Support for iptables action has been dropped. Remove tc-mod-iptables and related
patch (175-reduce-dynamic-syms.patch).
We also add the missing libbpf dependency for `ss` since iproute 8740ca9
("ss: add support for BPF socket-local storage") now means that `ss` requires
libbpf as well.
Fix 170-ip_tiny.patch, as the help text didn't match all the included functions.
Drop upstreamed patches 402-bpf-fix-warning-from-basename.patch
and 403-bpf-include-libgen.h-for-basename.patch.
All other patches automatically rebased.
Co-authored-by: Rany Hany <rany_hany@riseup.net>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Rany Hany <rany_hany@riseup.net>
This reduces open coding and allows to easily add a knob to enable
it treewide, where chosen packages can still opt-out via "no-lto".
Some packages used LTO, but not the linker plugin. This unifies 'em
all to attempt to produce better code.
Quoting man gcc(1):
"This improves the quality of optimization by exposing more code to the
link-time optimizer."
Also use -flto=auto instead of -flto=jobserver, as it's not guaranteed
that every buildsystem uses +$(MAKE) correctly.
Signed-off-by: Andre Heider <a.heider@gmail.com>
This reduces open coding and allows to easily add a knob to
enable it treewide, where chosen packages can still opt-out via
"no-gc-sections".
Note: libnl, mbedtls and opkg only used the CFLAGS part without the
LDFLAGS counterpart. That doesn't help at all if the goal is to produce
smaller binaries. I consider that an accident, and this fixes it.
Note: there are also packages using only the LDFLAGS part. I didn't
touch those, as gc might have been disabled via CFLAGS intentionally.
Signed-off-by: Andre Heider <a.heider@gmail.com>
This patch adds libbpf to the dependencies of tc-mod-iptables.
The package tc-mod-iptables is missing libbpf as a dependency,
which leads to the build failure described in bug #9491
LIBBPF_FORCE=on set, but couldn't find a usable libbpf
The build dependency is already automatically added because some other
packages from iproute2 depend on libbpf, but bpftools has multiple build
variants. With multiple build variants none gets build by default and
the build system will not build bpftools before iproute2.
Fixes: #9491
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In the SDK the folder $(LINUX_DIR)/user_headers/include does not exist,
but it more or less contains the same content as
$(LINUX_DIR)/include/uapi which also exists in the SDK.
Since iproute2 commit 1d819dcc741e ("configure: fix parsing issue on
include_dir option") it checks if this folder exists and aborts the
build if it does not exists.
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1d819dcc741e25958190e31f8186c940713fa0a8
With this commit the KERNEL_INCLUDE variable points to a valid folder
with the kernel include headers. I am not sure if they are actually
needed because the build worked before even with an invalid path.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add patch:
- 105-ipstats-Define-MIN-function-to-fix-undefined-referen.patch
Refreshed:
- 170-ip_tiny.patch
- 195-build_variant_ip_tc.patch
Changes:
deb48554 v5.19.0
f8decf82 bpf_glue: include errno.h
71178ae0 rdma: update uapi/ib_user_verbs.h
96594fd2 vdpa: update uapi headers from 5.19-rc7
30c7b77f Revert "uapi: add vdpa.h"
c5433c4b ip neigh: Fix memory leak when doing 'get'
2cb76253 mptcp: Fix memory leak when getting limits
afdbb020 mptcp: Fix memory leak when doing 'endpoint show'
6db01afd bridge: Fix memory leak when doing 'fdb get'
1d540336 ip address: Fix memory leak when specifying device
325f706b uapi: add virtio_ring.h
291898c5 uapi: add vdpa.h
6e2fb804 uapi: update bpf.h
329fda18 ip: Fix size_columns() invocation that passes a 32-bit quantity
2a00a4b1 man: tc-fq_codel: add drop_batch
6bf5abef uapi: update mptcp.h
02410392 ip: Fix size_columns() for very large values
ed243312 man: tc-ct.8: fix example
2bb37e90 l2tp: fix typo in AF_INET6 checksum JSON print
855edb3d man: tc-fq_codel: Fix a typo.
4044a453 tc: declaration hides parameter
a44a7918 genl: fix duplicate include guard
703f2de6 uapi: change name for zerocopy sendfile in tls
248ad98e uapi: update socket.h
11e41a63 ip: Convert non-constant initializers to macros
8d3977ef Update kernel headers
5a1ad9f8 man: ip-stats.8: Describe groups xstats, xstats_slave and afstats
d9976d67 ipstats: Expose bond stats in ipstats
36e10429 ipstats: Expose bridge stats in ipstats
79f5ad95 iplink_bridge: Split bridge_print_stats_attr()
1247ed51 ipstats: Add groups "xstats", "xstats_slave"
c6900b79 ipstats: Add a third level of stats hierarchy, a "suite"
2ed73b9a iplink: Add JSON support to MPLS stats formatter
5ed8fd9d ipstats: Add a group "afstats", subgroup "mpls"
dff392fd iplink: Publish a function to format MPLS stats
72623b73 iplink: Fix formatting of MPLS stats
ce41750f ip: ipstats: Do not assume length of response attribute payload
40b50f15 bridge: vni: add support for stats dumping
c7f12a15 ip: iplink_vxlan: add support to set vnifiltering flag on vxlan device
45cd32f9 bridge: vxlan device vnifilter support
837294e4 libbpf: Remove use of bpf_map_is_offload_neutral
64e5ed77 libbpf: Remove use of bpf_program__set_priv and bpf_program__priv
ba6519cb libbpf: Use bpf_object__load instead of bpf_object__load_xattr
a6eb654d f_flower: add number of vlans man entry
5788732e f_flower: Check args with num_of_vlans
5ba31bcf f_flower: Add num of vlans parameter
b28eb051 man: Add man pages for the "stats" functions
a05a27c0 ipmonitor: Add monitoring support for stats events
0f1fd40c ipstats: Add offload subgroup "l3_stats"
179030fa ipstats: Add offload subgroup "hw_stats_info"
af5e7955 ipstats: Add a group "offload", subgroup "cpu_hit"
0517a2fd ipstats: Add a group "link"
df0b2c6d ipstats: Add a shell of "show" command
82f6444f ipstats: Add a "set" command
54d82b06 ip: Add a new family of commands, "stats"
5520cf16 ip: Publish functions for stats formatting
a463d6b1 libnetlink: Add filtering to rtnl_statsdump_req_filter()
38ae12d3 devlink: introduce -[he]x cmdline option to allow dumping numbers in hex format
bba95837 Update kernel headers
f6559bea ip-link: put types on man page in alphabetic order
ee53174b ip/iplink_virt_wifi: add support for virt_wifi
Signed-off-by: Nick Hainke <vincent@systemli.org>
The ip-tiny size grows from 124k (5.17.0) to 128k (5.18.0).
The update introduces a commit "configure: add check_libtirpc()" that
introduces a check for libtirpc. However, if libtirpc is already in the
staging directory due to an other dependency the check yields that the
library is installed and should be used resulting in failures like:
Package ss is missing dependencies for the following libraries:
libtirpc.so.3
To fix it add a patch making libtirpc optional again and setting it
"HAVE_TIRPC=n":
- 155-keep_tirpc_optional.patch
Fix patches:
- 130-no_netem_tipc_dcb_man_vdpa.patch
Refresh patches:
- 140-keep_libmnl_optional.patch
- 150-keep_libcap_optional.patch
- 180-drop_FAILED_POLICY.patch
- 200-drop_libbsd_dependency.patch
Changes:
6474b7c8 v5.18.0
4429a6c9 tipc: fix keylen check
6b6979b9 iplink: remove GSO_MAX_SIZE definition
19c3e009 doc: fix 'infact' --> 'in fact' typo
ed706c78 man: fix some typos
03589beb man: devlink-region: fix typo in example
b84fc332 tc: em_u32: fix offset parsing
b6d17086 uapi: update of virtio_ids
17bf51b7 libbpf: Remove use of bpf_map_is_offload_neutral
fa305925 libbpf: Remove use of bpf_program__set_priv and bpf_program__priv
9e0057b4 libbpf: Use bpf_object__load instead of bpf_object__load_xattr
e81fd551 devlink: fix "devlink health dump" command without arg
6f3b5843 man: use quote instead of acute accent
42d351fa man: 'allow to' -> 'allow one to'
d8a7a0f4 uapi: upstream update to stddef.h
5b2ff061 uapi: update from 5.18-rc1
292509f9 ss: remove an implicit dependency on rpcinfo
1ee309a4 configure: add check_libtirpc()
41848100 ip/geneve: add support for IFLA_GENEVE_INNER_PROTO_INHERIT
28add137 f_flower: Implement gtp options support
b25599c5 ip: GTP support in ip link
e4880869 man: bridge: document per-port mcast_router settings
9e82e828 bridge: support for controlling mcast_router per port
f1d18e2e Update kernel headers
8130653d vdpa: Update man page with added support to configure max vq pair
56eb8bf4 vdpa: Support reading device features
16482fd4 vdpa: Support for configuring max VQ pairs for a device
bd91c764 vdpa: Allow for printing negotiated features of a device
2d1954c8 vdpa: Remove unsupported command line option
93fb6810 Makefile: move HAVE_MNL check to top-level Makefile
2dee2101 man: ip-link: whitespace fixes to odd line breaks mid sentence
609b90aa man: ip-link: mention bridge port's default mcast_flood state
b1c3ad84 man: ip-link: document new bcast_flood flag on bridge ports
c354a434 ip: iplink_bridge_slave: support for broadcast flooding
909f0d51 man: bridge: add missing closing " in bridge show mdb
3b681cf9 man: bridge: document new bcast_flood flag for bridge ports
a6c848eb bridge: support for controlling flooding of broadcast per port
8acb5247 ip/batadv: allow to specify RA when creating link
0431d8e8 Import batman_adv.h header from last kernel sync point
239bfd45 Revert "configure: Allow command line override of toolchain"
a93c90c7 tc: separate action print for filter and action dump
d9977eaf bpf: Remove use of bpf_create_map_xattr
ac4e0913 bpf: Export bpf syscall wrapper
873bb975 bpf_glue: Remove use of bpf_load_program from libbpf
5e17b715 ss: display advertised TCP receive window and out-of-order counter
712ec66e tc: bash-completion: Add profinet and ethercat to procotol completion list
75061b35 lib: add profinet and ethercat as link layer protocol names
0a685b98 man8/ip-link.8: add locked port feature description and cmd syntax
d4fe3673 man8/bridge.8: add locked port feature description and cmd syntax
092af16b ip: iplink_bridge_slave: add locked port flag support
0e51a185 bridge: link: add command to set port in locked mode
04a0077d Update kernel headers
386ae64c configure: Allow command line override of toolchain
bea92cb0 mptcp: add port support for setting flags
2dbc6c90 mptcp: add fullmesh support for setting flags
5fb6bda0 mptcp: add fullmesh check for adding address
9831202f bond: add ns_ip6_target option
e8fd4d4b devlink: Remove strtouint8_t in favor of get_u8
2688abf0 devlink: Remove strtouint16_t in favor of get_u16
95c03f40 devlink: Remove strtouint32_t in favor of get_u32
7cb0e24d devlink: Remove strtouint64_t in favor of get_u64
7848f6bb Update kernel headers
4f015972 f_flower: fix indentation for enc_key_id and u32
25a9c4fa tunnel: Fix missing space after local/remote print
ff14875e Update documentation
8908cb25 Add support for the IOAM insertion frequency
cd24451e Update kernel headers
e4ba36f7 iplink: add ip-link documentation
5d57e130 iplink: add gro_max_size attribute handling
721435dc tc: u32: add json support in `print_raw`, `print_ipv4`, `print_ipv6`
c733722b tc: u32: add support for json output
5f44590d tc/f_flower: fix indentation
9948b6cb tc_util: fix breakage from clang changes
f4cd4f12 tc: add skip_hw and skip_sw to control action offload
ba5ac984 json_print: suppress clang format warning
bf71c8f2 libbpf: fix clang warning about format non-literal
5632cf69 tunnel: fix clang warning
c0248878 tipc: fix clang warning about empty format string
371c13e8 can: fix clang warning
8d27eee5 ipl2tp: fix clang warning
560d2336 tc_util: fix clang warning in print_masked_type
b2450e46 flower: fix clang warnings
4e27d538 netem: fix clang warnings
9d5e29e6 utils: add format attribute
343c4f52 tc: add format attribute to tc_print_rate
Signed-off-by: Nick Hainke <vincent@systemli.org>
Remove backports:
- 0001-lib-fix-ax25.h-include-for-musl.patch
Changes:
4c424dfd v5.17.0
7846496b link_xfrm: if_id must be non zero
eed4bb1a testsuite: link xfrm delete no if_id test
ac0a54b2 rdma: make RES_PID and RES_KERN_NAME alternative to each other
885e281e uapi: update vdpa.h
19c0def1 ipaddress: remove 'label' compatibility with Linux-2.0 net aliases
1808f002 lib/fs: fix memory leak in get_task_name()
62c0700c uapi: update magic.h
c8d9d925 rdma: Fix the logic to print unsigned int.
a42dfaa4 Revert "rdma: Fix res_print_uint() and add res_print_u64()"
9d0badec rdma: Fix res_print_uint() and add res_print_u64()
86a1452b uapi: update to xfrm.h
09c6a3d2 bridge: Remove vlan listing from `bridge link`
e4fda259 bridge: Fix error string typo
cc143bda lnstat: fix strdup leak in -w argument parsing
90bbf861 iplink_can: print_usage: typo fix, add missing spaces
1b5c7414 dcb: Fix error reporting when accessing "dcb app"
a38d305d tc: fix duplicate fall-through
f8beda6e libnetlink: fix socket leak in rtnl_open_byproto()
7f70eb2a tc_util: Fix parsing action control with space and slash
29da83f8 iprule: Allow option dsfield in 'ip rule show'
07012a1f ss: use freecon() instead of free() when appropriate
03b4de0b man: Fix a typo in the flag documentation of ip address
924f6b4a dcb: app: Add missing "dcb app show dev X default-prio"
5c9571bc uapi: update kernel headers from 5.17-rc1
d542543b tc/action: print error to stderr
52370c61 mptcp: add id check for deleting address
c556f577 dcb: Rewrite array-formatting code to not cause warnings with Clang
0dc5da8e f_flower: fix checkpatch warnings
ffbcb246 netem: fix checkpatch warnings
8bced38a lib: fix ax25.h include for musl
e27bb8e5 uapi: add missing virtio headers
26ff0afa uapi: add missing rose and ax25 files
eb4206ec q_cake: allow changing to diffserv3
db530529 iplink_can: add ctrlmode_{supported,_static} to the "--details --json" output
ac2e9148 Update kernel headers
bb4cc9cc rdma: Don't allocate sparse array
b8767168 rdma: Limit copy data by the destination size
167e33f3 vdpa: Enable user to set mtu of the vdpa device
384938f9 vdpa: Enable user to set mac address of vdpa device
a311f0c4 vdpa: Enable user to query vdpa device config layout
9d8882d5 vdpa: Update kernel headers
5cb7ec0c Update kernel headers and import virtio_net
26113360 mptcp: add support for changing the backup flag
4b301b87 tc: Add support for ce_threshold_value/mask in fq_codel
99d09ee9 bond: add arp_missed_max option
432cb06b mptcp: add support for fullmesh flag
2d777dfe Update kernel headers
a21458fc vdpa: Remove duplicate vdpa UAPI header file
Signed-off-by: Nick Hainke <vincent@systemli.org>
This adds the new tc-bpf variant and removes libxtables dependency from
the tc-tiny variant. The tc-full variant stays like before and contains
everything.
This allows to use tc without libxtables.
The variants have the following sizes:
root@OpenWrt:/# ls -al /usr/libexec/tc-*
-rwxr-xr-x 1 root root 282453 Mar 1 21:55 /usr/libexec/tc-bpf
-rwxr-xr-x 1 root root 282533 Mar 1 21:55 /usr/libexec/tc-full
-rwxr-xr-x 1 root root 266037 Mar 1 21:55 /usr/libexec/tc-tiny
They are linking the following shared libraries:
root@OpenWrt:/# ldd /usr/libexec/tc-tiny
/lib/ld-musl-mips-sf.so.1 (0x77d6e000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d4a000)
libc.so => /lib/ld-musl-mips-sf.so.1 (0x77d6e000)
root@OpenWrt:/# ldd /usr/libexec/tc-bpf
/lib/ld-musl-mips-sf.so.1 (0x77da6000)
libbpf.so.0 => /usr/lib/libbpf.so.0 (0x77d60000)
libelf.so.1 => /usr/lib/libelf.so.1 (0x77d3e000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d1a000)
libc.so => /lib/ld-musl-mips-sf.so.1 (0x77da6000)
libz.so.1 => /usr/lib/libz.so.1 (0x77cf6000)
root@OpenWrt:/# ldd /usr/libexec/tc-full
/lib/ld-musl-mips-sf.so.1 (0x77de8000)
libbpf.so.0 => /usr/lib/libbpf.so.0 (0x77da2000)
libelf.so.1 => /usr/lib/libelf.so.1 (0x77d80000)
libxtables.so.12 => /usr/lib/libxtables.so.12 (0x77d66000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d42000)
libc.so => /lib/ld-musl-mips-sf.so.1 (0x77de8000)
libz.so.1 => /usr/lib/libz.so.1 (0x77d1e000)
This is based on a patch from Tiago Gaspar.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
from https://git.kernel.org/pub/scm/network/iproute2/iproute2.git
changes since 5.14.0:
ad3a118f rdma: Fix SRQ resource tracking information json
7a235a10 man: devlink-port: fix pfnum for devlink port add
229eaba5 uapi: pickup fix for xfrm ABI breakage
a500c5ac lib/bpf: fix map-in-map creation without prepopulation
7c032cac man: devlink-port: remove extra .br
04ee8e6f man: devlink-port: fix style
14802d84 man: devlink-port: fix the devlink port add synopsis
897772a7 cmd: use spaces instead of tabs for usage indentation
e7a98a96 mptcp: unbreak JSON endpoint list
2f5825cb lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists
d756c08a tc/f_flower: fix port range parsing
92e32f77 uapi: updates from 5.15-rc1
e7e0e2ce iptuntap: fix multi-queue flag display
deef844b man: ip-link: remove double of
a3272b93 configure: restore backward compatibility
ceba5930 tree-wide: fix some typos found by Lintian
7a705242 ip: remove leftovers from IPX and DECnet
8ab1834e uapi: update headers from 5.15 merge
6d0d35ba ip/bond: add lacp active support
926ad641 Update kernel headers
c730bd0b ip/tunnel: always print all known attributes
df8912ed ipioam6: use print_nl instead of print_null
7e7270bb tc/skbmod: Introduce SKBMOD_F_ECN option
86c596ed IOAM man8
2d83c710 New IOAM6 encap type for routes
f0b3808a Add, show, link, remove IOAM namespaces and schemas
acbdef93 Import ioam6 uapi headers
2d6fa30b Update kernel headers
508ad89c ipneigh: add support to print brief output of neigh cache in tabular format
* update patch 170-ip_tiny.patch to accomodate ioam.
Signed-off-by: Russell Senior <russell@personaltelco.net>
Build the tc-mod-iptables before the tc-tiny and tc-full packages.
This avoids unnecessary package rebuild when calling make back to back.
Before this change, tc-mod-iptables will be built after the main tc
binary packages.
Both tc-tiny and tc-full depend on tc-mod-ipables. If make is called
after the packages are already built, it will check the timestamps of
both packages, and will rebuild the main binaries, since the module
package will be newer than the tc package.
Calling BuildPackage,mod-iptables first ensures that its variant gets
built before the other packages' variants.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Update iproute2 to latest stable 5.14; for the changes see https://lwn.net/Articles/867940/
Refresh patches
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Skip building Makefile targets that aren't packaged: tipc, dcb, ifstat,
rtacct, lnstat, and man. Also, only compile targets needed for the current
build variant i.e. don't compile 'tc' when building an 'ip' variant and
vice versa.
These changes reduce typical build times by over 30%:
$ make package/iproute2/clean && time make -j8 package/iproute2/compile
(old)
...
real 2m24.985s
user 3m12.537s
sys 0m26.677s
(new)
...
real 1m36.945s
user 2m8.734s
sys 0m20.046s
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Upstream iproute2 detects libbpf using a one-line $CC test-compile, which
normally ignores LDFLAGS. With NLS enabled however, LDFLAGS includes an
"rpath-link" linker option needed to resolve libintl.so. Its absence
causes both the compile and libbpf detection to fail:
ld: warning: libintl.so.8, needed by libbpf.so, not found (try using
-rpath or -rpath-link)
ld: libelf.so.1: undefined reference to `libintl_dgettext'
collect2: error: ld returned 1 exit status
Fix this by directly including $LDFLAGS in the test-compile command.
Reported-by: Ian Cooper <iancooper@hotmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
This change was investigated previously [1] but not deemed necessary. With
the recent addition [2] of modern BPF loader support, however, tc gained
dependencies on libelf and libbpf, with a larger installation footprint.
Similar to ip-tiny/ip-full, split tc into tc-full and tc-tiny variants,
where the latter excludes the eBPF loader, uses a smaller executable, and
avoids libelf and libbpf package dependencies. Both variants provide the
'tc' virtual package, with tc-tiny as the default.
The previous tc package included a loadable module for iptables actions.
Separate this out into a common package, tc-mod-iptables, which both
variants depend on. Some package sizes on mips_24kc:
Before:
148343 tc_5.11.0-1_mips_24kc.ipk
After:
144833 tc-full_5.11.0-2_mips_24kc.ipk
138430 tc-tiny_5.11.0-2_mips_24kc.ipk (and no libelf or libbpf)
4115 tc-mod-iptables_5.11.0-2_mips_24kc.ipk
Also fix up some Makefile indentation.
[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447619962
[2] b048a305a3 ("iproute2: update to 5.11.0")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The link equalizer sch_teql.ko of package kmod-sched relies on a hotplug
script historically included in iproute2's tc package. In previous
discussion [1], consensus was the hotplug script is best located together
with the module in kmod-sched, but this change was deferred at the time.
Relocate the hotplug script now. This change also simplifies adding a tc
variant for minimal size with reduced functionality.
[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447923636
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The latest iproute2 version brings various improvements and fixes:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?qt=range&q=v5.10.0..v5.11.0
In particular, ip and tc now use libbpf as the standard way to load BPF
programs, rather than the old, limited custom loader. This allows more
consistent and featureful BPF program handling e.g. support for global
initialized variables.
Also fix a longstanding problem with iproute2 builds where unneeded DSO
dependencies are added to most utilities, bloating their installation
footprint. From research and testing, explicitly using a "--as-needed"
linker flag avoids the issue. Update accordingly and drop extra package
dependencies from Makefile.
Additional build and packaging updates include:
- install missing development header to iproute2/bpf_elf.h
- propagate OpenWrt verbose flag during build
- update and refresh patches
Compile and run tested: QEMU/malta-mips32be on kernels 5.4 & 5.10.
All iproute2 packages were built and installed to the test image. Some
regression testing using ip-full and tc was successfully performed to
exercise several kmods, tc modules, and simple BPF programs.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Update iproute2 to latest stable 5.9; for the changes see https://lwn.net/Articles/834755/
Refresh patches
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Hauke Mehrtens <hauke@huake-m.de>
Feature detection doesn't recognize ipset v7 use on kernel v5.x systems
and thus disables the tc ematch function em_ipset.
- backport patch:
* 002-configure-support-ipset-v7.patch:
650591a7a70c configure: support ipset version 7 with kernel version 5
Fixes: 4e0c54bc5b ("kernel: add support for kernel 5.4")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Allows proper usage of the ss tool. Otherwise, several errors and bad
data gets thrown:
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Originally reported here: https://github.com/openwrt/packages/issues/8232
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This reverts commit a6da3f9ef7.
The libcap isn't as optional as the commit messages suggests. A hard
dependency to the libcap package is added, which is only available in
the external packages feed. Therefore it is impossible to package
ip-full without having the external packages feed up and running, which
is a regression to the former behaviour.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
I'm having another attempt at trying to getting the 'store dscp into
conntrack connmark' functionality into upstream kernel, since the
restore function (act_ctinfo) has been accepted.
The syntax has changed from 'savedscp' to 'set-dscpmark' since that
conforms more closely with existing functionality.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Update iproute2 to latest stable version, see https://lwn.net/Articles/805654/
for the changes in 5.4.0
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Preserve optionality of libcap by having configuration script follow the
HAVE_CAP environment variable, used similarly to the HAVE_ELF variable.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase/refresh patches]
This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into
account (if set), so that packages do not need to manually override
PKG_BUILD_DIR just to handle variants.
This also updates most base packages with variants to use the updated
default PKG_BUILD_DIR.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Add the userspace control portion of the backported kernelspace
act_ctinfo.
ctinfo is a tc action restoring data stored in conntrack marks to
various fields. At present it has two independent modes of operation,
restoration of DSCP into IPv4/v6 diffserv and restoration of conntrack
marks into packet skb marks.
It understands a number of parameters specific to this action in
additional to the usual action syntax. Each operating mode is
independent of the other so all options are optional, however not
specifying at least one mode is a bit pointless.
Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE]
[CONTROL] [index <INDEX>]
DSCP mode
dscp enables copying of a DSCP stored in the conntrack mark into the
ipv4/v6 diffserv field. The mask is a 32bit field and specifies where
in the conntrack mark the DSCP value is located. It must be 6
contiguous bits long. eg. 0xfc000000 would restore the DSCP from the
upper 6 bits of the conntrack mark.
The DSCP copying may be optionally controlled by a statemask. The
statemask is a 32bit field, usually with a single bit set and must not
overlap the dscp mask. The DSCP restore operation will only take place
if the corresponding bit/s in conntrack mark ANDed with the statemask
yield a non zero result.
eg. dscp 0xfc000000 0x01000000 would retrieve the DSCP from the top 6
bits, whilst using bit 25 as a flag to do so. Bit 26 is unused in this
example.
CPMARK mode
cpmark enables copying of the conntrack mark to the packet skb mark. In
this mode it is completely equivalent to the existing act_connmark
action. Additional functionality is provided by the optional mask
parameter, whereby the stored conntrack mark is logically ANDed with the
cpmark mask before being stored into skb mark. This allows shared usage
of the conntrack mark between applications.
eg. cpmark 0x00ffffff would restore only the lower 24 bits of the
conntrack mark, thus may be useful in the event that the upper 8 bits
are used by the DSCP function.
Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE]
[CONTROL] [index <INDEX>]
where :
dscp MASK is the bitmask to restore DSCP
STATEMASK is the bitmask to determine conditional restoring
cpmark MASK mask applied to restored packet mark
ZONE is the conntrack zone
CONTROL := reclassify | pipe | drop | continue | ok |
goto chain <CHAIN_INDEX>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Update iproute2 to 5.0.0
Remove upstream patch 001-tc-fix-undefined-XATTR_SIZE_MAX
Alter patch 170-ip_tiny as support for IPX and DECnet is dropped
Update patch 010-cake-fwmark to match upstream commit
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all*
symbols into the dynamic symbol table. Instead, use --dynamic-list to
export a smaller set of symbols similar to that defined in static-syms.h
in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase.
The symbol set is based on that required by the only plugin, m_xt.so.
Also increment PKG_RELEASE.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE fixup]
This enables using the tc module m_xt.so, which uses the act_ipt kernel
module to allow tc actions based on iptables targets. e.g.
tc filter add dev eth0 parent 1: prio 10 protocol ip \
u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE
Make the SHARED_LIBS parameter configurable and based on tc package
selection.
Fix a problem using the tc m_xt.so plugin as also described in
https://bugs.debian.org/868059:
Sync include/xtables.h from iptables to make sure the right offset is
used when accessing structure members defined in libxtables. One could
get “Extension does not know id …” otherwise. (See also: #868059)
Patch to sync the included xtables.h with system iptables 1.6.x. This
continues to work with iptables 1.8.2.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>