Re: OpenWrt IKEv2 NAT traversal (or similar) problem
On Wed, 31 May 2023 at 22:20, Peter Naulls wrote: > > On 5/30/23 21:09, Yousong Zhou wrote: > > On Wed, 31 May 2023 at 06:38, Peter Naulls wrote: > >> > > > > > Is it that your dns traffic is not going through the tunnel? curl > > -vvv should reveal the IP address it tries to connect. One > > possibility is that maybe the resolv result does not work. > > Yes, a DNS was an early check, I don't think this is the problem though. > When I said no data comes back from curl, this wasn't 100% correct - here's > the output (https://www.yahoo.com/ which is another problem site): > > >% Total% Received % Xferd Average Speed TimeTime Time > Current > Dload Upload Total SpentLeft Speed >0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- > 0* >Trying 74.6.231.21:443... > * Connected to www.yahoo.com (74.6.231.21) port 443 (#0) > * ALPN: offers h2 > * ALPN: offers http/1.1 > * CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt > * CApath: none > } [5 bytes data] > * [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Client hello (1): > } [512 bytes data] >0 00 00 0 0 0 --:--:-- 0:00:04 --:--:-- > 0 > > In Wireshark on the VPN interface, I can see that after the TLSv1 Client > Hello and then ACK, after that I get two errors: > > "TCP Previous segment not captured" (port 443) and "Dup ACK". The latter > might > just be a side effect of VPN retries or something. > > Looking at the interface itself, during the stream of ESP packets, we get a > TCP re transmission packet from the VPN host to the LAN IP, which seems wrong. > This is a match for this tcpdump from br-lan on OpenWrt: > > 14:14:45.368484 IP (tos 0x0, ttl 255, id 64433, offset 0, flags [none], proto > UDP (17), length 128) > 192.168.113.102.4500 > 89.187.170.130.4500: [no cksum] UDP-encap: > ESP(spi=0xce938746,seq=0x52), length 100 > 14:14:47.919812 IP (tos 0x68, ttl 60, id 18554, offset 0, flags [none], proto > TCP (6), length 342) > 20.25.241.18.443 > 192.168.113.102.62792: Flags [P.], cksum 0x12c7 > (correct), seq 0:302, ack 1, win 172, length 302 > 14:14:50.120142 IP (tos 0x0, ttl 255, id 64434, offset 0, flags [none], proto > UDP (17), length 112) > 192.168.113.102.4500 > 89.187.170.130.4500: [no cksum] UDP-encap: > ESP(spi=0xce938746,seq=0x53), length 84 > > Which I think is already a clue - the response is coming back via TCP 443 not > over the VPN UDP 4500. Not that I got any clue, but this looks very suspicious that you saw the supposed-to-go-through-tunnel packet at an intermediate router (the openwrt device). Regards, yousong ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: OpenWrt IKEv2 NAT traversal (or similar) problem
On Wed, 31 May 2023 at 06:38, Peter Naulls wrote: > > On 5/30/23 18:16, Yousong Zhou wrote: > > On Wednesday, 31 May 2023, Peter Naulls wrote: > >> > >> > ] > > > > I am afraid the above is still single direction traffic. > > Sorry, quite so. I finished this email in the middle of something else. > There > is return traffic: > > To Google, which works. > > 16:57:11.936911 IP (tos 0x0, ttl 128, id 43279, offset 0, flags [none], proto > UDP (17), length 29) > 192.168.113.102.4500 > 89.187.170.130.4500: [udp sum ok] > isakmp-nat-keep-alive > 16:57:16.597085 IP (tos 0x0, ttl 255, id 43280, offset 0, flags [none], proto > UDP (17), length 128) > 192.168.113.102.4500 > 89.187.170.130.4500: [no cksum] UDP-encap: > ESP(spi=0xc4a096e5,seq=0x31b), length 100 > 16:57:16.597085 IP (tos 0x0, ttl 255, id 43281, offset 0, flags [none], proto > UDP (17), length 128) > 192.168.113.102.4500 > 89.187.170.130.4500: [no cksum] UDP-encap: > ESP(spi=0xc4a096e5,seq=0x31c), length 100 > 16:57:16.629104 IP (tos 0x0, ttl 128, id 43983, offset 0, flags [none], proto > UDP (17), length 60) > 192.168.113.102.63724 > 192.168.113.3.53: [udp sum ok] 56044+ ? > www.google.com. (32) > 16:57:16.629104 IP (tos 0x0, ttl 128, id 43982, offset 0, flags [none], proto > UDP (17), length 60) > 192.168.113.102.54875 > 192.168.113.3.53: [udp sum ok] 4736+ A? > www.google.com. (32) > 16:57:16.630048 IP (tos 0x0, ttl 255, id 43282, offset 0, flags [none], proto > UDP (17), length 128) > 192.168.113.102.4500 > 89.187.170.130.4500: [no cksum] UDP-encap: > ESP(spi=0xc4a096e5,seq=0x31d), length 100 > 16:57:16.630050 IP (tos 0x0, ttl 255, id 43283, offset 0, flags [none], proto > UDP (17), length 128) > 192.168.113.102.4500 > 89.187.170.130.4500: [no cksum] UDP-encap: > ESP(spi=0xc4a096e5,seq=0x31e), length 100 > 16:57:16.634072 IP (tos 0x0, ttl 64, id 12085, offset 0, flags [DF], proto UDP > (17), length 88) > 192.168.113.3.53 > 192.168.113.102.63724: [bad udp cksum 0x6410 -> > 0x70cf!] > 56044 q: ? www.google.com. 1/0/0 www.google.com. [1m52s] > 2607:f8b0:4006:81d::2004 (60) > 16:57:16.639834 IP (tos 0x0, ttl 64, id 12086, offset 0, flags [DF], proto UDP > (17), length 76) > 192.168.113.3.53 > 192.168.113.102.54875: [bad udp cksum 0x6404 -> > 0x3314!] > 4736 q: A? www.google.com. 1/0/0 www.google.com. [4m19s] A 142.251.32.100 (48) > 16:57:16.654048 IP (tos 0x68, ttl 50, id 41090, offset 0, flags [none], proto > UDP (17), length 224) > 89.187.170.130.4500 > 192.168.113.102.4500: [no cksum] UDP-encap: > ESP(spi=0x0a11bcfe,seq=0x26d), length 196 > 16:57:16.665933 IP (tos 0x68, ttl 50, id 41091, offset 0, flags [none], proto > UDP (17), length 240) > 89.187.170.130.4500 > 192.168.113.102.4500: [no cksum] UDP-encap: > ESP(spi=0x0a11bcfe,seq=0x26e), length 212 > 16:57:16.668916 IP (tos 0x0, ttl 255, id 43284, offset 0, flags [none], proto > UDP (17), length 128) > 192.168.113.102.4500 > 89.187.170.130.4500: [no cksum] UDP-encap: > ESP(spi=0xc4a096e5,seq=0x31f), length 100 > 16:57:16.711776 IP (tos 0x68, ttl 50, id 41104, offset 0, flags [none], proto > UDP (17), length 160) > 89.187.170.130.4500 > 192.168.113.102.4500: [no cksum] UDP-encap: > ESP(spi=0x0a11bcfe,seq=0x26f), length 132 > > To another site, which doesn't: > > > 17:02:12.192380 IP (tos 0x0, ttl 255, id 43526, offset 0, flags [none], proto > UDP (17), length 144) > 192.168.113.102.4500 > 89.187.170.130.4500: [no cksum] UDP-encap: > ESP(spi=0xc4a096e5,seq=0x415), length 116 > 17:02:12.219548 IP (tos 0x0, ttl 255, id 43527, offset 0, flags [none], proto > UDP (17), length 144) > 192.168.113.102.4500 > 89.187.170.130.4500: [no cksum] UDP-encap: > ESP(spi=0xc4a096e5,seq=0x416), length 116 > 17:02:12.374062 IP (tos 0x68, ttl 50, id 6571, offset 0, flags [none], proto > UDP > (17), length 208) > 89.187.170.130.4500 > 192.168.113.102.4500: [no cksum] UDP-encap: > ESP(spi=0x0a11bcfe,seq=0x33b), length 180 > 17:02:12.382227 IP (tos 0x0, ttl 255, id 43528, offset 0, flags [none], proto > UDP (17), length 128) > 192.168.113.102.4500 > 89.187.170.130.4500: [no cksum] UDP-encap: > ESP(spi=0xc4a096e5,seq=0x417), length 100 > 17:02:12.523997 IP (tos 0x68, ttl 50, id 0, offset 0, flags [DF], proto UDP > (17), length 128) > 89.187.170.130.4500 > 192.168.113.102.4500: [no cksum] UDP-encap: > ESP(spi=0x0a11bcfe,seq=0x33c), length 100 > 17:02:12.525249 IP (tos 0x0, ttl 255, id 43529, offset 0, flags [none], proto > UDP (17), length 112) > 192.168.113.102.4500 > 89.187.170.130.4500: [no cksum] UDP-encap: > ESP(spi=0xc4a0
Re: OpenWrt IKEv2 NAT traversal (or similar) problem
On Wednesday, 31 May 2023, Peter Naulls wrote: > > > I'm trying to track down a problem whereby using Windows VPN, some websites > are accessible and some aren't. The problem is 100% OpenWrt, since it works > over > my regular WiFi router. > > Here's what I know (or think I know): > > All the VPN traffic uses UDP port 4500. This is (or should be) a pretty > typical > 22.03 NAT setup. The setup I'm testing against is with privatevpn.com, > although > the actual setup is something else, but the problem is the same. > > Using curl under Windows to try and isolate the problem and tcpdump > under OpenWrt, mostly looking at br-lan. The upstream is a wwan0 AT > connection. > > Looking at a fetch to https://www.google.com/ for example I can see there's > traffic in both directions, the NAT seems to be working as expected and all > works. > > However, if I try and fetch certain sites, and one in particular is > https://gov.visuallabsinc.com/ then there's still traffic in both directions, > but whatever is happening, it's not reaching the HTTP layer in curl and > nothing appears there - just a hang. > > Here's some example traffic: > > 17:02:12.192380 IP (tos 0x0, ttl 255, id 43526, offset 0, flags [none], proto > UDP (17), length 144) > 192.168.113.102.4500 > 89.187.170.130.4500: [no cksum] UDP-encap: > ESP(spi=0xc4a096e5,seq=0x415), length 116 > 17:02:12.219548 IP (tos 0x0, ttl 255, id 43527, offset 0, flags [none], proto > UDP (17), length 144) > 192.168.113.102.4500 > 89.187.170.130.4500: [no cksum] UDP-encap: > ESP(spi=0xc4a096e5,seq=0x416), length 116 I am afraid the above is still single direction traffic. > > > I have tried messing with the usual suspects - MTU, MSS, even put a > forward rule in the firewall for UDP 4500, but I guess I'm missing something. > > Any suggestions on what else to look at or to try? Let me know if you need > further details or better traces, etc. Try wireshark on the windows host itself to collect the traffic before entering the tunnel may help. Verbose curl logging (-vvv) is another source of information Regards, > > > Thanks! > > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[RFC 1/2] ath79: add nvmem cell mac-address-ascii support
This is needed for devices with mac address stored in ascii format, e.g.
HiWiFi HC6361 to be ported in the following patch.
Signed-off-by: Yousong Zhou
---
...of_net-add-mac-address-ascii-support.patch | 103 ++
.../408-mtd-redboot_partition_scan.patch | 4 +-
...of_net-add-mac-address-ascii-support.patch | 103 ++
...et-dsa-mt7530-support-MDB-operations.patch | 8 +-
...net-dsa-mt7530-add-interrupt-support.patch | 26 ++---
5 files changed, 225 insertions(+), 19 deletions(-)
create mode 100644
target/linux/ath79/patches-5.10/600-of_net-add-mac-address-ascii-support.patch
create mode 100644
target/linux/ath79/patches-5.15/600-of_net-add-mac-address-ascii-support.patch
diff --git
a/target/linux/ath79/patches-5.10/600-of_net-add-mac-address-ascii-support.patch
b/target/linux/ath79/patches-5.10/600-of_net-add-mac-address-ascii-support.patch
new file mode 100644
index 00..8849afb4d6
--- /dev/null
+++
b/target/linux/ath79/patches-5.10/600-of_net-add-mac-address-ascii-support.patch
@@ -0,0 +1,103 @@
+Index: linux-5.15.31/net/ethernet/eth.c
+===
+--- linux-5.15.31.orig/net/ethernet/eth.c
linux-5.15.31/net/ethernet/eth.c
+@@ -544,6 +544,63 @@ int eth_platform_get_mac_address(struct
+ }
+ EXPORT_SYMBOL(eth_platform_get_mac_address);
+
++static void *nvmem_cell_get_mac_address(struct nvmem_cell *cell)
++{
++ size_t len;
++ void *mac;
++
++ mac = nvmem_cell_read(cell, );
++ if (IS_ERR(mac))
++ return PTR_ERR(mac);
++ if (len != ETH_ALEN) {
++ kfree(mac);
++ return ERR_PTR(-EINVAL);
++ }
++ return mac;
++}
++
++static void *nvmem_cell_get_mac_address_ascii(struct nvmem_cell *cell)
++{
++ size_t len;
++ int ret;
++ void *mac_ascii;
++ u8 *mac;
++
++ mac_ascii = nvmem_cell_read(cell, );
++ if (IS_ERR(mac_ascii))
++ return PTR_ERR(mac_ascii);
++ if (len != ETH_ALEN*2+5) {
++ kfree(mac_ascii);
++ return ERR_PTR(-EINVAL);
++ }
++ mac = kmalloc(ETH_ALEN, GFP_KERNEL);
++ if (!mac) {
++ kfree(mac_ascii);
++ return ERR_PTR(-ENOMEM);
++ }
++ ret = sscanf(mac_ascii, "%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx",
++ [0], [1], [2],
++ [3], [4], [5]);
++ kfree(mac_ascii);
++ if (ret == ETH_ALEN)
++ return mac;
++ kfree(mac);
++ return ERR_PTR(-EINVAL);
++}
++
++static struct nvmem_cell_mac_address_property {
++ char *name;
++ void *(*read)(struct nvmem_cell *);
++} nvmem_cell_mac_address_properties[] = {
++ {
++ .name = "mac-address",
++ .read = nvmem_cell_get_mac_address,
++ }, {
++ .name = "mac-address-ascii",
++ .read = nvmem_cell_get_mac_address_ascii,
++ },
++};
++
+ /**
+ * nvmem_get_mac_address - Obtain the MAC address from an nvmem cell named
+ * 'mac-address' associated with given device.
+@@ -557,19 +614,23 @@ int nvmem_get_mac_address(struct device
+ {
+ struct nvmem_cell *cell;
+ const void *mac;
+- size_t len;
++ struct nvmem_cell_mac_address_property *property;
++ int i;
+
+- cell = nvmem_cell_get(dev, "mac-address");
+- if (IS_ERR(cell))
+- return PTR_ERR(cell);
+-
+- mac = nvmem_cell_read(cell, );
+- nvmem_cell_put(cell);
+-
+- if (IS_ERR(mac))
+- return PTR_ERR(mac);
++ for (i = 0; i < ARRAY_SIZE(nvmem_cell_mac_address_properties); i++) {
++ property = _cell_mac_address_properties[i];
++ cell = nvmem_cell_get(dev, property->name);
++ if (IS_ERR(cell)) {
++ if (i == ARRAY_SIZE(nvmem_cell_mac_address_properties)
- 1)
++ return PTR_ERR(cell);
++ continue;
++ }
++ mac = property->read(cell);
++ nvmem_cell_put(cell);
++ break;
++ }
+
+- if (len != ETH_ALEN || !is_valid_ether_addr(mac)) {
++ if (!is_valid_ether_addr(mac)) {
+ kfree(mac);
+ return -EINVAL;
+ }
diff --git
a/target/linux/ath79/patches-5.15/408-mtd-redboot_partition_scan.patch
b/target/linux/ath79/patches-5.15/408-mtd-redboot_partition_scan.patch
index 905c1319db..07c0a258ae 100644
--- a/target/linux/ath79/patches-5.15/408-mtd-redboot_partition_scan.patch
+++ b/target/linux/ath79/patches-5.15/408-mtd-redboot_partition_scan.patch
@@ -19,7 +19,7 @@
return -EIO;
}
offset -= master->erasesize;
-@@ -108,10 +113,6 @@ nogood:
+@@ -108,10 +114,6 @@ nogood:
goto nogood;
}
}
@@ -30,7 +30,7 @@
pr
[RFC 0/2] Backport HiWiFi HC6361 support from ar71xx
The device support was left out during the ath79 migration, mainly delayed by how to add device tree support for fetching ascii mac address In this series, patches were added for supporting "mac-address-ascii" nvmem cells. At the moment it will be able to read mac address in the form of 00:11:22:33:44:55 For the device itself, there is a minor issue regarding mac address increment caused by the following generic patch 683-of_net-add-mac-address-to-of-tree.patch In the 1st call of ag71xx_probe, of_get_mac_address succeeds with increment done and "mac-address" was added the the tree. But later the probe will fail with -EPROBE_DEFER because of PHY connect failure. Then on the 2nd call of ag71xx_probe and of_get_mac_address, the incremented address will be found and incremented again Yousong Zhou (2): ath79: add nvmem cell mac-address-ascii support ath79: port HiWiFi HC6361 from ar71xx .../linux/ath79/dts/ar9331_hiwifi_hc6361.dts | 156 ++ .../generic/base-files/etc/board.d/01_leds| 4 + target/linux/ath79/image/generic.mk | 12 ++ ...of_net-add-mac-address-ascii-support.patch | 103 .../408-mtd-redboot_partition_scan.patch | 4 +- ...of_net-add-mac-address-ascii-support.patch | 103 ...et-dsa-mt7530-support-MDB-operations.patch | 8 +- ...net-dsa-mt7530-add-interrupt-support.patch | 26 +-- 8 files changed, 397 insertions(+), 19 deletions(-) create mode 100644 target/linux/ath79/dts/ar9331_hiwifi_hc6361.dts create mode 100644 target/linux/ath79/patches-5.10/600-of_net-add-mac-address-ascii-support.patch create mode 100644 target/linux/ath79/patches-5.15/600-of_net-add-mac-address-ascii-support.patch ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[RFC 2/2] ath79: port HiWiFi HC6361 from ar71xx
The device was added for ar71xx target and dropped during the ath79
transition, mainly because of the ascii mac address stored in bdinfo
partition
Device page, http://wiki.openwrt.org/toh/hiwifi/hc6361
The vendor u-boot image accepts sysupgrade.bin image with specific
requirements, including having squashfs signature "hsqs" at file offset
0x14. This is not possible now that OpenWrt kernel image is at
least 2MB with the signature at offset 0x24.
Installation of current build of OpenWrt now requires a bootstrap step
of installing an earlier version first.
- If the vendor u-boot accepts sysupgrade image, hc6361 image of LEDE
release should work
- If the vendor u-boot accepts only verified flashsmt image, install
the one in the above device page. The image is based on Barrier
Breaker
SHA256SUM of the flashsmt image
81b193b95ea5f8e5c30cd62fa9facf275f39233be4fdeed7038f3deed2736156
After the bootstrap step, current build of OpenWrt can be installed
there fine.
Signed-off-by: Yousong Zhou
---
.../linux/ath79/dts/ar9331_hiwifi_hc6361.dts | 156 ++
.../generic/base-files/etc/board.d/01_leds| 4 +
target/linux/ath79/image/generic.mk | 12 ++
3 files changed, 172 insertions(+)
create mode 100644 target/linux/ath79/dts/ar9331_hiwifi_hc6361.dts
diff --git a/target/linux/ath79/dts/ar9331_hiwifi_hc6361.dts
b/target/linux/ath79/dts/ar9331_hiwifi_hc6361.dts
new file mode 100644
index 00..05d3f6730e
--- /dev/null
+++ b/target/linux/ath79/dts/ar9331_hiwifi_hc6361.dts
@@ -0,0 +1,156 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "ar9331.dtsi"
+
+#include
+#include
+
+/ {
+ model = "HiWiFi HC6361";
+ compatible = "hiwifi,hc6361", "qca,ar9331";
+
+ aliases {
+ serial0 =
+ led-boot = _system;
+ led-failsafe = _system;
+ led-running = _system;
+ led-upgrade = _system;
+ };
+
+ keys {
+ compatible = "gpio-keys";
+
+ reset {
+ label = "reset";
+ linux,code = ;
+ gpios = < 11 GPIO_ACTIVE_LOW>;
+ debounce-interval = <60>;
+ };
+ };
+
+ leds {
+ compatible = "gpio-leds";
+
+ led_system: system {
+ label = "blue:system";
+ gpios = < 1 GPIO_ACTIVE_LOW>;
+ default-state = "on";
+ };
+ wlan {
+ label = "blue:wlan";
+ gpios = < 0 GPIO_ACTIVE_LOW>;
+ };
+ wan {
+ label = "blue:wan";
+ gpios = < 27 GPIO_ACTIVE_LOW>;
+ };
+ };
+
+ reg_usb_vbus: regulator {
+ compatible = "regulator-fixed";
+ regulator-name = "usb_vbus";
+ regulator-min-microvolt = <500>;
+ regulator-max-microvolt = <500>;
+ enable-active-high;
+ gpio = < 20 GPIO_ACTIVE_HIGH>;
+ };
+};
+
+ {
+ status = "okay";
+ num-cs = <1>;
+
+ flash@0 {
+ compatible = "jedec,spi-nor";
+ reg = <0>;
+ spi-max-frequency = <2500>;
+
+ partitions {
+ compatible = "fixed-partitions";
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ uboot: partition@0 {
+ reg = <0x0 0x1>;
+ label = "u-boot";
+ read-only;
+ };
+
+ bdinfo: partition@1 {
+ reg = <0x1 0x1>;
+ label = "bdinfo";
+ read-only;
+ };
+
+ firmware: partition@2 {
+ compatible = "denx,uimage";
+ reg = <0x2 0xfc>;
+ label = "firmware";
+ };
+
+ backup: partition@fe {
+ reg = <0xfe 0x1>;
+ label = "backup";
+ read-only;
+ };
+
+ art: partition@ff {
+ reg = <0xff 0x1>;
+ label = "art";
+
[PATCH 1/3] netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy
Signed-off-by: Yousong Zhou --- include/netfilter.mk | 13 package/kernel/linux/modules/netfilter.mk | 39 ++- 2 files changed, 45 insertions(+), 7 deletions(-) diff --git a/include/netfilter.mk b/include/netfilter.mk index 4602a1d412..751fabef19 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -239,14 +239,15 @@ $(eval $(call nf_add,IPT_NFQUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_N $(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE)) -# tproxy +# socket +$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4)) +$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6)) +$(eval $(call nf_add,IPT_SOCKET,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6)) +# tproxy +$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4)) +$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6)) $(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6)) # led $(eval $(call nf_add,IPT_LED,CONFIG_NETFILTER_XT_TARGET_LED, $(P_XT)xt_LED)) diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 75a06fb651..85780306f3 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -162,6 +162,28 @@ endef $(eval $(call KernelPackage,nf-flow)) +define KernelPackage/nf-socket + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter socket lookup support + KCONFIG:= $(KCOFNIG_NF_SOCKET) + FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m))) +endef + +$(eval $(call KernelPackage,nf-socket)) + + +define KernelPackage/nf-tproxy + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter tproxy support + KCONFIG:= $(KCOFNIG_NF_TPROXY) + FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m))) +endef + +$(eval $(call KernelPackage,nf-tproxy)) + + define AddDepends/ipt SUBMENU:=$(NF_MENU) DEPENDS+= +kmod-ipt-core $(1) @@ -645,9 +667,24 @@ endef $(eval $(call KernelPackage,ipt-led)) +define KernelPackage/ipt-socket + TITLE:=Iptables socket matching support + DEPENDS+=+kmod-nf-socket +kmod-nf-conntrack + KCONFIG:=$(KCONFIG_IPT_SOCKET) + FILES:=$(foreach mod,$(IPT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_SOCKET-m))) + $(call AddDepends/ipt) +endef + +define KernelPackage/ipt-socket/description + Kernel modules for socket matching +endef + +$(eval $(call KernelPackage,ipt-socket)) + define KernelPackage/ipt-tproxy TITLE:=Transparent proxying support - DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables + DEPENDS+=+kmod-nf-tproxy +kmod-nf-conntrack KCONFIG:=$(KCONFIG_IPT_TPROXY) FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m))) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 3/3] netfilter: add kmod-nft-tproxy
Signed-off-by: Yousong Zhou --- include/netfilter.mk | 2 ++ package/kernel/linux/modules/netfilter.mk | 11 +++ 2 files changed, 13 insertions(+) diff --git a/include/netfilter.mk b/include/netfilter.mk index 83455cc378..2ef8f83e4c 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -353,6 +353,8 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_QUEUE,CONFIG_NFT_QUEUE, $(P_XT)nft_queu $(eval $(if $(NF_KMOD),$(call nf_add,NFT_SOCKET,CONFIG_NFT_SOCKET, $(P_XT)nft_socket),)) +$(eval $(if $(NF_KMOD),$(call nf_add,NFT_TPROXY,CONFIG_NFT_TPROXY, $(P_XT)nft_tproxy),)) + $(eval $(if $(NF_KMOD),$(call nf_add,NFT_COMPAT,CONFIG_NFT_COMPAT, $(P_XT)nft_compat),)) # userland only diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 7200af769f..1707bf2d9f 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -1228,6 +1228,17 @@ endef $(eval $(call KernelPackage,nft-socket)) +define KernelPackage/nft-tproxy + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables tproxy support + DEPENDS:=+kmod-nft-core +kmod-nf-tproxy +kmod-nf-conntrack + FILES:=$(foreach mod,$(NFT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_TPROXY-m))) + KCONFIG:=$(KCONFIG_NFT_TPROXY) +endef + +$(eval $(call KernelPackage,nft-tproxy)) + define KernelPackage/nft-compat SUBMENU:=$(NF_MENU) TITLE:=Netfilter nf_tables compat support ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 2/3] netfilter: add kmod-nft-socket
Signed-off-by: Yousong Zhou --- include/netfilter.mk | 2 ++ package/kernel/linux/modules/netfilter.mk | 11 +++ 2 files changed, 13 insertions(+) diff --git a/include/netfilter.mk b/include/netfilter.mk index 751fabef19..83455cc378 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -351,6 +351,8 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_IPV6, $(P_V6)nft_fib $(eval $(if $(NF_KMOD),$(call nf_add,NFT_QUEUE,CONFIG_NFT_QUEUE, $(P_XT)nft_queue),)) +$(eval $(if $(NF_KMOD),$(call nf_add,NFT_SOCKET,CONFIG_NFT_SOCKET, $(P_XT)nft_socket),)) + $(eval $(if $(NF_KMOD),$(call nf_add,NFT_COMPAT,CONFIG_NFT_COMPAT, $(P_XT)nft_compat),)) # userland only diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 85780306f3..7200af769f 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -1217,6 +1217,17 @@ endef $(eval $(call KernelPackage,nft-queue)) +define KernelPackage/nft-socket + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables socket support + DEPENDS:=+kmod-nft-core +kmod-nf-socket + FILES:=$(foreach mod,$(NFT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_SOCKET-m))) + KCONFIG:=$(KCONFIG_NFT_SOCKET) +endef + +$(eval $(call KernelPackage,nft-socket)) + define KernelPackage/nft-compat SUBMENU:=$(NF_MENU) TITLE:=Netfilter nf_tables compat support ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] pkg_hash: pkg_hash_check_unresolved: fix segfault
Signed-off-by: Yousong Zhou
---
libopkg/pkg_hash.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libopkg/pkg_hash.c b/libopkg/pkg_hash.c
index 879c0ec..dbed3fe 100644
--- a/libopkg/pkg_hash.c
+++ b/libopkg/pkg_hash.c
@@ -263,7 +263,7 @@ pkg_hash_check_unresolved(pkg_t *maybe)
if (unresolved) {
res = 1;
tmp = unresolved;
- while (tmp)
+ while (*tmp)
free(*(tmp++));
free(unresolved);
}
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 1/4] kernel: remove target specific setting of CONFIG_TCP_CONG_ADVANCED
The option was introduced in upstream linux commit a6484045 ("[TCP]: Do
not present confusing congestion control options by default.").
The option is set to y in generic config and to the moment does not
incur additional size increment. Make it y for all so that packages
such as kmod-tcp-bbr do not have to set it on every occasion
Signed-off-by: Yousong Zhou
---
target/linux/layerscape/armv7/config-5.4 | 1 -
target/linux/layerscape/armv8_64b/config-5.4 | 1 -
target/linux/zynq/config-5.4 | 1 -
3 files changed, 3 deletions(-)
diff --git a/target/linux/layerscape/armv7/config-5.4
b/target/linux/layerscape/armv7/config-5.4
index 15c3492349..019119d6db 100644
--- a/target/linux/layerscape/armv7/config-5.4
+++ b/target/linux/layerscape/armv7/config-5.4
@@ -715,7 +715,6 @@ CONFIG_SYNC_FILE=y
CONFIG_SYSFS_SYSCALL=y
CONFIG_SYS_SUPPORTS_APM_EMULATION=y
CONFIG_SYS_SUPPORTS_HUGETLBFS=y
-# CONFIG_TCP_CONG_ADVANCED is not set
CONFIG_THERMAL=y
CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0
diff --git a/target/linux/layerscape/armv8_64b/config-5.4
b/target/linux/layerscape/armv8_64b/config-5.4
index dd9abca986..cd8ea82e52 100644
--- a/target/linux/layerscape/armv8_64b/config-5.4
+++ b/target/linux/layerscape/armv8_64b/config-5.4
@@ -894,7 +894,6 @@ CONFIG_TASKS_RCU=y
CONFIG_TASK_DELAY_ACCT=y
CONFIG_TASK_IO_ACCOUNTING=y
CONFIG_TASK_XACCT=y
-# CONFIG_TCP_CONG_ADVANCED is not set
CONFIG_THERMAL=y
CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0
diff --git a/target/linux/zynq/config-5.4 b/target/linux/zynq/config-5.4
index 5b7b0ebfb3..04fde2add2 100644
--- a/target/linux/zynq/config-5.4
+++ b/target/linux/zynq/config-5.4
@@ -572,7 +572,6 @@ CONFIG_SWP_EMULATE=y
CONFIG_SYNC_FILE=y
CONFIG_SYSFS_SYSCALL=y
CONFIG_SYS_SUPPORTS_APM_EMULATION=y
-# CONFIG_TCP_CONG_ADVANCED is not set
# CONFIG_TEXTSEARCH is not set
CONFIG_THERMAL=y
CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 4/4] kmod-tcp-hybla: new module for hybla congestion control algorithm
Just the module and no default sysctl conf file is provided Link: https://forum.openwrt.org/t/20-xx-tcp-hybla/83076 Signed-off-by: Yousong Zhou --- package/kernel/linux/modules/netsupport.mk | 18 ++ 1 file changed, 18 insertions(+) diff --git a/package/kernel/linux/modules/netsupport.mk b/package/kernel/linux/modules/netsupport.mk index d287e46270..4e78ac5478 100644 --- a/package/kernel/linux/modules/netsupport.mk +++ b/package/kernel/linux/modules/netsupport.mk @@ -947,6 +947,24 @@ endef $(eval $(call KernelPackage,tcp-bbr)) +define KernelPackage/tcp-hybla + SUBMENU:=$(NETWORK_SUPPORT_MENU) + TITLE:=TCP-Hybla congestion control algorithm + KCONFIG:=CONFIG_TCP_CONG_HYBLA + FILES:=$(LINUX_DIR)/net/ipv4/tcp_hybla.ko + AUTOLOAD:=$(call AutoProbe,tcp_hybla) +endef + +define KernelPackage/tcp-hybla/description + TCP-Hybla is a sender-side only change that eliminates penalization of + long-RTT, large-bandwidth connections, like when satellite legs are + involved, especially when sharing a common bottleneck with normal + terrestrial connections. +endef + +$(eval $(call KernelPackage,tcp-hybla)) + + define KernelPackage/ax25 SUBMENU:=$(NETWORK_SUPPORT_MENU) TITLE:=AX25 support ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 0/4] add tcp hybla congestion control algorithm
CONFIG_TCP_CONG_ADVANCED=y do not incur addition space cost. Quote
commit message of the first commit
> The option was introduced in upstream linux commit a6484045 ("[TCP]:
> Do not present confusing congestion control options by default.").
tcp-hybla cca will be a module, like kmod-tcp-bbr, it should not affect
users of default build and config
v2 <- v1
- Use CONFIG_TCP_CONG_ADVANCED=y in generic config
- Use AutoProbe instead of AutoLoad with custom prio order
- Existing kmod-tcp-bbr was changed to align with above
Yousong Zhou (4):
kernel: remove target specific setting of CONFIG_TCP_CONG_ADVANCED
kmod-tcp-bbr: leave CONFIG_TCP_CONG_ADVANCED to target config
kmod-tcp-bbr: use AutoProbe
kmod-tcp-hybla: new module for hybla congestion control algorithm
package/kernel/linux/modules/netsupport.mk | 24
target/linux/layerscape/armv7/config-5.4 | 1 -
target/linux/layerscape/armv8_64b/config-5.4 | 1 -
target/linux/zynq/config-5.4 | 1 -
4 files changed, 20 insertions(+), 7 deletions(-)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 3/4] kmod-tcp-bbr: use AutoProbe
Signed-off-by: Yousong Zhou --- package/kernel/linux/modules/netsupport.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/kernel/linux/modules/netsupport.mk b/package/kernel/linux/modules/netsupport.mk index 958b510015..d287e46270 100644 --- a/package/kernel/linux/modules/netsupport.mk +++ b/package/kernel/linux/modules/netsupport.mk @@ -928,7 +928,7 @@ define KernelPackage/tcp-bbr TITLE:=BBR TCP congestion control KCONFIG:=CONFIG_TCP_CONG_BBR FILES:=$(LINUX_DIR)/net/ipv4/tcp_bbr.ko - AUTOLOAD:=$(call AutoLoad,74,tcp_bbr) + AUTOLOAD:=$(call AutoProbe,tcp_bbr) endef define KernelPackage/tcp-bbr/description ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 2/4] kmod-tcp-bbr: leave CONFIG_TCP_CONG_ADVANCED to target config
Since generic has the option set to y and other targets now inherit that choice, there is no behaviour change Signed-off-by: Yousong Zhou --- package/kernel/linux/modules/netsupport.mk | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/package/kernel/linux/modules/netsupport.mk b/package/kernel/linux/modules/netsupport.mk index 0c68b394d1..958b510015 100644 --- a/package/kernel/linux/modules/netsupport.mk +++ b/package/kernel/linux/modules/netsupport.mk @@ -926,9 +926,7 @@ $(eval $(call KernelPackage,sched)) define KernelPackage/tcp-bbr SUBMENU:=$(NETWORK_SUPPORT_MENU) TITLE:=BBR TCP congestion control - KCONFIG:= \ - CONFIG_TCP_CONG_ADVANCED=y \ - CONFIG_TCP_CONG_BBR + KCONFIG:=CONFIG_TCP_CONG_BBR FILES:=$(LINUX_DIR)/net/ipv4/tcp_bbr.ko AUTOLOAD:=$(call AutoLoad,74,tcp_bbr) endef ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] kernel: add module for tcp-hybla congestion control algorithm
On Wed, 23 Dec 2020 at 20:09, Hauke Mehrtens wrote: > > On 12/23/20 8:36 AM, Yousong Zhou wrote: > > Just the module and no default sysctl conf file is provided > > > > Ref: https://forum.openwrt.org/t/20-xx-tcp-hybla/83076 > > Signed-off-by: Yousong Zhou > > --- > > package/kernel/linux/modules/netsupport.mk | 20 > > 1 file changed, 20 insertions(+) > > > > diff --git a/package/kernel/linux/modules/netsupport.mk > > b/package/kernel/linux/modules/netsupport.mk > > index 0c68b394d1..156892c952 100644 > > --- a/package/kernel/linux/modules/netsupport.mk > > +++ b/package/kernel/linux/modules/netsupport.mk > > @@ -949,6 +949,26 @@ endef > > $(eval $(call KernelPackage,tcp-bbr)) > > > > > > +define KernelPackage/tcp-hybla > > + SUBMENU:=$(NETWORK_SUPPORT_MENU) > > + TITLE:=TCP-Hybla congestion control algorithm > > + KCONFIG:= \ > > + CONFIG_TCP_CONG_ADVANCED=y \ > > This is already set in the generic configuration for most targets: > - > :~/openwrt/openwrt/target/linux$ git grep TCP_CONG_ADVANCED > generic/config-5.4:CONFIG_TCP_CONG_ADVANCED=y > layerscape/armv7/config-5.4:# CONFIG_TCP_CONG_ADVANCED is not set > layerscape/armv8_64b/config-5.4:# CONFIG_TCP_CONG_ADVANCED is not set > zynq/config-5.4:# CONFIG_TCP_CONG_ADVANCED is not set > --- > > I would prefer if we set if for all targets, then it is not needed here > any more. Will do in v2 > > > > + CONFIG_TCP_CONG_HYBLA > > + FILES:=$(LINUX_DIR)/net/ipv4/tcp_hybla.ko > > + AUTOLOAD:=$(call AutoLoad,74,tcp_hybla) > > Is AutoProbe working here? Will test and send with modification also for tcp-bbr in v2. Regards, yousong ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] kernel: add module for tcp-hybla congestion control algorithm
Just the module and no default sysctl conf file is provided Ref: https://forum.openwrt.org/t/20-xx-tcp-hybla/83076 Signed-off-by: Yousong Zhou --- package/kernel/linux/modules/netsupport.mk | 20 1 file changed, 20 insertions(+) diff --git a/package/kernel/linux/modules/netsupport.mk b/package/kernel/linux/modules/netsupport.mk index 0c68b394d1..156892c952 100644 --- a/package/kernel/linux/modules/netsupport.mk +++ b/package/kernel/linux/modules/netsupport.mk @@ -949,6 +949,26 @@ endef $(eval $(call KernelPackage,tcp-bbr)) +define KernelPackage/tcp-hybla + SUBMENU:=$(NETWORK_SUPPORT_MENU) + TITLE:=TCP-Hybla congestion control algorithm + KCONFIG:= \ + CONFIG_TCP_CONG_ADVANCED=y \ + CONFIG_TCP_CONG_HYBLA + FILES:=$(LINUX_DIR)/net/ipv4/tcp_hybla.ko + AUTOLOAD:=$(call AutoLoad,74,tcp_hybla) +endef + +define KernelPackage/tcp-hybla/description + TCP-Hybla is a sender-side only change that eliminates penalization of + long-RTT, large-bandwidth connections, like when satellite legs are + involved, especially when sharing a common bottleneck with normal + terrestrial connections. +endef + +$(eval $(call KernelPackage,tcp-hybla)) + + define KernelPackage/ax25 SUBMENU:=$(NETWORK_SUPPORT_MENU) TITLE:=AX25 support ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] build: replace which with Bash command built-in
On Tue, 22 Dec 2020 at 17:51, Petr Štetiar wrote:
>
> `which` utility is not shipped by default for example on recent Arch
> Linux and then any steps relying on its presence fails, like for example
> following Python3 prereq build check:
>
> $ python3 --version
> Python 3.9.1
>
> $ make
> /bin/sh: line 1: which: command not found
> /bin/sh: line 1: which: command not found
> /bin/sh: line 1: which: command not found
> ...
> Checking 'python3'... failed.
> ...
>
> Fix this by switching to Bash builtin `command` which should provide
> same functionality.
>
> Fixes: FS#3525
> Signed-off-by: Petr Štetiar
> ---
>
> Other option is to check for `which` util presence in prereq-build and adding
> `which` to the list of required host build utils.
>
> Makefile | 3 ++-
> include/cmake.mk | 2 +-
> include/prereq.mk | 4 ++--
> 3 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/Makefile b/Makefile
> index 24f5955c9066..f4519e00d28d 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -18,7 +18,8 @@ $(if $(findstring $(space),$(TOPDIR)),$(error ERROR: The
> path to the OpenWrt dir
>
> world:
>
> -DISTRO_PKG_CONFIG:=$(shell which -a pkg-config | grep -E '\/usr' | head -n 1)
> +WHICH:=command -pv
> +DISTRO_PKG_CONFIG:=$(shell $(WHICH) pkg-config | grep -E '\/usr' | head -n 1)
> export PATH:=$(TOPDIR)/staging_dir/host/bin:$(PATH)
>
> ifneq ($(OPENWRT_BUILD),1)
> diff --git a/include/cmake.mk b/include/cmake.mk
> index 0a20530a16fe..ff00b5e779b5 100644
> --- a/include/cmake.mk
> +++ b/include/cmake.mk
> @@ -15,7 +15,7 @@ MAKE_PATH = $(firstword $(CMAKE_BINARY_SUBDIR) .)
> ifeq ($(CONFIG_EXTERNAL_TOOLCHAIN),)
>cmake_tool=$(TOOLCHAIN_DIR)/bin/$(1)
> else
> - cmake_tool=$(shell which $(1))
> + cmake_tool=$(shell $(WHICH) $(1))
Will "-p" in "command -pv" ignore those paths in staging_dir? If that
is so, maybe we should only use that flag in prereq.mk
Regards,
yousong
> endif
>
> ifeq ($(CONFIG_CCACHE),)
> diff --git a/include/prereq.mk b/include/prereq.mk
> index 83ac21242c65..a6ee2bb637f5 100644
> --- a/include/prereq.mk
> +++ b/include/prereq.mk
> @@ -52,7 +52,7 @@ endef
>
> define RequireCommand
>define Require/$(1)
> -which $(1)
> +$(WHICH) $(1)
>endef
>
>$$(eval $$(call Require,$(1),$(2)))
> @@ -106,7 +106,7 @@ define SetupHostCommand
>$(call QuoteHostCommand,$(11)) $(call
> QuoteHostCommand,$(12)); do \
> if [ -n "cmd" ]; then \
> bin="(PATH="$(subst $(space),:,$(filter-out
> $(STAGING_DIR_HOST)/%,$(subst :,$(space),$(PATH" \
> - which "{cmd%% *}")"; \
> + $(WHICH) "{cmd%% *}")"; \
> if [ -x "bin" ] && eval "cmd"
> >/dev/null 2>/dev/null; then \
> mkdir -p "$(STAGING_DIR_HOST)/bin"; \
> ln -sf "bin"
> "$(STAGING_DIR_HOST)/bin/$(strip $(1))"; \
>
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [RFC] raise gcc/make versions for 20.x
On Wed, 16 Dec 2020 at 13:11, Petr Štetiar wrote: > > Paul Spooren [2020-12-15 16:26:14]: > > Hi, > > > I've seen two patches for version raises of build requirements and would > > like to know if we should merge them before or after 20.x. > > > > make: 3.81.x -> 4.1.x > > gcc: 4.8 -> 6.x > > > > I'm in favor to merge both *before* the branch. > > it would probably help to know the reason as well. "I'm in favor" might not be > enough in this almost pre-release stage. > > AFAIK that Make version bump fixes an issue with possibly few stray ANSI color > escapes (workaround is to use NO_COLOR=1 in this case) and \r characters in > the > log file. Is it really that big issue to do this last minute version bump? > > FYI that gcc6+ one was NACKed[1] by Yousong and I'm fine with that for 20.12 > release. I plan to rebase/resend that patch once 20.12 is branched. > > 1. > https://patchwork.ozlabs.org/project/openwrt/patch/20191112081625.27695-1-yn...@true.cz/#2301662 > I still hold the belief that a system such as CentOS could deserve a work-out-of-the-box experience ;) But now that CentOS like the old day is not an option anymore in the future, I say we move on in the next release. Regards, yousong ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH v3 00/11] sysupgrade: reword and organize log lines
On Tue, 10 Nov 2020 at 21:46, Yousong Zhou wrote: > > The series mainly aims to make sysupgrade log output more organized and > less disturbing, in the following aspects > > - Hide "write error: Broken pipe" from cat command and its friends > - Hide "F+P records in/out" lines from dd command > - Make log lines from sysupgrade command itself more distinguishable >than other commands by using common.sh function "v" > > The series should at least partially address concerns raised at FS#3140 > > Ref: https://bugs.openwrt.org/index.php?do=details_id=3140 The series just got applied. Thanks for all the inputs. Regards, yousong > > v3 <- v2 > > - rework get_image_dd to not mix stderr/stdout content and filter only on >stderr messages > - reword the "comment as log" commit to reflect current status of this series > - add vn, _vn, _v variant for lines needing "echo -n". E.g. "Sending xx to >remaining processes", "Supported devices: ..." > > v2 <- v1 > > - Make date command available in ramdisk and prefix log lines with datetime > - Hide "F+P records in/out" stderr output from dd command > > Sysupgrade stdio dumps attached below for comparison > > v3 > > Tue Nov 10 13:40:34 UTC 2020 upgrade: Image metadata not present > Tue Nov 10 13:40:34 UTC 2020 upgrade: Reading partition table from > bootdisk... > Tue Nov 10 13:40:34 UTC 2020 upgrade: Extract boot sector from the image > Tue Nov 10 13:40:35 UTC 2020 upgrade: Reading partition table from image... > Tue Nov 10 13:40:35 UTC 2020 upgrade: Commencing upgrade. Closing all shell > sessions. > killall: telnetd: no process killed > Tue Nov 10 13:40:35 UTC 2020 upgrade: Sending TERM to remaining processes > ... ubusd askfirst urngd logd netifd odhcpd xl2tpd ntpd dnsmasq > Tue Nov 10 13:40:38 UTC 2020 upgrade: Sending KILL to remaining processes > ... > Tue Nov 10 13:40:39 UTC 2020 upgrade: Switching to ramdisk... > [ 108.061617] EXT4-fs (vda2): re-mounted. Opts: (null) > Tue Nov 10 13:40:39 UTC 2020 upgrade: Performing system upgrade... > Tue Nov 10 13:40:39 UTC 2020 upgrade: Reading partition table from > bootdisk... > Tue Nov 10 13:40:39 UTC 2020 upgrade: Extract boot sector from the image > Tue Nov 10 13:40:39 UTC 2020 upgrade: Reading partition table from image... > Tue Nov 10 13:40:39 UTC 2020 upgrade: Writing image to /dev/vda1... > Tue Nov 10 13:40:40 UTC 2020 upgrade: Writing image to /dev/vda2... > Tue Nov 10 13:40:45 UTC 2020 upgrade: Writing new UUID to /dev/vda... > [ 113.637564] F2FS-fs (vda1): Magic Mismatch, valid(0xf2f52010) - read(0x0) > [ 113.645289] F2FS-fs (vda1): Can't find valid F2FS filesystem in 1th > superblock > [ 113.656026] F2FS-fs (vda1): Magic Mismatch, valid(0xf2f52010) - > read(0x6020601) > [ 113.667033] F2FS-fs (vda1): Can't find valid F2FS filesystem in 2th > superblock > Tue Nov 10 13:40:45 UTC 2020 upgrade: Upgrading bootloader on /dev/vda... > Tue Nov 10 13:40:51 UTC 2020 upgrade: Upgrade completed > Tue Nov 10 13:40:52 UTC 2020 upgrade: Rebooting system... > umount: can't unmount /dev: Resource busy > umount: can't unmount /tmp: Resource busy > [ 121.226308] Unregister pv shared memory for cpu 0 > [ 121.236284] reboot: Restarting system > [ 121.241691] reboot: machine restart > > v2 > > Tue Nov 10 02:04:04 UTC 2020 upgrade: Image metadata not present > Tue Nov 10 02:04:04 UTC 2020 upgrade: Reading partition table from > bootdisk... > Tue Nov 10 02:04:04 UTC 2020 upgrade: Extract boot sector from the image > Tue Nov 10 02:04:05 UTC 2020 upgrade: Reading partition table from image... > Tue Nov 10 02:04:05 UTC 2020 upgrade: Commencing upgrade. Closing all shell > sessions. > killall: telnetd: no process killed > Sending TERM to remaining processes ... ubusd askfirst urngd logd netifd > odhcpd xl2tpd ntpd dnsmasq > Sending KILL to remaining processes ... > Tue Nov 10 02:04:09 UTC 2020 upgrade: Switching to ramdisk... > [ 25.995408] EXT4-fs (vda2): re-mounted. Opts: (null) > Tue Nov 10 02:04:09 UTC 2020 upgrade: Performing system upgrade... > Tue Nov 10 02:04:09 UTC 2020 upgrade: Reading partition table from > bootdisk... > Tue Nov 10 02:04:10 UTC 2020 upgrade: Extract boot sector from the image > Tue Nov 10 02:04:10 UTC 2020 upgrade: Reading partition table from image... > Tue Nov 10 02:04:10 UTC 2020 upgrade: Writing image to /dev/vda1... > Tue Nov 10 02:04:11 UTC 2020 upgrade: Writing image to /dev/vda2... > Tue Nov 10 02:04:15 UTC 2020 upgrade: Writing new UUID to /dev/vda... > [ 31.582751] F2FS-fs (vda1): Magic Mismatch
[PATCH v3 02/11] base-files: upgrade: add vn and variants
To be used with in the following pattern
vn "Remaining: "
for p in $xx; do
_vn "$p"
done
_v
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/common.sh | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/package/base-files/files/lib/upgrade/common.sh
b/package/base-files/files/lib/upgrade/common.sh
index 2ae83f5bfb..0f25199365 100644
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -63,8 +63,20 @@ ask_bool() {
[ "$answer" -gt 0 ]
}
+_v() {
+ [ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo "$*" >&2
+}
+
+_vn() {
+ [ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo -n "$*" >&2
+}
+
v() {
- [ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo "$(date) upgrade: $@"
>&2
+ _v "$(date) upgrade: $@"
+}
+
+vn() {
+ _vn "$(date) upgrade: $@"
}
json_string() {
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v3 07/11] base-files: upgrade: stage2: use v for log lines
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/stage2 | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/package/base-files/files/lib/upgrade/stage2
b/package/base-files/files/lib/upgrade/stage2
index 211a3f4b33..c7629c383f 100755
--- a/package/base-files/files/lib/upgrade/stage2
+++ b/package/base-files/files/lib/upgrade/stage2
@@ -53,7 +53,7 @@ switch_to_ramfs() {
[ -L "/lib64" ] && ln -s /lib $RAM_ROOT/lib64
supivot $RAM_ROOT /mnt || {
- echo "Failed to switch over to ramfs. Please reboot."
+ v "Failed to switch over to ramfs. Please reboot."
exit 1
}
@@ -75,7 +75,7 @@ kill_remaining() { # [ [ ] ]
local stat
local proc_ppid=$(cut -d' ' -f4 /proc/$$/stat)
- echo -n "Sending $sig to remaining processes ... "
+ vn "Sending $sig to remaining processes ..."
while $run; do
run=false
@@ -95,7 +95,7 @@ kill_remaining() { # [ [ ] ]
# Skip kernel threads
[ -n "$cmdline" ] || continue
- echo -n "$name "
+ _vn " $name"
kill -$sig $pid 2>/dev/null
[ $loop -eq 1 ] && run=true
@@ -103,12 +103,12 @@ kill_remaining() { # [ [ ] ]
let loop_limit--
[ $loop_limit -eq 0 ] && {
- echo
- echo "Failed to kill all processes."
+ _v
+ v "Failed to kill all processes."
exit 1
}
done
- echo
+ _v
}
indicate_upgrade
@@ -129,7 +129,7 @@ if [ -n "$IMAGE" ] && type 'platform_pre_upgrade'
>/dev/null 2>/dev/null; then
fi
if [ -n "$(rootfs_type)" ]; then
- echo "Switching to ramdisk..."
+ v "Switching to ramdisk..."
switch_to_ramfs
fi
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v3 09/11] x86: upgrade: use v function for writting logs
Signed-off-by: Yousong Zhou
---
.../linux/x86/base-files/lib/upgrade/platform.sh | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/target/linux/x86/base-files/lib/upgrade/platform.sh
b/target/linux/x86/base-files/lib/upgrade/platform.sh
index 1bcd492dd7..617b267e68 100644
--- a/target/linux/x86/base-files/lib/upgrade/platform.sh
+++ b/target/linux/x86/base-files/lib/upgrade/platform.sh
@@ -7,13 +7,13 @@ platform_check_image() {
case "$(get_magic_word "$1")" in
eb48|eb63) ;;
*)
- echo "Invalid image type"
+ v "Invalid image type"
return 1
;;
esac
export_bootdevice && export_partdevice diskdev 0 || {
- echo "Unable to determine upgrade device"
+ v "Unable to determine upgrade device"
return 1
}
@@ -30,7 +30,7 @@ platform_check_image() {
rm -f /tmp/image.bs /tmp/partmap.bootdisk /tmp/partmap.image
if [ -n "$diff" ]; then
- echo "Partition layout has changed. Full image will be written."
+ v "Partition layout has changed. Full image will be written."
ask_bool 0 "Abort" && exit 1
return 0
fi
@@ -57,7 +57,7 @@ platform_do_bootloader_upgrade() {
echo "(hd0) /dev/$diskdev" > /tmp/device.map
part_magic_efi "/dev/$diskdev" && parttable=gpt
- echo "Upgrading bootloader on /dev/$diskdev..."
+ v "Upgrading bootloader on /dev/$diskdev..."
grub-bios-setup \
-m "/tmp/device.map" \
-d "/tmp/boot/boot/grub" \
@@ -73,7 +73,7 @@ platform_do_upgrade() {
local diskdev partdev diff
export_bootdevice && export_partdevice diskdev 0 || {
- echo "Unable to determine upgrade device"
+ v "Unable to determine upgrade device"
return 1
}
@@ -107,15 +107,15 @@ platform_do_upgrade() {
#iterate over each partition from the image and write it to the boot
disk
while read part start size; do
if export_partdevice partdev $part; then
- echo "Writing image to /dev/$partdev..."
+ v "Writing image to /dev/$partdev..."
get_image "$@" | dd of="/dev/$partdev" ibs=512 obs=1M
skip="$start" count="$size" conv=fsync
else
- echo "Unable to find partition $part device, skipped."
+ v "Unable to find partition $part device, skipped."
fi
done < /tmp/partmap.image
#copy partition uuid
- echo "Writing new UUID to /dev/$diskdev..."
+ v "Writing new UUID to /dev/$diskdev..."
get_image "$@" | dd of="/dev/$diskdev" bs=1 skip=440 count=4 seek=440
conv=fsync
platform_do_bootloader_upgrade "$diskdev"
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v3 00/11] sysupgrade: reword and organize log lines
pv shared memory for cpu 0 [ 39.177657] reboot: Restarting system [ 39.183596] reboot: machine restart v1 root@OpenWrt:/# sysupgrade -n -v /tmp/x86.gz == upgrade: Image metadata not present == upgrade: Reading partition table from bootdisk... == upgrade: Extract boot sector from the image 54+9 records in 54+9 records out == upgrade: Reading partition table from image... == upgrade: Commencing upgrade. Closing all shell sessions. killall: telnetd: no process killed Sending TERM to remaining processes ... ubusd askfirst urngd logd netifd odhcpd xl2tpd ntpd dnsmasq Sending KILL to remaining processes ... == upgrade: Switching to ramdisk... == upgrade: Performing system upgrade... == upgrade: Reading partition table from bootdisk... == upgrade: Extract boot sector from the image 0+63 records in 0+63 records out == upgrade: Reading partition table from image... == upgrade: Writing image to /dev/vda1... 65535+0 records in 31+1 records out == upgrade: Writing image to /dev/vda2... 262143+0 records in 127+1 records out == upgrade: Writing new UUID to /dev/vda... 4+0 records in 4+0 records out [ 98.737664] F2FS-fs (vda1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 98.747115] F2FS-fs (vda1): Can't find valid F2FS filesystem in 1th superblock [ 98.757250] F2FS-fs (vda1): Magic Mismatch, valid(0xf2f52010) - read(0x6020601) [ 98.770807] F2FS-fs (vda1): Can't find valid F2FS filesystem in 2th superblock == upgrade: Upgrading bootloader on /dev/vda... == upgrade: Upgrade completed == upgrade: Rebooting system... umount: can't unmount /dev: Resource busy umount: can't unmount /tmp: Resource busy [ 106.922638] Unregister pv shared memory for cpu 0 [ 106.931062] reboot: Restarting system [ 106.936009] reboot: machine restart Original root@(none):/# sysupgrade -n -v /tmp/x86.gz Image metadata not found Reading partition table from bootdisk... zcat: write error: Broken pipe zcat: write: Broken pipe Reading partition table from image... Commencing upgrade. Closing all shell sessions. killall: telnetd: no process killed Sending TERM to remaining processes ... ubusd askfirst urngd logd netifd odhcpd ntpd dnsmasq Sending KILL to remaining processes ... Switching to ramdisk... Performing system upgrade... Reading partition table from bootdisk... 0+63 records in 0+63 records out zcat: write error: Broken pipe zcat: write: Broken pipe Reading partition table from image... Writing image to /dev/vda1... zcat: write error: Broken pipe zcat: write: Broken pipe 32767+0 records in 15+1 records out Writing image to /dev/vda2... 212991+0 records in 103+1 records out Writing new UUID to /dev/vda... 4+0 records in 4+0 records out zcat: write error: Broken pipe zcat: write: Broken pipe [ 31.461949] F2FS-fs (vda1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 31.470274] F2FS-fs (vda1): Can't find valid F2FS filesystem in 1th superblock [ 31.480216] F2FS-fs (vda1): Magic Mismatch, valid(0xf2f52010) - read(0x6020601) [ 31.491775] F2FS-fs (vda1): Can't find valid F2FS filesystem in 2th superblock Upgrading bootloader on /dev/vda... Upgrade completed Rebooting system... umount: can't unmount /dev: Resource busy umount: can't unmount /tmp: Resource busy [ 38.511806] Unregister pv shared memory for cpu 0 [ 38.519259] reboot: Restarting system [ 38.523725] reboot: machine restart Yousong Zhou (11): base-files: upgrade: log with date prefix base-files: upgrade: add vn and variants base-files: upgrade: use stdin redirection to replace cat command base-files: upgrade: add get_image_dd() base-files: upgrade: fwtool.sh: use v for log lines base-files: upgrade: fwtool.sh: rewording logs base-files: upgrade: stage2: use v for log lines base-files: bump PKG_RELEASE x86: upgrade: use v function for writting logs x86: upgrade: use get_image_dd x86: upgrade: make code comment appear as log lines package/base-files/Makefile | 2 +- .../base-files/files/lib/upgrade/common.sh| 27 ++-- .../base-files/files/lib/upgrade/fwtool.sh| 26 +++ package/base-files/files/lib/upgrade/stage2 | 16 +- .../x86/base-files/lib/upgrade/platform.sh| 32 +-- 5 files changed, 62 insertions(+), 41 deletions(-) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v3 10/11] x86: upgrade: use get_image_dd
Ref: https://bugs.openwrt.org/index.php?do=details_id=3140
Reported-by: Philip Prindeville
Signed-off-by: Yousong Zhou
---
target/linux/x86/base-files/lib/upgrade/platform.sh | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/target/linux/x86/base-files/lib/upgrade/platform.sh
b/target/linux/x86/base-files/lib/upgrade/platform.sh
index 617b267e68..0b54caea29 100644
--- a/target/linux/x86/base-files/lib/upgrade/platform.sh
+++ b/target/linux/x86/base-files/lib/upgrade/platform.sh
@@ -20,7 +20,7 @@ platform_check_image() {
get_partitions "/dev/$diskdev" bootdisk
#extract the boot sector from the image
- get_image "$@" | dd of=/tmp/image.bs count=63 bs=512b 2>/dev/null
+ get_image_dd "$1" of=/tmp/image.bs count=63 bs=512b
get_partitions /tmp/image.bs image
@@ -83,7 +83,7 @@ platform_do_upgrade() {
get_partitions "/dev/$diskdev" bootdisk
#extract the boot sector from the image
- get_image "$@" | dd of=/tmp/image.bs count=63 bs=512b >/dev/null
+ get_image_dd "$1" of=/tmp/image.bs count=63 bs=512b
get_partitions /tmp/image.bs image
@@ -94,7 +94,7 @@ platform_do_upgrade() {
fi
if [ -n "$diff" ]; then
- get_image "$@" | dd of="/dev/$diskdev" bs=4096 conv=fsync
+ get_image_dd "$1" of="/dev/$diskdev" bs=4096 conv=fsync
# Separate removal and addtion is necessary; otherwise,
partition 1
# will be missing if it overlaps with the old partition 2
@@ -108,7 +108,7 @@ platform_do_upgrade() {
while read part start size; do
if export_partdevice partdev $part; then
v "Writing image to /dev/$partdev..."
- get_image "$@" | dd of="/dev/$partdev" ibs=512 obs=1M
skip="$start" count="$size" conv=fsync
+ get_image_dd "$1" of="/dev/$partdev" ibs=512 obs=1M
skip="$start" count="$size" conv=fsync
else
v "Unable to find partition $part device, skipped."
fi
@@ -116,7 +116,7 @@ platform_do_upgrade() {
#copy partition uuid
v "Writing new UUID to /dev/$diskdev..."
- get_image "$@" | dd of="/dev/$diskdev" bs=1 skip=440 count=4 seek=440
conv=fsync
+ get_image_dd "$1" of="/dev/$diskdev" bs=1 skip=440 count=4 seek=440
conv=fsync
platform_do_bootloader_upgrade "$diskdev"
local parttype=ext4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v3 05/11] base-files: upgrade: fwtool.sh: use v for log lines
This will have at least the following effects
- Log lines will have common prefix
- They will be output to stderr instead of stdout
Signed-off-by: Yousong Zhou
---
.../base-files/files/lib/upgrade/fwtool.sh| 26 +--
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/package/base-files/files/lib/upgrade/fwtool.sh
b/package/base-files/files/lib/upgrade/fwtool.sh
index 3a74c72bba..bf3059dbce 100644
--- a/package/base-files/files/lib/upgrade/fwtool.sh
+++ b/package/base-files/files/lib/upgrade/fwtool.sh
@@ -10,9 +10,9 @@ fwtool_check_signature() {
}
if ! fwtool -q -s /tmp/sysupgrade.ucert "$1"; then
- echo "Image signature not found"
+ v "Image signature not found"
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 -a "$FORCE" != 1 ] && {
- echo "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
+ v "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
}
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 ] && return 1
return 0
@@ -30,16 +30,16 @@ fwtool_check_image() {
. /usr/share/libubox/jshn.sh
if ! fwtool -q -i /tmp/sysupgrade.meta "$1"; then
- echo "Image metadata not found"
+ v "Image metadata not found"
[ "$REQUIRE_IMAGE_METADATA" = 1 -a "$FORCE" != 1 ] && {
- echo "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
+ v "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
}
[ "$REQUIRE_IMAGE_METADATA" = 1 ] && return 1
return 0
fi
json_load "$(cat /tmp/sysupgrade.meta)" || {
- echo "Invalid image metadata"
+ v "Invalid image metadata"
return 1
}
@@ -64,15 +64,15 @@ fwtool_check_image() {
if [ "$dev" = "$device" ]; then
# major compat version -> no sysupgrade
if [ "${devicecompat%.*}" != "${imagecompat%.*}" ]; then
- echo "The device is supported, but this image
is incompatible for sysupgrade based on the image version
($devicecompat->$imagecompat)."
- [ -n "$compatmessage" ] && echo "$compatmessage"
+ v "The device is supported, but this image is
incompatible for sysupgrade based on the image version
($devicecompat->$imagecompat)."
+ [ -n "$compatmessage" ] && v "$compatmessage"
return 1
fi
# minor compat version -> sysupgrade with -n required
if [ "${devicecompat#.*}" != "${imagecompat#.*}" ] && [
"$SAVE_CONFIG" = "1" ]; then
- echo "The device is supported, but the config
is incompatible to the new image ($devicecompat->$imagecompat). Please upgrade
without keeping config (sysupgrade -n)."
- [ -n "$compatmessage" ] && echo "$compatmessage"
+ v "The device is supported, but the config is
incompatible to the new image ($devicecompat->$imagecompat). Please upgrade
without keeping config (sysupgrade -n)."
+ [ -n "$compatmessage" ] && v "$compatmessage"
return 1
fi
@@ -80,13 +80,13 @@ fwtool_check_image() {
fi
done
- echo "Device $device not supported by this image"
- echo -n "Supported devices:"
+ v "Device $device not supported by this image"
+ vn "Supported devices:"
for k in $dev_keys; do
json_get_var dev "$k"
- echo -n " $dev"
+ _vn " $dev"
done
- echo
+ _v
return 1
}
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v3 06/11] base-files: upgrade: fwtool.sh: rewording logs
The intent is to make it sound more like info level message, not some
error like "404 not found". x86 target at the moment makes image with
only signature but no metadata (ref commit f8141216 "x86: append
metadata to combined images").
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/fwtool.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/base-files/files/lib/upgrade/fwtool.sh
b/package/base-files/files/lib/upgrade/fwtool.sh
index bf3059dbce..3826bf5c30 100644
--- a/package/base-files/files/lib/upgrade/fwtool.sh
+++ b/package/base-files/files/lib/upgrade/fwtool.sh
@@ -10,7 +10,7 @@ fwtool_check_signature() {
}
if ! fwtool -q -s /tmp/sysupgrade.ucert "$1"; then
- v "Image signature not found"
+ v "Image signature not present"
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 -a "$FORCE" != 1 ] && {
v "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
}
@@ -30,7 +30,7 @@ fwtool_check_image() {
. /usr/share/libubox/jshn.sh
if ! fwtool -q -i /tmp/sysupgrade.meta "$1"; then
- v "Image metadata not found"
+ v "Image metadata not present"
[ "$REQUIRE_IMAGE_METADATA" = 1 -a "$FORCE" != 1 ] && {
v "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
}
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v3 11/11] x86: upgrade: make code comment appear as log lines
The comment content can be useful for readers of both the log and code
Previously when dd command "records in/out" messages are not filtered
like now with get_image_dd, it's not clear that these messages are for
extracting boot sectors. E.g.
Before
== upgrade: Reading partition table from bootdisk...
37+26 records in
37+26 records out
== upgrade: Reading partition table from image...
After
== upgrade: Reading partition table from bootdisk...
== upgrade: Extract boot sector from the image
37+26 records in
37+26 records out
== upgrade: Reading partition table from image...
Signed-off-by: Yousong Zhou
---
target/linux/x86/base-files/lib/upgrade/platform.sh | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/target/linux/x86/base-files/lib/upgrade/platform.sh
b/target/linux/x86/base-files/lib/upgrade/platform.sh
index 0b54caea29..d8f2eba97e 100644
--- a/target/linux/x86/base-files/lib/upgrade/platform.sh
+++ b/target/linux/x86/base-files/lib/upgrade/platform.sh
@@ -19,7 +19,7 @@ platform_check_image() {
get_partitions "/dev/$diskdev" bootdisk
- #extract the boot sector from the image
+ v "Extract boot sector from the image"
get_image_dd "$1" of=/tmp/image.bs count=63 bs=512b
get_partitions /tmp/image.bs image
@@ -82,7 +82,7 @@ platform_do_upgrade() {
if [ "$UPGRADE_OPT_SAVE_PARTITIONS" = "1" ]; then
get_partitions "/dev/$diskdev" bootdisk
- #extract the boot sector from the image
+ v "Extract boot sector from the image"
get_image_dd "$1" of=/tmp/image.bs count=63 bs=512b
get_partitions /tmp/image.bs image
@@ -114,7 +114,6 @@ platform_do_upgrade() {
fi
done < /tmp/partmap.image
- #copy partition uuid
v "Writing new UUID to /dev/$diskdev..."
get_image_dd "$1" of="/dev/$diskdev" bs=1 skip=440 count=4 seek=440
conv=fsync
@@ -129,5 +128,4 @@ platform_do_upgrade() {
sed -i "s/\(PARTUUID=\)[a-f0-9-]\+/\1$4$3$2$1-$6$5-$8$7-$9/ig"
/mnt/boot/grub/grub.cfg
umount /mnt
fi
-
}
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v3 08/11] base-files: bump PKG_RELEASE
Signed-off-by: Yousong Zhou --- package/base-files/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/base-files/Makefile b/package/base-files/Makefile index f63c4db533..b546eb7e0b 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk include $(INCLUDE_DIR)/feeds.mk PKG_NAME:=base-files -PKG_RELEASE:=235 +PKG_RELEASE:=236 PKG_FLAGS:=nonshared PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v3 04/11] base-files: upgrade: add get_image_dd()
This is mainly to handle stderr message "Broken pipe", "F+P records
in/out" by common pattern "xcat | dd .."
Ref: https://bugs.openwrt.org/index.php?do=details_id=3140
Reported-by: Philip Prindeville
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/common.sh | 11 +++
1 file changed, 11 insertions(+)
diff --git a/package/base-files/files/lib/upgrade/common.sh
b/package/base-files/files/lib/upgrade/common.sh
index 5eb7b23a83..a5c27dc2fb 100644
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -106,6 +106,17 @@ get_image() { # [ ]
$cmd <"$from"
}
+get_image_dd() {
+ local from="$1"; shift
+
+ (
+ exec 3>&2
+ ( exec 3>&2; get_image "$from" 2>&1 1>&3 | grep -v -F ' Broken
pipe' ) 2>&1 1>&3 \
+ | ( exec 3>&2; dd "$@" 2>&1 1>&3 | grep -v -E ' records
(in|out)') 2>&1 1>&3
+ exec 3>&-
+ )
+}
+
get_magic_word() {
(get_image "$@" | dd bs=2 count=1 | hexdump -v -n 2 -e '1/1 "%02x"')
2>/dev/null
}
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v3 03/11] base-files: upgrade: use stdin redirection to replace cat command
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/common.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/base-files/files/lib/upgrade/common.sh
b/package/base-files/files/lib/upgrade/common.sh
index 0f25199365..5eb7b23a83 100644
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -103,7 +103,7 @@ get_image() { # [ ]
esac
fi
- cat "$from" 2>/dev/null | $cmd
+ $cmd <"$from"
}
get_magic_word() {
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v3 01/11] base-files: upgrade: log with date prefix
And log to stderr
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/common.sh | 2 +-
package/base-files/files/lib/upgrade/stage2| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/base-files/files/lib/upgrade/common.sh
b/package/base-files/files/lib/upgrade/common.sh
index 2eb26ba44b..2ae83f5bfb 100644
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -64,7 +64,7 @@ ask_bool() {
}
v() {
- [ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo "$@"
+ [ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo "$(date) upgrade: $@"
>&2
}
json_string() {
diff --git a/package/base-files/files/lib/upgrade/stage2
b/package/base-files/files/lib/upgrade/stage2
index a4fef42134..211a3f4b33 100755
--- a/package/base-files/files/lib/upgrade/stage2
+++ b/package/base-files/files/lib/upgrade/stage2
@@ -42,7 +42,7 @@ switch_to_ramfs() {
mtd partx losetup mkfs.ext4 nandwrite flash_erase \
ubiupdatevol ubiattach ubiblock ubiformat \
ubidetach ubirsvol ubirmvol ubimkvol\
- snapshot snapshot_tool \
+ snapshot snapshot_tool date \
$RAMFS_COPY_BIN
do
local file="$(command -v "$binary" 2>/dev/null)"
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH v2 10/10] x86: upgrade: make code comment appear as log lines
On Tue, 10 Nov 2020 at 19:56, Adrian Schmutzler wrote: > > Hi, > > > -Original Message- > > From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org] > > On Behalf Of Yousong Zhou > > Sent: Dienstag, 10. November 2020 03:22 > > To: Adrian Schmutzler ; Philip Prindeville > > > > Cc: Yousong Zhou ; OpenWrt Development List > > > > Subject: [PATCH v2 10/10] x86: upgrade: make code comment appear as log > > lines > > > > This is mainly to make it clear records in/out in the following lines are > > for > > extracting boot sectors > > > > Before > > > > == upgrade: Reading partition table from bootdisk... > > 37+26 records in > > 37+26 records out > > == upgrade: Reading partition table from image... > > > > After > > > > == upgrade: Reading partition table from bootdisk... > > == upgrade: Extract boot sector from the image > > 37+26 records in > > 37+26 records out > > == upgrade: Reading partition table from image... > > technically, the commit message would need to be updated from "==" to date. > However, having seen the updated output I'm not so sure anymore whether date > really makes it nicer. > For this patch it's just a nitpick, though, I'm sure everybody will > understand without changing the message as well. Thanks for the review. I will reword the commit message a bit to reflect the current situation. v3 coming ;) Regards, yousong ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH v2 03/10] base-files: upgrade: add get_image_dd()
On Tue, 10 Nov 2020 at 13:35, Philip Prindeville
wrote:
>
> Comments…
>
>
> > On Nov 9, 2020, at 7:22 PM, Yousong Zhou wrote:
> >
> > This is mainly to handle stderr message "Broken pipe", "F+P records
> > in/out" by common pattern "xcat | dd .."
> >
> > Ref: https://bugs.openwrt.org/index.php?do=details_id=3140
> > Reported-by: Philip Prindeville
> > Signed-off-by: Yousong Zhou
> > ---
> > package/base-files/files/lib/upgrade/common.sh | 6 ++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/package/base-files/files/lib/upgrade/common.sh
> > b/package/base-files/files/lib/upgrade/common.sh
> > index e12dfc9678..6c09908ee3 100644
> > --- a/package/base-files/files/lib/upgrade/common.sh
> > +++ b/package/base-files/files/lib/upgrade/common.sh
> > @@ -94,6 +94,12 @@ get_image() { # [ ]
> > $cmd <"$from"
> > }
> >
> > +get_image_dd() {
> > + local from="$1"; shift
> > +
> > + ( get_image "$from" | dd "$@" ) 2>&1 | grep -v -E ': Broken pipe|
> > records (in|out)'
>
>
> Can you through stdout onto another descriptor first, like 3, then move 2 to
> 1, run the grep, and then after the grep put 3 back onto 1?
Well, I tried a bit and I think it works ;)
root@OpenWrt:/tmp# cat a.sh
echo hello before
(exec 3>&2; sh /tmp/b.sh 2>&1 1>&3 | grep -v stderr; ) 2>&1
echo hello after
root@OpenWrt:/tmp# cat b.sh
echo hello stderr >&2
echo hello stdout >&1
root@OpenWrt:/tmp# sh a.sh
hello before
hello stdout
hello after
root@OpenWrt:/tmp# sh a.sh >/dev/null
root@OpenWrt:/tmp# sh a.sh 2>/dev/null
hello before
hello stdout
hello after
root@OpenWrt:/tmp#
>
> I don’t like the idea of co-mingling stdout and stderr…
I also had this concern and made sure all current users of
get_image_dd had "of=x" present. That said, it's better if the
constraint is not there at all.
I will wait a while for more comments and send v3 with the redirection
trick if all goes well.
Regards,
yousong
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 10/10] x86: upgrade: make code comment appear as log lines
This is mainly to make it clear records in/out in the following lines
are for extracting boot sectors
Before
== upgrade: Reading partition table from bootdisk...
37+26 records in
37+26 records out
== upgrade: Reading partition table from image...
After
== upgrade: Reading partition table from bootdisk...
== upgrade: Extract boot sector from the image
37+26 records in
37+26 records out
== upgrade: Reading partition table from image...
Signed-off-by: Yousong Zhou
---
target/linux/x86/base-files/lib/upgrade/platform.sh | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/target/linux/x86/base-files/lib/upgrade/platform.sh
b/target/linux/x86/base-files/lib/upgrade/platform.sh
index 0b54caea29..d8f2eba97e 100644
--- a/target/linux/x86/base-files/lib/upgrade/platform.sh
+++ b/target/linux/x86/base-files/lib/upgrade/platform.sh
@@ -19,7 +19,7 @@ platform_check_image() {
get_partitions "/dev/$diskdev" bootdisk
- #extract the boot sector from the image
+ v "Extract boot sector from the image"
get_image_dd "$1" of=/tmp/image.bs count=63 bs=512b
get_partitions /tmp/image.bs image
@@ -82,7 +82,7 @@ platform_do_upgrade() {
if [ "$UPGRADE_OPT_SAVE_PARTITIONS" = "1" ]; then
get_partitions "/dev/$diskdev" bootdisk
- #extract the boot sector from the image
+ v "Extract boot sector from the image"
get_image_dd "$1" of=/tmp/image.bs count=63 bs=512b
get_partitions /tmp/image.bs image
@@ -114,7 +114,6 @@ platform_do_upgrade() {
fi
done < /tmp/partmap.image
- #copy partition uuid
v "Writing new UUID to /dev/$diskdev..."
get_image_dd "$1" of="/dev/$diskdev" bs=1 skip=440 count=4 seek=440
conv=fsync
@@ -129,5 +128,4 @@ platform_do_upgrade() {
sed -i "s/\(PARTUUID=\)[a-f0-9-]\+/\1$4$3$2$1-$6$5-$8$7-$9/ig"
/mnt/boot/grub/grub.cfg
umount /mnt
fi
-
}
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 09/10] x86: upgrade: use get_image_dd
Ref: https://bugs.openwrt.org/index.php?do=details_id=3140
Reported-by: Philip Prindeville
Signed-off-by: Yousong Zhou
---
target/linux/x86/base-files/lib/upgrade/platform.sh | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/target/linux/x86/base-files/lib/upgrade/platform.sh
b/target/linux/x86/base-files/lib/upgrade/platform.sh
index 617b267e68..0b54caea29 100644
--- a/target/linux/x86/base-files/lib/upgrade/platform.sh
+++ b/target/linux/x86/base-files/lib/upgrade/platform.sh
@@ -20,7 +20,7 @@ platform_check_image() {
get_partitions "/dev/$diskdev" bootdisk
#extract the boot sector from the image
- get_image "$@" | dd of=/tmp/image.bs count=63 bs=512b 2>/dev/null
+ get_image_dd "$1" of=/tmp/image.bs count=63 bs=512b
get_partitions /tmp/image.bs image
@@ -83,7 +83,7 @@ platform_do_upgrade() {
get_partitions "/dev/$diskdev" bootdisk
#extract the boot sector from the image
- get_image "$@" | dd of=/tmp/image.bs count=63 bs=512b >/dev/null
+ get_image_dd "$1" of=/tmp/image.bs count=63 bs=512b
get_partitions /tmp/image.bs image
@@ -94,7 +94,7 @@ platform_do_upgrade() {
fi
if [ -n "$diff" ]; then
- get_image "$@" | dd of="/dev/$diskdev" bs=4096 conv=fsync
+ get_image_dd "$1" of="/dev/$diskdev" bs=4096 conv=fsync
# Separate removal and addtion is necessary; otherwise,
partition 1
# will be missing if it overlaps with the old partition 2
@@ -108,7 +108,7 @@ platform_do_upgrade() {
while read part start size; do
if export_partdevice partdev $part; then
v "Writing image to /dev/$partdev..."
- get_image "$@" | dd of="/dev/$partdev" ibs=512 obs=1M
skip="$start" count="$size" conv=fsync
+ get_image_dd "$1" of="/dev/$partdev" ibs=512 obs=1M
skip="$start" count="$size" conv=fsync
else
v "Unable to find partition $part device, skipped."
fi
@@ -116,7 +116,7 @@ platform_do_upgrade() {
#copy partition uuid
v "Writing new UUID to /dev/$diskdev..."
- get_image "$@" | dd of="/dev/$diskdev" bs=1 skip=440 count=4 seek=440
conv=fsync
+ get_image_dd "$1" of="/dev/$diskdev" bs=1 skip=440 count=4 seek=440
conv=fsync
platform_do_bootloader_upgrade "$diskdev"
local parttype=ext4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 07/10] base-files: bump PKG_RELEASE
Signed-off-by: Yousong Zhou --- package/base-files/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/base-files/Makefile b/package/base-files/Makefile index f63c4db533..b546eb7e0b 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk include $(INCLUDE_DIR)/feeds.mk PKG_NAME:=base-files -PKG_RELEASE:=235 +PKG_RELEASE:=236 PKG_FLAGS:=nonshared PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 00/10] sysupgrade: reword and organize log lines
0+63 records in 0+63 records out zcat: write error: Broken pipe zcat: write: Broken pipe Reading partition table from image... Writing image to /dev/vda1... zcat: write error: Broken pipe zcat: write: Broken pipe 32767+0 records in 15+1 records out Writing image to /dev/vda2... 212991+0 records in 103+1 records out Writing new UUID to /dev/vda... 4+0 records in 4+0 records out zcat: write error: Broken pipe zcat: write: Broken pipe [ 31.461949] F2FS-fs (vda1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 31.470274] F2FS-fs (vda1): Can't find valid F2FS filesystem in 1th superblock [ 31.480216] F2FS-fs (vda1): Magic Mismatch, valid(0xf2f52010) - read(0x6020601) [ 31.491775] F2FS-fs (vda1): Can't find valid F2FS filesystem in 2th superblock Upgrading bootloader on /dev/vda... Upgrade completed Rebooting system... umount: can't unmount /dev: Resource busy umount: can't unmount /tmp: Resource busy [ 38.511806] Unregister pv shared memory for cpu 0 [ 38.519259] reboot: Restarting system [ 38.523725] reboot: machine restart Yousong Zhou (10): base-files: upgrade: log with date prefix base-files: upgrade: use stdin redirection to replace cat command base-files: upgrade: add get_image_dd() base-files: upgrade: fwtool.sh: use v for log lines base-files: upgrade: fwtool.sh: rewording logs base-files: upgrade: stage2: rework log lines base-files: bump PKG_RELEASE x86: upgrade: use v function for writting logs x86: upgrade: use get_image_dd x86: upgrade: make code comment appear as log lines package/base-files/Makefile | 2 +- .../base-files/files/lib/upgrade/common.sh| 10 -- .../base-files/files/lib/upgrade/fwtool.sh| 24 +++--- package/base-files/files/lib/upgrade/stage2 | 12 +++ .../x86/base-files/lib/upgrade/platform.sh| 32 +-- 5 files changed, 42 insertions(+), 38 deletions(-) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 06/10] base-files: upgrade: stage2: rework log lines
- Use common v function when possible
- Write log lines to stderr when using echo
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/stage2 | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/base-files/files/lib/upgrade/stage2
b/package/base-files/files/lib/upgrade/stage2
index 211a3f4b33..f2db08c3be 100755
--- a/package/base-files/files/lib/upgrade/stage2
+++ b/package/base-files/files/lib/upgrade/stage2
@@ -53,7 +53,7 @@ switch_to_ramfs() {
[ -L "/lib64" ] && ln -s /lib $RAM_ROOT/lib64
supivot $RAM_ROOT /mnt || {
- echo "Failed to switch over to ramfs. Please reboot."
+ v "Failed to switch over to ramfs. Please reboot."
exit 1
}
@@ -75,7 +75,7 @@ kill_remaining() { # [ [ ] ]
local stat
local proc_ppid=$(cut -d' ' -f4 /proc/$$/stat)
- echo -n "Sending $sig to remaining processes ... "
+ echo -n "Sending $sig to remaining processes ... " >&2
while $run; do
run=false
@@ -95,7 +95,7 @@ kill_remaining() { # [ [ ] ]
# Skip kernel threads
[ -n "$cmdline" ] || continue
- echo -n "$name "
+ echo -n "$name " >&2
kill -$sig $pid 2>/dev/null
[ $loop -eq 1 ] && run=true
@@ -104,7 +104,7 @@ kill_remaining() { # [ [ ] ]
let loop_limit--
[ $loop_limit -eq 0 ] && {
echo
- echo "Failed to kill all processes."
+ v "Failed to kill all processes."
exit 1
}
done
@@ -129,7 +129,7 @@ if [ -n "$IMAGE" ] && type 'platform_pre_upgrade'
>/dev/null 2>/dev/null; then
fi
if [ -n "$(rootfs_type)" ]; then
- echo "Switching to ramdisk..."
+ v "Switching to ramdisk..."
switch_to_ramfs
fi
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 04/10] base-files: upgrade: fwtool.sh: use v for log lines
This will have at least the following effects
- Log lines will have common prefix
- They will be output to stderr instead of stdout
Signed-off-by: Yousong Zhou
---
.../base-files/files/lib/upgrade/fwtool.sh| 24 +--
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/package/base-files/files/lib/upgrade/fwtool.sh
b/package/base-files/files/lib/upgrade/fwtool.sh
index 3a74c72bba..d30b37c4f0 100644
--- a/package/base-files/files/lib/upgrade/fwtool.sh
+++ b/package/base-files/files/lib/upgrade/fwtool.sh
@@ -10,9 +10,9 @@ fwtool_check_signature() {
}
if ! fwtool -q -s /tmp/sysupgrade.ucert "$1"; then
- echo "Image signature not found"
+ v "Image signature not found"
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 -a "$FORCE" != 1 ] && {
- echo "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
+ v "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
}
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 ] && return 1
return 0
@@ -30,16 +30,16 @@ fwtool_check_image() {
. /usr/share/libubox/jshn.sh
if ! fwtool -q -i /tmp/sysupgrade.meta "$1"; then
- echo "Image metadata not found"
+ v "Image metadata not found"
[ "$REQUIRE_IMAGE_METADATA" = 1 -a "$FORCE" != 1 ] && {
- echo "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
+ v "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
}
[ "$REQUIRE_IMAGE_METADATA" = 1 ] && return 1
return 0
fi
json_load "$(cat /tmp/sysupgrade.meta)" || {
- echo "Invalid image metadata"
+ v "Invalid image metadata"
return 1
}
@@ -64,15 +64,15 @@ fwtool_check_image() {
if [ "$dev" = "$device" ]; then
# major compat version -> no sysupgrade
if [ "${devicecompat%.*}" != "${imagecompat%.*}" ]; then
- echo "The device is supported, but this image
is incompatible for sysupgrade based on the image version
($devicecompat->$imagecompat)."
- [ -n "$compatmessage" ] && echo "$compatmessage"
+ v "The device is supported, but this image is
incompatible for sysupgrade based on the image version
($devicecompat->$imagecompat)."
+ [ -n "$compatmessage" ] && v "$compatmessage"
return 1
fi
# minor compat version -> sysupgrade with -n required
if [ "${devicecompat#.*}" != "${imagecompat#.*}" ] && [
"$SAVE_CONFIG" = "1" ]; then
- echo "The device is supported, but the config
is incompatible to the new image ($devicecompat->$imagecompat). Please upgrade
without keeping config (sysupgrade -n)."
- [ -n "$compatmessage" ] && echo "$compatmessage"
+ v "The device is supported, but the config is
incompatible to the new image ($devicecompat->$imagecompat). Please upgrade
without keeping config (sysupgrade -n)."
+ [ -n "$compatmessage" ] && v "$compatmessage"
return 1
fi
@@ -80,11 +80,11 @@ fwtool_check_image() {
fi
done
- echo "Device $device not supported by this image"
- echo -n "Supported devices:"
+ v "Device $device not supported by this image"
+ echo -n "Supported devices:" >&2
for k in $dev_keys; do
json_get_var dev "$k"
- echo -n " $dev"
+ echo -n " $dev" >&2
done
echo
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 02/10] base-files: upgrade: use stdin redirection to replace cat command
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/common.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/base-files/files/lib/upgrade/common.sh
b/package/base-files/files/lib/upgrade/common.sh
index c4947e4624..e12dfc9678 100644
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -91,7 +91,7 @@ get_image() { # [ ]
esac
fi
- cat "$from" 2>/dev/null | $cmd
+ $cmd <"$from"
}
get_magic_word() {
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 08/10] x86: upgrade: use v function for writting logs
Signed-off-by: Yousong Zhou
---
.../linux/x86/base-files/lib/upgrade/platform.sh | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/target/linux/x86/base-files/lib/upgrade/platform.sh
b/target/linux/x86/base-files/lib/upgrade/platform.sh
index 1bcd492dd7..617b267e68 100644
--- a/target/linux/x86/base-files/lib/upgrade/platform.sh
+++ b/target/linux/x86/base-files/lib/upgrade/platform.sh
@@ -7,13 +7,13 @@ platform_check_image() {
case "$(get_magic_word "$1")" in
eb48|eb63) ;;
*)
- echo "Invalid image type"
+ v "Invalid image type"
return 1
;;
esac
export_bootdevice && export_partdevice diskdev 0 || {
- echo "Unable to determine upgrade device"
+ v "Unable to determine upgrade device"
return 1
}
@@ -30,7 +30,7 @@ platform_check_image() {
rm -f /tmp/image.bs /tmp/partmap.bootdisk /tmp/partmap.image
if [ -n "$diff" ]; then
- echo "Partition layout has changed. Full image will be written."
+ v "Partition layout has changed. Full image will be written."
ask_bool 0 "Abort" && exit 1
return 0
fi
@@ -57,7 +57,7 @@ platform_do_bootloader_upgrade() {
echo "(hd0) /dev/$diskdev" > /tmp/device.map
part_magic_efi "/dev/$diskdev" && parttable=gpt
- echo "Upgrading bootloader on /dev/$diskdev..."
+ v "Upgrading bootloader on /dev/$diskdev..."
grub-bios-setup \
-m "/tmp/device.map" \
-d "/tmp/boot/boot/grub" \
@@ -73,7 +73,7 @@ platform_do_upgrade() {
local diskdev partdev diff
export_bootdevice && export_partdevice diskdev 0 || {
- echo "Unable to determine upgrade device"
+ v "Unable to determine upgrade device"
return 1
}
@@ -107,15 +107,15 @@ platform_do_upgrade() {
#iterate over each partition from the image and write it to the boot
disk
while read part start size; do
if export_partdevice partdev $part; then
- echo "Writing image to /dev/$partdev..."
+ v "Writing image to /dev/$partdev..."
get_image "$@" | dd of="/dev/$partdev" ibs=512 obs=1M
skip="$start" count="$size" conv=fsync
else
- echo "Unable to find partition $part device, skipped."
+ v "Unable to find partition $part device, skipped."
fi
done < /tmp/partmap.image
#copy partition uuid
- echo "Writing new UUID to /dev/$diskdev..."
+ v "Writing new UUID to /dev/$diskdev..."
get_image "$@" | dd of="/dev/$diskdev" bs=1 skip=440 count=4 seek=440
conv=fsync
platform_do_bootloader_upgrade "$diskdev"
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 03/10] base-files: upgrade: add get_image_dd()
This is mainly to handle stderr message "Broken pipe", "F+P records
in/out" by common pattern "xcat | dd .."
Ref: https://bugs.openwrt.org/index.php?do=details_id=3140
Reported-by: Philip Prindeville
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/common.sh | 6 ++
1 file changed, 6 insertions(+)
diff --git a/package/base-files/files/lib/upgrade/common.sh
b/package/base-files/files/lib/upgrade/common.sh
index e12dfc9678..6c09908ee3 100644
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -94,6 +94,12 @@ get_image() { # [ ]
$cmd <"$from"
}
+get_image_dd() {
+ local from="$1"; shift
+
+ ( get_image "$from" | dd "$@" ) 2>&1 | grep -v -E ': Broken pipe|
records (in|out)'
+}
+
get_magic_word() {
(get_image "$@" | dd bs=2 count=1 | hexdump -v -n 2 -e '1/1 "%02x"')
2>/dev/null
}
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 05/10] base-files: upgrade: fwtool.sh: rewording logs
The intent is to make it sound more like info level message, not some
error like "404 not found". x86 target at the moment makes image with
only signature but no metadata (ref commit f8141216 "x86: append
metadata to combined images").
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/fwtool.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/base-files/files/lib/upgrade/fwtool.sh
b/package/base-files/files/lib/upgrade/fwtool.sh
index d30b37c4f0..9262b95108 100644
--- a/package/base-files/files/lib/upgrade/fwtool.sh
+++ b/package/base-files/files/lib/upgrade/fwtool.sh
@@ -10,7 +10,7 @@ fwtool_check_signature() {
}
if ! fwtool -q -s /tmp/sysupgrade.ucert "$1"; then
- v "Image signature not found"
+ v "Image signature not present"
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 -a "$FORCE" != 1 ] && {
v "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
}
@@ -30,7 +30,7 @@ fwtool_check_image() {
. /usr/share/libubox/jshn.sh
if ! fwtool -q -i /tmp/sysupgrade.meta "$1"; then
- v "Image metadata not found"
+ v "Image metadata not present"
[ "$REQUIRE_IMAGE_METADATA" = 1 -a "$FORCE" != 1 ] && {
v "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
}
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 01/10] base-files: upgrade: log with date prefix
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/common.sh | 2 +-
package/base-files/files/lib/upgrade/stage2| 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/base-files/files/lib/upgrade/common.sh
b/package/base-files/files/lib/upgrade/common.sh
index 2eb26ba44b..c4947e4624 100644
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -64,7 +64,7 @@ ask_bool() {
}
v() {
- [ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo "$@"
+ [ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo "$(date) upgrade: $@"
}
json_string() {
diff --git a/package/base-files/files/lib/upgrade/stage2
b/package/base-files/files/lib/upgrade/stage2
index a4fef42134..211a3f4b33 100755
--- a/package/base-files/files/lib/upgrade/stage2
+++ b/package/base-files/files/lib/upgrade/stage2
@@ -42,7 +42,7 @@ switch_to_ramfs() {
mtd partx losetup mkfs.ext4 nandwrite flash_erase \
ubiupdatevol ubiattach ubiblock ubiformat \
ubidetach ubirsvol ubirmvol ubimkvol\
- snapshot snapshot_tool \
+ snapshot snapshot_tool date \
$RAMFS_COPY_BIN
do
local file="$(command -v "$binary" 2>/dev/null)"
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH 01/10] base-files: upgrade: log with prefix
On Tue, 3 Nov 2020 at 21:02, Adrian Schmutzler wrote:
>
> Hi,
>
> > -Original Message-
> > From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org]
> > On Behalf Of Yousong Zhou
> > Sent: Dienstag, 3. November 2020 13:21
> > To: Philip Prindeville
> > Cc: Yousong Zhou ; openwrt-
> > de...@lists.openwrt.org
> > Subject: [PATCH 01/10] base-files: upgrade: log with prefix
> >
> > Signed-off-by: Yousong Zhou
> > ---
> > package/base-files/files/lib/upgrade/common.sh | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/package/base-files/files/lib/upgrade/common.sh
> > b/package/base-files/files/lib/upgrade/common.sh
> > index 2eb26ba44b..56daabd778 100644
> > --- a/package/base-files/files/lib/upgrade/common.sh
> > +++ b/package/base-files/files/lib/upgrade/common.sh
> > @@ -64,7 +64,7 @@ ask_bool() {
> > }
> >
> > v() {
>
> Generally, I like the idea. I'm not sure whether just v() is a good choice
> for the function name, though.
>
> > - [ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo "$@"
> > + [ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo "== upgrade:
> > $@"
>
> Is there a particular reason for choosing "==" as prefix or is this
> arbitrary? Looks a bit odd to me (not the fact of having a prefix, but the
> prefix itself) ...
I should have mentioned this in the cover letter ;)
"==" is there mainly to make the lines stand out by looking a bit
different. I tried other characters like "--", "##" etc. "==" seems
the best. "$(date)" was also tried for once but it's not available at
later stages of sysupgrade. Maybe I should try again and use datetime
as the prefix.
Regards,
yousong
>
> In any case, thanks for the improvements.
>
> Best
>
> Adrian
>
> > }
> >
> > json_string() {
> >
> > ___
> > openwrt-devel mailing list
> > openwrt-devel@lists.openwrt.org
> > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 01/10] base-files: upgrade: log with prefix
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/common.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/base-files/files/lib/upgrade/common.sh
b/package/base-files/files/lib/upgrade/common.sh
index 2eb26ba44b..56daabd778 100644
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -64,7 +64,7 @@ ask_bool() {
}
v() {
- [ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo "$@"
+ [ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo "== upgrade: $@"
}
json_string() {
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 06/10] base-files: upgrade: stage2: rework log lines
- Use common v function when possible
- Write log lines to stderr when using echo
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/stage2 | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/base-files/files/lib/upgrade/stage2
b/package/base-files/files/lib/upgrade/stage2
index a4fef42134..b452590eec 100755
--- a/package/base-files/files/lib/upgrade/stage2
+++ b/package/base-files/files/lib/upgrade/stage2
@@ -53,7 +53,7 @@ switch_to_ramfs() {
[ -L "/lib64" ] && ln -s /lib $RAM_ROOT/lib64
supivot $RAM_ROOT /mnt || {
- echo "Failed to switch over to ramfs. Please reboot."
+ v "Failed to switch over to ramfs. Please reboot."
exit 1
}
@@ -75,7 +75,7 @@ kill_remaining() { # [ [ ] ]
local stat
local proc_ppid=$(cut -d' ' -f4 /proc/$$/stat)
- echo -n "Sending $sig to remaining processes ... "
+ echo -n "Sending $sig to remaining processes ... " >&2
while $run; do
run=false
@@ -95,7 +95,7 @@ kill_remaining() { # [ [ ] ]
# Skip kernel threads
[ -n "$cmdline" ] || continue
- echo -n "$name "
+ echo -n "$name " >&2
kill -$sig $pid 2>/dev/null
[ $loop -eq 1 ] && run=true
@@ -104,7 +104,7 @@ kill_remaining() { # [ [ ] ]
let loop_limit--
[ $loop_limit -eq 0 ] && {
echo
- echo "Failed to kill all processes."
+ v "Failed to kill all processes."
exit 1
}
done
@@ -129,7 +129,7 @@ if [ -n "$IMAGE" ] && type 'platform_pre_upgrade'
>/dev/null 2>/dev/null; then
fi
if [ -n "$(rootfs_type)" ]; then
- echo "Switching to ramdisk..."
+ v "Switching to ramdisk..."
switch_to_ramfs
fi
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 00/10] sysupgrade: reword and organize log lines
The series mainly aims to make sysupgrade log output more organized and less disturbing, in the following aspects - Hide "write error: Broken pipe" from cat command and its friends. - Make log lines from sysupgrade command itself more distinguishable more other commands by using common.sh function "v" The series should at least partially address concerns raised at FS#3140 Ref: https://bugs.openwrt.org/index.php?do=details_id=3140 Before root@(none):/# sysupgrade -n -v /tmp/x86.gz Image metadata not found Reading partition table from bootdisk... zcat: write error: Broken pipe zcat: write: Broken pipe Reading partition table from image... Commencing upgrade. Closing all shell sessions. killall: telnetd: no process killed Sending TERM to remaining processes ... ubusd askfirst urngd logd netifd odhcpd ntpd dnsmasq Sending KILL to remaining processes ... Switching to ramdisk... Performing system upgrade... Reading partition table from bootdisk... 0+63 records in 0+63 records out zcat: write error: Broken pipe zcat: write: Broken pipe Reading partition table from image... Writing image to /dev/vda1... zcat: write error: Broken pipe zcat: write: Broken pipe 32767+0 records in 15+1 records out Writing image to /dev/vda2... 212991+0 records in 103+1 records out Writing new UUID to /dev/vda... 4+0 records in 4+0 records out zcat: write error: Broken pipe zcat: write: Broken pipe [ 31.461949] F2FS-fs (vda1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 31.470274] F2FS-fs (vda1): Can't find valid F2FS filesystem in 1th superblock [ 31.480216] F2FS-fs (vda1): Magic Mismatch, valid(0xf2f52010) - read(0x6020601) [ 31.491775] F2FS-fs (vda1): Can't find valid F2FS filesystem in 2th superblock Upgrading bootloader on /dev/vda... Upgrade completed Rebooting system... umount: can't unmount /dev: Resource busy umount: can't unmount /tmp: Resource busy [ 38.511806] Unregister pv shared memory for cpu 0 [ 38.519259] reboot: Restarting system [ 38.523725] reboot: machine restart After root@OpenWrt:/# sysupgrade -n -v /tmp/x86.gz == upgrade: Image metadata not present == upgrade: Reading partition table from bootdisk... == upgrade: Extract boot sector from the image 54+9 records in 54+9 records out == upgrade: Reading partition table from image... == upgrade: Commencing upgrade. Closing all shell sessions. killall: telnetd: no process killed Sending TERM to remaining processes ... ubusd askfirst urngd logd netifd odhcpd xl2tpd ntpd dnsmasq Sending KILL to remaining processes ... == upgrade: Switching to ramdisk... == upgrade: Performing system upgrade... == upgrade: Reading partition table from bootdisk... == upgrade: Extract boot sector from the image 0+63 records in 0+63 records out == upgrade: Reading partition table from image... == upgrade: Writing image to /dev/vda1... 65535+0 records in 31+1 records out == upgrade: Writing image to /dev/vda2... 262143+0 records in 127+1 records out == upgrade: Writing new UUID to /dev/vda... 4+0 records in 4+0 records out [ 98.737664] F2FS-fs (vda1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 98.747115] F2FS-fs (vda1): Can't find valid F2FS filesystem in 1th superblock [ 98.757250] F2FS-fs (vda1): Magic Mismatch, valid(0xf2f52010) - read(0x6020601) [ 98.770807] F2FS-fs (vda1): Can't find valid F2FS filesystem in 2th superblock == upgrade: Upgrading bootloader on /dev/vda... == upgrade: Upgrade completed == upgrade: Rebooting system... umount: can't unmount /dev: Resource busy umount: can't unmount /tmp: Resource busy [ 106.922638] Unregister pv shared memory for cpu 0 [ 106.931062] reboot: Restarting system [ 106.936009] reboot: machine restart Yousong Zhou (10): base-files: upgrade: log with prefix base-files: upgrade: use stdin redirection to replace cat command base-files: upgrade: add get_image_dd() base-files: upgrade: fwtool.sh: use v for log lines base-files: upgrade: fwtool.sh: rewording logs base-files: upgrade: stage2: rework log lines base-files: bump PKG_RELEASE x86: upgrade: use v function for writting logs x86: upgrade: use get_image_dd x86: upgrade: make code comment appear as log lines package/base-files/Makefile | 2 +- .../base-files/files/lib/upgrade/common.sh| 10 -- .../base-files/files/lib/upgrade/fwtool.sh| 24 +++--- package/base-files/files/lib/upgrade/stage2 | 10 +++--- .../x86/base-files/lib/upgrade/platform.sh| 32 +-- 5 files changed, 41 insertions(+), 37 deletions(-) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 10/10] x86: upgrade: make code comment appear as log lines
This is mainly to make it clear records in/out in the following lines
are for extracting boot sectors
Before
== upgrade: Reading partition table from bootdisk...
37+26 records in
37+26 records out
== upgrade: Reading partition table from image...
After
== upgrade: Reading partition table from bootdisk...
== upgrade: Extract boot sector from the image
37+26 records in
37+26 records out
== upgrade: Reading partition table from image...
Signed-off-by: Yousong Zhou
---
target/linux/x86/base-files/lib/upgrade/platform.sh | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/target/linux/x86/base-files/lib/upgrade/platform.sh
b/target/linux/x86/base-files/lib/upgrade/platform.sh
index 0b54caea29..d8f2eba97e 100644
--- a/target/linux/x86/base-files/lib/upgrade/platform.sh
+++ b/target/linux/x86/base-files/lib/upgrade/platform.sh
@@ -19,7 +19,7 @@ platform_check_image() {
get_partitions "/dev/$diskdev" bootdisk
- #extract the boot sector from the image
+ v "Extract boot sector from the image"
get_image_dd "$1" of=/tmp/image.bs count=63 bs=512b
get_partitions /tmp/image.bs image
@@ -82,7 +82,7 @@ platform_do_upgrade() {
if [ "$UPGRADE_OPT_SAVE_PARTITIONS" = "1" ]; then
get_partitions "/dev/$diskdev" bootdisk
- #extract the boot sector from the image
+ v "Extract boot sector from the image"
get_image_dd "$1" of=/tmp/image.bs count=63 bs=512b
get_partitions /tmp/image.bs image
@@ -114,7 +114,6 @@ platform_do_upgrade() {
fi
done < /tmp/partmap.image
- #copy partition uuid
v "Writing new UUID to /dev/$diskdev..."
get_image_dd "$1" of="/dev/$diskdev" bs=1 skip=440 count=4 seek=440
conv=fsync
@@ -129,5 +128,4 @@ platform_do_upgrade() {
sed -i "s/\(PARTUUID=\)[a-f0-9-]\+/\1$4$3$2$1-$6$5-$8$7-$9/ig"
/mnt/boot/grub/grub.cfg
umount /mnt
fi
-
}
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 09/10] x86: upgrade: use get_image_dd
Ref: https://bugs.openwrt.org/index.php?do=details_id=3140
Reported-by: Philip Prindeville
Signed-off-by: Yousong Zhou
---
target/linux/x86/base-files/lib/upgrade/platform.sh | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/target/linux/x86/base-files/lib/upgrade/platform.sh
b/target/linux/x86/base-files/lib/upgrade/platform.sh
index 617b267e68..0b54caea29 100644
--- a/target/linux/x86/base-files/lib/upgrade/platform.sh
+++ b/target/linux/x86/base-files/lib/upgrade/platform.sh
@@ -20,7 +20,7 @@ platform_check_image() {
get_partitions "/dev/$diskdev" bootdisk
#extract the boot sector from the image
- get_image "$@" | dd of=/tmp/image.bs count=63 bs=512b 2>/dev/null
+ get_image_dd "$1" of=/tmp/image.bs count=63 bs=512b
get_partitions /tmp/image.bs image
@@ -83,7 +83,7 @@ platform_do_upgrade() {
get_partitions "/dev/$diskdev" bootdisk
#extract the boot sector from the image
- get_image "$@" | dd of=/tmp/image.bs count=63 bs=512b >/dev/null
+ get_image_dd "$1" of=/tmp/image.bs count=63 bs=512b
get_partitions /tmp/image.bs image
@@ -94,7 +94,7 @@ platform_do_upgrade() {
fi
if [ -n "$diff" ]; then
- get_image "$@" | dd of="/dev/$diskdev" bs=4096 conv=fsync
+ get_image_dd "$1" of="/dev/$diskdev" bs=4096 conv=fsync
# Separate removal and addtion is necessary; otherwise,
partition 1
# will be missing if it overlaps with the old partition 2
@@ -108,7 +108,7 @@ platform_do_upgrade() {
while read part start size; do
if export_partdevice partdev $part; then
v "Writing image to /dev/$partdev..."
- get_image "$@" | dd of="/dev/$partdev" ibs=512 obs=1M
skip="$start" count="$size" conv=fsync
+ get_image_dd "$1" of="/dev/$partdev" ibs=512 obs=1M
skip="$start" count="$size" conv=fsync
else
v "Unable to find partition $part device, skipped."
fi
@@ -116,7 +116,7 @@ platform_do_upgrade() {
#copy partition uuid
v "Writing new UUID to /dev/$diskdev..."
- get_image "$@" | dd of="/dev/$diskdev" bs=1 skip=440 count=4 seek=440
conv=fsync
+ get_image_dd "$1" of="/dev/$diskdev" bs=1 skip=440 count=4 seek=440
conv=fsync
platform_do_bootloader_upgrade "$diskdev"
local parttype=ext4
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 08/10] x86: upgrade: use v function for writting logs
Signed-off-by: Yousong Zhou
---
.../linux/x86/base-files/lib/upgrade/platform.sh | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/target/linux/x86/base-files/lib/upgrade/platform.sh
b/target/linux/x86/base-files/lib/upgrade/platform.sh
index 1bcd492dd7..617b267e68 100644
--- a/target/linux/x86/base-files/lib/upgrade/platform.sh
+++ b/target/linux/x86/base-files/lib/upgrade/platform.sh
@@ -7,13 +7,13 @@ platform_check_image() {
case "$(get_magic_word "$1")" in
eb48|eb63) ;;
*)
- echo "Invalid image type"
+ v "Invalid image type"
return 1
;;
esac
export_bootdevice && export_partdevice diskdev 0 || {
- echo "Unable to determine upgrade device"
+ v "Unable to determine upgrade device"
return 1
}
@@ -30,7 +30,7 @@ platform_check_image() {
rm -f /tmp/image.bs /tmp/partmap.bootdisk /tmp/partmap.image
if [ -n "$diff" ]; then
- echo "Partition layout has changed. Full image will be written."
+ v "Partition layout has changed. Full image will be written."
ask_bool 0 "Abort" && exit 1
return 0
fi
@@ -57,7 +57,7 @@ platform_do_bootloader_upgrade() {
echo "(hd0) /dev/$diskdev" > /tmp/device.map
part_magic_efi "/dev/$diskdev" && parttable=gpt
- echo "Upgrading bootloader on /dev/$diskdev..."
+ v "Upgrading bootloader on /dev/$diskdev..."
grub-bios-setup \
-m "/tmp/device.map" \
-d "/tmp/boot/boot/grub" \
@@ -73,7 +73,7 @@ platform_do_upgrade() {
local diskdev partdev diff
export_bootdevice && export_partdevice diskdev 0 || {
- echo "Unable to determine upgrade device"
+ v "Unable to determine upgrade device"
return 1
}
@@ -107,15 +107,15 @@ platform_do_upgrade() {
#iterate over each partition from the image and write it to the boot
disk
while read part start size; do
if export_partdevice partdev $part; then
- echo "Writing image to /dev/$partdev..."
+ v "Writing image to /dev/$partdev..."
get_image "$@" | dd of="/dev/$partdev" ibs=512 obs=1M
skip="$start" count="$size" conv=fsync
else
- echo "Unable to find partition $part device, skipped."
+ v "Unable to find partition $part device, skipped."
fi
done < /tmp/partmap.image
#copy partition uuid
- echo "Writing new UUID to /dev/$diskdev..."
+ v "Writing new UUID to /dev/$diskdev..."
get_image "$@" | dd of="/dev/$diskdev" bs=1 skip=440 count=4 seek=440
conv=fsync
platform_do_bootloader_upgrade "$diskdev"
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 05/10] base-files: upgrade: fwtool.sh: rewording logs
The intent is to make it sound more like info level message, not some
error like "404 not found". x86 target at the moment makes image with
only signature but no metadata (ref commit f8141216 "x86: append
metadata to combined images").
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/fwtool.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/base-files/files/lib/upgrade/fwtool.sh
b/package/base-files/files/lib/upgrade/fwtool.sh
index d30b37c4f0..9262b95108 100644
--- a/package/base-files/files/lib/upgrade/fwtool.sh
+++ b/package/base-files/files/lib/upgrade/fwtool.sh
@@ -10,7 +10,7 @@ fwtool_check_signature() {
}
if ! fwtool -q -s /tmp/sysupgrade.ucert "$1"; then
- v "Image signature not found"
+ v "Image signature not present"
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 -a "$FORCE" != 1 ] && {
v "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
}
@@ -30,7 +30,7 @@ fwtool_check_image() {
. /usr/share/libubox/jshn.sh
if ! fwtool -q -i /tmp/sysupgrade.meta "$1"; then
- v "Image metadata not found"
+ v "Image metadata not present"
[ "$REQUIRE_IMAGE_METADATA" = 1 -a "$FORCE" != 1 ] && {
v "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
}
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 03/10] base-files: upgrade: add get_image_dd()
This is mainly to handle error message "Broken pipe" by common pattern
"xcat | dd .."
Ref: https://bugs.openwrt.org/index.php?do=details_id=3140
Reported-by: Philip Prindeville
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/common.sh | 6 ++
1 file changed, 6 insertions(+)
diff --git a/package/base-files/files/lib/upgrade/common.sh
b/package/base-files/files/lib/upgrade/common.sh
index 808fad178b..654f24d0a7 100644
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -94,6 +94,12 @@ get_image() { # [ ]
$cmd <"$from"
}
+get_image_dd() {
+ local from="$1"; shift
+
+ ( get_image "$from" | dd "$@" ) 2>&1 | grep -v -F ': Broken pipe'
+}
+
get_magic_word() {
(get_image "$@" | dd bs=2 count=1 | hexdump -v -n 2 -e '1/1 "%02x"')
2>/dev/null
}
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 02/10] base-files: upgrade: use stdin redirection to replace cat command
Signed-off-by: Yousong Zhou
---
package/base-files/files/lib/upgrade/common.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/base-files/files/lib/upgrade/common.sh
b/package/base-files/files/lib/upgrade/common.sh
index 56daabd778..808fad178b 100644
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -91,7 +91,7 @@ get_image() { # [ ]
esac
fi
- cat "$from" 2>/dev/null | $cmd
+ $cmd <"$from"
}
get_magic_word() {
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 04/10] base-files: upgrade: fwtool.sh: use v for log lines
This will have at least the following effects
- Log lines will have common prefix
- They will be output to stderr instead of stdout
Signed-off-by: Yousong Zhou
---
.../base-files/files/lib/upgrade/fwtool.sh| 24 +--
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/package/base-files/files/lib/upgrade/fwtool.sh
b/package/base-files/files/lib/upgrade/fwtool.sh
index 3a74c72bba..d30b37c4f0 100644
--- a/package/base-files/files/lib/upgrade/fwtool.sh
+++ b/package/base-files/files/lib/upgrade/fwtool.sh
@@ -10,9 +10,9 @@ fwtool_check_signature() {
}
if ! fwtool -q -s /tmp/sysupgrade.ucert "$1"; then
- echo "Image signature not found"
+ v "Image signature not found"
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 -a "$FORCE" != 1 ] && {
- echo "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
+ v "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
}
[ "$REQUIRE_IMAGE_SIGNATURE" = 1 ] && return 1
return 0
@@ -30,16 +30,16 @@ fwtool_check_image() {
. /usr/share/libubox/jshn.sh
if ! fwtool -q -i /tmp/sysupgrade.meta "$1"; then
- echo "Image metadata not found"
+ v "Image metadata not found"
[ "$REQUIRE_IMAGE_METADATA" = 1 -a "$FORCE" != 1 ] && {
- echo "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
+ v "Use sysupgrade -F to override this check when
downgrading or flashing to vendor firmware"
}
[ "$REQUIRE_IMAGE_METADATA" = 1 ] && return 1
return 0
fi
json_load "$(cat /tmp/sysupgrade.meta)" || {
- echo "Invalid image metadata"
+ v "Invalid image metadata"
return 1
}
@@ -64,15 +64,15 @@ fwtool_check_image() {
if [ "$dev" = "$device" ]; then
# major compat version -> no sysupgrade
if [ "${devicecompat%.*}" != "${imagecompat%.*}" ]; then
- echo "The device is supported, but this image
is incompatible for sysupgrade based on the image version
($devicecompat->$imagecompat)."
- [ -n "$compatmessage" ] && echo "$compatmessage"
+ v "The device is supported, but this image is
incompatible for sysupgrade based on the image version
($devicecompat->$imagecompat)."
+ [ -n "$compatmessage" ] && v "$compatmessage"
return 1
fi
# minor compat version -> sysupgrade with -n required
if [ "${devicecompat#.*}" != "${imagecompat#.*}" ] && [
"$SAVE_CONFIG" = "1" ]; then
- echo "The device is supported, but the config
is incompatible to the new image ($devicecompat->$imagecompat). Please upgrade
without keeping config (sysupgrade -n)."
- [ -n "$compatmessage" ] && echo "$compatmessage"
+ v "The device is supported, but the config is
incompatible to the new image ($devicecompat->$imagecompat). Please upgrade
without keeping config (sysupgrade -n)."
+ [ -n "$compatmessage" ] && v "$compatmessage"
return 1
fi
@@ -80,11 +80,11 @@ fwtool_check_image() {
fi
done
- echo "Device $device not supported by this image"
- echo -n "Supported devices:"
+ v "Device $device not supported by this image"
+ echo -n "Supported devices:" >&2
for k in $dev_keys; do
json_get_var dev "$k"
- echo -n " $dev"
+ echo -n " $dev" >&2
done
echo
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 07/10] base-files: bump PKG_RELEASE
Signed-off-by: Yousong Zhou --- package/base-files/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/base-files/Makefile b/package/base-files/Makefile index c139ea313b..f63c4db533 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk include $(INCLUDE_DIR)/feeds.mk PKG_NAME:=base-files -PKG_RELEASE:=234 +PKG_RELEASE:=235 PKG_FLAGS:=nonshared PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 2/8] netfilter.mk: use CONFIG_NETFILTER_XT_TARGET_REDIRECT
CONFIG_IP_NF_TARGET_REDIRECT is a compat option since upstream commit
2cbc78a2 ("netfilter: combine ipt_REDIRECT and ip6t_REDIRECT"). That
happened since linux 3.10
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 2047dcc842..9f22512d68 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -200,7 +200,7 @@ $(eval $(if $(NF_KMOD),,$(call
nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_NPT, ip6t_DN
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE,
$(P_V4)ipt_MASQUERADE, lt 5.2))
$(eval $(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_TARGET_MASQUERADE,
$(P_XT)xt_MASQUERADE, ge 5.2))
-$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_XT)xt_REDIRECT))
+$(eval $(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_TARGET_REDIRECT,
$(P_XT)xt_REDIRECT))
# nat-extra
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 0/8] netfilter: kconfig symbol updates
The series was based work by Tony Ambardar in GitHub pull request [1]. Many investigations were done by Tony annd many changes were done by me. All errors are mine of course. [1] https://github.com/openwrt/openwrt/pull/3257 The work focused on the following aspects. - Use current config symbols when possible, instead of those retained for compat reasons - Many kconfig symbols for conntrack and nat functions are now bool without prompt, instead of previously being old tristate. Version conditionals are added for old kernel versions and they are now in unset state in target config as these options can only be enabled when selected by others v2 <- v1 - Add a new patch to remove now non-existent kmod nf_nat_redirect as suggested by Adrian Schmutzler - Fix wording of "netfilter.mk: add version conditional around CONFIG_NF_NAT_PROTO_GRE" Tony Ambardar (1): netfilter.mk: add version conditional for CONFIG_NF_CT_PROTO_GRE Yousong Zhou (7): netfilter.mk: use CONFIG_NETFILTER_XT_TARGET_MASQUERADE netfilter.mk: use CONFIG_NETFILTER_XT_TARGET_REDIRECT netfilter.mk: add version conditional for nf_nat_ipv4,6 generic: 5.4: make nf nat masquerade in unset state by default netfilter.mk: add version conditional around CONFIG_NF_NAT_PROTO_GRE netfilter.mk: add version conditional around nf_nat_redirect mod netfilter.mk: remove now obsolete kmod nf_nat_redirect include/netfilter.mk| 13 ++--- target/linux/generic/config-5.4 | 3 +-- 2 files changed, 7 insertions(+), 9 deletions(-) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 5/8] netfilter.mk: add version conditional for CONFIG_NF_CT_PROTO_GRE
From: Tony Ambardar
Kernel commit 22fc4c4c9fd6 ("netfilter: conntrack: gre: switch module to
be built-in") moved the CT GRE code into the core nf_conntrack.ko module
and changed the CONFIG_NF_CT_PROTO_GRE option to boolean for kernel 5.1
and onwards.
CONFIG_NF_CT_PROTO_GRE at the moment has no prompt and can only be
selected by NF_CONNTRACK_PPTP
Fixes: FS#2990 (partial)
Ref: https://bugs.openwrt.org/index.php?do=details_id=2990
Signed-off-by: Tony Ambardar
[note that the option now can not be enabled on its own]
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 3c217db106..8776391f96 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -219,7 +219,7 @@ $(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_NAT_FTP,
$(P_XT)nf_nat_ftp))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_BROADCAST,
$(P_XT)nf_conntrack_broadcast))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA,
$(P_XT)nf_conntrack_amanda))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA,
$(P_XT)nf_nat_amanda))
-$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CT_PROTO_GRE,
$(P_XT)nf_conntrack_proto_gre))
+$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CT_PROTO_GRE,
$(P_XT)nf_conntrack_proto_gre, lt 5.1))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_PROTO_GRE,
$(P_V4)nf_nat_proto_gre))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_H323,
$(P_XT)nf_conntrack_h323))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_H323,
$(P_V4)nf_nat_h323))
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 7/8] netfilter.mk: add version conditional around nf_nat_redirect mod
Kernel commit 1ac89d20150e ("netfilter: nat: merge nf_nat_redirect into
nf_nat") made the redirect module part of the nat core and changed the
CONFIG_NF_NAT_REDIRECT option to a boolean, without prompt, affecting
kernel 4.18 onwards. CONFIG_NF_NAT_REDIRECT now can only be selected by
CONFIG_NFT_REDIR or NETFILTER_XT_TARGET_REDIRECT
Fixes: FS#2476
Ref: https://bugs.openwrt.org/index.php?do=details_id=2476
Fixes: FS#2990 (partial)
Ref: https://bugs.openwrt.org/index.php?do=details_id=2990
Signed-off-by: Tony Ambardar
[note that the option has no prompt and can only be selected by other
kconfig options]
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 02173d4355..0c29c0bd04 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -184,7 +184,7 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT,
$(P_V6)ip6t_rt))
# kernel only
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT,
$(P_XT)nf_nat_redirect),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT,
$(P_XT)nf_nat_redirect, lt 4.18),))
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4,
$(P_V4)nf_nat_ipv4, lt 5.1)))
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6,
$(P_V6)nf_nat_ipv6, lt 5.1)))
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 4/8] generic: 5.4: make nf nat masquerade in unset state by default
Upstream linux 5.1 commit d1aca8ab ("netfilter: nat: merge ipv4 and ipv6
masquerade functionality") replaces the following 2 options
- CONFIG_NF_NAT_MASQUERADE_IPV4
- CONFIG_NF_NAT_MASQUERADE_IPV6
with CONFIG_NF_NAT_MASQUERADE. The new option is one without prompt and
will be selected by CONFIG_NETFILTER_XT_TARGET_MASQUERADE introduced
still later in 5.2.
Signed-off-by: Yousong Zhou
---
target/linux/generic/config-5.4 | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/target/linux/generic/config-5.4 b/target/linux/generic/config-5.4
index 04fda5de24..b911efdf4e 100644
--- a/target/linux/generic/config-5.4
+++ b/target/linux/generic/config-5.4
@@ -3689,8 +3689,7 @@ CONFIG_NF_CONNTRACK_PROCFS=y
# CONFIG_NF_NAT_H323 is not set
# CONFIG_NF_NAT_IPV6 is not set
# CONFIG_NF_NAT_IRC is not set
-CONFIG_NF_NAT_MASQUERADE_IPV4=y
-CONFIG_NF_NAT_MASQUERADE_IPV6=y
+# CONFIG_NF_NAT_MASQUERADE is not set
# CONFIG_NF_NAT_NEEDED is not set
# CONFIG_NF_NAT_PPTP is not set
# CONFIG_NF_NAT_PROTO_GRE is not set
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 1/8] netfilter.mk: use CONFIG_NETFILTER_XT_TARGET_MASQUERADE
CONFIG_IP_NF_TARGET_MASQUERADE and its counterpart
CONFIG_IP6_NF_TARGET_MASQUERADE are "backwards-compat option for the
user's convenience"
Related commit d22c1755 ("netfilter: fix NAT packaging with kernels
5.2+")
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 5d6e3a0c98..2047dcc842 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -199,7 +199,7 @@ $(eval $(if $(NF_KMOD),,$(call
nf_add,IPT_NAT,CONFIG_NF_NAT, ipt_SNAT ipt_DNAT))
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_NPT,
ip6t_DNPT ip6t_SNPT)))
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE,
$(P_V4)ipt_MASQUERADE, lt 5.2))
-$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE,
$(P_XT)xt_MASQUERADE, ge 5.2))
+$(eval $(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_TARGET_MASQUERADE,
$(P_XT)xt_MASQUERADE, ge 5.2))
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_XT)xt_REDIRECT))
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 6/8] netfilter.mk: add version conditional around CONFIG_NF_NAT_PROTO_GRE
It was removed in upstream linux commit faec18db ("netfilter: nat:
remove l4proto->manip_pkt"). This happened since linux 5.0
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 8776391f96..02173d4355 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -220,7 +220,7 @@ $(eval $(call
nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_BROADCAST, $(P_XT)nf
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA,
$(P_XT)nf_conntrack_amanda))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA,
$(P_XT)nf_nat_amanda))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CT_PROTO_GRE,
$(P_XT)nf_conntrack_proto_gre, lt 5.1))
-$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_PROTO_GRE,
$(P_V4)nf_nat_proto_gre))
+$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_PROTO_GRE,
$(P_V4)nf_nat_proto_gre, lt 5.0))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_H323,
$(P_XT)nf_conntrack_h323))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_H323,
$(P_V4)nf_nat_h323))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_PPTP,
$(P_XT)nf_conntrack_pptp))
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 8/8] netfilter.mk: remove now obsolete kmod nf_nat_redirect
Now that the minimal kernel version maintained here is 4.19 Signed-off-by: Yousong Zhou --- include/netfilter.mk | 1 - 1 file changed, 1 deletion(-) diff --git a/include/netfilter.mk b/include/netfilter.mk index 0c29c0bd04..2c71c07056 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -184,7 +184,6 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt)) # kernel only $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),)) -$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT, $(P_XT)nf_nat_redirect, lt 4.18),)) $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4, lt 5.1))) $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6, lt 5.1))) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 3/8] netfilter.mk: add version conditional for nf_nat_ipv4, 6
The upstream linux commit is 3bf195ae ("netfilter: nat: merge
nf_nat_ipv4,6 into nat core"). It was included since linux 5.1
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 9f22512d68..3c217db106 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -185,8 +185,8 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT,
$(P_V6)ip6t_rt))
# kernel only
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),))
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT,
$(P_XT)nf_nat_redirect),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4,
$(P_V4)nf_nat_ipv4),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6,
$(P_V6)nf_nat_ipv6),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4,
$(P_V4)nf_nat_ipv4, lt 5.1)))
+$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6,
$(P_V6)nf_nat_ipv6, lt 5.1)))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_NAT,
$(P_XT)xt_nat),))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT,
$(P_V4)iptable_nat),))
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH netifd 4/4] interface: proto_ip: order by address index first
At the moment, dnsmasq initscript generates dhcp-range for an interface
by inspecting first address of that interface from netifd ubus output.
Order by address index as specified in the uci config make netifd ubus
output consistent with linux network interfaces' primary/secondary
address settings. More importantly, the ubus output and dnsmasq config
generation will be more predictable.
Signed-off-by: Yousong Zhou
---
interface-ip.c | 11 +--
proto.c| 4 ++--
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/interface-ip.c b/interface-ip.c
index f1ed8d3..35834a5 100644
--- a/interface-ip.c
+++ b/interface-ip.c
@@ -516,8 +516,15 @@ error:
static int
addr_cmp(const void *k1, const void *k2, void *ptr)
{
- return memcmp(k1, k2, sizeof(struct device_addr) -
- offsetof(struct device_addr, flags));
+ const struct device_addr *a1 = k1;
+ const struct device_addr *a2 = k2;
+ const int cmp_offset = offsetof(struct device_addr, flags);
+ const int cmp_size = sizeof(struct device_addr) - cmp_offset;
+
+ if (a1->index != a2->index) {
+ return a1->index - a2->index;
+ }
+ return memcmp(k1+cmp_offset, k2+cmp_offset, cmp_size);
}
static int
diff --git a/proto.c b/proto.c
index f7d27aa..01473f2 100644
--- a/proto.c
+++ b/proto.c
@@ -174,7 +174,7 @@ parse_static_address_option(struct interface *iface, struct
blob_attr *attr,
}
addr->index = n_addr;
n_addr++;
- vlist_add(>proto_ip.addr, >node, >flags);
+ vlist_add(>proto_ip.addr, >node, addr);
}
return n_addr;
@@ -275,7 +275,7 @@ parse_address_list(struct interface *iface, struct
blob_attr *attr, bool v6,
addr->index = n_addr;
n_addr++;
- vlist_add(>proto_ip.addr, >node, >flags);
+ vlist_add(>proto_ip.addr, >node, addr);
}
return n_addr;
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH netifd 2/4] proto: rework parse_addr to return struct device_addr
This is a preparation for the next commit to record address index for
the returned device_addr struct
Signed-off-by: Yousong Zhou
---
proto.c | 26 +++---
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/proto.c b/proto.c
index cbc92b1..d80cae0 100644
--- a/proto.c
+++ b/proto.c
@@ -116,16 +116,16 @@ alloc_device_addr(bool v6, bool ext)
return addr;
}
-static bool
-parse_addr(struct interface *iface, const char *str, bool v6, int mask,
- bool ext, uint32_t broadcast, uint32_t ptp, bool deprecated)
+static struct device_addr *
+parse_addr(const char *str, bool v6, int mask, bool ext, uint32_t broadcast,
+ uint32_t ptp, bool deprecated)
{
struct device_addr *addr;
int af = v6 ? AF_INET6 : AF_INET;
addr = alloc_device_addr(v6, ext);
if (!addr)
- return false;
+ return NULL;
addr->mask = mask;
if (!parse_ip_and_netmask(af, str, >addr, >mask))
@@ -143,14 +143,12 @@ parse_addr(struct interface *iface, const char *str, bool
v6, int mask,
if (deprecated)
addr->preferred_until = system_get_rtime();
- vlist_add(>proto_ip.addr, >node, >flags);
- return true;
+ return addr;
error:
- interface_add_error(iface, "proto", "INVALID_ADDRESS", , 1);
free(addr);
- return false;
+ return NULL;
}
static int
@@ -159,6 +157,8 @@ parse_static_address_option(struct interface *iface, struct
blob_attr *attr,
uint32_t ptp, bool deprecated)
{
struct blob_attr *cur;
+ struct device_addr *addr;
+ const char *str;
int n_addr = 0;
int rem;
@@ -166,10 +166,14 @@ parse_static_address_option(struct interface *iface,
struct blob_attr *attr,
if (blobmsg_type(cur) != BLOBMSG_TYPE_STRING)
return -1;
- n_addr++;
- if (!parse_addr(iface, blobmsg_data(cur), v6, netmask, ext,
- broadcast, ptp, deprecated))
+ str = blobmsg_data(cur);
+ addr = parse_addr(str, v6, netmask, ext, broadcast, ptp,
deprecated);
+ if (addr == NULL) {
+ interface_add_error(iface, "proto", "INVALID_ADDRESS",
, 1);
return -1;
+ }
+ n_addr++;
+ vlist_add(>proto_ip.addr, >node, >flags);
}
return n_addr;
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH netifd 1/4] build: find and use libnl header dirs
Name of the libnl .pc file is libnl-3.0.pc
This commit is mainly for testing netifd build of usual Linux systems.
netifd Makefile in current OpenWrt build system specifies custom cmake
flags to point to libnl-tiny
Signed-off-by: Yousong Zhou
---
CMakeLists.txt | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index d6203aa..9d19817 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -27,8 +27,12 @@ SET(LIBS
ubox ubus uci json-c blobmsg_json)
IF (NOT DEFINED LIBNL_LIBS)
- FIND_LIBRARY(libnl NAMES libnl-3 libnl nl-3 nl)
- SET(LIBNL_LIBS ${libnl})
+ include(FindPkgConfig)
+ pkg_search_module(LIBNL libnl-3.0 libnl-3 libnl nl-3 nl)
+ IF (LIBNL_FOUND)
+ include_directories(${LIBNL_INCLUDE_DIRS})
+ SET(LIBNL_LIBS ${LIBNL_LIBRARIES})
+ ENDIF()
ENDIF()
IF("${CMAKE_SYSTEM_NAME}" MATCHES "Linux" AND NOT DUMMY_MODE)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH netifd 3/4] device_addr: record address index as in the blob
Signed-off-by: Yousong Zhou
---
interface-ip.h | 1 +
proto.c| 2 ++
2 files changed, 3 insertions(+)
diff --git a/interface-ip.h b/interface-ip.h
index 5ab9299..b17ad94 100644
--- a/interface-ip.h
+++ b/interface-ip.h
@@ -127,6 +127,7 @@ struct device_addr {
struct vlist_node node;
bool enabled;
bool failed;
+ int index;
unsigned int policy_table;
struct device_route subnet;
diff --git a/proto.c b/proto.c
index d80cae0..f7d27aa 100644
--- a/proto.c
+++ b/proto.c
@@ -172,6 +172,7 @@ parse_static_address_option(struct interface *iface, struct
blob_attr *attr,
interface_add_error(iface, "proto", "INVALID_ADDRESS",
, 1);
return -1;
}
+ addr->index = n_addr;
n_addr++;
vlist_add(>proto_ip.addr, >node, >flags);
}
@@ -272,6 +273,7 @@ parse_address_list(struct interface *iface, struct
blob_attr *attr, bool v6,
if (!addr)
return -1;
+ addr->index = n_addr;
n_addr++;
vlist_add(>proto_ip.addr, >node, >flags);
}
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 0/7] netfilter: kconfig symbol updates
The series was based work by Tony Ambardar in GitHub pull request [1]. Many investigations were done by Tony. And many changes were done by me and all errors are mine of course. [1] https://github.com/openwrt/openwrt/pull/3257 The work foucused on the following aspects. - Use current config symbols when possible, instead of those retained for compat reasons - Many kconfig symbols for conntrack and nat functions are now bool with prompt ones, instead of the old tristate ones. Version conditionals are added for old kernel versions. And make them unset state as these options can only be enabled when selected by others Tony Ambardar (1): netfilter.mk: add version conditional for CONFIG_NF_CT_PROTO_GRE Yousong Zhou (6): netfilter.mk: use CONFIG_NETFILTER_XT_TARGET_MASQUERADE netfilter.mk: use CONFIG_NETFILTER_XT_TARGET_REDIRECT netfilter.mk: add version conditional for nf_nat_ipv4,6 generic: 5.4: make nf nat masquerade in unset state by default netfilter.mk: add version conditional around nf_nat_redirect mod netfilter.mk: add version conditional around CONFIG_NF_NAT_PROTO_GRE include/netfilter.mk| 14 +++--- target/linux/generic/config-5.4 | 3 +-- 2 files changed, 8 insertions(+), 9 deletions(-) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 4/7] generic: 5.4: make nf nat masquerade in unset state by default
Upstream linux 5.1 commit d1aca8ab ("netfilter: nat: merge ipv4 and ipv6
masquerade functionality") replaces the following 2 options
- CONFIG_NF_NAT_MASQUERADE_IPV4
- CONFIG_NF_NAT_MASQUERADE_IPV6
with CONFIG_NF_NAT_MASQUERADE. The new option is one without prompt and
will be selected by CONFIG_NETFILTER_XT_TARGET_MASQUERADE introduced
still later in 5.2.
Signed-off-by: Yousong Zhou
---
target/linux/generic/config-5.4 | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/target/linux/generic/config-5.4 b/target/linux/generic/config-5.4
index aa3fbded3b..ebbff3fa62 100644
--- a/target/linux/generic/config-5.4
+++ b/target/linux/generic/config-5.4
@@ -3689,8 +3689,7 @@ CONFIG_NF_CONNTRACK_PROCFS=y
# CONFIG_NF_NAT_H323 is not set
# CONFIG_NF_NAT_IPV6 is not set
# CONFIG_NF_NAT_IRC is not set
-CONFIG_NF_NAT_MASQUERADE_IPV4=y
-CONFIG_NF_NAT_MASQUERADE_IPV6=y
+# CONFIG_NF_NAT_MASQUERADE is not set
# CONFIG_NF_NAT_NEEDED is not set
# CONFIG_NF_NAT_PPTP is not set
# CONFIG_NF_NAT_PROTO_GRE is not set
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 1/7] netfilter.mk: use CONFIG_NETFILTER_XT_TARGET_MASQUERADE
CONFIG_IP_NF_TARGET_MASQUERADE and its counterpart
CONFIG_IP6_NF_TARGET_MASQUERADE are "backwards-compat option for the
user's convenience"
Related commit d22c1755 ("netfilter: fix NAT packaging with kernels
5.2+")
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 5d6e3a0c98..2047dcc842 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -199,7 +199,7 @@ $(eval $(if $(NF_KMOD),,$(call
nf_add,IPT_NAT,CONFIG_NF_NAT, ipt_SNAT ipt_DNAT))
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_NPT,
ip6t_DNPT ip6t_SNPT)))
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE,
$(P_V4)ipt_MASQUERADE, lt 5.2))
-$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE,
$(P_XT)xt_MASQUERADE, ge 5.2))
+$(eval $(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_TARGET_MASQUERADE,
$(P_XT)xt_MASQUERADE, ge 5.2))
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_XT)xt_REDIRECT))
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 2/7] netfilter.mk: use CONFIG_NETFILTER_XT_TARGET_REDIRECT
CONFIG_IP_NF_TARGET_REDIRECT is a compat option since upstream commit
2cbc78a2 ("netfilter: combine ipt_REDIRECT and ip6t_REDIRECT"). That
happened since linux 3.10
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 2047dcc842..9f22512d68 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -200,7 +200,7 @@ $(eval $(if $(NF_KMOD),,$(call
nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_NPT, ip6t_DN
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE,
$(P_V4)ipt_MASQUERADE, lt 5.2))
$(eval $(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_TARGET_MASQUERADE,
$(P_XT)xt_MASQUERADE, ge 5.2))
-$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_XT)xt_REDIRECT))
+$(eval $(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_TARGET_REDIRECT,
$(P_XT)xt_REDIRECT))
# nat-extra
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 7/7] netfilter.mk: add version conditional around CONFIG_NF_NAT_PROTO_GRE
It was removed in upstream linux commit faec18db ("netfilter: nat:
remove l4proto->manip_pkt"). This happened since linux 5.1
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index dccec09ffb..0c29c0bd04 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -220,7 +220,7 @@ $(eval $(call
nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_BROADCAST, $(P_XT)nf
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA,
$(P_XT)nf_conntrack_amanda))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA,
$(P_XT)nf_nat_amanda))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CT_PROTO_GRE,
$(P_XT)nf_conntrack_proto_gre, lt 5.1))
-$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_PROTO_GRE,
$(P_V4)nf_nat_proto_gre))
+$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_PROTO_GRE,
$(P_V4)nf_nat_proto_gre, lt 5.0))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_H323,
$(P_XT)nf_conntrack_h323))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_H323,
$(P_V4)nf_nat_h323))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_PPTP,
$(P_XT)nf_conntrack_pptp))
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 6/7] netfilter.mk: add version conditional for CONFIG_NF_CT_PROTO_GRE
From: Tony Ambardar
Kernel commit 22fc4c4c9fd6 ("netfilter: conntrack: gre: switch module to
be built-in") moved the CT GRE code into the core nf_conntrack.ko module
and changed the CONFIG_NF_CT_PROTO_GRE option to boolean for kernel 5.1
and onwards.
CONFIG_NF_CT_PROTO_GRE at the moment has no prompt and can only be
selected by NF_CONNTRACK_PPTP
Fixes: FS#2990 (partial)
Ref: https://bugs.openwrt.org/index.php?do=details_id=2990
Signed-off-by: Tony Ambardar
[note that the option now can not be enabled on its own]
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index e5ba3b366e..dccec09ffb 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -219,7 +219,7 @@ $(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_NAT_FTP,
$(P_XT)nf_nat_ftp))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_BROADCAST,
$(P_XT)nf_conntrack_broadcast))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA,
$(P_XT)nf_conntrack_amanda))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA,
$(P_XT)nf_nat_amanda))
-$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CT_PROTO_GRE,
$(P_XT)nf_conntrack_proto_gre))
+$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CT_PROTO_GRE,
$(P_XT)nf_conntrack_proto_gre, lt 5.1))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_PROTO_GRE,
$(P_V4)nf_nat_proto_gre))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_H323,
$(P_XT)nf_conntrack_h323))
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_H323,
$(P_V4)nf_nat_h323))
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 5/7] netfilter.mk: add version conditional around nf_nat_redirect mod
Kernel commit 1ac89d20150e ("netfilter: nat: merge nf_nat_redirect into
nf_nat") made the redirect module part of the nat core and changed the
CONFIG_NF_NAT_REDIRECT option to a boolean, without prompt, affecting
kernel 4.18 onwards. CONFIG_NF_NAT_REDIRECT now can only be selected by
CONFIG_NFT_REDIR or NETFILTER_XT_TARGET_REDIRECT
Fixes: FS#2476
Ref: https://bugs.openwrt.org/index.php?do=details_id=2476
Fixes: FS#2990 (partial)
Ref: https://bugs.openwrt.org/index.php?do=details_id=2990
Signed-off-by: Tony Ambardar
[note that the option has no prompt and can only be selected by other
kconfig options]
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 3c217db106..e5ba3b366e 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -184,7 +184,7 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT,
$(P_V6)ip6t_rt))
# kernel only
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT,
$(P_XT)nf_nat_redirect),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT,
$(P_XT)nf_nat_redirect, lt 4.18),))
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4,
$(P_V4)nf_nat_ipv4, lt 5.1)))
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6,
$(P_V6)nf_nat_ipv6, lt 5.1)))
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 3/7] netfilter.mk: add version conditional for nf_nat_ipv4,6
The upstream linux commit is 3bf195ae ("netfilter: nat: merge
nf_nat_ipv4,6 into nat core"). It was included since linux 5.1
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 9f22512d68..3c217db106 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -185,8 +185,8 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT,
$(P_V6)ip6t_rt))
# kernel only
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),))
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT,
$(P_XT)nf_nat_redirect),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4,
$(P_V4)nf_nat_ipv4),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6,
$(P_V6)nf_nat_ipv6),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4,
$(P_V4)nf_nat_ipv4, lt 5.1)))
+$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6,
$(P_V6)nf_nat_ipv6, lt 5.1)))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_NAT,
$(P_XT)xt_nat),))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT,
$(P_V4)iptable_nat),))
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: Dnssec is never enabled on recent master
On Tue, 22 Sep 2020 at 19:00, Sami Olmari wrote: > > This commit > https://github.com/openwrt/openwrt/commit/064dc1e81bc85f6ef8becc38854292853a59d2c2 > breaks all dnssec, it will never get enabled despite /etc/config/dhcp > enabling it. Reverting this commit made dnssec to work again. So this > needs either reverting, or some more elaborate fix. Should be fixed now with https://git.openwrt.org/7dc78d1d2893b672544e8c26026ce961a7248a82 . Sorry for the inconvenience and possible hazard exposed. It's a logic invert ;( Regards, yousong > > Additionally I got this message when troubleshooting this at irc: > "While at it, ask please to fix trust-anchor match too (it's not an > option, the option just contains that word at the end)" > > Thank you! > > -- > Sami Olmari > Oy Olmari Ab > Vaasa Hacklab ry ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] uhttpd: Increase default certificate validate from 2 to 10 years
On Wed, 2 Sep 2020 at 01:32, Hauke Mehrtens wrote: > > On 9/1/20 12:45 AM, Yousong Zhou wrote: > > It's worth mentioning that recent versions of macos since 10.15 have a > > restriction on certificate validity period, self-signed or not. It's > > a strong restriction that the browser ui will have no buttons or knobs > > to bypass the certificate validation, rendering such sites > > inaccessible. I remembered it's also a system wide enforcement that > > chrome on macos also respects this. > > > > [1] Requirements for trusted certificates in iOS 13 and macOS 10.15, > > https://support.apple.com/en-us/HT210176 > > > >> TLS server certificates must have a validity period of 825 days or fewer > >> (as expressed in the NotBefore and NotAfter fields of the certificate). > > > > [2] About upcoming limits on trusted certificates, > > https://support.apple.com/en-us/HT211025 > > > >> TLS server certificates issued on or after September 1, 2020 00:00 GMT/UTC > >> must not have a validity period greater than 398 days. > > > > Regards, > >yousong > > Could someone please test how MacOS and iOS behave with a self signed > certificate, valid for 10 years which was issued no later than today please. Tried with chrome on macos 10.15 (catalina), no way to proceed on the certificate warning page. With macos 10.13 (high sierra), chrome will allow you to ignore the check and continue on, but safari will warn after clicking "visit this website" that "You will have to modify your system settings to allow this." and prompt for a password to change "Certificate Trust Settings". Regards, yousong ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] uhttpd: Increase default certificate validate from 2 to 10 years
On Tue, 1 Sep 2020 at 06:45, Yousong Zhou wrote: > > It's worth mentioning that recent versions of macos since 10.15 have a > restriction on certificate validity period, self-signed or not. It's > a strong restriction that the browser ui will have no buttons or knobs > to bypass the certificate validation, rendering such sites > inaccessible. I remembered it's also a system wide enforcement that > chrome on macos also respects this. > > [1] Requirements for trusted certificates in iOS 13 and macOS 10.15, > https://support.apple.com/en-us/HT210176 > > > TLS server certificates must have a validity period of 825 days or fewer > > (as expressed in the NotBefore and NotAfter fields of the certificate). > > [2] About upcoming limits on trusted certificates, > https://support.apple.com/en-us/HT211025 > > > TLS server certificates issued on or after September 1, 2020 00:00 GMT/UTC > > must not have a validity period greater than 398 days. > > Regards, >yousong The other thing that just occurred to me is, chrome will not cache content fetched from links with invalid certificates. It's a WontFix decision [1] . I would guess a 400MHz MIPS CPU might have a hard time with this. [1] Issue 110649: Browser not caching files if HTTPS is used even if it's allowed by webserver via response headers, https://bugs.chromium.org/p/chromium/issues/detail?id=110649#c8 Regards, yousong ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] uhttpd: Increase default certificate validate from 2 to 10 years
It's worth mentioning that recent versions of macos since 10.15 have a restriction on certificate validity period, self-signed or not. It's a strong restriction that the browser ui will have no buttons or knobs to bypass the certificate validation, rendering such sites inaccessible. I remembered it's also a system wide enforcement that chrome on macos also respects this. [1] Requirements for trusted certificates in iOS 13 and macOS 10.15, https://support.apple.com/en-us/HT210176 > TLS server certificates must have a validity period of 825 days or fewer (as > expressed in the NotBefore and NotAfter fields of the certificate). [2] About upcoming limits on trusted certificates, https://support.apple.com/en-us/HT211025 > TLS server certificates issued on or after September 1, 2020 00:00 GMT/UTC > must not have a validity period greater than 398 days. Regards, yousong ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] toolchain: binutils: Fix typo in patch for MIPS64
On Mon, 10 Aug 2020 at 00:01, Hauke Mehrtens wrote:
>
> There was a typo in the patch which breaks compiling binutils on
> MIPS63EL.
> make[7]: *** No rule to make target 'elf64ltsmip.o', needed by 'ld-new'.
> Stop.
>
> Fixes: FS#3276
> Fixes: 53470bdf3212 ("toolchain/binutils: Add binutils 2.34")
> Signed-off-by: Hauke Mehrtens
Acked-by: Yousong Zhou
Regards,
yousong
> ---
> .../2.34/500-Change-default-emulation-for-mips64-linux.patch| 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git
> a/toolchain/binutils/patches/2.34/500-Change-default-emulation-for-mips64-linux.patch
>
> b/toolchain/binutils/patches/2.34/500-Change-default-emulation-for-mips64-linux.patch
> index 24c2afb8be51..455ac0001dd4 100644
> ---
> a/toolchain/binutils/patches/2.34/500-Change-default-emulation-for-mips64-linux.patch
> +++
> b/toolchain/binutils/patches/2.34/500-Change-default-emulation-for-mips64-linux.patch
> @@ -25,7 +25,7 @@
> ;;
> -mips64*el-*-linux-*) targ_emul=elf32ltsmipn32
> - targ_extra_emuls="elf32btsmipn32 elf32ltsmip
> elf32btsmip elf64ltsmip elf64btsmip"
> -+mips64*el-*-linux-*) targ_emul=lf64ltsmip
> ++mips64*el-*-linux-*) targ_emul=elf64ltsmip
> + targ_extra_emuls="elf32btsmipn32 elf32ltsmipn32
> elf32ltsmip elf32btsmip elf64btsmip"
> targ_extra_libpath=$targ_extra_emuls
> ;;
> --
> 2.20.1
>
>
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] malta: Refresh kernel configuration
On Mon, 10 Aug 2020 at 00:17, Hauke Mehrtens wrote: > > This refreshes the kernel configuration on top of kernel 5.4. > It now builds without asking to select some kernel options on all 4 > subtargets. > It still does not boot up, there is a different problem. malta/be boots fine with this applied, so I guess this line is about mips64. > > Signed-off-by: Hauke Mehrtens Tested-By: Yousong Zhou Acked-By: Yousong Zhou Regards, yousong > --- > target/linux/malta/be/config-default | 8 > target/linux/malta/be64/config-default | 7 +-- > target/linux/malta/config-5.4 | 9 + > target/linux/malta/le/config-default | 9 - > target/linux/malta/le64/config-default | 8 +--- > 5 files changed, 23 insertions(+), 18 deletions(-) > > diff --git a/target/linux/malta/be/config-default > b/target/linux/malta/be/config-default > index 5586be6b7c46..735296f5b3f3 100644 > --- a/target/linux/malta/be/config-default > +++ b/target/linux/malta/be/config-default > @@ -1,4 +1,12 @@ > CONFIG_CPU_BIG_ENDIAN=y > +CONFIG_CPU_HAS_RIXI=y > # CONFIG_CPU_LITTLE_ENDIAN is not set > CONFIG_CPU_MIPS32_R2=y > +CONFIG_CPU_MIPSR2=y > +CONFIG_CPU_SUPPORTS_MSA=y > +CONFIG_HAVE_CBPF_JIT=y > +CONFIG_HAVE_KVM=y > CONFIG_HIGHMEM=y > +CONFIG_MIPS_CBPF_JIT=y > +CONFIG_MIPS_SPRAM=y > +CONFIG_TARGET_ISA_REV=2 > diff --git a/target/linux/malta/be64/config-default > b/target/linux/malta/be64/config-default > index 3792b7fce831..8edef1a8579e 100644 > --- a/target/linux/malta/be64/config-default > +++ b/target/linux/malta/be64/config-default > @@ -9,20 +9,15 @@ CONFIG_CPU_BIG_ENDIAN=y > # CONFIG_CPU_LITTLE_ENDIAN is not set > CONFIG_CPU_MIPS64=y > CONFIG_CPU_MIPS64_R1=y > -CONFIG_CPU_MIPSR1=y > CONFIG_CPU_SUPPORTS_64BIT_KERNEL=y > CONFIG_CPU_SUPPORTS_HUGEPAGES=y > -CONFIG_HAVE_64BIT_ALIGNED_ACCESS=y > CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y > -CONFIG_HAVE_EBPF_JIT=y > CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y > -# CONFIG_HUGETLBFS is not set > +# CONFIG_IONIC is not set > # CONFIG_MIPS32_N32 is not set > # CONFIG_MIPS32_O32 is not set > -CONFIG_MIPS_EBPF_JIT=y > # CONFIG_MIPS_VA_BITS_48 is not set > CONFIG_MODULES_USE_ELF_RELA=y > -CONFIG_PCI_BUS_ADDR_T_64BIT=y > CONFIG_PGTABLE_LEVELS=3 > CONFIG_PHYS_ADDR_T_64BIT=y > CONFIG_SYS_SUPPORTS_HUGETLBFS=y > diff --git a/target/linux/malta/config-5.4 b/target/linux/malta/config-5.4 > index 865be850cbd6..10ad79548056 100644 > --- a/target/linux/malta/config-5.4 > +++ b/target/linux/malta/config-5.4 > @@ -43,6 +43,7 @@ CONFIG_BOUNCE=y > CONFIG_BUILTIN_DTB=y > CONFIG_CDROM=y > CONFIG_CEVT_R4K=y > +# CONFIG_CGROUPS is not set > CONFIG_CLKBLD_I8253=y > CONFIG_CLKDEV_LOOKUP=y > CONFIG_CLKEVT_I8253=y > @@ -61,7 +62,7 @@ CONFIG_CPU_HAS_SYNC=y > # CONFIG_CPU_MICROMIPS is not set > CONFIG_CPU_MIPS32=y > # CONFIG_CPU_MIPS32_3_5_FEATURES is not set > -CONFIG_CPU_MIPS32_R1=y > +# CONFIG_CPU_MIPS32_R1 is not set > # CONFIG_CPU_MIPS32_R2 is not set > # CONFIG_CPU_MIPS32_R6 is not set > # CONFIG_CPU_MIPS64_R1 is not set > @@ -99,9 +100,7 @@ CONFIG_DUMMY_CONSOLE=y > CONFIG_EFI_EARLYCON=y > CONFIG_ENABLE_MUST_CHECK=y > CONFIG_EXT4_FS=y > -# CONFIG_F2FS_CHECK_FS is not set > CONFIG_F2FS_FS=y > -# CONFIG_F2FS_FS_SECURITY is not set > CONFIG_F2FS_FS_XATTR=y > CONFIG_F2FS_STAT_FS=y > CONFIG_FONT_8x16=y > @@ -173,6 +172,8 @@ CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y > CONFIG_HAVE_RSEQ=y > CONFIG_HAVE_SYSCALL_TRACEPOINTS=y > CONFIG_HW_CONSOLE=y > +CONFIG_HZ=250 > +CONFIG_HZ_250=y > CONFIG_I8253=y > CONFIG_I8253_LOCK=y > CONFIG_I8259=y > @@ -243,7 +244,6 @@ CONFIG_NO_HZ_COMMON=y > CONFIG_NO_HZ_IDLE=y > CONFIG_NR_CPUS=2 > CONFIG_NVMEM=y > -# CONFIG_NVMEM_REBOOT_MODE is not set > CONFIG_OF=y > CONFIG_OF_ADDRESS=y > CONFIG_OF_EARLY_FLATTREE=y > @@ -285,6 +285,7 @@ CONFIG_RFS_ACCEL=y > CONFIG_RPS=y > CONFIG_RTC_CLASS=y > # CONFIG_RTC_DRV_JZ4740 is not set > +CONFIG_RTC_MC146818_LIB=y > CONFIG_SCSI=y > CONFIG_SECCOMP=y > CONFIG_SECCOMP_FILTER=y > diff --git a/target/linux/malta/le/config-default > b/target/linux/malta/le/config-default > index 2b42a6b5b2bf..2c6148195e10 100644 > --- a/target/linux/malta/le/config-default > +++ b/target/linux/malta/le/config-default > @@ -1,4 +1,11 @@ > -# CONFIG_CPU_BIG_ENDIAN is not set > +CONFIG_CPU_HAS_RIXI=y > CONFIG_CPU_LITTLE_ENDIAN=y > CONFIG_CPU_MIPS32_R2=y > +CONFIG_CPU_MIPSR2=y > +CONFIG_CPU_SUPPORTS_MSA=y > +CONFIG_HAVE_CBPF_JIT=y > +CONFIG_HAVE_KVM=y > CONFIG_HIGHMEM=y > +CONFIG_MIPS_CBPF_JIT=y > +CONFIG_MIPS_SPRAM=y > +CONFIG_TARGET_ISA_REV=2 > diff --git a/target/li
Re: [PATCH] kernel: Move CONFIG_IONIC to generic kernel config
On Mon, 10 Aug 2020 at 00:17, Hauke Mehrtens wrote: > > It is deactivated everywhere, just set this in the generic config. > > Signed-off-by: Hauke Mehrtens Acked-by: Yousong Zhou Regards, yousong ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] dnsmasq: abort when dnssec requested but not available
Before this commit, if uci option "dnssec" was set, we pass "--dnssec"
and friends to dnsmasq, let it start and decide whether to quit and
whether to emit message for diagnosis
# dnsmasq --dnssec; echo $?
dnsmasq: DNSSEC not available: set HAVE_DNSSEC in src/config.h
1
DNSSEC as a feature is different from others like dhcp, tftp in that
it's a security feature. Better be explicit. With this change
committed, we make it so by not allowing it in the first in the
initscript, should dnsmasq later decides to not quit (not likely) or
quit without above explicit error (unlikely but less so ;)
So this is just being proactive. on/off choices with uci option
"dnssec" are still available like before
Link: https://github.com/openwrt/openwrt/pull/3265#issuecomment-667795302
Signed-off-by: Yousong Zhou
---
package/network/services/dnsmasq/Makefile | 2 +-
package/network/services/dnsmasq/files/dnsmasq.init | 8 ++--
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/package/network/services/dnsmasq/Makefile
b/package/network/services/dnsmasq/Makefile
index 22ecd12f07..ab3f4fd8d0 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_UPSTREAM_VERSION:=2.82
PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init
b/package/network/services/dnsmasq/files/dnsmasq.init
index 9288971426..932103d8b5 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -42,9 +42,13 @@ dnsmasq_ignore_opt() {
bootp-*|\
pxe-*)
[ -z "$dnsmasq_has_dhcp" ] ;;
- dnssec-*|\
+ dnssec*|\
trust-anchor)
- [ -z "$dnsmasq_has_dnssec" ] ;;
+ if [ -z "$dnsmasq_has_dnssec" ]; then
+ echo "dnsmasq: \"$opt\" requested, but dnssec
support is not available" >&2
+ exit 1
+ fi
+ ;;
tftp-*)
[ -z "$dnsmasq_has_tftp" ] ;;
ipset)
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] busybox: fix fwmark and add fwmask support to ip rule
On Tue, 4 Aug 2020 at 06:58, Rui Salvaterra wrote:
>
> BusyBox ip (rule) applet supports fwmark for policy routing (albeit through
> the
> old and deprecated RTA_PROTOINFO message attribute), but fwmask is completely
> unsupported. For this reason, mwan3 depends on ip(-tiny), which compiles to
> over 280 kiB on MIPS32 (-mips16 -mtune=74kc -O2).
>
> This pending [1] BusyBox patch modernises the fwmark implementation (using the
> FRA_FWMARK attribute) and also implements fwmask (FRA_FWMASK) required by
> mwan3,
> allowing it to drop its dependecy on ip.
>
> Other potential candidates for dropping their ip dependency (relying only on
> BusyBox ip) are shadowsocks-libev, strongswan and vpn-policy-routing.
As far as shadowsocks-libev is concerned, busybox ip command should
work just fine. Maybe we could let buxybox PROVIDES "ip"
Regards,
yousong
>
> [1] http://lists.busybox.net/pipermail/busybox/2020-July/088164.html
>
> Signed-off-by: Rui Salvaterra
> ---
> .../302-ip-rule-add-support-for-fwmask.patch | 90 +++
> 1 file changed, 90 insertions(+)
> create mode 100644
> package/utils/busybox/patches/302-ip-rule-add-support-for-fwmask.patch
>
> diff --git
> a/package/utils/busybox/patches/302-ip-rule-add-support-for-fwmask.patch
> b/package/utils/busybox/patches/302-ip-rule-add-support-for-fwmask.patch
> new file mode 100644
> index 00..abdc309068
> --- /dev/null
> +++ b/package/utils/busybox/patches/302-ip-rule-add-support-for-fwmask.patch
> @@ -0,0 +1,90 @@
> +From f06ac1e49b4a5a57660c7b370a7ebd436981bd89 Mon Sep 17 00:00:00 2001
> +From: Rui Salvaterra
> +Date: Fri, 31 Jul 2020 09:59:40 +0100
> +Subject: [PATCH] ip rule: add support for fwmark/fwmask for policy routing
> +
> +This adds support for fwmark/fwmask in ip rule which is needed, for example,
> in
> +OpenWrt's mwan3. Masks are supported since Linux 2.6.19.
> +
> +Fixes: https://bugs.busybox.net/show_bug.cgi?id=11621
> +
> +Signed-off-by: Rui Salvaterra
> +---
> + networking/ip.c| 2 +-
> + networking/libiproute/iprule.c | 31 +--
> + 2 files changed, 26 insertions(+), 7 deletions(-)
> +
> +diff --git a/networking/ip.c b/networking/ip.c
> +index 034ee4fc8..bade93e62 100644
> +--- a/networking/ip.c
> b/networking/ip.c
> +@@ -257,7 +257,7 @@
> + //usage:#define iprule_trivial_usage
> + //usage: "[list] | add|del SELECTOR ACTION"
> + //usage:#define iprule_full_usage "\n\n"
> +-//usage: " SELECTOR := [from PREFIX] [to PREFIX] [tos TOS]
> [fwmark FWMARK]\n"
> ++//usage: " SELECTOR := [from PREFIX] [to PREFIX] [tos TOS]
> [fwmark FWMARK[/MASK] ]\n"
> + //usage: " [dev IFACE] [pref NUMBER]\n"
> + //usage: " ACTION := [table TABLE_ID] [nat ADDR]\n"
> + //usage: " [prohibit|reject|unreachable]\n"
> +diff --git a/networking/libiproute/iprule.c b/networking/libiproute/iprule.c
> +index 0ce0dfeef..40a09a4ab 100644
> +--- a/networking/libiproute/iprule.c
> b/networking/libiproute/iprule.c
> +@@ -17,8 +17,10 @@
> + #include
> +
> + /* from : */
> +-#define FRA_SUPPRESS_IFGROUP 13
> +-#define FRA_SUPPRESS_PREFIXLEN 14
> ++#define FRA_FWMARK10
> ++#define FRA_SUPPRESS_IFGROUP 13
> ++#define FRA_SUPPRESS_PREFIXLEN14
> ++#define FRA_FWMASK16
> +
> + #include "ip_common.h" /* #include "libbb.h" is inside */
> + #include "rt_names.h"
> +@@ -117,8 +119,18 @@ static int FAST_FUNC print_rule(const struct
> sockaddr_nl *who UNUSED_PARAM,
> + if (r->rtm_tos) {
> + printf("tos %s ", rtnl_dsfield_n2a(r->rtm_tos));
> + }
> +- if (tb[RTA_PROTOINFO]) {
> +- printf("fwmark %#x ",
> *(uint32_t*)RTA_DATA(tb[RTA_PROTOINFO]));
> ++
> ++ if (tb[FRA_FWMARK] || tb[FRA_FWMASK]) {
> ++ uint32_t mark = 0, mask = 0;
> ++
> ++ if (tb[FRA_FWMARK])
> ++ mark = *(uint32_t*)RTA_DATA(tb[FRA_FWMARK]);
> ++
> ++ if (tb[FRA_FWMASK] &&
> ++ (mask = *(uint32_t*)RTA_DATA(tb[FRA_FWMASK])) !=
> 0x)
> ++ printf("fwmark %#x/%#x ", mark, mask);
> ++ else
> ++ printf("fwmark %#x ", mark);
> + }
> +
> + if (tb[RTA_IIF]) {
> +@@ -257,10 +269,17 @@ static int iprule_modify(int cmd, char **argv)
> + invarg_1_to_2(*argv, "TOS");
> + req.r.rtm_tos = tos;
> + } else if (key == ARG_fwmark) {
> +- uint32_t fwmark;
> ++ char *slash;
> ++ uint32_t fwmark, fwmask;
> + NEXT_ARG();
> ++ if ((slash = strchr(*argv, '/')) != NULL)
> ++ *slash = '\0';
> + fwmark = get_u32(*argv, keyword_fwmark);
> +- addattr32(, sizeof(req), RTA_PROTOINFO, fwmark);
>
Re: [PATCHv2] libunwind: update to 1.4.0
On Wed, 29 Jul 2020 at 11:56, Rosen Penev wrote: > > On Tue, Jul 28, 2020 at 6:57 PM Yousong Zhou wrote: > > > > On Wed, 29 Jul 2020 at 04:29, Rosen Penev wrote: > > > > > > Cleanup Makefile for consistency with other ones. > > > > > > Remove PKG_SSP. It can be fixed with -lssp_nonshared. > > > > > > Add PKG_BUILD_PARALLEL for faster compilation. > > > > > > Add some alpine pathes to fix potential issues. > > > > This is just too vague and random. What are those potential issues? > > Add some description patch description what's wrong and why we need > > them, to make it more clear in the future when we can get rid of them! > Sure. > > > > > > > > Backport GCC 10 patch to fix compilation. > > > > > > Remove the InstallDev section for ARC. libunwind does not support ARC > > > and fails to compile. It seems InstallDev ignores the !arc DEPENDS. > > > > Likely it's not caused by InstallDev, reasons given in > > https://github.com/openwrt/packages/pull/12959#issuecomment-665021413 > I'm not talking about openvswitch. I'm talking about > https://downloads.openwrt.org/snapshots/faillogs/arc_archs/base/libunwind/compile.txt > > It was failing in the configure stage. Unlikely InstallDev has anything to do with it. More details? Regards, yousong ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCHv2] libunwind: update to 1.4.0
On Wed, 29 Jul 2020 at 04:29, Rosen Penev wrote:
>
> Cleanup Makefile for consistency with other ones.
>
> Remove PKG_SSP. It can be fixed with -lssp_nonshared.
>
> Add PKG_BUILD_PARALLEL for faster compilation.
>
> Add some alpine pathes to fix potential issues.
This is just too vague and random. What are those potential issues?
Add some description patch description what's wrong and why we need
them, to make it more clear in the future when we can get rid of them!
>
> Backport GCC 10 patch to fix compilation.
>
> Remove the InstallDev section for ARC. libunwind does not support ARC
> and fails to compile. It seems InstallDev ignores the !arc DEPENDS.
Likely it's not caused by InstallDev, reasons given in
https://github.com/openwrt/packages/pull/12959#issuecomment-665021413
Regards,
yousong
>
> Signed-off-by: Rosen Penev
> ---
> v2: removed InstallDev for ARC
> package/libs/libunwind/Makefile | 17 +-
> ...03-fix-missing-ef_reg-defs-with-musl.patch | 2 +-
> .../patches/005-aarch64-sigset_t.patch| 21 +
> .../patches/006-fix-libunwind-pc-in.patch | 10 +
> .../libs/libunwind/patches/010-gcc10.patch| 442 ++
> 5 files changed, 484 insertions(+), 8 deletions(-)
> create mode 100644 package/libs/libunwind/patches/005-aarch64-sigset_t.patch
> create mode 100644
> package/libs/libunwind/patches/006-fix-libunwind-pc-in.patch
> create mode 100644 package/libs/libunwind/patches/010-gcc10.patch
>
> diff --git a/package/libs/libunwind/Makefile b/package/libs/libunwind/Makefile
> index 994ee97a17..b0bf75077b 100644
> --- a/package/libs/libunwind/Makefile
> +++ b/package/libs/libunwind/Makefile
> @@ -9,22 +9,22 @@
> include $(TOPDIR)/rules.mk
>
> PKG_NAME:=libunwind
> -PKG_VERSION:=1.3.1
> +PKG_VERSION:=1.4.0
> PKG_RELEASE:=1
>
> PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
> PKG_SOURCE_URL:=@SAVANNAH/$(PKG_NAME)
> -PKG_HASH:=43997a3939b6ccdf2f669b50fdb8a4d3205374728c2923ddc2354c65260214f8
> -PKG_FIXUP:=autoreconf
> -PKG_INSTALL:=1
> +PKG_HASH:=df59c931bd4d7ebfd83ee481c943edf015138089b8e50abed8d9c57ba9338435
>
> +PKG_MAINTAINER:=Yousong Zhou
> PKG_LICENSE:=X11
> PKG_LICENSE_FILES:=LICENSE
> PKG_CPE_ID:=cpe:/a:libunwind_project:libunwind
>
> -PKG_MAINTAINER:=Yousong Zhou
> +PKG_FIXUP:=autoreconf
> +PKG_INSTALL:=1
> +PKG_BUILD_PARALLEL:=1
>
> -PKG_SSP:=0
> include $(INCLUDE_DIR)/package.mk
>
> define Package/libunwind
> @@ -43,19 +43,22 @@ endef
> CONFIGURE_ARGS += \
> --disable-documentation \
> --disable-tests \
> - --enable-minidebuginfo=no \
> + --disable-minidebuginfo
>
> +TARGET_LDFLAGS += $(if $(CONFIG_USE_MUSL),-lssp_nonshared)
>
> define Package/libunwind/install
> $(INSTALL_DIR) $(1)/usr/lib
> $(CP) $(PKG_INSTALL_DIR)/usr/lib/libunwin*.so.* $(1)/usr/lib/
> endef
>
> +ifeq ($(CONFIG_arc),)
> define Build/InstallDev
> $(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig
> $(CP) $(PKG_INSTALL_DIR)/usr/include/*.h $(1)/usr/include
> $(CP) $(PKG_INSTALL_DIR)/usr/lib/libunwin*.so* $(1)/usr/lib
> $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/* $(1)/usr/lib/pkgconfig/
> endef
> +endif
>
> $(eval $(call BuildPackage,libunwind))
> diff --git
> a/package/libs/libunwind/patches/003-fix-missing-ef_reg-defs-with-musl.patch
> b/package/libs/libunwind/patches/003-fix-missing-ef_reg-defs-with-musl.patch
> index 465abb4ce0..479004a27e 100644
> ---
> a/package/libs/libunwind/patches/003-fix-missing-ef_reg-defs-with-musl.patch
> +++
> b/package/libs/libunwind/patches/003-fix-missing-ef_reg-defs-with-musl.patch
> @@ -1,7 +1,7 @@
> diff -uprN a/include/libunwind-mips.h b/include/libunwind-mips.h
> --- a/include/libunwind-mips.h 2012-10-06 12:54:38.0 +0800
> +++ b/include/libunwind-mips.h 2016-06-08 13:55:55.029436442 +0800
> -@@ -111,6 +111,42 @@ typedef enum
> +@@ -114,6 +114,42 @@ typedef enum
> }
> mips_regnum_t;
>
> diff --git a/package/libs/libunwind/patches/005-aarch64-sigset_t.patch
> b/package/libs/libunwind/patches/005-aarch64-sigset_t.patch
> new file mode 100644
> index 00..7abc61c41a
> --- /dev/null
> +++ b/package/libs/libunwind/patches/005-aarch64-sigset_t.patch
> @@ -0,0 +1,21 @@
> +diff --git a/include/libunwind-aarch64.h b/include/libunwind-aarch64.h
> +index 778b436..926fbbc 100644
> +--- a/include/libunwind-aarch64.h
> b/include/libunwind-aarch64.h
> +@@ -34,6 +34,7 @@ extern "C" {
> + #include
> + #include
> + #include
> ++#include
> +
> + #define UNW_TARGET aarch64
> + #define UNW_TARGET_AARCH64 1
> +@@ -192,7 +193,7
Re: [PATCH 3/3] treewide: switch to HTTPS by default
On Mon, 27 Jul 2020 at 17:03, Petr Štetiar wrote: > > Henrique de Moraes Holschuh [2020-07-24 13:02:30]: > > > On 24/07/2020 11:29, Petr Štetiar wrote: > > > As there is now WolfSSL included by default due to SAE/WPA3 we can > > > finally switch to TLS/SSL in other parts as well. > > > > > +DEFAULT_PACKAGES:= \ > > > + base-files libc libgcc busybox dropbear mtd uci opkg netifd \ > > > + fstools uclient-fetch logd urandom-seed urngd libustream-wolfssl \ > > > + ca-certificates > > > > Can we fix anything that requires ca-bundle and consider that a bug that > > blocks new packages from being accepted? Because ca-certificates + > > ca-bundle on the same system is really awful FLASH-wise. > > > > Alternatively, fix anything that requires ca-certificates and keep > > ca-bundle. The issue is not which one is used (IMHO): as far as I am > > concerned, either one is fine as long as we never need *both* at the same > > time. > > I've looked at it and it seems to me, that ca-bundle makes more sense. It's > smaller and already used in curl and in hostapd for EAP (both having hardcoded > path to the ca-bundle file). > > Those packages are using ca-certificates: > > admin/openwisp-config > devel/asu > multimedia/youtube-dl > net/esniper > net/gnunet > net/inadyn > utils/docker-ce > > and those ca-bundle: > > libs/measurement-kit > mail/msmtp > net/acme > net/adblock > net/banip > net/dnscrypt-proxy2 > net/https-dns-proxy > net/lynx > net/netifyd > net/nextdns > net/noddos > utils/cache-domains > > So I assume you either install ca-certificates or add support for the > ca-bundle to the corresponding application in order to avoid wasting the flash > space. Libopenssl can work with both out of the box. Likely those packages specifying "ca-certificates" as a dependency can switch to "ca-bundle" seamlessly. On CentOS, "ca-certificates" actually only contains the bundle. Maybe we can also remove "ca-certificates" and patch out relevant code in openssl ;) ➜ ~ rpm -ql ca-certificates /etc/pki/ca-trust /etc/pki/ca-trust/README /etc/pki/ca-trust/ca-legacy.conf /etc/pki/ca-trust/extracted /etc/pki/ca-trust/extracted/README /etc/pki/ca-trust/extracted/java /etc/pki/ca-trust/extracted/java/README /etc/pki/ca-trust/extracted/java/cacerts /etc/pki/ca-trust/extracted/openssl /etc/pki/ca-trust/extracted/openssl/README /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt /etc/pki/ca-trust/extracted/pem /etc/pki/ca-trust/extracted/pem/README /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/pki/ca-trust/source /etc/pki/ca-trust/source/README /etc/pki/ca-trust/source/anchors /etc/pki/ca-trust/source/blacklist /etc/pki/ca-trust/source/ca-bundle.legacy.crt /etc/pki/java /etc/pki/java/cacerts /etc/pki/tls /etc/pki/tls/cert.pem /etc/pki/tls/certs /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.trust.crt /etc/ssl /etc/ssl/certs /usr/bin/ca-legacy /usr/bin/update-ca-trust /usr/share/doc/ca-certificates-2020.2.41/README /usr/share/man/man8/ca-legacy.8.gz /usr/share/man/man8/update-ca-trust.8.gz /usr/share/pki /usr/share/pki/ca-trust-legacy /usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt /usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt /usr/share/pki/ca-trust-source /usr/share/pki/ca-trust-source/README /usr/share/pki/ca-trust-source/anchors /usr/share/pki/ca-trust-source/blacklist /usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH v2 firewall3] zones: apply tcp mss clamping also on ingress path
On Fri, 24 Jul 2020 at 23:41, Baptiste Jonglez wrote: > > Hi, > > On 24-07-20, Yousong Zhou wrote: > > Fixes FS#3231 > > It looks like this bug also affects 18.06 and 19.07, so the fix should > probably be backported. > Done. For the record, i backported it as patch file and bumping PKG_RELEASE, instead of e.g. bumping PKG_SOURCE_VERSION. Regards, yousong > Baptiste > > > Signed-off-by: Yousong Zhou > > --- > > zones.c | 8 > > 1 file changed, 8 insertions(+) > > > > diff --git a/zones.c b/zones.c > > index 68b02ab..d45077a 100644 > > --- a/zones.c > > +++ b/zones.c > > @@ -580,6 +580,14 @@ print_interface_rule(struct fw3_ipt_handle *handle, > > struct fw3_state *state, > > fw3_ipt_rule_target(r, "TCPMSS"); > > fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", > > NULL); > > fw3_ipt_rule_replace(r, "FORWARD"); > > + > > + r = fw3_ipt_rule_create(handle, , dev, NULL, sub, > > NULL); > > + fw3_ipt_rule_addarg(r, false, "--tcp-flags", > > "SYN,RST"); > > + fw3_ipt_rule_addarg(r, false, "SYN", NULL); > > + fw3_ipt_rule_comment(r, "Zone %s MTU fixing", > > zone->name); > > + fw3_ipt_rule_target(r, "TCPMSS"); > > + fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", > > NULL); > > + fw3_ipt_rule_replace(r, "FORWARD"); > > } > > } > > else if (handle->table == FW3_TABLE_RAW) > > > > ___ > > openwrt-devel mailing list > > openwrt-devel@lists.openwrt.org > > https://lists.openwrt.org/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2 firewall3] zones: apply tcp mss clamping also on ingress path
Fixes FS#3231 Signed-off-by: Yousong Zhou --- zones.c | 8 1 file changed, 8 insertions(+) diff --git a/zones.c b/zones.c index 68b02ab..d45077a 100644 --- a/zones.c +++ b/zones.c @@ -580,6 +580,14 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state, fw3_ipt_rule_target(r, "TCPMSS"); fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", NULL); fw3_ipt_rule_replace(r, "FORWARD"); + + r = fw3_ipt_rule_create(handle, , dev, NULL, sub, NULL); + fw3_ipt_rule_addarg(r, false, "--tcp-flags", "SYN,RST"); + fw3_ipt_rule_addarg(r, false, "SYN", NULL); + fw3_ipt_rule_comment(r, "Zone %s MTU fixing", zone->name); + fw3_ipt_rule_target(r, "TCPMSS"); + fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", NULL); + fw3_ipt_rule_replace(r, "FORWARD"); } } else if (handle->table == FW3_TABLE_RAW) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH firewall3] zones: apply tcp mss clamping also on ingress path
Hi Jo, On Thu, 23 Jul 2020 at 14:31, Jo-Philipp Wich wrote: > > Hi Yousong, > > > On 7/23/20 6:05 AM, Yousong Zhou wrote: > > Fixes FS#3231 > > > > Signed-off-by: Yousong Zhou > > --- > > zones.c | 8 > > 1 file changed, 8 insertions(+) > > > > diff --git a/zones.c b/zones.c > > index 68b02ab..d5e756c 100644 > > --- a/zones.c > > +++ b/zones.c > > @@ -580,6 +580,14 @@ print_interface_rule(struct fw3_ipt_handle *handle, > > struct fw3_state *state, > > fw3_ipt_rule_target(r, "TCPMSS"); > > fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", > > NULL); > > fw3_ipt_rule_replace(r, "FORWARD"); > > + > > + r = fw3_ipt_rule_create(handle, , dev, NULL, > > NULL, sub); > > I think this should be > > r = fw3_ipt_rule_create(handle, , dev, NULL, sub, NULL); > > in order to turn -d subnet into -s subnet for the ingress rule. Indeed, now I know that fw zones can be further defined by network cidrs ;) Will send v2. Regards, yousong > > > ~ Jo > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH firewall3] zones: apply tcp mss clamping also on ingress path
Fixes FS#3231 Signed-off-by: Yousong Zhou --- zones.c | 8 1 file changed, 8 insertions(+) diff --git a/zones.c b/zones.c index 68b02ab..d5e756c 100644 --- a/zones.c +++ b/zones.c @@ -580,6 +580,14 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state, fw3_ipt_rule_target(r, "TCPMSS"); fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", NULL); fw3_ipt_rule_replace(r, "FORWARD"); + + r = fw3_ipt_rule_create(handle, , dev, NULL, NULL, sub); + fw3_ipt_rule_addarg(r, false, "--tcp-flags", "SYN,RST"); + fw3_ipt_rule_addarg(r, false, "SYN", NULL); + fw3_ipt_rule_comment(r, "Zone %s MTU fixing", zone->name); + fw3_ipt_rule_target(r, "TCPMSS"); + fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", NULL); + fw3_ipt_rule_replace(r, "FORWARD"); } } else if (handle->table == FW3_TABLE_RAW) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH 1/1] firewall3: add --contiguous to time-based rules where needed
On Wed, 13 May 2020 at 00:39, Philip Prindeville wrote: > > > > > On May 12, 2020, at 7:08 AM, Yousong Zhou wrote: > > > > On Sat, 2 May 2020 at 03:21, Philip Prindeville > > wrote: > >> > >> From: Philip Prindeville > >> > >> If the start_time > stop_time on a rule, then the --contiguous arg > >> should be included in the rule. > > > > It seems that start_time >= stop_time has its defined meaning in > > xt_time module. Better add another uci option for this --contiguous > > flag. > > > > Regards, > >yousong > > > Sorry, not following. What would that UCI option look like? > > From iptables-extensions: > >time >This matches if the packet arrival time/date is within a given range. >All options are optional, but are ANDed when specified. All times are >interpreted as UTC by default. > >--datestart [-MM[-DD[Thh[:mm[:ss] > >--datestop [-MM[-DD[Thh[:mm[:ss] > Only match during the given time, which must be in ISO 8601 "T" > notation. The possible time range is 1970-01-01T00:00:00 to > 2038-01-19T04:17:07. > > If --datestart or --datestop are not specified, it will default > to 1970-01-01 and 2038-01-19, respectively. > >--timestart hh:mm[:ss] > >--timestop hh:mm[:ss] > Only match during the given daytime. The possible time range is > 00:00:00 to 23:59:59. Leading zeroes are allowed (e.g. "06:03") > and correctly interpreted as base-10. > >[!] --monthdays day[,day...] > Only match on the given days of the month. Possible values are 1 > to 31. Note that specifying 31 will of course not match on > months which do not have a 31st day; the same goes for 28- or > 29-day February. > >[!] --weekdays day[,day...] > Only match on the given weekdays. Possible values are Mon, Tue, > Wed, Thu, Fri, Sat, Sun, or values from 1 to 7, respectively. > You may also use two-character variants (Mo, Tu, etc.). > >--contiguous > When --timestop is smaller than --timestart value, match this as > a single time period instead distinct intervals. See EXAMPLES. > >--kerneltz > Use the kernel timezone instead of UTC to determine whether a > packet meets the time regulations. > >About kernel timezones: Linux keeps the system time in UTC, and always >does so. On boot, system time is initialized from a referential time >source. Where this time source has no timezone information, such as the >x86 CMOS RTC, UTC will be assumed. If the time source is however not in >UTC, userspace should provide the correct system time and timezone to >the kernel once it has the information. > >Local time is a feature on top of the (timezone independent) system >time. Each process has its own idea of local time, specified via the TZ >environment variable. The kernel also has its own timezone offset vari‐ >able. The TZ userspace environment variable specifies how the UTC-based >system time is displayed, e.g. when you run date(1), or what you see on >your desktop clock. The TZ string may resolve to different offsets at >different dates, which is what enables the automatic time-jumping in >userspace. when DST changes. The kernel's timezone offset variable is >used when it has to convert between non-UTC sources, such as FAT >filesystems, to UTC (since the latter is what the rest of the system >uses). > >The caveat with the kernel timezone is that Linux distributions may >ignore to set the kernel timezone, and instead only set the system >time. Even if a particular distribution does set the timezone at boot, >it is usually does not keep the kernel timezone offset - which is what >changes on DST - up to date. ntpd will not touch the kernel timezone, >so running it will not resolve the issue. As such, one may encounter a >timezone that is always +, or one that is wrong half of the time of >the year. As such, using --kerneltz is highly discouraged. > >EXAMPLES. To match on weekends, use: > > -m time --weekdays Sa,Su > >Or, to match (once) on a national holiday block: > > -m time --da
Re: [OpenWrt-Devel] [PATCH 1/1] firewall3: add --contiguous to time-based rules where needed
On Sat, 2 May 2020 at 03:21, Philip Prindeville
wrote:
>
> From: Philip Prindeville
>
> If the start_time > stop_time on a rule, then the --contiguous arg
> should be included in the rule.
It seems that start_time >= stop_time has its defined meaning in
xt_time module. Better add another uci option for this --contiguous
flag.
Regards,
yousong
>
> Signed-off-by: Philip Prindeville
> ---
> iptables.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/iptables.c b/iptables.c
> index
> 559fe7defef3be85c4eb2934884caf549f932bc5..5c02e6e26c93468f4ef6a7f917069bb49985aad8
> 100644
> --- a/iptables.c
> +++ b/iptables.c
> @@ -1099,6 +1099,9 @@ fw3_ipt_rule_time(struct fw3_ipt_rule *r, struct
> fw3_time *time)
> fw3_ipt_rule_addarg(r, false, "--timestop", buf);
> }
>
> + if (time->timestart && time->timestop && time->timestart >
> time->timestop)
> + fw3_ipt_rule_addarg(r, false, "--contiguous", NULL);
> +
> if (time->monthdays & 0xFFFE)
> {
> for (i = 1, p = buf; i < 32; i++)
> --
> 2.17.2
>
>
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH v2] scripts: add docker-run-rootfs.sh
Hi Paul,
On Wed, 15 Apr 2020 at 08:40, Paul Spooren wrote:
>
> The script allows to run a OpenWrt x86/64 rootfs in no time. It is
> possible to access the web interface and SSH via 192.168.1.1.
>
> By using docker volume mounts you can easily share files/folders between
> container and host, allowing ot use hosts tools to work on files
> deployed in a running OpenWrt instance.
>
> Additional parameters (like volumes) are passed to the `docker create`
> command, an example for this below. When quiting the container via `C-d`
> a "teardown" removes the container + created network.
>
> ./scripts/docker-run-rootfs.sh \
> -v
> $(pwd)/package/base-files/files/bin/sysupgrade-online:/bin/sysupgrade-online \
> -v
> $(pwd)/package/base-files/files/lib/upgrade/online.sh:/lib/upgrade/online.sh
>
> Files and folders to share must be in 664 mode for "live" upgrades, see[0].
>
> Aditionally it is possible to define "NETWORK_PREFIX" like "192.168.2"
> (without final number) to change the created network the OpenWrt
> container uses as LAN. This is to avoid network trouble (like if the
> developer uses 192.168.1.x as upstream connection) or multiple container
> should run in parralllel.
>
> Network is disabled by default, enable it via --network or -n.
>
> Using --prebuild or -p will download the OpenWrt image from docker hub.
Maybe past tense "prebuilt" as option name is better.
>
> [0]:
> https://forums.docker.com/t/modify-a-file-which-mount-as-a-data-volume-but-it-didnt-change-in-container/2813/14
>
> Signed-off-by: Paul Spooren
> ---
> scripts/docker-run-rootfs.sh | 103 +++
> 1 file changed, 103 insertions(+)
> create mode 100644 scripts/docker-run-rootfs.sh
>
> diff --git a/scripts/docker-run-rootfs.sh b/scripts/docker-run-rootfs.sh
> new file mode 100644
> index 00..827ce37c61
> --- /dev/null
> +++ b/scripts/docker-run-rootfs.sh
> @@ -0,0 +1,103 @@
> +#!/bin/sh
> +# Copyright (C) 2020 Paul Spooren
> +
> +set -e
> +
> +SELF="$0"
> +ROOTFS_PATH="$(pwd)/bin/targets/x86/64/openwrt-x86-64-generic-rootfs.tar.gz"
> +NETWORK_ENABLE="${NETWORK_ENABLE:-0}"
> +NETWORK_PREFIX="${NETWORK_PREFIX:-192.168.1}"
> +IMAGE_NAME="openwrt-rootfs:$NETWORK_PREFIX"
> +NETWORK_NAME="none"
> +
> +die() {
> + echo "$1"
> + exit 1
> +}
> +
> +usage() {
> + cat >&2 < +Usage: $SELF [-h|--help]
> + $SELF
> + [--rootfs ]
> + [-n|--network]
> + [-p|--prebuild]
> +
> + allows to specifiy a different path for the rootfs.
> + enables network access based on
> +
> +A "NETWORK_PREFIX" like "192.168.2" (without final number) can be used to
> +change the created network the OpenWrt container uses as LAN. This is to
> avoid
> +network trouble (like if the developer uses 192.168.1.x as upstream
> connection)
> +or multiple container should run in parralllel.
> +
> + uses the official docker images openwrtorg/rootfs:latest
> + -> changes to are ignored
> +EOF
> +}
> +
> +parse_args() {
> + while [ "$#" -gt 0 ]; do
> + case "$1" in
> + --rootfs) ROOTFS_PATH="$2"; shift 2 ;;
> + --network|-n) NETWORK_ENABLE=1; shift ;;
> + --prebuild|-p) PREBUILD=1; shift ;;
> + --help|-h)
> + usage
> + exit 0
> + ;;
> + *)
> + DOCKER_EXTRA="$DOCKER_EXTRA $1"
> + shift
> + ;;
> + esac
> + done
> +}
> +
> +parse_args "$@"
> +
> +[ -f "$ROOTFS_PATH" ] || die "Couldn't find rootfs at $ROOTFS_PATH"
> +
> +if [ -z "$PREBUILD" ]; then
> + DOCKERFILE="$(mktemp -p $(dirname $ROOTFS_PATH))"
The "[ -f $ROOTFS_PATH" ]" check should only happen if we do not use
prebuilt image.
> + cat < "$DOCKERFILE"
> + FROM scratch
> + ADD $(basename $ROOTFS_PATH) /
> + RUN sed 's/pi_ip="192.168.1.1/pi_ip="$NETWORK_PREFIX.1"/'
> + RUN sed
> 's/pi_broadcast="192.168.1.255/pi_broadcast="$NETWORK_PREFIX.255"/'
> + RUN echo "console::askfirst:/usr/libexec/login.sh" >> /etc/inittab
> + EXPOSE 22 80 443
> + USER root
> + CMD ["/sbin/init"]
> +EOT
The formatting could be better with "<<-EOF", compraed to "< + docker build -t "$IMAGE_NAME" -f "$DOCKERFILE" "$(dirname
> $ROOTFS_PATH)"
> + rm "$DOCKERFILE"
> +else
> + IMAGE_NAME="openwrtorg/rootfs:latest"
> + docker pull "$IMAGE_NAME"
> +fi
> +
> +echo "[*] Build: $ROOTFS_PATH"
The message should only appear when we use prebuilt image. Better if
log messages were printed to stderr. The same applies to "die"
message
> +
> +if [ "$NETWORK_ENABLE" = 1 ]; then
> + NETWORK_NAME="openwrt-lan-$NETWORK_PREFIX"
> + LAN_IP="$NETWORK_PREFIX.1"
> + if [ -z "$(docker network ls | grep $NETWORK_NAME)" ]; then
"docker
Re: [OpenWrt-Devel] [PATCH] generic: mips: exclude more dsemul code when fpu-emu is not enabled
On Mon, 30 Mar 2020 at 07:17, Rosen Penev wrote: > > On Sun, Mar 29, 2020 at 8:34 AM Hauke Mehrtens wrote: > > > > On 3/27/20 5:28 AM, Yousong Zhou wrote: > > > The patch is backported from mips-next. In addition to minor reduction > > > of code size and runtime memory use, the more apparent difference is > > > that the delay slot emulation page will not be present for those targets > > > with fpu emulation disabled (CONFIG_MIPS_FP_SUPPORT=n) > > > > > > Memory maps of busybox before and after this change > > > > > > root@OpenWrt:/# cat /proc/self/maps > > > 0040-00449000 r-xp 00:02 23 /bin/busybox > > > 00458000-00459000 r-xp 00048000 00:02 23 /bin/busybox > > > 00459000-0045a000 rwxp 00049000 00:02 23 /bin/busybox > > > 77dc-77de2000 r-xp 00:02 273/lib/libgcc_s.so.1 > > > 77de2000-77de3000 r-xp 00012000 00:02 273/lib/libgcc_s.so.1 > > > 77de3000-77de4000 rwxp 00013000 00:02 273/lib/libgcc_s.so.1 > > > 77de4000-77e7b000 r-xp 00:02 271/lib/libc.so > > > 77e8a000-77e8c000 rwxp 00096000 00:02 271/lib/libc.so > > > 77e8c000-77e8e000 rwxp 00:00 0 > > > 7fd86000-7fda7000 rw-p 00:00 0 [stack] > > > 7fefd000-7fefe000 r-xp 00:00 0 > > > 7ffe6000-7ffe7000 r--p 00:00 0 [vvar] > > > 7ffe7000-7ffe8000 r-xp 00:00 0 [vdso] > > > > > > root@OpenWrt:/# cat /proc/self/maps > > > 0040-00449000 r-xp 00:02 23 /bin/busybox > > > 00458000-00459000 r-xp 00048000 00:02 23 /bin/busybox > > > 00459000-0045a000 rwxp 00049000 00:02 23 /bin/busybox > > > 77d55000-77d77000 r-xp 00:02 274/lib/libgcc_s.so.1 > > > 77d77000-77d78000 r-xp 00012000 00:02 274/lib/libgcc_s.so.1 > > > 77d78000-77d79000 rwxp 00013000 00:02 274/lib/libgcc_s.so.1 > > > 77d79000-77e1 r-xp 00:02 272/lib/libc.so > > > 77e1f000-77e21000 rwxp 00096000 00:02 272/lib/libc.so > > > 77e21000-77e23000 rwxp 00:00 0 > > > 7fe23000-7fe44000 rw-p 00:00 0 [stack] > > > 7ff63000-7ff64000 r--p 00:00 0 [vvar] > > > 7ff64000-7ff65000 r-xp 00:00 0 [vdso] > > > > > > Signed-off-by: Yousong Zhou > > > > Acked-by: Hauke Mehrtens > Acked-by: Rosen Penev > > I have the previous version of this patch (taken from ldir's tree) in > my tree. Works great. Have not seen any problems. > > Applied to master branch. Thanks Regards, yousong ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] generic: mips: exclude more dsemul code when fpu-emu is not enabled
The patch is backported from mips-next. In addition to minor reduction
of code size and runtime memory use, the more apparent difference is
that the delay slot emulation page will not be present for those targets
with fpu emulation disabled (CONFIG_MIPS_FP_SUPPORT=n)
Memory maps of busybox before and after this change
root@OpenWrt:/# cat /proc/self/maps
0040-00449000 r-xp 00:02 23 /bin/busybox
00458000-00459000 r-xp 00048000 00:02 23 /bin/busybox
00459000-0045a000 rwxp 00049000 00:02 23 /bin/busybox
77dc-77de2000 r-xp 00:02 273/lib/libgcc_s.so.1
77de2000-77de3000 r-xp 00012000 00:02 273/lib/libgcc_s.so.1
77de3000-77de4000 rwxp 00013000 00:02 273/lib/libgcc_s.so.1
77de4000-77e7b000 r-xp 00:02 271/lib/libc.so
77e8a000-77e8c000 rwxp 00096000 00:02 271/lib/libc.so
77e8c000-77e8e000 rwxp 00:00 0
7fd86000-7fda7000 rw-p 00:00 0 [stack]
7fefd000-7fefe000 r-xp 00:00 0
7ffe6000-7ffe7000 r--p 00:00 0 [vvar]
7ffe7000-7ffe8000 r-xp 00:00 0 [vdso]
root@OpenWrt:/# cat /proc/self/maps
0040-00449000 r-xp 00:02 23 /bin/busybox
00458000-00459000 r-xp 00048000 00:02 23 /bin/busybox
00459000-0045a000 rwxp 00049000 00:02 23 /bin/busybox
77d55000-77d77000 r-xp 00:02 274/lib/libgcc_s.so.1
77d77000-77d78000 r-xp 00012000 00:02 274/lib/libgcc_s.so.1
77d78000-77d79000 rwxp 00013000 00:02 274/lib/libgcc_s.so.1
77d79000-77e1 r-xp 00:02 272/lib/libc.so
77e1f000-77e21000 rwxp 00096000 00:02 272/lib/libc.so
77e21000-77e23000 rwxp 00:00 0
7fe23000-7fe44000 rw-p 00:00 0 [stack]
7ff63000-7ff64000 r--p 00:00 0 [vvar]
7ff64000-7ff65000 r-xp 00:00 0 [vdso]
Signed-off-by: Yousong Zhou
---
...e-dsemul-code-when-CONFIG_MIPS_FP_SU.patch | 140 ++
1 file changed, 140 insertions(+)
create mode 100644
target/linux/generic/backport-5.4/300-MIPS-Exclude-more-dsemul-code-when-CONFIG_MIPS_FP_SU.patch
diff --git
a/target/linux/generic/backport-5.4/300-MIPS-Exclude-more-dsemul-code-when-CONFIG_MIPS_FP_SU.patch
b/target/linux/generic/backport-5.4/300-MIPS-Exclude-more-dsemul-code-when-CONFIG_MIPS_FP_SU.patch
new file mode 100644
index 00..1be051e1df
--- /dev/null
+++
b/target/linux/generic/backport-5.4/300-MIPS-Exclude-more-dsemul-code-when-CONFIG_MIPS_FP_SU.patch
@@ -0,0 +1,140 @@
+From d96c3157f9ca177727fbad960fcf6f52f145f471 Mon Sep 17 00:00:00 2001
+From: Yousong Zhou
+Date: Thu, 9 Jan 2020 11:33:19 +0800
+Subject: [PATCH] MIPS: Exclude more dsemul code when CONFIG_MIPS_FP_SUPPORT=n
+
+This furthers what commit 42b10815d559 ("MIPS: Don't compile math-emu
+when CONFIG_MIPS_FP_SUPPORT=n") has done
+
+Signed-off-by: Yousong Zhou
+---
+ arch/mips/include/asm/processor.h | 12 ++--
+ arch/mips/kernel/process.c| 10 --
+ arch/mips/kernel/vdso.c | 26 +++---
+ 3 files changed, 29 insertions(+), 19 deletions(-)
+
+diff --git a/arch/mips/include/asm/processor.h
b/arch/mips/include/asm/processor.h
+index 7619ad319400..813ba94d87bb 100644
+--- a/arch/mips/include/asm/processor.h
b/arch/mips/include/asm/processor.h
+@@ -253,13 +253,13 @@ struct thread_struct {
+ #ifdef CONFIG_MIPS_FP_SUPPORT
+ /* Saved fpu/fpu emulator stuff. */
+ struct mips_fpu_struct fpu FPU_ALIGN;
+-#endif
+ /* Assigned branch delay slot 'emulation' frame */
+ atomic_t bd_emu_frame;
+ /* PC of the branch from a branch delay slot 'emulation' */
+ unsigned long bd_emu_branch_pc;
+ /* PC to continue from following a branch delay slot 'emulation' */
+ unsigned long bd_emu_cont_pc;
++#endif
+ #ifdef CONFIG_MIPS_MT_FPAFF
+ /* Emulated instruction count */
+ unsigned long emulated_fp;
+@@ -302,7 +302,11 @@ struct thread_struct {
+ .fpr= {{{0,},},}, \
+ .fcr31 = 0,\
+ .msacsr = 0,\
+- },
++ }, \
++ /* Delay slot emulation */ \
++ .bd_emu_frame = ATOMIC_INIT(BD_EMUFRAME_NONE), \
++ .bd_emu_branch_pc = 0, \
++ .bd_emu_cont_pc = 0,
+ #else
+ # define FPU_INIT
+ #endif
+@@ -334,10 +338,6 @@ struct thread_struct {
+* FPU affinity state (null if not FPAFF) \
+*/ \
+ FPAFF_INIT \
+- /* Delay slot emulation */ \
+- .bd_emu_frame = ATOMIC_INIT(BD_EMUFRAME_NONE), \
+- .bd_emu_bra
Re: [OpenWrt-Devel] [PATCH] treewide: 5.4: move WATCHDOG_CORE symbol into generic
On Tue, 17 Mar 2020 at 17:01, Petr Štetiar wrote:
>
> WATCHDOG_CORE config symbol provides driver/framework for all watchdog
> timer drivers and gives them the /dev/watchdog interface (and later also
> the sysfs interface).
>
> WATCHDOG_CORE config symbol was changed from bool to tristate in v5.2
> via upstream commit 0d3e156399ec ("watchdog: Make watchdog core
> configurable as module").
>
> At least `kmod-hwmon-sch5627` fails to build due to missing `watchdog.ko`
> dependency, so its likely, that this config symbol is needed on all targets,
> thus move it into generic config.
How about this time we package it as a loadable kmod package. Likely
we can save a few bytes for situations where kmod-hwmon-sch5627 is not
used.
Regards,
yousong
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
