[RFT] Kernels for next release

[Paul Spooren]

Hi all,

Kernels for the next release are looking pretty good; except for six targets we 
got everything running on 5.10! Thanks to everyone who contributed and tested!

The following five target support Kernel 5.10 and need testing:

- ath25
- bcm63xx
- layerscape
- octeon
- octeontx

If you own the targets hardware please consider testing the new Kernel and 
report back! There is an overview on GitHub[1] linking all PRs. If you don’t 
use GitHub please respond to this email. Kernel 5.10 is a hard blocker for the 
next OpenWrt release.

Only arc770 lacks Kernel 5.10 support. I’m in contact with people working on 
it, patches should be available soon. 

Since arc770 hardware is a bit rare we lacked proper testing in the past. In 
case there would be any *free* demo hardware available, would anyone be 
interested in working and testing arc770?

Apart from that, happy new year to everyone!

Sunshine,
Paul

[1] https://github.com/aparcar/openwrt/issues/15
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[PATCH] openssl: bump to 1.1.1m

[Eneas U de Queiroz]

This is a bugfix release.  Changelog:

  *) Avoid loading of a dynamic engine twice.
  *) Fixed building on Debian with kfreebsd kernels
  *) Prioritise DANE TLSA issuer certs over peer certs
  *) Fixed random API for MacOS prior to 10.12

Patches were refreshed.

Signed-off-by: Eneas U de Queiroz 
---

Tested on mediatek/Linksys E8450 using hostapd & nginx.

 package/libs/openssl/Makefile   |  6 +++---
 ...perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch | 13 +++--
 .../patches/100-Configure-afalg-support.patch   |  2 +-
 3 files changed, 7 insertions(+), 14 deletions(-)

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 0512abdc48..9e7482117d 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.1.1
-PKG_BUGFIX:=l
+PKG_BUGFIX:=m
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=2
+PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 ENGINES_DIR=engines-1.1
 
@@ -26,7 +26,7 @@ PKG_SOURCE_URL:= \
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
 
-PKG_HASH:=0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1
+PKG_HASH:=f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
diff --git 
a/package/libs/openssl/patches/001-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch
 
b/package/libs/openssl/patches/001-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch
index bdc0509f8c..e52a3d52ea 100644
--- 
a/package/libs/openssl/patches/001-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch
+++ 
b/package/libs/openssl/patches/001-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch
@@ -1,7 +1,7 @@
-From 34ab13b7d8e3e723adb60be8142e38b7c9cd382a Mon Sep 17 00:00:00 2001
+From  Mon Sep 17 00:00:00 2001
 From: Andy Polyakov 
 Date: Sun, 5 May 2019 18:25:50 +0200
-Subject: [PATCH] crypto/perlasm/ppc-xlate.pl: add linux64v2 flavour
+Subject: crypto/perlasm/ppc-xlate.pl: add linux64v2 flavour
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@@ -14,12 +14,8 @@ endian nowadays (Adélie Linux, Void Linux, possibly Gentoo, 
etc.)
 Reviewed-by: Paul Dale 
 Reviewed-by: Richard Levitte 
 (Merged from https://github.com/openssl/openssl/pull/8883)

- crypto/perlasm/ppc-xlate.pl | 8 
- 1 file changed, 4 insertions(+), 4 deletions(-)
 
 diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl
-index e52f2f6ea6..5fcd0526df 100755
 --- a/crypto/perlasm/ppc-xlate.pl
 +++ b/crypto/perlasm/ppc-xlate.pl
 @@ -49,7 +49,7 @@ my $globl = sub {
@@ -49,7 +45,7 @@ index e52f2f6ea6..5fcd0526df 100755
  my $mtspr = sub {
  my ($f,$idx,$ra) = @_;
  if ($idx == 256 && $no_vrsave) {
-@@ -320,7 +320,7 @@ while($line=<>) {
+@@ -318,7 +318,7 @@ while($line=<>) {
if ($label) {
my $xlated = ($GLOBALS{$label} or $label);
print "$xlated:";
@@ -58,6 +54,3 @@ index e52f2f6ea6..5fcd0526df 100755
if ($TYPES{$label} =~ /function/) {
printf "\n.localentry   %s,0\n",$xlated;
}
--- 
-2.31.1
-
diff --git a/package/libs/openssl/patches/100-Configure-afalg-support.patch 
b/package/libs/openssl/patches/100-Configure-afalg-support.patch
index 98944103b5..d8789f4b45 100644
--- a/package/libs/openssl/patches/100-Configure-afalg-support.patch
+++ b/package/libs/openssl/patches/100-Configure-afalg-support.patch
@@ -12,7 +12,7 @@ diff --git a/Configure b/Configure
 index 5a699836f3..74d057c219 100755
 --- a/Configure
 +++ b/Configure
-@@ -1545,7 +1545,9 @@ unless ($disabled{"crypto-mdebug-backtrace"})
+@@ -1548,7 +1548,9 @@ unless ($disabled{"crypto-mdebug-backtrace"})
  
  unless ($disabled{afalgeng}) {
  $config{afalgeng}="";

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[WIP,RFC] general improvements for map-t and other protocols

[Nicolò Veronese]

This is my first post on the mailing list, so if I'm wrong please let me know.
I would like to discuss a number of improvements that I would like to
implement on openwrt to better integrate this technology.

So I would like to understand with you what changes could be useful
to the community and what is a patch only for my ISP.
Since December 2021 my ISP offers IPv4 connectivity through MAP-T.
The configuration arrives via DHCP and is now automatic on Openwrt.
The share ratio which can be 1:16 or 1:1. The CPE provided
automatically opts out from
1:16 to 1:1 if you activate:
- DMZ
- Port forwarding
- UPNP

Let's move on to the improvements I've made and would like to integrate:
- The map.sh script of the "map" module now creates a json structure
in the "data" field [1],
  in this structure there is all the information of the interface configuration:
  the type of map, the prefix of the BR, the various FMRs and the
shared v4 address.
  For an example of the generated JSON: https://pastebin.com/raw/7WQ30LVy
- Luci allows a protocol to generate the DOM for its state [2], so a protocol
  could override the general behavior of the "luci-mod-network" module.
  This is used together with the new JSON structure [3] to show the
user the range of associated ports
  and other useful information. For the visual results:
https://i.ibb.co/FB7FHVd/immagine.png
  https://i.ibb.co/PmGVNFg/immagine.png.
  As you may have noticed, the default overview behavior is overridden
[4] and the "EDIT" key is
  changed to "Status" if the interface is "virtual" and does not have
an associated UCI node.
  If the button is pressed, a modal is opened with the call to the new
"renderStatus" function
  of the protocol. Alternatively, if the protocol has an associated
UCI node, a "Status" TAB is populated
  in the classic modal. [5][6]
- We have added to odhcp6c the possibility to prefix to send an
IA_PREFIX [7], this can be useful as
  my ISP foresees this behavior. (The v6 prefix also determines the
port range and v4, so being able to
  request the same prefix is very important to firewall rules).
  To date, this function can be configured in the "Request IPv6-prefix
of length" in Luci with the format:
  "v6-pd\len:IADID".
  I would therefore like to discuss whether it might be worth
splitting this option into several fields.
  For now it has not been done for reasons of backward compatibility.

All this still needs to be tested, especially with MAP-E to see if
there may be some kind of regression.
For this we have a local lab where we do all the tests.

Now we come to the sore keys:
- miniupnp should be configured at runtime when the map interface goes UP.
  Specifically, the range of ports to whitelist, and the shared IPv4.
  Being MAP a "tunnel", it does not have an IPv4 assigned to the
interface and therefore
  miniupnp thinks it is not active (miniupnp uses the IP to understand
if an interface is up or down [8]).
  Passing an IPv4 address is also quite simple to implement, but it
would be a specific implementation
  for this protocol so I don't know how to go about it. I'll have to
add a parser in the init.d script to read
  the interface JSON described in the point above.
  Specifically unlike Luci, netifd does not have a method for
extracting data resolved by a protocol.
  Netifd only takes care of configuring or deactivating an interface.
  It would therefore be necessary to define a standard JSON structure
for the protocols so a single parser
  can be implemented for other protocols as well. This might be useful
for DDNS and other packages
  that require access to the WAN IP. My idea was to implement ubus
into miniupnp to get the device status
  and interface IP using the conventional JSON structure described above.
- Due to the overhead the MAP-T process sometimes makes connections to
hangs/stalls. My ISP
  supports mini jumbo frames, so in my case I can set WAN6 that way.
It would therefore be necessary to
  make a firewall rule to do MSS clamping if the MTU of the uplink
interface is set to 1500. So far I have
  not seen any way in fw3 to do this. The auto generated rule seems hard-coded.
  The ISP CPE has that rule set [9], and it seems that other users
that have MAP have the MTU manually set [10].

- When Share ratio is 1:1 the port set is not necessary and the CPE
has a full port range available.
  Non TCP/UDP protocols fail to work in 1:1 ratio; to make them work
we assign the calculated IP address [11]
  to the MAP interface. I'm not sure if this is the correct way to go
but it is working. (tested with GRE)

I also wish the whole team a happy new year!

Thanks in advance for any feedback,
Nicolò

References:
[1]: 
https://github.com/hitech95/openwrt/commit/6ed00a53325008f586f36c6e136bf06b950ba419
[2]: 
https://github.com/hitech95/openwrt_luci/commit/a401a42d0d8023909abfe6c2c3a3db141f12178e
[3]: 
https://github.com/hitech95/openwrt_luci/commit/6dd7beb3d244eb5370a9732dd5e4f675352a2be9
[4]: