Use the kernel's built-in formula for computing this value.
The value applied by OpenWRT's sysctl configuration file does not scale
with the available memory, under-using hardware capabilities.
Also, that formula also influences net.netfilter.nf_conntrack_buckets,
which should improve conntrack performance in average (fewer connections
per hashtable bucket).
Backport upstream commit for its effect on the number of connections per
hashtable bucket.
Apply a hack patch to set the RAM size divisor to a more reasonable value (2048,
down from 16384) for our use case, a typical router handling several thousands
of connections.
Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
It may happen that conffiles are in different order on different builds.
Make sure they have the same order by sorting them.
FIX: #9612
Signed-off-by: Paul Spooren <mail@aparcar.org>
A Python script containing an unreproducible path is copied by default.
Remove it before generating the package.
Signed-off-by: Paul Spooren <mail@aparcar.org>
There is a hard to reproduce, even harder to track down memory leak in
Octeon since kernel 5.10. Mark octeon source-only until it is plugged.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This reverts commit 35d2bbc29b as we
believe we found that it is indeed an openssl issue, where openssl is
trying to use getrandom(2), but fails because this particular builder
has an ancient kernel without that syscall. We didn't get to the bottom
of why openssl doesn't fall back to something like /dev/random.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The first argument for snprintf is the buffer and the 2. one is the
size. Fix the order. This broke the lock application.
Fixes: 34567750db ("busybox: fix busybox lock applet pidstr buffer overflow")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
When upgrading a TP-Link Archer C5 v1 from ar71xx to ath79,
the 5ghz radio stops working because the device path changed.
Same has been done for the Archer C7 before:
commit e19506f206 ("ath79: migrate Archer C7 5GHz radio device paths")
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
Config option `ARM_ARCH_TIMER` has been removed during rebasing onto
5.15 kernel in commit 2b395c2982 ("imx: update config for 5.15").
Anyway, as stated in commit 8cdc356f8c ("mediatek: mt7623: Re-enable
ARM arch timer") config option `ARM_ARCH_TIMER` cannot be enabled in the
config directly; it is only selected by `HAVE_ARM_ARCH_TIMER`. We need
to enable the latter in our config.
Fixes: 2b395c2982 ("imx: update config for 5.15")
Reported-by: Piotr Dymacz <pepe2k@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes following issue:
Package kmod-drm-imx-ldb is missing dependencies for the following libraries:
drm_dp_aux_bus.ko
Introduced upstream in commit aeb33699fc2c ("drm: Introduce the DP AUX
bus") in kernel version 5.15.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
In imx target we're sharing single, version agnostic kernel
`config-default` file, which doesn't work very well with current 5.10
and upcoming 5.15 kernel symbols as recent rebase onto 5.15 kernel
introduced in commit 2b395c2982 ("imx: update config for 5.15) has
introduced following regression with 5.10 kernel:
Marvell 88E6xxx Ethernet switch fabric support (NET_DSA_MV88E6XXX) [Y/n/m/?] y
Switch Global 2 Registers support (NET_DSA_MV88E6XXX_GLOBAL2) [Y/n/?] (NEW)
That NET_DSA_MV88E6XXX_GLOBAL2 kernel config symbol has been removed in
upstream commit 63368a7416df ("net: dsa: mv88e6xxx: Make global2 support
mandatory") in kernel version 5.12.
This issue could be probably fixed by introduction of separate kernel
config files for each currently used kernel versions and subtarget, but
it is not worth the hassle and resources as imx target is running mostly
upstream kernel, so lets fix it by switching to 5.15 version instead.
Fixes: 2b395c2982 ("imx: update config for 5.15")
Acked-by: Piotr Dymacz <pepe2k@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Backport upstream patch to have reproducible FAT signatures.
This should enable reproducibility for x86 EFI images.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fixes following issue:
Package kmod-drm is missing dependencies for the following libraries:
fb.ko
Introduced upstream in commit f611b1e7624c ("drm: Avoid circular
dependencies for CONFIG_FB") in 5.14.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.
Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com>
The label has the MAC address of eth0, not the WLAN PHY address. We can
merge the definition back into ar7241_ubnt_unifi.dtsi, as both DTS
derived from it use the same interface for their label MAC addresses
after all.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Add Kernel 5.15 patches + config. This is currently only available for
the generic subtarget, as it was exclusively tested with this target.
Tested-on: Siemens WS-AP3610, Enterasys WS-AP3705i
Signed-off-by: David Bauer <mail@david-bauer.net>
Specify the switch ports in the DTS file.
Re-enable it after it was disabled by commit e9672b1a8f ("bcm53xx: switch to the
upstream DSA-based b53 driver").
Signed-off-by: SHIMAMOTO Takayoshi <takayoshi.shimamoto.360@gmail.com>
[rmilecki: reword commit & drop unneeded whitespace change]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.
Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.
Signed-off-by: Paul Spooren <mail@aparcar.org>
platform_nand_pre_upgrade() is gone since commit 790692dde2
("base-files: drop support for the platform_nand_pre_upgrade()").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Asus RT-AC88U is an AC3100 router featuring 9 Ethernet ports over the
integrated Broadcom and the external Realtek switch.
Hardware info:
* Processor: Broadcom BCM4709C0KFEBG dual-core @ 1.4 GHz
* Switch: BCM53012 in BCM4709C0KFEBG & external RTL8365MB
* DDR3 RAM: 512 MB
* Flash: 128 MB (ESMT F59L1G81LA-25T)
* 2.4GHz: BCM4366 4×4 2.4/5G single chip 802.11ac SoC
* 5GHz: BCM4366 4×4 2.4/5G single chip 802.11ac SoC
* Ports: 8 Ports, 1 WAN Ports
Flashing instructions:
* Boot to CFE Recovery Mode by holding the reset button while power-on.
* Connect to the router with an ethernet cable.
* Set IPv4 address of the computer to 192.168.1.2 subnet 255.255.255.0.
* Head to http://192.168.1.1.
* Reset NVRAM.
* Upload the OpenWrt image.
CFE bootloader may reject flashing the image due to image integrity check.
In that case, follow the instructions below.
* Rename the OpenWrt image as firmware.trx.
* Run a TFTP server and make it serve the firmware.trx file.
* Run the URL below on a browser or curl.
http://192.168.1.1/do.htm?cmd=flash+-noheader+192.168.1.2:firmware.trx+flash0.trx
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
[rmilecki: mark BROKEN until we sort out nvram & CFE recovery]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Make sure xz uses at least 2 threads so compression always runs in
multi-threaded mode as the resulting file in single-threaded mode
differs.
Fixes: 29d7461d11 ("kernel: set options to make external initramfs reproducible")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Drop the -processors argument from the mksquashfs4 call, so it will use
all available processors. This dramatically reduces the time to create
squashfs filesystems.
The times below are observed when building an image for my main router,
the WatchGuard Firebox M300 (qoriq target):
Before:
real 4m45,973s
After:
real 0m23,497s
With this commit `mksquashfs` may use more cores than defined via `-j`.
This is the same behaviour as for archive creation of ImageBuilder, SDK
or toolchain. There is no trivial way to limit `mksquashfs` CPU core
usage to the amount of "free" make jobs since two running `mksquashfs`
instances would each run with the total allowed number (-j) of threads.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[extended reasoning in commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
The tc package does not exits any more, it was split into tc-tiny,
tc-full and tc-bpf. Include tc-bpf by default into realtek images.
This increases the compressed image size by about 232KBytes.
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The realtek target is not a router, but basic device, see DEVICE_TYPE.
The basic device type does not come with firewall by default, see
include/target.mk for details. The realtek target extended
DEFAULT_PACKAGES manually with firewall.
This changes the defaults to take firewall4 and nftables instead of
firewall and iptables. This also adds the additional package
kmod-nft-offload.
The only difference to the router type is the missing ppp,
ppp-mod-pppoe, dnsmasq and odhcpd-ipv6only package.
This increases the compressed image size by about 422KBytes.
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not include the dnsmasq and odhcpd-ipv6only package by default any
more. These services are not needed on a switch. If someone needs this
it is still possible to use opkg or image builder to add them.
This decreases the compressed image size by about 165KBytes.
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
So the upcoming changes needed for 5.15 can be reviewed easily.
Removed following upstreamed patches:
* 062-add-sun8i-h3-zeropi-support.patch
* 100-sunxi-h3-add-support-for-nanopi-r1.patch
* 101-sunxi-h5-add-support-for-nanopi-r1s-h5.patch
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes following build issues:
Package kmod-r8169 is missing dependencies for the following libraries:
mdio_devres.ko
Package kmod-ixgbe is missing dependencies for the following libraries:
mdio_devres.ko
Package kmod-amd-xgbe is missing dependencies for the following libraries:
mdio_devres.ko
Signed-off-by: Petr Štetiar <ynezz@true.cz>
So the upcoming changes needed for 5.15 can be reviewed easily.
Removing following patches backported from 5.15:
* 101-v5.15-mfd-lpc_ich-Enable-GPIO-driver-for-DH89xxCC.patch
* 102-v5.15-platform-x86-add-meraki-mx100-platform-driver.patch
Removed upstreamed patch `300-pcengines_apu1_led.patch` in commit
1b40faf7e4ab ("leds: apu: extend support for PC Engines APU1 with newer
firmware")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Backports following fix:
hv: utils: add PTP_1588_CLOCK to Kconfig to fix build
The hyperv utilities use PTP clock interfaces and should depend a
a kconfig symbol such that they will be built as a loadable module or
builtin so that linker errors do not happen.
Prevents these build errors:
ld: drivers/hv/hv_util.o: in function `hv_timesync_deinit':
hv_util.c:(.text+0x37d): undefined reference to `ptp_clock_unregister'
ld: drivers/hv/hv_util.o: in function `hv_timesync_init':
hv_util.c:(.text+0x738): undefined reference to `ptp_clock_register'
References: https://lore.kernel.org/stable/20220328093115.7486-1-ynezz@true.cz/T/#u
Signed-off-by: Petr Štetiar <ynezz@true.cz>