[OpenWrt-Devel] [PATCH] kernel: Add kmod-sch-cake-virtual package to resolve dependency errors

2020-05-06 Thread Toke Høiland-Jørgensen via openwrt-devel 
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.--- Begin Message ---
As reported in https://github.com/openwrt/packages/issues/12072, the
imagebuilder fails due to a dependency resolution error when the userspace
packages are built using a target that has a different kernel version than
that which is being run. To resolve this, add a virtual kernel package with
the conditional dependency currently used in sqm-scripts. The idea is to
move the sqm-scripts dependency to this virtual package, which hopefully
should be consistent with the actual kernel module being built.

Signed-off-by: Toke Høiland-Jørgensen 
---
 package/kernel/kmod-sched-cake-oot/Makefile | 14 +-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/package/kernel/kmod-sched-cake-oot/Makefile 
b/package/kernel/kmod-sched-cake-oot/Makefile
index 963681c1fb..5a9e1099a4 100644
--- a/package/kernel/kmod-sched-cake-oot/Makefile
+++ b/package/kernel/kmod-sched-cake-oot/Makefile
@@ -29,14 +29,26 @@ define KernelPackage/sched-cake-oot
   DEPENDS:=@LINUX_4_14 +kmod-sched-core +kmod-ipt-conntrack
 endef
 
+define KernelPackage/sched-cake-virtual
+  SUBMENU:=Network Support
+  TITLE:=Virtual package for sched-cake
+  URL:=https://github.com/dtaht/sch_cake
+  DEPENDS:=+!LINUX_4_14:kmod-sched-cake +LINUX_4_14:kmod-sched-cake-oot
+endef
+
 include $(INCLUDE_DIR)/kernel-defaults.mk
 
-define KernelPackage/sched-cake/description
+define KernelPackage/sched-cake-oot/description
   O(ut) O(f) T(ree) Common Applications Kept Enhanced fq_codel/blue derived 
shaper
 endef
 
+define KernelPackage/sched-cake-virtual/description
+  Virtual package for resolving sch_cake dependencies
+endef
+
 define Build/Compile
$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)" modules
 endef
 
 $(eval $(call KernelPackage,sched-cake-oot))
+$(eval $(call KernelPackage,sched-cake-virtual))
-- 
2.26.2


--- End Message ---
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [LEDE-DEV] openwrt and lede - remerge proposal V2

2017-05-22 Thread Toke Høiland-Jørgensen 
John Crispin  writes:

> the lede rules that will become the new owrt rules.

You may want to mention this fact in the merge proposal itself. What
would happen to the rules was one of the points that was unclear in the
first round, I believe... :)

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] openwrt and lede - remerge proposal

2017-05-08 Thread Toke Høiland-Jørgensen 
John Crispin  writes:

> Hi,
>
> Felix, Imre and myself had 2 calls last week lasting several hours and 
> discussed
> the following proposal of conditions for a remerge that we would like to 
> propose
> and have people vote on.

Great to hear progress is being made on this! I think the proposal looks
reasonable, generally. A few comments / questions:

- What will this mean for the community rules and the release schedule?
  Will they continue from the current LEDE practices?

> - update the landing page to have the same look & feel as the current openwrt
> landing page

Well, I like the L of lede-project.org better - but it's not something
worth bikeshedding over, so meh, fine... ;)

> *) trademark/sponsorship policy
> - review/ack imres trademark policy
> - review/ack jows sponsorship policy

Links to these?

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] kmod-sched-core: Add HTB and TBF traffic shapers

2017-01-29 Thread Toke Høiland-Jørgensen 
HTB and TBF are the basic traffic shapers used by sqm-scripts. Moving
these into kmod-sched-core enables sqm-scripts to downgrade its
dependency from kmod-sched to kmod-sched-core, potentially making it
useful on devices with smaller flash sizes.

This adds around 30k to the size of kmod-sched-core (20k for sch_htb.ko
and 10k for sch_tbf.ko).

Signed-off-by: Toke Høiland-Jørgensen <t...@toke.dk>
---
 package/kernel/linux/modules/netsupport.mk | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/kernel/linux/modules/netsupport.mk 
b/package/kernel/linux/modules/netsupport.mk
index ef5c5ba848..3d5e74327a 100644
--- a/package/kernel/linux/modules/netsupport.mk
+++ b/package/kernel/linux/modules/netsupport.mk
@@ -736,7 +736,7 @@ $(eval $(call KernelPackage,mppe))
 
 
 SCHED_MODULES = $(patsubst $(LINUX_DIR)/net/sched/%.ko,%,$(wildcard 
$(LINUX_DIR)/net/sched/*.ko))
-SCHED_MODULES_CORE = sch_ingress sch_fq_codel sch_hfsc cls_fw cls_route 
cls_flow cls_tcindex cls_u32 em_u32 act_mirred act_skbedit
+SCHED_MODULES_CORE = sch_ingress sch_fq_codel sch_hfsc sch_htb sch_tbf cls_fw 
cls_route cls_flow cls_tcindex cls_u32 em_u32 act_mirred act_skbedit
 SCHED_MODULES_FILTER = $(SCHED_MODULES_CORE) act_connmark sch_netem
 SCHED_MODULES_EXTRA = $(filter-out $(SCHED_MODULES_FILTER),$(SCHED_MODULES))
 SCHED_FILES = $(patsubst %,$(LINUX_DIR)/net/sched/%.ko,$(filter 
$(SCHED_MODULES_CORE),$(SCHED_MODULES)))
@@ -748,6 +748,8 @@ define KernelPackage/sched-core
   KCONFIG:= \
CONFIG_NET_SCHED=y \
CONFIG_NET_SCH_HFSC \
+   CONFIG_NET_SCH_HTB \
+   CONFIG_NET_SCH_TBF \
CONFIG_NET_SCH_INGRESS \
CONFIG_NET_SCH_FQ_CODEL \
CONFIG_NET_CLS=y \
@@ -789,12 +791,10 @@ define KernelPackage/sched
   KCONFIG:= \
CONFIG_NET_SCH_CODEL \
CONFIG_NET_SCH_DSMARK \
-   CONFIG_NET_SCH_HTB \
CONFIG_NET_SCH_FIFO \
CONFIG_NET_SCH_GRED \
CONFIG_NET_SCH_PRIO \
CONFIG_NET_SCH_RED \
-   CONFIG_NET_SCH_TBF \
CONFIG_NET_SCH_SFQ \
CONFIG_NET_SCH_TEQL \
CONFIG_NET_SCH_FQ \
-- 
2.11.0
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [Babel-users] [LEDE-DEV] Babeld now has procd support on OpenWRT/LEDE

2017-01-14 Thread Toke Høiland-Jørgensen 
"L. D. Pinney"  writes:

> Go back to playing the guitar and smoking dopethat's what you do best.
>
> STOP CROSS POSTING YOU FSCKin' Clown Boy

Dude, seriously? Lay off the abuse. Even if your argument had any merit,
this kind of language is uncalled for...

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] ubus: extending ubus over network to allow devices in the same network to exchange messages on a single common bus

2016-10-05 Thread Toke Høiland-Jørgensen 
Sukru Senli  writes:

> Dear OpenWrt developers,
>
> We, developers of IOPSYS (an OpenWrt based platform for residential gateways) 
> at
> Inteno, believe that extending ubus over network so that multiple devices 
> which
> are on the same network and running OpenWrt could communicate, expose objects
> and exchange messages on a common bus would be a very useful and worthwhile
> enhancement.
>
> For example, in a network scenario where multiple REPEATERs are
> connected to a MASTER gateway, REPEATERs could create objects, create
> events and listen/subscribe to events on the ubus which is exposed to
> network by MASTER, and that would facilitate:

> - keeping configuration synced between the devices
> - exchaning information about clients between the devices
> - devices notifying each other about specific actions, and so on
>
> So far we have envisioned the networked ubus system having the
> following components and properties:
>
> 1) Advertisement + Discovery: The devices on the same network become
> aware of each other and acknowledge that they support ubus. Here we
> believe a multicast solution is feasible.
>
> 2) Authentication + Connection: The devices choose to connect after
> verifying each other: Trust can be originated from a trusted third
> party such as a cloud service, or there can be a manual secure pairing
> method. Another option could be using TR069 and pushing keys down to
> devices to be used in verifying each other.
>
> 3) Networked ubus communication: ubus clients access remote or local
> ubus objects in a similar fashion: The intention is to either not
> change ubus API at all, or to change it as little as possible. However
> we see changing the ubus API as a better approach than changing ubusd
> daemon or message format significantly. In our initial design idea, a
> proxy component would take care of the communication and connection
> setup.
>
> 4) Centralized ubus on MASTER: We believe it is appropriate to
> centralize control, so, for example, REPEATERs would expose (a subset
> of) their own ubus objects on MASTER's ubus.
>
> Developing an access control mechanism that operates on ubus directly
> in order to limit both local and remote access using the same method
> would be a good idea. ACL could be based on different parameters such
> as user/group, application, IP address etc.
>
> We will be moving forward with the design and implementation of a
>networked ubus, and we take this opportunity to invite participation
>and discussion so that a better solution where more OpenWrt
>developers/users benefit from can be developed.

>From your description it seems there is quite a bit of overlap between
this and the HNCP protocol defined by the IETF Homenet working group.
The reference implementation of this already runs on openwrt, so I'd
suggest you look into this before you go out and reinvent the wheel. :)

Being an IETF protocol it also has the advantage of interoperability
outside of *wrt (in theory, at least...).

See http://homewrt.org/ and RFC7788 (https://tools.ietf.org/html/rfc7788).

I'll add that the Homenet working group is still quite active and a lot
of things are still in active development. So affecting the process is
very possible :)

https://datatracker.ietf.org/wg/homenet/charter/ - also has a link to
the mailing list.

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] RFC netifd: UCI parameter to sort name servers in resolv.conf.auto

2016-09-05 Thread Toke Høiland-Jørgensen 
Hans Dedecker  writes:

> Hi Felix,
>
> Current implementation in netifd writes the dns servers into
> resolv.conf.auto file based on the order of the interfaces in the
> interface list which is alphabetical sorted. The resolver, in this
> case dnsmasq, reads the resolv.conf.auto file and queries the
> nameserver(s) in the order listed till it receives an answer.

Note that dnsmasq by default will query all known servers simultaneously
and use the first answer it gets. So sorting servers in resolv.conf.auto
only really works if dnsmasq is passed the 'strict-order' parameter,
which I don't think is the default...

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] Allow kernel modules to keep build ID debug symbol.

2015-10-30 Thread Toke Høiland-Jørgensen 
This change adds support for specifying that a particular kernel module
wants to keep its build ID debug symbol (.note.gnu.build-id). This
symbol is exported in sysfs by the kernel (if the kernel is compiled
with CONFIG_KALLSYMS) and so can be used to uniquely identify a version
of a kernel module in a running kernel (if the module is built with
suitable linker options). This is useful for keeping track of different
versions of a module when doing experiments and development.

A kernel module Makefile can specify that the build ID should be kept by
exporting PKG_KEEP_BUILD_ID in the Build/Exports section. This will add
~100 bytes to the size of the .ko (depending on the length of the build
ID specified).

The default is to strip the build ID (as before), so there is no size
difference for kernel modules that do not export this variable.

Signed-off-by: Toke Høiland-Jørgensen <t...@toke.dk>
---
 scripts/strip-kmod.sh | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/strip-kmod.sh b/scripts/strip-kmod.sh
index 13e6b58..d6fa10d 100755
--- a/scripts/strip-kmod.sh
+++ b/scripts/strip-kmod.sh
@@ -18,11 +18,14 @@ else
ARGS="-x -G __this_module --strip-unneeded"
 fi
 
+if [ -z "$PKG_KEEP_BUILD_ID" ]; then
+ARGS="$ARGS -R .note.gnu.build-id"
+fi
+
 ${CROSS}objcopy \
-R .comment \
-R .pdr \
-R .mdebug.abi32 \
-   -R .note.gnu.build-id \
-R .gnu.attributes \
-R .reginfo \
$ARGS \
-- 
2.6.2
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] Allow kernel modules to keep build ID debug symbol.

2015-10-30 Thread Toke Høiland-Jørgensen 
Felix Fietkau  writes:

> As far as I know, the build-id is build host specific, so I don't think
> it will really help you with tracking versions of other people's
> builds.

Yup. But you can pass it explicitly to the linker:

LDFLAGS_MODULE=--build-id=0x$(PKG_SOURCE_VERSION)

where PKG_SOURCE_VERSION is the git hash.

> I think for what you're trying to do, it might be better to use
> something else. You could just embed a custom section in your module
> containing a git hash of the source tree, or something like that.

Well the nice thing about this is that it requires very little change in
other places: The facility to export it in sysfs is already in the
kernel, and it's a one-line change to the build invocation (as above) to
get it included.

If you're opposed to adding this change, I guess that adding a custom
note section to the module might be an alternative way to go about it;
if I can figure out how to do that...

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] Allow kernel modules to keep build ID debug symbol.

2015-10-30 Thread Toke Høiland-Jørgensen 
Felix Fietkau  writes:

> How is this more useful than simply checking a hash of the kernel
> module in /lib/modules and comparing that with the corresponding file
> on the host?

Because the value in /sys/module/ is from the *loaded* module. So it
catches the case where the module file is updated but not reloaded (was
bitten by this a couple of times).

Also, you can put the module source git hash as the build id, so it can
be referred back to the source, rather than the compiled file.

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] Allow kernel modules to keep build ID debug symbol.

2015-10-30 Thread Toke Høiland-Jørgensen 
Felix Fietkau  writes:

> I'm still not convinced that this is very useful - if you have issues
> that you sometimes reinstall modules, but don't reload them and have
> to check the id, why not just fix your workflow instead?

I did script it, but I'm trying to have a way to make this available to
others as well. Let me give a bit more context:

I'm using this for the 'cake' shaper module, which is built out-of-tree
as kmod-sched-cake, available in the ceropackages feed. Other people are
testing this, with their own builds; and I want to be able to keep track
of which versions they are testing with, without having to impose a
specific workflow for them: With this change, I can just add the
build-id linker option in the package Makefile, and it will be available
on the router running the code, where it can be automatically extracted
by the Flent tool as part of the test.

> Either way, if this is really necessary for you, I'm okay with adding
> support for keeping the build-id, but setting this in the package
> makefile (especially in the Build/Exports section) seems rather quirky
> to me. Since this is a rather exotic debugging-only feature, why not
> just add a global config option for it?

Well I was trying to find a way to make it possible to set this for one
module (package) only, in order to keep the impact as low as possible.
And this was the only I could figure out to make it work (since the
RSTRIP variable in rules.mk seems to be expanded before the contents of
the package Makefile, so I can't add a variable there).

But since this requires a specific kernel configuration anyway
(CONFIG_KALLSYMS), global config changes are needed anyway, so am fine
with making it a global switch. Can resubmit is as such.

Should I just add a new switch under "Global build settings"? Or would
it be okay to condition it on CONFIG_KERNEL_KALLSYMS (which it needs to
work anyway)?

Incidentally, is there a way to depend on these options from the package
Makefile?

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] Allow kernel modules to keep build ID debug symbol.

2015-10-30 Thread Toke Høiland-Jørgensen 
Felix Fietkau  writes:

> How about this: add it per-package, but add it in a way that you can set
> PKG_BUILD_ID:=$(PKG_SOURCE_VERSION) and this will add the linker command
> and disable the build-id stripping.

Would definitely work. The problem is I'm not sure I quite grok the
openwrt build system sufficiently to do this correctly. Guess I need to
get the linker flag into KERNEL_MAKEOPTS? Can go looking for that, but
that still leaves the problem of signaling the strip-kmod.sh script
correctly -- can I get at per-package variables in rules.mk where the
RSTRIP invocation is defined?

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] Allow kernel modules to keep build ID debug symbol.

2015-10-30 Thread Toke Høiland-Jørgensen 
Felix Fietkau  writes:

>> Would definitely work. The problem is I'm not sure I quite grok the
>> openwrt build system sufficiently to do this correctly. Guess I need to
>> get the linker flag into KERNEL_MAKEOPTS?
> Yes. It's in kernel-defaults.mk

Cool, this part works.

>> Can go looking for that, but
>> that still leaves the problem of signaling the strip-kmod.sh script
>> correctly -- can I get at per-package variables in rules.mk where the
>> RSTRIP invocation is defined?
> You can add it wrapped in $(if ...) to rules.mk to the other exports in
> the RSTRIP variable.

Yeah, that's what I thought; but the obvious way (below) doesn't seem to
work. Can I not expand the PKG_* variables in rules.mk?

-Toke

diff --git a/rules.mk b/rules.mk
index 819bea5..8e1cfe9 100644
--- a/rules.mk
+++ b/rules.mk
@@ -275,6 +275,7 @@ else
   endif
   RSTRIP:= \
 export CROSS="$(TARGET_CROSS)" \
+   $(if $(PKG_BUILD_ID),KEEP_BUILD_ID=1) \
$(if $(CONFIG_KERNEL_KALLSYMS),NO_RENAME=1) \
$(if $(CONFIG_KERNEL_PROFILING),KEEP_SYMBOLS=1); \
 NM="$(TARGET_CROSS)nm" \
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] Allow kernel modules to keep build ID debug symbol.

2015-10-30 Thread Toke Høiland-Jørgensen 
Felix Fietkau  writes:

>> diff --git a/rules.mk b/rules.mk
>> index 819bea5..8e1cfe9 100644
>> --- a/rules.mk
>> +++ b/rules.mk
>> @@ -275,6 +275,7 @@ else
>>endif
>>RSTRIP:= \
> Please try if changing RSTRIP:= to RSTRIP= makes it work.

Yup, it does. Cool, will submit a new patch that also includes this
change. Thanks a lot for your help! :)

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v2] Allow kernel modules to set build ID debug symbol

2015-10-30 Thread Toke Høiland-Jørgensen 
This change adds support for specifying a build ID for kernel modules.
This is done by setting PKG_BUILD_ID to a hexadecimal string, which will
then be passed to the kernel linker. In addition, when this flag is set,
the build ID debug symbol (.note.gnu.build-id) will not be stripped from
the kernel module. This symbol is exported in sysfs by the kernel (if
the kernel is compiled with CONFIG_KALLSYMS) and so can be used to
uniquely identify a version of a kernel module in a running kernel. This
is useful for keeping track of different versions of a module when doing
experiments and development.

Modules that specify the build ID will be ~100 bytes larger (depending
on the length of the build ID specified). There is no size difference
for kernel modules that do not set this variable.

Signed-off-by: Toke Høiland-Jørgensen <t...@toke.dk>
---
 include/kernel-defaults.mk | 3 ++-
 rules.mk   | 3 ++-
 scripts/strip-kmod.sh  | 5 -
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/include/kernel-defaults.mk b/include/kernel-defaults.mk
index 24d2630..d37787a 100644
--- a/include/kernel-defaults.mk
+++ b/include/kernel-defaults.mk
@@ -11,7 +11,8 @@ KERNEL_MAKEOPTS := -C $(LINUX_DIR) \
ARCH="$(LINUX_KARCH)" \
KBUILD_HAVE_NLS=no \
CONFIG_SHELL="$(BASH)" \
-   $(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='')
+   $(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='') \
+   $(if $(PKG_BUILD_ID),LDFLAGS_MODULE=--build-id=0x$(PKG_BUILD_ID))
 
 ifdef CONFIG_STRIP_KERNEL_EXPORTS
   KERNEL_MAKEOPTS += \
diff --git a/rules.mk b/rules.mk
index 819bea5..7710fb4 100644
--- a/rules.mk
+++ b/rules.mk
@@ -273,8 +273,9 @@ else
   STRIP:=$(STAGING_DIR_HOST)/bin/sstrip
 endif
   endif
-  RSTRIP:= \
+  RSTRIP= \
 export CROSS="$(TARGET_CROSS)" \
+   $(if $(PKG_BUILD_ID),KEEP_BUILD_ID=1) \
$(if $(CONFIG_KERNEL_KALLSYMS),NO_RENAME=1) \
$(if $(CONFIG_KERNEL_PROFILING),KEEP_SYMBOLS=1); \
 NM="$(TARGET_CROSS)nm" \
diff --git a/scripts/strip-kmod.sh b/scripts/strip-kmod.sh
index 13e6b58..e3f13be 100755
--- a/scripts/strip-kmod.sh
+++ b/scripts/strip-kmod.sh
@@ -18,11 +18,14 @@ else
ARGS="-x -G __this_module --strip-unneeded"
 fi
 
+if [ -z "$KEEP_BUILD_ID" ]; then
+ARGS="$ARGS -R .note.gnu.build-id"
+fi
+
 ${CROSS}objcopy \
-R .comment \
-R .pdr \
-R .mdebug.abi32 \
-   -R .note.gnu.build-id \
-R .gnu.attributes \
-R .reginfo \
$ARGS \
-- 
2.6.2
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP

2015-10-01 Thread Toke Høiland-Jørgensen 
Kevin Darbyshire-Bryant  writes:

> This patch stops SIGHUP from enabling dnssec timechecks if disabled by
> use of --dnssec-no-timecheck option.  --dnssec-timestamp continues to
> work correctly.

I'd argue that patching dnsmasq in this way is the wrong way to fix
this. If you're worried about that DOS vector, don't use
--dnssec-no-timecheck but rather use --dnssec-timestamp.

Also, in a scenario where --dnssec-no-timecheck is used, the expectation
is that the time will be fixed in fairly short order (i.e. as soon as
NTP syncs up), so the potential for this being a DOS vector is rather
small I would say... And if you can SIGHUP the process you can also
SIGKILL it.

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP

2015-10-01 Thread Toke Høiland-Jørgensen 
Kevin Darbyshire-Bryant  writes:

> Could I kindly ask you to read
> https://patchwork.ozlabs.org/patch/521344/ particularly with regards to
> Yousong's comments.  You'll hopefully appreciate the irony of your
> suggestion and how things (by which I mean 'I') have been sent on a bit
> of a merry-go-round of late.

Ah, completely missed that go by. Will go have a look at that.

> I think I'm actually trying to be helpful but I'm stepping off now
> before I .well I'm not sure what before, but just before ;-) Back
> to sqm.

Yeah, feel your pain. This whole dnssec/time thing is a royal PITA. I
did a hackish implementation of the reload logic based on NTP state in
Cerowrt:
https://github.com/dtaht/cerowrt-3.10/blob/master/package/network/services/dnsmasq/files/check_ntpd.sh

...which was hackish but did kinda-sorta work. This was before the
timestamp file feature went in, though, and actually was under the
impression that that feature fixed it in a cleaner way. But of course if
sysfixtime is messing with that, well I'll go reply to the other
thread I guess.

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH v2] base-files: init/sysfixtime - exclude dnsmasq.time

2015-10-01 Thread Toke Høiland-Jørgensen 
Steven Barth  writes:

> Using --dnssec-no-timecheck is impractical since it reacts to SIGHUP which
> is already overloaded and might be triggered by e.g. config changes.

Quite apart from the signaling, using --dnssec-no-timecheck very quickly
turns into an ugly hack. I implemented a startup time sync functionality
for CeroWrt based on this, see
https://github.com/dtaht/cerowrt-3.10/commit/b3a5b704691f1ba1d154dca9c7ab316f92136640

Never even attempted to upstream it because while it does sorta-kinda
work, it is a fairly ugly hack and I don't see any good way to avoid
that.

I definitely consider the timestamp file a cleaner way of solving the
DNSSEC/time sync problem, and will definitely recommend sticking with
that.

As far as whether or not it is a security risk: The whole issue here is
that it is fundamentally impossible to bootstrap DNSSEC securely without
a reliable clock (i.e. real-time clock or GPS or other offline source).
So we're stuck with doing things that minimise the duration of the
vulnerable window.

Also, as far as I can tell, dnsmasq will still read the time off the
file even if it can't write to it. So if the file ownership is the issue
(and I can see how this is at least a theoretical concern), just have
the file be owned as root, and have a suitably privileged process touch
it on shutdown (or periodically? presumably many reboots are going to be
hard power cycles, so no chance to do anything on shutdown?).

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] Update dnsmasq to v2.73.

2015-06-14 Thread Toke Høiland-Jørgensen 
Signed-off-by: Toke Høiland-Jørgensen t...@toke.dk
---
 package/network/services/dnsmasq/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/network/services/dnsmasq/Makefile 
b/package/network/services/dnsmasq/Makefile
index 7b56a06..19a8df9 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
-PKG_VERSION:=2.73rc9
+PKG_VERSION:=2.73
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates
-PKG_MD5SUM:=82b9ee113f7f72461c05d89fa23d2914
+PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
+PKG_MD5SUM:=b8bfe96d22945c8cf4466826ba9b21bd
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING
-- 
2.4.2
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] Update dnsmasq to v2.73.

2015-06-14 Thread Toke Høiland-Jørgensen 
Signed-off-by: Toke Høiland-Jørgensen t...@toke.dk
---
 package/network/services/dnsmasq/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/network/services/dnsmasq/Makefile 
b/package/network/services/dnsmasq/Makefile
index 7b56a06..19a8df9 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
-PKG_VERSION:=2.73rc9
+PKG_VERSION:=2.73
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates
-PKG_MD5SUM:=82b9ee113f7f72461c05d89fa23d2914
+PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
+PKG_MD5SUM:=b8bfe96d22945c8cf4466826ba9b21bd
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING
-- 
2.4.2
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] Add sch_fq and sch_pie to the kmod-sched package.

2015-06-03 Thread Toke Høiland-Jørgensen 
Etienne Champetier champetier.etie...@gmail.com writes:

 what is the size of the image/.ipk with/without this option ? 

The .ipk goes from 46018 to 52793 bytes. Can't seem to get the image
size to change, probably some issue with my build setup...

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] Add sch_fq and sch_pie to the kmod-sched package.

2015-06-03 Thread Toke Høiland-Jørgensen 

These are two new packet schedulers introduced in Linux 3.12 and 3.14
respectively. sch_fq is a perfect fairness queueing scheduler that also
adds pacing on host TCP flows, and sch_pie is an AQM.

Having them available in kmod-sched makes it easier for people to test
these new queueing schemes.

Signed-off-by: Toke Høiland-Jørgensen t...@toke.dk
---
 package/kernel/linux/modules/netsupport.mk | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package/kernel/linux/modules/netsupport.mk 
b/package/kernel/linux/modules/netsupport.mk
index 4483581..cead141 100644
--- a/package/kernel/linux/modules/netsupport.mk
+++ b/package/kernel/linux/modules/netsupport.mk
@@ -802,6 +802,8 @@ define KernelPackage/sched
CONFIG_NET_SCH_TBF \
CONFIG_NET_SCH_SFQ \
CONFIG_NET_SCH_TEQL \
+   CONFIG_NET_SCH_FQ \
+   CONFIG_NET_SCH_PIE \
CONFIG_NET_CLS_BASIC \
CONFIG_NET_ACT_POLICE \
CONFIG_NET_ACT_IPT \
-- 
2.4.2
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [sqm-scripts] not started at boot?

2015-02-15 Thread Toke Høiland-Jørgensen 
Alan Jenkins alan.christopher.jenk...@gmail.com writes:

 It's very effective, but I notice SQM isn't applied at boot time. The
 system log complains about pppoe-wan interface not existing, when the
 sqm init script is started.

Ah, that makes sense I suppose: PPPOE is probably brought up too late
for the SQM init script to pick it up.

 qos-scripts has a hotplug script, so I copied it for sqm and the
 problem is fixed. Though my stupid script re-runs the sqm as every
 single network interface comes up, so it spams the log and probably
 slows things down a bit. (Maybe sqm script also wants to not be so
 noisy in the log)

I'm attaching an updated version of the run.sh script which should
detect when it is run from hotplug and only apply the SQM config to the
hotplugged interface. Could you verify that this works for you? If so,
I'll push an update with the revision and include a hotplug script. :)

-Toke

#!/bin/sh

# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
#   Copyright (C) 2012-4 Michael D. Taht, Toke Høiland-Jørgensen, Sebastian Moeller


. /lib/functions.sh

STOP=$1
ACTIVE_STATE_PREFIX=SQM_active_on_
ACTIVE_STATE_FILE_DIR=/var/run/SQM
mkdir -p ${ACTIVE_STATE_FILE_DIR}

# the current uci config file does not necessarily contain sections for all interfaces with active
# SQM instances, so use the ACTIVE_STATE_FILES to detect the interfaces on which to stop SQM.
# Currently the .qos scripts start with stopping any existing traffic shaping so this should not
# effectively change anything...
PROTO_STATE_FILE_LIST=$( ls ${ACTIVE_STATE_FILE_DIR}/${ACTIVE_STATE_PREFIX}* 2 /dev/null )
for STATE_FILE in ${PROTO_STATE_FILE_LIST} ; do
if [ -f ${STATE_FILE} ] ;
then
	STATE_FILE_BASE_NAME=$( basename ${STATE_FILE} )
	CURRENT_INTERFACE=${STATE_FILE_BASE_NAME:${#ACTIVE_STATE_PREFIX}:$(( ${#STATE_FILE_BASE_NAME} - ${#ACTIVE_STATE_PREFIX} ))}
	logger -t SQM -s ${0} Stopping SQM on interface: ${CURRENT_INTERFACE}
	/usr/lib/sqm/stop.sh ${CURRENT_INTERFACE}
	rm ${STATE_FILE}	# well, we stop it so it is not running anymore and hence no active state file needed...
fi
done

config_load sqm

run_simple_qos() {
	local section=$1
	export IFACE=$(config_get $section interface)

	# If called from hotplug, $DEVICE will be the interface that got hotplugged, so ignore anything else
	[ -n $DEVICE -a $DEVICE != $IFACE ]  return

	ACTIVE_STATE_FILE_FQN=${ACTIVE_STATE_FILE_DIR}/${ACTIVE_STATE_PREFIX}${IFACE}	# this marks interfaces as active with SQM
	[ -f ${ACTIVE_STATE_FILE_FQN} ]  logger -t SQM -s Uh, oh, ${ACTIVE_STATE_FILE_FQN} should already be stopped.	# Not supposed to happen

	if [ $(config_get $section enabled) -ne 1 ];
	then
	if [ -f ${ACTIVE_STATE_FILE_FQN} ];
	then
		# this should not be possible, delete after testing
		local SECTION_STOP=stop	# it seems the user just de-selected enable, so stop the active SQM
	else
		logger -t SQM -s ${0} SQM for interface ${IFACE} is not enabled, skipping over...
		return 0	# since SQM is not active on the current interface nothing to do here
	fi
	fi

	export UPLINK=$(config_get $section upload)
	export DOWNLINK=$(config_get $section download)
	export LLAM=$(config_get $section linklayer_adaptation_mechanism)
	export LINKLAYER=$(config_get $section linklayer)
	export OVERHEAD=$(config_get $section overhead)
	export STAB_MTU=$(config_get $section tcMTU)
	export STAB_TSIZE=$(config_get $section tcTSIZE)
	export STAB_MPU=$(config_get $section tcMPU)
	export ILIMIT=$(config_get $section ilimit)
	export ELIMIT=$(config_get $section elimit)
	export ITARGET=$(config_get $section itarget)
	export ETARGET=$(config_get $section etarget)
	export IECN=$(config_get $section ingress_ecn)
	export EECN=$(config_get $section egress_ecn)
	export IQDISC_OPTS=$(config_get $section iqdisc_opts)
	export EQDISC_OPTS=$(config_get $section eqdisc_opts)
	export TARGET=$(config_get $section target)
	export SQUASH_DSCP=$(config_get $section squash_dscp)
	export SQUASH_INGRESS=$(config_get $section squash_ingress)

	export QDISC=$(config_get $section qdisc)
	export SCRIPT=/usr/lib/sqm/$(config_get $section script)

#	# there should be nothing left to stop, so just avoid calling the script
	if [ $STOP == stop -o $SECTION_STOP == stop ];
	then 
#	 /usr/lib/sqm/stop.sh
#	 [ -f ${ACTIVE_STATE_FILE_FQN} ]  rm ${ACTIVE_STATE_FILE_FQN}	# conditional to avoid errors ACTIVE_STATE_FILE_FQN does not exist anymore
#	 $(config_set $section enabled 0)	# this does not save to the config file only to the loaded memory representation
	 logger -t SQM -s ${0} SQM qdiscs on ${IFACE} removed
	 return 0
	fi
	logger -t SQM -s ${0} Queue Setup Script: ${SCRIPT}
	[ -x $SCRIPT ]  { $SCRIPT ; touch ${ACTIVE_STATE_FILE_FQN}; }
}

config_foreach run_simple_qos
___
openwrt-devel mailing list
openwrt

Re: [OpenWrt-Devel] [Cerowrt-devel] [sqm-scripts] not started at boot?

2015-02-15 Thread Toke Høiland-Jørgensen 
Sebastian Moeller moell...@gmx.de writes:

   I am not sure that this works as intended. The first thing
   run.sh does is take down all running SQM instances:

Ah yes, seems I was a bit too trigger-happy there ;)

Here's a version of run.sh that should also short-circuit the 'down'
part if called from hotplug.

The alternative is, of course, to have logic in the hotplug script to
only call run.sh for interfaces that are enabled, but that would require
parsing /etc/config/sqm from there. My initial thought was that
short-circuiting the logic in run.sh was 'cleaner'; but I'm not entirely
sure about that... Thoughts?

-Toke

#!/bin/sh

# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
#   Copyright (C) 2012-4 Michael D. Taht, Toke Høiland-Jørgensen, Sebastian Moeller


. /lib/functions.sh

STOP=$1
ACTIVE_STATE_PREFIX=SQM_active_on_
ACTIVE_STATE_FILE_DIR=/var/run/SQM
mkdir -p ${ACTIVE_STATE_FILE_DIR}

# the current uci config file does not necessarily contain sections for all interfaces with active
# SQM instances, so use the ACTIVE_STATE_FILES to detect the interfaces on which to stop SQM.
# Currently the .qos scripts start with stopping any existing traffic shaping so this should not
# effectively change anything...
PROTO_STATE_FILE_LIST=$( ls ${ACTIVE_STATE_FILE_DIR}/${ACTIVE_STATE_PREFIX}* 2 /dev/null )
for STATE_FILE in ${PROTO_STATE_FILE_LIST} ; do
if [ -f ${STATE_FILE} ] ;
then
	STATE_FILE_BASE_NAME=$( basename ${STATE_FILE} )
	CURRENT_INTERFACE=${STATE_FILE_BASE_NAME:${#ACTIVE_STATE_PREFIX}:$(( ${#STATE_FILE_BASE_NAME} - ${#ACTIVE_STATE_PREFIX} ))}

	# If called from hotplug, $DEVICE will be the interface that got hotplugged, so ignore anything else
	if [ -z $DEVICE -o $DEVICE == $CURRENT_INTERFACE ]; then
		logger -t SQM -s ${0} Stopping SQM on interface: ${CURRENT_INTERFACE}
		/usr/lib/sqm/stop.sh ${CURRENT_INTERFACE}
		rm ${STATE_FILE}	# well, we stop it so it is not running anymore and hence no active state file needed...
	fi
fi
done

config_load sqm

run_simple_qos() {
	local section=$1
	export IFACE=$(config_get $section interface)

	# If called from hotplug, $DEVICE will be the interface that got hotplugged, so ignore anything else
	[ -n $DEVICE -a $DEVICE != $IFACE ]  return

	ACTIVE_STATE_FILE_FQN=${ACTIVE_STATE_FILE_DIR}/${ACTIVE_STATE_PREFIX}${IFACE}	# this marks interfaces as active with SQM
	[ -f ${ACTIVE_STATE_FILE_FQN} ]  logger -t SQM -s Uh, oh, ${ACTIVE_STATE_FILE_FQN} should already be stopped.	# Not supposed to happen

	if [ $(config_get $section enabled) -ne 1 ];
	then
	if [ -f ${ACTIVE_STATE_FILE_FQN} ];
	then
		# this should not be possible, delete after testing
		local SECTION_STOP=stop	# it seems the user just de-selected enable, so stop the active SQM
	else
		logger -t SQM -s ${0} SQM for interface ${IFACE} is not enabled, skipping over...
		return 0	# since SQM is not active on the current interface nothing to do here
	fi
	fi

	export UPLINK=$(config_get $section upload)
	export DOWNLINK=$(config_get $section download)
	export LLAM=$(config_get $section linklayer_adaptation_mechanism)
	export LINKLAYER=$(config_get $section linklayer)
	export OVERHEAD=$(config_get $section overhead)
	export STAB_MTU=$(config_get $section tcMTU)
	export STAB_TSIZE=$(config_get $section tcTSIZE)
	export STAB_MPU=$(config_get $section tcMPU)
	export ILIMIT=$(config_get $section ilimit)
	export ELIMIT=$(config_get $section elimit)
	export ITARGET=$(config_get $section itarget)
	export ETARGET=$(config_get $section etarget)
	export IECN=$(config_get $section ingress_ecn)
	export EECN=$(config_get $section egress_ecn)
	export IQDISC_OPTS=$(config_get $section iqdisc_opts)
	export EQDISC_OPTS=$(config_get $section eqdisc_opts)
	export TARGET=$(config_get $section target)
	export SQUASH_DSCP=$(config_get $section squash_dscp)
	export SQUASH_INGRESS=$(config_get $section squash_ingress)

	export QDISC=$(config_get $section qdisc)
	export SCRIPT=/usr/lib/sqm/$(config_get $section script)

#	# there should be nothing left to stop, so just avoid calling the script
	if [ $STOP == stop -o $SECTION_STOP == stop ];
	then 
#	 /usr/lib/sqm/stop.sh
#	 [ -f ${ACTIVE_STATE_FILE_FQN} ]  rm ${ACTIVE_STATE_FILE_FQN}	# conditional to avoid errors ACTIVE_STATE_FILE_FQN does not exist anymore
#	 $(config_set $section enabled 0)	# this does not save to the config file only to the loaded memory representation
	 logger -t SQM -s ${0} SQM qdiscs on ${IFACE} removed
	 return 0
	fi
	logger -t SQM -s ${0} Queue Setup Script: ${SCRIPT}
	[ -x $SCRIPT ]  { $SCRIPT ; touch ${ACTIVE_STATE_FILE_FQN}; }
}

config_foreach run_simple_qos
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [Cerowrt-devel] [sqm-scripts] not started at boot?

2015-02-15 Thread Toke Høiland-Jørgensen 
Sebastian Moeller moell...@gmx.de writes:

   Not that I have shown great taste in the past, but I think it
 would be somewhat cleaner to put the logic into the hot plug script
 and keep run.sh “simple” (in the past I had introduced a large number
 of leakage, especially of IFBs by not properly removing/stopping old
 instances and was quite happy to have the take all active interfaces
 down loop as a last defense against accidental leaks).

Well, the biggest issue I can see with not having any logic in run.sh is
that in that case, *all* interfaces will be reconfigured when the
hotplug event happens. However, I'm not sure exactly how common it is to
have more than one interface configured for SQM, and if so, whether or
not reconfiguring everything on every hotplug event (well, only for for
SQM-enabled interfaces I suppose) is an issue.

The modifications to run.sh should keep it functioning the way it does
currently if run 'manually' the shell or LUCI. Unless the $DEVICE
env-var is set for some other reason...


   But I am now also running pppoe directly from cerowrt and see
   the same issue, sqm is confused when the pppoe interface
   temporarily goes away, so at least I can now test this issue ;)

Well, a first pass could be to see if the modified run.sh I sent last
time around actually works... ;)

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH v3] radsecproxy: procd conversion and version bump

2014-04-08 Thread Toke Høiland-Jørgensen 
Ping? :)

http://patchwork.openwrt.org/patch/5037/

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] is anybody working on supporting Linksys WRT1900ac ?

2014-04-07 Thread Toke Høiland-Jørgensen 
There was a patch posted from linksys last week:

http://thread.gmane.org/gmane.comp.embedded.openwrt.devel/23500

-Toke
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v3] radsecproxy: procd conversion and version bump

2014-03-21 Thread Toke Høiland-Jørgensen 
Update radsecproxy to version 1.6.5 and convert the init script to use
procd, and start later during boot to ensure name service is operational.

Introduces a small patch to radsecproxy which prevents it from forcing
log output to stderr when run in the foreground, thus making it possible
to simply run it in this mode for procd management.

Signed-off-by: Toke Høiland-Jørgensen t...@toke.dk

---
 net/radsecproxy/Makefile   |  4 +--
 net/radsecproxy/files/radsecproxy.init | 16 ++-
 .../patches/200-logdest-on-foreground.patch| 31 ++
 3 files changed, 43 insertions(+), 8 deletions(-)
 create mode 100644 net/radsecproxy/patches/200-logdest-on-foreground.patch

diff --git a/net/radsecproxy/Makefile b/net/radsecproxy/Makefile
index da84691..5b4dfdd 100644
--- a/net/radsecproxy/Makefile
+++ b/net/radsecproxy/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=radsecproxy
-PKG_VERSION:=1.6.2
+PKG_VERSION:=1.6.5
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://software.uninett.no/radsecproxy/
-PKG_MD5SUM:=dad5c696e4cfe80d606ba90c9a13118b
+PKG_MD5SUM:=f74f82a7ae2cdf2b1d9d271a5c360617
 
 PKG_INSTALL:=1
 
diff --git a/net/radsecproxy/files/radsecproxy.init 
b/net/radsecproxy/files/radsecproxy.init
index b1b4f8e..39bdc6e 100644
--- a/net/radsecproxy/files/radsecproxy.init
+++ b/net/radsecproxy/files/radsecproxy.init
@@ -1,12 +1,16 @@
 #!/bin/sh /etc/rc.common
 # Copyright (C) 2006-2011 OpenWrt.org
 
-START=50
+START=70
 
-start() {
-   service_start /usr/sbin/radsecproxy
-}
+USE_PROCD=1
+PROG=/usr/sbin/radsecproxy
+CONFFILE=/etc/radsecproxy.conf
 
-stop() {
-   service_stop /usr/sbin/radsecproxy
+start_service() {
+   procd_open_instance
+   procd_set_param command $PROG -f -c $CONFFILE
+   procd_set_param file $CONFFILE
+   procd_set_param respawn
+   procd_close_instance
 }
diff --git a/net/radsecproxy/patches/200-logdest-on-foreground.patch 
b/net/radsecproxy/patches/200-logdest-on-foreground.patch
new file mode 100644
index 000..6678448
--- /dev/null
+++ b/net/radsecproxy/patches/200-logdest-on-foreground.patch
@@ -0,0 +1,31 @@
+diff --git a/radsecproxy.c b/radsecproxy.c
+index 563c4a8..9fa076d 100644
+--- a/radsecproxy.c
 b/radsecproxy.c
+@@ -3382,18 +3382,16 @@ int radsecproxy_main(int argc, char **argv) {
+   options.loglevel = loglevel;
+ else if (options.loglevel)
+   debug_set_level(options.loglevel);
+-if (!foreground) {
+-  debug_set_destination(options.logdestination
+-  ? options.logdestination
+-  : x-syslog:///, LOG_TYPE_DEBUG);
++debug_set_destination(options.logdestination
++? options.logdestination
++: x-syslog:///, LOG_TYPE_DEBUG);
+ #if defined(WANT_FTICKS)
+-  if (options.ftickssyslogfacility) {
+-debug_set_destination(options.ftickssyslogfacility,
+-  LOG_TYPE_FTICKS);
+-free(options.ftickssyslogfacility);
+-  }
+-#endif
++if (options.ftickssyslogfacility) {
++  debug_set_destination(options.ftickssyslogfacility,
++LOG_TYPE_FTICKS);
++  free(options.ftickssyslogfacility);
+ }
++#endif
+ free(options.logdestination);
+ 
+ if (!list_first(clconfs))
-- 
1.9.0
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH v2] radsecproxy: procd conversion and version bump

2014-03-16 Thread Toke Høiland-Jørgensen 
This patch updates radsecproxy to version 1.6.5 and converts the init
script to use procd. In the process of doing this, a small patch is
introduced which prevents radsecproxy from forcing log output to stderr
when run in the foreground, thus making it possible to simply run it in
this mode for procd management.

-Toke


diff --git a/net/radsecproxy/Makefile b/net/radsecproxy/Makefile
index da84691..5b4dfdd 100644
--- a/net/radsecproxy/Makefile
+++ b/net/radsecproxy/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=radsecproxy
-PKG_VERSION:=1.6.2
+PKG_VERSION:=1.6.5
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://software.uninett.no/radsecproxy/
-PKG_MD5SUM:=dad5c696e4cfe80d606ba90c9a13118b
+PKG_MD5SUM:=f74f82a7ae2cdf2b1d9d271a5c360617
 
 PKG_INSTALL:=1
 
diff --git a/net/radsecproxy/files/radsecproxy.init 
b/net/radsecproxy/files/radsecproxy.init
index b1b4f8e..39bdc6e 100644
--- a/net/radsecproxy/files/radsecproxy.init
+++ b/net/radsecproxy/files/radsecproxy.init
@@ -1,12 +1,16 @@
 #!/bin/sh /etc/rc.common
 # Copyright (C) 2006-2011 OpenWrt.org
 
-START=50
+START=70
 
-start() {
-   service_start /usr/sbin/radsecproxy
-}
+USE_PROCD=1
+PROG=/usr/sbin/radsecproxy
+CONFFILE=/etc/radsecproxy.conf
 
-stop() {
-   service_stop /usr/sbin/radsecproxy
+start_service() {
+   procd_open_instance
+   procd_set_param command $PROG -f -c $CONFFILE
+   procd_set_param file $CONFFILE
+   procd_set_param respawn
+   procd_close_instance
 }
diff --git a/net/radsecproxy/patches/200-logdest-on-foreground.patch 
b/net/radsecproxy/patches/200-logdest-on-foreground.patch
new file mode 100644
index 000..6678448
--- /dev/null
+++ b/net/radsecproxy/patches/200-logdest-on-foreground.patch
@@ -0,0 +1,31 @@
+diff --git a/radsecproxy.c b/radsecproxy.c
+index 563c4a8..9fa076d 100644
+--- a/radsecproxy.c
 b/radsecproxy.c
+@@ -3382,18 +3382,16 @@ int radsecproxy_main(int argc, char **argv) {
+   options.loglevel = loglevel;
+ else if (options.loglevel)
+   debug_set_level(options.loglevel);
+-if (!foreground) {
+-  debug_set_destination(options.logdestination
+-  ? options.logdestination
+-  : x-syslog:///, LOG_TYPE_DEBUG);
++debug_set_destination(options.logdestination
++? options.logdestination
++: x-syslog:///, LOG_TYPE_DEBUG);
+ #if defined(WANT_FTICKS)
+-  if (options.ftickssyslogfacility) {
+-debug_set_destination(options.ftickssyslogfacility,
+-  LOG_TYPE_FTICKS);
+-free(options.ftickssyslogfacility);
+-  }
+-#endif
++if (options.ftickssyslogfacility) {
++  debug_set_destination(options.ftickssyslogfacility,
++LOG_TYPE_FTICKS);
++  free(options.ftickssyslogfacility);
+ }
++#endif
+ free(options.logdestination);
+ 
+ if (!list_first(clconfs))


signature.asc
Description: PGP signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] radsecproxy procd conversion

2014-03-09 Thread Toke Høiland-Jørgensen 
This patch converts the radsecproxy init script to use procd. Works for
me, but not sure if the stop_service part is entirely idiomatic
(omitting it breaks things, though)...

-Toke


diff --git a/net/radsecproxy/files/radsecproxy.init 
b/net/radsecproxy/files/radsecproxy.init
index b1b4f8e..b551f0f 100644
--- a/net/radsecproxy/files/radsecproxy.init
+++ b/net/radsecproxy/files/radsecproxy.init
@@ -3,10 +3,18 @@
 
 START=50
 
-start() {
-   service_start /usr/sbin/radsecproxy
+USE_PROCD=1
+PROG=/usr/sbin/radsecproxy
+CONFFILE=/etc/radsecproxy.conf
+
+start_service() {
+   procd_open_instance
+   procd_set_param command $PROG -c $CONFFILE
+   procd_set_param file $CONFFILE
+   procd_set_param respawn
+   procd_close_instance
 }
 
-stop() {
-   service_stop /usr/sbin/radsecproxy
+stop_service() {
+   pkill $PROG
 }


signature.asc
Description: PGP signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] radsecproxy procd conversion

2014-03-09 Thread Toke Høiland-Jørgensen 
Also, since radsecproxy will fail to start if it can't resolve the host
it is configured to contact, it really should be moved up to START=70
rather than the current START=50. Did not include this in the patch
because it's a separate issue; can resubmit if needed, or submit a
separate patch for the start time if that is better? :)

-Toke


signature.asc
Description: PGP signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] report of sysupgrade incompatibility with mount-utils

2013-12-25 Thread Toke Høiland-Jørgensen 
Sebastian Moeller moell...@gmx.de writes:

 that would be me, i will fix it after i had lunch

   Thank you very much!

So, this might have fallen between the cracks?

Below is a patch to replace all invocations of {u,}mount in base-files
with /bin/mount. This unbreaks sysupgrade, at least in my tests. :)

-Toke


diff --git a/package/base-files/files/etc/init.d/boot 
b/package/base-files/files/etc/init.d/boot
index ffcc9f7..8b5455d 100755
--- a/package/base-files/files/etc/init.d/boot
+++ b/package/base-files/files/etc/init.d/boot
@@ -50,7 +50,7 @@ boot() {
touch /var/log/lastlog
touch /tmp/resolv.conf.auto
ln -sf /tmp/resolv.conf.auto /tmp/resolv.conf
-   grep -q debugfs /proc/filesystems  mount -o noatime -t debugfs 
debugfs /sys/kernel/debug
+   grep -q debugfs /proc/filesystems  /bin/mount -o noatime -t debugfs 
debugfs /sys/kernel/debug
[ $FAILSAFE = true ]  touch /tmp/.failsafe
 
/sbin/kmodloader
diff --git a/package/base-files/files/etc/init.d/umount 
b/package/base-files/files/etc/init.d/umount
index 13ac61a..349b2b3 100755
--- a/package/base-files/files/etc/init.d/umount
+++ b/package/base-files/files/etc/init.d/umount
@@ -4,5 +4,5 @@
 STOP=99
 stop() {
sync
-   umount -a -d -r
+   /bin/umount -a -d -r
 }
diff --git a/package/base-files/files/lib/functions.sh 
b/package/base-files/files/lib/functions.sh
index 6f23e0b..e7ca02a 100755
--- a/package/base-files/files/lib/functions.sh
+++ b/package/base-files/files/lib/functions.sh
@@ -568,12 +568,12 @@ dupe() { # new_root old_root
 }
 
 pivot() { # new_root old_root
-   mount -o noatime,move /proc $1/proc  \
+   /bin/mount -o noatime,move /proc $1/proc  \
pivot_root $1 $1$2  {
-   mount -o noatime,move $2/dev /dev
-   mount -o noatime,move $2/tmp /tmp
-   mount -o noatime,move $2/sys /sys 2-
-   mount -o noatime,move $2/overlay /overlay 2-
+   /bin/mount -o noatime,move $2/dev /dev
+   /bin/mount -o noatime,move $2/tmp /tmp
+   /bin/mount -o noatime,move $2/sys /sys 2-
+   /bin/mount -o noatime,move $2/overlay /overlay 2-
return 0
}
 }
@@ -582,16 +582,16 @@ fopivot() { # rw_root ro_root dupe?
root=$1
{
if grep -q overlay /proc/filesystems; then
-   mount -o noatime,lowerdir=/,upperdir=$1 -t overlayfs 
overlayfs:$1 /mnt  root=/mnt
+   /bin/mount -o noatime,lowerdir=/,upperdir=$1 -t 
overlayfs overlayfs:$1 /mnt  root=/mnt
elif grep -q mini_fo /proc/filesystems; then
-   mount -t mini_fo -o noatime,base=/,sto=$1 mini_fo:$1 
/mnt 2-  root=/mnt
+   /bin/mount -t mini_fo -o noatime,base=/,sto=$1 
mini_fo:$1 /mnt 2-  root=/mnt
else
-   mount --bind -o noatime / /mnt
-   mount --bind -o noatime,union $1 /mnt  root=/mnt
+   /bin/mount --bind -o noatime / /mnt
+   /bin/mount --bind -o noatime,union $1 /mnt  
root=/mnt
fi
} || {
[ $3 = 1 ]  {
-   mount | grep on $1 type 2- 1- || mount -o noatime,bind $1 
$1
+   /bin/mount | grep on $1 type 2- 1- || /bin/mount -o 
noatime,bind $1 $1
dupe $1 $rom
}
}
@@ -600,7 +600,7 @@ fopivot() { # rw_root ro_root dupe?
 
 ramoverlay() {
mkdir -p /tmp/root
-   mount -t tmpfs -o noatime,mode=0755 root /tmp/root
+   /bin/mount -t tmpfs -o noatime,mode=0755 root /tmp/root
fopivot /tmp/root /rom 1
 }
 
diff --git a/package/base-files/files/lib/upgrade/common.sh 
b/package/base-files/files/lib/upgrade/common.sh
index 15ee703..824a099 100644
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -34,18 +34,18 @@ install_bin() { # file [ symlink ... ]
 }
 
 supivot() { # new_root old_root
-   mount | grep on $1 type 2- 1- || mount -o bind $1 $1
+   /bin/mount | grep on $1 type 2- 1- || /bin/mount -o bind $1 $1
mkdir -p $1$2 $1/proc $1/sys $1/dev $1/tmp $1/overlay  \
-   mount -o noatime,move /proc $1/proc  \
+   /bin/mount -o noatime,move /proc $1/proc  \
pivot_root $1 $1$2 || {
-   umount -l $1 $1
+   /bin/umount -l $1 $1
return 1
}
 
-   mount -o noatime,move $2/sys /sys
-   mount -o noatime,move $2/dev /dev
-   mount -o noatime,move $2/tmp /tmp
-   mount -o noatime,move $2/overlay /overlay 2-
+   /bin/mount -o noatime,move $2/sys /sys
+   /bin/mount -o noatime,move $2/dev /dev
+   /bin/mount -o noatime,move $2/tmp /tmp
+   /bin/mount -o noatime,move $2/overlay /overlay 2-
return 0
 }
 
@@ -67,12 +67,12 @@ run_ramfs() { # command [...]
exit 1
}
 
-   mount -o remount,ro /mnt
-

Re: [OpenWrt-Devel] [PATCH] [package] dnsmasq: use host-record instead of address

2013-06-16 Thread Toke Høiland-Jørgensen 
Adam Gensler open...@gnslr.us writes:

 TL;DR - using --address for individual host A records is broken, use
 --host-record instead.

Tried it in cerowrt (openwrt trunk-based) and seems to work well
(although I had to mangle the patch a bit by hand before `git am` would
accept it; the top-level package/ dir was missing from the paths in the
patch).

I'd love for the add_local_hostname option to also add the ipv6 address
of the router to the generated host-record. Tried adding it in, but got
stuck figuring out how to get the configured ipv6 address from the
ip6assign logic (network_get_ipaddr6 returns nothing, as does getting
the value from uci). I realise this is orthogonal to your host-record
patch, but since you're messing with it anyway, I thought maybe you
could figure out how to add that as well.

Doing a host record with mixed v4/v6 addresses manually from the config
works as expected. :)

-Toke


signature.asc
Description: PGP signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] Update netperf build file to v2.6.0, pass --enable-demo to configure.

2013-04-15 Thread Toke Høiland-Jørgensen 
This makes this version of netperf work with the netperf-wrapper testing tool
used for testing for bufferbloat.
---
 net/netperf/Makefile   |8 +---
 net/netperf/patches/001-dccp.patch |   38 
 2 files changed, 5 insertions(+), 41 deletions(-)
 delete mode 100644 net/netperf/patches/001-dccp.patch

diff --git a/net/netperf/Makefile b/net/netperf/Makefile
index 815853e..3f1fb6e 100644
--- a/net/netperf/Makefile
+++ b/net/netperf/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netperf
-PKG_VERSION:=2.4.5
-PKG_RELEASE:=2
+PKG_VERSION:=2.6.0
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=ftp://ftp.netperf.org/netperf/
-PKG_MD5SUM:=5cfaae1d024551161b8eafbd48faedf4
+PKG_MD5SUM:=9654ffdfd4c4f2c93ce3733cd9ed9236
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -24,6 +24,8 @@ define Package/netperf
   URL:=http://www.netperf.org/
 endef
 
+CONFIGURE_ARGS += --enable-demo
+
 define Package/netperf/install
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/netserver.init $(1)/etc/init.d/netserver
diff --git a/net/netperf/patches/001-dccp.patch 
b/net/netperf/patches/001-dccp.patch
deleted file mode 100644
index ae84cee..000
--- a/net/netperf/patches/001-dccp.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-[PATCH] fix build on systems where IPROTO_DCCP is defined, but SOCK_DCCP isn't
-
-On some systems (E.G. uClibc 0.9.31) IPROTO_DCCP is defined, but SOCK_DCCP
-isn't - Causing the build to break. Fix it by checking for both before
-using.
-
-Signed-off-by: Peter Korsgaard jac...@sunsite.dk

- src/netsh.c   |2 +-
- src/nettest_bsd.c |2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-Index: netperf-2.4.5/src/netsh.c
-===
 netperf-2.4.5.orig/src/netsh.c
-+++ netperf-2.4.5/src/netsh.c
-@@ -452,7 +452,7 @@ parse_protocol(char protocol_string[])
- return IPPROTO_SDP;
-   }
- #endif
--#ifdef IPPROTO_DCCP
-+#if defined(IPPROTO_DCCP)  defined(SOCK_DCCP)
-   if (!strcasecmp(temp,dccp)) {
- socket_type = SOCK_DCCP;
- return IPPROTO_DCCP;
-Index: netperf-2.4.5/src/nettest_bsd.c
-===
 netperf-2.4.5.orig/src/nettest_bsd.c
-+++ netperf-2.4.5/src/nettest_bsd.c
-@@ -712,7 +712,7 @@ complete_addrinfo(char *controlhost, cha
-that we did this so the code for the Solaris kludge can do
-the fix-up for us.  also flip error over to EAI_AGAIN and
-make sure we don't count this time around the loop. */
--#if defined(IPPROTO_DCCP)
-+#if defined(IPPROTO_DCCP)  defined(SOCK_DCCP)
-   /* only tweak on this one the second time around, after we've
-kludged the ai_protocol field */
-   if ((hints.ai_socktype == SOCK_DCCP) 
-- 
1.7.9.5

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel