[OpenWrt-Devel] [PATCH] kernel: Add kmod-sch-cake-virtual package to resolve dependency errors
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software.--- Begin Message --- As reported in https://github.com/openwrt/packages/issues/12072, the imagebuilder fails due to a dependency resolution error when the userspace packages are built using a target that has a different kernel version than that which is being run. To resolve this, add a virtual kernel package with the conditional dependency currently used in sqm-scripts. The idea is to move the sqm-scripts dependency to this virtual package, which hopefully should be consistent with the actual kernel module being built. Signed-off-by: Toke Høiland-Jørgensen --- package/kernel/kmod-sched-cake-oot/Makefile | 14 +- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/package/kernel/kmod-sched-cake-oot/Makefile b/package/kernel/kmod-sched-cake-oot/Makefile index 963681c1fb..5a9e1099a4 100644 --- a/package/kernel/kmod-sched-cake-oot/Makefile +++ b/package/kernel/kmod-sched-cake-oot/Makefile @@ -29,14 +29,26 @@ define KernelPackage/sched-cake-oot DEPENDS:=@LINUX_4_14 +kmod-sched-core +kmod-ipt-conntrack endef +define KernelPackage/sched-cake-virtual + SUBMENU:=Network Support + TITLE:=Virtual package for sched-cake + URL:=https://github.com/dtaht/sch_cake + DEPENDS:=+!LINUX_4_14:kmod-sched-cake +LINUX_4_14:kmod-sched-cake-oot +endef + include $(INCLUDE_DIR)/kernel-defaults.mk -define KernelPackage/sched-cake/description +define KernelPackage/sched-cake-oot/description O(ut) O(f) T(ree) Common Applications Kept Enhanced fq_codel/blue derived shaper endef +define KernelPackage/sched-cake-virtual/description + Virtual package for resolving sch_cake dependencies +endef + define Build/Compile $(KERNEL_MAKE) M="$(PKG_BUILD_DIR)" modules endef $(eval $(call KernelPackage,sched-cake-oot)) +$(eval $(call KernelPackage,sched-cake-virtual)) -- 2.26.2 --- End Message --- ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [LEDE-DEV] openwrt and lede - remerge proposal V2
John Crispinwrites: > the lede rules that will become the new owrt rules. You may want to mention this fact in the merge proposal itself. What would happen to the rules was one of the points that was unclear in the first round, I believe... :) -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] openwrt and lede - remerge proposal
John Crispinwrites: > Hi, > > Felix, Imre and myself had 2 calls last week lasting several hours and > discussed > the following proposal of conditions for a remerge that we would like to > propose > and have people vote on. Great to hear progress is being made on this! I think the proposal looks reasonable, generally. A few comments / questions: - What will this mean for the community rules and the release schedule? Will they continue from the current LEDE practices? > - update the landing page to have the same look & feel as the current openwrt > landing page Well, I like the L of lede-project.org better - but it's not something worth bikeshedding over, so meh, fine... ;) > *) trademark/sponsorship policy > - review/ack imres trademark policy > - review/ack jows sponsorship policy Links to these? -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] kmod-sched-core: Add HTB and TBF traffic shapers
HTB and TBF are the basic traffic shapers used by sqm-scripts. Moving these into kmod-sched-core enables sqm-scripts to downgrade its dependency from kmod-sched to kmod-sched-core, potentially making it useful on devices with smaller flash sizes. This adds around 30k to the size of kmod-sched-core (20k for sch_htb.ko and 10k for sch_tbf.ko). Signed-off-by: Toke Høiland-Jørgensen <t...@toke.dk> --- package/kernel/linux/modules/netsupport.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/kernel/linux/modules/netsupport.mk b/package/kernel/linux/modules/netsupport.mk index ef5c5ba848..3d5e74327a 100644 --- a/package/kernel/linux/modules/netsupport.mk +++ b/package/kernel/linux/modules/netsupport.mk @@ -736,7 +736,7 @@ $(eval $(call KernelPackage,mppe)) SCHED_MODULES = $(patsubst $(LINUX_DIR)/net/sched/%.ko,%,$(wildcard $(LINUX_DIR)/net/sched/*.ko)) -SCHED_MODULES_CORE = sch_ingress sch_fq_codel sch_hfsc cls_fw cls_route cls_flow cls_tcindex cls_u32 em_u32 act_mirred act_skbedit +SCHED_MODULES_CORE = sch_ingress sch_fq_codel sch_hfsc sch_htb sch_tbf cls_fw cls_route cls_flow cls_tcindex cls_u32 em_u32 act_mirred act_skbedit SCHED_MODULES_FILTER = $(SCHED_MODULES_CORE) act_connmark sch_netem SCHED_MODULES_EXTRA = $(filter-out $(SCHED_MODULES_FILTER),$(SCHED_MODULES)) SCHED_FILES = $(patsubst %,$(LINUX_DIR)/net/sched/%.ko,$(filter $(SCHED_MODULES_CORE),$(SCHED_MODULES))) @@ -748,6 +748,8 @@ define KernelPackage/sched-core KCONFIG:= \ CONFIG_NET_SCHED=y \ CONFIG_NET_SCH_HFSC \ + CONFIG_NET_SCH_HTB \ + CONFIG_NET_SCH_TBF \ CONFIG_NET_SCH_INGRESS \ CONFIG_NET_SCH_FQ_CODEL \ CONFIG_NET_CLS=y \ @@ -789,12 +791,10 @@ define KernelPackage/sched KCONFIG:= \ CONFIG_NET_SCH_CODEL \ CONFIG_NET_SCH_DSMARK \ - CONFIG_NET_SCH_HTB \ CONFIG_NET_SCH_FIFO \ CONFIG_NET_SCH_GRED \ CONFIG_NET_SCH_PRIO \ CONFIG_NET_SCH_RED \ - CONFIG_NET_SCH_TBF \ CONFIG_NET_SCH_SFQ \ CONFIG_NET_SCH_TEQL \ CONFIG_NET_SCH_FQ \ -- 2.11.0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [Babel-users] [LEDE-DEV] Babeld now has procd support on OpenWRT/LEDE
"L. D. Pinney"writes: > Go back to playing the guitar and smoking dopethat's what you do best. > > STOP CROSS POSTING YOU FSCKin' Clown Boy Dude, seriously? Lay off the abuse. Even if your argument had any merit, this kind of language is uncalled for... -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] ubus: extending ubus over network to allow devices in the same network to exchange messages on a single common bus
Sukru Senliwrites: > Dear OpenWrt developers, > > We, developers of IOPSYS (an OpenWrt based platform for residential gateways) > at > Inteno, believe that extending ubus over network so that multiple devices > which > are on the same network and running OpenWrt could communicate, expose objects > and exchange messages on a common bus would be a very useful and worthwhile > enhancement. > > For example, in a network scenario where multiple REPEATERs are > connected to a MASTER gateway, REPEATERs could create objects, create > events and listen/subscribe to events on the ubus which is exposed to > network by MASTER, and that would facilitate: > - keeping configuration synced between the devices > - exchaning information about clients between the devices > - devices notifying each other about specific actions, and so on > > So far we have envisioned the networked ubus system having the > following components and properties: > > 1) Advertisement + Discovery: The devices on the same network become > aware of each other and acknowledge that they support ubus. Here we > believe a multicast solution is feasible. > > 2) Authentication + Connection: The devices choose to connect after > verifying each other: Trust can be originated from a trusted third > party such as a cloud service, or there can be a manual secure pairing > method. Another option could be using TR069 and pushing keys down to > devices to be used in verifying each other. > > 3) Networked ubus communication: ubus clients access remote or local > ubus objects in a similar fashion: The intention is to either not > change ubus API at all, or to change it as little as possible. However > we see changing the ubus API as a better approach than changing ubusd > daemon or message format significantly. In our initial design idea, a > proxy component would take care of the communication and connection > setup. > > 4) Centralized ubus on MASTER: We believe it is appropriate to > centralize control, so, for example, REPEATERs would expose (a subset > of) their own ubus objects on MASTER's ubus. > > Developing an access control mechanism that operates on ubus directly > in order to limit both local and remote access using the same method > would be a good idea. ACL could be based on different parameters such > as user/group, application, IP address etc. > > We will be moving forward with the design and implementation of a >networked ubus, and we take this opportunity to invite participation >and discussion so that a better solution where more OpenWrt >developers/users benefit from can be developed. >From your description it seems there is quite a bit of overlap between this and the HNCP protocol defined by the IETF Homenet working group. The reference implementation of this already runs on openwrt, so I'd suggest you look into this before you go out and reinvent the wheel. :) Being an IETF protocol it also has the advantage of interoperability outside of *wrt (in theory, at least...). See http://homewrt.org/ and RFC7788 (https://tools.ietf.org/html/rfc7788). I'll add that the Homenet working group is still quite active and a lot of things are still in active development. So affecting the process is very possible :) https://datatracker.ietf.org/wg/homenet/charter/ - also has a link to the mailing list. -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] RFC netifd: UCI parameter to sort name servers in resolv.conf.auto
Hans Dedeckerwrites: > Hi Felix, > > Current implementation in netifd writes the dns servers into > resolv.conf.auto file based on the order of the interfaces in the > interface list which is alphabetical sorted. The resolver, in this > case dnsmasq, reads the resolv.conf.auto file and queries the > nameserver(s) in the order listed till it receives an answer. Note that dnsmasq by default will query all known servers simultaneously and use the first answer it gets. So sorting servers in resolv.conf.auto only really works if dnsmasq is passed the 'strict-order' parameter, which I don't think is the default... -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] Allow kernel modules to keep build ID debug symbol.
This change adds support for specifying that a particular kernel module wants to keep its build ID debug symbol (.note.gnu.build-id). This symbol is exported in sysfs by the kernel (if the kernel is compiled with CONFIG_KALLSYMS) and so can be used to uniquely identify a version of a kernel module in a running kernel (if the module is built with suitable linker options). This is useful for keeping track of different versions of a module when doing experiments and development. A kernel module Makefile can specify that the build ID should be kept by exporting PKG_KEEP_BUILD_ID in the Build/Exports section. This will add ~100 bytes to the size of the .ko (depending on the length of the build ID specified). The default is to strip the build ID (as before), so there is no size difference for kernel modules that do not export this variable. Signed-off-by: Toke Høiland-Jørgensen <t...@toke.dk> --- scripts/strip-kmod.sh | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/strip-kmod.sh b/scripts/strip-kmod.sh index 13e6b58..d6fa10d 100755 --- a/scripts/strip-kmod.sh +++ b/scripts/strip-kmod.sh @@ -18,11 +18,14 @@ else ARGS="-x -G __this_module --strip-unneeded" fi +if [ -z "$PKG_KEEP_BUILD_ID" ]; then +ARGS="$ARGS -R .note.gnu.build-id" +fi + ${CROSS}objcopy \ -R .comment \ -R .pdr \ -R .mdebug.abi32 \ - -R .note.gnu.build-id \ -R .gnu.attributes \ -R .reginfo \ $ARGS \ -- 2.6.2 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] Allow kernel modules to keep build ID debug symbol.
Felix Fietkauwrites: > As far as I know, the build-id is build host specific, so I don't think > it will really help you with tracking versions of other people's > builds. Yup. But you can pass it explicitly to the linker: LDFLAGS_MODULE=--build-id=0x$(PKG_SOURCE_VERSION) where PKG_SOURCE_VERSION is the git hash. > I think for what you're trying to do, it might be better to use > something else. You could just embed a custom section in your module > containing a git hash of the source tree, or something like that. Well the nice thing about this is that it requires very little change in other places: The facility to export it in sysfs is already in the kernel, and it's a one-line change to the build invocation (as above) to get it included. If you're opposed to adding this change, I guess that adding a custom note section to the module might be an alternative way to go about it; if I can figure out how to do that... -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] Allow kernel modules to keep build ID debug symbol.
Felix Fietkauwrites: > How is this more useful than simply checking a hash of the kernel > module in /lib/modules and comparing that with the corresponding file > on the host? Because the value in /sys/module/ is from the *loaded* module. So it catches the case where the module file is updated but not reloaded (was bitten by this a couple of times). Also, you can put the module source git hash as the build id, so it can be referred back to the source, rather than the compiled file. -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] Allow kernel modules to keep build ID debug symbol.
Felix Fietkauwrites: > I'm still not convinced that this is very useful - if you have issues > that you sometimes reinstall modules, but don't reload them and have > to check the id, why not just fix your workflow instead? I did script it, but I'm trying to have a way to make this available to others as well. Let me give a bit more context: I'm using this for the 'cake' shaper module, which is built out-of-tree as kmod-sched-cake, available in the ceropackages feed. Other people are testing this, with their own builds; and I want to be able to keep track of which versions they are testing with, without having to impose a specific workflow for them: With this change, I can just add the build-id linker option in the package Makefile, and it will be available on the router running the code, where it can be automatically extracted by the Flent tool as part of the test. > Either way, if this is really necessary for you, I'm okay with adding > support for keeping the build-id, but setting this in the package > makefile (especially in the Build/Exports section) seems rather quirky > to me. Since this is a rather exotic debugging-only feature, why not > just add a global config option for it? Well I was trying to find a way to make it possible to set this for one module (package) only, in order to keep the impact as low as possible. And this was the only I could figure out to make it work (since the RSTRIP variable in rules.mk seems to be expanded before the contents of the package Makefile, so I can't add a variable there). But since this requires a specific kernel configuration anyway (CONFIG_KALLSYMS), global config changes are needed anyway, so am fine with making it a global switch. Can resubmit is as such. Should I just add a new switch under "Global build settings"? Or would it be okay to condition it on CONFIG_KERNEL_KALLSYMS (which it needs to work anyway)? Incidentally, is there a way to depend on these options from the package Makefile? -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] Allow kernel modules to keep build ID debug symbol.
Felix Fietkauwrites: > How about this: add it per-package, but add it in a way that you can set > PKG_BUILD_ID:=$(PKG_SOURCE_VERSION) and this will add the linker command > and disable the build-id stripping. Would definitely work. The problem is I'm not sure I quite grok the openwrt build system sufficiently to do this correctly. Guess I need to get the linker flag into KERNEL_MAKEOPTS? Can go looking for that, but that still leaves the problem of signaling the strip-kmod.sh script correctly -- can I get at per-package variables in rules.mk where the RSTRIP invocation is defined? -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] Allow kernel modules to keep build ID debug symbol.
Felix Fietkauwrites: >> Would definitely work. The problem is I'm not sure I quite grok the >> openwrt build system sufficiently to do this correctly. Guess I need to >> get the linker flag into KERNEL_MAKEOPTS? > Yes. It's in kernel-defaults.mk Cool, this part works. >> Can go looking for that, but >> that still leaves the problem of signaling the strip-kmod.sh script >> correctly -- can I get at per-package variables in rules.mk where the >> RSTRIP invocation is defined? > You can add it wrapped in $(if ...) to rules.mk to the other exports in > the RSTRIP variable. Yeah, that's what I thought; but the obvious way (below) doesn't seem to work. Can I not expand the PKG_* variables in rules.mk? -Toke diff --git a/rules.mk b/rules.mk index 819bea5..8e1cfe9 100644 --- a/rules.mk +++ b/rules.mk @@ -275,6 +275,7 @@ else endif RSTRIP:= \ export CROSS="$(TARGET_CROSS)" \ + $(if $(PKG_BUILD_ID),KEEP_BUILD_ID=1) \ $(if $(CONFIG_KERNEL_KALLSYMS),NO_RENAME=1) \ $(if $(CONFIG_KERNEL_PROFILING),KEEP_SYMBOLS=1); \ NM="$(TARGET_CROSS)nm" \ ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] Allow kernel modules to keep build ID debug symbol.
Felix Fietkauwrites: >> diff --git a/rules.mk b/rules.mk >> index 819bea5..8e1cfe9 100644 >> --- a/rules.mk >> +++ b/rules.mk >> @@ -275,6 +275,7 @@ else >>endif >>RSTRIP:= \ > Please try if changing RSTRIP:= to RSTRIP= makes it work. Yup, it does. Cool, will submit a new patch that also includes this change. Thanks a lot for your help! :) -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH v2] Allow kernel modules to set build ID debug symbol
This change adds support for specifying a build ID for kernel modules. This is done by setting PKG_BUILD_ID to a hexadecimal string, which will then be passed to the kernel linker. In addition, when this flag is set, the build ID debug symbol (.note.gnu.build-id) will not be stripped from the kernel module. This symbol is exported in sysfs by the kernel (if the kernel is compiled with CONFIG_KALLSYMS) and so can be used to uniquely identify a version of a kernel module in a running kernel. This is useful for keeping track of different versions of a module when doing experiments and development. Modules that specify the build ID will be ~100 bytes larger (depending on the length of the build ID specified). There is no size difference for kernel modules that do not set this variable. Signed-off-by: Toke Høiland-Jørgensen <t...@toke.dk> --- include/kernel-defaults.mk | 3 ++- rules.mk | 3 ++- scripts/strip-kmod.sh | 5 - 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/include/kernel-defaults.mk b/include/kernel-defaults.mk index 24d2630..d37787a 100644 --- a/include/kernel-defaults.mk +++ b/include/kernel-defaults.mk @@ -11,7 +11,8 @@ KERNEL_MAKEOPTS := -C $(LINUX_DIR) \ ARCH="$(LINUX_KARCH)" \ KBUILD_HAVE_NLS=no \ CONFIG_SHELL="$(BASH)" \ - $(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='') + $(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='') \ + $(if $(PKG_BUILD_ID),LDFLAGS_MODULE=--build-id=0x$(PKG_BUILD_ID)) ifdef CONFIG_STRIP_KERNEL_EXPORTS KERNEL_MAKEOPTS += \ diff --git a/rules.mk b/rules.mk index 819bea5..7710fb4 100644 --- a/rules.mk +++ b/rules.mk @@ -273,8 +273,9 @@ else STRIP:=$(STAGING_DIR_HOST)/bin/sstrip endif endif - RSTRIP:= \ + RSTRIP= \ export CROSS="$(TARGET_CROSS)" \ + $(if $(PKG_BUILD_ID),KEEP_BUILD_ID=1) \ $(if $(CONFIG_KERNEL_KALLSYMS),NO_RENAME=1) \ $(if $(CONFIG_KERNEL_PROFILING),KEEP_SYMBOLS=1); \ NM="$(TARGET_CROSS)nm" \ diff --git a/scripts/strip-kmod.sh b/scripts/strip-kmod.sh index 13e6b58..e3f13be 100755 --- a/scripts/strip-kmod.sh +++ b/scripts/strip-kmod.sh @@ -18,11 +18,14 @@ else ARGS="-x -G __this_module --strip-unneeded" fi +if [ -z "$KEEP_BUILD_ID" ]; then +ARGS="$ARGS -R .note.gnu.build-id" +fi + ${CROSS}objcopy \ -R .comment \ -R .pdr \ -R .mdebug.abi32 \ - -R .note.gnu.build-id \ -R .gnu.attributes \ -R .reginfo \ $ARGS \ -- 2.6.2 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP
Kevin Darbyshire-Bryantwrites: > This patch stops SIGHUP from enabling dnssec timechecks if disabled by > use of --dnssec-no-timecheck option. --dnssec-timestamp continues to > work correctly. I'd argue that patching dnsmasq in this way is the wrong way to fix this. If you're worried about that DOS vector, don't use --dnssec-no-timecheck but rather use --dnssec-timestamp. Also, in a scenario where --dnssec-no-timecheck is used, the expectation is that the time will be fixed in fairly short order (i.e. as soon as NTP syncs up), so the potential for this being a DOS vector is rather small I would say... And if you can SIGHUP the process you can also SIGKILL it. -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] dnsmasq: remove dnssec timecheck enable on SIGHUP
Kevin Darbyshire-Bryantwrites: > Could I kindly ask you to read > https://patchwork.ozlabs.org/patch/521344/ particularly with regards to > Yousong's comments. You'll hopefully appreciate the irony of your > suggestion and how things (by which I mean 'I') have been sent on a bit > of a merry-go-round of late. Ah, completely missed that go by. Will go have a look at that. > I think I'm actually trying to be helpful but I'm stepping off now > before I .well I'm not sure what before, but just before ;-) Back > to sqm. Yeah, feel your pain. This whole dnssec/time thing is a royal PITA. I did a hackish implementation of the reload logic based on NTP state in Cerowrt: https://github.com/dtaht/cerowrt-3.10/blob/master/package/network/services/dnsmasq/files/check_ntpd.sh ...which was hackish but did kinda-sorta work. This was before the timestamp file feature went in, though, and actually was under the impression that that feature fixed it in a cleaner way. But of course if sysfixtime is messing with that, well I'll go reply to the other thread I guess. -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH v2] base-files: init/sysfixtime - exclude dnsmasq.time
Steven Barthwrites: > Using --dnssec-no-timecheck is impractical since it reacts to SIGHUP which > is already overloaded and might be triggered by e.g. config changes. Quite apart from the signaling, using --dnssec-no-timecheck very quickly turns into an ugly hack. I implemented a startup time sync functionality for CeroWrt based on this, see https://github.com/dtaht/cerowrt-3.10/commit/b3a5b704691f1ba1d154dca9c7ab316f92136640 Never even attempted to upstream it because while it does sorta-kinda work, it is a fairly ugly hack and I don't see any good way to avoid that. I definitely consider the timestamp file a cleaner way of solving the DNSSEC/time sync problem, and will definitely recommend sticking with that. As far as whether or not it is a security risk: The whole issue here is that it is fundamentally impossible to bootstrap DNSSEC securely without a reliable clock (i.e. real-time clock or GPS or other offline source). So we're stuck with doing things that minimise the duration of the vulnerable window. Also, as far as I can tell, dnsmasq will still read the time off the file even if it can't write to it. So if the file ownership is the issue (and I can see how this is at least a theoretical concern), just have the file be owned as root, and have a suitably privileged process touch it on shutdown (or periodically? presumably many reboots are going to be hard power cycles, so no chance to do anything on shutdown?). -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] Update dnsmasq to v2.73.
Signed-off-by: Toke Høiland-Jørgensen t...@toke.dk --- package/network/services/dnsmasq/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 7b56a06..19a8df9 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.73rc9 +PKG_VERSION:=2.73 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates -PKG_MD5SUM:=82b9ee113f7f72461c05d89fa23d2914 +PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq +PKG_MD5SUM:=b8bfe96d22945c8cf4466826ba9b21bd PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING -- 2.4.2 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] Update dnsmasq to v2.73.
Signed-off-by: Toke Høiland-Jørgensen t...@toke.dk --- package/network/services/dnsmasq/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index 7b56a06..19a8df9 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq -PKG_VERSION:=2.73rc9 +PKG_VERSION:=2.73 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/release-candidates -PKG_MD5SUM:=82b9ee113f7f72461c05d89fa23d2914 +PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq +PKG_MD5SUM:=b8bfe96d22945c8cf4466826ba9b21bd PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING -- 2.4.2 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] Add sch_fq and sch_pie to the kmod-sched package.
Etienne Champetier champetier.etie...@gmail.com writes: what is the size of the image/.ipk with/without this option ? The .ipk goes from 46018 to 52793 bytes. Can't seem to get the image size to change, probably some issue with my build setup... -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] Add sch_fq and sch_pie to the kmod-sched package.
These are two new packet schedulers introduced in Linux 3.12 and 3.14 respectively. sch_fq is a perfect fairness queueing scheduler that also adds pacing on host TCP flows, and sch_pie is an AQM. Having them available in kmod-sched makes it easier for people to test these new queueing schemes. Signed-off-by: Toke Høiland-Jørgensen t...@toke.dk --- package/kernel/linux/modules/netsupport.mk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package/kernel/linux/modules/netsupport.mk b/package/kernel/linux/modules/netsupport.mk index 4483581..cead141 100644 --- a/package/kernel/linux/modules/netsupport.mk +++ b/package/kernel/linux/modules/netsupport.mk @@ -802,6 +802,8 @@ define KernelPackage/sched CONFIG_NET_SCH_TBF \ CONFIG_NET_SCH_SFQ \ CONFIG_NET_SCH_TEQL \ + CONFIG_NET_SCH_FQ \ + CONFIG_NET_SCH_PIE \ CONFIG_NET_CLS_BASIC \ CONFIG_NET_ACT_POLICE \ CONFIG_NET_ACT_IPT \ -- 2.4.2 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [sqm-scripts] not started at boot?
Alan Jenkins alan.christopher.jenk...@gmail.com writes: It's very effective, but I notice SQM isn't applied at boot time. The system log complains about pppoe-wan interface not existing, when the sqm init script is started. Ah, that makes sense I suppose: PPPOE is probably brought up too late for the SQM init script to pick it up. qos-scripts has a hotplug script, so I copied it for sqm and the problem is fixed. Though my stupid script re-runs the sqm as every single network interface comes up, so it spams the log and probably slows things down a bit. (Maybe sqm script also wants to not be so noisy in the log) I'm attaching an updated version of the run.sh script which should detect when it is run from hotplug and only apply the SQM config to the hotplugged interface. Could you verify that this works for you? If so, I'll push an update with the revision and include a hotplug script. :) -Toke #!/bin/sh # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as # published by the Free Software Foundation. # # Copyright (C) 2012-4 Michael D. Taht, Toke Høiland-Jørgensen, Sebastian Moeller . /lib/functions.sh STOP=$1 ACTIVE_STATE_PREFIX=SQM_active_on_ ACTIVE_STATE_FILE_DIR=/var/run/SQM mkdir -p ${ACTIVE_STATE_FILE_DIR} # the current uci config file does not necessarily contain sections for all interfaces with active # SQM instances, so use the ACTIVE_STATE_FILES to detect the interfaces on which to stop SQM. # Currently the .qos scripts start with stopping any existing traffic shaping so this should not # effectively change anything... PROTO_STATE_FILE_LIST=$( ls ${ACTIVE_STATE_FILE_DIR}/${ACTIVE_STATE_PREFIX}* 2 /dev/null ) for STATE_FILE in ${PROTO_STATE_FILE_LIST} ; do if [ -f ${STATE_FILE} ] ; then STATE_FILE_BASE_NAME=$( basename ${STATE_FILE} ) CURRENT_INTERFACE=${STATE_FILE_BASE_NAME:${#ACTIVE_STATE_PREFIX}:$(( ${#STATE_FILE_BASE_NAME} - ${#ACTIVE_STATE_PREFIX} ))} logger -t SQM -s ${0} Stopping SQM on interface: ${CURRENT_INTERFACE} /usr/lib/sqm/stop.sh ${CURRENT_INTERFACE} rm ${STATE_FILE} # well, we stop it so it is not running anymore and hence no active state file needed... fi done config_load sqm run_simple_qos() { local section=$1 export IFACE=$(config_get $section interface) # If called from hotplug, $DEVICE will be the interface that got hotplugged, so ignore anything else [ -n $DEVICE -a $DEVICE != $IFACE ] return ACTIVE_STATE_FILE_FQN=${ACTIVE_STATE_FILE_DIR}/${ACTIVE_STATE_PREFIX}${IFACE} # this marks interfaces as active with SQM [ -f ${ACTIVE_STATE_FILE_FQN} ] logger -t SQM -s Uh, oh, ${ACTIVE_STATE_FILE_FQN} should already be stopped. # Not supposed to happen if [ $(config_get $section enabled) -ne 1 ]; then if [ -f ${ACTIVE_STATE_FILE_FQN} ]; then # this should not be possible, delete after testing local SECTION_STOP=stop # it seems the user just de-selected enable, so stop the active SQM else logger -t SQM -s ${0} SQM for interface ${IFACE} is not enabled, skipping over... return 0 # since SQM is not active on the current interface nothing to do here fi fi export UPLINK=$(config_get $section upload) export DOWNLINK=$(config_get $section download) export LLAM=$(config_get $section linklayer_adaptation_mechanism) export LINKLAYER=$(config_get $section linklayer) export OVERHEAD=$(config_get $section overhead) export STAB_MTU=$(config_get $section tcMTU) export STAB_TSIZE=$(config_get $section tcTSIZE) export STAB_MPU=$(config_get $section tcMPU) export ILIMIT=$(config_get $section ilimit) export ELIMIT=$(config_get $section elimit) export ITARGET=$(config_get $section itarget) export ETARGET=$(config_get $section etarget) export IECN=$(config_get $section ingress_ecn) export EECN=$(config_get $section egress_ecn) export IQDISC_OPTS=$(config_get $section iqdisc_opts) export EQDISC_OPTS=$(config_get $section eqdisc_opts) export TARGET=$(config_get $section target) export SQUASH_DSCP=$(config_get $section squash_dscp) export SQUASH_INGRESS=$(config_get $section squash_ingress) export QDISC=$(config_get $section qdisc) export SCRIPT=/usr/lib/sqm/$(config_get $section script) # # there should be nothing left to stop, so just avoid calling the script if [ $STOP == stop -o $SECTION_STOP == stop ]; then # /usr/lib/sqm/stop.sh # [ -f ${ACTIVE_STATE_FILE_FQN} ] rm ${ACTIVE_STATE_FILE_FQN} # conditional to avoid errors ACTIVE_STATE_FILE_FQN does not exist anymore # $(config_set $section enabled 0) # this does not save to the config file only to the loaded memory representation logger -t SQM -s ${0} SQM qdiscs on ${IFACE} removed return 0 fi logger -t SQM -s ${0} Queue Setup Script: ${SCRIPT} [ -x $SCRIPT ] { $SCRIPT ; touch ${ACTIVE_STATE_FILE_FQN}; } } config_foreach run_simple_qos ___ openwrt-devel mailing list openwrt
Re: [OpenWrt-Devel] [Cerowrt-devel] [sqm-scripts] not started at boot?
Sebastian Moeller moell...@gmx.de writes: I am not sure that this works as intended. The first thing run.sh does is take down all running SQM instances: Ah yes, seems I was a bit too trigger-happy there ;) Here's a version of run.sh that should also short-circuit the 'down' part if called from hotplug. The alternative is, of course, to have logic in the hotplug script to only call run.sh for interfaces that are enabled, but that would require parsing /etc/config/sqm from there. My initial thought was that short-circuiting the logic in run.sh was 'cleaner'; but I'm not entirely sure about that... Thoughts? -Toke #!/bin/sh # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as # published by the Free Software Foundation. # # Copyright (C) 2012-4 Michael D. Taht, Toke Høiland-Jørgensen, Sebastian Moeller . /lib/functions.sh STOP=$1 ACTIVE_STATE_PREFIX=SQM_active_on_ ACTIVE_STATE_FILE_DIR=/var/run/SQM mkdir -p ${ACTIVE_STATE_FILE_DIR} # the current uci config file does not necessarily contain sections for all interfaces with active # SQM instances, so use the ACTIVE_STATE_FILES to detect the interfaces on which to stop SQM. # Currently the .qos scripts start with stopping any existing traffic shaping so this should not # effectively change anything... PROTO_STATE_FILE_LIST=$( ls ${ACTIVE_STATE_FILE_DIR}/${ACTIVE_STATE_PREFIX}* 2 /dev/null ) for STATE_FILE in ${PROTO_STATE_FILE_LIST} ; do if [ -f ${STATE_FILE} ] ; then STATE_FILE_BASE_NAME=$( basename ${STATE_FILE} ) CURRENT_INTERFACE=${STATE_FILE_BASE_NAME:${#ACTIVE_STATE_PREFIX}:$(( ${#STATE_FILE_BASE_NAME} - ${#ACTIVE_STATE_PREFIX} ))} # If called from hotplug, $DEVICE will be the interface that got hotplugged, so ignore anything else if [ -z $DEVICE -o $DEVICE == $CURRENT_INTERFACE ]; then logger -t SQM -s ${0} Stopping SQM on interface: ${CURRENT_INTERFACE} /usr/lib/sqm/stop.sh ${CURRENT_INTERFACE} rm ${STATE_FILE} # well, we stop it so it is not running anymore and hence no active state file needed... fi fi done config_load sqm run_simple_qos() { local section=$1 export IFACE=$(config_get $section interface) # If called from hotplug, $DEVICE will be the interface that got hotplugged, so ignore anything else [ -n $DEVICE -a $DEVICE != $IFACE ] return ACTIVE_STATE_FILE_FQN=${ACTIVE_STATE_FILE_DIR}/${ACTIVE_STATE_PREFIX}${IFACE} # this marks interfaces as active with SQM [ -f ${ACTIVE_STATE_FILE_FQN} ] logger -t SQM -s Uh, oh, ${ACTIVE_STATE_FILE_FQN} should already be stopped. # Not supposed to happen if [ $(config_get $section enabled) -ne 1 ]; then if [ -f ${ACTIVE_STATE_FILE_FQN} ]; then # this should not be possible, delete after testing local SECTION_STOP=stop # it seems the user just de-selected enable, so stop the active SQM else logger -t SQM -s ${0} SQM for interface ${IFACE} is not enabled, skipping over... return 0 # since SQM is not active on the current interface nothing to do here fi fi export UPLINK=$(config_get $section upload) export DOWNLINK=$(config_get $section download) export LLAM=$(config_get $section linklayer_adaptation_mechanism) export LINKLAYER=$(config_get $section linklayer) export OVERHEAD=$(config_get $section overhead) export STAB_MTU=$(config_get $section tcMTU) export STAB_TSIZE=$(config_get $section tcTSIZE) export STAB_MPU=$(config_get $section tcMPU) export ILIMIT=$(config_get $section ilimit) export ELIMIT=$(config_get $section elimit) export ITARGET=$(config_get $section itarget) export ETARGET=$(config_get $section etarget) export IECN=$(config_get $section ingress_ecn) export EECN=$(config_get $section egress_ecn) export IQDISC_OPTS=$(config_get $section iqdisc_opts) export EQDISC_OPTS=$(config_get $section eqdisc_opts) export TARGET=$(config_get $section target) export SQUASH_DSCP=$(config_get $section squash_dscp) export SQUASH_INGRESS=$(config_get $section squash_ingress) export QDISC=$(config_get $section qdisc) export SCRIPT=/usr/lib/sqm/$(config_get $section script) # # there should be nothing left to stop, so just avoid calling the script if [ $STOP == stop -o $SECTION_STOP == stop ]; then # /usr/lib/sqm/stop.sh # [ -f ${ACTIVE_STATE_FILE_FQN} ] rm ${ACTIVE_STATE_FILE_FQN} # conditional to avoid errors ACTIVE_STATE_FILE_FQN does not exist anymore # $(config_set $section enabled 0) # this does not save to the config file only to the loaded memory representation logger -t SQM -s ${0} SQM qdiscs on ${IFACE} removed return 0 fi logger -t SQM -s ${0} Queue Setup Script: ${SCRIPT} [ -x $SCRIPT ] { $SCRIPT ; touch ${ACTIVE_STATE_FILE_FQN}; } } config_foreach run_simple_qos ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [Cerowrt-devel] [sqm-scripts] not started at boot?
Sebastian Moeller moell...@gmx.de writes: Not that I have shown great taste in the past, but I think it would be somewhat cleaner to put the logic into the hot plug script and keep run.sh “simple” (in the past I had introduced a large number of leakage, especially of IFBs by not properly removing/stopping old instances and was quite happy to have the take all active interfaces down loop as a last defense against accidental leaks). Well, the biggest issue I can see with not having any logic in run.sh is that in that case, *all* interfaces will be reconfigured when the hotplug event happens. However, I'm not sure exactly how common it is to have more than one interface configured for SQM, and if so, whether or not reconfiguring everything on every hotplug event (well, only for for SQM-enabled interfaces I suppose) is an issue. The modifications to run.sh should keep it functioning the way it does currently if run 'manually' the shell or LUCI. Unless the $DEVICE env-var is set for some other reason... But I am now also running pppoe directly from cerowrt and see the same issue, sqm is confused when the pppoe interface temporarily goes away, so at least I can now test this issue ;) Well, a first pass could be to see if the modified run.sh I sent last time around actually works... ;) -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH v3] radsecproxy: procd conversion and version bump
Ping? :) http://patchwork.openwrt.org/patch/5037/ -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] is anybody working on supporting Linksys WRT1900ac ?
There was a patch posted from linksys last week: http://thread.gmane.org/gmane.comp.embedded.openwrt.devel/23500 -Toke ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH v3] radsecproxy: procd conversion and version bump
Update radsecproxy to version 1.6.5 and convert the init script to use procd, and start later during boot to ensure name service is operational. Introduces a small patch to radsecproxy which prevents it from forcing log output to stderr when run in the foreground, thus making it possible to simply run it in this mode for procd management. Signed-off-by: Toke Høiland-Jørgensen t...@toke.dk --- net/radsecproxy/Makefile | 4 +-- net/radsecproxy/files/radsecproxy.init | 16 ++- .../patches/200-logdest-on-foreground.patch| 31 ++ 3 files changed, 43 insertions(+), 8 deletions(-) create mode 100644 net/radsecproxy/patches/200-logdest-on-foreground.patch diff --git a/net/radsecproxy/Makefile b/net/radsecproxy/Makefile index da84691..5b4dfdd 100644 --- a/net/radsecproxy/Makefile +++ b/net/radsecproxy/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=radsecproxy -PKG_VERSION:=1.6.2 +PKG_VERSION:=1.6.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://software.uninett.no/radsecproxy/ -PKG_MD5SUM:=dad5c696e4cfe80d606ba90c9a13118b +PKG_MD5SUM:=f74f82a7ae2cdf2b1d9d271a5c360617 PKG_INSTALL:=1 diff --git a/net/radsecproxy/files/radsecproxy.init b/net/radsecproxy/files/radsecproxy.init index b1b4f8e..39bdc6e 100644 --- a/net/radsecproxy/files/radsecproxy.init +++ b/net/radsecproxy/files/radsecproxy.init @@ -1,12 +1,16 @@ #!/bin/sh /etc/rc.common # Copyright (C) 2006-2011 OpenWrt.org -START=50 +START=70 -start() { - service_start /usr/sbin/radsecproxy -} +USE_PROCD=1 +PROG=/usr/sbin/radsecproxy +CONFFILE=/etc/radsecproxy.conf -stop() { - service_stop /usr/sbin/radsecproxy +start_service() { + procd_open_instance + procd_set_param command $PROG -f -c $CONFFILE + procd_set_param file $CONFFILE + procd_set_param respawn + procd_close_instance } diff --git a/net/radsecproxy/patches/200-logdest-on-foreground.patch b/net/radsecproxy/patches/200-logdest-on-foreground.patch new file mode 100644 index 000..6678448 --- /dev/null +++ b/net/radsecproxy/patches/200-logdest-on-foreground.patch @@ -0,0 +1,31 @@ +diff --git a/radsecproxy.c b/radsecproxy.c +index 563c4a8..9fa076d 100644 +--- a/radsecproxy.c b/radsecproxy.c +@@ -3382,18 +3382,16 @@ int radsecproxy_main(int argc, char **argv) { + options.loglevel = loglevel; + else if (options.loglevel) + debug_set_level(options.loglevel); +-if (!foreground) { +- debug_set_destination(options.logdestination +- ? options.logdestination +- : x-syslog:///, LOG_TYPE_DEBUG); ++debug_set_destination(options.logdestination ++? options.logdestination ++: x-syslog:///, LOG_TYPE_DEBUG); + #if defined(WANT_FTICKS) +- if (options.ftickssyslogfacility) { +-debug_set_destination(options.ftickssyslogfacility, +- LOG_TYPE_FTICKS); +-free(options.ftickssyslogfacility); +- } +-#endif ++if (options.ftickssyslogfacility) { ++ debug_set_destination(options.ftickssyslogfacility, ++LOG_TYPE_FTICKS); ++ free(options.ftickssyslogfacility); + } ++#endif + free(options.logdestination); + + if (!list_first(clconfs)) -- 1.9.0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH v2] radsecproxy: procd conversion and version bump
This patch updates radsecproxy to version 1.6.5 and converts the init script to use procd. In the process of doing this, a small patch is introduced which prevents radsecproxy from forcing log output to stderr when run in the foreground, thus making it possible to simply run it in this mode for procd management. -Toke diff --git a/net/radsecproxy/Makefile b/net/radsecproxy/Makefile index da84691..5b4dfdd 100644 --- a/net/radsecproxy/Makefile +++ b/net/radsecproxy/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=radsecproxy -PKG_VERSION:=1.6.2 +PKG_VERSION:=1.6.5 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://software.uninett.no/radsecproxy/ -PKG_MD5SUM:=dad5c696e4cfe80d606ba90c9a13118b +PKG_MD5SUM:=f74f82a7ae2cdf2b1d9d271a5c360617 PKG_INSTALL:=1 diff --git a/net/radsecproxy/files/radsecproxy.init b/net/radsecproxy/files/radsecproxy.init index b1b4f8e..39bdc6e 100644 --- a/net/radsecproxy/files/radsecproxy.init +++ b/net/radsecproxy/files/radsecproxy.init @@ -1,12 +1,16 @@ #!/bin/sh /etc/rc.common # Copyright (C) 2006-2011 OpenWrt.org -START=50 +START=70 -start() { - service_start /usr/sbin/radsecproxy -} +USE_PROCD=1 +PROG=/usr/sbin/radsecproxy +CONFFILE=/etc/radsecproxy.conf -stop() { - service_stop /usr/sbin/radsecproxy +start_service() { + procd_open_instance + procd_set_param command $PROG -f -c $CONFFILE + procd_set_param file $CONFFILE + procd_set_param respawn + procd_close_instance } diff --git a/net/radsecproxy/patches/200-logdest-on-foreground.patch b/net/radsecproxy/patches/200-logdest-on-foreground.patch new file mode 100644 index 000..6678448 --- /dev/null +++ b/net/radsecproxy/patches/200-logdest-on-foreground.patch @@ -0,0 +1,31 @@ +diff --git a/radsecproxy.c b/radsecproxy.c +index 563c4a8..9fa076d 100644 +--- a/radsecproxy.c b/radsecproxy.c +@@ -3382,18 +3382,16 @@ int radsecproxy_main(int argc, char **argv) { + options.loglevel = loglevel; + else if (options.loglevel) + debug_set_level(options.loglevel); +-if (!foreground) { +- debug_set_destination(options.logdestination +- ? options.logdestination +- : x-syslog:///, LOG_TYPE_DEBUG); ++debug_set_destination(options.logdestination ++? options.logdestination ++: x-syslog:///, LOG_TYPE_DEBUG); + #if defined(WANT_FTICKS) +- if (options.ftickssyslogfacility) { +-debug_set_destination(options.ftickssyslogfacility, +- LOG_TYPE_FTICKS); +-free(options.ftickssyslogfacility); +- } +-#endif ++if (options.ftickssyslogfacility) { ++ debug_set_destination(options.ftickssyslogfacility, ++LOG_TYPE_FTICKS); ++ free(options.ftickssyslogfacility); + } ++#endif + free(options.logdestination); + + if (!list_first(clconfs)) signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] radsecproxy procd conversion
This patch converts the radsecproxy init script to use procd. Works for me, but not sure if the stop_service part is entirely idiomatic (omitting it breaks things, though)... -Toke diff --git a/net/radsecproxy/files/radsecproxy.init b/net/radsecproxy/files/radsecproxy.init index b1b4f8e..b551f0f 100644 --- a/net/radsecproxy/files/radsecproxy.init +++ b/net/radsecproxy/files/radsecproxy.init @@ -3,10 +3,18 @@ START=50 -start() { - service_start /usr/sbin/radsecproxy +USE_PROCD=1 +PROG=/usr/sbin/radsecproxy +CONFFILE=/etc/radsecproxy.conf + +start_service() { + procd_open_instance + procd_set_param command $PROG -c $CONFFILE + procd_set_param file $CONFFILE + procd_set_param respawn + procd_close_instance } -stop() { - service_stop /usr/sbin/radsecproxy +stop_service() { + pkill $PROG } signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] radsecproxy procd conversion
Also, since radsecproxy will fail to start if it can't resolve the host it is configured to contact, it really should be moved up to START=70 rather than the current START=50. Did not include this in the patch because it's a separate issue; can resubmit if needed, or submit a separate patch for the start time if that is better? :) -Toke signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] report of sysupgrade incompatibility with mount-utils
Sebastian Moeller moell...@gmx.de writes: that would be me, i will fix it after i had lunch Thank you very much! So, this might have fallen between the cracks? Below is a patch to replace all invocations of {u,}mount in base-files with /bin/mount. This unbreaks sysupgrade, at least in my tests. :) -Toke diff --git a/package/base-files/files/etc/init.d/boot b/package/base-files/files/etc/init.d/boot index ffcc9f7..8b5455d 100755 --- a/package/base-files/files/etc/init.d/boot +++ b/package/base-files/files/etc/init.d/boot @@ -50,7 +50,7 @@ boot() { touch /var/log/lastlog touch /tmp/resolv.conf.auto ln -sf /tmp/resolv.conf.auto /tmp/resolv.conf - grep -q debugfs /proc/filesystems mount -o noatime -t debugfs debugfs /sys/kernel/debug + grep -q debugfs /proc/filesystems /bin/mount -o noatime -t debugfs debugfs /sys/kernel/debug [ $FAILSAFE = true ] touch /tmp/.failsafe /sbin/kmodloader diff --git a/package/base-files/files/etc/init.d/umount b/package/base-files/files/etc/init.d/umount index 13ac61a..349b2b3 100755 --- a/package/base-files/files/etc/init.d/umount +++ b/package/base-files/files/etc/init.d/umount @@ -4,5 +4,5 @@ STOP=99 stop() { sync - umount -a -d -r + /bin/umount -a -d -r } diff --git a/package/base-files/files/lib/functions.sh b/package/base-files/files/lib/functions.sh index 6f23e0b..e7ca02a 100755 --- a/package/base-files/files/lib/functions.sh +++ b/package/base-files/files/lib/functions.sh @@ -568,12 +568,12 @@ dupe() { # new_root old_root } pivot() { # new_root old_root - mount -o noatime,move /proc $1/proc \ + /bin/mount -o noatime,move /proc $1/proc \ pivot_root $1 $1$2 { - mount -o noatime,move $2/dev /dev - mount -o noatime,move $2/tmp /tmp - mount -o noatime,move $2/sys /sys 2- - mount -o noatime,move $2/overlay /overlay 2- + /bin/mount -o noatime,move $2/dev /dev + /bin/mount -o noatime,move $2/tmp /tmp + /bin/mount -o noatime,move $2/sys /sys 2- + /bin/mount -o noatime,move $2/overlay /overlay 2- return 0 } } @@ -582,16 +582,16 @@ fopivot() { # rw_root ro_root dupe? root=$1 { if grep -q overlay /proc/filesystems; then - mount -o noatime,lowerdir=/,upperdir=$1 -t overlayfs overlayfs:$1 /mnt root=/mnt + /bin/mount -o noatime,lowerdir=/,upperdir=$1 -t overlayfs overlayfs:$1 /mnt root=/mnt elif grep -q mini_fo /proc/filesystems; then - mount -t mini_fo -o noatime,base=/,sto=$1 mini_fo:$1 /mnt 2- root=/mnt + /bin/mount -t mini_fo -o noatime,base=/,sto=$1 mini_fo:$1 /mnt 2- root=/mnt else - mount --bind -o noatime / /mnt - mount --bind -o noatime,union $1 /mnt root=/mnt + /bin/mount --bind -o noatime / /mnt + /bin/mount --bind -o noatime,union $1 /mnt root=/mnt fi } || { [ $3 = 1 ] { - mount | grep on $1 type 2- 1- || mount -o noatime,bind $1 $1 + /bin/mount | grep on $1 type 2- 1- || /bin/mount -o noatime,bind $1 $1 dupe $1 $rom } } @@ -600,7 +600,7 @@ fopivot() { # rw_root ro_root dupe? ramoverlay() { mkdir -p /tmp/root - mount -t tmpfs -o noatime,mode=0755 root /tmp/root + /bin/mount -t tmpfs -o noatime,mode=0755 root /tmp/root fopivot /tmp/root /rom 1 } diff --git a/package/base-files/files/lib/upgrade/common.sh b/package/base-files/files/lib/upgrade/common.sh index 15ee703..824a099 100644 --- a/package/base-files/files/lib/upgrade/common.sh +++ b/package/base-files/files/lib/upgrade/common.sh @@ -34,18 +34,18 @@ install_bin() { # file [ symlink ... ] } supivot() { # new_root old_root - mount | grep on $1 type 2- 1- || mount -o bind $1 $1 + /bin/mount | grep on $1 type 2- 1- || /bin/mount -o bind $1 $1 mkdir -p $1$2 $1/proc $1/sys $1/dev $1/tmp $1/overlay \ - mount -o noatime,move /proc $1/proc \ + /bin/mount -o noatime,move /proc $1/proc \ pivot_root $1 $1$2 || { - umount -l $1 $1 + /bin/umount -l $1 $1 return 1 } - mount -o noatime,move $2/sys /sys - mount -o noatime,move $2/dev /dev - mount -o noatime,move $2/tmp /tmp - mount -o noatime,move $2/overlay /overlay 2- + /bin/mount -o noatime,move $2/sys /sys + /bin/mount -o noatime,move $2/dev /dev + /bin/mount -o noatime,move $2/tmp /tmp + /bin/mount -o noatime,move $2/overlay /overlay 2- return 0 } @@ -67,12 +67,12 @@ run_ramfs() { # command [...] exit 1 } - mount -o remount,ro /mnt -
Re: [OpenWrt-Devel] [PATCH] [package] dnsmasq: use host-record instead of address
Adam Gensler open...@gnslr.us writes: TL;DR - using --address for individual host A records is broken, use --host-record instead. Tried it in cerowrt (openwrt trunk-based) and seems to work well (although I had to mangle the patch a bit by hand before `git am` would accept it; the top-level package/ dir was missing from the paths in the patch). I'd love for the add_local_hostname option to also add the ipv6 address of the router to the generated host-record. Tried adding it in, but got stuck figuring out how to get the configured ipv6 address from the ip6assign logic (network_get_ipaddr6 returns nothing, as does getting the value from uci). I realise this is orthogonal to your host-record patch, but since you're messing with it anyway, I thought maybe you could figure out how to add that as well. Doing a host record with mixed v4/v6 addresses manually from the config works as expected. :) -Toke signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] Update netperf build file to v2.6.0, pass --enable-demo to configure.
This makes this version of netperf work with the netperf-wrapper testing tool used for testing for bufferbloat. --- net/netperf/Makefile |8 +--- net/netperf/patches/001-dccp.patch | 38 2 files changed, 5 insertions(+), 41 deletions(-) delete mode 100644 net/netperf/patches/001-dccp.patch diff --git a/net/netperf/Makefile b/net/netperf/Makefile index 815853e..3f1fb6e 100644 --- a/net/netperf/Makefile +++ b/net/netperf/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netperf -PKG_VERSION:=2.4.5 -PKG_RELEASE:=2 +PKG_VERSION:=2.6.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=ftp://ftp.netperf.org/netperf/ -PKG_MD5SUM:=5cfaae1d024551161b8eafbd48faedf4 +PKG_MD5SUM:=9654ffdfd4c4f2c93ce3733cd9ed9236 include $(INCLUDE_DIR)/package.mk @@ -24,6 +24,8 @@ define Package/netperf URL:=http://www.netperf.org/ endef +CONFIGURE_ARGS += --enable-demo + define Package/netperf/install $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/netserver.init $(1)/etc/init.d/netserver diff --git a/net/netperf/patches/001-dccp.patch b/net/netperf/patches/001-dccp.patch deleted file mode 100644 index ae84cee..000 --- a/net/netperf/patches/001-dccp.patch +++ /dev/null @@ -1,38 +0,0 @@ -[PATCH] fix build on systems where IPROTO_DCCP is defined, but SOCK_DCCP isn't - -On some systems (E.G. uClibc 0.9.31) IPROTO_DCCP is defined, but SOCK_DCCP -isn't - Causing the build to break. Fix it by checking for both before -using. - -Signed-off-by: Peter Korsgaard jac...@sunsite.dk - src/netsh.c |2 +- - src/nettest_bsd.c |2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -Index: netperf-2.4.5/src/netsh.c -=== netperf-2.4.5.orig/src/netsh.c -+++ netperf-2.4.5/src/netsh.c -@@ -452,7 +452,7 @@ parse_protocol(char protocol_string[]) - return IPPROTO_SDP; - } - #endif --#ifdef IPPROTO_DCCP -+#if defined(IPPROTO_DCCP) defined(SOCK_DCCP) - if (!strcasecmp(temp,dccp)) { - socket_type = SOCK_DCCP; - return IPPROTO_DCCP; -Index: netperf-2.4.5/src/nettest_bsd.c -=== netperf-2.4.5.orig/src/nettest_bsd.c -+++ netperf-2.4.5/src/nettest_bsd.c -@@ -712,7 +712,7 @@ complete_addrinfo(char *controlhost, cha -that we did this so the code for the Solaris kludge can do -the fix-up for us. also flip error over to EAI_AGAIN and -make sure we don't count this time around the loop. */ --#if defined(IPPROTO_DCCP) -+#if defined(IPPROTO_DCCP) defined(SOCK_DCCP) - /* only tweak on this one the second time around, after we've -kludged the ai_protocol field */ - if ((hints.ai_socktype == SOCK_DCCP) -- 1.7.9.5 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel