savedscp is a method of storing the DSCP of an ip packet into conntrack
mark. In combination with a suitable tc filter action (conndscp but may
end up being integrated into connmark) DSCP values are able to be stored
on egress and restored on ingress across links that otherwise alter or
bleach DSCP.
This is useful for qdiscs such as CAKE which are able to shape according
to policies based on DSCP.
Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway.
The ingress problem is solved by the tc filter, but the tc people didn't
like the idea of tc setting conntrack mark values, though they are ok
with reading conntrack values and hence restoring DSCP from conntrack
marks.
x_tables CONNMARK with the new savedscp action solves the problem of
storing the DSCP to the conntrack mark.
It accepts 2 parameters. The mark is a 32bit value with usually one 1
bit set. This bit is set when savedscp saves the DSCP to the mark.
This is useful to implement a 'one shot'
iptables based classification where the 'complicated' iptables rules are
only run once to classify the connection on initial (egress) packet and
subsequent packets are all marked/restored with the same DSCP. A mark
of zero disables the setting of a status bit/s.
The mask is a 32bit value of at least 6 contiguous bits and represents
the area where the DSCP will be stored.
e.g.
iptables -A QOS_MARK_eth0 -t mangle -j CONNMARK --savedscp-mark 0xfc000000/0x01000000
Would store the DSCP in the top 6 bits of the 32bit mark field, and use
the LSB of the top byte as the 'DSCP has been stored' marker.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Drop 211-host_tools_portability.patch which is breaking perf build on
4.19 kernels by removing the include directory from the host's CFLAGS
leading to the following build breakage:
pmu-events/jevents.c:48:10: fatal error: linux/list.h: No such file or directory
#include <linux/list.h>
^~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Commit fcb41decf6 ("config: enable some useful features on
!SMALL_FLASH devices") enabled netns, which in turn lead to the crash in
the flow offload target.
When the flow offloading framework intends to delete a flow from the
hardware table, it is necessary to retrieve the namespace from
nf_flowtable->ft_net. However, no one ever wrote the namespace into
nf_flowtable->ft_net in advance. So the framework will mistakenly use a
NULL namespace to execute dev_get_by_index_rcu(net, ifindex), leading to
the kernel panic.
Ref: FS#2321
Fixes: fcb41decf6 ("config: enable some useful features on !SMALL_FLASH devices")
Tested-by: Simon Tretter <simon@mediaarchitectu.re>
Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com>
[merged patch into offload patch, fix for 4.19, SOB fix, commit subj/msg touches]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This patch adds a promising upstream patch that claims
to help for the treated I/O errors happening on f2fs
or ext4 on real block devices.
|print_req_error: I/O error, dev loop1, sector 1334
Link: <https://patchwork.kernel.org/cover/10931787/>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Refreshed all patches.
Fixes:
- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477
Also fix a malformed patch issue caught during refresh.
It was caused by removing a whitespace without altering
the index values in a patch which alters a patch.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Fixes: cf65262492 ("kernel: bump 4.19 to 4.19.51")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Refreshed all patches.
Altered patches:
- 370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch
- 220-optimize_inlining.patch
- 640-netfilter-nf_flow_table-add-hardware-offload-support.patch
This patch also restores the initial implementation
of the ath79 perfcount IRQ issue. (78ee6b1a40)
It was wrongfully backported upstream initially and got reverted now.
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This patch removes 202-reduce_module_size.patch which is causing missing
debug symbols in kernel modules, leading to unusable
kernel-debug.tar.bz2 on all platforms, making debugging of release
kernel crashes difficult.
Cc: Felix Fietkau <nbd@nbd.name>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This reduces the needed modifications to the mainline Linux kernel and
also makes the regmap package work with an out of tree kernel which
does not have these modifications.
The regmap-core is only added when it is really build as a module.
The regmap-core is normally bool so it cannot be built as a module in an
unmodified kernel. When it is selected by on other kernel module it will
always be selected as build in and it also does not show up in
$(LINUX_DIR)/modules.builtin as it is not supposed to be a kernel module.
When it is not in $(LINUX_DIR)/modules.builtin the build system expects
it to be built as a .ko file.
Just check if the module is really there and only add it in that case.
This splits the regmap package into multiple packages, one for each bus type.
This way only the bus maps which are really needed have to be added.
This also splits the I2C, SPI and MMIO regmap into separate packages to not
require all these subsystems to build them, on an unmodified upstream kernel
this also causes problems in some situations.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
This patch replaces the current hack with a better
version of the RFC patch has been accepted upstream.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|In the patch "usb: simplify usbport trigger" together with
|"leds: triggers: add device attribute support" caused an
|regression for the usbport trigger. it will no longer
|enumerate any "ports" (i.e the sysfs directory stays empty)
|if the usb host drivers are fully initialized before the
|usbport trigger was loaded.
<https://marc.info/?l=linux-usb&m=154577101631079>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
CONFIG_OF_NET depends on CONFIG_NVMEM in kernel 4.19. To fix some build
problems in mainline Linux kernel CONFIG_NVMEM was changed from tristate
to bool in commit 2a37ce25d9 ("nvmem: disallow modular CONFIG_NVMEM").
This patch in OpenWrt revert the upstream commit and changes
CONFIG_NVMEM back to tristate we just have to make sure to build this in
for all targets which select CONFIG_OF_NET.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This makes the patches which were just copied in the previous commit
apply on top of kernel 4.19.
The patches in the backports-4.19 folder were checked if they are really
in kernel 4.19 based on the title and only removed if they were found in
the upstream kernel.
The following additional patches form the pending folder went into
upstream Linux 4.19:
pending-4.19/171-usb-dwc2-Fix-inefficient-copy-of-unaligned-buffers.patch
pending-4.19/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch
pending-4.19/478-mtd-spi-nor-Add-support-for-XM25QH64A-and-XM25QH128A.patch
pending-4.19/479-mtd-spi-nor-add-eon-en25qh32.patch
pending-4.19/950-tty-serial-exar-generalize-rs485-setup.patch
pending-4.19/340-MIPS-mm-remove-mips_dma_mapping_error.patch
Bigger changes were introduced to the m25p80 spi nor driver, as far as I
saw it in the new code, it now has the functionality provided in this
patch:
pending-4.19/450-mtd-m25p80-allow-fallback-from-spi_flash_read-to-reg.patch
Part of this patch went upstream independent of OpenWrt:
hack-4.19/220-gc_sections.patch
This patch was reworked to match the changes done upstream.
The MIPS DMA API changed a lot, this patch was rewritten to match the
new DMA handling:
pending-4.19/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch
I did bigger manual changes to the following patches and I am not 100% sure if they are all correct:
pending-4.19/0931-w1-gpio-fix-problem-with-platfom-data-in-w1-gpio.patch
pending-4.19/411-mtd-partial_eraseblock_write.patch
pending-4.19/600-netfilter_conntrack_flush.patch
pending-4.19/611-netfilter_match_bypass_default_table.patch
pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch
hack-4.19/211-host_tools_portability.patch
hack-4.19/221-module_exports.patch
hack-4.19/321-powerpc_crtsavres_prereq.patch
hack-4.19/902-debloat_proc.patch
This is based on patchset from Marko Ratkaj <marko.ratkaj@sartura.hr>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This just copies the files from the kernel 4.14 specific folders into
the kernel 4.19 specific folder, no changes are done to the files in
this commit.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>