present it has two independent sub-functions or operating modes, DSCP restoration mode & skb mark restoration mode. The DSCP restore mode: This mode copies DSCP values that have been placed in the firewall conntrack mark back into the IPv4/v6 diffserv fields of relevant packets. The DSCP restoration is intended for use and has been found useful for restoring ingress classifications based on egress classifications across links that bleach or otherwise change DSCP, typically home ISP Internet links. Restoring DSCP on ingress on the WAN link allows qdiscs such as but by no means limited to CAKE to shape inbound packets according to policies that are easier to set & mark on egress. Ingress classification is traditionally a challenging task since iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT lookups, hence are unable to see internal IPv4 addresses as used on the typical home masquerading gateway. Thus marking the connection in some manner on egress for later restoration of classification on ingress is easier to implement. Parameters related to DSCP restore mode: dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the conntrack mark field contain the DSCP value to be restored. statemask - a 32 bit mask of (usually) 1 bit length, outside the area specified by dscpmask. This represents a conditional operation flag whereby the DSCP is only restored if the flag is set. This is useful to implement a 'one shot' iptables based classification where the 'complicated' iptables rules are only run once to classify the connection on initial (egress) packet and subsequent packets are all marked/restored with the same DSCP. A mask of zero disables the conditional behaviour ie. the conntrack mark DSCP bits are always restored to the ip diffserv field (assuming the conntrack entry is found & the skb is an ipv4/ipv6 type) e.g. dscpmask 0xfc000000 statemask 0x01000000 |----0xFC----conntrack mark----000000---| | Bits 31-26 | bit 25 | bit24 |~~~ Bit 0| | DSCP | unused | flag |unused | |-----------------------0x01---000000---| | | | | ---| Conditional flag v only restore if set |-ip diffserv-| | 6 bits | |-------------| The skb mark restore mode (cpmark): This mode copies the firewall conntrack mark to the skb's mark field. It is completely the functional equivalent of the existing act_connmark action with the additional feature of being able to apply a mask to the restored value. Parameters related to skb mark restore mode: mask - a 32 bit mask applied to the firewall conntrack mark to mask out bits unwanted for restoration. This can be useful where the conntrack mark is being used for different purposes by different applications. If not specified and by default the whole mark field is copied (i.e. default mask of 0xffffffff) e.g. mask 0x00ffffff to mask out the top 8 bits being used by the aforementioned DSCP restore mode. |----0x00----conntrack mark----ffffff---| | Bits 31-24 | | | DSCP & flag| some value here | |---------------------------------------| | | v |------------skb mark-------------------| | | | | zeroed | | |---------------------------------------| Overall parameters: zone - conntrack zone control - action related control (reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX>) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Make suitable adjustments for backporting to 4.14 & 4.19 and add to SCHED_MODULES_FILTER Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: handle CFQ_GROUP_IOSCHED/CGROUP_HUGETLB in config-4.14Yangbo Lu2019-06-061-0/+2
| | | | | | | | The generic config-4.14 should handle below configs. - CONFIG_CFQ_GROUP_IOSCHED - CONFIG_CGROUP_HUGETLB Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* Revert "kernel: backport act_ctinfo"Kevin Darbyshire-Bryant2019-06-062-1201/+0
| | | | | | | | | | This reverts commit 7c50182e0cdce0366715082872a2afbcf208bbf8. Produces build error: Package kmod-sched is missing dependencies for the following libraries: nf_conntrack.ko Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: backport act_ctinfoKevin Darbyshire-Bryant2019-06-062-0/+1201
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ctinfo is a new tc filter action module. It is designed to restore information contained in firewall conntrack marks to other packet fields and is typically used on packet ingress paths. At present it has two independent sub-functions or operating modes, DSCP restoration mode & skb mark restoration mode. The DSCP restore mode: This mode copies DSCP values that have been placed in the firewall conntrack mark back into the IPv4/v6 diffserv fields of relevant packets. The DSCP restoration is intended for use and has been found useful for restoring ingress classifications based on egress classifications across links that bleach or otherwise change DSCP, typically home ISP Internet links. Restoring DSCP on ingress on the WAN link allows qdiscs such as but by no means limited to CAKE to shape inbound packets according to policies that are easier to set & mark on egress. Ingress classification is traditionally a challenging task since iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT lookups, hence are unable to see internal IPv4 addresses as used on the typical home masquerading gateway. Thus marking the connection in some manner on egress for later restoration of classification on ingress is easier to implement. Parameters related to DSCP restore mode: dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the conntrack mark field contain the DSCP value to be restored. statemask - a 32 bit mask of (usually) 1 bit length, outside the area specified by dscpmask. This represents a conditional operation flag whereby the DSCP is only restored if the flag is set. This is useful to implement a 'one shot' iptables based classification where the 'complicated' iptables rules are only run once to classify the connection on initial (egress) packet and subsequent packets are all marked/restored with the same DSCP. A mask of zero disables the conditional behaviour ie. the conntrack mark DSCP bits are always restored to the ip diffserv field (assuming the conntrack entry is found & the skb is an ipv4/ipv6 type) e.g. dscpmask 0xfc000000 statemask 0x01000000 |----0xFC----conntrack mark----000000---| | Bits 31-26 | bit 25 | bit24 |~~~ Bit 0| | DSCP | unused | flag |unused | |-----------------------0x01---000000---| | | | | ---| Conditional flag v only restore if set |-ip diffserv-| | 6 bits | |-------------| The skb mark restore mode (cpmark): This mode copies the firewall conntrack mark to the skb's mark field. It is completely the functional equivalent of the existing act_connmark action with the additional feature of being able to apply a mask to the restored value. Parameters related to skb mark restore mode: mask - a 32 bit mask applied to the firewall conntrack mark to mask out bits unwanted for restoration. This can be useful where the conntrack mark is being used for different purposes by different applications. If not specified and by default the whole mark field is copied (i.e. default mask of 0xffffffff) e.g. mask 0x00ffffff to mask out the top 8 bits being used by the aforementioned DSCP restore mode. |----0x00----conntrack mark----ffffff---| | Bits 31-24 | | | DSCP & flag| some value here | |---------------------------------------| | | v |------------skb mark-------------------| | | | | zeroed | | |---------------------------------------| Overall parameters: zone - conntrack zone control - action related control (reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX>) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Make suitable adjustments for backporting to 4.14 & 4.19 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.19 to 4.19.48Koen Vandeputte2019-06-059-17/+17
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: generic: make kernel-debug.tar.bz2 usable againPetr Štetiar2019-06-053-72/+0
| | | | | | | | | | | This patch removes 202-reduce_module_size.patch which is causing missing debug symbols in kernel modules, leading to unusable kernel-debug.tar.bz2 on all platforms, making debugging of release kernel crashes difficult. Cc: Felix Fietkau <nbd@nbd.name> Acked-by: Jonas Gorski <jonas.gorski@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: generic: remove broken and obsolete phy_ethtool_ioctlPetr Štetiar2019-06-052-190/+0
| | | | | | | | | | Remove 701-phy_extension.patch from 4.14 and 4.19 kernel, as it's currenlty broken and fixing doesn't make sense as most of it is deprecated anyway. Cc: John Crispin <john@phrozen.org> Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1982 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: bump 4.19 to 4.19.47Koen Vandeputte2019-06-032-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: imx6 Runtime-tested on: imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.123Koen Vandeputte2019-06-031-1/+1
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.19 to 4.19.46Koen Vandeputte2019-06-035-15/+15
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>