Re: [PATCH firewall4] fw4: add support for include.d dir
Hi, instead of introducing uci includes that configure nft includes, why not encode the chain/position etc. values directly into the path/filename and directly include the file if it exists at the expected location? A potential pattern could be "[0-9][0-9]_{ruleset_pre,ruleset_post,table_pre,table_post,chain_pre_*,chain_post_*}_*.nft". Taking the example from your mail, these *.nft includes would be stored at /usr/share/firewall4/include.d/01_chain_pre_input_strongswan.nft /usr/share/firewall4/include.d/02_chain_pre_output_strongswan.nft /usr/share/firewall4/include.d/03_chain_pre_forward_strongswan.nft Alternatively, the hooks could be moved into a subdirectory structure for better clarity: /usr/share/firewall4/includes.d/ + ruleset-pre/ + 99_custom_named_set_declarations.nft + ruleset-post/ + ... + table-pre/ + ... + table-post/ + ... + chain-pre/ + input/ + 29_strongswan.nft + output/ + 29_strongswan.nft + forward/ + 29_strongswan.nft + chain-post/ + mangle_output/ + 99_custom_dscp_fiddling.nft (The numeric prefixes carry no semantic meaning in this structure, they'd just be there to enforce a certain order within a given hook directory) I think the above would be a lot more manageable since you'd just have to place partial .nft files which are then folded into the final ruleset on fw4 start/reload. ~ Jo signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] kernel/crypto: fix crypto-lib-curve25519 x86_64 build
On 2022-07-21 17:10, Stijn Tintel wrote: On 21/07/2022 15:17, Florian Eckert wrote: The crypto-lib-curve25519 dependency for x86_64 could not be met, because the package for for the architecture x86_64 was not added to crypto-lib-curve package. Also the package arch definition for x86/64 does not exist. It musst be change to x86_64 to get added. Can you please elaborate why this is needed? My x86/64 image contains curve25519_x86_64.ko without this change. Hello Stijn I am currently working on a target for integration in Openwrt (Lightning Mountain). This is a x86_64 architecture with 4 Atoms CPUs. I have added a new target (mxl) and subtarget (lgm) with $(ARCH) x86_64. But If I do it like this, then the module could not be build because, the dependency is not met. "Missing So far it only works now if I set the $(BOARD) value to x86 in the Makefile and I also have to add a $(SUBTARGET) 64 in my directory mxl which in my case does not fit. I also wanted to make it equal to the packages kmod-crypto-lib-poly1305. This package maps this via $(ARCH) and doesn't do any special handling. So I would prefer if we make it dependent on the $(ARCH) variable. Also in the linux kernel this is also under /arch/x86. I think we should also update [1] https://github.com/TDT-AG/openwrt/blob/master/package/kernel/linux/modules/crypto.mk#L464 Best regards Florian [1] https://github.com/TDT-AG/openwrt/blob/master/package/kernel/linux/modules/crypto.mk#L545 Thanks, Stijn [1] https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=include/kernel.mk;h=001718d89d8b77bf7843c5cba77ef519f808e085;hb=HEAD#l213 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel