[OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP

[Kevin Darbyshire-Bryant]

This patch stops SIGHUP from enabling dnssec timechecks if disabled by
use of --dnssec-no-timecheck option.  --dnssec-timestamp continues to
work correctly.

Enabling dnssec timechecks now requires restarting dnsmasq without
the --dnssec-no-timecheck configuration option and closes a
potential denial of service exploit by sending SIGHUP when system
time does not correspond with Internet time.

This change may be useful for future ntpd/dnsmasq hotplug integration.


Signed-off-by: Kevin Darbyshire-Bryant 
---
 .../dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch  | 13 +
 1 file changed, 13 insertions(+)
 create mode 100644 
package/network/services/dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch

diff --git 
a/package/network/services/dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch
 
b/package/network/services/dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch
new file mode 100644
index 000..2ea1ee8
--- /dev/null
+++ 
b/package/network/services/dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch
@@ -0,0 +1,13 @@
+Index: dnsmasq-2.75/src/dnsmasq.c
+===
+--- dnsmasq-2.75.orig/src/dnsmasq.c2015-07-30 20:59:07.0 +0100
 dnsmasq-2.75/src/dnsmasq.c 2015-10-01 10:47:38.832034041 +0100
+@@ -1054,7 +1054,7 @@
+   int event, errsave = errno;
+   
+   if (sig == SIGHUP)
+-  event = EVENT_RELOAD;
++  event = EVENT_INIT;
+   else if (sig == SIGCHLD)
+   event = EVENT_CHILD;
+   else if (sig == SIGALRM)
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] toolchain/uClibc: add support of uClibc-ng

[Felix Fietkau]

On 2015-09-30 22:49, Alexey Brodkin wrote:
> Hi Alexander,
> 
> On Wed, 2015-09-30 at 22:37 +0200, Alexander Couzens wrote:
>> Hi,
>> 
>> what's the state of this patch?
>> 
>> I'm unbreaking sparc for OpenWrt and uclibc is broken as already
>> mentioned. musl doesn't support sparc :(.
> 
> Unfortunately I haven't heard anything back except that musl
> is the right way to go. 
> 
> I think you saw it here - https://patchwork.ozlabs.org/patch/510985/
> 
> And as in your case for ARC there's no musl yet and won't be
> at least anything stable until the next OpenWRT release.
Sorry for the delay, I will take this patch, but I'm currently
considering adding dependencies to limit it to platforms that need
uClibc, so that we can skip the test effort and config maintenance on
platforms that should be using musl instead.

- Felix
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP

[Etienne Champetier]

Hi,

2015-10-01 12:19 GMT+02:00 Kevin Darbyshire-Bryant <
ke...@darbyshire-bryant.me.uk>:

> This patch stops SIGHUP from enabling dnssec timechecks if disabled by
> use of --dnssec-no-timecheck option.  --dnssec-timestamp continues to
> work correctly.
>

I haven't really followed the previous discusion,
but maybe you can just use another signal?


>
> Enabling dnssec timechecks now requires restarting dnsmasq without
> the --dnssec-no-timecheck configuration option and closes a
> potential denial of service exploit by sending SIGHUP when system
> time does not correspond with Internet time.
>


>
> This change may be useful for future ntpd/dnsmasq hotplug integration.
>
>
> Signed-off-by: Kevin Darbyshire-Bryant 
> ---
>  .../dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch  | 13
> +
>  1 file changed, 13 insertions(+)
>  create mode 100644
> package/network/services/dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch
>
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP

[Kevin Darbyshire-Bryant]

On 01/10/15 11:37, Etienne Champetier wrote:
> Hi,
>
> 2015-10-01 12:19 GMT+02:00 Kevin Darbyshire-Bryant
> >:
>
> This patch stops SIGHUP from enabling dnssec timechecks if disabled by
> use of --dnssec-no-timecheck option.  --dnssec-timestamp continues to
> work correctly.
>
>
> I haven't really followed the previous discusion,
> but maybe you can just use another signal?
The user defined signals USR1 & USR2 are already occupied by dnsmasq
with debug/info dump type functions.  Maybe one of the SIGTT* signals
could be repurposed but I don't know how valid a solution that is.

However even if that were done it still doesn't stop a malicious
user/process from sending that new signal and potentially disabling dns
resolution (assuming dnssec is being used & the system time is incorrect)

Ideally some evaluation of threat presented by 'sysfixtime', 'dnssec
timestamp files', 'dnssec no timecheck' and the multi-function
'overloading' of SIGHUP into dnsmasq in the context of dnssec &
correct/incorrect system time should take place and an appropriate,
considered response and solution proposed/implemented.  That person
isn't me ;-)

I personally think that sysfixtime is a necessary evil, but at the very
least at the present moment until a more correct solution is
implemented, it should not be using dnsmasq's timestamp file as a source
time reference on boot.

  
>  
>
>
> Enabling dnssec timechecks now requires restarting dnsmasq without
> the --dnssec-no-timecheck configuration option and closes a
> potential denial of service exploit by sending SIGHUP when system
> time does not correspond with Internet time.
>
>  
>
>
> This change may be useful for future ntpd/dnsmasq hotplug integration.
>
>
> Signed-off-by: Kevin Darbyshire-Bryant
> >
> ---
>  .../dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch  | 13
> +
>  1 file changed, 13 insertions(+)
>  create mode 100644
> 
> package/network/services/dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch
>
>




smime.p7s
Description: S/MIME Cryptographic Signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP

[Kevin Darbyshire-Bryant]

On 01/10/15 12:56, Etienne Champetier wrote:
>
>
> 2015-10-01 13:21 GMT+02:00 Kevin Darbyshire-Bryant
> >:
>
>
>
> On 01/10/15 11:37, Etienne Champetier wrote:
> > Hi,
> >
> > 2015-10-01 12:19 GMT+02:00 Kevin Darbyshire-Bryant
> >  
>  >>:
> >
> > This patch stops SIGHUP from enabling dnssec timechecks if
> disabled by
> > use of --dnssec-no-timecheck option.  --dnssec-timestamp
> continues to
> > work correctly.
> >
> >
> > I haven't really followed the previous discusion,
> > but maybe you can just use another signal?
> The user defined signals USR1 & USR2 are already occupied by dnsmasq
> with debug/info dump type functions.  Maybe one of the SIGTT* signals
> could be repurposed but I don't know how valid a solution that is.
>
> However even if that were done it still doesn't stop a malicious
> user/process from sending that new signal and potentially
> disabling dns
> resolution (assuming dnssec is being used & the system time is
> incorrect)
>
>
> you can only signal yourself
> http://stackoverflow.com/a/13335054/3768051

It runs as nobody.  So do other processes.  I didn't raise the security
flag ;-)

>  
>
>
> Ideally some evaluation of threat presented by 'sysfixtime', 'dnssec
> timestamp files', 'dnssec no timecheck' and the multi-function
> 'overloading' of SIGHUP into dnsmasq in the context of dnssec &
> correct/incorrect system time should take place and an appropriate,
> considered response and solution proposed/implemented.  That person
> isn't me ;-)
>
That statement still stands.

> I personally think that sysfixtime is a necessary evil, but at the
> very
> least at the present moment until a more correct solution is
> implemented, it should not be using dnsmasq's timestamp file as a
> source
> time reference on boot.
>
>
> >
> >
> >
> > Enabling dnssec timechecks now requires restarting dnsmasq
> without
> > the --dnssec-no-timecheck configuration option and closes a
> > potential denial of service exploit by sending SIGHUP when
> system
> > time does not correspond with Internet time.
> >
> >
> >
> >
> > This change may be useful for future ntpd/dnsmasq hotplug
> integration.
> >
> >
> > Signed-off-by: Kevin Darbyshire-Bryant
> >  
>  >>
> > ---
> >  .../dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch 
> | 13
> > +
> >  1 file changed, 13 insertions(+)
> >  create mode 100644
> >   
>  
> package/network/services/dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch
> >
> >
>
>
>




smime.p7s
Description: S/MIME Cryptographic Signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP

[Etienne Champetier]

2015-10-01 13:21 GMT+02:00 Kevin Darbyshire-Bryant <
ke...@darbyshire-bryant.me.uk>:

>
>
> On 01/10/15 11:37, Etienne Champetier wrote:
> > Hi,
> >
> > 2015-10-01 12:19 GMT+02:00 Kevin Darbyshire-Bryant
> > >:
> >
> > This patch stops SIGHUP from enabling dnssec timechecks if disabled
> by
> > use of --dnssec-no-timecheck option.  --dnssec-timestamp continues to
> > work correctly.
> >
> >
> > I haven't really followed the previous discusion,
> > but maybe you can just use another signal?
> The user defined signals USR1 & USR2 are already occupied by dnsmasq
> with debug/info dump type functions.  Maybe one of the SIGTT* signals
> could be repurposed but I don't know how valid a solution that is.
>
> However even if that were done it still doesn't stop a malicious
> user/process from sending that new signal and potentially disabling dns
> resolution (assuming dnssec is being used & the system time is incorrect)
>

you can only signal yourself
http://stackoverflow.com/a/13335054/3768051


>
> Ideally some evaluation of threat presented by 'sysfixtime', 'dnssec
> timestamp files', 'dnssec no timecheck' and the multi-function
> 'overloading' of SIGHUP into dnsmasq in the context of dnssec &
> correct/incorrect system time should take place and an appropriate,
> considered response and solution proposed/implemented.  That person
> isn't me ;-)
>
> I personally think that sysfixtime is a necessary evil, but at the very
> least at the present moment until a more correct solution is
> implemented, it should not be using dnsmasq's timestamp file as a source
> time reference on boot.
>
>
> >
> >
> >
> > Enabling dnssec timechecks now requires restarting dnsmasq without
> > the --dnssec-no-timecheck configuration option and closes a
> > potential denial of service exploit by sending SIGHUP when system
> > time does not correspond with Internet time.
> >
> >
> >
> >
> > This change may be useful for future ntpd/dnsmasq hotplug
> integration.
> >
> >
> > Signed-off-by: Kevin Darbyshire-Bryant
> >  >>
> > ---
> >  .../dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch  | 13
> > +
> >  1 file changed, 13 insertions(+)
> >  create mode 100644
> >
>  
> package/network/services/dnsmasq/patches/220-dnssec-disable-timecheck-hup.patch
> >
> >
>
>
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] CC-x86: add support for LEDs on PCEngines APU

[Ben Pfountz]

These 2 patches add support for the front 3 LEDs on the PCEngines APU board:

- Create a subtarget for the PCEngines APU, which selects all the 
supported options I could find for this board.
- Adds a kmod-leds-apu kernel module package which supports the 3 front 
LEDs on the PCEngines APU.
- Corrects the aes-i586 kernel package to better check for a 64bit 
configuration.


This work is based on code published here: http://daduke.org/linux/apu/

Tested with CC r47065 on a PCEngines apu1d

Signed-off-by: Ben Pfountz 

diff -urN target.old/linux/generic/files/drivers/leds/leds-apu.c 
target/linux/generic/files/drivers/leds/leds-apu.c
--- target.old/linux/generic/files/drivers/leds/leds-apu.c  1969-12-31 
19:00:00.0 -0500
+++ target/linux/generic/files/drivers/leds/leds-apu.c  2015-09-29 
20:14:49.852056800 -0400
@@ -0,0 +1,234 @@
+/*
+ * LEDs driver for PCEngines apu
+ *
+ * Copyright (C) 2013 Christian Herzog , based on
+ * Petr Leibman's leds-alix
+ * Based on leds-wrap.c
+ * Hardware info taken from 
http://www.dpie.com/manuals/miniboards/kontron/KTD-S0043-0_KTA55_SoftwareGuide.pdf
+ *
+ * 2014-12-8: Mark Schank
+ * - Added GPIO support for the APU push-button switch.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#define APU_BUTTON // Enable gpio support for the APU button switch
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#ifdef APU_BUTTON
+#include 
+#endif
+#include 
+#include 
+
+#define DRVNAME"apu-led"
+#define BASEADDR   (0xFED801BD)
+#define LEDON  (0x8)
+#define LEDOFF (0xC8)
+
+static struct platform_device *pdev;
+unsigned int *p1;
+unsigned int *p2;
+unsigned int *p3;
+
+#ifdef APU_BUTTON
+#define BUTTONADDR (0xFED801BB)
+unsigned int *b1;
+#endif
+
+static void apu_led_set_1(struct led_classdev *led_cdev,
+   enum led_brightness value) {
+   if (value)
+   iowrite8(LEDON, p1);
+   else
+   iowrite8(LEDOFF, p1);
+}
+
+static void apu_led_set_2(struct led_classdev *led_cdev,
+   enum led_brightness value) {
+   if (value)
+   iowrite8(LEDON, p2);
+   else
+   iowrite8(LEDOFF, p2);
+}
+
+static void apu_led_set_3(struct led_classdev *led_cdev,
+   enum led_brightness value) {
+   if (value)
+   iowrite8(LEDON, p3);
+   else
+   iowrite8(LEDOFF, p3);
+}
+
+static struct led_classdev apu_led_1 = {
+   .name   = "apu:1",
+   .brightness_set = apu_led_set_1,
+};
+
+static struct led_classdev apu_led_2 = {
+   .name   = "apu:2",
+   .brightness_set = apu_led_set_2,
+};
+
+static struct led_classdev apu_led_3 = {
+   .name   = "apu:3",
+   .brightness_set = apu_led_set_3,
+};
+
+#ifdef APU_BUTTON
+static int gpio_apu_button_direction_in(struct gpio_chip *gc, unsigned  
gpio_num)
+{
+   u8 curr_state;
+
+   curr_state = ioread8(b1);
+   iowrite8(curr_state | (1 << 5), b1);
+
+   return 0;
+}
+
+static int gpio_apu_button_get(struct gpio_chip *gc, unsigned gpio_num)
+{
+   u8 curr_state;
+
+   curr_state = ioread8(b1);
+
+   return((curr_state & (1 << 7)) == (1 << 7));
+}
+
+static struct gpio_chip apu_gpio_button = {
+   .label  = "apu_button",
+   .owner  = THIS_MODULE,
+   .get= gpio_apu_button_get,
+   .direction_input= gpio_apu_button_direction_in,
+   .base   = 187,
+   .ngpio  = 1,
+};
+#endif
+
+
+#ifdef CONFIG_PM
+static int apu_led_suspend(struct platform_device *dev,
+   pm_message_t state)
+{
+   led_classdev_suspend(_led_1);
+   led_classdev_suspend(_led_2);
+   led_classdev_suspend(_led_3);
+   return 0;
+}
+
+static int apu_led_resume(struct platform_device *dev)
+{
+   led_classdev_resume(_led_1);
+   led_classdev_resume(_led_2);
+   led_classdev_resume(_led_3);
+   return 0;
+}
+#else
+#define apu_led_suspend NULL
+#define apu_led_resume NULL
+#endif
+
+static int apu_led_probe(struct platform_device *pdev)
+{
+   int ret;
+
+   ret = led_classdev_register(>dev, _led_1);
+   if (ret == 0)
+   {
+   ret = led_classdev_register(>dev, _led_2);
+   if (ret >= 0)
+   {
+   ret = led_classdev_register(>dev, _led_3);
+   if (ret >= 0)
+   {
+#ifdef APU_BUTTON
+   ret = gpiochip_add(_gpio_button);
+   if(ret == 0){
+   if(!gpio_request_one(187, GPIOF_IN, 
"Button")){
+   gpio_export(187, 0);
+   }
+ 

Re: [OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP

[Toke Høiland-Jørgensen]

Kevin Darbyshire-Bryant  writes:

> This patch stops SIGHUP from enabling dnssec timechecks if disabled by
> use of --dnssec-no-timecheck option.  --dnssec-timestamp continues to
> work correctly.

I'd argue that patching dnsmasq in this way is the wrong way to fix
this. If you're worried about that DOS vector, don't use
--dnssec-no-timecheck but rather use --dnssec-timestamp.

Also, in a scenario where --dnssec-no-timecheck is used, the expectation
is that the time will be fixed in fairly short order (i.e. as soon as
NTP syncs up), so the potential for this being a DOS vector is rather
small I would say... And if you can SIGHUP the process you can also
SIGKILL it.

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH][RESEND] libnl: split libnl into smaller libraries

[Rick Farina]

At least aircrack-ng wants genl as well as core.  Please feel free to
fix aircrack-ng to dep properly when you make this change.

Thanks,
Zero_Chaos (openwrt maintainer of aircrack-ng)

On 09/23/2015 04:17 AM, Alexandru Ardelean wrote:
> From: Alexandru Ardelean 
> 
> Some modules may require only libnl-genl, some
> libnl-route and fewer would require libnl-nf.
> 
> This patch splits the entire libnl package into smaller
> more granular libs that can be installed individually as required.
> 
> Also added libnl*.so symlinks for convenience.
> 
> Signed-off-by: Alexandru Ardelean 
> ---
>  package/libs/libnl/Makefile | 101 
> ++--
>  1 file changed, 88 insertions(+), 13 deletions(-)
> 
> diff --git a/package/libs/libnl/Makefile b/package/libs/libnl/Makefile
> index 995fda2..857bbe2 100644
> --- a/package/libs/libnl/Makefile
> +++ b/package/libs/libnl/Makefile
> @@ -18,16 +18,61 @@ PKG_LICENSE:=LGPL-2.1
>  
>  include $(INCLUDE_DIR)/package.mk
>  
> -define Package/libnl
> +define Package/libnl/default
>SECTION:=libs
>CATEGORY:=Libraries
> -  TITLE:=netlink socket library
> -  DEPENDS:=+libpthread
>URL:=http://people.suug.ch/~tgr/libnl/
>  endef
>  
> +define Package/libnl-core
> +$(call Package/libnl/default)
> +  TITLE:=Core Netlink Library
> +  DEPENDS:=+libpthread
> +endef
> +
> +define Package/libnl-genl
> +$(call Package/libnl/default)
> +  TITLE:=Generic Netlink Library
> +  DEPENDS:=+libnl-core
> +endef
> +
> +define Package/libnl-route
> +$(call Package/libnl/default)
> +  TITLE:=Routing Netlink Library
> +  DEPENDS:=+libnl-core
> +endef
> +
> +define Package/libnl-nf
> +$(call Package/libnl/default)
> +  TITLE:=Netfilter Netlink Library
> +  DEPENDS:=+libnl-route
> +endef
> +
> +define Package/libnl
> +$(call Package/libnl/default)
> +  TITLE:=Full Netlink Library
> +  DEPENDS:=+libnl-genl +libnl-route +libnl-nf
> +endef
> +
> +define Package/libnl-core/description
> + Common code for all netlink libraries
> +endef
> +
> +define Package/libnl-genl/description
> + Generic Netlink Library Functions
> +endef
> +
> +define Package/libnl-route/description
> + Routing Netlink Library Functions
> +endef
> +
> +define Package/libnl-nf/description
> + Netfilter Netlink Library Functions
> +endef
> +
>  define Package/libnl/description
> - This package contains a library for applications dealing with netlink 
> sockets
> + Socket handling, connection management, sending and receiving of data,
> + message construction and parsing, object caching system, etc.
>  endef
>  
>  TARGET_CFLAGS += -ffunction-sections $(FPIC)
> @@ -40,18 +85,48 @@ define Build/Compile
>  endef
>  
>  define Build/InstallDev
> - $(INSTALL_DIR) $(1)
> - $(CP) $(PKG_INSTALL_DIR)/* $(1)/
> - mkdir -p $(1)/usr/include/libnl
> - $(CP) $(PKG_BUILD_DIR)/include/linux $(1)/usr/include/libnl/
> + $(INSTALL_DIR) $(1)/usr/include/libnl $(1)/usr/lib/pkgconfig
> + $(CP) $(PKG_INSTALL_DIR)/usr/include/libnl3/* $(1)/usr/include/libnl/
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc $(1)/usr/lib/pkgconfig
> +
> + # Copy symlinks
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-3.so $(1)/usr/lib/libnl.so
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-genl-3.so 
> $(1)/usr/lib/libnl-genl.so
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-nf-3.so $(1)/usr/lib/libnl-nf.so
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-route-3.so 
> $(1)/usr/lib/libnl-route.so
>  endef
>  
> -define Package/libnl/install
> +define Package/libnl-core/install
> + $(INSTALL_DIR) $(1)/usr/lib
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-3.so* $(1)/usr/lib/
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-3.so $(1)/usr/lib/libnl.so
> +endef
> +
> +define Package/libnl-genl/install
>   $(INSTALL_DIR) $(1)/usr/lib
> - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-route-3.so.* $(1)/usr/lib/
> - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-genl-3.so.* $(1)/usr/lib/
> - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-nf-3.so.* $(1)/usr/lib/
> - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-3.so.* $(1)/usr/lib/
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-genl-3.so* $(1)/usr/lib/
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-genl-3.so 
> $(1)/usr/lib/libnl-genl.so
> +endef
> +
> +define Package/libnl-route/install
> + $(INSTALL_DIR) $(1)/usr/lib
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-route-3.so* $(1)/usr/lib/
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-route-3.so 
> $(1)/usr/lib/libnl-route.so
> +endef
> +
> +define Package/libnl-nf/install
> + $(INSTALL_DIR) $(1)/usr/lib
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-nf-3.so* $(1)/usr/lib/
> + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-nf-3.so $(1)/usr/lib/libnl-nf.so
> +endef
> +
> +define Package/libnl/install
> + :
>  endef
>  
> +$(eval $(call BuildPackage,libnl-core))
> +$(eval $(call BuildPackage,libnl-genl))
> +$(eval $(call 

Re: [OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP

[Toke Høiland-Jørgensen]

Kevin Darbyshire-Bryant  writes:

> Could I kindly ask you to read
> https://patchwork.ozlabs.org/patch/521344/ particularly with regards to
> Yousong's comments.  You'll hopefully appreciate the irony of your
> suggestion and how things (by which I mean 'I') have been sent on a bit
> of a merry-go-round of late.

Ah, completely missed that go by. Will go have a look at that.

> I think I'm actually trying to be helpful but I'm stepping off now
> before I .well I'm not sure what before, but just before ;-) Back
> to sqm.

Yeah, feel your pain. This whole dnssec/time thing is a royal PITA. I
did a hackish implementation of the reload logic based on NTP state in
Cerowrt:
https://github.com/dtaht/cerowrt-3.10/blob/master/package/network/services/dnsmasq/files/check_ntpd.sh

...which was hackish but did kinda-sorta work. This was before the
timestamp file feature went in, though, and actually was under the
impression that that feature fixed it in a cleaner way. But of course if
sysfixtime is messing with that, well I'll go reply to the other
thread I guess.

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] package: libs: libnl: fix include installation directory

[Rick Farina]

based on sanity I'm going to move aircrack-ng upstream to use pkg-config
so this patch is a prerequisite to making that work on openwrt

ACK from me.

Thanks,
Zero_Chaos

On 10/01/2015 05:41 AM, Paul Fertser wrote:
> Without this patch packages that use pkg-config to find libnl3 includes fail 
> to
> build because the path in the .pc file doesn't match actual install location.
> Make it the way upstream proposes and let whomever depend on libnl use
> pkg-config to find it.
> 
> Signed-off-by: Paul Fertser 
> ---
>  package/libs/libnl/Makefile | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/package/libs/libnl/Makefile b/package/libs/libnl/Makefile
> index 857bbe2..adf743a 100644
> --- a/package/libs/libnl/Makefile
> +++ b/package/libs/libnl/Makefile
> @@ -86,7 +86,7 @@ endef
>  
>  define Build/InstallDev
>   $(INSTALL_DIR) $(1)/usr/include/libnl $(1)/usr/lib/pkgconfig
> - $(CP) $(PKG_INSTALL_DIR)/usr/include/libnl3/* $(1)/usr/include/libnl/
> + $(CP) $(PKG_INSTALL_DIR)/usr/include/libnl3 $(1)/usr/include/
>   $(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib
>   $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc $(1)/usr/lib/pkgconfig
>  
> 
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH firewall] zones : Redirect incoming WAN traffic only when the destination IP address matches the IP masquerading address

[Hans Dedecker]

This patch fixes an issue when 2 LAN network prefixes are in use :
 - the usual 192.168.0.0/24 which is masqueraded by the public IP address on the
   WAN interface
 - a public IP network prefix for those LAN devices that are excluded from NAT

Port forwarding rules introduced for 192.168.1.x devices will currently also
translate traffic addressed to the public network addresses in use on the LAN
as the destination address in the delegate prerouting rule(s) is unset.
The patch sets the destination IP address(es) in the delegate prerouting rules
equal to the IP address(es) that particular network interface has as extra 
descriminator

Signed-off-by: Hans Dedecker 
Signed-off-by: Alin Nastac 
---
 zones.c | 36 
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/zones.c b/zones.c
index 2ddd7b4..8bd6673 100644
--- a/zones.c
+++ b/zones.c
@@ -383,10 +383,38 @@ print_interface_rule(struct fw3_ipt_handle *handle, 
struct fw3_state *state,
{
if (has(zone->flags, handle->family, FW3_FLAG_DNAT))
{
-   r = fw3_ipt_rule_create(handle, NULL, dev, NULL, sub, 
NULL);
-   fw3_ipt_rule_target(r, "zone_%s_prerouting", 
zone->name);
-   fw3_ipt_rule_extra(r, zone->extra_src);
-   fw3_ipt_rule_replace(r, "delegate_prerouting");
+   struct list_head *addrs;
+   struct fw3_address *addr;
+
+   addrs = zone->masq ? calloc(1, sizeof(*addrs)) : NULL;
+   if (addrs)
+   {
+   /* redirect only the traffic towards a locally 
configured address */
+   INIT_LIST_HEAD(addrs);
+   fw3_ubus_address(addrs, dev->network);
+
+   list_for_each_entry(addr, addrs, list)
+   {
+   if (!fw3_is_family(addr, 
handle->family))
+   continue;
+   /* reset mask to its maximum value */
+   memset(>mask.v6, 0xFF, 
sizeof(addr->mask.v6));
+
+   r = fw3_ipt_rule_create(handle, NULL, 
dev, NULL, sub, addr);
+   fw3_ipt_rule_target(r, 
"zone_%s_prerouting", zone->name);
+   fw3_ipt_rule_extra(r, zone->extra_src);
+   fw3_ipt_rule_replace(r, 
"delegate_prerouting");
+   }
+
+   fw3_free_list(addrs);
+   }
+   else
+   {
+   r = fw3_ipt_rule_create(handle, NULL, dev, 
NULL, sub, NULL);
+   fw3_ipt_rule_target(r, "zone_%s_prerouting", 
zone->name);
+   fw3_ipt_rule_extra(r, zone->extra_src);
+   fw3_ipt_rule_replace(r, "delegate_prerouting");
+   }
}
 
if (has(zone->flags, handle->family, FW3_FLAG_SNAT))
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH][RESEND] libnl: split libnl into smaller libraries

[Alexandru Ardelean]

Sure, will do.
Was going to open up some suggestions in that directions.

I also want to look into the part where other modules can build against
libnl (instead of libnl-tiny), when libnl selected.
Not sure how elegant that would become, but I'll look into it.


On Thu, Oct 1, 2015 at 7:33 PM, Rick Farina  wrote:

> At least aircrack-ng wants genl as well as core.  Please feel free to
> fix aircrack-ng to dep properly when you make this change.
>
> Thanks,
> Zero_Chaos (openwrt maintainer of aircrack-ng)
>
> On 09/23/2015 04:17 AM, Alexandru Ardelean wrote:
> > From: Alexandru Ardelean 
> >
> > Some modules may require only libnl-genl, some
> > libnl-route and fewer would require libnl-nf.
> >
> > This patch splits the entire libnl package into smaller
> > more granular libs that can be installed individually as required.
> >
> > Also added libnl*.so symlinks for convenience.
> >
> > Signed-off-by: Alexandru Ardelean 
> > ---
> >  package/libs/libnl/Makefile | 101
> ++--
> >  1 file changed, 88 insertions(+), 13 deletions(-)
> >
> > diff --git a/package/libs/libnl/Makefile b/package/libs/libnl/Makefile
> > index 995fda2..857bbe2 100644
> > --- a/package/libs/libnl/Makefile
> > +++ b/package/libs/libnl/Makefile
> > @@ -18,16 +18,61 @@ PKG_LICENSE:=LGPL-2.1
> >
> >  include $(INCLUDE_DIR)/package.mk
> >
> > -define Package/libnl
> > +define Package/libnl/default
> >SECTION:=libs
> >CATEGORY:=Libraries
> > -  TITLE:=netlink socket library
> > -  DEPENDS:=+libpthread
> >URL:=http://people.suug.ch/~tgr/libnl/
> >  endef
> >
> > +define Package/libnl-core
> > +$(call Package/libnl/default)
> > +  TITLE:=Core Netlink Library
> > +  DEPENDS:=+libpthread
> > +endef
> > +
> > +define Package/libnl-genl
> > +$(call Package/libnl/default)
> > +  TITLE:=Generic Netlink Library
> > +  DEPENDS:=+libnl-core
> > +endef
> > +
> > +define Package/libnl-route
> > +$(call Package/libnl/default)
> > +  TITLE:=Routing Netlink Library
> > +  DEPENDS:=+libnl-core
> > +endef
> > +
> > +define Package/libnl-nf
> > +$(call Package/libnl/default)
> > +  TITLE:=Netfilter Netlink Library
> > +  DEPENDS:=+libnl-route
> > +endef
> > +
> > +define Package/libnl
> > +$(call Package/libnl/default)
> > +  TITLE:=Full Netlink Library
> > +  DEPENDS:=+libnl-genl +libnl-route +libnl-nf
> > +endef
> > +
> > +define Package/libnl-core/description
> > + Common code for all netlink libraries
> > +endef
> > +
> > +define Package/libnl-genl/description
> > + Generic Netlink Library Functions
> > +endef
> > +
> > +define Package/libnl-route/description
> > + Routing Netlink Library Functions
> > +endef
> > +
> > +define Package/libnl-nf/description
> > + Netfilter Netlink Library Functions
> > +endef
> > +
> >  define Package/libnl/description
> > - This package contains a library for applications dealing with netlink
> sockets
> > + Socket handling, connection management, sending and receiving of data,
> > + message construction and parsing, object caching system, etc.
> >  endef
> >
> >  TARGET_CFLAGS += -ffunction-sections $(FPIC)
> > @@ -40,18 +85,48 @@ define Build/Compile
> >  endef
> >
> >  define Build/InstallDev
> > - $(INSTALL_DIR) $(1)
> > - $(CP) $(PKG_INSTALL_DIR)/* $(1)/
> > - mkdir -p $(1)/usr/include/libnl
> > - $(CP) $(PKG_BUILD_DIR)/include/linux $(1)/usr/include/libnl/
> > + $(INSTALL_DIR) $(1)/usr/include/libnl $(1)/usr/lib/pkgconfig
> > + $(CP) $(PKG_INSTALL_DIR)/usr/include/libnl3/*
> $(1)/usr/include/libnl/
> > + $(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib
> > + $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc
> $(1)/usr/lib/pkgconfig
> > +
> > + # Copy symlinks
> > + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-3.so $(1)/usr/lib/libnl.so
> > + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-genl-3.so
> $(1)/usr/lib/libnl-genl.so
> > + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-nf-3.so
> $(1)/usr/lib/libnl-nf.so
> > + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-route-3.so
> $(1)/usr/lib/libnl-route.so
> >  endef
> >
> > -define Package/libnl/install
> > +define Package/libnl-core/install
> > + $(INSTALL_DIR) $(1)/usr/lib
> > + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-3.so* $(1)/usr/lib/
> > + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-3.so $(1)/usr/lib/libnl.so
> > +endef
> > +
> > +define Package/libnl-genl/install
> >   $(INSTALL_DIR) $(1)/usr/lib
> > - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-route-3.so.* $(1)/usr/lib/
> > - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-genl-3.so.* $(1)/usr/lib/
> > - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-nf-3.so.* $(1)/usr/lib/
> > - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-3.so.* $(1)/usr/lib/
> > + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-genl-3.so* $(1)/usr/lib/
> > + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-genl-3.so
> $(1)/usr/lib/libnl-genl.so
> > +endef
> > +
> > +define Package/libnl-route/install
> > + $(INSTALL_DIR) 

Re: [OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP

[Kevin Darbyshire-Bryant]

On 01/10/15 16:20, Toke Høiland-Jørgensen wrote:
> Kevin Darbyshire-Bryant  writes:
>
>> This patch stops SIGHUP from enabling dnssec timechecks if disabled by
>> use of --dnssec-no-timecheck option.  --dnssec-timestamp continues to
>> work correctly.
> I'd argue that patching dnsmasq in this way is the wrong way to fix
> this. If you're worried about that DOS vector, don't use
> --dnssec-no-timecheck but rather use --dnssec-timestamp.
Hi Toke, small world :-)

Could I kindly ask you to read
https://patchwork.ozlabs.org/patch/521344/ particularly with regards to
Yousong's comments.  You'll hopefully appreciate the irony of your
suggestion and how things (by which I mean 'I') have been sent on a bit
of a merry-go-round of late.


>
> Also, in a scenario where --dnssec-no-timecheck is used, the expectation
> is that the time will be fixed in fairly short order (i.e. as soon as
> NTP syncs up), so the potential for this being a DOS vector is rather
> small I would say... And if you can SIGHUP the process you can also
> SIGKILL it.
>
> -Toke
I couldn't agree more.  But in order to cover one's backside AND because
SIGHUP is used for multiple things, e.g. poking dnsmasq to get it to
re-read some files, there's a possibility that it could be poked to
re-read config files (good) but with a side effect of checking dnssec
timestamps at exactly the wrong moment ie. before time is made correct (bad)

I think I'm actually trying to be helpful but I'm stepping off now
before I .well I'm not sure what before, but just before ;-)   Back
to sqm.

Kevin





smime.p7s
Description: S/MIME Cryptographic Signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] collectd: disable perl bindings from dev host

[Tim Harvey]

if a user's env has PERL_MM_OPT defined collect will fail to build. Adding
--with-perl-bindings="" will override this env var.

Signed-off-by: Tim Harvey 
---
 utils/collectd/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/utils/collectd/Makefile b/utils/collectd/Makefile
index 03f3001..88cd5f6 100644
--- a/utils/collectd/Makefile
+++ b/utils/collectd/Makefile
@@ -185,6 +185,7 @@ CONFIGURE_ARGS+= \
--disable-debug \
--enable-daemon \
--with-nan-emulation \
+   --with-perl-bindings= \
--without-libgcrypt
 
 CONFIGURE_VARS+= \
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] package sha256sum mismatch

[Nerijus Baliunas]

On Thu, 1 Oct 2015 00:21:12 +0300 Nerijus Baliunas 
 wrote:

> # opkg install zabbix-agentd
> Installing zabbix-agentd (2.4.6-1) to root...
> Downloading 
> http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/zabbix-agentd_2.4.6-1_ar71xx.ipk.
> Collected errors:
>  * opkg_install_pkg: Package zabbix-agentd sha256sum mismatch. Either the 
> opkg or the package index are corrupt. Try 'opkg update'.

https://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/Packages
 has
SHA256sum: c359a0320493431f64f92059786842d507c7c59208a172e3b0f297a0557df489
for zabbix-agentd.
Downloaded zabbix-agentd_2.4.6-1_ar71xx.ipk and checked sha256sum - it is the 
same.

Why does opkg complain?

Regards,
Nerijus
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] libnl: Install include files into libnl3

[Bruno Randolf]

Install header files into same location as pkgconfig/libnl-3.0.pc says:
  Cflags: -I${includedir}/libnl3

Signed-off-by: Bruno Randolf 
---
 package/libs/libnl/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/libs/libnl/Makefile b/package/libs/libnl/Makefile
index 857bbe2..241e9a7 100644
--- a/package/libs/libnl/Makefile
+++ b/package/libs/libnl/Makefile
@@ -85,8 +85,8 @@ define Build/Compile
 endef
 
 define Build/InstallDev
-   $(INSTALL_DIR) $(1)/usr/include/libnl $(1)/usr/lib/pkgconfig
-   $(CP) $(PKG_INSTALL_DIR)/usr/include/libnl3/* $(1)/usr/include/libnl/
+   $(INSTALL_DIR) $(1)/usr/include/libnl3 $(1)/usr/lib/pkgconfig
+   $(CP) $(PKG_INSTALL_DIR)/usr/include/libnl3/* $(1)/usr/include/libnl3/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc $(1)/usr/lib/pkgconfig
 
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH firewall] zones : Redirect incoming WAN traffic only when the destination IP address matches the IP masquerading address

[Jo-Philipp Wich]

Hi,

wouldn't this break port forwards to hosts not being within the range of
the on-link lan subnet?

I also read the patch description three times and still am not sure what
that change attempts to achive.

Can you further explain the problem please and provide a before/after
"fw3 print" diff so that I better understand your proposed solution?

~ Jow


Am 01.10.2015 um 18:38 schrieb Hans Dedecker:
> This patch fixes an issue when 2 LAN network prefixes are in use :
>  - the usual 192.168.0.0/24 which is masqueraded by the public IP address on 
> the
>WAN interface
>  - a public IP network prefix for those LAN devices that are excluded from NAT
> 
> Port forwarding rules introduced for 192.168.1.x devices will currently also
> translate traffic addressed to the public network addresses in use on the LAN
> as the destination address in the delegate prerouting rule(s) is unset.
> The patch sets the destination IP address(es) in the delegate prerouting rules
> equal to the IP address(es) that particular network interface has as extra 
> descriminator
> 
> Signed-off-by: Hans Dedecker 
> Signed-off-by: Alin Nastac 
> ---
>  zones.c | 36 
>  1 file changed, 32 insertions(+), 4 deletions(-)
> 
> diff --git a/zones.c b/zones.c
> index 2ddd7b4..8bd6673 100644
> --- a/zones.c
> +++ b/zones.c
> @@ -383,10 +383,38 @@ print_interface_rule(struct fw3_ipt_handle *handle, 
> struct fw3_state *state,
>   {
>   if (has(zone->flags, handle->family, FW3_FLAG_DNAT))
>   {
> - r = fw3_ipt_rule_create(handle, NULL, dev, NULL, sub, 
> NULL);
> - fw3_ipt_rule_target(r, "zone_%s_prerouting", 
> zone->name);
> - fw3_ipt_rule_extra(r, zone->extra_src);
> - fw3_ipt_rule_replace(r, "delegate_prerouting");
> + struct list_head *addrs;
> + struct fw3_address *addr;
> +
> + addrs = zone->masq ? calloc(1, sizeof(*addrs)) : NULL;
> + if (addrs)
> + {
> + /* redirect only the traffic towards a locally 
> configured address */
> + INIT_LIST_HEAD(addrs);
> + fw3_ubus_address(addrs, dev->network);
> +
> + list_for_each_entry(addr, addrs, list)
> + {
> + if (!fw3_is_family(addr, 
> handle->family))
> + continue;
> + /* reset mask to its maximum value */
> + memset(>mask.v6, 0xFF, 
> sizeof(addr->mask.v6));
> +
> + r = fw3_ipt_rule_create(handle, NULL, 
> dev, NULL, sub, addr);
> + fw3_ipt_rule_target(r, 
> "zone_%s_prerouting", zone->name);
> + fw3_ipt_rule_extra(r, zone->extra_src);
> + fw3_ipt_rule_replace(r, 
> "delegate_prerouting");
> + }
> +
> + fw3_free_list(addrs);
> + }
> + else
> + {
> + r = fw3_ipt_rule_create(handle, NULL, dev, 
> NULL, sub, NULL);
> + fw3_ipt_rule_target(r, "zone_%s_prerouting", 
> zone->name);
> + fw3_ipt_rule_extra(r, zone->extra_src);
> + fw3_ipt_rule_replace(r, "delegate_prerouting");
> + }
>   }
>  
>   if (has(zone->flags, handle->family, FW3_FLAG_SNAT))
> 



signature.asc
Description: OpenPGP digital signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 3/4] brcm2708: add support for device tree overlays

[Álvaro Fernández Rojas]

Signed-off-by: Álvaro Fernández Rojas 
---
 target/linux/brcm2708/image/Makefile   | 7 +++
 target/linux/brcm2708/image/config.txt | 9 +
 2 files changed, 16 insertions(+)

diff --git a/target/linux/brcm2708/image/Makefile 
b/target/linux/brcm2708/image/Makefile
index 7a68c50..3744cac 100644
--- a/target/linux/brcm2708/image/Makefile
+++ b/target/linux/brcm2708/image/Makefile
@@ -21,6 +21,12 @@ else
   endef
 endif
 
+define Image/Prepare
+   rm -rf $(KDIR)/overlays
+   mkdir -p $(KDIR)/overlays
+   $(CP) $(DTS_DIR)/overlays/*.dtb $(KDIR)/overlays/
+endef
+
 ### Image scripts ###
 define Build/gen-cfg
cat config.txt > $@.config
@@ -41,6 +47,7 @@ define Build/boot-img
mcopy -i $@.boot $@.config ::config.txt
mcopy -i $@.boot $(word 1,$^) ::kernel.img
mcopy -i $@.boot $(DTS_DIR)/$(DEVICE_DTS).dtb ::$(DEVICE_DTS).dtb
+   mcopy -s -i $@.boot $(KDIR)/overlays ::
 endef
 
 define Build/sdcard-img
diff --git a/target/linux/brcm2708/image/config.txt 
b/target/linux/brcm2708/image/config.txt
index f66f6bc..1fb880f 100644
--- a/target/linux/brcm2708/image/config.txt
+++ b/target/linux/brcm2708/image/config.txt
@@ -927,3 +927,12 @@ init_uart_clock=300
 

 
 dtparam=random=on,watchdog=on,audio=on,i2c0=on,i2c1=on,spi=on
+
+#dtoverlay=hifiberry-amp-overlay
+#dtoverlay=hifiberry-dac-overlay
+#dtoverlay=hifiberry-dacplus-overlay
+#dtoverlay=hifiberry-digi-overlay
+#dtoverlay=iqaudio-dac-overlay
+#dtoverlay=iqaudio-dacplus-overlay
+#dtoverlay=raspidac3-overlay
+#dtoverlay=rpi-proto-overlay
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH v2] base-files: init/sysfixtime - exclude dnsmasq.time

[Toke Høiland-Jørgensen]

Steven Barth  writes:

> Using --dnssec-no-timecheck is impractical since it reacts to SIGHUP which
> is already overloaded and might be triggered by e.g. config changes.

Quite apart from the signaling, using --dnssec-no-timecheck very quickly
turns into an ugly hack. I implemented a startup time sync functionality
for CeroWrt based on this, see
https://github.com/dtaht/cerowrt-3.10/commit/b3a5b704691f1ba1d154dca9c7ab316f92136640

Never even attempted to upstream it because while it does sorta-kinda
work, it is a fairly ugly hack and I don't see any good way to avoid
that.

I definitely consider the timestamp file a cleaner way of solving the
DNSSEC/time sync problem, and will definitely recommend sticking with
that.

As far as whether or not it is a security risk: The whole issue here is
that it is fundamentally impossible to bootstrap DNSSEC securely without
a reliable clock (i.e. real-time clock or GPS or other offline source).
So we're stuck with doing things that minimise the duration of the
vulnerable window.

Also, as far as I can tell, dnsmasq will still read the time off the
file even if it can't write to it. So if the file ownership is the issue
(and I can see how this is at least a theoretical concern), just have
the file be owned as root, and have a suitably privileged process touch
it on shutdown (or periodically? presumably many reboots are going to be
hard power cycles, so no chance to do anything on shutdown?).

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 4/4] brcm2708: keep boot partition mounted to allow users to change config.txt

[Álvaro Fernández Rojas]

This way it's easier to configure device tree overlays, customize other
parameters...

Signed-off-by: Álvaro Fernández Rojas 
---
 target/linux/brcm2708/base-files/lib/preinit/79_move_config | 6 +++---
 target/linux/brcm2708/base-files/lib/upgrade/platform.sh| 7 ---
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/target/linux/brcm2708/base-files/lib/preinit/79_move_config 
b/target/linux/brcm2708/base-files/lib/preinit/79_move_config
index 7bcea7b..b0ee62a 100644
--- a/target/linux/brcm2708/base-files/lib/preinit/79_move_config
+++ b/target/linux/brcm2708/base-files/lib/preinit/79_move_config
@@ -9,9 +9,9 @@ move_config() {
insmod nls_iso8859-1
insmod fat
insmod vfat
-   mount -t vfat -o rw,noatime $BOOTPART /mnt
-   [ -f /mnt/sysupgrade.tgz ] && mv -f /mnt/sysupgrade.tgz /
-   umount /mnt
+   mkdir -p /boot
+   mount -t vfat -o rw,noatime $BOOTPART /boot
+   [ -f /boot/sysupgrade.tgz ] && mv -f /boot/sysupgrade.tgz /
fi
 }
 
diff --git a/target/linux/brcm2708/base-files/lib/upgrade/platform.sh 
b/target/linux/brcm2708/base-files/lib/upgrade/platform.sh
index 3e1ee00..1d4b694 100644
--- a/target/linux/brcm2708/base-files/lib/upgrade/platform.sh
+++ b/target/linux/brcm2708/base-files/lib/upgrade/platform.sh
@@ -10,8 +10,9 @@ platform_do_upgrade() {
 }
 
 platform_copy_config() {
-   mount -t vfat -o rw,noatime /dev/mmcblk0p1 /mnt
-   cp -af "$CONF_TAR" /mnt/
+   mkdir -p /boot
+   [ -f /boot/kernel.img ] || mount -t vfat -o rw,noatime /dev/mmcblk0p1 
/boot
+   cp -af "$CONF_TAR" /boot/
sync
-   umount /mnt
+   umount /boot
 }
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 1/4] brcm2708: fix kmod-sound-soc-bcm2708-i2s config

[Álvaro Fernández Rojas]

Right now, selecting kmod-sound-soc-bcm2708-i2s causes build errors due to
missing configs.
kmod-regmap enables I2C and SPI, causing build errors due to depending
variables not defined.

Signed-off-by: Álvaro Fernández Rojas 
---
 target/linux/brcm2708/modules.mk | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/target/linux/brcm2708/modules.mk b/target/linux/brcm2708/modules.mk
index 68a7d38..9c201d0 100644
--- a/target/linux/brcm2708/modules.mk
+++ b/target/linux/brcm2708/modules.mk
@@ -28,6 +28,8 @@ $(eval $(call KernelPackage,sound-arm-bcm2835))
 define KernelPackage/sound-soc-bcm2708-i2s
   TITLE:=SoC Audio support for the Broadcom 2708 I2S module
   KCONFIG:= \
+   CONFIG_BCM2708_SPIDEV=n \
+   CONFIG_MFD_RPISENSE_CORE=n \
CONFIG_SND_BCM2708_SOC_I2S \
CONFIG_SND_SOC_DMAENGINE_PCM=y \
CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 2/4] brcm2708: switch device tree compilation to linux

[Álvaro Fernández Rojas]

Signed-off-by: Álvaro Fernández Rojas 
---
 target/linux/brcm2708/Makefile   | 2 +-
 target/linux/brcm2708/image/Makefile | 8 ++--
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/target/linux/brcm2708/Makefile b/target/linux/brcm2708/Makefile
index 6d8aba0..f8c9347 100644
--- a/target/linux/brcm2708/Makefile
+++ b/target/linux/brcm2708/Makefile
@@ -26,6 +26,6 @@ define Target/Description
Currently produces SD Card image for Raspberry Pi.
 endef
 
-KERNELNAME:=Image
+KERNELNAME:=Image dtbs
 
 $(eval $(call BuildTarget))
diff --git a/target/linux/brcm2708/image/Makefile 
b/target/linux/brcm2708/image/Makefile
index de222f0..7a68c50 100644
--- a/target/linux/brcm2708/image/Makefile
+++ b/target/linux/brcm2708/image/Makefile
@@ -22,10 +22,6 @@ else
 endif
 
 ### Image scripts ###
-define Build/build-dtb
-   $(call Image/BuildDTB,$(DTS_DIR)/$(DEVICE_DTS).dts,$@.dtb)
-endef
-
 define Build/gen-cfg
cat config.txt > $@.config
echo -e "\ndevice_tree=$(DEVICE_DTS).dtb" >> $@.config
@@ -44,7 +40,7 @@ define Build/boot-img
mcopy -i $@.boot cmdline.txt ::
mcopy -i $@.boot $@.config ::config.txt
mcopy -i $@.boot $(word 1,$^) ::kernel.img
-   mcopy -i $@.boot $@.dtb ::$(DEVICE_DTS).dtb
+   mcopy -i $@.boot $(DTS_DIR)/$(DEVICE_DTS).dtb ::$(DEVICE_DTS).dtb
 endef
 
 define Build/sdcard-img
@@ -59,7 +55,7 @@ define Device/Default
   PROFILES = Default $$(DEVICE_PROFILE)
   KERNEL := kernel-bin
   IMAGES := sdcard.bin
-  IMAGE/sdcard.bin := build-dtb | gen-cfg | boot-img | sdcard-img
+  IMAGE/sdcard.bin := gen-cfg | boot-img | sdcard-img
   DEVICE_PROFILE :=
   DEVICE_DTS :=
 endef
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH v2 1/3] ramips: Add DTS files for HiWiFi HC5x61 models

[Piotr Dymacz]

Hello,

I don't have more comments, it looks good now. Maybe just think about
my suggestion with common dtsi for all 3 models.
And just one question - how does it look with flashing process on those devices?

Cheers,
Piotr


2015-09-29 18:13 GMT+02:00 Kang Xiaoning :
>
>
> On Tue, Sep 29, 2015 at 4:31 AM, Piotr Dymacz  wrote:
>>
>> Hello,
>>
>> Just some small, cosmetic things... see inline, below.
>>
>> BTW.
>> I see that these models are very similar (most of the dts files are
>> just copy).
>> Maybe it would be better to make for them one, common dtsi file and
>> separated dts files per model (take Lenovo Y1/Y1S as example).
>>
>> Cheers,
>> Piotr
>>
>> 2015-09-28 16:42 GMT+02:00 Comman Kang :
>> > HiWiFi HC5661/5761/5861 models are manufactured by
>> > http://www.hiwifi.com. These models have similar hardware specs(MT7620A +
>> > 128M DDR2 + 16M flash). This patch adds support for them.
>> >
>> > The original author is Justin Liu (rss...@gmail.com). I ported the patch
>> > to trunk and submitted it here with his approval.
>> >
>> > v2 fix
>> >   1: Renamed files to remove manufacturer’s name.
>> >   2: styling work
>> >
>> > Signed-off-by: Xiaoning Kang 
>> >
>> >
>> > diff --git a/target/linux/ramips/dts/HC5661.dts
>> > b/target/linux/ramips/dts/HC5661.dts
>> > new file mode 100644
>> > index 000..b5b9d1a
>> > --- /dev/null
>> > +++ b/target/linux/ramips/dts/HC5661.dts
>> > @@ -0,0 +1,172 @@
>> > +/dts-v1/;
>> > +
>> > +/include/ "mt7620a.dtsi"
>> > +
>> > +/ {
>> > +   compatible = "HC5661", "ralink,mt7620a-soc";
>> > +   model = "HiWiFi HC5661";
>> > +
>> > +   chosen {
>> > +   bootargs = "console=ttyS0,115200";
>> > +   };
>> > +
>> > +   palmbus@1000 {
>> > +   sysc@0 {
>> > +   ralink,gpiomux = "i2c", "jtag";
>> > +   ralink,uartmux = "gpio";
>> > +   ralink,wdtmux = <1>;
>> > +   };
>> > +
>> > +   gpio0: gpio@600 {
>> > +   status = "okay";
>> > +   };
>> > +
>> > +   gpio2: gpio@660 {
>> > +   status = "okay";
>> > +   };
>> > +
>> > +   gpio3: gpio@688 {
>> > +   status = "okay";
>> > +   };
>> > +
>> > +   spi@b00 {
>> > +   status = "okay";
>> > +
>> > +   m25p80@0 {
>> > +   #address-cells = <1>;
>> > +   #size-cells = <1>;
>> > +   compatible = "w25q128";
>> > +   reg = <0 0>;
>> > +   linux,modalias = "m25p80", "w25q128";
>> > +   spi-max-frequency = <1000>;
>> > +
>> > +   partition@0 {
>> > +   label = "u-boot";
>> > +   reg = <0x0 0x3>;
>> > +   };
>> > +
>> > +   partition@3 {
>> > +   label = "u-boot-env";
>> > +   reg = <0x3 0x1>;
>> > +   read-only;
>> > +   };
>> > +
>> > +   factory: partition@4 {
>> > +   label = "factory";
>> > +   reg = <0x4 0x1>;
>> > +   };
>> > +
>> > +   partition@5 {
>> > +   label = "firmware";
>> > +   reg = <0x5 0xf8>;
>> > +   };
>> > +
>> > +   partition@fd {
>> > +   label = "hwf_config";
>> > +   reg = <0xfd 0x1>;
>> > +   };
>> > +
>> > +   bdinfo: partition@fe {
>> > +   label = "bdinfo";
>> > +   reg = <0xfe 0x1>;
>> > +   };
>> > +
>> > +   partition@ff {
>> > +   label = "backup";
>> > +   reg = <0xff 0x1>;
>> > +   };
>> > +   };
>> > +   };
>> > +   };
>> > +
>> > +   ehci@101c {
>> > +   status = "okay";
>> > +   };
>> > +
>> > +   ohci@101c1000 {
>> > +   status = "okay";
>> > +   };
>> > +
>> > +   ethernet@1010 {
>> > +   pinctrl-names = "default";
>> > +   pinctrl-0 = <_pins>;
>> > +   

[OpenWrt-Devel] [PATCH 2/2] uhttpd: add support for gzipped content encoding

[Andrej Krpic]

this patch implements gzip content encoding. It is used when "gzip" 
string is present in a Accept-Encoding header of a request and the 
decision to use chunked encoding in a response was already made.
Adds zlib dependency.

Signed-off-by: Andrej Krpic 
---
 CMakeLists.txt |  7 +++
 client.c   | 16 ++--
 gzip.c | 49 +
 main.c | 16 +++-
 uhttpd.h   | 17 +
 utils.c| 13 -
 6 files changed, 114 insertions(+), 4 deletions(-)
 create mode 100644 gzip.c

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8c285dc..1dd24b8 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -10,6 +10,7 @@ ADD_DEFINITIONS(-D_FILE_OFFSET_BITS=64 -Os -Wall -Werror 
-Wmissing-declarations
 OPTION(TLS_SUPPORT "TLS support" ON)
 OPTION(LUA_SUPPORT "Lua support" ON)
 OPTION(UBUS_SUPPORT "ubus support" ON)
+OPTION(GZIP_SUPPORT "gzip encoding support" ON)
 
 IF(APPLE)
   INCLUDE_DIRECTORIES(/opt/local/include)
@@ -27,6 +28,12 @@ IF(TLS_SUPPORT)
ADD_DEFINITIONS(-DHAVE_TLS)
 ENDIF()
 
+IF(GZIP_SUPPORT)
+   SET(SOURCES ${SOURCES} gzip.c)
+   SET(LIBS ${LIBS} "z")
+   ADD_DEFINITIONS(-DHAVE_ZLIB)
+ENDIF()
+
 CHECK_FUNCTION_EXISTS(getspnam HAVE_SHADOW)
 IF(HAVE_SHADOW)
 ADD_DEFINITIONS(-DHAVE_SHADOW)
diff --git a/client.c b/client.c
index 8569b21..96eecd6 100644
--- a/client.c
+++ b/client.c
@@ -61,6 +61,7 @@ void uh_http_header(struct client *cl, int code, const char 
*summary)
 {
struct http_request *r = >request;
const char *enc = "Transfer-Encoding: chunked\r\n";
+   const char *cenc = "Content-Encoding: gzip\r\n";
const char *conn;
 
cl->http_code = code;
@@ -70,14 +71,19 @@ void uh_http_header(struct client *cl, int code, const char 
*summary)
else
chunked_init(cl);
 
+   if (!cl->request.respond_gzipped || !uh_gzip_init(cl)) {
+   cl->request.respond_gzipped = false;
+   cenc = "";
+   }
+
if (r->connection_close)
conn = "Connection: close";
else
conn = "Connection: Keep-Alive";
 
-   ustream_printf(cl->us, "%s %03i %s\r\n%s\r\n%s",
+   ustream_printf(cl->us, "%s %03i %s\r\n%s\r\n%s%s",
http_versions[cl->request.version],
-   code, summary, conn, enc);
+   code, summary, conn, enc, cenc);
 
if (!r->connection_close)
ustream_printf(cl->us, "Keep-Alive: timeout=%d\r\n", 
conf.http_keepalive);
@@ -279,6 +285,7 @@ static bool tls_redirect_check(struct client *cl)
*ptr = 0;
 
cl->request.respond_chunked = false;
+   cl->request.respond_gzipped = false;
cl->request.connection_close = true;
 
uh_http_header(cl, 307, "Temporary Redirect");
@@ -359,6 +366,11 @@ static void client_parse_header(struct client *cl, char 
*data)
uh_header_error(cl, 400, "Bad Request");
return;
}
+#ifdef HAVE_ZLIB
+   } else if (!strcmp(data, "accept-encoding") && strstr(val, "gzip")) {
+   if (!conf.no_gzip_encoding && r->respond_chunked)
+   r->respond_gzipped = true;
+#endif
} else if (!strcmp(data, "transfer-encoding")) {
if (!strcmp(val, "chunked"))
r->transfer_chunked = true;
diff --git a/gzip.c b/gzip.c
new file mode 100644
index 000..c4c5969
--- /dev/null
+++ b/gzip.c
@@ -0,0 +1,49 @@
+#include 
+#include 
+#include "uhttpd.h"
+
+static int ustream_gzip_write(struct ustream *s, const char *buf, int len, 
bool more)
+{
+   struct client *cl = container_of(s, struct client, gzip);
+   z_stream *zs = >zstream;
+   bool flush = !more && len == 0 && buf && *buf == 0;
+
+   char *gzbuf;
+   int gzlen, ret;
+
+   zs->avail_in = len;
+   zs->next_in = (z_const Bytef *)buf;
+
+   gzlen = len > 0 ? len : 1024;
+   gzbuf = calloc(gzlen, sizeof(char));
+   if (!gzbuf)
+   return -1;
+more:
+   zs->avail_out = gzlen;
+   zs->next_out = (Bytef *)gzbuf;
+
+   ret = deflate(zs, flush ? Z_FINISH : Z_SYNC_FLUSH);
+
+   ustream_write(>chunked, gzbuf, gzlen - zs->avail_out, more);
+
+   if (flush && ret == Z_OK)
+   goto more;
+   else if (ret == Z_STREAM_END)
+ret = deflateEnd(zs);
+
+   free(gzbuf);
+   return len;
+}
+
+bool uh_gzip_init(struct client *cl) {
+   ustream_init_defaults(>gzip);
+   cl->gzip.write = _gzip_write;
+
+   cl->zstream.zalloc = Z_NULL;
+   cl->zstream.zfree = Z_NULL;
+   cl->zstream.opaque = Z_NULL;
+
+   return deflateInit2(>zstream, Z_DEFAULT_COMPRESSION,
+   Z_DEFLATED, 16 | MAX_WBITS,
+   8, Z_DEFAULT_STRATEGY) == Z_OK;
+}
diff --git a/main.c b/main.c
index ed47486..a1138dc 100644
--- a/main.c
+++ 

[OpenWrt-Devel] [PATCH 1/2] uhttpd: use separate ustream for chunked transfer encoding

[Andrej Krpic]

Hi,

this patch simplifies chunk printing when chunked transfer encoding is used
in a response... And it comes handy when gzip content encoding will be used.


Signed-off-by: Andrej Krpic 
---
 client.c | 17 +
 file.c   |  6 --
 uhttpd.h |  1 +
 utils.c  | 31 +++
 4 files changed, 29 insertions(+), 26 deletions(-)

diff --git a/client.c b/client.c
index dbdd1a3..8569b21 100644
--- a/client.c
+++ b/client.c
@@ -42,6 +42,21 @@ const char * const http_methods[] = {
[UH_HTTP_MSG_OPTIONS] = "OPTIONS",
 };
 
+static int chunked_write_cb(struct ustream *s, const char *buf, int len, bool 
more)
+{
+   struct client *cl = container_of(s, struct client, chunked);
+   ustream_printf(cl->us, "%X\r\n", len);
+   ustream_write(cl->us, buf, len, more);
+   ustream_printf(cl->us, "\r\n");
+   return len;
+}
+
+static void chunked_init(struct client *cl)
+{
+   ustream_init_defaults(>chunked);
+   cl->chunked.write = _write_cb;
+}
+
 void uh_http_header(struct client *cl, int code, const char *summary)
 {
struct http_request *r = >request;
@@ -52,6 +67,8 @@ void uh_http_header(struct client *cl, int code, const char 
*summary)
 
if (!cl->request.respond_chunked)
enc = "";
+   else
+   chunked_init(cl);
 
if (r->connection_close)
conn = "Connection: close";
diff --git a/file.c b/file.c
index 9a2880f..9254e63 100644
--- a/file.c
+++ b/file.c
@@ -579,8 +579,10 @@ static void uh_file_data(struct client *cl, struct 
path_info *pi, int fd)
ustream_printf(cl->us, "Content-Type: %s\r\n",
   uh_file_mime_lookup(pi->name));
 
-   ustream_printf(cl->us, "Content-Length: %" PRIu64 "\r\n\r\n",
-  pi->stat.st_size);
+   if (!cl->request.respond_chunked)
+   ustream_printf(cl->us, "Content-Length: %" PRIu64 "\r\n",
+   pi->stat.st_size);
+   ustream_printf(cl->us, "\r\n");
 
 
/* send body */
diff --git a/uhttpd.h b/uhttpd.h
index fbcb1ed..dd41c25 100644
--- a/uhttpd.h
+++ b/uhttpd.h
@@ -236,6 +236,7 @@ struct client {
 
struct ustream *us;
struct ustream_fd sfd;
+   struct ustream chunked;
 #ifdef HAVE_TLS
struct ustream_ssl ssl;
 #endif
diff --git a/utils.c b/utils.c
index 857e326..572beb9 100644
--- a/utils.c
+++ b/utils.c
@@ -37,44 +37,27 @@ bool uh_use_chunked(struct client *cl)
 
 void uh_chunk_write(struct client *cl, const void *data, int len)
 {
-   bool chunked = cl->request.respond_chunked;
-
if (cl->state == CLIENT_STATE_CLEANUP)
return;
 
uloop_timeout_set(>timeout, conf.network_timeout * 1000);
-   if (chunked)
-   ustream_printf(cl->us, "%X\r\n", len);
-   ustream_write(cl->us, data, len, true);
-   if (chunked)
-   ustream_printf(cl->us, "\r\n", len);
+
+   if (!cl->request.respond_chunked)
+   ustream_write(cl->us, data, len, true);
+   else
+   ustream_write(>chunked, data, len, true);
 }
 
 void uh_chunk_vprintf(struct client *cl, const char *format, va_list arg)
 {
-   char buf[256];
-   va_list arg2;
-   int len;
-
if (cl->state == CLIENT_STATE_CLEANUP)
return;
 
uloop_timeout_set(>timeout, conf.network_timeout * 1000);
-   if (!cl->request.respond_chunked) {
+   if (!cl->request.respond_chunked)
ustream_vprintf(cl->us, format, arg);
-   return;
-   }
-
-   va_copy(arg2, arg);
-   len = vsnprintf(buf, sizeof(buf), format, arg2);
-   va_end(arg2);
-
-   ustream_printf(cl->us, "%X\r\n", len);
-   if (len < sizeof(buf))
-   ustream_write(cl->us, buf, len, true);
else
-   ustream_vprintf(cl->us, format, arg);
-   ustream_printf(cl->us, "\r\n", len);
+   ustream_vprintf(>chunked, format, arg);
 }
 
 void uh_chunk_printf(struct client *cl, const char *format, ...)
-- 
2.4.6
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] package: libs: libnl: fix include installation directory

[Paul Fertser]

Without this patch packages that use pkg-config to find libnl3 includes fail to
build because the path in the .pc file doesn't match actual install location.
Make it the way upstream proposes and let whomever depend on libnl use
pkg-config to find it.

Signed-off-by: Paul Fertser 
---
 package/libs/libnl/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/libs/libnl/Makefile b/package/libs/libnl/Makefile
index 857bbe2..adf743a 100644
--- a/package/libs/libnl/Makefile
+++ b/package/libs/libnl/Makefile
@@ -86,7 +86,7 @@ endef
 
 define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include/libnl $(1)/usr/lib/pkgconfig
-   $(CP) $(PKG_INSTALL_DIR)/usr/include/libnl3/* $(1)/usr/include/libnl/
+   $(CP) $(PKG_INSTALL_DIR)/usr/include/libnl3 $(1)/usr/include/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc $(1)/usr/lib/pkgconfig
 
-- 
1.9.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel