Re: [PATCH 0/3] Engine configuration series
Hello Eneas, On 2021-04-28 14:17, Eneas U de Queiroz wrote: This series builds upon what was first started by Daniel Danzberger, with some suggestions by Florian Eckert to enable the engines when they are installed. The series split is subject to discussion: - the first commit does a patch cleanup proposed by Rosen Penev, and also splits the configuration from one monolithic file to one file per engine, and also an engines list. - the sencond implements my first proposal, of enabling engines during their installation. It introduces an engine.mk file that provides menu placement, basic dependencies and the postinst, postrm functions for engine packages, and can be used for out of tree engine packages. - the third commit introduces uci configuration, and does the engines list generation during startup, or when an engine package is installed or removed. The first commit received basic testing on mvebu running master, covering afalg and devcrpto engines built as modules. The second and third commits had testing expanded to checking built-in engine builds. I have not squashed the commits, but I do think that 2 and 3 may be squashed if 3 is merged. The first one is just cleanup, and the second adds complexity that ended up being removed by the third commit. Nonetheless, all of them result in a working package. I thought about expanding uci support to include other configuration commands, but it would drop the documentation provided by the current config files. Besides, each engine has its own options, which would add complexity to config generation if you are to actually verify them. Passing unknown commands straight from uci to the config files would be simple and work, but it would be hard to find what options are available, compared to just reading the example configs provided otherwise. I think the uci config options are great, you can build on them and make the configuration for openssl better and can finally be configured with the uci. openssl engine -vv would show the commands, with some basic description of them, but getting the supported arguments may not be straightforward. For example, gost engine has "CRYPT_PARAMS: OID of default GOST 28147-89 parameters". All I could do to help was to point to a header file where the actual list of supported parameters is defined. The only thing I have to say is that if the configuration no longer fits, then we have a non-functioning openssl! You just have to know what you are doing when you change the openssl configuration. After this is merged, I will adapt the two engines in the packages feed. I think we have to validate the uci options in the future in the openssl service on startup. Regards Florian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH 3/3] openssl: configure engines with uci
Hello Eneas,
Nice work.
My remarks or suggestions see inline.
define Package/libopenssl-conf/conffiles
/etc/ssl/openssl.cnf
-/etc/ssl/engines.cnf.d/engines.cnf
$(if
CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO,/etc/ssl/engines.cnf.d/devcrypto.cnf)
$(if
CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK,/etc/ssl/engines.cnf.d/padlock.cnf)
I think AFALG is missing there?
endef
@@ -378,15 +377,17 @@ define Package/libopenssl/install
endef
define Package/libopenssl-conf/install
- $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d
+ $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d $(1)/etc/config
$(1)/etc/init.d
$(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
- $(CP) ./files/engines.cnf $(1)/etc/ssl/engines.cnf.d/
+ $(INSTALL_BIN) ./files/openssl.init $(1)/etc/init.d/openssl
+ $(SED) 's!%ENGINES_DIR%!/usr/lib/$(ENGINES_DIR)!'
$(1)/etc/init.d/openssl
I do not understand that waht you are doing there.
+ touch $(1)/etc/config/openssl
$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),
$(CP) ./files/devcrypto.cnf $(1)/etc/ssl/engines.cnf.d/
- echo devcrypto=devcrypto >>
$(1)/etc/ssl/engines.cnf.d/engines.cnf)
+ echo -e "config engine 'devcrypto'\n\toption enabled '1'" >>
$(1)/etc/config/openssl)
$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),
$(CP) ./files/padlock.cnf $(1)/etc/ssl/engines.cnf.d/
- echo padlock=padlock >> $(1)/etc/ssl/engines.cnf.d/engines.cnf)
+ echo -e "\nconfig engine 'padlock'\n\toption enabled '1'" >>
$(1)/etc/config/openssl)
What about AFALG?
endef
define Package/openssl-util/install
diff --git a/package/libs/openssl/engine.mk
b/package/libs/openssl/engine.mk
index 482b5ad5e8..efa46d7214 100644
--- a/package/libs/openssl/engine.mk
+++ b/package/libs/openssl/engine.mk
@@ -23,60 +23,20 @@ define Package/openssl/add-engine
define Package/$$(OSSL_ENG_PKG)/postinst :=
#!/bin/sh
-# 1 == non-empty: suggest reinstall
-error_out() {
-[ "$1" ] && cat <<- EOF
- Reinstalling the libopenssl-conf package may fix this:
+OPENSSL_UCI="{IPKG_INSTROOT}/etc/config/openssl"
- opkg install --force-reinstall libopenssl-conf
- EOF
-cat <<- EOF
+if [ -n "{IPKG_INSTROOT}" ] || ! uci -q get openssl.$(1)
>/dev/null; then
+cat << EOF >> "{OPENSSL_UCI}"
- Then, you will have to reinstall this package, and any other engine
package you have
- you have previously installed to ensure they are enabled:
-
- opkg install --force-reinstall $$(OSSL_ENG_PKG)
[OTHER_ENGINE_PKG]...
-
- EOF
-exit 1
-}
-ENGINES_CNF="{IPKG_INSTROOT}/etc/ssl/engines.cnf.d/engines.cnf"
-OPENSSL_CNF="{IPKG_INSTROOT}/etc/ssl/openssl.cnf"
-if [ ! -f "{OPENSSL_CNF}" ]; then
-echo -e "ERROR: File {OPENSSL_CNF} not found."
-error_out reinstall
-fi
-if ! grep -q "^.include /etc/ssl/engines.cnf.d" "{OPENSSL_CNF}";
then
-cat <<- EOF
- Your /etc/ssl/openssl.cnf file is not loading engine configuration
files from
- /etc/ssl/engines.cnf.d. You should consider start with a fresh,
updated OpenSSL config by
- running:
-
- opkg install --force-reinstall --force-maintainer libopenssl-conf
-
- The above command will overwrite any changes you may have made to
both /etc/ssl/openssl.cnf
- and /etc/ssl/engines.cnf.d/engines.cnf files, so back them up first!
- EOF
-error_out
-fi
-if [ ! -f "{ENGINES_CNF}" ]; then
-echo "Can't configure $$(OSSL_ENG_PKG): File {ENGINES_CNF} not
found."
-error_out reinstall
-fi
-if grep -q "$(1)=$(1)" "{ENGINES_CNF}"; then
-echo "$$(OSSL_ENG_PKG): $(1) engine was already configured.
Nothing to be done."
-else
-echo "$(1)=$(1)" >> "{ENGINES_CNF}"
-echo "$$(OSSL_ENG_PKG): $(1) engine enabled. All done!"
+config engine '$(1)'
+ option enabled '1'
+EOF
From my point of view, I think it would be better if we used the uci cli
command directly here.
to add the config engine section and enable this engine.
fi
+[ -z "{IPKG_INSTROOT}" ] && /etc/init.d/openssl reload
endef
- define Package/$$(OSSL_ENG_PKG)/prerm :=
+ define Package/$$(OSSL_ENG_PKG)/postrm :=
#!/bin/sh
-ENGINES_CNF="{IPKG_INSTROOT}/etc/ssl/engines.cnf.d/engines.cnf"
-[ -f "{ENGINES_CNF}" ] || exit 0
-sed -e '/$(1)=$(1)/d' -i "{ENGINES_CNF}"
+[ -z "{IPKG_INSTROOT}" ] && /etc/init.d/openssl reload
Should we not also remove the uci option on an uninstall wit the uci
command?
endef
endef
-
-
diff --git a/package/libs/openssl/files/openssl-engines.init
b/package/libs/openssl/files/openssl-engines.init
new file mode 100644
index 00..050a96f70a
--- /dev/null
+++ b/package/libs/openssl/files/openssl-engines.init
@@ -0,0 +1,19 @@
+#!/bin/sh /etc/rc.common
Is the init script also switched on at the first boot?
So that the service runs immediately?
Not that the service has to be switched on in /etc/rc
[21.02] opkg fails to install manually downloaded packages
Hi, I've seen this once, but just was able to double check ... Using a freshly installed OpenWrt 21.02 fails to install a package that has been downloaded manually. I had seen this initially when using my own image where a package was missing. To fix I copied over with scp and wanted to install with 'opkg '. It failed, complaining about incompatible arch. rebuilding my image via Imagebuilder made my image work. Initially thought of some faulty config on my board, but was just testing with official build from downloads.openwrt.org and could confirm. Here my console log (taken on TPLink WDR-3600): > - > OpenWrt 21.02.0-rc1, r16046-59980f7aaf > - > root@OpenWrt:~# cd /tmp > root@OpenWrt:/tmp# wget https://downloads.openwrt.org/releases/21.02.0-rc1/ packages/mips_24kc/base/wall_2.36.1-2_mips_24kc.ipk > Downloading 'https://downloads.openwrt.org/releases/21.02.0-rc1/packages/ mips_24kc/base/wall_2.36.1-2_mips_24kc.ipk' > Connecting to 168.119.138.211:443 > Writing to 'wall_2.36.1-2_mips_24kc.ipk' > wall_2.36.1-2_mips_2 100% |***| 10770 0:00:00 ETA > Download completed (10770 bytes) > root@OpenWrt:/tmp# opkg install /tmp/wall_2.36.1-2_mips_24kc.ipk > Unknown package 'wall'. > Collected errors: > * pkg_hash_fetch_best_installation_candidate: Packages for wall found, but incompatible with the architectures configured > * opkg_install_cmd: Cannot install package wall. As far as I can see opkd config looks fine ... > root@OpenWrt:/tmp# opkg print-architecture > arch all 1 > arch noarch 1 > arch mips_24kc 10 Any ideas? I did not check on master yet, but I think it's a blocker for 21.02 release. Best Sven ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] Extend checks on build prerequisites for building OpenWRT core
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software.--- Begin Message --- OpenWRT requires a number of Perl modules to be installed. It wasn't checking on all of them. This patch adds checks for Perl FindBin, File::Copy, File::Compare and Thread::Queue modules. Failing to install these, will have the build break at some point. By adding these to the prereq-build.mk script, they are checked on forehand. Tested on a Fedora 33 and 34 (beta) that was freshly installed. Fedora appears to break up Perl modules into small packages that need to be installed for the build to succeed. Signed-off-by: Bas Mevissen --- include/prereq-build.mk | 13 - 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/include/prereq-build.mk b/include/prereq-build.mk index 86c22f7c95..cb3dcc51e3 100644 --- a/include/prereq-build.mk +++ b/include/prereq-build.mk @@ -65,11 +65,22 @@ $(eval $(call TestHostCommand,perl-data-dumper, \ Please install the Perl Data::Dumper module, \ perl -MData::Dumper -e 1)) +$(eval $(call TestHostCommand,perl-findbin, \ + Please install the Perl FindBin module, \ + perl -MFindBin -e 1)) + +$(eval $(call TestHostCommand,perl-file-copy, \ + Please install the Perl File::Copy module, \ + perl -MFile::Copy -e 1)) + +$(eval $(call TestHostCommand,perl-file-compare, \ + Please install the Perl File::Compare module, \ + perl -MFile::Compare -e 1)) + $(eval $(call TestHostCommand,perl-thread-queue, \ Please install the Perl Thread::Queue module, \ perl -MThread::Queue -e 1)) - $(eval $(call SetupHostCommand,tar,Please install GNU 'tar', \ gtar --version 2>&1 | grep GNU, \ gnutar --version 2>&1 | grep GNU, \ -- 2.31.1 Friendly ping to consider this patch for 21.02. Thanks, --- End Message --- ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH rpcd] iwinfo: add 802.11ax HE support
Hi, On 4/28/21 1:18 PM, Etienne Champetier wrote: > Hi David, > > Le mer. 28 avr. 2021 à 07:07, David Bauer a écrit : >> >> Expose 802.11ax HE rate as well as HW / HT mode information. This is >> required to add 802.11ax support to LuCI. >> >> Signed-off-by: David Bauer >> --- >> iwinfo.c | 45 + >> 1 file changed, 45 insertions(+) >> >> diff --git a/iwinfo.c b/iwinfo.c >> index 63ff2a1..6b376c4 100644 >> --- a/iwinfo.c >> +++ b/iwinfo.c > > ... > >> } >> } >> @@ -280,6 +295,9 @@ rpc_iwinfo_call_hwmodes(const char *name) >> if (modes & IWINFO_80211_AC) >> blobmsg_add_string(&buf, NULL, "ac"); >> >> + if (modes & IWINFO_80211_AX) >> + blobmsg_add_string(&buf, NULL, "ac"); > > I think you meant "ax" no ? You're right. I'll fix that. Best David > >> + >> if (modes & IWINFO_80211_A) >> blobmsg_add_string(&buf, NULL, "a"); >> > > ... > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v3] netfilter: remove no-op kconfig symbols
These have long been obsolete. For reference, here's the Linux version where each symbol has been dropped: CONFIG_IP6_NF_QUEUE - 3.5 CONFIG_IP6_NF_TARGET_LOG - 3.4 CONFIG_IP_NF_MATCH_DSCP - 2.6.19 CONFIG_NF_CONNTRACK_IPV4 - 4.19 CONFIG_NF_CONNTRACK_IPV6 - 4.19 CONFIG_NF_CONNTRACK_RTCACHE - out-of-tree, superseded by flow offloading Signed-off-by: Rui Salvaterra --- v3: keep CONFIG_NF_CONNTRACK_IPV4 in the WireGuard patches, as this will be handled by Jason in an upcoming refresh [1]. v2: also removed CONFIG_NF_CONNTRACK_RTCACHE and two references to CONFIG_NF_CONNTRACK_IPV4 in the WireGuard patches (the QEMU kconfigs). [1] https://git.zx2c4.com/wireguard-linux/commit/?h=backport-5.4.y&id=ac8265d3b26e7c2674e066af6451c5a61d3f2e7a include/netfilter.mk | 6 -- target/linux/generic/config-5.10 | 2 -- target/linux/generic/config-5.4 | 2 -- 3 files changed, 10 deletions(-) diff --git a/include/netfilter.mk b/include/netfilter.mk index 45e9dadf85..803749d931 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -64,9 +64,7 @@ $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MARK, $(P_XT) # kernel only $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK, $(P_XT)nf_conntrack),)) -$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK_RTCACHE, $(P_XT)nf_conntrack_rtcache),)) $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV4, $(P_V4)nf_defrag_ipv4),)) -$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK_IPV4, $(P_V4)nf_conntrack_ipv4),)) $(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_MATCH_STATE, $(P_XT)xt_state)) $(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_TARGET_CT, $(P_XT)xt_CT)) @@ -120,7 +118,6 @@ $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_STATISTIC, $(P_XT)xt_st $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_TCPMSS, $(P_XT)xt_tcpmss)) $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_TARGET_CLASSIFY, $(P_XT)xt_CLASSIFY)) -$(eval $(call nf_add,IPT_IPOPT,CONFIG_IP_NF_MATCH_DSCP, $(P_V4)ipt_dscp)) $(eval $(call nf_add,IPT_IPOPT,CONFIG_IP_NF_TARGET_ECN, $(P_V4)ipt_ECN)) $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_ECN, $(P_XT)xt_ecn)) @@ -156,17 +153,14 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NF_REJECT6,CONFIG_NF_REJECT_IPV6, $(P_V6)nf $(eval $(if $(NF_KMOD),$(call nf_add,NF_IPT6,CONFIG_IP6_NF_IPTABLES, $(P_V6)ip6_tables),)) $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV6, $(P_V6)nf_defrag_ipv6),)) -$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK6,CONFIG_NF_CONNTRACK_IPV6, $(P_V6)nf_conntrack_ipv6),)) $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_FILTER, $(P_V6)ip6table_filter),)) $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MANGLE, $(P_V6)ip6table_mangle),)) -$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_QUEUE, $(P_V6)ip6_queue),)) $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6),)) $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6))) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_LOG)) $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJECT)) # ipv6 extra diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10 index 0f10570e13..3a85cb2f11 100644 --- a/target/linux/generic/config-5.10 +++ b/target/linux/generic/config-5.10 @@ -4010,8 +4010,6 @@ CONFIG_NFS_V3=y # CONFIG_NF_CONNTRACK_EVENTS is not set # CONFIG_NF_CONNTRACK_FTP is not set # CONFIG_NF_CONNTRACK_H323 is not set -# CONFIG_NF_CONNTRACK_IPV4 is not set -# CONFIG_NF_CONNTRACK_IPV6 is not set # CONFIG_NF_CONNTRACK_IRC is not set # CONFIG_NF_CONNTRACK_LABELS is not set # CONFIG_NF_CONNTRACK_MARK is not set diff --git a/target/linux/generic/config-5.4 b/target/linux/generic/config-5.4 index e8527f8068..7da146ab0d 100644 --- a/target/linux/generic/config-5.4 +++ b/target/linux/generic/config-5.4 @@ -3686,8 +3686,6 @@ CONFIG_NFS_V3=y # CONFIG_NF_CONNTRACK_EVENTS is not set # CONFIG_NF_CONNTRACK_FTP is not set # CONFIG_NF_CONNTRACK_H323 is not set -# CONFIG_NF_CONNTRACK_IPV4 is not set -# CONFIG_NF_CONNTRACK_IPV6 is not set # CONFIG_NF_CONNTRACK_IRC is not set # CONFIG_NF_CONNTRACK_LABELS is not set # CONFIG_NF_CONNTRACK_MARK is not set -- 2.31.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [RFC PATCH v2 0/1] Introduce UCI support for configuring DSA VLAN filter rules
On 2021-03-26 10:30, Martin Schiller wrote:
On 2021-03-26 09:55, Martin Schiller wrote:
On 2021-03-26 09:42, Felix Fietkau wrote:
On 2021-03-26 09:34, Martin Schiller wrote:
On 2020-07-24 19:13, Felix Fietkau wrote:
On 2020-07-24 18:44, Jo-Philipp Wich wrote:
Hi Felix,
[...]
For a simple default config, you could have this:
# network
config device
option type bridge # I assume this is needed as well
option name switch0
Correct.
config bridge-vlan
option vlan 1
option ports "lan1 lan2 lan3 lan4"
config interface lan
option ifname switch0.1
# wireless
config wifi-iface
option network lan
In this case, wlan0 would be added to switch0 and set to VLAN 1
untagged
by default.
If you want it on VLAN 10 tagged/PVID instead, you could do:
option network-vlan "10:t*"
What do you think?
I did think about it some more, also in context of a LuCI
implementation and
the special role of wifi and I am convinced now that this approach
generally
makes sense.
However for the vlan I wonder if we should simply use "option vid
10"
since
setting anything besides an egress untagged pvid does not make
sense
for wifi.
I think more complex VLAN settings make sense for WDS if you want
to
carry multiple networks over the link.
So your second example above would become:
config wifi-iface
option network lan
option vid 10 # instead of inheriting vid 1, use 10 as pvid
Also, just to clarify... assuming a:
config interface foo
option ifname somevlanbridge0.456
and an wifi iface without an explicit vid override:
config wifi-iface
option network foo
... we would inherit vid 456 and set as pvid, right? Or are we are
always
going to default to 1?
It would inherit 456 to keep it in sync with the VLAN based
network.
Is this functionality already integrated?
I am testing with a xrx200 based system with the DSA mainline driver
and
a wifi interface and have the problem that the wlan0 interface is
added
to the bridge switch0 but the bridge vlan configuration for the
wlan0
interface is not set.
It's handled differently now.
You can set lan's ifname to switch0.1 (without option type bridge)
and
use 'option network lan' in the wifi-iface. It will detect that the
lan
ifname is a vlan on top of a vlan-filtering bridge and will add wlan0
to
switch0 and make it a member of lan's vlan.
Hmmm... I think that's what I've alread done. Here is my config:
network:
-
config interface 'lan'
option proto 'static'
option ipaddr '192.168.X.Y'
option netmask '255.255.255.0'
option ifname 'switch0.1'
config device
option type 'bridge'
option name 'switch0'
list ifname 'lan1'
list ifname 'lan2'
list ifname 'lan3'
list ifname 'lan4'
config bridge-vlan
option device 'switch0'
option vlan '1'
list ports 'lan1:u*'
list ports 'lan2:u*'
list ports 'lan3:u*'
list ports 'lan4:u*'
wireless:
--
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option encryption 'psk2'
option ssid 'TETS-AP'
option network 'lan'
option key 'xxx'
option wpa_disable_eapol_key_retries '1'
Did I forget anything?
`ubus call network.device status` shows:
...
"switch0": {
"external": false,
"present": true,
"type": "bridge",
"up": true,
"carrier": true,
"bridge-members": [
"lan1",
"lan2",
"lan3",
"lan4",
"wlan0"
],
"bridge-vlans": [
{
"id": 1,
"local": true,
"ports": [
"lan1",
"lan2",
"lan3",
"lan4"
]
}
],
...
As you can see here, "wlan0" is added to the "bridge-members", but not
to the "ports" of the "bridge-vlans"/"id":1. Maybe this is the problem?
- Martin
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [RFC PATCH v2 0/1] Introduce UCI support for configuring DSA VLAN filter rules
On 2021-03-26 10:49, Martin Schiller wrote: On 2021-03-26 10:44, Felix Fietkau wrote: On 2021-03-26 09:55, Martin Schiller wrote: On 2021-03-26 09:42, Felix Fietkau wrote: On 2021-03-26 09:34, Martin Schiller wrote: On 2020-07-24 19:13, Felix Fietkau wrote: On 2020-07-24 18:44, Jo-Philipp Wich wrote: Hi Felix, [...] For a simple default config, you could have this: # network config device option type bridge # I assume this is needed as well option name switch0 Correct. config bridge-vlan option vlan 1 option ports "lan1 lan2 lan3 lan4" config interface lan option ifname switch0.1 # wireless config wifi-iface option network lan In this case, wlan0 would be added to switch0 and set to VLAN 1 untagged by default. If you want it on VLAN 10 tagged/PVID instead, you could do: option network-vlan "10:t*" What do you think? I did think about it some more, also in context of a LuCI implementation and the special role of wifi and I am convinced now that this approach generally makes sense. However for the vlan I wonder if we should simply use "option vid 10" since setting anything besides an egress untagged pvid does not make sense for wifi. I think more complex VLAN settings make sense for WDS if you want to carry multiple networks over the link. So your second example above would become: config wifi-iface option network lan option vid 10 # instead of inheriting vid 1, use 10 as pvid Also, just to clarify... assuming a: config interface foo option ifname somevlanbridge0.456 and an wifi iface without an explicit vid override: config wifi-iface option network foo ... we would inherit vid 456 and set as pvid, right? Or are we are always going to default to 1? It would inherit 456 to keep it in sync with the VLAN based network. Is this functionality already integrated? I am testing with a xrx200 based system with the DSA mainline driver and a wifi interface and have the problem that the wlan0 interface is added to the bridge switch0 but the bridge vlan configuration for the wlan0 interface is not set. It's handled differently now. You can set lan's ifname to switch0.1 (without option type bridge) and use 'option network lan' in the wifi-iface. It will detect that the lan ifname is a vlan on top of a vlan-filtering bridge and will add wlan0 to switch0 and make it a member of lan's vlan. Hmmm... I think that's what I've alread done. Here is my config: network: - config interface 'lan' option proto 'static' option ipaddr '192.168.X.Y' option netmask '255.255.255.0' option ifname 'switch0.1' config device option type 'bridge' option name 'switch0' list ifname 'lan1' list ifname 'lan2' list ifname 'lan3' list ifname 'lan4' config bridge-vlan option device 'switch0' option vlan '1' list ports 'lan1:u*' list ports 'lan2:u*' list ports 'lan3:u*' list ports 'lan4:u*' wireless: -- config wifi-iface 'default_radio0' option device 'radio0' option mode 'ap' option encryption 'psk2' option ssid 'TETS-AP' option network 'lan' option key 'xxx' option wpa_disable_eapol_key_retries '1' Did I forget anything? Looks right to me. I'll see if I can find the time to reproduce this. You're using a recent version of OpenWrt, right? Yes, I'm using https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=07c49462ad2ac3f6386bb4463546509f3bf35e39 Hello Felix! Have you already found time to look at this problem? I think this affects quite a few users when DSA is used "productively". ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 3/3] openssl: configure engines with uci
This uses uci to configure engines, by generating a list of enabled
engines in /var/etc/ssl/engines.cnf from engines configured in
/etc/config/openssl:
config engine 'devcrypto'
option enabled '1'
Currently the only options implemented are 'enabled', which defaults to
true and enables the named engine, and the 'force' option, that enables
the engine even if the init script thinks the engine does not exist.
The existence test is to check for either a configuration file
/etc/ssl/engines.cnf.d/%ENGINE%.cnf, or a shared object file
/usr/lib/engines-1.1/%ENGINE%.so.
The engine list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped. It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.
Signed-off-by: Eneas U de Queiroz
---
package/libs/openssl/Makefile | 13 +++--
package/libs/openssl/engine.mk| 58 +++
.../libs/openssl/files/openssl-engines.init | 19 ++
package/libs/openssl/files/openssl.init | 31 ++
.../150-openssl.cnf-add-engines-conf.patch| 5 +-
5 files changed, 70 insertions(+), 56 deletions(-)
create mode 100644 package/libs/openssl/files/openssl-engines.init
create mode 100755 package/libs/openssl/files/openssl.init
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index 238f7ecf02..0bf9e7a45f 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -11,7 +11,7 @@ PKG_NAME:=openssl
PKG_BASE:=1.1.1
PKG_BUGFIX:=k
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_USE_MIPS16:=0
PKG_BUILD_PARALLEL:=1
@@ -128,7 +128,6 @@ endef
define Package/libopenssl-conf/conffiles
/etc/ssl/openssl.cnf
-/etc/ssl/engines.cnf.d/engines.cnf
$(if
CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO,/etc/ssl/engines.cnf.d/devcrypto.cnf)
$(if CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK,/etc/ssl/engines.cnf.d/padlock.cnf)
endef
@@ -378,15 +377,17 @@ define Package/libopenssl/install
endef
define Package/libopenssl-conf/install
- $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d
+ $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d $(1)/etc/config
$(1)/etc/init.d
$(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/
- $(CP) ./files/engines.cnf $(1)/etc/ssl/engines.cnf.d/
+ $(INSTALL_BIN) ./files/openssl.init $(1)/etc/init.d/openssl
+ $(SED) 's!%ENGINES_DIR%!/usr/lib/$(ENGINES_DIR)!'
$(1)/etc/init.d/openssl
+ touch $(1)/etc/config/openssl
$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),
$(CP) ./files/devcrypto.cnf $(1)/etc/ssl/engines.cnf.d/
- echo devcrypto=devcrypto >>
$(1)/etc/ssl/engines.cnf.d/engines.cnf)
+ echo -e "config engine 'devcrypto'\n\toption enabled '1'" >>
$(1)/etc/config/openssl)
$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),
$(CP) ./files/padlock.cnf $(1)/etc/ssl/engines.cnf.d/
- echo padlock=padlock >> $(1)/etc/ssl/engines.cnf.d/engines.cnf)
+ echo -e "\nconfig engine 'padlock'\n\toption enabled '1'" >>
$(1)/etc/config/openssl)
endef
define Package/openssl-util/install
diff --git a/package/libs/openssl/engine.mk b/package/libs/openssl/engine.mk
index 482b5ad5e8..efa46d7214 100644
--- a/package/libs/openssl/engine.mk
+++ b/package/libs/openssl/engine.mk
@@ -23,60 +23,20 @@ define Package/openssl/add-engine
define Package/$$(OSSL_ENG_PKG)/postinst :=
#!/bin/sh
-# 1 == non-empty: suggest reinstall
-error_out() {
-[ "$1" ] && cat <<- EOF
- Reinstalling the libopenssl-conf package may fix this:
+OPENSSL_UCI="{IPKG_INSTROOT}/etc/config/openssl"
- opkg install --force-reinstall libopenssl-conf
- EOF
-cat <<- EOF
+if [ -n "{IPKG_INSTROOT}" ] || ! uci -q get openssl.$(1) >/dev/null; then
+cat << EOF >> "{OPENSSL_UCI}"
- Then, you will have to reinstall this package, and any other engine
package you have
- you have previously installed to ensure they are enabled:
-
- opkg install --force-reinstall $$(OSSL_ENG_PKG)
[OTHER_ENGINE_PKG]...
-
- EOF
-exit 1
-}
-ENGINES_CNF="{IPKG_INSTROOT}/etc/ssl/engines.cnf.d/engines.cnf"
-OPENSSL_CNF="{IPKG_INSTROOT}/etc/ssl/openssl.cnf"
-if [ ! -f "{OPENSSL_CNF}" ]; then
-echo -e "ERROR: File {OPENSSL_CNF} not found."
-error_out reinstall
-fi
-if ! grep -q "^.include /etc/ssl/engines.cnf.d" "{OPENSSL_CNF}"; then
-cat <<- EOF
- Your /etc/ssl/openssl.cnf file is not loading engine configuration
files from
- /etc/ssl/engines.cnf.d. You should consider start with a fresh,
updated OpenSSL config by
- running:
-
- opkg install --force-reinstall --force-maintainer libopenssl-conf
-
- The above command will overwrite any changes you may have made to both
/etc/ssl/openssl.cnf
- and /etc/ssl/e
[PATCH 2/3] openssl: configure engine packages during install
This enables an engine during its package's installation, by adding it to the engines list in /etc/ssl/engines.cnf.d/engines.cnf. The engine build system was reworked, with the addition of an engine.mk file that groups some of the engine packages' definitions, and could be used by out of tree engines as well. Signed-off-by: Eneas U de Queiroz --- package/libs/openssl/Makefile | 58 + package/libs/openssl/engine.mk| 82 +++ package/libs/openssl/files/engines.cnf| 12 +-- .../150-openssl.cnf-add-engines-conf.patch| 2 +- 4 files changed, 111 insertions(+), 43 deletions(-) create mode 100644 package/libs/openssl/engine.mk diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 69616f01e8..238f7ecf02 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -11,9 +11,8 @@ PKG_NAME:=openssl PKG_BASE:=1.1.1 PKG_BUGFIX:=k PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_USE_MIPS16:=0 -ENGINES_DIR=engines-1.1 PKG_BUILD_PARALLEL:=1 @@ -65,6 +64,7 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_OPENSSL_WITH_WHIRLPOOL include $(INCLUDE_DIR)/package.mk +include engine.mk ifneq ($(CONFIG_CCACHE),) HOSTCC=$(HOSTCC_NOCACHE) @@ -128,6 +128,9 @@ endef define Package/libopenssl-conf/conffiles /etc/ssl/openssl.cnf +/etc/ssl/engines.cnf.d/engines.cnf +$(if CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO,/etc/ssl/engines.cnf.d/devcrypto.cnf) +$(if CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK,/etc/ssl/engines.cnf.d/padlock.cnf) endef define Package/libopenssl-conf/description @@ -135,52 +138,50 @@ $(call Package/openssl/Default/description) This package installs the OpenSSL configuration file /etc/ssl/openssl.cnf. endef +$(eval $(call Package/openssl/add-engine,afalg)) define Package/libopenssl-afalg $(call Package/openssl/Default) - SUBMENU:=SSL + $(call Package/openssl/engine/Default) TITLE:=AFALG hardware acceleration engine - DEPENDS:=libopenssl @OPENSSL_ENGINE @KERNEL_AIO \ - +PACKAGE_libopenssl-afalg:kmod-crypto-user +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN + DEPENDS += @KERNEL_AIO +PACKAGE_libopenssl-afalg:kmod-crypto-user \ +@!OPENSSL_ENGINE_BUILTIN endef define Package/libopenssl-afalg/description This package adds an engine that enables hardware acceleration through the AF_ALG kernel interface. -To use it, you need to enable the engine in /etc/ssl/engines.cnf.d/engines.cnf. See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators The engine_id is "afalg" endef +$(eval $(call Package/openssl/add-engine,devcrypto)) define Package/libopenssl-devcrypto $(call Package/openssl/Default) - SUBMENU:=SSL + $(call Package/openssl/engine/Default) TITLE:=/dev/crypto hardware acceleration engine - DEPENDS:=libopenssl @OPENSSL_ENGINE +PACKAGE_libopenssl-devcrypto:kmod-cryptodev +libopenssl-conf \ - @!OPENSSL_ENGINE_BUILTIN + DEPENDS += +PACKAGE_libopenssl-devcrypto:kmod-cryptodev @!OPENSSL_ENGINE_BUILTIN endef define Package/libopenssl-devcrypto/description This package adds an engine that enables hardware acceleration through the /dev/crypto kernel interface. -To use it, you need to enable the engine in /etc/ssl/engines.cnf.d/engines.cnf. You may -configure the engine by editing /etc/ssl/engines.cnf.d/devcrypto.cnf. See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators The engine_id is "devcrypto" endef +$(eval $(call Package/openssl/add-engine,padlock)) define Package/libopenssl-padlock $(call Package/openssl/Default) - SUBMENU:=SSL + $(call Package/openssl/engine/Default) TITLE:=VIA Padlock hardware acceleration engine - DEPENDS:=libopenssl @OPENSSL_ENGINE @TARGET_x86 +PACKAGE_libopenssl-padlock:kmod-crypto-hw-padlock \ - +libopenssl-conf @!OPENSSL_ENGINE_BUILTIN + DEPENDS += @TARGET_x86 +PACKAGE_libopenssl-padlock:kmod-crypto-hw-padlock \ +@!OPENSSL_ENGINE_BUILTIN endef define Package/libopenssl-padlock/description This package adds an engine that enables VIA Padlock hardware acceleration. -To use it, you need to enable the engine in /etc/ssl/engines.cnf.d/engines.cnf. See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators The engine_id is "padlock" @@ -380,6 +381,12 @@ define Package/libopenssl-conf/install $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/ $(CP) ./files/engines.cnf $(1)/etc/ssl/engines.cnf.d/ + $(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO), + $(CP) ./files/devcrypto.cnf $(1)/etc/ssl/engines.cnf.d/
[PATCH 1/3] openssl: config engines in /etc/ssl/engines.cnf.d
This changes the configuration of engines from the global openssl.cnf to files in the /etc/ssl/engines.cnf.d directory. The engines.cnf file has the list of enabled engines, while each engine has its own configuration file installed under /etc/ssl/engines.cnf.d. All patches were refreshed. Signed-off-by: Eneas U de Queiroz --- package/libs/openssl/Makefile | 30 -- package/libs/openssl/files/afalg.cnf | 32 ++ package/libs/openssl/files/devcrypto.cnf | 31 ++ package/libs/openssl/files/engines.cnf| 7 ++ package/libs/openssl/files/padlock.cnf| 3 + .../patches/100-Configure-afalg-support.patch | 3 +- .../openssl/patches/110-openwrt_targets.patch | 3 +- .../120-strip-cflags-from-binary.patch| 3 +- .../patches/130-dont-build-tests-fuzz.patch | 3 +- .../patches/140-allow-prefer-chacha20.patch | 4 +- .../150-openssl.cnf-add-engines-conf.patch| 101 +++--- ...o-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch | 3 +- ..._devcrypto-add-configuration-options.patch | 5 +- ...ypto-add-command-to-dump-driver-info.patch | 3 +- ...o-make-the-dev-crypto-engine-dynamic.patch | 4 - ...default-to-not-use-digests-in-engine.patch | 1 - ...to-ignore-error-when-closing-session.patch | 1 - 17 files changed, 114 insertions(+), 123 deletions(-) create mode 100644 package/libs/openssl/files/afalg.cnf create mode 100644 package/libs/openssl/files/devcrypto.cnf create mode 100644 package/libs/openssl/files/engines.cnf create mode 100644 package/libs/openssl/files/padlock.cnf diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 7ab4c6ccd0..69616f01e8 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -11,7 +11,7 @@ PKG_NAME:=openssl PKG_BASE:=1.1.1 PKG_BUGFIX:=k PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_USE_MIPS16:=0 ENGINES_DIR=engines-1.1 @@ -146,7 +146,7 @@ endef define Package/libopenssl-afalg/description This package adds an engine that enables hardware acceleration through the AF_ALG kernel interface. -To use it, you need to configure the engine in /etc/ssl/openssl.cnf +To use it, you need to enable the engine in /etc/ssl/engines.cnf.d/engines.cnf. See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators The engine_id is "afalg" @@ -163,7 +163,8 @@ endef define Package/libopenssl-devcrypto/description This package adds an engine that enables hardware acceleration through the /dev/crypto kernel interface. -To use it, you need to configure the engine in /etc/ssl/openssl.cnf +To use it, you need to enable the engine in /etc/ssl/engines.cnf.d/engines.cnf. You may +configure the engine by editing /etc/ssl/engines.cnf.d/devcrypto.cnf. See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators The engine_id is "devcrypto" @@ -179,7 +180,7 @@ endef define Package/libopenssl-padlock/description This package adds an engine that enables VIA Padlock hardware acceleration. -To use it, you need to configure it in /etc/ssl/openssl.cnf. +To use it, you need to enable the engine in /etc/ssl/engines.cnf.d/engines.cnf. See https://www.openssl.org/docs/man1.1.1/man5/config.html#Engine-Configuration-Module and https://openwrt.org/docs/techref/hardware/cryptographic.hardware.accelerators The engine_id is "padlock" @@ -376,8 +377,9 @@ define Package/libopenssl/install endef define Package/libopenssl-conf/install - $(INSTALL_DIR) $(1)/etc/ssl + $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d $(CP) $(PKG_INSTALL_DIR)/etc/ssl/openssl.cnf $(1)/etc/ssl/ + $(CP) ./files/engines.cnf $(1)/etc/ssl/engines.cnf.d/ endef define Package/openssl-util/install @@ -386,18 +388,24 @@ define Package/openssl-util/install endef define Package/libopenssl-afalg/install - $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR) - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so $(1)/usr/lib/$(ENGINES_DIR) + $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d \ + $(1)/usr/lib/$(ENGINES_DIR) + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/afalg.so $(1)/usr/lib/$(ENGINES_DIR) + $(INSTALL_DATA) ./files/afalg.cnf $(1)/etc/ssl/engines.cnf.d/ endef define Package/libopenssl-devcrypto/install - $(INSTALL_DIR) $(1)/usr/lib/$(ENGINES_DIR) - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/devcrypto.so $(1)/usr/lib/$(ENGINES_DIR) + $(INSTALL_DIR) $(1)/etc/ssl/engines.cnf.d \ + $(1)/usr/lib/$(ENGINES_DIR) + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/devcrypto.so $(1)/usr/lib/$(ENGINES_DIR) + $(INSTALL_DATA) ./files/devcrypto.cnf $(1)/etc/ssl/engines
[PATCH 0/3] Engine configuration series
This series builds upon what was first started by Daniel Danzberger, with some suggestions by Florian Eckert to enable the engines when they are installed. The series split is subject to discussion: - the first commit does a patch cleanup proposed by Rosen Penev, and also splits the configuration from one monolithic file to one file per engine, and also an engines list. - the sencond implements my first proposal, of enabling engines during their installation. It introduces an engine.mk file that provides menu placement, basic dependencies and the postinst, postrm functions for engine packages, and can be used for out of tree engine packages. - the third commit introduces uci configuration, and does the engines list generation during startup, or when an engine package is installed or removed. The first commit received basic testing on mvebu running master, covering afalg and devcrpto engines built as modules. The second and third commits had testing expanded to checking built-in engine builds. I have not squashed the commits, but I do think that 2 and 3 may be squashed if 3 is merged. The first one is just cleanup, and the second adds complexity that ended up being removed by the third commit. Nonetheless, all of them result in a working package. I thought about expanding uci support to include other configuration commands, but it would drop the documentation provided by the current config files. Besides, each engine has its own options, which would add complexity to config generation if you are to actually verify them. Passing unknown commands straight from uci to the config files would be simple and work, but it would be hard to find what options are available, compared to just reading the example configs provided otherwise. openssl engine -vv would show the commands, with some basic description of them, but getting the supported arguments may not be straightforward. For example, gost engine has "CRYPT_PARAMS: OID of default GOST 28147-89 parameters". All I could do to help was to point to a header file where the actual list of supported parameters is defined. After this is merged, I will adapt the two engines in the packages feed. Eneas U de Queiroz (3): openssl: config engines in /etc/ssl/engines.cnf.d openssl: configure engine packages during install openssl: configure engines with uci package/libs/openssl/Makefile | 55 +- package/libs/openssl/engine.mk| 42 package/libs/openssl/files/afalg.cnf | 32 ++ package/libs/openssl/files/devcrypto.cnf | 31 ++ package/libs/openssl/files/engines.cnf| 7 ++ .../libs/openssl/files/openssl-engines.init | 19 package/libs/openssl/files/openssl.init | 31 ++ package/libs/openssl/files/padlock.cnf| 3 + .../patches/100-Configure-afalg-support.patch | 3 +- .../openssl/patches/110-openwrt_targets.patch | 3 +- .../120-strip-cflags-from-binary.patch| 3 +- .../patches/130-dont-build-tests-fuzz.patch | 3 +- .../patches/140-allow-prefer-chacha20.patch | 4 +- .../150-openssl.cnf-add-engines-conf.patch| 100 +++--- ...o-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch | 3 +- ..._devcrypto-add-configuration-options.patch | 5 +- ...ypto-add-command-to-dump-driver-info.patch | 3 +- ...o-make-the-dev-crypto-engine-dynamic.patch | 4 - ...default-to-not-use-digests-in-engine.patch | 1 - ...to-ignore-error-when-closing-session.patch | 1 - 20 files changed, 213 insertions(+), 140 deletions(-) create mode 100644 package/libs/openssl/engine.mk create mode 100644 package/libs/openssl/files/afalg.cnf create mode 100644 package/libs/openssl/files/devcrypto.cnf create mode 100644 package/libs/openssl/files/engines.cnf create mode 100644 package/libs/openssl/files/openssl-engines.init create mode 100755 package/libs/openssl/files/openssl.init create mode 100644 package/libs/openssl/files/padlock.cnf ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH rpcd] iwinfo: add 802.11ax HE support
Hi David, Le mer. 28 avr. 2021 à 07:07, David Bauer a écrit : > > Expose 802.11ax HE rate as well as HW / HT mode information. This is > required to add 802.11ax support to LuCI. > > Signed-off-by: David Bauer > --- > iwinfo.c | 45 + > 1 file changed, 45 insertions(+) > > diff --git a/iwinfo.c b/iwinfo.c > index 63ff2a1..6b376c4 100644 > --- a/iwinfo.c > +++ b/iwinfo.c ... > } > } > @@ -280,6 +295,9 @@ rpc_iwinfo_call_hwmodes(const char *name) > if (modes & IWINFO_80211_AC) > blobmsg_add_string(&buf, NULL, "ac"); > > + if (modes & IWINFO_80211_AX) > + blobmsg_add_string(&buf, NULL, "ac"); I think you meant "ax" no ? > + > if (modes & IWINFO_80211_A) > blobmsg_add_string(&buf, NULL, "a"); > ... ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH rpcd] iwinfo: add 802.11ax HE support
Expose 802.11ax HE rate as well as HW / HT mode information. This is
required to add 802.11ax support to LuCI.
Signed-off-by: David Bauer
---
iwinfo.c | 45 +
1 file changed, 45 insertions(+)
diff --git a/iwinfo.c b/iwinfo.c
index 63ff2a1..6b376c4 100644
--- a/iwinfo.c
+++ b/iwinfo.c
@@ -260,6 +260,21 @@ rpc_iwinfo_call_htmodes(const char *name)
if (modes & IWINFO_HTMODE_VHT160)
blobmsg_add_string(&buf, NULL, "VHT160");
+ if (modes & IWINFO_HTMODE_HE20)
+ blobmsg_add_string(&buf, NULL, "HE20");
+
+ if (modes & IWINFO_HTMODE_HE40)
+ blobmsg_add_string(&buf, NULL, "HE40");
+
+ if (modes & IWINFO_HTMODE_HE80)
+ blobmsg_add_string(&buf, NULL, "HE80");
+
+ if (modes & IWINFO_HTMODE_HE80_80)
+ blobmsg_add_string(&buf, NULL, "HE80+80");
+
+ if (modes & IWINFO_HTMODE_HE160)
+ blobmsg_add_string(&buf, NULL, "HE160");
+
blobmsg_close_array(&buf, c);
}
}
@@ -280,6 +295,9 @@ rpc_iwinfo_call_hwmodes(const char *name)
if (modes & IWINFO_80211_AC)
blobmsg_add_string(&buf, NULL, "ac");
+ if (modes & IWINFO_80211_AX)
+ blobmsg_add_string(&buf, NULL, "ac");
+
if (modes & IWINFO_80211_A)
blobmsg_add_string(&buf, NULL, "a");
@@ -332,6 +350,26 @@ static void rpc_iwinfo_call_hw_ht_mode()
htmode_str = "VHT160";
hwmode_str = "ac";
break;
+ case IWINFO_HTMODE_HE20:
+ htmode_str = "HE20";
+ hwmode_str = "ax";
+ break;
+ case IWINFO_HTMODE_HE40:
+ htmode_str = "HE40";
+ hwmode_str = "ax";
+ break;
+ case IWINFO_HTMODE_HE80:
+ htmode_str = "HE80";
+ hwmode_str = "ax";
+ break;
+ case IWINFO_HTMODE_HE80_80:
+ htmode_str = "HE80+80";
+ hwmode_str = "ax";
+ break;
+ case IWINFO_HTMODE_HE160:
+ htmode_str = "HE160";
+ hwmode_str = "ax";
+ break;
case IWINFO_HTMODE_NOHT:
htmode_str = "20";
hwmode_str = "a/g";
@@ -491,6 +529,7 @@ rpc_iwinfo_add_rateinfo(struct iwinfo_rate_entry *r)
{
blobmsg_add_u8(&buf, "ht", r->is_ht);
blobmsg_add_u8(&buf, "vht", r->is_vht);
+ blobmsg_add_u8(&buf, "he", r->is_he);
blobmsg_add_u32(&buf, "mhz", r->mhz);
blobmsg_add_u32(&buf, "rate", r->rate);
@@ -504,6 +543,12 @@ rpc_iwinfo_add_rateinfo(struct iwinfo_rate_entry *r)
blobmsg_add_u32(&buf, "nss", r->nss);
blobmsg_add_u8(&buf, "short_gi", r->is_short_gi);
}
+ else if (r->is_he) {
+ blobmsg_add_u32(&buf, "mcs", r->mcs);
+ blobmsg_add_u32(&buf, "nss", r->nss);
+ blobmsg_add_u32(&buf, "he_gi", r->he_gi);
+ blobmsg_add_u32(&buf, "he_dcm", r->he_dcm);
+ }
}
static int
--
2.31.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: ath79: mikrotik mac issue
Hi Roger, I just confirmed that MAC's are properly set using master OpenWRT. Will look into this. I noticed you say this and OpenWRT master also shows it: eth1: /sys/firmware/mikrotik/hard_config/mac_base eth0: /sys/firmware/mikrotik/hard_config/mac_base+1 wlan0: /sys/firmware/mikrotik/hard_config/mac_base+2 I just checked on a fresh board using routerOS and it should be: eth0: /sys/firmware/mikrotik/hard_config/mac_base eth1: /sys/firmware/mikrotik/hard_config/mac_base+1 //SFP wlan0: /sys/firmware/mikrotik/hard_config/mac_base+2 So the macs from Eth and SFP (eth1) need to be switched. Regards, Koen On 18.04.21 19:00, Roger Pueyo Centelles wrote: Hi, Sorry, no clue. I am getting MAC addresses correctly assigned on a MikroTik RB922UAGS-5HPacD running OpenWrt SNAPSHOT, r16574-f7e00d81bc. As expected, random MAC addresses appear for both eth0 and eth1 on a fresh boot after flashing with "sysupgrade -v -n. At around ~40 seconds uptime, the network is activated with the correct MAC addresses enabled (same as in /etc/config/network): eth1: /sys/firmware/mikrotik/hard_config/mac_base eth0: /sys/firmware/mikrotik/hard_config/mac_base+1 wlan0: /sys/firmware/mikrotik/hard_config/mac_base+2 The behaviour is correct on rebooting or reflashing. Roger El 16/4/21 a les 17:04, Koen Vandeputte ha escrit: Hi all, I found another interesting issue testing on a rb922 The board gets a random mac on each boot. This is normal and should be automatically corrected by 02_network afterwards when hard_config is available, but it seems it's not getting applied correctly. Debugging the 02_network script shows that the actual value is properly fetched from hard_config, but it's not getting applied for some reason .. /etc/board.json shows the correct ones, but the interfaces still carry the random MAC. Judging by the flow in the script, I guess this issue will be present on all ath79 Mikrotik targets. Anyone got a clue? Regards, Koen ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
