Re: [OpenWrt-Devel] [PATCH] firewall3: make reject types selectable by user

[Alin Năstac]

On Tue, Jul 3, 2018 at 11:32 PM Philip Prindeville
 wrote:
> > On Jul 3, 2018, at 3:22 PM, Alin Năstac  wrote:
> >
> > On Tue, Jul 3, 2018 at 6:39 PM Philip Prindeville
> >  wrote:
> >>
> >> Aren’t all inbound SYNs unsolicited by definition? Is there a danger of 
> >> reflection attacks?
> >
> > Not all inbound SYNs are unsolicited. Take for instance active mode
> > FTP transfers where the client resides on the LAN . In this case the
> > FTP data connection is initiated from the WAN, but it is solicited by
> > the FTP control connection initiated from the LAN.
> >
> > I don't think it matters that much what error code firewall returns
> > for these unsolicited  inbound SYNs, but this RFC makes
> > adm-prohibitited code a must.
>
> I would have thought that dropping them would be better, since it avoids 
> reflection attacks.

Whether you want to silently drop or reject unauthorized connection
attempts is a matter of local policy.

Besides, in order for a reflection attack against your LAN to succeed,
the source IP address of rejected packets must be part of the LAN
prefix. This can be easily prevented, either by enabling rpfilter or
just by adding a firewall rule when the LAN prefix is statically
allocated (the usual IPv4 case).

> >>> On Jul 2, 2018, at 9:29 AM, Alin Nastac  wrote:
> >>>
> >>> From: Alin Nastac 
> >>>
> >>> RFC 6092 recommends in section 3.3.1 that an IPv6 CPE must respond to
> >>> unsolicited inbound SYNs with an ICMPv6 Destination Unreachable error
> >>> code 1 (Communication with destination administratively prohibited).
> >>>
> >>> Signed-off-by: Alin Nastac 
> >>> ---
> >>> defaults.c | 21 -
> >>> options.h  |  2 ++
> >>> 2 files changed, 18 insertions(+), 5 deletions(-)
> >>>
> >>> diff --git a/defaults.c b/defaults.c
> >>> index 11fbf0d..6565ca2 100644
> >>> --- a/defaults.c
> >>> +++ b/defaults.c
> >>> @@ -41,6 +41,8 @@ const struct fw3_option fw3_flag_opts[] = {
> >>>   FW3_OPT("output",  target,   defaults, policy_output),
> >>>
> >>>   FW3_OPT("drop_invalid",bool, defaults, drop_invalid),
> >>> +FW3_OPT("tcp_reset_rejects",   bool, defaults, 
> >>> tcp_reset_rejects),
> >>> +FW3_OPT("admin_prohib_rejects",bool, defaults, 
> >>> admin_prohib_rejects),
> >>>
> >>>   FW3_OPT("syn_flood",   bool, defaults, syn_flood),
> >>>   FW3_OPT("synflood_protect",bool, defaults, syn_flood),
> >>> @@ -113,6 +115,7 @@ fw3_load_defaults(struct fw3_state *state, struct 
> >>> uci_package *p)
> >>>
> >>>   defs->syn_flood_rate.rate  = 25;
> >>>   defs->syn_flood_rate.burst = 50;
> >>> +defs->tcp_reset_rejects= true;
> >>>   defs->tcp_syncookies   = true;
> >>>   defs->tcp_window_scaling   = true;
> >>>   defs->custom_chains= true;
> >>> @@ -276,14 +279,22 @@ fw3_print_default_head_rules(struct fw3_ipt_handle 
> >>> *handle,
> >>>   fw3_ipt_rule_append(r, "INPUT");
> >>>   }
> >>>
> >>> -r = fw3_ipt_rule_create(handle, , NULL, NULL, NULL, NULL);
> >>> -fw3_ipt_rule_target(r, "REJECT");
> >>> -fw3_ipt_rule_addarg(r, false, "--reject-with", "tcp-reset");
> >>> -fw3_ipt_rule_append(r, "reject");
> >>> +if (defs->tcp_reset_rejects)
> >>> +{
> >>> +r = fw3_ipt_rule_create(handle, , NULL, NULL, NULL, 
> >>> NULL);
> >>> +fw3_ipt_rule_target(r, "REJECT");
> >>> +fw3_ipt_rule_addarg(r, false, "--reject-with", "tcp-reset");
> >>> +fw3_ipt_rule_append(r, "reject");
> >>> +}
> >>>
> >>>   r = fw3_ipt_rule_new(handle);
> >>>   fw3_ipt_rule_target(r, "REJECT");
> >>> -fw3_ipt_rule_addarg(r, false, "--reject-with", "port-unreach");
> >>> +fw3_ipt_rule_addarg(r, false, "--reject-with",
> >>> +defs->admin_prohib_rejects ?
> >>> +(handle->family == FW3_FAMILY_V6 ?
> >>> +"adm-prohibited" :
> >>> +"admin-prohib") :
> >>> +"port-unreach");
> >>>   fw3_ipt_rule_append(r, "reject");
> >>>
> >>>   break;
> >>> diff --git a/options.h b/options.h
> >>> index 08fecf6..e3ba99c 100644
> >>> --- a/options.h
> >>> +++ b/options.h
> >>> @@ -276,6 +276,8 @@ struct fw3_defaults
> >>>   enum fw3_flag policy_forward;
> >>>
> >>>   bool drop_invalid;
> >>> +bool tcp_reset_rejects;
> >>> +bool admin_prohib_rejects;
> >>>
> >>>   bool syn_flood;
> >>>   struct fw3_limit syn_flood_rate;
> >>> --
> >>> 2.7.4
> >>>
> >>>
> >>> ___
> >>> openwrt-devel mailing list
> >>> openwrt-devel@lists.openwrt.org
> >>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> >>
>

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 3/3 v2] net: dsa: Add Vitesse VSC73xx DSA router driver

[David Miller]

From: Linus Walleij 
Date: Sat, 30 Jun 2018 13:17:31 +0200

> This adds a DSA driver for:
> 
> Vitesse VSC7385 SparX-G5 5-port Integrated Gigabit Ethernet Switch
> Vitesse VSC7388 SparX-G8 8-port Integrated Gigabit Ethernet Switch
> Vitesse VSC7395 SparX-G5e 5+1-port Integrated Gigabit Ethernet Switch
> Vitesse VSC7398 SparX-G8e 8-port Integrated Gigabit Ethernet Switch
> 
> These switches have a built-in 8051 CPU and can download and execute
> firmware in this CPU. They can also be configured to use an external
> CPU handling the switch in a memory-mapped manner by connecting to
> that external CPU's memory bus.
> 
> This driver (currently) only takes control of the switch chip over
> SPI and configures it to route packages around when connected to a
> CPU port. The chip has embedded PHYs and VLAN support so we model it
> using DSA as a best fit so we can easily add VLAN support and maybe
> later also exploit the internal frame header to get more direct
> control over the switch.
> 
> The four built-in GPIO lines are exposed using a standard GPIO chip.
> 
> Signed-off-by: Linus Walleij 
> ---
> ChangeLog v1->v2:
> - Update .get_strings() and .get_sset_count() to match the signature
>   with the new argument for sset type.
> - Drop DSA trailer select from Kconfig.
> - Use MII_* namespace definitions instead of hard-coded hex
>   values and calls to read into the PHY: instead use the genphy
>   decoded link state already present in the phydev.
> - Drop extraneous port number check in .enable() and .disable(),
>   this should not happen.
> - Move the GPIO chip set-up into a separate function.
> - Add some missing static in front of a counter function.
> - Drop the bool flags in the state container, use some macros with
>   the chipid to identify model instead like IS_VSC739X().
> - Check phydev->interface() for configuring the CPU port into
>   RGMII mode.

Applied.

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 2/3 v2] net: phy: vitesse: Add support for VSC73xx

[David Miller]

From: Linus Walleij 
Date: Sat, 30 Jun 2018 13:17:30 +0200

> The VSC7385, VSC7388, VSC7395 and VSC7398 are integrated
> switch/router chips for 5+1 or 8-port switches/routers. When
> managed directly by Linux using DSA we need to do a special
> set-up "dance" on the PHY. Unfortunately these sequences
> switches the PHY to undocumented pages named 2a30 and 52b6
> and does undocumented things. It is described by these opaque
> sequences also in the reference manual. This is a best
> effort to integrate it anyways.
> 
> Reviewed-by: Florian Fainelli 
> Signed-off-by: Linus Walleij 
> ---
> ChangeLog v1->v2:
> - Drop  from an earlier iteration.
> - Implement an .config_aneg() routine that does nothing: the
>   imroved genphy_config_aneg() makes the device fail as of
>   v4.18-rc1 and the device seems to feel best like this: it
>   comes up in autonegotiation mode and we do not try to instruct
>   it.
> - Use some MII defines when reading/writing registers.
> - Collect Florian's ACK.

Applied.

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 1/3 v2] net: dsa: Add DT bindings for Vitesse VSC73xx switches

[David Miller]

From: Linus Walleij 
Date: Sat, 30 Jun 2018 13:17:29 +0200

> This adds the device tree bindings for the Vitesse VSC73xx
> switches. We also add the vendor name for Vitesse.
> 
> Cc: devicet...@vger.kernel.org
> Reviewed-by: Florian Fainelli 
> Signed-off-by: Linus Walleij 
> ---
> ChangeLog v1->v2:
> - Fix spelling error
> - Properly reference the GPIO bindings
> - Collect Florians ACK

Applied.

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] firewall3: make reject types selectable by user

[Philip Prindeville]

> On Jul 3, 2018, at 3:22 PM, Alin Năstac  wrote:
> 
> On Tue, Jul 3, 2018 at 6:39 PM Philip Prindeville
>  wrote:
>> 
>> Aren’t all inbound SYNs unsolicited by definition? Is there a danger of 
>> reflection attacks?
> 
> Not all inbound SYNs are unsolicited. Take for instance active mode
> FTP transfers where the client resides on the LAN . In this case the
> FTP data connection is initiated from the WAN, but it is solicited by
> the FTP control connection initiated from the LAN.
> 
> I don't think it matters that much what error code firewall returns
> for these unsolicited  inbound SYNs, but this RFC makes
> adm-prohibitited code a must.


I would have thought that dropping them would be better, since it avoids 
reflection attacks.

-Philip


> 
>> Sent from my iPhone
>>> On Jul 2, 2018, at 9:29 AM, Alin Nastac  wrote:
>>> 
>>> From: Alin Nastac 
>>> 
>>> RFC 6092 recommends in section 3.3.1 that an IPv6 CPE must respond to
>>> unsolicited inbound SYNs with an ICMPv6 Destination Unreachable error
>>> code 1 (Communication with destination administratively prohibited).
>>> 
>>> Signed-off-by: Alin Nastac 
>>> ---
>>> defaults.c | 21 -
>>> options.h  |  2 ++
>>> 2 files changed, 18 insertions(+), 5 deletions(-)
>>> 
>>> diff --git a/defaults.c b/defaults.c
>>> index 11fbf0d..6565ca2 100644
>>> --- a/defaults.c
>>> +++ b/defaults.c
>>> @@ -41,6 +41,8 @@ const struct fw3_option fw3_flag_opts[] = {
>>>   FW3_OPT("output",  target,   defaults, policy_output),
>>> 
>>>   FW3_OPT("drop_invalid",bool, defaults, drop_invalid),
>>> +FW3_OPT("tcp_reset_rejects",   bool, defaults, tcp_reset_rejects),
>>> +FW3_OPT("admin_prohib_rejects",bool, defaults, 
>>> admin_prohib_rejects),
>>> 
>>>   FW3_OPT("syn_flood",   bool, defaults, syn_flood),
>>>   FW3_OPT("synflood_protect",bool, defaults, syn_flood),
>>> @@ -113,6 +115,7 @@ fw3_load_defaults(struct fw3_state *state, struct 
>>> uci_package *p)
>>> 
>>>   defs->syn_flood_rate.rate  = 25;
>>>   defs->syn_flood_rate.burst = 50;
>>> +defs->tcp_reset_rejects= true;
>>>   defs->tcp_syncookies   = true;
>>>   defs->tcp_window_scaling   = true;
>>>   defs->custom_chains= true;
>>> @@ -276,14 +279,22 @@ fw3_print_default_head_rules(struct fw3_ipt_handle 
>>> *handle,
>>>   fw3_ipt_rule_append(r, "INPUT");
>>>   }
>>> 
>>> -r = fw3_ipt_rule_create(handle, , NULL, NULL, NULL, NULL);
>>> -fw3_ipt_rule_target(r, "REJECT");
>>> -fw3_ipt_rule_addarg(r, false, "--reject-with", "tcp-reset");
>>> -fw3_ipt_rule_append(r, "reject");
>>> +if (defs->tcp_reset_rejects)
>>> +{
>>> +r = fw3_ipt_rule_create(handle, , NULL, NULL, NULL, NULL);
>>> +fw3_ipt_rule_target(r, "REJECT");
>>> +fw3_ipt_rule_addarg(r, false, "--reject-with", "tcp-reset");
>>> +fw3_ipt_rule_append(r, "reject");
>>> +}
>>> 
>>>   r = fw3_ipt_rule_new(handle);
>>>   fw3_ipt_rule_target(r, "REJECT");
>>> -fw3_ipt_rule_addarg(r, false, "--reject-with", "port-unreach");
>>> +fw3_ipt_rule_addarg(r, false, "--reject-with",
>>> +defs->admin_prohib_rejects ?
>>> +(handle->family == FW3_FAMILY_V6 ?
>>> +"adm-prohibited" :
>>> +"admin-prohib") :
>>> +"port-unreach");
>>>   fw3_ipt_rule_append(r, "reject");
>>> 
>>>   break;
>>> diff --git a/options.h b/options.h
>>> index 08fecf6..e3ba99c 100644
>>> --- a/options.h
>>> +++ b/options.h
>>> @@ -276,6 +276,8 @@ struct fw3_defaults
>>>   enum fw3_flag policy_forward;
>>> 
>>>   bool drop_invalid;
>>> +bool tcp_reset_rejects;
>>> +bool admin_prohib_rejects;
>>> 
>>>   bool syn_flood;
>>>   struct fw3_limit syn_flood_rate;
>>> --
>>> 2.7.4
>>> 
>>> 
>>> ___
>>> openwrt-devel mailing list
>>> openwrt-devel@lists.openwrt.org
>>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>> 


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] firewall3: make reject types selectable by user

[Alin Năstac]

On Tue, Jul 3, 2018 at 6:39 PM Philip Prindeville
 wrote:
>
> Aren’t all inbound SYNs unsolicited by definition? Is there a danger of 
> reflection attacks?

Not all inbound SYNs are unsolicited. Take for instance active mode
FTP transfers where the client resides on the LAN . In this case the
FTP data connection is initiated from the WAN, but it is solicited by
the FTP control connection initiated from the LAN.

I don't think it matters that much what error code firewall returns
for these unsolicited  inbound SYNs, but this RFC makes
adm-prohibitited code a must.

> Sent from my iPhone
> > On Jul 2, 2018, at 9:29 AM, Alin Nastac  wrote:
> >
> > From: Alin Nastac 
> >
> > RFC 6092 recommends in section 3.3.1 that an IPv6 CPE must respond to
> > unsolicited inbound SYNs with an ICMPv6 Destination Unreachable error
> > code 1 (Communication with destination administratively prohibited).
> >
> > Signed-off-by: Alin Nastac 
> > ---
> > defaults.c | 21 -
> > options.h  |  2 ++
> > 2 files changed, 18 insertions(+), 5 deletions(-)
> >
> > diff --git a/defaults.c b/defaults.c
> > index 11fbf0d..6565ca2 100644
> > --- a/defaults.c
> > +++ b/defaults.c
> > @@ -41,6 +41,8 @@ const struct fw3_option fw3_flag_opts[] = {
> >FW3_OPT("output",  target,   defaults, policy_output),
> >
> >FW3_OPT("drop_invalid",bool, defaults, drop_invalid),
> > +FW3_OPT("tcp_reset_rejects",   bool, defaults, tcp_reset_rejects),
> > +FW3_OPT("admin_prohib_rejects",bool, defaults, 
> > admin_prohib_rejects),
> >
> >FW3_OPT("syn_flood",   bool, defaults, syn_flood),
> >FW3_OPT("synflood_protect",bool, defaults, syn_flood),
> > @@ -113,6 +115,7 @@ fw3_load_defaults(struct fw3_state *state, struct 
> > uci_package *p)
> >
> >defs->syn_flood_rate.rate  = 25;
> >defs->syn_flood_rate.burst = 50;
> > +defs->tcp_reset_rejects= true;
> >defs->tcp_syncookies   = true;
> >defs->tcp_window_scaling   = true;
> >defs->custom_chains= true;
> > @@ -276,14 +279,22 @@ fw3_print_default_head_rules(struct fw3_ipt_handle 
> > *handle,
> >fw3_ipt_rule_append(r, "INPUT");
> >}
> >
> > -r = fw3_ipt_rule_create(handle, , NULL, NULL, NULL, NULL);
> > -fw3_ipt_rule_target(r, "REJECT");
> > -fw3_ipt_rule_addarg(r, false, "--reject-with", "tcp-reset");
> > -fw3_ipt_rule_append(r, "reject");
> > +if (defs->tcp_reset_rejects)
> > +{
> > +r = fw3_ipt_rule_create(handle, , NULL, NULL, NULL, NULL);
> > +fw3_ipt_rule_target(r, "REJECT");
> > +fw3_ipt_rule_addarg(r, false, "--reject-with", "tcp-reset");
> > +fw3_ipt_rule_append(r, "reject");
> > +}
> >
> >r = fw3_ipt_rule_new(handle);
> >fw3_ipt_rule_target(r, "REJECT");
> > -fw3_ipt_rule_addarg(r, false, "--reject-with", "port-unreach");
> > +fw3_ipt_rule_addarg(r, false, "--reject-with",
> > +defs->admin_prohib_rejects ?
> > +(handle->family == FW3_FAMILY_V6 ?
> > +"adm-prohibited" :
> > +"admin-prohib") :
> > +"port-unreach");
> >fw3_ipt_rule_append(r, "reject");
> >
> >break;
> > diff --git a/options.h b/options.h
> > index 08fecf6..e3ba99c 100644
> > --- a/options.h
> > +++ b/options.h
> > @@ -276,6 +276,8 @@ struct fw3_defaults
> >enum fw3_flag policy_forward;
> >
> >bool drop_invalid;
> > +bool tcp_reset_rejects;
> > +bool admin_prohib_rejects;
> >
> >bool syn_flood;
> >struct fw3_limit syn_flood_rate;
> > --
> > 2.7.4
> >
> >
> > ___
> > openwrt-devel mailing list
> > openwrt-devel@lists.openwrt.org
> > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] Fwd: Issues porting 5.28.0 to Openwrt

[Philip Prindeville]

Anyone got any insight into this one?

One of the characteristics of Perl versus other OpenWrt projects is each new 
version is guaranteed to break in an entirely different way you’ve never seen 
before.

I’ve reached out to the Storable author but haven’t heard back yet.

Maybe someone in the community has an idea that’s not occurred to me?

Thanks.



> Begin forwarded message:
> 
> From: Philip Prindeville 
> Subject: Re: Issues porting 5.28.0 to Openwrt
> Date: July 1, 2018 at 10:07:09 PM MDT
> To: Karl Williamson 
> Cc: perl5-port...@perl.org
> 
> 
> 
>> On Jul 1, 2018, at 7:26 PM, Karl Williamson  wrote:
>> 
>> On 07/01/2018 03:12 PM, Philip Prindeville wrote:
>>> Hi.
>>> I’m one of the two maintainers for Perl on Openwrt.
>>> I’m trying to update to 5.28.0, and encountered a couple of issues, and 
>>> sent some patches for those issues a little while ago.
>>> But even with those changes, plus the updates here:
>>> https://github.com/openwrt/packages/compare/master...pprindeville:perl-5.28.0
>>> I’m still seeing the following breakage:
>> 
>> I'm thinking if you try the latest blead, as of 
>> d36adde059ed1c4f7af210b4f9fc3a7bd2d7d343
>> these problems will disappear.
> 
> 
> Hi Karl,
> 
> Alas, we’re required to stick to numbered releases, even if patched.
> 
> But I captured the patch you mentioned, applied it, and now things are 
> building.
> 
> Since we’re cross building, will build a host miniperl, and that use that 
> during the target build phases.
> 
> Getting a little further.
> 
> Now I’m seeing:
> 
> cd dist/Storable ; 
> LD_LIBRARY_PATH=/home/philipp/lede/build_dir/target-x86_64_musl/perl/perl-5.28.0
>  make lib/Storable/Limit.pm
> make[4]: Entering directory 
> '/home/philipp/lede/build_dir/target-x86_64_musl/perl/perl-5.28.0/dist/Storable'
> /home/philipp/lede/build_dir/target-x86_64_musl/perl/perl-5.28.0/dist/Storable/../../../../../../staging_dir/hostpkg/usr/bin/perl
>  "-I../../lib" -MExtUtils::Command -e 'mkpath' -- ../../lib
> "../../../../../../staging_dir/hostpkg/usr/bin/perl" "-I../../lib" 
> "-I../../lib" stacksize --core
> Should not run during miniperl
> Makefile:283: recipe for target 'lib/Storable/Limit.pm' failed
> make[4]: *** [lib/Storable/Limit.pm] Error 255
> make[4]: Leaving directory 
> '/home/philipp/lede/build_dir/target-x86_64_musl/perl/perl-5.28.0/dist/Storable'
> Makefile:446: recipe for target 'dist/Storable/lib/Storable/Limit.pm' failed
> make[3]: *** [dist/Storable/lib/Storable/Limit.pm] Error 2
> 
> I’ll dig at this more tomorrow.
> 
> Thanks for helping me get past the compilation issues.
> 
> -Philip
> 
> 
>> 
>> This should also make your first patch moot.
>>> [snip]

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 1/2] Introduce new interface event "create" (IFEV_CREATE)

[Hans Dedecker]

On Tue, Jul 3, 2018 at 7:26 PM Paul Oranje  wrote:
>
> Curious: what purposes or use-cases are intended to be served with this event 
> ?
Please don't top post

The interface event IFEV_CREATE can be used by external applications
or netifd internal subsystems to trigger specific logic when an
interface is created; patch http://patchwork.ozlabs.org/patch/937167/
makes use of this event

Hans
>
>
> > Op 29 jun. 2018, om 16:14 heeft Hans Dedecker  het 
> > volgende geschreven:
> >
> > On Fri, Jun 29, 2018 at 5:23 AM Alexander Couzens  wrote:
> >>
> >> "create" will be called before the proto handlers initialised.
> > Acked-by: Hans Dedecker 
> >> ---
> >> interface-event.c | 1 +
> >> interface.c   | 1 +
> >> interface.h   | 2 ++
> >> 3 files changed, 4 insertions(+)
> >> diff --git a/interface-event.c b/interface-event.c
> >> index 86e8f5488da8..a40f6dc883d3 100644
> >> --- a/interface-event.c
> >> +++ b/interface-event.c
> >> @@ -38,6 +38,7 @@ static const char * const eventnames[] = {
> >>[IFEV_FREE] = "free",
> >>[IFEV_RELOAD] = "reload",
> >>[IFEV_LINK_UP] = "iflink",
> >> +   [IFEV_CREATE] = "create",
> >> };
> >>
> >> static void
> >> diff --git a/interface.c b/interface.c
> >> index 2a23984922a1..400c605efc0c 100644
> >> --- a/interface.c
> >> +++ b/interface.c
> >> @@ -1275,6 +1275,7 @@ interface_update(struct vlist_tree *tree, struct 
> >> vlist_node *node_new,
> >>set_config_state(if_old, IFC_REMOVE);
> >>} else if (node_new) {
> >>D(INTERFACE, "Create interface '%s'\n", if_new->name);
> >> +   interface_event(if_new, IFEV_CREATE);
> >>proto_init_interface(if_new, if_new->config);
> >>interface_claim_device(if_new);
> >>netifd_ubus_add_interface(if_new);
> >> diff --git a/interface.h b/interface.h
> >> index 0e58f69c26e0..e5639eb326cd 100644
> >> --- a/interface.h
> >> +++ b/interface.h
> >> @@ -28,6 +28,8 @@ enum interface_event {
> >>IFEV_FREE,
> >>IFEV_RELOAD,
> >>IFEV_LINK_UP,
> >> +   /* send when a new interface created. This is before proto 
> >> handlers has been attached. */
> >> +   IFEV_CREATE,
> >> };
> >>
> >> enum interface_state {
> >> --
> >> 2.18.0
> >>
> >
> > ___
> > openwrt-devel mailing list
> > openwrt-devel@lists.openwrt.org
> > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 1/2] Introduce new interface event "create" (IFEV_CREATE)

[Paul Oranje]

Curious: what purposes or use-cases are intended to be served with this event ?


> Op 29 jun. 2018, om 16:14 heeft Hans Dedecker  het 
> volgende geschreven:
> 
> On Fri, Jun 29, 2018 at 5:23 AM Alexander Couzens  wrote:
>> 
>> "create" will be called before the proto handlers initialised.
> Acked-by: Hans Dedecker 
>> ---
>> interface-event.c | 1 +
>> interface.c   | 1 +
>> interface.h   | 2 ++
>> 3 files changed, 4 insertions(+)
>> 
>> diff --git a/interface-event.c b/interface-event.c
>> index 86e8f5488da8..a40f6dc883d3 100644
>> --- a/interface-event.c
>> +++ b/interface-event.c
>> @@ -38,6 +38,7 @@ static const char * const eventnames[] = {
>>[IFEV_FREE] = "free",
>>[IFEV_RELOAD] = "reload",
>>[IFEV_LINK_UP] = "iflink",
>> +   [IFEV_CREATE] = "create",
>> };
>> 
>> static void
>> diff --git a/interface.c b/interface.c
>> index 2a23984922a1..400c605efc0c 100644
>> --- a/interface.c
>> +++ b/interface.c
>> @@ -1275,6 +1275,7 @@ interface_update(struct vlist_tree *tree, struct 
>> vlist_node *node_new,
>>set_config_state(if_old, IFC_REMOVE);
>>} else if (node_new) {
>>D(INTERFACE, "Create interface '%s'\n", if_new->name);
>> +   interface_event(if_new, IFEV_CREATE);
>>proto_init_interface(if_new, if_new->config);
>>interface_claim_device(if_new);
>>netifd_ubus_add_interface(if_new);
>> diff --git a/interface.h b/interface.h
>> index 0e58f69c26e0..e5639eb326cd 100644
>> --- a/interface.h
>> +++ b/interface.h
>> @@ -28,6 +28,8 @@ enum interface_event {
>>IFEV_FREE,
>>IFEV_RELOAD,
>>IFEV_LINK_UP,
>> +   /* send when a new interface created. This is before proto handlers 
>> has been attached. */
>> +   IFEV_CREATE,
>> };
>> 
>> enum interface_state {
>> --
>> 2.18.0
>> 
> 
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] firewall3: make reject types selectable by user

[Philip Prindeville]

Aren’t all inbound SYNs unsolicited by definition? Is there a danger of 
reflection attacks?



Sent from my iPhone
> On Jul 2, 2018, at 9:29 AM, Alin Nastac  wrote:
> 
> From: Alin Nastac 
> 
> RFC 6092 recommends in section 3.3.1 that an IPv6 CPE must respond to
> unsolicited inbound SYNs with an ICMPv6 Destination Unreachable error
> code 1 (Communication with destination administratively prohibited).
> 
> Signed-off-by: Alin Nastac 
> ---
> defaults.c | 21 -
> options.h  |  2 ++
> 2 files changed, 18 insertions(+), 5 deletions(-)
> 
> diff --git a/defaults.c b/defaults.c
> index 11fbf0d..6565ca2 100644
> --- a/defaults.c
> +++ b/defaults.c
> @@ -41,6 +41,8 @@ const struct fw3_option fw3_flag_opts[] = {
>FW3_OPT("output",  target,   defaults, policy_output),
> 
>FW3_OPT("drop_invalid",bool, defaults, drop_invalid),
> +FW3_OPT("tcp_reset_rejects",   bool, defaults, tcp_reset_rejects),
> +FW3_OPT("admin_prohib_rejects",bool, defaults, admin_prohib_rejects),
> 
>FW3_OPT("syn_flood",   bool, defaults, syn_flood),
>FW3_OPT("synflood_protect",bool, defaults, syn_flood),
> @@ -113,6 +115,7 @@ fw3_load_defaults(struct fw3_state *state, struct 
> uci_package *p)
> 
>defs->syn_flood_rate.rate  = 25;
>defs->syn_flood_rate.burst = 50;
> +defs->tcp_reset_rejects= true;
>defs->tcp_syncookies   = true;
>defs->tcp_window_scaling   = true;
>defs->custom_chains= true;
> @@ -276,14 +279,22 @@ fw3_print_default_head_rules(struct fw3_ipt_handle 
> *handle,
>fw3_ipt_rule_append(r, "INPUT");
>}
> 
> -r = fw3_ipt_rule_create(handle, , NULL, NULL, NULL, NULL);
> -fw3_ipt_rule_target(r, "REJECT");
> -fw3_ipt_rule_addarg(r, false, "--reject-with", "tcp-reset");
> -fw3_ipt_rule_append(r, "reject");
> +if (defs->tcp_reset_rejects)
> +{
> +r = fw3_ipt_rule_create(handle, , NULL, NULL, NULL, NULL);
> +fw3_ipt_rule_target(r, "REJECT");
> +fw3_ipt_rule_addarg(r, false, "--reject-with", "tcp-reset");
> +fw3_ipt_rule_append(r, "reject");
> +}
> 
>r = fw3_ipt_rule_new(handle);
>fw3_ipt_rule_target(r, "REJECT");
> -fw3_ipt_rule_addarg(r, false, "--reject-with", "port-unreach");
> +fw3_ipt_rule_addarg(r, false, "--reject-with",
> +defs->admin_prohib_rejects ?
> +(handle->family == FW3_FAMILY_V6 ?
> +"adm-prohibited" :
> +"admin-prohib") :
> +"port-unreach");
>fw3_ipt_rule_append(r, "reject");
> 
>break;
> diff --git a/options.h b/options.h
> index 08fecf6..e3ba99c 100644
> --- a/options.h
> +++ b/options.h
> @@ -276,6 +276,8 @@ struct fw3_defaults
>enum fw3_flag policy_forward;
> 
>bool drop_invalid;
> +bool tcp_reset_rejects;
> +bool admin_prohib_rejects;
> 
>bool syn_flood;
>struct fw3_limit syn_flood_rate;
> -- 
> 2.7.4
> 
> 
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 2/2] iwinfo: nl80211: add survey.

[Daniel Danzberger]

Signed-off-by: Daniel Danzberger 
---
 include/iwinfo.h | 11 
 iwinfo_nl80211.c | 69 
 2 files changed, 80 insertions(+)

diff --git a/include/iwinfo.h b/include/iwinfo.h
index 4111205..49ee7f0 100644
--- a/include/iwinfo.h
+++ b/include/iwinfo.h
@@ -128,6 +128,16 @@ struct iwinfo_assoclist_entry {
uint32_t thr;
 };
 
+struct iwinfo_survey_entry {
+   uint64_t active_time;
+   uint64_t busy_time;
+   uint64_t busy_time_ext;
+   uint64_t rxtime;
+   uint64_t txtime;
+   uint32_t mhz;
+   uint8_t noise;
+};
+
 struct iwinfo_txpwrlist_entry {
uint8_t  dbm;
uint16_t mw;
@@ -223,6 +233,7 @@ struct iwinfo_ops {
int (*scanlist)(const char *, char *, int *);
int (*freqlist)(const char *, char *, int *);
int (*countrylist)(const char *, char *, int *);
+   int (*survey)(const char *, char *, int *);
int (*lookup_phy)(const char *, char *);
void (*close)(void);
 };
diff --git a/iwinfo_nl80211.c b/iwinfo_nl80211.c
index 0e0206b..71465b5 100644
--- a/iwinfo_nl80211.c
+++ b/iwinfo_nl80211.c
@@ -1678,6 +1678,59 @@ static void nl80211_parse_rateinfo(struct nlattr **ri,
re->is_40mhz = (re->mhz == 40);
 }
 
+static int nl80211_get_survey_cb(struct nl_msg *msg, void *arg)
+{
+   struct nl80211_array_buf *arr = arg;
+   struct iwinfo_survey_entry *e = arr->buf;
+   struct nlattr **attr = nl80211_parse(msg);
+   struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
+   int rc;
+
+   static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
+   [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
+   [NL80211_SURVEY_INFO_NOISE]  = { .type = NLA_U8 },
+   [NL80211_SURVEY_INFO_TIME] = { .type = NLA_U64   },
+   [NL80211_SURVEY_INFO_TIME_BUSY] = { .type = NLA_U64   },
+   [NL80211_SURVEY_INFO_TIME_EXT_BUSY] = { .type = NLA_U64   },
+   [NL80211_SURVEY_INFO_TIME_RX] = { .type = NLA_U64   },
+   [NL80211_SURVEY_INFO_TIME_TX] = { .type = NLA_U64   },
+   };
+
+   rc = nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
+   attr[NL80211_ATTR_SURVEY_INFO],
+   survey_policy);
+   if (rc)
+   return NL_SKIP;
+
+   /* advance to end of array */
+   e += arr->count;
+   memset(e, 0, sizeof(*e));
+
+   if (sinfo[NL80211_SURVEY_INFO_FREQUENCY])
+   e->mhz = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
+
+if (sinfo[NL80211_SURVEY_INFO_NOISE])
+   e->noise = nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
+
+if (sinfo[NL80211_SURVEY_INFO_TIME])
+   e->active_time = nla_get_u64(sinfo[NL80211_SURVEY_INFO_TIME]);
+
+if (sinfo[NL80211_SURVEY_INFO_TIME_BUSY])
+   e->busy_time = 
nla_get_u64(sinfo[NL80211_SURVEY_INFO_TIME_BUSY]);
+
+if (sinfo[NL80211_SURVEY_INFO_TIME_EXT_BUSY])
+e->busy_time_ext = 
nla_get_u64(sinfo[NL80211_SURVEY_INFO_TIME_EXT_BUSY]);
+
+if (sinfo[NL80211_SURVEY_INFO_TIME_RX])
+e->rxtime = nla_get_u64(sinfo[NL80211_SURVEY_INFO_TIME_RX]);
+
+if (sinfo[NL80211_SURVEY_INFO_TIME_TX])
+   e->txtime = nla_get_u64(sinfo[NL80211_SURVEY_INFO_TIME_TX]);
+
+   arr->count++;
+   return NL_SKIP;
+}
+
 static int nl80211_get_assoclist_cb(struct nl_msg *msg, void *arg)
 {
struct nl80211_array_buf *arr = arg;
@@ -1812,6 +1865,21 @@ static int nl80211_get_assoclist_cb(struct nl_msg *msg, 
void *arg)
return NL_SKIP;
 }
 
+static int nl80211_get_survey(const char *ifname, char *buf, int *len)
+{
+   struct nl80211_array_buf arr = { .buf = buf, .count = 0 };
+   int rc;
+
+   rc = nl80211_request(ifname, NL80211_CMD_GET_SURVEY,
+   NLM_F_DUMP, nl80211_get_survey_cb, );
+   if (!rc)
+   *len = (arr.count * sizeof(struct iwinfo_survey_entry));
+   else
+   *len = 0;
+
+   return 0;
+}
+
 static int nl80211_get_assoclist(const char *ifname, char *buf, int *len)
 {
DIR *d;
@@ -2862,6 +2930,7 @@ const struct iwinfo_ops nl80211_ops = {
.scanlist = nl80211_get_scanlist,
.freqlist = nl80211_get_freqlist,
.countrylist  = nl80211_get_countrylist,
+   .survey   = nl80211_get_survey,
.lookup_phy   = nl80211_lookup_phyname,
.close= nl80211_close
 };
-- 
2.18.0


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 0/2] iwinfo: Query more info from nl80211

[Daniel Danzberger]

The following 2 patches add some more stats to libiwinfo.
There is another patch for the rpcd iwinfo module that uses them.

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 1/2] iwinfo: nl80211: add more stats to assoclist.

[Daniel Danzberger]

+ NL80211_STA_INFO_SIGNAL_AVG
+ NL80211_STA_INFO_RX_DROP_MISC
+ NL80211_STA_INFO_CONNECTED_TIME

Signed-off-by: Daniel Danzberger 
---
 include/iwinfo.h |  3 +++
 iwinfo_nl80211.c | 12 
 2 files changed, 15 insertions(+)

diff --git a/include/iwinfo.h b/include/iwinfo.h
index 929f697..4111205 100644
--- a/include/iwinfo.h
+++ b/include/iwinfo.h
@@ -105,10 +105,13 @@ struct iwinfo_rate_entry {
 struct iwinfo_assoclist_entry {
uint8_t mac[6];
int8_t signal;
+   int8_t signal_avg;
int8_t noise;
uint32_t inactive;
+   uint32_t connected_time;
uint32_t rx_packets;
uint32_t tx_packets;
+   uint64_t rx_drop_misc;
struct iwinfo_rate_entry rx_rate;
struct iwinfo_rate_entry tx_rate;
uint32_t rx_bytes;
diff --git a/iwinfo_nl80211.c b/iwinfo_nl80211.c
index ecd2d6a..0e0206b 100644
--- a/iwinfo_nl80211.c
+++ b/iwinfo_nl80211.c
@@ -1694,10 +1694,13 @@ static int nl80211_get_assoclist_cb(struct nl_msg *msg, 
void *arg)
[NL80211_STA_INFO_RX_BITRATE]= { .type = NLA_NESTED },
[NL80211_STA_INFO_TX_BITRATE]= { .type = NLA_NESTED },
[NL80211_STA_INFO_SIGNAL]= { .type = NLA_U8 },
+   [NL80211_STA_INFO_SIGNAL_AVG]= { .type = NLA_U8 },
[NL80211_STA_INFO_RX_BYTES]  = { .type = NLA_U32},
[NL80211_STA_INFO_TX_BYTES]  = { .type = NLA_U32},
[NL80211_STA_INFO_TX_RETRIES]= { .type = NLA_U32},
[NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32},
+   [NL80211_STA_INFO_CONNECTED_TIME]= { .type = NLA_U32},
+   [NL80211_STA_INFO_RX_DROP_MISC]  = { .type = NLA_U64},
[NL80211_STA_INFO_T_OFFSET]  = { .type = NLA_U64},
[NL80211_STA_INFO_STA_FLAGS] =
{ .minlen = sizeof(struct nl80211_sta_flag_update) },
@@ -1725,9 +1728,15 @@ static int nl80211_get_assoclist_cb(struct nl_msg *msg, 
void *arg)
if (sinfo[NL80211_STA_INFO_SIGNAL])
e->signal = nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
 
+   if (sinfo[NL80211_STA_INFO_SIGNAL_AVG])
+   e->signal_avg = 
nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]);
+
if (sinfo[NL80211_STA_INFO_INACTIVE_TIME])
e->inactive = 
nla_get_u32(sinfo[NL80211_STA_INFO_INACTIVE_TIME]);
 
+   if (sinfo[NL80211_STA_INFO_CONNECTED_TIME])
+   e->connected_time = 
nla_get_u32(sinfo[NL80211_STA_INFO_CONNECTED_TIME]);
+
if (sinfo[NL80211_STA_INFO_RX_PACKETS])
e->rx_packets = 
nla_get_u32(sinfo[NL80211_STA_INFO_RX_PACKETS]);
 
@@ -1759,6 +1768,9 @@ static int nl80211_get_assoclist_cb(struct nl_msg *msg, 
void *arg)
if (sinfo[NL80211_STA_INFO_T_OFFSET])
e->t_offset = 
nla_get_u64(sinfo[NL80211_STA_INFO_T_OFFSET]);
 
+   if (sinfo[NL80211_STA_INFO_RX_DROP_MISC])
+   e->rx_drop_misc = 
nla_get_u64(sinfo[NL80211_STA_INFO_RX_DROP_MISC]);
+
if (sinfo[NL80211_STA_INFO_EXPECTED_THROUGHPUT])
e->thr = 
nla_get_u32(sinfo[NL80211_STA_INFO_EXPECTED_THROUGHPUT]);
 
-- 
2.18.0


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] Recursive dependency in Luci?

[Koen Vandeputte]

Hi Jo,

Since this morning, there seems to be a recursive dependency present.
Judging by the output and the changes in Luci repo, I suspect the source 
is one of your latest commits?



tmp/.config-package.in:57794:error: recursive dependency detected!
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:57794:    symbol PACKAGE_iptables is selected by 
PACKAGE_sqm-scripts

For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:994:    symbol PACKAGE_sqm-scripts is selected by 
PACKAGE_luci-app-sqm

For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:41648:    symbol PACKAGE_luci-app-sqm depends on 
PACKAGE_luci-base

For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:40611:    symbol PACKAGE_luci-base is selected by 
PACKAGE_luci-lib-json

For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:42122:    symbol PACKAGE_luci-lib-json is 
selected by PACKAGE_luci-app-olsr

For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:41392:    symbol PACKAGE_luci-app-olsr is 
selected by PACKAGE_luci-mod-freifunk-community

For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:40773:    symbol 
PACKAGE_luci-mod-freifunk-community depends on PACKAGE_iptables

#



Any idea?


Thanks,

Koen


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 4/4] download.mk: enable DownloadMethod/github_archive

[Yousong Zhou]

Signed-off-by: Yousong Zhou 
---
 include/download.mk | 22 ++
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/include/download.mk b/include/download.mk
index 3851f6c98a..d09ffab579 100644
--- a/include/download.mk
+++ b/include/download.mk
@@ -19,17 +19,23 @@ endif
 
 DOWNLOAD_RDEP=$(STAMP_PREPARED) $(HOST_STAMP_PREPARED)
 
+define dl_method_git
+$(if $(filter git://github.com/% https://github.com/%,$(1)),github_archive,git)
+endef
+
 # Try to guess the download method from the URL
 define dl_method
 $(strip \
-  $(if $(2),$(2), \
-$(if $(filter @APACHE/% @GITHUB/% @GNOME/% @GNU/% @KERNEL/% @SF/% 
@SAVANNAH/% ftp://% http://% https://% file://%,$(1)),default, \
-  $(if $(filter git://%,$(1)),git, \
-$(if $(filter svn://%,$(1)),svn, \
-  $(if $(filter cvs://%,$(1)),cvs, \
-$(if $(filter hg://%,$(1)),hg, \
-  $(if $(filter sftp://%,$(1)),bzr, \
-unknown \
+  $(if $(filter git,$(2)),$(call dl_method_git,$(1),$(2)),
+$(if $(2),$(2), \
+  $(if $(filter @APACHE/% @GITHUB/% @GNOME/% @GNU/% @KERNEL/% @SF/% 
@SAVANNAH/% ftp://% http://% https://% file://%,$(1)),default, \
+$(if $(filter git://%,$(1)),$(call dl_method_git,$(1),$(2)), \
+  $(if $(filter svn://%,$(1)),svn, \
+$(if $(filter cvs://%,$(1)),cvs, \
+  $(if $(filter hg://%,$(1)),hg, \
+$(if $(filter sftp://%,$(1)),bzr, \
+  unknown \
+) \
   ) \
 ) \
   ) \

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 1/4] fixup-makefile.pl: fixup when PKG_SOURCE is defined elsewhere

[Yousong Zhou]

Signed-off-by: Yousong Zhou 
---
 scripts/fixup-makefile.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/fixup-makefile.pl b/scripts/fixup-makefile.pl
index 9026ddcce4..b6f1c74738 100755
--- a/scripts/fixup-makefile.pl
+++ b/scripts/fixup-makefile.pl
@@ -26,7 +26,7 @@ sub set_var($) {
$state{related_var} = "URL";
} else {
$state{context} = 1;
-   $state{related_var} = "PKG_SOURCE";
+   $state{related_var} = "PKG_SOURCE_URL";
}
 }
 

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 3/4] scripts/dl_github_archive.py: rename from download.py

[Yousong Zhou]

 - Make the code more GitHub-specific
 - Requires mirror hash to work with .gitattributes
 - Use different API depending on whether PKG_SOURCE_VERSION is a
   complete commit id or other ref types like tags
 - Fix removing symbolic link
 - pre-clean dir_untar for possible leftovers from previous run

Signed-off-by: Yousong Zhou 
---
 include/download.mk   |   8 +-
 scripts/{download.py => dl_github_archive.py} | 241 +-
 2 files changed, 127 insertions(+), 122 deletions(-)
 rename scripts/{download.py => dl_github_archive.py} (64%)

diff --git a/include/download.mk b/include/download.mk
index 5cfc542042..3851f6c98a 100644
--- a/include/download.mk
+++ b/include/download.mk
@@ -176,15 +176,15 @@ define DownloadMethod/git
)
 endef
 
-define DownloadMethod/github-tarball
+define DownloadMethod/github_archive
$(call wrap_mirror,$(1),$(2), \
-   $(SCRIPT_DIR)/download.py dl \
+   $(SCRIPT_DIR)/dl_github_archive.py \
--dl-dir="$(DL_DIR)" \
-   --url $(foreach url,$(URL),"$(url)") \
-   --proto="$(PROTO)" \
+   --url="$(URL)" \
--version="$(VERSION)" \
--subdir="$(SUBDIR)" \
--source="$(FILE)" \
+   --hash="$(MIRROR_HASH)" \
|| ( $(call DownloadMethod/git-raw) ); \
)
 endef
diff --git a/scripts/download.py b/scripts/dl_github_archive.py
similarity index 64%
rename from scripts/download.py
rename to scripts/dl_github_archive.py
index 779d7b3de2..5a5a016e37 100755
--- a/scripts/download.py
+++ b/scripts/dl_github_archive.py
@@ -10,6 +10,7 @@ import calendar
 import datetime
 import errno
 import fcntl
+import hashlib
 import json
 import os
 import os.path
@@ -23,26 +24,31 @@ import urllib2
 
 TMPDIR = os.environ.get('TMP_DIR') or '/tmp'
 TMPDIR_DL = os.path.join(TMPDIR, 'dl')
-DOWNLOAD_METHODS = []
+
 
 class PathException(Exception): pass
-class DownloadException(Exception): pass
+class DownloadGitHubError(Exception): pass
 
 
 class Path(object):
 """Context class for preparing and cleaning up directories.
 
+If ```preclean` is ``False``, ``path`` will NOT be removed on context enter
+
 If ``path`` ``isdir``, then it will be created on context enter.
 
 If ``keep`` is True, then ``path`` will NOT be removed on context exit
 """
 
-def __init__(self, path, isdir=True, keep=False):
+def __init__(self, path, isdir=True, preclean=False, keep=False):
 self.path = path
 self.isdir = isdir
+self.preclean = preclean
 self.keep = keep
 
 def __enter__(self):
+if self.preclean:
+self.rm_all(self.path)
 if self.isdir:
 self.mkdir_all(self.path)
 return self
@@ -61,14 +67,11 @@ class Path(object):
 Path._mkdir(p)
 
 @staticmethod
-def _rmdir_all(dir_):
+def _rmdir_dir(dir_):
 names = Path._listdir(dir_)
 for name in names:
 p = os.path.join(dir_, name)
-if os.path.isdir(p):
-Path._rmdir_all(p)
-else:
-Path._remove(p)
+Path.rm_all(p)
 Path._rmdir(dir_)
 
 @staticmethod
@@ -105,8 +108,10 @@ class Path(object):
 @staticmethod
 def rm_all(path):
 """Same as rm -r."""
-if os.path.isdir(path):
-Path._rmdir_all(path)
+if os.path.islink(path):
+Path._remove(path)
+elif os.path.isdir(path):
+Path._rmdir_dir(path)
 else:
 Path._remove(path)
 
@@ -201,60 +206,47 @@ class GitHubCommitTsCache(object):
 fout.write(line)
 
 
-class DownloadMethod(object):
-"""Base class of all download method."""
+class DownloadGitHubTarball(object):
+"""Download and repack archive tarabll from GitHub.
 
-def __init__(self, args):
-self.args = args
-self.urls = args.urls
-self.url = self.urls[0]
-self.dl_dir = args.dl_dir
+Compared with the method of packing after cloning the whole repo, this
+method is more friendly to users with fragile internet connection.
 
-@classmethod
-def resolve(cls, args):
-"""Resolve download method to use.
+However, there are limitations with this method
 
-return instance of subclass of DownloadMethod
-"""
-for c in DOWNLOAD_METHODS:
-if c.match(args):
-return c(args)
+ - GitHub imposes a 60 reqs/hour limit for unauthenticated API access.
+   This affects fetching commit date for reproducible tarballs.  Download
+   through the archive link is not affected.
 
-@staticmethod
-def match(args):
-"""Return True if it can do the download."""
-return NotImplemented
+ - GitHub archives do not contain source codes for submodules.
 
-def 

[OpenWrt-Devel] [PATCH 2/4] download.mk: add more comments

[Yousong Zhou]

Signed-off-by: Yousong Zhou 
---
 include/download.mk | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/include/download.mk b/include/download.mk
index 3634e777c9..5cfc542042 100644
--- a/include/download.mk
+++ b/include/download.mk
@@ -59,7 +59,7 @@ check_escape=$(subst ','\'',$(1))
 # $(1): suffix of the F_, C_ variables, e.g. hash_deprecated, hash_mismatch, 
etc.
 # $(2): filename
 # $(3): expected hash value
-# $(4): hash var name: MD5SUM, HASH
+# $(4): var name of the the form: 
{PKG_,Download/:}{,MIRROR_}{HASH,MIRROR_HASH}
 check_warn_nofix = $(info $(shell printf "$(_R)WARNING: %s$(_N)" '$(call 
check_escape,$(call C_$(1),$(2),$(3),$(4)))'))
 ifndef FIXUP
   check_warn = $(check_warn_nofix)
@@ -77,12 +77,15 @@ endif
 
 # $(1): filename
 # $(2): expected hash value
-# $(3): hash var name: MD5SUM, HASH
+# $(3): var name of the the form: 
{PKG_,Download/:}{,MIRROR_}{HASH,MIRROR_HASH}
 C_download_missing = $(1) is missing, please run make download before 
re-running this check
 C_hash_mismatch = $(3) does not match $(1) hash $(call gen_sha256sum,$(1))
 C_hash_deprecated = $(3) uses deprecated hash, set to $(call 
gen_sha256sum,$(1))
 C_hash_missing = $(3) is missing, set to $(call gen_sha256sum,$(1))
 
+# $(1): filename
+# $(2): expected hash value
+# $(3): var name of the the form: 
{PKG_,Download/:}{,MIRROR_}{HASH,MIRROR_HASH}
 check_hash = \
   $(if $(wildcard $(DL_DIR)/$(1)), \
 $(if $(filter-out x,$(2)), \

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] Multipurpose pins not locked on WRT3200ACM

[Hartmut Knaack]

Hi,
I was curious if there are some GPIOs exposed on the Linksys WRT3200ACM, so
I started exporting them in /sys/class/gpio. I realized, that some are
locked against exporting (those claimed by gpio-leds and gpio-keys, power
regulator), while others exposed more or less problematic side effects.
Less critical are GPIOs 2 and 3, which seem to be used by the I2C bus,
where a LED driver controls some of the front LEDs.
A number of other GPIOs (22, 23, 25, 28, 30, 32, 33, 35, 56, 38, 40, 41,
42) however had an effect on the NAND-flash in the range of just not being
able to access it for the moment up to corrupt firmware partition (with the
need to unbrick from the boot loader) and even to the point, that it
requested bootloader code on the uart. It seems, GPIO 33 does major
corruption and GPIO 36 can be really nasty.
There are two more GPIOs, which are quite interesting: when GPIO 26 is
exported and set to output, setting its value to 1 causes all LAN LEDs to
light up constantly. May it be connected to the switch chip?
GPIO 52, when exported and set to output, also causes the LED driver on I2C
to not respond any more. What is the reason (connected to a reset line?)
The basic conclusion is: those multipurpose pins in use need to be locked,
just like the gpio-leds and gpio-keys modules do.
The question remaining is: which multipurpose pins are already in use by
NAND-flash, I2C bus, UART0, SATA(?), PCIe(?), some ethernet MII(?) or
something else?

@Imre Kaloz: From what I remember, you had a closer relationship to Linksys
and brought in support for this device (family). I hope you can shed some
light on this issue.

Thanks,

Hartmut


0x03684A18FAC89148.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel