Commit Graph

1104 Commits

Author SHA1 Message Date
Andre Heider
78dc8e2b13 wireguard-tools: remove unnecessary .mk includes
Including kernel.mk moves the package build folder in the linux one, which
is confusing since this isn't building any kernel modules.

package-defaults.mk is already included my package.mk.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-02-18 19:59:12 +01:00
Rafał Miłecki
3c66ac7e22 iptables: iptables-mod-conntrack-extra: don't select kmod-ipt-raw
Package kmod-ipt-raw enables CONFIG_IP_NF_RAW and packages
iptable_raw.ko

According to kernel's net/netfilter/Kconfig there are only 3 kernel
symbols that depend on the IP_NF_RAW:
1. NETFILTER_XT_TARGET_CT (xt_CT.ko)
2. NETFILTER_XT_TARGET_NOTRACK (unused symbol?!)
3. NETFILTER_XT_TARGET_TRACE (xt_TRACE.ko)

Now: iptables-mod-conntrack-extra selects kmod-ipt-conntrack-extra which
provides: xt_helper.ko nf_conncount.ko xt_connlimit.ko xt_connmark.ko
xt_recent.ko and xt_connbytes.ko (none of them seems to require
iptable_raw.ko).

It seems there is no explicit reason for iptables-mod-conntrack-extra to
require kmod-ipt-raw (iptables_raw.ko).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-02-15 14:28:08 +01:00
Christian Marangi
f28a604df4
iwinfo: bump to latest git HEAD
c7eb8eb nl80211: restore iterating over all devices in nl80211_phy2ifname()

Fixes: #11902
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-06 21:36:51 +01:00
Nick Hainke
364a9be338 ethtool: update to 6.1
Release notes:
https://lore.kernel.org/netdev/20221219225600.r54vejiqapn266cm@lion.mk-sys.cz/T/

Add patches fixing compilation:
- 100-uapi-Bring-in-if-h.patch
- 101-netlink-Fix-maybe-uninitialized-meters-variable.patch
- 102-raw-marvell-c-Fix-build-with-musl-libc.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-28 20:26:22 +01:00
Nick Hainke
d68a73a025 tcpdump: update to 4.99.3
Changes:
https://git.tcpdump.org/tcpdump/blob/032e4923e5202ea4d5a6d1cead83ed1927135874:/CHANGES

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-26 00:17:59 +01:00
Christian Marangi
b61404a6ad
rssileds: bump PKG_RELEASE due to libiwinfo ABI change
Bump PKG_RELEASE due to libiwinfo ABI change to trigger a package
rebuild.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-23 13:55:42 +01:00
Christian Marangi
57586ddd71
iwinfo: update to latest Git HEAD
1e4e709 iwinfo: readd missing define for IWINFO_AUTH in header

Fixes: #11860
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-23 13:54:13 +01:00
Christian Marangi
f3d8de7398
iwinfo: update to latest Git HEAD
Bump ABI to 20230121 due to struct changes

f766138 cli: print the flags on the frequency list
8ee7971 lib: add IWINFO_FREQ_FLAG_NAMES
81184d2 nl80211: fix some comments
2c4ee84 nl80211: prefer non-supplicant-based devices
6194aaf nl80211: simplify iterating over phy's devices
acbf4fe nl80211: remove redundant check in nl80211_phy2ifname()
0172c97 cli: print the frequency and band on the scan list
bbe424f cli: print the band on the frequency list
afa147c nl80211: add "mhz" and "band" to iwinfo_scanlist_entry
0d5ea34 nl80211: add "band" to iwinfo_freqlist_entry
dba0f06 nl80211: add support for radiation and indoor chan restriction
7e3d7de iwinfo: reorganize iwinfo header to enum and defines
9b47b03 devices: add USB devices supported by the mt76 driver
c0fda7c utils: skip comment lines when parsing devices.txt
dbc0ee7 cli: describe USB devices as such
891acee devices: add MediaTek MT7628 card
fac0787 devices: add support for declaring compatible matched devices

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-21 01:23:22 +01:00
Nick Hainke
a04bbbbea4 ipset: update to 7.17
Release notes:
https://lwn.net/Articles/918784/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-17 23:14:46 +01:00
Andre Heider
6361eb47cd ltq-dsl-base: enable for ipq40xx
This is required by the DSL userland tool for hotplug support.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-01-16 23:41:41 +00:00
Christian Marangi
ee397759b6
iwinfo: update to latest Git HEAD
c7b420a devices: add Qualcomm Atheros QCN6024/9024/9074 cards
5914d71 iwinfo: devices: add Qualcomm Atheros IPQ8074 WiSoC

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-01-10 00:54:31 +01:00
Hauke Mehrtens
dc12c76dc5 uqmi: Ignore wrong maybe-uninitialized and dangling-pointer error
GCC 12.2.0 shows this false positive error message:
````
uqmi-2022-05-04-56cb2d40/dev.c: In function 'qmi_request_wait':
uqmi-2022-05-04-56cb2d40/dev.c:217:23: error: storing the address of local variable 'complete' in '*req.complete' [-Werror=dangling-pointer=]
  217 |         req->complete = &complete;
      |         ~~~~~~~~~~~~~~^~~~~~~~~~~
uqmi-2022-05-04-56cb2d40/dev.c:208:14: note: 'complete' declared here
  208 |         bool complete = false;
      |              ^~~~~~~~
uqmi-2022-05-04-56cb2d40/dev.c:208:14: note: 'req' declared here
cc1: all warnings being treated as errors
````

and this one:
````
In file included from uqmi-2022-05-04-56cb2d40/commands.c:28:
In function 'blobmsg_close_table',
    inlined from 'cmd_nas_get_cell_location_info_cb' at /home/haukeuqmi-2022-05-04-56cb2d40/commands-nas.c:897:4:
/usr/include/libubox/blobmsg.h:256:9: error: 'c' may be used uninitialized [-Werror=maybe-uninitialized]
  256 |         blob_nest_end(buf, cookie);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from uqmi-2022-05-04-56cb2d40/commands.c:169:
uqmi-2022-05-04-56cb2d40/commands-nas.c: In function 'cmd_nas_get_cell_location_info_cb':
uqmi-2022-05-04-56cb2d40/commands-nas.c:713:15: note: 'c' was declared here
  713 |         void *c, *t, *cell, *freq;
      |               ^
cc1: all warnings being treated as errors
````

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-09 00:10:52 +01:00
Nick Hainke
5809fb4546 tcpdump: update to 4.99.2
Update to latest version. For release information look into CHANGES
file [0].

Automatically refreshed:
- 001-remove_pcap_debug.patch

Manually refreshed:
- 100-tcpdump_mini.patch

old ipkg sizes:
316554 bin/packages/mips_24kc/base/tcpdump_4.99.1-1_mips_24kc.ipk
141457 bin/packages/mips_24kc/base/tcpdump-mini_4.99.1-1_mips_24kc.ipk

new ipkg sizes:
318089 bin/packages/mips_24kc/base/tcpdump_4.99.2-1_mips_24kc.ipk
141941 bin/packages/mips_24kc/base/tcpdump-mini_4.99.2-1_mips_24kc.ipk

[0] - https://github.com/the-tcpdump-group/tcpdump/blob/master/CHANGES

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-06 16:22:28 +01:00
Nick Hainke
b331ffe807 nftables: update to 1.0.6
Remove upstreamed patches:
- 0001-fix-nft.patch

Upstream switched to "tar.xz" archives.

old ipkg size:
273678 bin/packages/mips_24kc/base/nftables-json_1.0.5-2_mips_24kc.ipk

new ipkg size:
271624 bin/packages/mips_24kc/base/nftables-json_1.0.6-1_mips_24kc.ipk

Release Information:
https://netfilter.org/projects/nftables/files/changes-nftables-1.0.6.txt

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-01-06 16:14:45 +01:00
Hauke Mehrtens
fb15cb4ce9 iproute2: Fix build with GCC 12 and glibc 2.36
This fixes the detection of name_to_handle_at() when GCC 12 and glibc
2.36 are used.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-26 15:18:08 +01:00
Daniel Golle
6675a9aaf4 xdp-tools: update to version 1.2.9
Changes since v1.2.8:
 32aaf32 libxdp: Fix incorrect rx_ring_setup_done
 6049671 headers: add bpf_endian.h for parsing_helpers.h
 2682c1c export-man: Ignore errors when executing git shell command
 8afda7a xdp-loader/README: Mention lack of support for HW mode in most cards
 dc69919 libxdp: fix prog_fd checks for fd >= 0
 3d7c22a libxdp: Allow falling back to single-program attachment for loaded programs
 af00429 libxdp: Fix check in xdp_program__attach_single()
 41703d2 libxdp: Make sure to set the the program autoload when loading a program
 b1fd2e5 test-xdpdump: Only run tshark attribute test on newer versions of tshark
 5dfe342 libxdp: Convert xdp-dispatcher to use strict section names
 929a22e configure: Try to auto-detect versioned clang binaries
 074fcfb libxdp: Check program name when determining if a program is a dispatcher
 e13a191 Bump TOOLS_VERSION to 1.2.9

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-12-20 13:57:34 +00:00
Nick Hainke
8ed53e0928 iproute2: update to 6.1.0
Announcement:
https://lore.kernel.org/netdev/20221214094130.7b11ec2e@hermes.local/T/#t

Refresh patch:
- 170-ip_tiny.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-12-18 16:33:16 +01:00
Jo-Philipp Wich
4a4d0bf78d iwinfo: update to latest Git HEAD
8d15809 cli: print current HT mode
8f86dd6 cli: use IWINFO_HTMODE_COUNT
f36b72b cli: use IWINFO_KMGMT_NAMES
91be7e0 cli: use IWINFO_CIPHER_NAMES
49b6ec9 cli: fix printing the scan channel width
b1c8873 cli: fix marking the active channel
9e14e64 utils: add iwinfo_band2ghz() and iwinfo_ghz2band() helpers
e084781 utils: add helper functions to get names by values
d09a77a utils: add iwinfo_htmode_is_{ht|vht|he} helpers
8752977 utils: add and use iwinfo_format_hwmodes()
02f433e lib: add IWINFO_80211_COUNT and IWINFO_80211_NAMES
1d30df1 lib: add IWINFO_BAND_COUNT and IWINFO_BAND_NAMES
aefd0ef lib: use common IWINFO_CIPHER_NAMES strings
a5b30de lib: add IWINFO_OPMODE_COUNT and use it for IWINFO_OPMODE_NAMES
9f29e79 lib: constify and fixup the string array definitions
fddc015 nl80211: mark frequencies where HE operation in not allowed
6d50a7c nl80211: add support for HE htmodes
4ba5713 nl80211: properly get available bands for the hwmode
91b2ada nl80211: update the kernel header nl80211.h
3f619a5 nl80211: fix frequency/channel conversion for the 6G band
a77d915 nl80211: don't guess if a name is an ifname
c27ce71 devices: add usb device MediaTek MT7921AU
14f864e nl80211: add ability to describe USB devices
a5a75fd nl80211: remove ancient wpa_supplicant ctrl socket path
dd4e1ff nl80211: fix wpa supplicant ctrl socket permissions
d638163 fix -Wdangling-else warnings
4aa6c5a fix -Wreturn-type warning
3112726 fix -Wpointer-sign warning
ebd5f84 fix -Wmaybe-uninitialized warning
5469898 fix -Wunused-variable warnings
462b679 fix -Wduplicate-decl-specifier warnings
ccaabb4 fix -Wformat-truncation warnings
50380db enable useful compiler warnings via -Wall

Fixes: https://github.com/openwrt/openwrt/issues/10158
Fixes: https://github.com/openwrt/openwrt/issues/10687
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-12-16 00:55:51 +01:00
Julio Gonzalez Gil
840ce0a65b umbim: Allow roaming and partner connections
Allow registration if the SIM is roaming or partner mode, by adding two
new options to the protocol.

Until now, such registration failed because umbim returns exit codes 4 and
5 for such situations.

Signed-off-by: Julio Gonzalez Gil <git@juliogonzalez.es>
2022-12-11 03:24:45 +01:00
Felix Fietkau
8d90b9fef1 mac80211: update to linux 6.1-rc8
This should help stay in sync with upstream development

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-12-10 15:15:19 +01:00
Jan-Niklas Burfeind
13f82ce264 comgt-ncm: add support for quectel modem EC200T-EU
context_type is an integer mapping of pdptype:
1: IPV4
2: IPV6
3: IPV4V6

Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
2022-12-07 12:30:39 +01:00
Nick Hainke
68714f2135 ipset: update to 7.16
Release Notes:
https://lore.kernel.org/netfilter-devel/d65fe5d8-d5ea-ef7-102d-aa1d15bb4d69@netfilter.org/T/#u

Patch "0001-lib-ipset-fix-printf-warning.patch" replaced upstream by:
http://git.netfilter.org/ipset/commit/?id=e39e3466d2d38cdfe83447f391b550e607bc3ce8

Remove upstreamed:
- 0002-Fix-IPv6-sets-nftables-translation.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-27 12:58:33 +01:00
Hauke Mehrtens
5c70b19c42 iwinfo: update to the latest version
00aab87 Correctly identify key management algorithms starting with "FT-"

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-01 18:04:39 +01:00
Nick Hainke
0dfe1d2175 iproute2: update to 6.0.0
Release Notes:
https://lore.kernel.org/netdev/20221004082610.56b04719@hermes.local/t/

Remove upstreamed patch:
- 010-ipstats-Add-param.h-for-musl.patch

Refreshed:
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 155-keep_tirpc_optional.patch
- 170-ip_tiny.patch
- 190-fix-nls-rpath-link.patch
- 200-drop_libbsd_dependency.patch
- 300-selinux-configurable.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-22 22:50:36 +02:00
Petr Štetiar
a80e198cd3 wireless-tools: add package CPE ID
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.

Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-10-19 21:40:23 +02:00
Nick Hainke
7129d1e9c9 ethtool: update to 6.0
Release Notes:
https://lwn.net/Articles/910841/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-18 15:09:23 +02:00
Felix Fietkau
735f5f18dd iwinfo: update to the latest version
0496c722f1d7 nl80211: fix issues with renamed wiphy and multiple phy per device

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-14 13:12:07 +02:00
Daniel Cousens
3bd04767ba
build: prefer HTTPS if available (for packages)
Changes PKG_SOURCE_URL's for arptables, bsdiff, dnsmasq,
fortify-headers, ipset, ipset-dns, libaudit, libpcap, libressl,
lua, lua5.3, tcpdump and valgrind, to HTTPS

Signed-off-by: Daniel Cousens <github@dcousens.com>
2022-10-05 17:37:07 +02:00
Kevin Darbyshire-Bryant
582c098c09 nftables: backport fix to interval based rules
'rule inet dscpclassify dscp_match  meta l4proto { udp }  th dport { 3478 }
 th sport { 3478-3497, 16384-16387 } goto ct_set_ef' works with
'nft add', but not 'nft insert', the latter yields:
"BUG: unhandled op 4".

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-09-26 18:02:15 +01:00
Felix Fietkau
c787962e1d iwinfo: update to the latest version
46f04f3808e8 devices: add MediaTek MT7986 WiSoC
b3e08c8b5a8f ops: make support for wireless extensions optional
1f695d9c7f82 nl80211: allow phy names that don't start with 'phy'
b7f9f06e1594 nl80211: fix phy/netdev index lookup
4a43b0d40ba5 nl80211: look up the phy name instead of assuming name == phy<idx>

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-22 15:26:58 +02:00
Daniel Golle
3cee396bf8 xdp-tools: update to version 1.2.8
82628d8 libxdp: Fix resource leaks
 7fb0af0 libxdp: always clone program fd before taking ownership of it
 d8cd007 headers: Update kernel btf.h header file
 2265125 (tag: v1.2.7) xdp-filter: Update examples in documentation
 2b65008 libxdp: Fix libxdp compilation error
 2387514 xsk: remove unused variable outstanding_tx
 00b5a95 Fix section names in xsk programs
 d4ff1f9 (tag: v1.2.8) Bump TOOLS_VERSION to 1.2.8

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-20 04:33:12 +01:00
Daniel Golle
f5d6ed3007 xdp-tools: don't rely on host bpf headers
xdp-tools build currently breaks on build hosts which do not have
libbpf headers installed because the build system wrongly tries to
use the host's include path.
Properly pass path to libbpf headers to xdp-tools build system to
fix build e.g. on the buildbots.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-12 01:43:49 +01:00
Kien Truong
fa468d4bcd iproute2: add missing libbpf dependency
This patch adds libbpf to the dependencies of tc-mod-iptables.

The package tc-mod-iptables is missing libbpf as a dependency,
which leads to the build failure described in bug #9491

    LIBBPF_FORCE=on set, but couldn't find a usable libbpf

The build dependency is already automatically added because some other
packages from iproute2 depend on libbpf, but bpftools has multiple build
variants. With multiple build variants none gets build by default and
the build system will not build bpftools before iproute2.

Fixes: #9491
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-09-11 01:30:11 +02:00
Nick Hainke
fed8550df7 xdp-tools: update to v1.2.6
Release Notes:
https://github.com/xdp-project/xdp-tools/releases/tag/v1.2.6

The update contains important fixes for cross-compilation.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-07 04:22:39 +01:00
Nick Hainke
5c238a44e9 ethtool: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:35 +01:00
Nick Hainke
36bec544d7 nftables: update to 1.0.5
Remove upstreamed patch:
- 0001-meta-don-t-use-non-POSIX-formats-in-strptime.patch

Changes:
13248670 build: Bump version to 1.0.5
3432eebd tests/py: disable arp family for queue statement
180ce4d7 meta: don't use non-POSIX formats in strptime()
c1c223f1 src: allow anon set concatenation with ether and vlan
87c3041b evaluate: search stacked header list for matching payload dep
b1e3ed03 netlink_delinearize: also postprocess OP_AND in set element context
f680055c tests: add a test case for ether and vlan listing
dbd5f348 debug: dump the l2 protocol stack
0d9daa04 proto: track full stack of seen l2 protocols, not just cumulative offset
89688c94 netlink_delinearize: postprocess binary ands in concatenations
0542a431 netlink_delinearize: allow postprocessing on concatenated elements
8efab552 parser_json: fix device parsing in netdev family
76fae8f5 src: proto: support DF, LE PHB, VA for DSCP
446e76db doc: Document limitations of ipsec expression with xfrm_interface
a2ddb38f cache: report an error message if cache initialization fails
649b8ce3 cache: validate handle string length
64c74ba5 cache: prepare nft_cache_evaluate() to return error
46980cdd rule: crash when uncollapsing command with unexisting table or set
8a6cdfaf cache: release pending rules when chain binding lookup fails
e17337df evaluate: report missing interval flag when using prefix/range in concatenation
45c097c6 scanner: allow prefix in ip6 scope
6c23bfa5 segtree: fix map listing with interface wildcard
8623772a scanner: don't pop active flex scanner scope
994bf500 parser: add missing synproxy scope closure
ed2426bc tests/py: Add a test for failing ipsec after counter
27107b49 evaluate: fix segfault when adding elements to invalid set
0f82b07f mnl: store netlink error location for set elements
15b3be2e src: remove NFT_NLATTR_LOC_MAX limit for netlink location error reporting
f56e901a parser_bison: fix error location for set elements
6d1ee926 intervals: check for EXPR_F_REMOVE in case of element mismatch
5357cb7b intervals: fix crash when trying to remove element in empty set
d54510f8 netlink_delinearize: memleak when parsing concatenation data
12a223ce libnftables: release top level scope
b91bbf88 optimize: limit statement is not supported yet
45a61a75 optimize: assume verdict is same when rules have no verdict
fa409176 optimize: only merge OP_IMPLICIT and OP_EQ relational
29e62111 tests: shell: run -c -o on ruleset
887405df optimize: add unsupported statement
8f61a69e optimize: add hash expression support
ca8fd77a optimize: add numgen expression support
721efd64 optimize: add binop expression support
f7e901a2 optimize: add fib expression support
54b1e49f optimize: add xfrm expression support
0beaea37 optimize: add osf expression support
d07fe8e8 optimize: fix verdict map merging
38d48fe5 optimize: fix reject statement
f9939f89 optimize: remove comment after merging
8f10f33a optimize: do not print stateful information
3ac932e9 optimize: do not merge rules with set reference in rhs
64ebb03a optimize: do not compare relational expression rhs when collecting statements
59e3a592 intervals: Do not sort cached set elements over and over again
d434de8b intervals: do not empty cache for maps
87ba510f intervals: do not report exact overlaps for new elements
498a5f0c rule: collapse set element commands
8fafe4e6 tests: shell: runtime set element automerge
638af0ce Revert "scanner: flags: move to own scope"

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-28 18:29:10 +02:00
Nick Hainke
9011f987d5 iproute2: replace musl-compilation-fix with upstream fix
Instead of defining the MIN version it is enough to include "#include
<sys/param.h>".

Delete patch:
- 105-ipstats-Define-MIN-function-to-fix-undefined-referen.patch

Add patch:
- 010-ipstats-Add-param.h-for-musl.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-28 18:29:10 +02:00
Nick Hainke
e74b79ed56 wireguard-tools: update to v1.0.20210914
Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-28 18:29:10 +02:00
Nick Hainke
8171aad4f1 ethtool: update to 5.19
Release Notes:
https://lore.kernel.org/netdev/20220821234539.f7nslwyd53bsftsy@lion.mk-sys.cz/T/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-28 18:29:10 +02:00
Etienne Champetier
0c8d7e34ab iptables: default to ip(6)tables-nft when using buildroot
35fec487e3 fixed opkg usage,
but when using buildroot we were still defaulting to
ip(6)tables-legacy

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-08-27 22:39:32 +02:00
Hauke Mehrtens
cc6a323e23 iwinfo: update to latest HEAD
0dad3e6 Add support for CCMP-256 and GCMP-256 ciphers

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-20 22:56:12 +02:00
Hauke Mehrtens
60738feded iproute2: Fix KERNEL_INCLUDE in SDK
In the SDK the folder $(LINUX_DIR)/user_headers/include does not exist,
but it more or less contains the same content as
$(LINUX_DIR)/include/uapi which also exists in the SDK.

Since iproute2 commit 1d819dcc741e ("configure: fix parsing issue on
include_dir option") it checks if this folder exists and aborts the
build if it does not exists.
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1d819dcc741e25958190e31f8186c940713fa0a8

With this commit the KERNEL_INCLUDE variable points to a valid folder
with the kernel include headers. I am not sure if they are actually
needed because the build worked before even with an invalid path.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-18 00:07:32 +02:00
Hauke Mehrtens
90bedc411b umbim: bump to git HEAD
146bc77 umbim: fix invalid mbim message string encoding

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-13 20:53:10 +02:00
Hauke Mehrtens
cc2dfc5e4d iwinfo: update to latest HEAD
705d3b5 iwinfo: Add missing auth_suites mappings for WPA3

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-13 20:53:10 +02:00
Nick Hainke
b3a0c14824 iproute2: shrink ip-tiny size by disabling features
With the 5.18 and 5.19 update ip-tiny grows in size. Remove some
features bringing it back to the size before 5.18.

Remove
- Identifier-locator addressing (ila)
- MACsec Device Configuration (macsec)
- Multicast Routing Cache Management (mroute)
- mrule
- Virtual Routing and Forwarding (vrf)
- Segment Routing (sr)

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-13 20:53:10 +02:00
Nick Hainke
e871144013 iproute2: update to 5.19.0
Add patch:
- 105-ipstats-Define-MIN-function-to-fix-undefined-referen.patch

Refreshed:
- 170-ip_tiny.patch
- 195-build_variant_ip_tc.patch

Changes:
deb48554 v5.19.0
f8decf82 bpf_glue: include errno.h
71178ae0 rdma: update uapi/ib_user_verbs.h
96594fd2 vdpa: update uapi headers from 5.19-rc7
30c7b77f Revert "uapi: add vdpa.h"
c5433c4b ip neigh: Fix memory leak when doing 'get'
2cb76253 mptcp: Fix memory leak when getting limits
afdbb020 mptcp: Fix memory leak when doing 'endpoint show'
6db01afd bridge: Fix memory leak when doing 'fdb get'
1d540336 ip address: Fix memory leak when specifying device
325f706b uapi: add virtio_ring.h
291898c5 uapi: add vdpa.h
6e2fb804 uapi: update bpf.h
329fda18 ip: Fix size_columns() invocation that passes a 32-bit quantity
2a00a4b1 man: tc-fq_codel: add drop_batch
6bf5abef uapi: update mptcp.h
02410392 ip: Fix size_columns() for very large values
ed243312 man: tc-ct.8: fix example
2bb37e90 l2tp: fix typo in AF_INET6 checksum JSON print
855edb3d man: tc-fq_codel: Fix a typo.
4044a453 tc: declaration hides parameter
a44a7918 genl: fix duplicate include guard
703f2de6 uapi: change name for zerocopy sendfile in tls
248ad98e uapi: update socket.h
11e41a63 ip: Convert non-constant initializers to macros
8d3977ef Update kernel headers
5a1ad9f8 man: ip-stats.8: Describe groups xstats, xstats_slave and afstats
d9976d67 ipstats: Expose bond stats in ipstats
36e10429 ipstats: Expose bridge stats in ipstats
79f5ad95 iplink_bridge: Split bridge_print_stats_attr()
1247ed51 ipstats: Add groups "xstats", "xstats_slave"
c6900b79 ipstats: Add a third level of stats hierarchy, a "suite"
2ed73b9a iplink: Add JSON support to MPLS stats formatter
5ed8fd9d ipstats: Add a group "afstats", subgroup "mpls"
dff392fd iplink: Publish a function to format MPLS stats
72623b73 iplink: Fix formatting of MPLS stats
ce41750f ip: ipstats: Do not assume length of response attribute payload
40b50f15 bridge: vni: add support for stats dumping
c7f12a15 ip: iplink_vxlan: add support to set vnifiltering flag on vxlan device
45cd32f9 bridge: vxlan device vnifilter support
837294e4 libbpf: Remove use of bpf_map_is_offload_neutral
64e5ed77 libbpf: Remove use of bpf_program__set_priv and bpf_program__priv
ba6519cb libbpf: Use bpf_object__load instead of bpf_object__load_xattr
a6eb654d f_flower: add number of vlans man entry
5788732e f_flower: Check args with num_of_vlans
5ba31bcf f_flower: Add num of vlans parameter
b28eb051 man: Add man pages for the "stats" functions
a05a27c0 ipmonitor: Add monitoring support for stats events
0f1fd40c ipstats: Add offload subgroup "l3_stats"
179030fa ipstats: Add offload subgroup "hw_stats_info"
af5e7955 ipstats: Add a group "offload", subgroup "cpu_hit"
0517a2fd ipstats: Add a group "link"
df0b2c6d ipstats: Add a shell of "show" command
82f6444f ipstats: Add a "set" command
54d82b06 ip: Add a new family of commands, "stats"
5520cf16 ip: Publish functions for stats formatting
a463d6b1 libnetlink: Add filtering to rtnl_statsdump_req_filter()
38ae12d3 devlink: introduce -[he]x cmdline option to allow dumping numbers in hex format
bba95837 Update kernel headers
f6559bea ip-link: put types on man page in alphabetic order
ee53174b ip/iplink_virt_wifi: add support for virt_wifi

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-13 20:53:10 +02:00
Nick Hainke
d3b4422f62 iproute2: update to 5.18.0
The ip-tiny size grows from 124k (5.17.0) to 128k (5.18.0).

The update introduces a commit "configure: add check_libtirpc()" that
introduces a check for libtirpc. However, if libtirpc is already in the
staging directory due to an other dependency the check yields that the
library is installed and should be used resulting in failures like:

  Package ss is missing dependencies for the following libraries:
  libtirpc.so.3

To fix it add a patch making libtirpc optional again and setting it
"HAVE_TIRPC=n":
- 155-keep_tirpc_optional.patch

Fix patches:
- 130-no_netem_tipc_dcb_man_vdpa.patch

Refresh patches:
- 140-keep_libmnl_optional.patch
- 150-keep_libcap_optional.patch
- 180-drop_FAILED_POLICY.patch
- 200-drop_libbsd_dependency.patch

Changes:
6474b7c8 v5.18.0
4429a6c9 tipc: fix keylen check
6b6979b9 iplink: remove GSO_MAX_SIZE definition
19c3e009 doc: fix 'infact' --> 'in fact' typo
ed706c78 man: fix some typos
03589beb man: devlink-region: fix typo in example
b84fc332 tc: em_u32: fix offset parsing
b6d17086 uapi: update of virtio_ids
17bf51b7 libbpf: Remove use of bpf_map_is_offload_neutral
fa305925 libbpf: Remove use of bpf_program__set_priv and bpf_program__priv
9e0057b4 libbpf: Use bpf_object__load instead of bpf_object__load_xattr
e81fd551 devlink: fix "devlink health dump" command without arg
6f3b5843 man: use quote instead of acute accent
42d351fa man: 'allow to' -> 'allow one to'
d8a7a0f4 uapi: upstream update to stddef.h
5b2ff061 uapi: update from 5.18-rc1
292509f9 ss: remove an implicit dependency on rpcinfo
1ee309a4 configure: add check_libtirpc()
41848100 ip/geneve: add support for IFLA_GENEVE_INNER_PROTO_INHERIT
28add137 f_flower: Implement gtp options support
b25599c5 ip: GTP support in ip link
e4880869 man: bridge: document per-port mcast_router settings
9e82e828 bridge: support for controlling mcast_router per port
f1d18e2e Update kernel headers
8130653d vdpa: Update man page with added support to configure max vq pair
56eb8bf4 vdpa: Support reading device features
16482fd4 vdpa: Support for configuring max VQ pairs for a device
bd91c764 vdpa: Allow for printing negotiated features of a device
2d1954c8 vdpa: Remove unsupported command line option
93fb6810 Makefile: move HAVE_MNL check to top-level Makefile
2dee2101 man: ip-link: whitespace fixes to odd line breaks mid sentence
609b90aa man: ip-link: mention bridge port's default mcast_flood state
b1c3ad84 man: ip-link: document new bcast_flood flag on bridge ports
c354a434 ip: iplink_bridge_slave: support for broadcast flooding
909f0d51 man: bridge: add missing closing " in bridge show mdb
3b681cf9 man: bridge: document new bcast_flood flag for bridge ports
a6c848eb bridge: support for controlling flooding of broadcast per port
8acb5247 ip/batadv: allow to specify RA when creating link
0431d8e8 Import batman_adv.h header from last kernel sync point
239bfd45 Revert "configure: Allow command line override of toolchain"
a93c90c7 tc: separate action print for filter and action dump
d9977eaf bpf: Remove use of bpf_create_map_xattr
ac4e0913 bpf: Export bpf syscall wrapper
873bb975 bpf_glue: Remove use of bpf_load_program from libbpf
5e17b715 ss: display advertised TCP receive window and out-of-order counter
712ec66e tc: bash-completion: Add profinet and ethercat to procotol completion list
75061b35 lib: add profinet and ethercat as link layer protocol names
0a685b98 man8/ip-link.8: add locked port feature description and cmd syntax
d4fe3673 man8/bridge.8: add locked port feature description and cmd syntax
092af16b ip: iplink_bridge_slave: add locked port flag support
0e51a185 bridge: link: add command to set port in locked mode
04a0077d Update kernel headers
386ae64c configure: Allow command line override of toolchain
bea92cb0 mptcp: add port support for setting flags
2dbc6c90 mptcp: add fullmesh support for setting flags
5fb6bda0 mptcp: add fullmesh check for adding address
9831202f bond: add ns_ip6_target option
e8fd4d4b devlink: Remove strtouint8_t in favor of get_u8
2688abf0 devlink: Remove strtouint16_t in favor of get_u16
95c03f40 devlink: Remove strtouint32_t in favor of get_u32
7cb0e24d devlink: Remove strtouint64_t in favor of get_u64
7848f6bb Update kernel headers
4f015972 f_flower: fix indentation for enc_key_id and u32
25a9c4fa tunnel: Fix missing space after local/remote print
ff14875e Update documentation
8908cb25 Add support for the IOAM insertion frequency
cd24451e Update kernel headers
e4ba36f7 iplink: add ip-link documentation
5d57e130 iplink: add gro_max_size attribute handling
721435dc tc: u32: add json support in `print_raw`, `print_ipv4`, `print_ipv6`
c733722b tc: u32: add support for json output
5f44590d tc/f_flower: fix indentation
9948b6cb tc_util: fix breakage from clang changes
f4cd4f12 tc: add skip_hw and skip_sw to control action offload
ba5ac984 json_print: suppress clang format warning
bf71c8f2 libbpf: fix clang warning about format non-literal
5632cf69 tunnel: fix clang warning
c0248878 tipc: fix clang warning about empty format string
371c13e8 can: fix clang warning
8d27eee5 ipl2tp: fix clang warning
560d2336 tc_util: fix clang warning in print_masked_type
b2450e46 flower: fix clang warnings
4e27d538 netem: fix clang warnings
9d5e29e6 utils: add format attribute
343c4f52 tc: add format attribute to tc_print_rate

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-13 20:53:10 +02:00
Nick Hainke
e65337ce65 iproute2: update to 5.17.0
Remove backports:
- 0001-lib-fix-ax25.h-include-for-musl.patch

Changes:
4c424dfd v5.17.0
7846496b link_xfrm: if_id must be non zero
eed4bb1a testsuite: link xfrm delete no if_id test
ac0a54b2 rdma: make RES_PID and RES_KERN_NAME alternative to each other
885e281e uapi: update vdpa.h
19c0def1 ipaddress: remove 'label' compatibility with Linux-2.0 net aliases
1808f002 lib/fs: fix memory leak in get_task_name()
62c0700c uapi: update magic.h
c8d9d925 rdma: Fix the logic to print unsigned int.
a42dfaa4 Revert "rdma: Fix res_print_uint() and add res_print_u64()"
9d0badec rdma: Fix res_print_uint() and add res_print_u64()
86a1452b uapi: update to xfrm.h
09c6a3d2 bridge: Remove vlan listing from `bridge link`
e4fda259 bridge: Fix error string typo
cc143bda lnstat: fix strdup leak in -w argument parsing
90bbf861 iplink_can: print_usage: typo fix, add missing spaces
1b5c7414 dcb: Fix error reporting when accessing "dcb app"
a38d305d tc: fix duplicate fall-through
f8beda6e libnetlink: fix socket leak in rtnl_open_byproto()
7f70eb2a tc_util: Fix parsing action control with space and slash
29da83f8 iprule: Allow option dsfield in 'ip rule show'
07012a1f ss: use freecon() instead of free() when appropriate
03b4de0b man: Fix a typo in the flag documentation of ip address
924f6b4a dcb: app: Add missing "dcb app show dev X default-prio"
5c9571bc uapi: update kernel headers from 5.17-rc1
d542543b tc/action: print error to stderr
52370c61 mptcp: add id check for deleting address
c556f577 dcb: Rewrite array-formatting code to not cause warnings with Clang
0dc5da8e f_flower: fix checkpatch warnings
ffbcb246 netem: fix checkpatch warnings
8bced38a lib: fix ax25.h include for musl
e27bb8e5 uapi: add missing virtio headers
26ff0afa uapi: add missing rose and ax25 files
eb4206ec q_cake: allow changing to diffserv3
db530529 iplink_can: add ctrlmode_{supported,_static} to the "--details --json" output
ac2e9148 Update kernel headers
bb4cc9cc rdma: Don't allocate sparse array
b8767168 rdma: Limit copy data by the destination size
167e33f3 vdpa: Enable user to set mtu of the vdpa device
384938f9 vdpa: Enable user to set mac address of vdpa device
a311f0c4 vdpa: Enable user to query vdpa device config layout
9d8882d5 vdpa: Update kernel headers
5cb7ec0c Update kernel headers and import virtio_net
26113360 mptcp: add support for changing the backup flag
4b301b87 tc: Add support for ce_threshold_value/mask in fq_codel
99d09ee9 bond: add arp_missed_max option
432cb06b mptcp: add support for fullmesh flag
2d777dfe Update kernel headers
a21458fc vdpa: Remove duplicate vdpa UAPI header file

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-13 20:53:10 +02:00
Nick Hainke
9913514319 iproute2: update to 5.16.0
Import patch:
- 0001-lib-fix-ax25.h-include-for-musl.patch

Refreshed patches:
- 100-configure.patch
- 130-no_netem_tipc_dcb_man_vdpa.patch
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 170-ip_tiny.patch
- 190-fix-nls-rpath-link.patch
- 195-build_variant_ip_tc.patch
- 200-drop_libbsd_dependency.patch
- 300-selinux-configurable.patch

Size ip-full (mips_24kc):
- 176K	ip-full_5.16.0-1_mips_24kc.ipk
- 172K	ip-full_5.15.0-2_mips_24kc.ipk

Size ip-tiny (mips_24kc):
- 124K	ip-tiny_5.16.0-1_mips_24kc.ipk
- 124K	ip-tiny_5.15.0-2_mips_24kc.ipk

Changes:
ade99e20 v5.16.0
1225e307 testsuite: Fix tc/vlan.t test
4734fdb9 uapi: update to mptcp.h
c04e45d0 lib/bpf: fix verbose flag when using libbpf
73590d95 tc: flower: Fix buffer overflow on large labels
3f77bc62 uapi: update to if_ether.h
5f8bb902 ip/ipnexthop: fix unsigned overflow in parse_nh_group_type_res()
3184de37 lib/bpf_legacy: remove always-true check
79026c12 rdma: update uapi headers
fa58de9b vdpa: align uapi headers
be31c264 lnstat: fix buffer overflow in header output
0e949725 tc/m_vlan: fix print_vlan() conditional on TCA_VLAN_ACT_PUSH_ETH
9bd5ab0f mptcp: fix JSON output when dumping endpoints by id
a787d9ae man: tc-u32: Fix page to match new firstfrag behavior
af96c7b5 Fix some typos detected by Lintian in manpages
35c81b18 uapi: update vdpa.h
0c263d7c iplink_can: add new CAN FD bittiming parameters: Transmitter Delay Compensation (TDC)
0f7bb8d8 iplink_can: print brp and dbrp bittiming variables
67f3c7a5 iplink_can: use PRINT_ANY to factorize code and fix signedness
fd5e958c iplink_can: code refactoring of print_ctrlmode()
8316df6e iplink_can: fix configuration ranges in print_usage() and add unit
6e15d27a ip: add AMT support
9cae1de5 Import amt.h
258e350c Update kernel headers
047e9ae5 devlink: Fix cmd_dev_param_set() to check configuration mode
9e009e78 ip, neigh: Add NTF_EXT_MANAGED support
040e5252 ip, neigh: Add missing NTF_USE support
c76a3849 ip, neigh: Fix up spacing in netlink dump
76b30805 xfrm: enable to manage default policies
95cd2a62 iplink: enable to specify index when changing netns
cee0cf84 configure: add the --libdir option
0ee1950b configure: add the --prefix option
4b8bca5f configure: support --param=value style
99245d17 configure: simplify options parsing
c330d097 configure: fix parsing issue with more than one value per option
48c379bc configure: fix parsing issue on libbpf_dir option
1d819dcc configure: fix parsing issue on include_dir option
19ba785f rdma: Add optional-counters set/unset support
7d5cb70e rdma: Add stat "mode" support
d480cb71 rdma: Update uapi headers
e4ca6a49 Update kernel headers
a31e7b79 mptcp: cleanup include section.
41020eb0 Update documentation
8fb522cd Add support for IOAM encap modes
b840c620 ip: nexthop: keep cache netlink socket open
b9017435 devlink: print maximum number of snapshots if available
6448ed37 Update kernel headers
7ca868a7 ip: nexthop: add print_cache_nexthop which prints and manages the nh cache
5d5dc549 ip: route: print and cache detailed nexthop information when requested
cb3d18c2 ip: nexthop: add a helper which retrieves and prints cached nh entry
60a97030 ip: nexthop: add cache helpers
53d7c43b ip: nexthop: factor out ipnh_get_id rtnl talk into a helper
a2ca4312 ip: nexthop: factor out print_nexthop's nh entry printing
945c26db ip: nexthop: parse attributes into nh entry structure before printing
7ec1cee6 ip: nexthop: add nh entry structure
60a7515b ip: nexthop: split print_nh_res_group into parse and print parts
cfb0a872 ip: nexthop: add resilient group structure
371e889d ip: export print_rta_gateway version which outputs prepared gateway string
f7278996 ip: print_rta_if takes ifindex as device argument instead of attribute
e2cc9840 ROSE: Print decoded addresses rather than hex numbers.
26c5782f ROSE: Add rose_ntop implementation.
fd4c1c81 NETROM: Print decoded addresses rather than hex numbers.
c63b769a NETROM: Add netrom_ntop implementation.
399ae00a AX.25: Print decoded addresses rather than hex numbers.
3a92669b AX.25: Add ax25_ntop implementation.
ebbb7017 lib: bpf_legacy: add prog name, load time, uid and btf id in prog info dump
0431e1e7 ip: Support filter links/neighs with no master
12b3d6a2 man: ip-macsec: fix gcm-aes-256 formatting issue
ae895504 bridge: vlan: add support for mcast_router option
12fbe3e4 bridge: vlan: set vlan option attributes while parsing
db28c944 Update kernel headers
6d676ad9 ip: rewrite routel in python
1eaebad2 ip: remove routef script
adddf30c ip: remove ifcfg script
2c811088 ip: remove old rtpr script
72222cd4 bridge: vlan: add support for dumping router ports
7ad5505b bridge: vlan: add global mcast_querier option
061da2e2 bridge: vlan: add global mcast_startup_query_interval option
60dcd5c3 bridge: vlan: add global mcast_query_response_interval option
0e4cfa03 bridge: vlan: add global mcast_query_interval option
ebcee09c bridge: vlan: add global mcast_querier_interval option
3ae784f5 bridge: vlan: add global mcast_membership_interval option
2b6cc38d bridge: vlan: add global mcast_last_member_interval option
7cc7dbf4 bridge: vlan: add global mcast_startup_query_count option
3399c075 bridge: vlan: add global mcast_last_member_count option
a8d7212a bridge: vlan: add global mcast_mld_version option
29fada0f bridge: vlan: add global mcast_igmp_version option
1f608d59 bridge: vlan: add global mcast_snooping option
dee5eb05 bridge: vlan: add support to set global vlan options
ecf6d8b4 bridge: vlan: add support for vlan filtering when dumping options
720f8613 bridge: vlan: add support to show global vlan options
d3a961a9 bridge: vlan: skip unknown attributes when printing options
312e22fe bridge: vlan: factor out vlan option printing
d2eecb9d ip: bridge: add support for mcast_vlan_snooping
ebaa603b ip/bond: add lacp active support
8d6134b2 Update kernel headers
51d8fc70 ip/tunnel: always print all known attributes
71ba9c18 ipioam6: use print_nl instead of print_null
e7841194 tc/skbmod: Introduce SKBMOD_F_ECN option
78832863 IOAM man8
32f4969d New IOAM6 encap type for routes
29098125 Add, show, link, remove IOAM namespaces and schemas
e53f4cd5 Import ioam6 uapi headers
236696e5 Update kernel headers
cf866f0a ipneigh: add support to print brief output of neigh cache in tabular format

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-13 20:53:10 +02:00
Hauke Mehrtens
2a0284fb03 kernel: kmod-ipt-ulog: Remove package
The ulog iptables target was removed with kernel 3.17, remove the kernel
and also the iptables package in OpenWrt too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-10 21:36:17 +02:00
Jo-Philipp Wich
e6e4f97999 nftables: fix parsing date expressions
Musl libc does not support the non-POSIX "%F" format for strptime() so
replace all occurrences of it with an equivalent "%Y-%m-%d" format.

Fixes: #10419
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-08-09 11:51:46 +02:00
Jo-Philipp Wich
b5ec04f81a Revert "nftables: fix parsing date expressions"
This reverts commit eada892577.

The commit contained unrelated target changes.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-08-09 11:50:52 +02:00
Jo-Philipp Wich
eada892577 nftables: fix parsing date expressions
Musl libc does not support the non-POSIX "%F" format for strptime() so
replace all occurrences of it with an equivalent "%Y-%m-%d" format.

Fixes: #10419
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-08-09 00:20:14 +02:00
Christian Lamparter
d4391ef073 layerscape: update remaining PKG_HASH / PKG_MIRROR_HASH
The change of the PKG_VERSION caused the hash of the package to
change. This is because the PKG_VERSION is present in the
internal directory structure of the archive.

Fixes: e879cccaa2 ("uboot-layerscape: update PKG_HASH")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-07-22 22:03:27 +02:00
Nick Hainke
436fad7a3e iptables: update to 1.8.8
Remove upstreamed patches:
- 001-xtables-Call-init_extensions6-for-static-builds.patch
- 002-xtables-Call-init_extensions_a_b.patch

Fix patches:
- 102-iptables-disable-modprobe.patch
  Fix warnings in the form of:
  xtables.c:475:14: warning: 'get_modprobe' defined but not used [-Wunused-function]
  475 | static char *get_modprobe(void)
      |              ^~~~~~~~~~~~

Backport patches:
- 020-treewide-use-uint-instead-of-u_int.patch
- 030-revert-fix-build-for-missing-ETH_ALEN-definition.patch
- 040-xshared-Fix-build-for-Werror-format-security.patch
- 050-build-fix-error-during-out-of-tree-build.patch
- 060-libxtables-unexport-init_extensions-declarations.patch

Refresh patches:
- 101-remove-check-already.patch
- 102-iptables-disable-modprobe.patch
- 200-configurable_builtin.patch
- 600-shared-libext.patch
- 700-disable-legacy-revisions.patch

Remove from Makefile:
 $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/

Changelog:
fa0ccdbd configure: bump version for 1.8.8 release
8468fd4f nft: Fix EPERM handling for extensions without rev 0
ce9195c6 extensions: LOG: Document --log-macdecode in man page
404f304d man: *NAT: Review --random* option descriptions
0a538259 extensions: DNAT: Merge core printing functions
a7c2b728 libxtables: Revert change to struct xtables_pprot
fd64a587 libxtables: Drop xtables_globals 'optstring' field
3b8a6a6f xshared: Extend xtables_printhelp() for arptables
8ff84eaf xshared: Move arp_opcodes into shared space
adbfec0b extensions: MARK: Drop extra newline at end of help
1dcfb81e nft: split gen_payload() to allocate register and initialize expression
7e38890c nft: prepare for dynamic register allocation
165cafec nft: pass handle to helper functions to build netlink payload
94309632 nft: native mark matching support
aa92ec96 nft: pass struct nft_xt_ctx to parse_meta()
4c70c42f nft-shared: update context register for bitwise expression
18c96821 extensions: man: Document service name support in DNAT and REDIRECT
72d542b6 extensions: Merge REDIRECT into DNAT
14d77c8a extensions: Merge IPv4 and IPv6 DNAT targets
9621318b extensions: DNAT: Rename from libipt to libxt
2e0c9a40 extensions: ipt_DNAT: Combine xlate functions also
7adef314 extensions: ipt_DNAT: Merge v1/v2 print/save code
3f4f1cf0 extensions: ipt_DNAT: Merge v1 and v2 parsers
070a8626 Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified"
08c14fa6 man: DNAT: Describe shifted port range feature
24fff5d7 xlate-test: Fix for empty source line on failure
ac4c84cc libxtables: Boost rule target checks by announcing chain names
f58b0d74 libxtables: Implement notargets hash table
b1aee6b2 nft: Reject standard targets as chain names when restoring
b555bfed tests: shell: Fix 0004-return-codes_0 for static builds
c293e116 nft: Review static extension loading
0836524f xtables: Call init_extensions{,a,b}() for static builds
6c689b63 Simplify static build extension loading
0c8e2535 libxtables: Fix for warning in xtables_ipmask_to_numeric
0c0cd434 nft: Don't pass command state opaque to family ops callbacks
b6196c75 xshared: Prefer xtables_chain_protos lookup over getprotoent
07ee529f nft: Speed up immediate parsing
b5f2faea nft: Simplify immediate parsing
17534cb1 Improve error messages for unsupported extensions
2dbb49d1 libxtables: Register only the highest revision extension
07e2107e xshared: Implement xtables lock timeout using signals
a3980769 tests: NFLOG: enable `--nflog-range` tests
b8e8ac27 tests: support explicit variant test result
adb03c3f tests: add `NOMATCH` test result
7a006c7d tests: iptables-test: rename variable
b7f15b42 iptables.8: Describe the effect of multiple -v flags
1407a9c4 tests: iptables-test: Support variant deviation
fc8f7289 nft: cache: Dump rules if debugging
73b91292 nft: Add debug output to table creation
51d9d9e0 ebtables: Support verbose mode
ad1ed75f nft: Set NFTNL_CHAIN_FAMILY in new chains
17ed253f iptables-restore: Support for extra debug output
a761a026 nft: Use verbose flag to toggle debug output
98e69b7e nft: add support for native tcp flag matching
92808bd5 nft-shared: add tcp flag dissection
6aba94ef nft: prefer native expressions instead of tcp match
c034cf31 nft: prefer native expressions instead of udp match
5489493e nft-shared: support native udp port delinearize
5795a1b5 nft-shared: support native tcp port range delinearize
250dce87 nft-shared: support native tcp port delinearize
ea5d45dc extensions: libxt_NFLOG: fix typo
26ecdf53 xshared: Fix response to unprivileged users
b32ae771 build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with `LT_INIT`
05286bab extensions: libxt_NFLOG: remove extra space when saving targets with prefixes
f0d02998 extensions: libxt_NFLOG: fix `--nflog-prefix` Python test-cases
f9df828a extensions: libxt_NFLOG: disable `--nflog-range` Python test-cases
62ad29e9 extensions: libxt_NFLOG: don't truncate log prefix on print/save
db99f601 extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG
30b178b9 extensions: *NAT: Kill multiple IPv4 range support
7ee5b970 tests: iptables-test: correct misspelt variable
223f02ca nft: fix indentation error.
5c2c2eea ip6tables: Use the shared do_parse, too
9baf3bf0 iptables: Use xtables' do_parse() function
e4f5185d nft: Move proto_parse and post_parse callbacks to xshared
ded7b579 xshared: Store parsed wait and wait_interval in xtables_args
62c3c93d xshared: Move do_parse to shared space
3039a52c xtables: Do not pass nft_handle to do_parse()
ece001c2 xtables: Pass xtables_args to check_inverse()
17abaeb1 xtables: Pass xtables_args to check_empty_interface()
dc8d8fce xtables: Move struct nft_xt_cmd_parse to xshared.h
98a4462f xtables: Pull table validity check out of do_parse()
d83371c7 xtables: Drop xtables' family on demand feature
49aa44ba nft-shared: set correct register value
b129b1cf iptables-*-restore: Drop pointless line reference
316d8efb libxtables: Extend basic_exit_err()
4bff5aef xtables_globals: Embed variant name in .program_version
51e5d293 xshared: Share exit_tryhelp()
56ac0452 xshared: Share a common printhelp function
4149b5d8 xshared: Share print_match_save() between legacy ip*tables
273d88a7 extensions: tcpmss: add iptables-translate support
7213561d xshared: Make load_proto() static
cf14b92b nft-shared: Drop unused function print_proto()
24f30842 xshared: Share print_header() with legacy iptables
a323c283 xshared: Share print_fragment() with legacy
1d73cec0 xshared: Share print_rule_details() with legacy
e5fb9f8e xshared: Share save_ipv{4,6}_addr() with legacy
22f2e1fc xshared: Share save_rule_details() with legacy
766e4872 xshared: Share print_iface() function
b5881e7f nft: Change whitespace printing in save_rule callback
1189d830 xshared: Merge and share parse_chain()
1eab8e83 extensions: hashlimit: Fix tests with HZ=1000
afa525ee xlate-test: Print full path if testing all files
b8d5271d Unbreak xtables-translate
0af80a91 nft: Merge xtables-arp-standalone.c into xtables-standalone.c
142cf724 xtables: arptables accepts empty interface names
ab0a785a xtables: Derive xtables_globals from family
6cf3976e nft-shared: Make nft_check_xt_legacy() family agnostic
832a0e2b nft-arp: Introduce post_parse callback
0aea399d arptables: Use standard data structures when parsing
fe83b12f libxtables: Introduce xtables_globals print_help callback
0687852d xtables-standalone: Drop version number from init errors
dded8ff3 nft: Add family ops callbacks wrapping different nft_cmd_* functions
38e1fe58 xtables: Simplify addr_mask freeing
cfdda180 nft-shared: Introduce init_cs family ops callback
65b150ae xshared: Store optstring in xtables_globals
2e6014c7 nft: Introduce builtin_tables_lookup()
db90ff64 tests: shell: fix bashism
45d8f769 nft: Delete builtin chains compatibly
e865a853 nft-chain: Introduce base_slot field
f9b33967 nft: Check base-chain compatibility when adding to cache
43189612 nft: cache: Avoid double free of unrecognized base-chains
040a15f2 xtables-translate: add missing argument and option to usage
2ed6dc75 tests: iptables-test: Fix conditional colors on stderr
63ab4fe3 ebtables: Avoid dropping policy when flushing
b714d45d iptables-test.py: print with color escapes only when stdout isatty
481626bb tests: shell: Return non-zero on error
7559af83 tests: iptables-test: Exit non-zero on error
c057939d tests: xlate-test: Exit non-zero on error
a8da7186 tests: iptables-test: Print errors to stderr
5166c445 tests: xlate-test: Print errors to stderr
fa78ff15 tests: xlate-test: Don't skip any input after the first empty line
fcbe454b tests: iptables-test: Fix missing chain case
61e85e31 iptables-nft: allow removal of empty builtin chains
544e7dc1 Fix a few doc typos
e438b976 nft: Use xtables_{m,c}alloc() everywhere
ca11c7b7 nft: Use xtables_malloc() in mnl_err_list_node_add()
cf410aa6 extensions: libxt_mac: Fix for missing space in listing
7ae14dc1 iptables-test: Make netns spawning more robust
bef9dc57 extensions: hashlimit: Fix tests with HZ=100
943fbf3e ip6tables: masquerade: use fully-random so that nft can understand the rule
ef7781eb libxtables: exit if called by setuid executeable
8629c53f tests/shell: Assert non-verbose mode is silent
57d1422d nft: Fix for non-verbose check command
26318637 ebtables: Dump atomic waste
765bf04e doc: ebtables-nft.8: Adjust for missing atomic-options
e727ccad xtables: Call init_extensions6() for static builds
9e1fffdf extensions: libxt_multiport: add translation for -m multiport --ports
c8145139 extensions: libxt_conntrack: simplify translation using negation
1c934617 extensions: libxt_tcp: rework translation to use flags match representation
bb01e33d extensions: libxt_connlimit: add translation
62828a6a tests: xlate-test: support multiline expectation
ba863c4b libxtables: extend xlate infrastructure
68ed965b extensions: libxt_string: Avoid buffer size warning for strncpy()
9b85e1ab libxtables: Introduce xtables_strdup() and use it everywhere
ca840c20 extensions: libebt_ip6: Use xtables_ip6parse_any()
084671d5 iptables-apply: Drop unused variable
0729ab37 nft: Avoid buffer size warnings copying iface names
eab75ed3 nft: Avoid memleak in error path of nft_cmd_new()
ffe88f8f libxtables: Fix memleak in xtopt_parse_hostmask()
8bb5bcae extensions: libebt_ip6: Drop unused variables
97fabae7 libxtables: Drop leftover variable in xtables_numeric_to_ip6addr()
5818be17 extensions: sctp: Translate --chunk-types option
a61282ec extensions: sctp: Fix nftables translation
556f7044 Use proto_to_name() from xshared in more places
eea68ca8 ebtables-translate: Use shared ebt_get_current_chain() function
9dc50b5b xshared: Merge invflags handling code
3664249f xshared: Eliminate iptables_command_state->invert
f647f61f xtables: Make invflags 16bit wide
616800af extensions: SECMARK: Implement revision 1
1e984079 nft-arp: Make use of ipv4_addr_to_string()
acac2dbe Eliminate inet_aton() and inet_ntoa()
9084ef29 extensions: sctp: Explain match types in man page
a3e81c62 nft: Increase BATCH_PAGE_SIZE to support huge rulesets
fdf64dcd nft: cache: Sort chains on demand only
c5d9a723 fix build for missing ETH_ALEN definition
18d7535d extensions: libxt_conntrack: use bitops for status negation
18e334da extensions: libxt_conntrack: use bitops for state negation
831f57c7 libxtables: Simplify xtables_ipmask_to_cidr() a bit
46f9d3a9 xtables-translate: Fix translation of odd netmasks
330f5df0 nft: Fix bitwise expression avoidance detection
5f1fcace iptables-nft: fix -Z option
c9441657 include: Drop libipulog.h
30c1d443 ebtables: Exit gracefully on invalid table names

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-07-10 19:07:47 +02:00
Nick Hainke
202ecc9f4b wpan-tools: update to 0.9
Changes:
- wpan-ping: fix ifname setting
- wpan-hwsim: hardware simulator configuration utility
- wpan-hwsim: fix long option argument option for dot
- Don't install examples
- hwsim: make sure lqi is always initialized
- iwpan: fix clang compiler warning on absolute-value
- examples: fix wrongly used unsigned attribute
- build: hwsim: fix list of files needed for dist build

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-07-10 18:16:34 +02:00
Nick Hainke
9194cee553 wpan-tools: update to 0.8
Remove upstreamed patches:
- 001-src-nl_extras.h-fix-compatibility-with-libnl-3.3.0.patch

Changes:
- examples: add README with details to the various examples
- examples: af_ieee802154_tx example
- examples: af_ieee802154_rx example
- examples: add af_packet_rx example
- examples: af_inet6_rx example
- examples: af_packet_tx example
- examples: af_inet6_tx example
- examples: add .gitignore file for examples directory
- src/nl_extras.h: fix compatibility with libnl 3.3.0
- wpan-ping: add the support to set wpan-ping interval
- wpan-ping: Add the filtering function for frame receiving

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-07-10 18:16:34 +02:00
Nick Hainke
3707e5cbe3 wpan-tools: cleanup Makefile
- Use SPDX
- Add PKG_RELEASE
- Change wpan.cakelab.org to linux-wpan.org/wpan-tools.html
- Switch to github.com as PKG_SOURCE_URL

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-07-10 18:16:34 +02:00
Daniel Golle
d29722e6ff
xdp-tools: fix build with NLS enabled
Make sure the 'configure' shell script finds the libintl when linking
the test programs for discovering libpcap and libbpf.

Reported-by: @trippleflux
Fixes: 6ad1bea2a6 ("xdp-tools: add package")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-07-06 22:38:20 +01:00
Nick Hainke
8288a4bbb3
xdp-tools: mark as nonshared
The SDK does not have the LLVM toolchain yet.

Hopefully fixes errors in the form:
  xsk_def_xdp_prog.c:4:10: fatal error: 'bpf/bpf_helpers.h' file not found
  #include <bpf/bpf_helpers.h>

Fixes: 6ad1bea2a6 ("xdp-tools: add package")
Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-07-06 22:38:02 +01:00
Daniel Golle
6ad1bea2a6
xdp-tools: add package
xdp-tools - Library and utilities for use with the eXpress Data Path:
Fast Programmable Packet Processing in the Operating System Kernel

 * libxdp: library for attaching XDP programs and using AF_XDP sockets
 * xdp-filter: a simple XDP-powered packet filter
 * xdp-loader: an XDP program loader
 * xdpdump: tool for capturing packets at the XDP layer

Thanks to Nick @PolynomialDivision Hainke for testing and fixing!

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-07-04 18:36:03 +01:00
Nick Hainke
86b0d3b00b tcpdump: update to 4.99.1
Adjust
- 100-tcpdump_mini.patch

Remove upstreamed patches:
- 101-CVE-2020-8037.patch
- 102-CVE-2018-16301.patch

Changelog:

  Wednesday, June 9, 2021 by gharris
  Summary for 4.99.1 tcpdump release
    Source code:
      Squelch some compiler warnings
      ICMP: Update the snapend for some nested IP packets.
      MACsec: Update the snapend thus the ICV field is not payload
        for the caller.
      EIGRP: Fix packet header fields
      SMB: Disable printer by default in CMake builds
      OLSR: Print the protocol name even if the packet is invalid
      MSDP: Print ": " before the protocol name
      ESP: Remove padding, padding length and next header from the buffer
      DHCPv6: Update the snapend for nested DHCPv6 packets
      OpenFlow 1.0: Get snapend right for nested frames.
      TCP: Update the snapend before decoding a MPTCP option
      Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks
      ForCES: Refine SPARSEDATA-TLV length check.
      ASCII/hex: Use nd_trunc_longjmp() in truncation cases
      GeoNet: Add a ND_TCHECK_LEN() call
      Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES().
      BGP: Fix overwrites of global 'astostr' temporary buffer
      ARP: fix overwrites of static buffer in q922_string().
      Frame Relay: have q922_string() handle errors better.
    Building and testing:
      Rebuild configure script when building release
      Fix "make clean" for out-of-tree autotools builds
      CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH.
    Documentation:
      man: Update a reference as www.cifs.org is gone. [skip ci]
      man: Update DNS sections
    Solaris:
      Fix a compile error with Sun C

  Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl.
  Summary for 4.99.0 tcpdump release
    CVE-2018-16301: For the -F option handle large input files safely.
    Improve the contents, wording and formatting of the man page.
    Print unsupported link-layer protocol packets in hex.
    Add support for new network protocols and DLTs: Arista, Autosar SOME/IP,
      Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand
      (IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch
      Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS,
      ZigBee Encapsulation Protocol (ZEP).
    Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP,
      ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS,
      NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD,
      VXLAN-GPE.
    User interface:
      Make SLL2 the default for Linux "any" pseudo-device.
      Add --micro and --nano shorthands.
      Add --count to print a counter only instead of decoding.
      Add --print, to cause packet printing even with -w.
      Add support for remote capture if libpcap supports it.
      Display the "wireless" flag and connection status.
      Flush the output packet buffer on a SIGUSR2.
      Add the snapshot length to the "reading from file ..." message.
      Fix local time printing (DST offset in timestamps).
      Allow -C arguments > 2^31-1 GB if they can fit into a long.
      Handle very large -f files by rejecting them.
      Report periodic stats only when safe to do so.
      Print the number of packets captured only as often as necessary.
      With no -s, or with -s 0, don't specify the snapshot length with newer
        versions of libpcap.
      Improve version and usage message printing.
    Building and testing:
      Install into bindir, not sbindir.
      autoconf: replace --with-system-libpcap with --disable-local-libpcap.
      Require the compiler to support C99.
      Better detect and use various C compilers and their features.
      Add CMake as the second build system.
      Make out-of-tree builds more reliable.
      Use pkg-config to detect libpcap if available.
      Improve Windows support.
      Add more tests and improve the scripts that run them.
      Test both with "normal" and "x87" floating-point.
      Eliminate dependency on libdnet.
    FreeBSD:
      Print a proper error message about monitor mode VAP.
      Use libcasper if available.
      Fix failure to capture on RDMA device.
      Include the correct capsicum header.
    Source code:
      Start the transition to longjmp() for packet truncation handling.
      Introduce new helper functions, including GET_*(), nd_print_protocol(),
        nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others.
      Put integer signedness right in many cases.
      Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix
        alignment issues, especially on SPARC.
      Fix many C compiler, Coverity, UBSan and cppcheck warnings.
      Fix issues detected with AddressSanitizer.
      Remove many workarounds for older compilers and OSes.
      Add a sanity check on packet header length.
      Add and remove plenty of bounds checks.
      Clean up pcap_findalldevs() call to find the first interface.
      Use a short timeout, rather than immediate mode, for text output.
      Handle DLT_ENC files *not* written on the same OS and byte-order host.
      Add, and use, macros to do locale-independent case mapping.
      Use a table instead of getprotobynumber().
      Get rid of ND_UNALIGNED and ND_TCHECK().
      Make roundup2() generally available.
      Resync SMI list
 against Wireshark.
      Fix many typos.

Co-Developed-by: Ivan Pavlov <AuthorReflex@gmail.com>
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-07-03 20:25:38 +02:00
Etienne Champetier
35fec487e3 iptables: default to ip(6)tables-nft
OpenWrt now uses firewall4 (nft) by default,
so iptables should also default to nftables backend.

When multiple packages provide the same virtual package,
opkg pick the first one by alphabetical order,
so we rename iptables-legacy to iptables-zz-legacy and add
iptables-legacy in PROVIDES.

We also need to remove IPTABLES_NFTABLES config as
this cause recursive dependencies.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-06-29 00:57:56 +02:00
Nick Hainke
71b211d304 arptables: update to 0.0.5 and cleanup
Update to 0.0.5:

efae894 arptables 0.0.5 release
1f3c6bc libarptc: Simplify alloc_handle by using calloc()
4e5e23a Eliminate compiler warning about size passed to strncmp()
bf11d72 Add .gitignore
28b22d5 arptables: legacy renaming
988d6a4 arptables: cleanup sysvinit script
f4ab8f6 src: Remove support for libc5
047f37b src: Use stdint types
4bb2f83 arptables: Add MARK target
dbbe9f7 arptables: Add revision field for arptables userspace
935acea src: fix compilation warning
5700dbf src: cache in tree and use x_tables.h
4b7d6b0 arptables: remove dead dynamic hooks code
c299484 arptables: fix potential buffer overflow (author: dcb)
9fcaf70 arptables: add missing long option --set-counters and update documentation
36daba3 arptables: install man pages
f79b957 Add man pages for arptables-{save,restore}
c492c16 add GPL text
8f58693 fix potential buffer overflows reported by static analysis
ee4ec13 make static analysis tool happy (false positive)
b064d44 build an libarptc.a archive

Cleanup Makefile:
- Switch to release versions
- Use ftp(http) mirror
- Add PKG_LICENSE_FILES

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-06-27 00:57:15 +02:00
Nick Hainke
fe5d3a4204 ethtool: update to 5.18
9eabf30 Release version 5.18.
2b3ddcb ethtool: fec: Change the prompt string to adapt to current situations
d660dde pretty: add missing message descriptions for rings
aaeb16a pretty: support u8 enumerated types
6b320b8 rings: add support to set/get cqe size
41fddc0 update UAPI header copies
42e6c28 help: fix alignment of rx-buf-len parameter
e1d0a19 ethtool.8: Fix typo in man page
37f0586 Release version 5.17.
8c2984c strset: do not put a pointer to a local variable to nlctx
8fd02a2 ioctl: add the memory free operation after send_ioctl call fails
b9f25ea ethtool: Add support for OSFP transceiver modules
6e79542 features: add --json support
5ed5ce5 Merge branch 'next' into  master
b90abbb man: document recently added parameters
51a9312 tunables: add support to get/set tx copybreak buf size
a081c2a rings: add support to set/get rx buf len
d699bab Merge branch 'master' into next
52db6b9 Merge branch 'review/module-extstate' into next
6407b52 monitor: add option for --show-module/--set-module
1f35786 ethtool: Add transceiver module extended state
2d4c5b7 ethtool: Add ability to control transceiver modules' power mode
005908b Update UAPI header copies

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-06-27 00:57:15 +02:00
Nick Hainke
a74a853d0d nftables: update to 1.0.4
Needs libnftnl 1.2.2.

3eb0da9f build: Bump version to 1.0.4
a964d1b5 tests: shell: remove leftover modules on cleanup
818f7dde evaluate: reset ctx->set after set interval evaluation
3835de19 tests: shell: sets_with_ifnames release netns on exit
59bd944f optimize: segfault when releasing unsupported statement

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-06-24 17:10:24 +02:00
Nick Hainke
879dd95f43 nftables: clean up Makefile
Add PKG_LICENSE_FILES. Use SPDX.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-06-24 17:10:24 +02:00
Nick Hainke
8704e75d25 nftables: update to 1.0.3
Remove backport:
- 001-examples-compile-with-make-check.patch

87fdf683 build: Bump version to 1.0.3
c4ec825b nft: simplify chain lookup in do_list_chain
4f6724f1 intervals: fix compilation --with-mini-gmp
4c20fe95 json: update json output ordering to place rules after chains
57741350 netlink_delinearize: release last register on exit
d6fdb0d8 sets_with_ifnames: add test case for concatenated range
88b2345a segtree: add pretty-print support for wildcard strings in concatenated sets
806ab081 netlink: swap byteorder for host-endian concat data
c224aa6b intervals: deletion should adjust range not yet in the kernel
ea1f1c9f optimize: memleak in statement matrix
0a6dbfce optimize: merge nat rules with same selectors into map
743b0e81 optimize: do not clone unsupported statement
c8b35039 optimize: incorrect logic in verdict comparison
fc4da141 src: fix always-true assertions
d1289bff intervals: set on EXPR_F_KERNEL flag for new elements in set cache
721b9dec tests: add concat test case with integer base type subkey
22b750aa src: allow use of base integer types as set keys in concatenations
3ed9fada intervals: build list of elements to be added from cache
e45b4939 intervals: fix deletion of multiple ranges with automerge
3b7b22ae intervals: add elements with EXPR_F_KERNEL to purge list only
ea31855d netlink: remove unused argument from helper function
48204bd7 intervals: Simplify element sanity checks
ab1b21be intervals: unset EXPR_F_KERNEL for adjusted elements
e0beff27 src: restore interval sets work with string datatypes
3e8d934e intervals: support to partial deletion with automerge
7a6e1604 evaluate: allow for zero length ranges
3da9643f intervals: add support to automerge with kernel elements
7b061e63 mnl: update mnl_nft_setelem_del() to allow for more reuse
fdb8e0ff src: remove rbtree datastructure
81e36530 src: replace interval segment tree overlap and automerge
f1cc44ed src: add EXPR_F_KERNEL to identify expression in the kernel
ad43b84e segtree: add support for get element with sets that contain ifnames
06db2308 segtree: use correct byte order for 'element get'
4c6681a7 tests: add testcases for interface names in sets
5e393ea1 segtree: add string "range" reversal support
2fb4d7ea src: make interval sets work with string datatypes
403936c1 evaluate: string prefix expression must retain original length
ada50f84 segtree: split prefix and range creation to a helper function
ae7d32fc evaluate: keep prefix expression length
d2b23984 evaluate: make byteorder conversion on string base type a no-op
c36ecfc2 tests: py: Add meta time tests without 'meta' keyword
6fa4ff56 tests: py: Don't colorize output if stderr is redirected
f561a0cc tests: monitor: Hide temporary file names from error output
75fea8a5 tests: py: extend meta time coverage
4460b839 meta: fix compiler warning in date_type_parse()
02100978 meta: time: use uint64_t instead of time_t
4e0026dc include: add missing `#include`
ab74fb5b examples: add .gitignore file
bcad4761 tests: py: add inet/vmap tests
214494aa optimize: Restore optimization for raw payload expressions
82762ab6 src: allow to use integer type header fields via typeof set declaration
64bb3f43 src: allow to use typeof of raw expressions in set declaration
ff0f30e3 expression: typeof verdict needs verdict datatype
60f5c107 src: copy field_count for anonymous object maps as well
4cf97abf rule: Avoid segfault with anonymous chains
4e718641 evaluate: init cmd pointer for new on-stack context
1ea71c23 optimize: do not assume log prefix
3f36cc6c optimize: do not merge unsupported statement expressions
19960c8d optimize: incorrect assert() for unexpected expression type
3de1dbd2 optimize: more robust statement merge with vmap
99eb4696 optimize: fix vmap with anonymous sets
e8f0fa21 scanner: Fix for ipportmap nat statements
59d184be scanner: dup, fwd, tproxy: Move to own scopes
069a0450 scanner: meta: Move to own scope
2165324d scanner: at: Move to own scope
a67fce7f scanner: nat: Move to own scope
578467c1 scanner: policy: move to own scope
a1669709 scanner: flags: move to own scope
020372d9 scanner: reject: Move to own scope
543bf3c2 scanner: import, export: Move to own scopes
88105810 scanner: reset: move to own Scope
8a7e430a scanner: monitor: Move to own Scope
e5547017 scanner: rt: Extend scope over rt0, rt2 and srh
04c95f14 scanner: type: Move to own scope
62a95698 scanner: dst, frag, hbh, mh: Move to own scopes
a060d912 scanner: ah, esp: Move to own scopes
4e215fdf scanner: osf: Move to own scope
5166b298 scanner: dccp, th: Move to own scopes
3e04a6e2 scanner: udp{,lite}: Move to own scope
bbdcfbfa scanner: comp: Move to own scope.
232f2c32 scanner: synproxy: Move to own scope
26b53653 scanner: tcp: Move to own scope
f5722119 scanner: igmp: Move to own scope
a7d8cca9 scanner: icmp{,v6}: Move to own scope
5d837d27 src: add tcp option reset support
1d507ce7 build: explicitly pass --version-script to linker
e98a9b83 libnftables.map: export new nft_ctx_{get,set}_optimize API
9eb98b3b tests: add test case for flowtable with owner flag
18a08fb7 examples: compile with `make check' and add AM_CPPFLAGS

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-06-24 17:10:24 +02:00
Stijn Tintel
bbce9f84ec iw: bump to 5.19
7e06706 iw: event: report missing radar events
  5909e73 iw: survey: add support for radio stats
  64bf570 update nl80211.h
  0900996 iw: print Radar background capability if supported
  56c6077 iw: print out assoc comeback event
  a4e5418 iw: support 160MHz frequency command for 6GHz band
  5a71b72 iw: Print local EHT capabilities
  e3287a1 station: print EHT rate information
  ff67fb2 iw: fix double tab in mesh path header
  05a5267 iw: fix 'upto' -> 'up to'
  00a2985 iw: handle VHT extended NSS
  82e0bd1 update nl80211.h
  c95877c info: add missing extended features
  0976378 info: refactor extended features
  79f20cb bump version to 5.19

Sync nl80211.h with our version of mac80211 and remove parts of the iw
code that are not supported by our version of mac80211.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-06-11 16:03:14 +03:00
Daniel Golle
51c442c265
uqmi: update to git HEAD
56cb2d4 nas: add decoding of cell_id
 9a9019a uqmi: wms - added storage to read text messages

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-05-04 01:33:21 +01:00
David Bauer
f757a8a098 iwinfo: update to latest HEAD
dc6847e iwinfo: nl80211: omit A-hwmode on non-5GHz hardware

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-04-27 00:54:24 +02:00
David Bauer
46980294f6 iwinfo: update to latest HEAD
a479b9b devices: remove whitespace
562d015 iwinfo: nl80211: fix hwmode parsing for multi-band NICs

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-04-24 23:09:51 +02:00
Cezary Jackiewicz
e02fb42c53 comgt: support ZTE MF286R modem
The modem is based on Marvell PXA1826 and uses ACM+RNDIS interface to
establish connection with custom commands specific to ZTE modems.
Two variants of modems were discovered, some identifying themselves
as "ZTE", and others as plain "Marvell", the chipset manufacturer.
The modem itself runs a fork of OpenWrt inside, which root shell can be
accessed via ADB interface.

Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-04-16 14:02:11 +02:00
Lech Perczak
ed7957810c comgt: ncm: try to detect interface for ttyACM ports
Some modems expose ttyACM as their control ports, which have the
"device" symlink pointing one level down in sysfs tree. Try to find
network interfaces for them as well, this is commonly used for modems
exposing ACM + RNDIS or ACM + ECM interface combinations.

Co-developed-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-04-16 14:02:11 +02:00
Lech Perczak
b2940bb8b2 comgt: ncm: select first available network interface for device
Some modems expose multiple network interfaces on the same USB device,
causing the connection setup script to fail, because glob matching in
the detection phase causes 'ls' to output more than one interface name
plus their base directories in sysfs. Avoid that by listing the
directories explicitly and then selecting first available interface.
This is the case for some variants of ZTE MF286R built-in modem, which
exposes both RNDIS and CDC-ECM network interfaces, causing the
connection setup to fail.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-04-16 14:02:11 +02:00
Lech Perczak
a67629bbe2 comgt: ncm: allow specification of interface name
Add ifname property to UCI, which can be used to override the
autodetected interface name in case the detection fails due to having
none or more than one interface exposed by the modem, which is not
explicitly linked to TTY port. This is needed on certain variants of ZTE
MF286R built-in modem, which exposes both RNDIS and CDC-ECM interfaces
on the modem, on which the automatic detection may select the wrong
network interface.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-04-16 14:02:11 +02:00
Eneas U de Queiroz
1135b75d1f nftables: add CONFLICT between versions
Have nftables-json conflict with nftables-nojson.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-04-11 21:41:03 +02:00
Daniel Golle
ee7cb5e885
uqmi: fix acquiring PIN status
Evaluating the return value of 'json_load' didn't work in the
intended way resulting in PIN status no longer being read on modems
where --get-pin-status doesn't fail.
Fix this by trying --get-pin-status first and checking if pin1_status
field exists in JSON, and if it doesn't try again with
--uim-get-sim-state.

Fixes: #9501
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-03-24 18:45:19 +00:00
Etienne Champetier
30c15d06e8 iptables: bump PKG_RELEASE
Following {arp,eb}tables-nft addition, bump PKG_RELEASE

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
66bb6dde36 iptables: add {arp,eb}tables-nft
Add a patch to add some missing init_extensions{a,b}() calls
Package lib{arp,eb}t_*.so

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
c913be1da1 iptables: add xtables-nft package
This allows to install ip6tables-nft without iptables-nft
This prepare the addition of {arp,eb}tables-nft

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
afb6824a2c iptables: add xtables-legacy package
This allows to install ip6tables-legacy without iptables-legacy

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
905b49920f ebtables: rename to ebtables-legacy
This prepare the introduction of ebtables-nft.
Add PROVIDES so dependencies are not broken,
use ALTERNATIVES.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Etienne Champetier
2f5088ef5f arptables: rename package to arptables-legacy
This prepare the introduction of arptables-nft.
Add PROVIDES so dependencies are not broken,
use ALTERNATIVES.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-19 16:13:58 +01:00
Josef Schlehofer
013b043564 iwinfo: update to latest Git head
Changelog:
90bfbb9 devices: Add Cypress CYW43455
234075b devices: fix AMD RZ608 format
0e2a318 devices: add AMD RZ608 device-id

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-03-19 16:13:58 +01:00
Felix Fietkau
54aab4e719 bpftools: fix library path on 64 bit systems
drop the use of LIB_SUFFIX

Fixes: 00cbf6f6ab ("bpftools: update to standalone bpftools + libbpf, use the latest version")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-19 13:29:15 +01:00
Felix Fietkau
00cbf6f6ab bpftools: update to standalone bpftools + libbpf, use the latest version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-03-19 07:30:06 +01:00
Etienne Champetier
e9c99e0f7f iptables: backport missing init_extensions6() calls
This fixes ip6tables-nft no being able to use built-in
extensions like icmp6.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-03-13 19:24:13 +01:00
Florian Eckert
e5440ec871 ipset: add backport patch for IPv6 nftables ipset-translation
When porting mwan3 from iptables to nftables I tried the new translation
tool for ipset ipset-translate. I noticed that no IPv6 ipset can be
created with the tool. I have reported the problem to the upstream
project and the following patch fixes the problem.

Until this upsream is included in a new release, this patch should be
used in Openwrt.

https://lore.kernel.org/netfilter-devel/20220228190217.2256371-1-pablo@netfilter.org/T/#m09cc3cb738f2e42024c7aecf5b7240d9f6bbc19c

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-13 19:24:13 +01:00
Daniel Golle
2a801ee562
uqmi: update to git HEAD
44dd095 uqmi: corrected too short received SMS

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-03-12 11:07:27 +00:00
Lech Perczak
c8a88118af uqmi: set CID during 'query-data-status' operation
Modems used in ZTE mobile broadband routers require to query the data
session status using the same CID as one used to establish the session,
otherwise they will report the session as "disconnected" despite
reporting correct PDH in previous step. Without this change, IPv6
connection on these modems doesn't establish properly. In IPv4 this bug
is present as well, but for some reason querying of IPv4 status works
using temporary CID, this however seems noncompliant with QMI
specifications, so fix it as well.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-03-12 10:38:11 +00:00
Yousong Zhou
289fbc5102 iptables: add iptables-mod-socket
Previously libxt_socket.so was included in iptables-mod-tproxy.  It was
missed out when trying to make kmod-ipt-socket and kmod-ipt-tproxy
separate packages

Fixes: 4f443c88 ("netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2022-03-10 10:43:32 +08:00
Josef Schlehofer
d71928c1e3 nftables: update to version 1.0.2
Changelog:
https://lwn.net/ml/netdev/YhO5Pn+6+dgAgSd9@salvia/

Patches:

removed:
- 001-parser-allow-quoted-string-in-flowtable_expr_member:
it is now part of upstream release [1]

added:
- 001-examples-compile-with-make-check.patch:
backported from [2], it fixes:

nft-json-file.c:3:10: fatal error: nftables/libnftables.h: No such file or directory
    3 | #include <nftables/libnftables.h>
      |          ^~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

[1] https://git.netfilter.org/nftables/commit/?h=v1.0.2&id=07af4429241c9832a613cb8620331ac54257d9df
[2] https://git.netfilter.org/nftables/commit/?id=18a08fb7f0443f8bde83393bd6f69e23a04246b3

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-03-07 21:44:53 +01:00
Hauke Mehrtens
921392e216 iproute2: Remove libxtables from some tc variants
This adds the new tc-bpf variant and removes libxtables dependency from
the tc-tiny variant. The tc-full variant stays like before and contains
everything.

This allows to use tc without libxtables.

The variants have the following sizes:
root@OpenWrt:/# ls -al /usr/libexec/tc-*
-rwxr-xr-x    1 root     root        282453 Mar  1 21:55 /usr/libexec/tc-bpf
-rwxr-xr-x    1 root     root        282533 Mar  1 21:55 /usr/libexec/tc-full
-rwxr-xr-x    1 root     root        266037 Mar  1 21:55 /usr/libexec/tc-tiny

They are linking the following shared libraries:
root@OpenWrt:/# ldd /usr/libexec/tc-tiny
        /lib/ld-musl-mips-sf.so.1 (0x77d6e000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d4a000)
        libc.so => /lib/ld-musl-mips-sf.so.1 (0x77d6e000)
root@OpenWrt:/# ldd /usr/libexec/tc-bpf
        /lib/ld-musl-mips-sf.so.1 (0x77da6000)
        libbpf.so.0 => /usr/lib/libbpf.so.0 (0x77d60000)
        libelf.so.1 => /usr/lib/libelf.so.1 (0x77d3e000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d1a000)
        libc.so => /lib/ld-musl-mips-sf.so.1 (0x77da6000)
        libz.so.1 => /usr/lib/libz.so.1 (0x77cf6000)
root@OpenWrt:/# ldd /usr/libexec/tc-full
        /lib/ld-musl-mips-sf.so.1 (0x77de8000)
        libbpf.so.0 => /usr/lib/libbpf.so.0 (0x77da2000)
        libelf.so.1 => /usr/lib/libelf.so.1 (0x77d80000)
        libxtables.so.12 => /usr/lib/libxtables.so.12 (0x77d66000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d42000)
        libc.so => /lib/ld-musl-mips-sf.so.1 (0x77de8000)
        libz.so.1 => /usr/lib/libz.so.1 (0x77d1e000)

This is based on a patch from Tiago Gaspar.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-03-05 21:06:35 +01:00
Florian Eckert
ba6a48366f ipset: update to 7.15
Update to the latest upstream version. In this version there is a new
tool with which you can convert ipsets into nftables sets. Since we are
now using nftables as default firewall, this could be a useful tool for
porting ipsets to nftables sets.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-01 21:17:30 +01:00
Paul Spooren
038d5bdab1 layerscape: use semantic versions for LSDK
PKG_VERSION should not contain the package name but the version only.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-03-01 00:01:18 +01:00
Etienne Champetier
d95b74f7c9 iptables: bump PKG_RELEASE
Following dependencies rework, bump PKG_RELEASE

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Etienne Champetier
39d50a2008 iptables: move libiptext* to their own packages
iptables-nft doesn't depend on libip{4,6}tc, so move
libiptext* libs in their own packages to clean up dependencies
Rename libxtables-nft to libiptext-nft

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Etienne Champetier
795e7155cb iptables: rename to ip(6)tables-legacy, add PROVIDES
Using PROVIDES allows to have other packages continue to
depend on iptables and users to pick between legacy and nft
version.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Etienne Champetier
316c406e62 iptables: move IPTABLES_{CONNLABEL,NFTABLES} to libxtables
Those 2 configs are not specific to iptables(-legacy)

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00