| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
savedscp is a method of storing the DSCP of an ip packet into conntrack
mark. In combination with a suitable tc filter action (conndscp but may
end up being integrated into connmark) DSCP values are able to be stored
on egress and restored on ingress across links that otherwise alter or
bleach DSCP.
This is useful for qdiscs such as CAKE which are able to shape according
to policies based on DSCP.
Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway.
The ingress problem is solved by the tc filter, but the tc people didn't
like the idea of tc setting conntrack mark values, though they are ok
with reading conntrack values and hence restoring DSCP from conntrack
marks.
x_tables CONNMARK with the new savedscp action solves the problem of
storing the DSCP to the conntrack mark.
It accepts 2 parameters. The mark is a 32bit value with usually one 1
bit set. This bit is set when savedscp saves the DSCP to the mark.
This is useful to implement a 'one shot'
iptables based classification where the 'complicated' iptables rules are
only run once to classify the connection on initial (egress) packet and
subsequent packets are all marked/restored with the same DSCP. A mark
of zero disables the setting of a status bit/s.
The mask is a 32bit value of at least 6 contiguous bits and represents
the area where the DSCP will be stored.
e.g.
iptables -A QOS_MARK_eth0 -t mangle -j CONNMARK --savedscp-mark 0xfc000000/0x01000000
Would store the DSCP in the top 6 bits of the 32bit mark field, and use
the LSB of the top byte as the 'DSCP has been stored' marker.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This updates mac80211 to version 5.2-rc7, this contains all the changes
to the wireless subsystem up to Linux 5.2-rc7.
* The removed patches are applied upstream
* b43 now uses kmod-lib-cordic
* Update the nl80211.h file in iw to match backports version.
* Remove the two backports from kernel 4.9, they were needed for mt76,
but that can use the version from backports now, otherwise they
collide and cause compile errors.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop 211-host_tools_portability.patch which is breaking perf build on
4.19 kernels by removing the include directory from the host's CFLAGS
leading to the following build breakage:
pmu-events/jevents.c:48:10: fatal error: linux/list.h: No such file or directory
#include <linux/list.h>
^~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
| |
This is already included in newer upstream. Needed to build BPF programs
using the MIPS kernel include files.
Without this patch, clang fails with "#error Use a Linux compiler or
give up." in sgidefs.h when building BPF programs.
Signed-off-by: Fredrik Olofsson <fredrik.olofsson@anyfinetworks.com>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CAKE made it to kernel 4.19 and since OpenWrt now at kernel 4.19 we can
drop the out of tree cake package in base repository.
Add kmod-sched-cake to netsupport so package dependencies are still met.
Similarly CAKE is retained as an optional qdisc module to avoid base
scheduler package size implications.
Backport upstream patches from k5.1 to address some small bugs and
support fwmark usage.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following compile problem with kernel 4.9 on lantiq:
drivers/mtd/mtdsplit/mtdsplit_uimage.c:244:34: error: array type has incomplete element type 'struct of_device_id'
static const struct of_device_id mtdsplit_uimage_of_match_table[] = {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/mtd/mtdsplit/mtdsplit_uimage.c:245:4: error: field name not in record or union initializer
{ .compatible = "denx,uimage" },
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
| |
This is pending to get into the upstream kernel.
This fixes a bug in the upstream kernel which was added to stable some
time ago.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch backports verbatim the commit from Linux 5.2-rc7 that fixes
the warnings about invalid lpm related parameters on hardware which
don't that.
This is the case for e.g. lantiq xrx200 targets.
Supported only in Linux 4.17 an later.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[refresh patches, fix commit title]
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following kernel build issue on ath79 with CONFIG_KERNEL_FTRACE=y
enabled:
Tracers (FTRACE) [Y/n/?] y
Kernel Function Tracer (FUNCTION_TRACER) [Y/n/?] y
Kernel Function Graph Tracer (FUNCTION_GRAPH_TRACER) [Y/n/?] y
Enable trace events for preempt and irq disable/enable (PREEMPTIRQ_EVENTS) [N/y/?] (NEW)
...
Preempt / IRQ disable delay thread to test latency tracers (PREEMPTIRQ_DELAY_TEST) [N/m/?] (NEW)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
| |
Fixes following kernel build issue on x86/64:
PCI PF Stub driver (PCI_PF_STUB) [N/m/y/?] (NEW)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit fcb41decf6c6 ("config: enable some useful features on
!SMALL_FLASH devices") enabled netns, which in turn lead to the crash in
the flow offload target.
When the flow offloading framework intends to delete a flow from the
hardware table, it is necessary to retrieve the namespace from
nf_flowtable->ft_net. However, no one ever wrote the namespace into
nf_flowtable->ft_net in advance. So the framework will mistakenly use a
NULL namespace to execute dev_get_by_index_rcu(net, ifindex), leading to
the kernel panic.
Ref: FS#2321
Fixes: fcb41decf6c6 ("config: enable some useful features on !SMALL_FLASH devices")
Tested-by: Simon Tretter <simon@mediaarchitectu.re>
Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com>
[merged patch into offload patch, fix for 4.19, SOB fix, commit subj/msg touches]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: imx6
Runtime-tested on: imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: none
Runtime-tested on: none
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a promising upstream patch that claims
to help for the treated I/O errors happening on f2fs
or ext4 on real block devices.
|print_req_error: I/O error, dev loop1, sector 1334
Link: <https://patchwork.kernel.org/cover/10931787/>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
|
|
|
|
|
|
| |
Follow upstream changes - header file changes
no executable difference at all
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
| |
bnx2x driver support for the x86 architecture. Includes module and
firmware for Broadcom QLogic 5771x/578xx 10/20-Gigabit ethernet
adapters.
Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[added +kmod-lib-zlib-inflate as well]
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: imx6
Runtime-tested on: imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
calc_vmlinuz_load_addr.c requires SZ_64K to be defined for alignment
purposes. It included "../../../../include/linux/sizes.h" to define
that size, however "sizes.h" tries to include <linux/const.h> which
assumes linux system headers. These may not exist eg. the following
error was encountered when building Linux for OpenWrt under macOS:
In file included from arch/mips/boot/compressed/calc_vmlinuz_load_addr.c:16:
arch/mips/boot/compressed/../../../../include/linux/sizes.h:11:10: fatal error: 'linux/const.h' file not found
Change makefile to force building on local linux headers instead of
system headers. Also change eye-watering relative reference in include
file spec.
Thanks to Jo-Philip Wich & Petr Štetiar for assistance in tracking this
down & fixing.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
| |
While building tegra/generic on 4.19, I've discovered few missing
symbols related to DRM panel symbols.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
| |
Fixes following kernel build issue on ath79/generic:
Enable support for latency based cgroup IO protection (BLK_CGROUP_IOLATENCY) [N/y/?] (NEW)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Fixes:
- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477
Also fix a malformed patch issue caught during refresh.
It was caused by removing a whitespace without altering
the index values in a patch which alters a patch.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Fixes: cf6526249298 ("kernel: bump 4.19 to 4.19.51")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Fixes:
- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Fixes:
- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477
Compile-tested on: none
Runtime-tested on: none
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Altered patches:
- 370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch
- 220-optimize_inlining.patch
- 640-netfilter-nf_flow_table-add-hardware-offload-support.patch
This patch also restores the initial implementation
of the ath79 perfcount IRQ issue. (78ee6b1a40b5)
It was wrongfully backported upstream initially and got reverted now.
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Altered patches:
- 220-optimize_inlining.patch
- 816-pcie-support-layerscape.patch
This patch also restores the initial implementation
of the ath79 perfcount IRQ issue. (78ee6b1a40b5)
It was wrongfully backported upstream initially and got reverted now.
Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
| |
It's needed for applying some hardware quirks. This fixes:
drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c:60:20: error: 'DMI_PRODUCT_SKU' undeclared here (not in a function); did you mean 'DMI_PRODUCT_UUID'?
DMI_EXACT_MATCH(DMI_PRODUCT_SKU, "T8"),
Fixes: 8888cb725d49 ("mac80211: brcm: backport remaining brcmfmac 5.2 patches")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will reduce the size of the kernel if CONFIG_CC_OPTIMIZE_FOR_SIZE is
set like for all targets with small_flash feature flag.
I haven't seen any changes for an ARM64 target which optimizes the
kernel for speed instead.
On the ath79/tiny target the uncompressed kernel size was reduced by
3.2% and the compressed kernel size by 2.1%
kernel size with CONFIG_OPTIMIZE_INLINING=n
4346412 build_dir/target-mips_24kc_musl/linux-ath79_tiny/vmlinux
1391169 build_dir/target-mips_24kc_musl/linux-ath79_tiny/tplink_tl-wr941-v4-kernel.bin
Kernel size with CONFIG_OPTIMIZE_INLINING=y
4212396 build_dir/target-mips_24kc_musl/linux-ath79_tiny/vmlinux
1362051 build_dir/target-mips_24kc_musl/linux-ath79_tiny/tplink_tl-wr941-v4-kernel.bin
This change is currently pending for kernel 5.2 and already in
linux-next, this updates our patch to match the upstream version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
| |
Memory is allocated with devm_kzalloc() on every page program
and leaks until device is closed (which never happens).
Convert to kzalloc() and handle error paths manually.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
|
|
|
|
|
|
|
|
|
|
| |
Kernel 4.19.47 added a new kernel config symbol ARM64_ERRATUM_1463225.
This causes a build failure for sunxi/cortexa53. Add the symbol to the
generic config to fix this, and avoid future build failures on other
arm64 targets that expose this symbol. As the erratum only affects
Cortex-A76 cores, we can safely disable it.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
This bump contains upstream commits which seem to avoid (not properly fix)
the errors as seen in FS#2305 and FS#2297
Altered patches:
- 403-net-mvneta-convert-to-phylink.patch
- 410-sfp-hack-allow-marvell-10G-phy-support-to-use-SFP.patch
Compile-tested on: ar71xx, cns3xxx, imx6, mvebu, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: ar7
Runtime-tested on: none
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Converts the TP-Link WDR4900 v1 to use the simpleImage in the
hopes of prolonging the life of the device. While at it,
the patch makes the fdt.bin an ARTIFACT and sets the KERNEL_SIZE
to 2684 KiB as a precaution since the stock u-boot is using a
fixed kernel size.
Note: Give the image some time, it will take much longer to
extract and boot.
[tested for 4.14/4.19]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Co-authored-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "bridge allow reception on disabled port" implementation
was broken after these commits:
08802d93e2c1 ("kernel: bump 4.19 to 4.19.37")
b765f4be407c ("kernel: bump 4.14 to 4.14.114")
456f486b53a7 ("kernel: bump 4.9 to 4.9.171")
This leads to issues when for example WDS is used, tied to a bridge:
[ 96.503771] wlan1: send auth to d4:5f:25:eb:09:82 (try 1/3)
[ 96.517956] wlan1: authenticated
[ 96.526209] wlan1: associate with d4:5f:25:eb:09:82 (try 1/3)
[ 97.086156] wlan1: associate with d4:5f:25:eb:09:82 (try 2/3)
[ 97.200919] wlan1: RX AssocResp from d4:5f:25:eb:09:82 (capab=0x11 status=0 aid=1)
[ 97.208706] wlan1: associated
[ 101.312913] wlan1: deauthenticated from d4:5f:25:eb:09:82 (Reason: 2=PREV_AUTH_NOT_VALID)
It seems upstream introduced a new patch, [1]
so we have to reimplement these patches properly:
target/linux/generic/pending-4.9/150-bridge_allow_receiption_on_disabled_port.patch
target/linux/generic/pending-4.14/150-bridge_allow_receiption_on_disabled_port.patch
target/linux/generic/pending-4.19/150-bridge_allow_receiption_on_disabled_port.patch
[1] https://lkml.org/lkml/2019/4/24/1228
Fixes: 08802d93e2c1 ("kernel: bump 4.19 to 4.19.37")
Fixes: b765f4be407c ("kernel: bump 4.14 to 4.14.114")
Fixes: 456f486b53a7 ("kernel: bump 4.9 to 4.9.171")
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
[updated commit message and title]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ctinfo is a new tc filter action module. It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths. At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.
The DSCP restore mode:
This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.
The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links. Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.
Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway. Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.
Parameters related to DSCP restore mode:
dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.
statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask. This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set. This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP. A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)
e.g. dscpmask 0xfc000000 statemask 0x01000000
|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP | unused | flag |unused |
|-----------------------0x01---000000---|
| |
| |
---| Conditional flag
v only restore if set
|-ip diffserv-|
| 6 bits |
|-------------|
The skb mark restore mode (cpmark):
This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.
Parameters related to skb mark restore mode:
mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration. This can be useful where the conntrack
mark is being used for different purposes by different applications. If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)
e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.
|----0x00----conntrack mark----ffffff---|
| Bits 31-24 | |
| DSCP & flag| some value here |
|---------------------------------------|
|
|
v
|------------skb mark-------------------|
| | |
| zeroed | |
|---------------------------------------|
Overall parameters:
zone - conntrack zone
control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Make suitable adjustments for backporting to 4.14 & 4.19
and add to SCHED_MODULES_FILTER
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
| |
The generic config-4.14 should handle below configs.
- CONFIG_CFQ_GROUP_IOSCHED
- CONFIG_CGROUP_HUGETLB
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 7c50182e0cdce0366715082872a2afbcf208bbf8.
Produces build error:
Package kmod-sched is missing dependencies for the following libraries:
nf_conntrack.ko
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ctinfo is a new tc filter action module. It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths. At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.
The DSCP restore mode:
This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.
The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links. Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.
Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway. Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.
Parameters related to DSCP restore mode:
dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.
statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask. This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set. This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP. A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)
e.g. dscpmask 0xfc000000 statemask 0x01000000
|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP | unused | flag |unused |
|-----------------------0x01---000000---|
| |
| |
---| Conditional flag
v only restore if set
|-ip diffserv-|
| 6 bits |
|-------------|
The skb mark restore mode (cpmark):
This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.
Parameters related to skb mark restore mode:
mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration. This can be useful where the conntrack
mark is being used for different purposes by different applications. If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)
e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.
|----0x00----conntrack mark----ffffff---|
| Bits 31-24 | |
| DSCP & flag| some value here |
|---------------------------------------|
|
|
v
|------------skb mark-------------------|
| | |
| zeroed | |
|---------------------------------------|
Overall parameters:
zone - conntrack zone
control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Make suitable adjustments for backporting to 4.14 & 4.19
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes 202-reduce_module_size.patch which is causing missing
debug symbols in kernel modules, leading to unusable
kernel-debug.tar.bz2 on all platforms, making debugging of release
kernel crashes difficult.
Cc: Felix Fietkau <nbd@nbd.name>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
| |
Remove 701-phy_extension.patch from 4.14 and 4.19 kernel, as it's
currenlty broken and fixing doesn't make sense as most of it is
deprecated anyway.
Cc: John Crispin <john@phrozen.org>
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1982
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: imx6
Runtime-tested on: imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|