Re: [OpenWrt-Devel] [PATCH netifd 3/6] interface-ip: Remove ip loop policy rules as kernel issue is fixed
Hi, On Wed, Sep 9, 2015 at 3:45 PM, Hans Dedeckerwrote: > Remove ip loop policy rules as workaround for the kernel using unspecified > address > to lookup locally originating traffic is fixed by > http://lkml.iu.edu/hypermail/linux/kernel/1505.0/03094.html > > Signed-off-by: Hans Dedecker This patch breaks (at least) IPv4 on multihomed routers that keep all default routes in other tables than main. Without these rules, traffic originating from the router (and not bound to an interface) will not be routed anywhere and dropped. -Kristian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH procd] system: fix undefined behavior in wdt offline check
watchdog_fd() is returning a char* and not a int. checking against < 0 could lead in undefined behaviour. Signed-off-by: Alexander Couzens--- system.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system.c b/system.c index 82c672e..fb7fbe4 100644 --- a/system.c +++ b/system.c @@ -282,7 +282,7 @@ static int watchdog_set(struct ubus_context *ctx, struct ubus_object *obj, if (tb[WDT_STOP]) watchdog_set_stopped(blobmsg_get_bool(tb[WDT_STOP])); - if (watchdog_fd() < 0) + if (watchdog_fd() == NULL) status = "offline"; else if (watchdog_get_stopped()) status = "stopped"; -- 2.5.3 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH netifd 2/6] iprule: Insert network and address ip rules before main table lookup rule
On Wed, Sep 23, 2015 at 11:52 AM, Kristian Evensen < kristian.even...@gmail.com> wrote: > Sorry about partial reply, clumsy fingers. > > On Wed, Sep 23, 2015 at 11:31 AM, Hans Dedecker> wrote: > > Can you share the uci network config and ifstatus of the different > > interfaces ? > > UCI config is nothing more than ... proto dhcp ... ip4/ip6table X > > >> > >> > >> I don't see any other fix than a partial revert. I guess the ADDR-rule > can > >> stay. > > > > Is the service hosted on the multihomed router or on a lan device; nat > > involved or not ? > > The current service I am access is a router located on one of the > external networks. > > > It seems odd to me if the service is hosted on the gateway the nw rule is > > hit as the local table lookup has pref 1 while the NW policy rules start > > from 2 > > The route that needs to be hit is contained in main. Here is a more > detailed description of what happens. > > - External router has IP 192.168.0.1 and netmask 255.255.255.0. > - When I try to access this router, outgoing traffic is routed > correctly as it does not match any source rules and hit the network > rule in the main table (192.168.0.0/24 dev X src Y). > - When the reply comes, problem occurs. Since the network rule is > checked before the main table, we get a match on the "from > 192.168.0.0/24"-rule and packet is routed back out on the > 192.168.0.0/24 interface. The correct route (i.e., the route for my > local network) is in the main table. > Ah ok I see the issue; traffic coming from behind the gateway and targeted to a direct connected device on the wan is impacted. > > I have a question about this patch. In what scenario is it needed? Or > rather, will you ever use source based routing and have a default route in the main table? As far as I remember, these rules are only Indeed we're using source based routing in combination with a default route in the main routing table; even the specific routing table(s) can contain a default route Based on the addr rule the traffic is guided to a specific routing table so it leaves on the correct interface Hans > added when you have specified an ip4/ip6table. Or do you have one interface without an ipXtable value? > > -Kristian > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH v2] base-files: init/sysfixtime - exclude dnsmasq.time
On 23/09/15 03:42, Yousong Zhou wrote: > On 23 September 2015 at 01:52, Bastian Bittorfwrote: >> dnsmasq maintains dnsmasq.time across reboots and uses it as a means of >> determining if current time is good enough to validate dnssec time >> stamps. By including /etc/dnsmasq.time as a time source for sysfixtime, >> the mechanism was effectively defeated because time was set to the last >> time that dnsmasq considered current even though that time is in >> the past. Since that time is out of date, dns(sec) resolution would >> fail thus defeating any ntp based mechanisms for setting the clock >> correctly. >> >> In theory the process is defeated by any files in /etc that are newer >> than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp >> on process TERM so hopefully /etc/dnsmasq.time is the latest file >> timestamp in /etc as part of openWrt shutdown/reboot. >> I'm glad there's so much interest in this topic. I have to declare a bias/interest in this because I was the guy who persuaded Simon (dnsmasq) to implement the timestamp check file option. The motivation was to provide an easier path for users of dnsmasq to switch on dnssec and have it 'just work', well hopefully. The existing --dnssec-no-timecheck has some practical difficulties and at the time I was marginally involved in the 'tomato' project which just proved too difficult to adapt to use '--dnssec-no-timecheck' > In theory, a security sensitive mechanism's dependence on a > non-reliable timestamp file with access permission nobody:nogroup > makes little sense to me. How about that we do --dnssec-no-timecheck > on dnsmasq startup time and notify it of the system time change from > ntpd hotplug script? If the concern is someone mangling the timestamp file then a relatively easy solution is to create a dnsmasq user/group, have dnsmasq drop to that user rather than nobody, create a directory solely for the timestamp file '/etc/dnsmasq.d' (perm 600) and store the timestamp file there out of everyone else's reach. Manipulating the timestamp file and system time before dnsmasq start has the following effects as I understand it: 1) system time equal or ahead of timestamp file - dnsmasq considers system time correct (updates timestamp file) and will now check dnssec signature timestamps. If the system time is not actually 'internet time' (within a tolerance of which I'm unclear) and dnsmasq is using 'dnssec-check-unsigned' then ALL dns resolution will fail (everything is considered BOGUS) - arguably a fail safe in that it just stops! This become really problematic when trying to resolve name to ip addresses of ntp servers ;-) Manual workaround, stop dnsmasq, restart sysntpd, wait 10 seconds, start dnsmasq, get on with life :-) 2) system time behind timestamp file - dnsmasq considers system time 'incorrect' and doesn't check dnssec signature timestamps, yet. dns(sec) resolution will work, though timestamps are not checked. The full implications of this I don't understand (at least I'm honest) dnsmasq compares system time and filestamp time for each lookup and when it detects system time > filestamp time starts checking dnssec signature timestamps (see 1) In essence dnsmasq tries to maintain a 'last known good time' timestamp file. Moving that timestamp file out of everyone else's reach is probably a good idea as this removes one source of manipulation. This 'just' leaves the problem of someone effectively manipulating system time at boot via the 'sysfixtime' script. They can only move the time forward and if they go too far from internet time then name resolution will stop (see 1 above) --dnssec-no-timecheck on the other hand assumes time is incorrect and so by default doesn't check signature timestamps. Signature checking is enabled by sending SIGHUP (which does a few other things as well) A problem with this approach is handling dnsmasq re-starts (crashes)/reconfigures. If by default dnsmasq is always started with '--dnssec-no-timecheck' then a process restart will put it back into 'less secure' mode until something notices and sends another SIGHUP. I guess ntpd could be patched to create a flag that says 'time has been set' and the dnsmasq startup process modified to include/exclude '--dnssec-no-timecheck' as required. Care needs to be taken to remove this flag at reboot. > > Another idea would be to delegate timestamp update task to a specific > service program like ntpd or procd and later on system startup we set > system time from the specific file. > >> Either way, including /etc/dnsmasq.time as a time source for sysfixtime >> is not helpful. > Agree. :-) Including it almost guaranteed dnsmasq fell into the trap mentioned in 1) > > yousong > smime.p7s Description: S/MIME Cryptographic Signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org
Re: [OpenWrt-Devel] [PATCH netifd 2/6] iprule: Insert network and address ip rules before main table lookup rule
On Wed, Sep 23, 2015 at 1:07 PM, Hans Dedeckerwrote: > Indeed we're using source based routing in combination with a default route > in the main routing table; even the specific routing table(s) can contain a > default route > Based on the addr rule the traffic is guided to a specific routing table so > it leaves on the correct interface Thanks for letting me know. If you add the lo-rules, then do you do not need the default route in main table. Or does this break something else? Note that I am talking about v4, I dont currently have a v6-network to test with :( -Kristian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH v2] base-files: init/sysfixtime - exclude dnsmasq.time
* Kevin Darbyshire-Bryant[23.09.2015 12:21]: [...] > signature timestamps. If the system time is not actually 'internet > time' (within a tolerance of which I'm unclear) and dnsmasq is using > 'dnssec-check-unsigned' then ALL dns resolution will fail (everything is > considered BOGUS) - arguably a fail safe in that it just stops! This > become really problematic when trying to resolve name to ip addresses of > ntp servers ;-) good point. so it makes sense to startup dnsmasq without dnssec strict checks and reconfigure it when NTP was successful? it would be really helpful if ntp can mark (with a file) somehow, that time is 'good'. At least the returncode indicates that: root@box:~ /usr/sbin/ntpd -q -n -p 1.openwrt.pool.ntp.org root@box:~ echo $? 0 (it is e.g. 143 when it fails) so if first timesetting is done, it has to trigger dnsmasq... bye, bastian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] ZyXEL NBG4615
On Sat, 19 Sep 2015 12:11:06 +0200 John Crispinwrote: > rt305x has a rgmii that the switch connects to. however we dont have > support in the driver for that rgmii port. you will need to first atch > the driver to support the rgmii interface and then hook up the switch > driver. As I don't know how to hook the switch driver, I tried to copy ar8216.c and .h to drivers/net/ethernet/ralink, added ar8216.o to Makefile, but when compiling I get an error: CC drivers/net/ethernet/ralink/ar8216.o drivers/net/ethernet/ralink/ar8216.c: In function 'ar8216_mangle_tx': drivers/net/ethernet/ralink/ar8216.c:482:32: error: 'struct net_device' has no member named 'phy_ptr' struct ar8xxx_priv *priv = dev->phy_ptr; Then I plan to add ar8xxx_init(); to ralink_soc_eth.c, but it probably is a bad idea. Could anyone guide me? Regards, Nerijus ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] [SIGNED-OFF] Add WeIO Board Support
A kind reminder, please someone take a look at this patch and integrate it if it is OK. BR, Drasko On Sun, Sep 20, 2015 at 7:27 PM, Drasko DRASKOVICwrote: > Add support for WeIO board (http://we-io.net). > This board is based on Carambola2 board form 8Devices. > > Signed-off-by: Drasko DRASKOVIC > --- > target/linux/ar71xx/base-files/lib/ar71xx.sh | 3 + > .../ar71xx/base-files/lib/upgrade/platform.sh | 3 +- > target/linux/ar71xx/config-4.1 | 1 + > .../linux/ar71xx/files/arch/mips/ath79/mach-weio.c | 145 > + > target/linux/ar71xx/generic/profiles/weio.mk | 17 +++ > target/linux/ar71xx/image/Makefile | 8 ++ > .../700-MIPS-ath79-openwrt-machines.patch | 21 ++- > 7 files changed, 192 insertions(+), 6 deletions(-) > create mode 100644 target/linux/ar71xx/files/arch/mips/ath79/mach-weio.c > create mode 100644 target/linux/ar71xx/generic/profiles/weio.mk > > diff --git a/target/linux/ar71xx/base-files/lib/ar71xx.sh > b/target/linux/ar71xx/base-files/lib/ar71xx.sh > index efb3d16..ad98cfb 100755 > --- a/target/linux/ar71xx/base-files/lib/ar71xx.sh > +++ b/target/linux/ar71xx/base-files/lib/ar71xx.sh > @@ -850,6 +850,9 @@ ar71xx_board_detect() { > *"UniFi AP Pro") > name="uap-pro" > ;; > + *"WeIO") > + name="weio" > + ;; > *WHR-G301N) > name="whr-g301n" > ;; > diff --git a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh > b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh > index cad8b43..c947b78 100755 > --- a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh > +++ b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh > @@ -252,7 +252,8 @@ platform_check_image() { > nbg460n_550n_550nh | \ > unifi | \ > unifi-outdoor | \ > - carambola2 ) > + carambola2 | \ > + weio ) > [ "$magic" != "2705" ] && { > echo "Invalid image type." > return 1 > diff --git a/target/linux/ar71xx/config-4.1 b/target/linux/ar71xx/config-4.1 > index 51f2f2f..50dc7b2 100644 > --- a/target/linux/ar71xx/config-4.1 > +++ b/target/linux/ar71xx/config-4.1 > @@ -143,6 +143,7 @@ CONFIG_ATH79_MACH_TL_WR941ND=y > CONFIG_ATH79_MACH_TUBE2H=y > CONFIG_ATH79_MACH_UBNT=y > CONFIG_ATH79_MACH_UBNT_XM=y > +CONFIG_ATH79_MACH_WEIO=y > CONFIG_ATH79_MACH_WHR_HP_G300N=y > CONFIG_ATH79_MACH_WLAE_AG300N=y > CONFIG_ATH79_MACH_WLR8100=y > diff --git a/target/linux/ar71xx/files/arch/mips/ath79/mach-weio.c > b/target/linux/ar71xx/files/arch/mips/ath79/mach-weio.c > new file mode 100644 > index 000..44a831b > --- /dev/null > +++ b/target/linux/ar71xx/files/arch/mips/ath79/mach-weio.c > @@ -0,0 +1,145 @@ > +/** > + * WEIO Web Of Things Platform > + * > + * Copyright (C) 2013 Drasko DRASKOVIC and Uros PETREVSKI > + * > + * ## ## ### > + * ## ## ## #### ## ## > + * ## ## ## #### ## ## > + * ## ## ## #### ## ## > + * ## ## ## #### ## ## > + * ## ## ## #### ## ## > + * ### ### ### > + * > + * Web Of Things Platform > + * > + * This program is free software; you can redistribute it and/or > + * modify it under the terms of the GNU General Public License > + * as published by the Free Software Foundation; either version 2 > + * of the License, or (at your option) any later version. > + * > + * This program is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License > + * along with this program; if not, write to the Free Software > + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. > + * > + * Authors : > + * Drasko DRASKOVIC > + * Uros PETREVSKI > + */ > + > +#include > +#include > +#include "common.h" > +#include "dev-eth.h" > +#include "dev-gpio-buttons.h" > +#include "dev-leds-gpio.h" > +#include "dev-m25p80.h" > +#include "dev-spi.h" > +#include "dev-usb.h" > +#include "dev-wmac.h" > +#include "machtypes.h" > +#include "linux/i2c-gpio.h" > +#include "linux/platform_device.h" > + > +#define WEIO_GPIO_LED_STA 1 > +#define WEIO_GPIO_LED_AP 16 > + > +#define WEIO_GPIO_BTN_AP 20 > +#define WEIO_GPIO_BTN_RESET23 > + > +#define WEIO_KEYS_POLL_INTERVAL20 /* msecs */ > +#define WEIO_KEYS_DEBOUNCE_INTERVAL(3 * WEIO_KEYS_POLL_INTERVAL) > + >
Re: [OpenWrt-Devel] [PATCH v2] base-files: init/sysfixtime - exclude dnsmasq.time
* Yousong Zhou[23.09.2015 07:58]: > In theory, a security sensitive mechanism's dependence on a > non-reliable timestamp file with access permission nobody:nogroup > makes little sense to me. How about that we do --dnssec-no-timecheck > on dnsmasq startup time and notify it of the system time change from > ntpd hotplug script? this sounds good to me, but will be another patch. should we drop this patch completely or does it still make sense to deny reading '/etc/dnsmasq.time'? and: of which hotplug script you are talking about? find /etc/hotplug.d -name '*ntp*' = empty > Another idea would be to delegate timestamp update task to a specific > service program like ntpd or procd and later on system startup we set > system time from the specific file. unsure if this is overkill, just for 1 service. thanks for feedback - bye, bastian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] Configure IPv6 kernel options in config/Config-kernel.in
On 22/09/2015 22:17, Arjen de Korte wrote: > Citeren John Crispin: > >> On 22/09/2015 19:31, Arjen de Korte wrote: >>> Revision 46834 changed IPv6 support from a module to builtin. But >>> since the configuration of the IPv6 kernel options was left in >>> package/kernel/linux/modules/netsupport.mk, this means that an >>> empty kmod-ipv6 module was still being generated (not packaged). >>> >>> This patch moves the configuration of the IPv6 kernel options to >>> config/Config-kernel.in to remove this last bit of the module. >>> >>> Note that CONFIG_IPV6_PRIVACY was dropped (enabled by default >>> since Linux v3.13), so this option is no longer needed. >>> >>> See >>> https://github.com/torvalds/linux/commit/5d9efa7ee99eed58388f186c13cf2e2a87e9ceb4 >>> >>> >>> Signed-off-by: Arjen de Korte >>> --- >>> config/Config-kernel.in| 23 +++ >>> package/kernel/linux/modules/netsupport.mk | 22 -- >>> 2 files changed, 23 insertions(+), 22 deletions(-) >>> >>> diff --git a/config/Config-kernel.in b/config/Config-kernel.in >>> index 2572bf4..4082e1e 100644 >>> --- a/config/Config-kernel.in >>> +++ b/config/Config-kernel.in >>> @@ -544,3 +544,26 @@ config KERNEL_SECCOMP >>> default n >>> help >>>Build kernel with support for seccomp. >>> + >>> +# >>> +# IPv6 configuration >>> +# >>> + >>> +config KERNEL_IPV6 >>> +def_bool IPV6 >>> + >>> +if KERNEL_IPV6 >>> + >>> +config KERNEL_IPV6_MULTIPLE_TABLES >>> +def_bool y >>> + >>> +config KERNEL_IPV6_SUBTREES >>> +def_bool y >>> + >>> +config KERNEL_IPV6_MROUTE >>> +def_bool y >>> + >>> +config KERNEL_IPV6_PIMSM_V2 >>> +def_bool n >>> + >>> +endif >>> diff --git a/package/kernel/linux/modules/netsupport.mk >>> b/package/kernel/linux/modules/netsupport.mk >>> index b81d9b4..7a7ca43 100644 >>> --- a/package/kernel/linux/modules/netsupport.mk >>> +++ b/package/kernel/linux/modules/netsupport.mk >>> @@ -453,28 +453,6 @@ endef >>> $(eval $(call KernelPackage,iptunnel6)) >>> >>> >>> -define KernelPackage/ipv6 >>> - SUBMENU:=$(NETWORK_SUPPORT_MENU) >>> - TITLE:=IPv6 support >>> - DEPENDS:=@IPV6 >>> - HIDDEN:=1 >>> - DEFAULT:=y >>> - KCONFIG:= \ >>> -CONFIG_IPV6=y \ >>> -CONFIG_IPV6_PRIVACY=y \ >>> -CONFIG_IPV6_MULTIPLE_TABLES=y \ >>> -CONFIG_IPV6_MROUTE=y \ >>> -CONFIG_IPV6_PIMSM_V2=n \ >>> -CONFIG_IPV6_SUBTREES=y >>> -endef >>> - >>> -define KernelPackage/ipv6/description >>> - Kernel modules for IPv6 support >>> -endef >>> - >>> -$(eval $(call KernelPackage,ipv6)) >>> - >>> - >> >> this will break all targets still on v3.18 > > What part will be broken? I tried adm5120 with and without this patch > and the kernel binaries had identical sizes (which leads me to believe > they will be the same). > > Arjen > had a brainfart i guess ... ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Automatic service reload
You have call the shell script in der /sbin/reload_config Am 23.09.2015 4:56 vorm. schrieb "Lars Boegild Thomsen" < l...@bright-things.com>: > Hi Everybody, > > > > I am struggling a bit with triggering automatic service reload based on > configuration change. > > > > Latest trunk and all that jazz. New software package called "mqttbridge" > which basically is meant to publish ubus method results to mqtt. Init is in > /etc/init.d/mqttbridge, config in /etc/config/mqttbridge. > > > > In the "olden days" this was all defined in /etc/config/ucitrack - > something along this line: > > > > config mqttbridge > > option init mqttbridge > > > > However, according to this: > > > > > http://wiki.openwrt.org/inbox/procd-init-scripts#procd_triggers_on_config_filenetwork_interface_changes > > > > It would appear that ucitrack is no longer used? I have also tried the > service_triggers in the init script: > > > > root@pm2:/etc/config# cat /etc/init.d/mqttbridge > > #!/bin/sh /etc/rc.common > > > > START=90 > > > > USE_PROCD=1 > > NAME=mqttbridge > > PROG=/usr/sbin/mqttbridge > > > > start_service() > > { > > procd_open_instance > > procd_set_param respawn > > procd_set_param command "$PROG" > > procd_close_instance > > } > > > > service_triggers() > > { > > procd_add_reload_trigger "mqttbridge" > > } > > > > The thing is - neither approach (or rather both of them) works. Manual > "/etc/init.d/mqttbridge" restart works fine, but automatic reload is never > triggered on configuration change. > > > > What did I miss and what is the correct approach. > > > > -- > > Lars Bøgild Thomsen > > Public Key: http://bright-things.com/lars-bogild-thomsen/ > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel > > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH netifd 2/6] iprule: Insert network and address ip rules before main table lookup rule
Hi, On Wed, Sep 9, 2015 at 3:45 PM, Hans Dedeckerwrote: > Specific IP address and network rules are now checked before the main table > lookup as the main table > often holds a default route. As a result the IP address and network rules > pointing to s specific > routing table will not be checked anymore; by reversing the order the > specific routing tables > are checked first if the ip rule matches. This commit breaks existing behavior in the following use case: A multihomed router with some service available on one of the external interfaces that should be reachable on the WAN. The destination routing works fine, but replies are sent out on the wrong interface. The reason is that the nw rule is checked before main, so packets are routed back out on the WAN interface (and not to the LAN). I don't see any other fix than a partial revert. I guess the ADDR-rule can stay. -Kristian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] compression with 'brotli' / squashfs / FYI
i did a quick test, how good 'brotli' performs in compression on binary files versus e.g. xz/lzma...here it is: bytes: 10.905.600 uncompressed 4.192.280 gzip -9 3.362.626 brotli -11 3.098.216 xz -9 --extreme 3.097.691 lzma -9 --extreme the uncompressed file is an unsquashfs'ed rootfs from bin/ar71xx/openwrt-ar71xx-generic-root.squashfs and then tar'ed. so nothing to talk about for now, especially the decompressor is HUGE and this must be taken into account. bye, bastian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH v2] base-files: init/sysfixtime - exclude dnsmasq.time
On 23/09/15 07:13, Bastian Bittorf wrote: > * Yousong Zhou[23.09.2015 07:58]: >> In theory, a security sensitive mechanism's dependence on a >> non-reliable timestamp file with access permission nobody:nogroup >> makes little sense to me. How about that we do --dnssec-no-timecheck >> on dnsmasq startup time and notify it of the system time change from >> ntpd hotplug script? > this sounds good to me, but will be another patch. > > should we drop this patch completely or does it still > make sense to deny reading '/etc/dnsmasq.time'? In my humble opinion the startup efficiency improvements alone are worth having and in the short term at least, dnsmasq should not be being fed with its own timestamp. There will be another email in reply to the other issues. Cheers, Kevin smime.p7s Description: S/MIME Cryptographic Signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH v2] base-files: init/sysfixtime - exclude dnsmasq.time
Using --dnssec-no-timecheck is impractical since it reacts to SIGHUP which is already overloaded and might be triggered by e.g. config changes. Btw. an ntp hotplug infrastructure exists: https://dev.openwrt.org/changeset/43421 Please also consider that some devices have an RTC, so disabling timecheck indiscriminately at startup might not be ideal either. Cheers, Steven ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH][RESEND] libnl: split libnl into smaller libraries
From: Alexandru ArdeleanSome modules may require only libnl-genl, some libnl-route and fewer would require libnl-nf. This patch splits the entire libnl package into smaller more granular libs that can be installed individually as required. Also added libnl*.so symlinks for convenience. Signed-off-by: Alexandru Ardelean --- package/libs/libnl/Makefile | 101 ++-- 1 file changed, 88 insertions(+), 13 deletions(-) diff --git a/package/libs/libnl/Makefile b/package/libs/libnl/Makefile index 995fda2..857bbe2 100644 --- a/package/libs/libnl/Makefile +++ b/package/libs/libnl/Makefile @@ -18,16 +18,61 @@ PKG_LICENSE:=LGPL-2.1 include $(INCLUDE_DIR)/package.mk -define Package/libnl +define Package/libnl/default SECTION:=libs CATEGORY:=Libraries - TITLE:=netlink socket library - DEPENDS:=+libpthread URL:=http://people.suug.ch/~tgr/libnl/ endef +define Package/libnl-core +$(call Package/libnl/default) + TITLE:=Core Netlink Library + DEPENDS:=+libpthread +endef + +define Package/libnl-genl +$(call Package/libnl/default) + TITLE:=Generic Netlink Library + DEPENDS:=+libnl-core +endef + +define Package/libnl-route +$(call Package/libnl/default) + TITLE:=Routing Netlink Library + DEPENDS:=+libnl-core +endef + +define Package/libnl-nf +$(call Package/libnl/default) + TITLE:=Netfilter Netlink Library + DEPENDS:=+libnl-route +endef + +define Package/libnl +$(call Package/libnl/default) + TITLE:=Full Netlink Library + DEPENDS:=+libnl-genl +libnl-route +libnl-nf +endef + +define Package/libnl-core/description + Common code for all netlink libraries +endef + +define Package/libnl-genl/description + Generic Netlink Library Functions +endef + +define Package/libnl-route/description + Routing Netlink Library Functions +endef + +define Package/libnl-nf/description + Netfilter Netlink Library Functions +endef + define Package/libnl/description - This package contains a library for applications dealing with netlink sockets + Socket handling, connection management, sending and receiving of data, + message construction and parsing, object caching system, etc. endef TARGET_CFLAGS += -ffunction-sections $(FPIC) @@ -40,18 +85,48 @@ define Build/Compile endef define Build/InstallDev - $(INSTALL_DIR) $(1) - $(CP) $(PKG_INSTALL_DIR)/* $(1)/ - mkdir -p $(1)/usr/include/libnl - $(CP) $(PKG_BUILD_DIR)/include/linux $(1)/usr/include/libnl/ + $(INSTALL_DIR) $(1)/usr/include/libnl $(1)/usr/lib/pkgconfig + $(CP) $(PKG_INSTALL_DIR)/usr/include/libnl3/* $(1)/usr/include/libnl/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc $(1)/usr/lib/pkgconfig + + # Copy symlinks + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-3.so $(1)/usr/lib/libnl.so + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-genl-3.so $(1)/usr/lib/libnl-genl.so + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-nf-3.so $(1)/usr/lib/libnl-nf.so + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-route-3.so $(1)/usr/lib/libnl-route.so endef -define Package/libnl/install +define Package/libnl-core/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-3.so* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-3.so $(1)/usr/lib/libnl.so +endef + +define Package/libnl-genl/install $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-route-3.so.* $(1)/usr/lib/ - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-genl-3.so.* $(1)/usr/lib/ - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-nf-3.so.* $(1)/usr/lib/ - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-3.so.* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-genl-3.so* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-genl-3.so $(1)/usr/lib/libnl-genl.so +endef + +define Package/libnl-route/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-route-3.so* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-route-3.so $(1)/usr/lib/libnl-route.so +endef + +define Package/libnl-nf/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-nf-3.so* $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libnl-nf-3.so $(1)/usr/lib/libnl-nf.so +endef + +define Package/libnl/install + : endef +$(eval $(call BuildPackage,libnl-core)) +$(eval $(call BuildPackage,libnl-genl)) +$(eval $(call BuildPackage,libnl-route)) +$(eval $(call BuildPackage,libnl-nf)) $(eval $(call BuildPackage,libnl)) -- 2.1.4 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Automatic service reload
Actually I think it's because the init script is called with a "reload" rather than a restart. Adding this: reload_service() { restart } to the init script seems to have worked. I am still a bit confused if /etc/config/ucitrack is still used for anything whatsoever. On Wednesday 23 September 2015 08:22:42 Florian Eckert wrote: > You have call the shell script in der /sbin/reload_config > Am 23.09.2015 4:56 vorm. schrieb "Lars Boegild Thomsen" < > l...@bright-things.com>: > > > Hi Everybody, > > > > > > > > I am struggling a bit with triggering automatic service reload based on > > configuration change. > > > > > > > > Latest trunk and all that jazz. New software package called "mqttbridge" > > which basically is meant to publish ubus method results to mqtt. Init is in > > /etc/init.d/mqttbridge, config in /etc/config/mqttbridge. > > > > > > > > In the "olden days" this was all defined in /etc/config/ucitrack - > > something along this line: > > > > > > > > config mqttbridge > > > > option init mqttbridge > > > > > > > > However, according to this: > > > > > > > > > > http://wiki.openwrt.org/inbox/procd-init-scripts#procd_triggers_on_config_filenetwork_interface_changes > > > > > > > > It would appear that ucitrack is no longer used? I have also tried the > > service_triggers in the init script: > > > > > > > > root@pm2:/etc/config# cat /etc/init.d/mqttbridge > > > > #!/bin/sh /etc/rc.common > > > > > > > > START=90 > > > > > > > > USE_PROCD=1 > > > > NAME=mqttbridge > > > > PROG=/usr/sbin/mqttbridge > > > > > > > > start_service() > > > > { > > > > procd_open_instance > > > > procd_set_param respawn > > > > procd_set_param command "$PROG" > > > > procd_close_instance > > > > } > > > > > > > > service_triggers() > > > > { > > > > procd_add_reload_trigger "mqttbridge" > > > > } > > > > > > > > The thing is - neither approach (or rather both of them) works. Manual > > "/etc/init.d/mqttbridge" restart works fine, but automatic reload is never > > triggered on configuration change. > > > > > > > > What did I miss and what is the correct approach. > > > > > > > > -- > > > > Lars Bøgild Thomsen > > > > Public Key: http://bright-things.com/lars-bogild-thomsen/ > > > > ___ > > openwrt-devel mailing list > > openwrt-devel@lists.openwrt.org > > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel > > > > -- Lars Bøgild Thomsen Mobile: +60 12 361 6644 Public Key: http://bright-things.com/lars-bogild-thomsen/ signature.asc Description: This is a digitally signed message part. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 1/1] uhttpd: fix wrong header file inclusion for PRI* constant definitions
Signed-off-by: Andrej Krpic--- file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/file.c b/file.c index 6072825..9a2880f 100644 --- a/file.c +++ b/file.c @@ -26,7 +26,7 @@ #include #include #include -#include +#include #include -- 2.4.6 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH netifd 2/6] iprule: Insert network and address ip rules before main table lookup rule
On Wed, Sep 23, 2015 at 1:23 PM, Kristian Evensenwrote: > On Wed, Sep 23, 2015 at 1:07 PM, Hans Dedecker wrote: >> Indeed we're using source based routing in combination with a default route >> in the main routing table; even the specific routing table(s) can contain a >> default route >> Based on the addr rule the traffic is guided to a specific routing table so >> it leaves on the correct interface I should point out that I don't know what the "correct" behavior and how (if) this should be solved. But these patches do break earlier working use-cases, so I am not sure what the OpenWRT-policy on this is. -Kristian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 2/2] ramips: add support for 16MB VoCore
Signed-off-by: Álvaro Fernández Rojas--- target/linux/ramips/dts/VOCORE-16M.dts | 41 ++ target/linux/ramips/dts/VOCORE-8M.dts | 41 ++ target/linux/ramips/dts/VOCORE.dts | 231 - target/linux/ramips/dts/VOCORE.dtsi| 197 target/linux/ramips/image/Makefile | 12 +- 5 files changed, 290 insertions(+), 232 deletions(-) create mode 100644 target/linux/ramips/dts/VOCORE-16M.dts create mode 100644 target/linux/ramips/dts/VOCORE-8M.dts delete mode 100644 target/linux/ramips/dts/VOCORE.dts create mode 100644 target/linux/ramips/dts/VOCORE.dtsi diff --git a/target/linux/ramips/dts/VOCORE-16M.dts b/target/linux/ramips/dts/VOCORE-16M.dts new file mode 100644 index 000..464c137 --- /dev/null +++ b/target/linux/ramips/dts/VOCORE-16M.dts @@ -0,0 +1,41 @@ +/dts-v1/; + +/include/ "VOCORE.dtsi" + +/ { + palmbus@1000 { + spi@b00 { + m25p80@0 { + #address-cells = <1>; + #size-cells = <1>; + compatible = "w25q128"; + reg = <0>; + linux,modalias = "m25p80", "w25q128"; + spi-max-frequency = <1000>; + + partition@0 { + label = "uboot"; + reg = <0x0 0x3>; + read-only; + }; + + partition@3 { + label = "uboot-env"; + reg = <0x3 0x1>; + read-only; + }; + + factory: partition@4 { + label = "factory"; + reg = <0x4 0x1>; + read-only; + }; + + partition@5 { + label = "firmware"; + reg = <0x5 0xfb>; + }; + }; + }; + }; +}; diff --git a/target/linux/ramips/dts/VOCORE-8M.dts b/target/linux/ramips/dts/VOCORE-8M.dts new file mode 100644 index 000..8a081ed --- /dev/null +++ b/target/linux/ramips/dts/VOCORE-8M.dts @@ -0,0 +1,41 @@ +/dts-v1/; + +/include/ "VOCORE.dtsi" + +/ { + palmbus@1000 { + spi@b00 { + m25p80@0 { + #address-cells = <1>; + #size-cells = <1>; + compatible = "s25fl064k"; + reg = <0>; + linux,modalias = "m25p80", "s25fl064k"; + spi-max-frequency = <1000>; + + partition@0 { + label = "uboot"; + reg = <0x0 0x3>; + read-only; + }; + + partition@3 { + label = "uboot-env"; + reg = <0x3 0x1>; + read-only; + }; + + factory: partition@4 { + label = "factory"; + reg = <0x4 0x1>; + read-only; + }; + + partition@5 { + label = "firmware"; + reg = <0x5 0x7b>; + }; + }; + }; + }; +}; diff --git a/target/linux/ramips/dts/VOCORE.dts b/target/linux/ramips/dts/VOCORE.dts deleted file mode 100644 index 5e386e4..000 --- a/target/linux/ramips/dts/VOCORE.dts +++ /dev/null @@ -1,231 +0,0 @@ -/dts-v1/; - -/include/ "rt5350.dtsi" - -/ { - compatible = "VoCore", "ralink,rt5350-soc"; - model = "VoCore"; - - palmbus@1000 { - gpio1: gpio@660 { - status = "okay"; - }; - - i2c@900 { - status = "okay"; - }; - - spi@b00 { - status = "okay"; - - m25p80@0 { - #address-cells = <1>; - #size-cells = <1>; - compatible = "s25fl064k"; - reg =
[OpenWrt-Devel] [PATCH 1/2] ramips: fix size-cells for spi nodes
Signed-off-by: Álvaro Fernández Rojas--- target/linux/ramips/dts/mt7620a.dtsi | 2 +- target/linux/ramips/dts/mt7620n.dtsi | 2 +- target/linux/ramips/dts/mt7621.dtsi | 2 +- target/linux/ramips/dts/mt7628an.dtsi | 2 +- target/linux/ramips/dts/rt3352.dtsi | 2 +- target/linux/ramips/dts/rt5350.dtsi | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/target/linux/ramips/dts/mt7620a.dtsi b/target/linux/ramips/dts/mt7620a.dtsi index 80e8977..026e745 100644 --- a/target/linux/ramips/dts/mt7620a.dtsi +++ b/target/linux/ramips/dts/mt7620a.dtsi @@ -210,7 +210,7 @@ reset-names = "spi"; #address-cells = <1>; - #size-cells = <1>; + #size-cells = <0>; status = "disabled"; diff --git a/target/linux/ramips/dts/mt7620n.dtsi b/target/linux/ramips/dts/mt7620n.dtsi index e886c6f..b1586ec 100644 --- a/target/linux/ramips/dts/mt7620n.dtsi +++ b/target/linux/ramips/dts/mt7620n.dtsi @@ -162,7 +162,7 @@ reset-names = "spi"; #address-cells = <1>; - #size-cells = <1>; + #size-cells = <0>; status = "disabled"; diff --git a/target/linux/ramips/dts/mt7621.dtsi b/target/linux/ramips/dts/mt7621.dtsi index bc79d39..fd2e100 100644 --- a/target/linux/ramips/dts/mt7621.dtsi +++ b/target/linux/ramips/dts/mt7621.dtsi @@ -94,7 +94,7 @@ reset-names = "spi"; #address-cells = <1>; - #size-cells = <1>; + #size-cells = <0>; pinctrl-names = "default"; pinctrl-0 = <_pins>; diff --git a/target/linux/ramips/dts/mt7628an.dtsi b/target/linux/ramips/dts/mt7628an.dtsi index 02f9df3..2eb96e7 100644 --- a/target/linux/ramips/dts/mt7628an.dtsi +++ b/target/linux/ramips/dts/mt7628an.dtsi @@ -110,7 +110,7 @@ reset-names = "spi"; #address-cells = <1>; - #size-cells = <1>; + #size-cells = <0>; pinctrl-names = "default"; pinctrl-0 = <_pins>; diff --git a/target/linux/ramips/dts/rt3352.dtsi b/target/linux/ramips/dts/rt3352.dtsi index 009277f..b04845c 100644 --- a/target/linux/ramips/dts/rt3352.dtsi +++ b/target/linux/ramips/dts/rt3352.dtsi @@ -144,7 +144,7 @@ compatible = "ralink,rt3352-spi", "ralink,rt2880-spi"; reg = <0xb00 0x100>; #address-cells = <1>; - #size-cells = <1>; + #size-cells = <0>; resets = < 18>; reset-names = "spi"; diff --git a/target/linux/ramips/dts/rt5350.dtsi b/target/linux/ramips/dts/rt5350.dtsi index 5282e5b..8dd06c8 100644 --- a/target/linux/ramips/dts/rt5350.dtsi +++ b/target/linux/ramips/dts/rt5350.dtsi @@ -158,7 +158,7 @@ reset-names = "spi"; #address-cells = <1>; - #size-cells = <1>; + #size-cells = <0>; pinctrl-names = "default"; pinctrl-0 = <_pins _cs1>; -- 1.9.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH netifd 2/6] iprule: Insert network and address ip rules before main table lookup rule
On Wed, Sep 23, 2015 at 9:50 AM, Kristian Evensen < kristian.even...@gmail.com> wrote: > Hi, > > On Wed, Sep 9, 2015 at 3:45 PM, Hans Dedeckerwrote: > > Specific IP address and network rules are now checked before the main > table lookup as the main table > > often holds a default route. As a result the IP address and network > rules pointing to s specific > > routing table will not be checked anymore; by reversing the order the > specific routing tables > > are checked first if the ip rule matches. > > This commit breaks existing behavior in the following use case: > > A multihomed router with some service available on one of the external > interfaces that should be reachable on the WAN. The destination routing works fine, but replies are sent out on the wrong interface. > The reason is that the nw rule is checked before main, so packets are > routed back out on the WAN interface (and not to the LAN). Can you share the uci network config and ifstatus of the different interfaces ? > > I don't see any other fix than a partial revert. I guess the ADDR-rule can > stay. Is the service hosted on the multihomed router or on a lan device; nat involved or not ? It seems odd to me if the service is hosted on the gateway the nw rule is hit as the local table lookup has pref 1 while the NW policy rules start from 2 Hans > > -Kristian > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH netifd 2/6] iprule: Insert network and address ip rules before main table lookup rule
Sorry about partial reply, clumsy fingers. On Wed, Sep 23, 2015 at 11:31 AM, Hans Dedeckerwrote: > Can you share the uci network config and ifstatus of the different > interfaces ? UCI config is nothing more than ... proto dhcp ... ip4/ip6table X >> >> >> I don't see any other fix than a partial revert. I guess the ADDR-rule can >> stay. > > Is the service hosted on the multihomed router or on a lan device; nat > involved or not ? The current service I am access is a router located on one of the external networks. > It seems odd to me if the service is hosted on the gateway the nw rule is > hit as the local table lookup has pref 1 while the NW policy rules start > from 2 The route that needs to be hit is contained in main. Here is a more detailed description of what happens. - External router has IP 192.168.0.1 and netmask 255.255.255.0. - When I try to access this router, outgoing traffic is routed correctly as it does not match any source rules and hit the network rule in the main table (192.168.0.0/24 dev X src Y). - When the reply comes, problem occurs. Since the network rule is checked before the main table, we get a match on the "from 192.168.0.0/24"-rule and packet is routed back out on the 192.168.0.0/24 interface. The correct route (i.e., the route for my local network) is in the main table. I have a question about this patch. In what scenario is it needed? Or rather, will you ever use source based routing and have a default route in the main table? As far as I remember, these rules are only added when you have specified an ip4/ip6table. Or do you have one interface without an ipXtable value? -Kristian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel