[PATCH 1/3] netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy
Signed-off-by: Yousong Zhou --- include/netfilter.mk | 13 package/kernel/linux/modules/netfilter.mk | 39 ++- 2 files changed, 45 insertions(+), 7 deletions(-) diff --git a/include/netfilter.mk b/include/netfilter.mk index 4602a1d412..751fabef19 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -239,14 +239,15 @@ $(eval $(call nf_add,IPT_NFQUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_N $(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE)) -# tproxy +# socket +$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4)) +$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6)) +$(eval $(call nf_add,IPT_SOCKET,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6)) +# tproxy +$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4)) +$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6)) $(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6)) # led $(eval $(call nf_add,IPT_LED,CONFIG_NETFILTER_XT_TARGET_LED, $(P_XT)xt_LED)) diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 75a06fb651..85780306f3 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -162,6 +162,28 @@ endef $(eval $(call KernelPackage,nf-flow)) +define KernelPackage/nf-socket + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter socket lookup support + KCONFIG:= $(KCOFNIG_NF_SOCKET) + FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m))) +endef + +$(eval $(call KernelPackage,nf-socket)) + + +define KernelPackage/nf-tproxy + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter tproxy support + KCONFIG:= $(KCOFNIG_NF_TPROXY) + FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m))) +endef + +$(eval $(call KernelPackage,nf-tproxy)) + + define AddDepends/ipt SUBMENU:=$(NF_MENU) DEPENDS+= +kmod-ipt-core $(1) @@ -645,9 +667,24 @@ endef $(eval $(call KernelPackage,ipt-led)) +define KernelPackage/ipt-socket + TITLE:=Iptables socket matching support + DEPENDS+=+kmod-nf-socket +kmod-nf-conntrack + KCONFIG:=$(KCONFIG_IPT_SOCKET) + FILES:=$(foreach mod,$(IPT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_SOCKET-m))) + $(call AddDepends/ipt) +endef + +define KernelPackage/ipt-socket/description + Kernel modules for socket matching +endef + +$(eval $(call KernelPackage,ipt-socket)) + define KernelPackage/ipt-tproxy TITLE:=Transparent proxying support - DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables + DEPENDS+=+kmod-nf-tproxy +kmod-nf-conntrack KCONFIG:=$(KCONFIG_IPT_TPROXY) FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m))) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 3/3] netfilter: add kmod-nft-tproxy
Signed-off-by: Yousong Zhou --- include/netfilter.mk | 2 ++ package/kernel/linux/modules/netfilter.mk | 11 +++ 2 files changed, 13 insertions(+) diff --git a/include/netfilter.mk b/include/netfilter.mk index 83455cc378..2ef8f83e4c 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -353,6 +353,8 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_QUEUE,CONFIG_NFT_QUEUE, $(P_XT)nft_queu $(eval $(if $(NF_KMOD),$(call nf_add,NFT_SOCKET,CONFIG_NFT_SOCKET, $(P_XT)nft_socket),)) +$(eval $(if $(NF_KMOD),$(call nf_add,NFT_TPROXY,CONFIG_NFT_TPROXY, $(P_XT)nft_tproxy),)) + $(eval $(if $(NF_KMOD),$(call nf_add,NFT_COMPAT,CONFIG_NFT_COMPAT, $(P_XT)nft_compat),)) # userland only diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 7200af769f..1707bf2d9f 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -1228,6 +1228,17 @@ endef $(eval $(call KernelPackage,nft-socket)) +define KernelPackage/nft-tproxy + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables tproxy support + DEPENDS:=+kmod-nft-core +kmod-nf-tproxy +kmod-nf-conntrack + FILES:=$(foreach mod,$(NFT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_TPROXY-m))) + KCONFIG:=$(KCONFIG_NFT_TPROXY) +endef + +$(eval $(call KernelPackage,nft-tproxy)) + define KernelPackage/nft-compat SUBMENU:=$(NF_MENU) TITLE:=Netfilter nf_tables compat support ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 2/3] netfilter: add kmod-nft-socket
Signed-off-by: Yousong Zhou --- include/netfilter.mk | 2 ++ package/kernel/linux/modules/netfilter.mk | 11 +++ 2 files changed, 13 insertions(+) diff --git a/include/netfilter.mk b/include/netfilter.mk index 751fabef19..83455cc378 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -351,6 +351,8 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_IPV6, $(P_V6)nft_fib $(eval $(if $(NF_KMOD),$(call nf_add,NFT_QUEUE,CONFIG_NFT_QUEUE, $(P_XT)nft_queue),)) +$(eval $(if $(NF_KMOD),$(call nf_add,NFT_SOCKET,CONFIG_NFT_SOCKET, $(P_XT)nft_socket),)) + $(eval $(if $(NF_KMOD),$(call nf_add,NFT_COMPAT,CONFIG_NFT_COMPAT, $(P_XT)nft_compat),)) # userland only diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 85780306f3..7200af769f 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -1217,6 +1217,17 @@ endef $(eval $(call KernelPackage,nft-queue)) +define KernelPackage/nft-socket + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables socket support + DEPENDS:=+kmod-nft-core +kmod-nf-socket + FILES:=$(foreach mod,$(NFT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_SOCKET-m))) + KCONFIG:=$(KCONFIG_NFT_SOCKET) +endef + +$(eval $(call KernelPackage,nft-socket)) + define KernelPackage/nft-compat SUBMENU:=$(NF_MENU) TITLE:=Netfilter nf_tables compat support ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] kernel: generic: add missing 5.10 symbols
On 24/02/2022 22:05, Rui Salvaterra wrote: Add the following kconfig symbols (disabled): CONFIG_DEFAULT_FQ CONFIG_DEFAULT_CODEL CONFIG_DEFAULT_SFQ Also resort the config with the kconfig.pl script. Fixes: f39872d966 ("kernel: generic: select the fq_codel qdisc by default") Signed-off-by: Rui Salvaterra Oh, ok. Yes, this is why that: |* Allow override default queue discipline |* |Allow override default queue discipline (NET_SCH_DEFAULT) [Y/n/?] y | Default queuing discipline |1. Fair Queue (DEFAULT_FQ) (NEW) |2. Controlled Delay (DEFAULT_CODEL) (NEW) | > 3. Fair Queue Controlled Delay (DEFAULT_FQ_CODEL) |4. Stochastic Fair Queue (DEFAULT_SFQ) (NEW) |5. Priority FIFO Fast (DEFAULT_PFIFO_FAST) | choice[1-5?]: ^Cmake[7]: *** [scripts/kconfig/Makefile:71: syncconfig] Interrupt was showing up... with that patch well no longer anymore. Tested-by: Christian Lamparter ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] kernel: generic: add missing 5.10 symbols
Add the following kconfig symbols (disabled): CONFIG_DEFAULT_FQ CONFIG_DEFAULT_CODEL CONFIG_DEFAULT_SFQ Also resort the config with the kconfig.pl script. Fixes: f39872d966 ("kernel: generic: select the fq_codel qdisc by default") Signed-off-by: Rui Salvaterra --- I screwed up, sorry about that. Christian, Stijn, does this fix the kconfig failure you noticed? target/linux/generic/config-5.10 | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10 index 56eb052981..c6a34eea13 100644 --- a/target/linux/generic/config-5.10 +++ b/target/linux/generic/config-5.10 @@ -1329,8 +1329,10 @@ CONFIG_DEBUG_KERNEL=y # CONFIG_DEBUG_WX is not set # CONFIG_DEBUG_ZBOOT is not set # CONFIG_DECNET is not set +# CONFIG_DEFAULT_CODEL is not set CONFIG_DEFAULT_CUBIC=y CONFIG_DEFAULT_DEADLINE=y +# CONFIG_DEFAULT_FQ is not set CONFIG_DEFAULT_FQ_CODEL=y CONFIG_DEFAULT_HOSTNAME="(none)" CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 @@ -1343,6 +1345,7 @@ CONFIG_DEFAULT_NET_SCH="fq_codel" CONFIG_DEFAULT_SECURITY="" CONFIG_DEFAULT_SECURITY_DAC=y # CONFIG_DEFAULT_SECURITY_SELINUX is not set +# CONFIG_DEFAULT_SFQ is not set CONFIG_DEFAULT_TCP_CONG="cubic" CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set @@ -3594,6 +3597,7 @@ CONFIG_MTD_NAND_IDS=y # CONFIG_MTD_NAND_JZ4740 is not set # CONFIG_MTD_NAND_MPC5121_NFC is not set # CONFIG_MTD_NAND_MTK is not set +# CONFIG_MTD_NAND_MTK_BMT is not set # CONFIG_MTD_NAND_MXC is not set # CONFIG_MTD_NAND_MXIC is not set # CONFIG_MTD_NAND_NANDSIM is not set @@ -3678,7 +3682,6 @@ CONFIG_MTD_SPLIT_SUPPORT=y # CONFIG_MTD_UBI_GLUEBI is not set # CONFIG_MTD_UIMAGE_SPLIT is not set # CONFIG_MTD_VIRT_CONCAT is not set -# CONFIG_MTD_NAND_MTK_BMT is not set # CONFIG_MTK_MMC is not set # CONFIG_MTK_MMSYS is not set # CONFIG_MULTIPLEXER is not set @@ -4590,14 +4593,14 @@ CONFIG_PROC_SYSCTL=y # CONFIG_PSB6970_PHY is not set # CONFIG_PSI is not set # CONFIG_PSTORE is not set +# CONFIG_PSTORE_842_COMPRESS is not set # CONFIG_PSTORE_COMPRESS is not set # CONFIG_PSTORE_COMPRESS_DEFAULT="deflate" # CONFIG_PSTORE_CONSOLE is not set # CONFIG_PSTORE_DEFLATE_COMPRESS is not set # CONFIG_PSTORE_DEFLATE_COMPRESS_DEFAULT is not set -# CONFIG_PSTORE_842_COMPRESS is not set -# CONFIG_PSTORE_LZ4_COMPRESS is not set # CONFIG_PSTORE_LZ4HC_COMPRESS is not set +# CONFIG_PSTORE_LZ4_COMPRESS is not set # CONFIG_PSTORE_LZO_COMPRESS is not set # CONFIG_PSTORE_PMSG is not set # CONFIG_PSTORE_RAM is not set -- 2.35.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] realtek: ZyXEL GS1900-48: drop gpio-restart
On Tue, 2022-02-22 at 23:39 +0100, Birger Koblitz wrote: > Hi, > > the information on the external GPIO resetting the board of > the Zyxel GS1900-48 comes from the hardware configuration > reported by the stock firmware. It says: > GS1900# show board > [...] > == Reset = > Type: GPIO > GPIO: EXT_5 > [...] > Using the rtk gpio commands in u-boot this can be confirmed. Can you list the commands that you used to test this? My bootloader only supports "rtk network ..." and "cst pinSet ...". > On 22/02/2022 23:00, Sander Vanheule wrote: > > On Mon, 2022-02-21 at 21:23 +0100, Birger Koblitz wrote: > > > Hi, > > > > > > > > I just checked with my multimeter, and while the GPIO5 on the RTL8231 > > > > does go > > > > high/low > > > > when I set the output high/low from Linux, my device certainly doesn't > > > > reset. The > > > > other > > > > GPIO lines on the chip do work, since SFP modules are correctly > > > > detected. > > > > > > > > Birger, just to be sure, can you confirm that your device does reset > > > > with GPIO5 on > > > > the > > > > RTL8231? > > > > > > Yes, it does.There is a warning, but then it reliably resets. That was > > > why I left it > > > in as is. > > > > I had another hard look at my board, to check if something may be wrong > > physically, > > but I > > cannot find anything. My device's board looks identical to the pictures on > > the switch > > wiki > > [1], which I think you uploaded earlier. > > > > There is some reset logic on the board [2], but I cannot figure out how > > GPIO5 would be > > connected to it electrically. Unless I missed a via connecting to that pin > > on the > > RTL8231, > > GPIO5 only appears to lead to TP2. GPIO5/TP2 does not appear to be connected > > electrically > > to any part of the circuit next to SW1. I could add a bodge wire to connect > > TP2 to pad > > U25:3, but gpio-restart should really work on unmodified hardware. > > > > [1] https://svanheule.net/switches/gs1900-48#board_details > > [2] https://svanheule.net/switches/gs1900-48#hard_reset_circuit Having another look at the source code of gpio-restart, the WARNING-s I reported in the patch's commit message occur at the following points of the GPIO output waveform: |< 100ms >|< 100 ms >|< 3000 ms >|< Restart failed _|_| |___|__ [ active ] _X \__/ [inactive] || | | || | ^ WARN @ drivers/power/reset/gpio-restart.c:46 || | || ^ WARN @ drivers/gpio/gpiolib.c:3098 |^ WARN @ drivers/gpio/gpiolib.c:3098 | ^ Restart should already occur here If everything is set up correctly, the system should restart before execution reaches the point where a warning can be emitted. If you say that you see a warning (any at all), AFAICT that means gpio-restart is not working. As they say, the proof of the pudding is in the eating, so I soldered a jumper wire between the RTL8231's GPIO5 pin (U38:25) and the line driven by the hard reset button (U25:3) [https://svanheule.net/switches/gs1900-48#hard_reset_circuit]. As expected from the analysis above, this results in a system rebooting without _any_ warning (using an initramfs from yesterday's snapshot builds): root@OpenWrt:/# reboot root@OpenWrt:/# [ 185.092891] rtl83xx_fib_event: FIB_RULE ADD/DELL for IPv6 not supported [ 185.101879] rtl83xx_fib_event: FIB_RULE ADD/DELL for IPv6 not supported [ 185.111835] rtl83xx_fib_event: FIB_RULE ADD/DELL for IPv6 not supported [ 185.120484] rtl83xx_fib4_del: found a route with id 1, nh-id 0 [ 185.127681] rtl83xx-switch switch@1b00: unknown nexthop, id 0 [ 185.149505] rtl83xx-switch switch@1b00: unknown nexthop, id 0 [ 185.157262] rtl83xx_fib4_del: found a route with id 2, nh-id 0 [ 185.164418] rtl83xx-switch switch@1b00: unknown nexthop, id 0 [ 185.173391] rtl83xx_fib4_del: no such gateway: 0.0.0.0 [ 185.225492] device lan01 left promiscuous mode [ 185.230976] switch: port 1(lan01) entered disabled state ... [ 187.735562] device lan50 left promiscuous mode [ 187.741075] switch: port 50(lan50) entered disabled state [ 187.794104] in rtl838x_eth_stop [ 187.797945] rtl838x-eth 1b00a300.ethernet eth0: Link is Down [ 188.329431] rtl83xx_fib_event: FIB_RULE ADD/DELL for IPv6 not supported [ 188.337562] rtl83xx_fib_event: FIB_RULE ADD/DELL for IPv6 not supported [ 188.345649] rtl83xx_fib_event: FIB_RULE ADD/DELL for IPv6 not supported [ 188.353736] rtl83xx_fib_event: FIB_RULE ADD/DELL for IPv6 not supported [ 188.543709] rtl83xx_fib4_del: no such gateway: 0.0.0.0 [ 188.549982] rtl83xx_fib4_del: no such gateway: 0.0.0.0 [ 188.559077] rtl83xx_fib_event: FIB_RULE ADD/DELL for IPv6 not supported [ 188.567226] rtl83xx_fib_event: FIB_RULE ADD/DELL for IPv6 not supported [ 188.576283] rtl83xx_fib4_del: no such gateway: 0.0.0.0 [
Re: what stop 21.02.2 and 19.07.9 from offically released?
People writing the release notes and change logs are busy. I’ll try to write the announcement later today with Hauke if he has the time. > On 24. Feb 2022, at 11:59, Seo Suchan wrote: > > both are taged 7 days ago and it look target is built feb 18 and package > builder passed taged commit, so can I ask what's stoping it being released as > offical? > > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
what stop 21.02.2 and 19.07.9 from offically released?
both are taged 7 days ago and it look target is built feb 18 and package builder passed taged commit, so can I ask what's stoping it being released as offical? ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel