From d656d38c7c253bfd30a4a8943de2355aff608d08 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Fri, 6 May 2022 17:00:33 +0200 Subject: [PATCH 1/3] mesh-vpn-core: require legacy iptables Require legacy iptables, as Gluon still depends on firewall3. Otherwise, nftables is pulled in as a dependency. --- package/gluon-mesh-vpn-core/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/gluon-mesh-vpn-core/Makefile b/package/gluon-mesh-vpn-core/Makefile index 3679e2bc..9525f110 100644 --- a/package/gluon-mesh-vpn-core/Makefile +++ b/package/gluon-mesh-vpn-core/Makefile @@ -6,7 +6,7 @@ include ../gluon.mk define Package/gluon-mesh-vpn-core TITLE:=Basic support for connecting meshes via VPN tunnels - DEPENDS:=+gluon-core +gluon-wan-dnsmasq +iptables +iptables-mod-extra +simple-tc + DEPENDS:=+gluon-core +gluon-wan-dnsmasq +iptables-legacy +iptables-mod-extra +simple-tc USERID:=:gluon-mesh-vpn=800 endef From 6fe2e6fc80436bf9f7527c36a3fcbf8155daba28 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Fri, 6 May 2022 17:03:08 +0200 Subject: [PATCH 2/3] target: remove nftables Gluon still uses firewall3 and iptables, so remove dependency on nftables. --- targets/generic | 2 ++ 1 file changed, 2 insertions(+) diff --git a/targets/generic b/targets/generic index 21b617d3..0ff48658 100644 --- a/targets/generic +++ b/targets/generic @@ -70,8 +70,10 @@ config('GLUON_MINIFY', istrue(env.GLUON_MINIFY)) packages { '-ca-bundle', '-kmod-ipt-offload', + '-kmod-nft-offload', '-libustream-wolfssl', '-libwolfssl', + '-nftables', '-odhcpd-ipv6only', '-ppp', '-ppp-mod-pppoe', From fd6f8c2919fd4f008c06cde85c58b8ea44f7b3ab Mon Sep 17 00:00:00 2001 From: David Bauer Date: Fri, 6 May 2022 18:05:07 +0200 Subject: [PATCH 3/3] generic: optimize kernel size Remove kernel symbols which are not required for Gluon. Signed-off-by: David Bauer --- targets/generic | 3 +++ 1 file changed, 3 insertions(+) diff --git a/targets/generic b/targets/generic index 0ff48658..7c652eb9 100644 --- a/targets/generic +++ b/targets/generic @@ -46,6 +46,9 @@ try_config('TARGET_SQUASHFS_BLOCK_SIZE', 256) config('KERNEL_IP_MROUTE', false) config('KERNEL_IPV6_MROUTE', false) +config('KERNEL_IPV6_SEG6_LWTUNNEL', false) +config('SECCOMP', false) +config('KERNEL_SECCOMP', false) config('COLLECT_KERNEL_DEBUG', true)