From 8e5abf02ae050f2211370d0837eba6fa4f93a485 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 11 Apr 2018 13:13:59 +0200 Subject: [PATCH 1/5] treewide: switch to ebtables-tiny --- .../src/gluon-arp-limiter.c | 2 +- package/gluon-ebtables/Makefile | 2 +- .../files/etc/init.d/gluon-ebtables | 16 ++++++++-------- .../gluon-radv-filterd/src/gluon-radv-filterd.c | 8 ++++---- package/gluon-radv-filterd/src/respondd.c | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c b/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c index cbb6faf2..9c764006 100644 --- a/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c +++ b/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c @@ -18,7 +18,7 @@ #define BATCTL_DC "/usr/sbin/batctl dc -H -n" #define BATCTL_TL "/usr/sbin/batctl tl -H -n" -#define EBTABLES "/usr/sbin/ebtables --concurrent" +#define EBTABLES "/usr/sbin/ebtables-tiny" #define BUILD_BUG_ON(check) ((void)sizeof(int[1-2*!!(check)])) diff --git a/package/gluon-ebtables/Makefile b/package/gluon-ebtables/Makefile index f5ee0e38..3ecf9b88 100644 --- a/package/gluon-ebtables/Makefile +++ b/package/gluon-ebtables/Makefile @@ -10,7 +10,7 @@ define Package/gluon-ebtables SECTION:=gluon CATEGORY:=Gluon TITLE:=Ebtables support - DEPENDS:=+gluon-core +ebtables +kmod-ebtables-ipv4 +kmod-ebtables-ipv6 +kmod-ipt-core + DEPENDS:=+gluon-core +ebtables-tiny +kmod-ebtables +kmod-ebtables-ipv4 +kmod-ebtables-ipv6 endef define Package/gluon-ebtables/description diff --git a/package/gluon-ebtables/files/etc/init.d/gluon-ebtables b/package/gluon-ebtables/files/etc/init.d/gluon-ebtables index 40c9e061..60add180 100755 --- a/package/gluon-ebtables/files/etc/init.d/gluon-ebtables +++ b/package/gluon-ebtables/files/etc/init.d/gluon-ebtables @@ -7,13 +7,13 @@ # rule FORWARD --logical-out br-client -d Multicast -p IPv4 --ip-protocol udp --ip-destination-port 5355 -j DROP # # Removing all rules: -# $ ./firewall-ebtables stop +# $ /etc/init.d/gluon-ebtables stop # Inserting all rules: -# $ ./firewall-ebtables start +# $ /etc/init.d/gluon-ebtables start # Inserting a specific rule file: -# $ ./firewall-ebtables start /lib/gluon/ebtables/100-mcast-chain +# $ /etc/init.d/gluon-ebtables start /lib/gluon/ebtables/100-mcast-chain # Removing a specific rule file: -# $ ./firewall-ebtables stop /lib/gluon/ebtables/100-mcast-chain +# $ /etc/init.d/gluon-ebtables stop /lib/gluon/ebtables/100-mcast-chain START=19 @@ -51,8 +51,8 @@ exec_all() { start() { ( - export EBTABLES_RULE='"ebtables --concurrent -t " .. table .. " -A " .. command' - export EBTABLES_CHAIN='"ebtables --concurrent -t " .. table .. " -N " .. name .. " -P " .. policy' + export EBTABLES_RULE='"ebtables-tiny -t " .. table .. " -A " .. command' + export EBTABLES_CHAIN='"ebtables-tiny -t " .. table .. " -N " .. name .. " -P " .. policy' # Contains /var/lib/ebtables/lock for '--concurrent' [ ! -d "/var/lib/ebtables" ] && \ @@ -68,8 +68,8 @@ start() { stop() { ( - export EBTABLES_RULE='"ebtables --concurrent -t " .. table .. " -D " .. command' - export EBTABLES_CHAIN='"ebtables --concurrent -t " .. table .. " -X " .. name' + export EBTABLES_RULE='"ebtables-tiny -t " .. table .. " -D " .. command' + export EBTABLES_CHAIN='"ebtables-tiny -t " .. table .. " -X " .. name' if [ -z "$1" ]; then exec_all '-r' diff --git a/package/gluon-radv-filterd/src/gluon-radv-filterd.c b/package/gluon-radv-filterd/src/gluon-radv-filterd.c index 990885ea..5fcab439 100644 --- a/package/gluon-radv-filterd/src/gluon-radv-filterd.c +++ b/package/gluon-radv-filterd/src/gluon-radv-filterd.c @@ -168,11 +168,11 @@ static void cleanup(void) { if (G.chain) { /* Reset chain to accept everything again */ if (fork_execvp_timeout(&timeout, "ebtables", (const char *[]) - { "ebtables", "--concurrent", "-F", G.chain, NULL })) + { "ebtables-tiny", "-F", G.chain, NULL })) DEBUG_MSG("warning: flushing ebtables chain %s failed, not adding a new rule", G.chain); if (fork_execvp_timeout(&timeout, "ebtables", (const char *[]) - { "ebtables", "--concurrent", "-A", G.chain, "-j", "ACCEPT", NULL })) + { "ebtables-tiny", "-A", G.chain, "-j", "ACCEPT", NULL })) DEBUG_MSG("warning: adding new rule to ebtables chain %s failed", G.chain); } } @@ -720,10 +720,10 @@ static void update_ebtables(void) { G.best_router = router; if (fork_execvp_timeout(&timeout, "ebtables", (const char *[]) - { "ebtables", "--concurrent", "-F", G.chain, NULL })) + { "ebtables-tiny", "-F", G.chain, NULL })) error_message(0, 0, "warning: flushing ebtables chain %s failed, not adding a new rule", G.chain); else if (fork_execvp_timeout(&timeout, "ebtables", (const char *[]) - { "ebtables", "--concurrent", "-A", G.chain, "-s", mac, "-j", "ACCEPT", NULL })) + { "ebtables-tiny", "-A", G.chain, "-s", mac, "-j", "ACCEPT", NULL })) error_message(0, 0, "warning: adding new rule to ebtables chain %s failed", G.chain); } diff --git a/package/gluon-radv-filterd/src/respondd.c b/package/gluon-radv-filterd/src/respondd.c index 7e65a3d9..8c2c7eb4 100644 --- a/package/gluon-radv-filterd/src/respondd.c +++ b/package/gluon-radv-filterd/src/respondd.c @@ -8,7 +8,7 @@ #include "mac.h" static struct json_object * get_radv_filter() { - FILE *f = popen("exec ebtables --concurrent -L RADV_FILTER", "r"); + FILE *f = popen("exec ebtables-tiny -L RADV_FILTER", "r"); char *line = NULL; size_t len = 0; struct ether_addr mac = {}; From 2f4d3b71aff1fa9d6dad837284fc352e5c3c2c25 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 11 Apr 2018 13:14:00 +0200 Subject: [PATCH 2/5] Add patches to reduce iptables module dependencies --- ...tables-on-kmod-ebtables-to-selecting.patch | 23 ++++ ...0075-kernel-unhide-kmod-br-netfilter.patch | 21 ++++ ...s-do-not-depend-on-kmod-br-netfilter.patch | 22 ++++ ...sdev-match-out-as-a-separate-package.patch | 114 ++++++++++++++++++ 4 files changed, 180 insertions(+) create mode 100644 patches/lede/0074-kernel-change-dependency-of-kmod-ebtables-on-kmod-ebtables-to-selecting.patch create mode 100644 patches/lede/0075-kernel-unhide-kmod-br-netfilter.patch create mode 100644 patches/lede/0076-kernel-kmod-ebtables-do-not-depend-on-kmod-br-netfilter.patch create mode 100644 patches/lede/0077-iptables-split-physdev-match-out-as-a-separate-package.patch diff --git a/patches/lede/0074-kernel-change-dependency-of-kmod-ebtables-on-kmod-ebtables-to-selecting.patch b/patches/lede/0074-kernel-change-dependency-of-kmod-ebtables-on-kmod-ebtables-to-selecting.patch new file mode 100644 index 00000000..6f9d915f --- /dev/null +++ b/patches/lede/0074-kernel-change-dependency-of-kmod-ebtables-on-kmod-ebtables-to-selecting.patch @@ -0,0 +1,23 @@ +From: Matthias Schiffer +Date: Mon, 9 Apr 2018 18:51:57 +0200 +Subject: kernel: change dependency of kmod-ebtables-* on kmod-ebtables to selecting + +Non-selecting dependencies easily lead to Kconfig failures due to recursive +dependencies. We hit such an issue in Gluon; the easiest fix is to make +the dependency selecting. + +Signed-off-by: Matthias Schiffer + +diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk +index bb882363f3df4df733424ca6bba72badc96f06f8..c1d08a54037e6b33834566dac58308f64a427ecd 100644 +--- a/package/kernel/linux/modules/netfilter.mk ++++ b/package/kernel/linux/modules/netfilter.mk +@@ -707,7 +707,7 @@ $(eval $(call KernelPackage,ebtables)) + + define AddDepends/ebtables + SUBMENU:=$(NF_MENU) +- DEPENDS+=kmod-ebtables $(1) ++ DEPENDS+= +kmod-ebtables $(1) + endef + + diff --git a/patches/lede/0075-kernel-unhide-kmod-br-netfilter.patch b/patches/lede/0075-kernel-unhide-kmod-br-netfilter.patch new file mode 100644 index 00000000..c08c7819 --- /dev/null +++ b/patches/lede/0075-kernel-unhide-kmod-br-netfilter.patch @@ -0,0 +1,21 @@ +From: Matthias Schiffer +Date: Mon, 9 Apr 2018 18:56:53 +0200 +Subject: kernel: unhide kmod-br-netfilter + +kmod-br-netfilter is not only a support module, but can be useful on its +own, using the net.bridge.bridge-nf-call-* sysctls. + +Signed-off-by: Matthias Schiffer + +diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk +index c1d08a54037e6b33834566dac58308f64a427ecd..275147b8757a42c00de14502a072c8384a0526ab 100644 +--- a/package/kernel/linux/modules/netfilter.mk ++++ b/package/kernel/linux/modules/netfilter.mk +@@ -672,7 +672,6 @@ $(eval $(call KernelPackage,arptables)) + define KernelPackage/br-netfilter + SUBMENU:=$(NF_MENU) + TITLE:=Bridge netfilter support modules +- HIDDEN:=1 + DEPENDS:=+kmod-ipt-core +kmod-bridge + FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko + KCONFIG:=CONFIG_BRIDGE_NETFILTER diff --git a/patches/lede/0076-kernel-kmod-ebtables-do-not-depend-on-kmod-br-netfilter.patch b/patches/lede/0076-kernel-kmod-ebtables-do-not-depend-on-kmod-br-netfilter.patch new file mode 100644 index 00000000..472fe77c --- /dev/null +++ b/patches/lede/0076-kernel-kmod-ebtables-do-not-depend-on-kmod-br-netfilter.patch @@ -0,0 +1,22 @@ +From: Matthias Schiffer +Date: Mon, 9 Apr 2018 19:01:56 +0200 +Subject: kernel: kmod-ebtables: do not depend on kmod-br-netfilter + +While ebtables can be combined with br-netfilter, there is no good reason +to make it a dependency. + +Signed-off-by: Matthias Schiffer + +diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk +index 275147b8757a42c00de14502a072c8384a0526ab..34eefcd892b9e8b3157603fa47578d0afc65dc4b 100644 +--- a/package/kernel/linux/modules/netfilter.mk ++++ b/package/kernel/linux/modules/netfilter.mk +@@ -689,7 +689,7 @@ $(eval $(call KernelPackage,br-netfilter)) + define KernelPackage/ebtables + SUBMENU:=$(NF_MENU) + TITLE:=Bridge firewalling modules +- DEPENDS:=+kmod-ipt-core +kmod-bridge +kmod-br-netfilter ++ DEPENDS:=+kmod-ipt-core +kmod-bridge + FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko) + KCONFIG:=$(KCONFIG_EBTABLES) + AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m))) diff --git a/patches/lede/0077-iptables-split-physdev-match-out-as-a-separate-package.patch b/patches/lede/0077-iptables-split-physdev-match-out-as-a-separate-package.patch new file mode 100644 index 00000000..8d6c61d7 --- /dev/null +++ b/patches/lede/0077-iptables-split-physdev-match-out-as-a-separate-package.patch @@ -0,0 +1,114 @@ +From: Matthias Schiffer +Date: Mon, 9 Apr 2018 19:41:26 +0200 +Subject: iptables: split physdev match out as a separate package + +Split physdev match out of ipt-extra to allow installing ipt-extra without +pulling in br-netfilter. + +Signed-off-by: Matthias Schiffer + +diff --git a/include/netfilter.mk b/include/netfilter.mk +index 39c8e7c90fab2ba14cd75c80d1e357dd23ae6a1b..79ae3d5343ed77b559f50f40bb8a73a33dd13314 100644 +--- a/include/netfilter.mk ++++ b/include/netfilter.mk +@@ -89,12 +89,14 @@ $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CONNTRACK_EXTRA,CONFIG_NETFILTER_XT_CO + + $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_ADDRTYPE, $(if $(NF_KMOD),$(P_XT)xt_addrtype,$(P_XT)ipt_addrtype))) + $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_OWNER, $(P_XT)xt_owner)) +-$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_physdev)) + $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PKTTYPE, $(P_XT)xt_pkttype)) + $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_QUOTA, $(P_XT)xt_quota)) + + #$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_TARGET_ROUTE, $(P_V4)ipt_ROUTE)) + ++# physdev ++ ++$(eval $(call nf_add,IPT_PHYSDEV,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_physdev)) + + # filter + +@@ -347,6 +349,7 @@ IPT_BUILTIN += $(NF_CONNTRACK6-y) + IPT_BUILTIN += $(IPT_CONNTRACK-y) + IPT_BUILTIN += $(IPT_CONNTRACK_EXTRA-y) + IPT_BUILTIN += $(IPT_EXTRA-y) ++IPT_BUILTIN += $(IPT_PHYSDEV-y) + IPT_BUILTIN += $(IPT_FILTER-y) + IPT_BUILTIN += $(IPT_IPOPT-y) + IPT_BUILTIN += $(IPT_IPRANGE-y) +diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk +index 34eefcd892b9e8b3157603fa47578d0afc65dc4b..a71904673ae53bffcc9fd88291520aacb4a4f8d7 100644 +--- a/package/kernel/linux/modules/netfilter.mk ++++ b/package/kernel/linux/modules/netfilter.mk +@@ -604,7 +604,7 @@ define KernelPackage/ipt-extra + KCONFIG:=$(KCONFIG_IPT_EXTRA) + FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m))) +- $(call AddDepends/ipt,+kmod-br-netfilter) ++ $(call AddDepends/ipt) + endef + + define KernelPackage/ipt-extra/description +@@ -612,7 +612,6 @@ define KernelPackage/ipt-extra/description + Includes: + - addrtype + - owner +- - physdev (if bridge support was enabled in kernel) + - pkttype + - quota + endef +@@ -620,6 +619,21 @@ endef + $(eval $(call KernelPackage,ipt-extra)) + + ++define KernelPackage/ipt-physdev ++ TITLE:=physdev module ++ KCONFIG:=$(KCONFIG_IPT_PHYSDEV) ++ FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko) ++ AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m))) ++ $(call AddDepends/ipt,+kmod-br-netfilter) ++endef ++ ++define KernelPackage/ipt-physdev/description ++ The iptables physdev kernel module ++endef ++ ++$(eval $(call KernelPackage,ipt-physdev)) ++ ++ + define KernelPackage/ip6tables + SUBMENU:=$(NF_MENU) + TITLE:=IPv6 modules +diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile +index 9761ed1820b5c092292d25aef28f8f9a8ffa91a6..af5ed8c6245a9d52f5aea695e71b08ac6f3e6eca 100644 +--- a/package/network/utils/iptables/Makefile ++++ b/package/network/utils/iptables/Makefile +@@ -321,12 +321,20 @@ Other extra iptables extensions. + - addrtype + - condition + - owner +- - physdev (if ebtables is enabled) + - pkttype + - quota + + endef + ++define Package/iptables-mod-physdev ++$(call Package/iptables/Module, +kmod-ipt-physdev) ++ TITLE:=physdev iptables extension ++endef ++ ++define Package/iptables-mod-physdev/description ++The iptables physdev match. ++endef ++ + define Package/iptables-mod-led + $(call Package/iptables/Module, +kmod-ipt-led) + TITLE:=LED trigger iptables extension +@@ -561,6 +569,7 @@ endef + $(eval $(call BuildPackage,iptables)) + $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m))) + $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m))) ++$(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m))) + $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m))) + $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m))) + $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m))) From d139a13563efdf274f918115b345678962e3455d Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 11 Apr 2018 13:14:00 +0200 Subject: [PATCH 3/5] Add various patches to deal with bigger kernels --- ...on-size-for-UniFi-AP-Pro-and-Outdoor.patch | 24 ++++ ...-210-510-version-metainfo-to-the-end.patch | 109 ++++++++++++++++++ ...l-partition-size-for-CPE-WBS-210-510.patch | 67 +++++++++++ ...-partition-size-for-TP-Link-RE450-v1.patch | 41 +++++++ 4 files changed, 241 insertions(+) create mode 100644 patches/lede/0078-ar71xx-increase-kernel-partition-size-for-UniFi-AP-Pro-and-Outdoor.patch create mode 100644 patches/lede/0079-firmware-utils-tplink-safeloader-move-CPE-WBS-210-510-version-metainfo-to-the-end.patch create mode 100644 patches/lede/0080-ar71xx-increase-kernel-partition-size-for-CPE-WBS-210-510.patch create mode 100644 patches/lede/0081-ar71xx-increase-kernel-partition-size-for-TP-Link-RE450-v1.patch diff --git a/patches/lede/0078-ar71xx-increase-kernel-partition-size-for-UniFi-AP-Pro-and-Outdoor.patch b/patches/lede/0078-ar71xx-increase-kernel-partition-size-for-UniFi-AP-Pro-and-Outdoor.patch new file mode 100644 index 00000000..57d72f8a --- /dev/null +++ b/patches/lede/0078-ar71xx-increase-kernel-partition-size-for-UniFi-AP-Pro-and-Outdoor.patch @@ -0,0 +1,24 @@ +From: Matthias Schiffer +Date: Tue, 10 Apr 2018 15:19:52 +0200 +Subject: ar71xx: increase kernel partition size for UniFi AP Pro and Outdoor+ + +Tested on UAP Outdoor+. + +Signed-off-by: Matthias Schiffer + +diff --git a/target/linux/ar71xx/image/ubnt.mk b/target/linux/ar71xx/image/ubnt.mk +index 65ed708459e7e6026713437430fc248c692cd070..ef50aa99541b8220eac71b2f1b1a33419fdab987 100644 +--- a/target/linux/ar71xx/image/ubnt.mk ++++ b/target/linux/ar71xx/image/ubnt.mk +@@ -253,9 +253,9 @@ TARGET_DEVICES += ubnt-rs ubnt-rspro ubnt-ls-sr71 + + define Device/ubnt-uap-pro + DEVICE_TITLE := Ubiquiti UAP Pro +- KERNEL_SIZE := 1536k ++ KERNEL_SIZE := 1792k + IMAGE_SIZE := 15744k +- MTDPARTS := spi0.0:256k(u-boot)ro,64k(u-boot-env)ro,1536k(kernel),14208k(rootfs),256k(cfg)ro,64k(EEPROM)ro,15744k@0x50000(firmware) ++ MTDPARTS := spi0.0:256k(u-boot)ro,64k(u-boot-env)ro,1792k(kernel),13952k(rootfs),256k(cfg)ro,64k(EEPROM)ro,15744k@0x50000(firmware) + UBNT_TYPE := BZ + UBNT_CHIP := ar934x + BOARDNAME := UAP-PRO diff --git a/patches/lede/0079-firmware-utils-tplink-safeloader-move-CPE-WBS-210-510-version-metainfo-to-the-end.patch b/patches/lede/0079-firmware-utils-tplink-safeloader-move-CPE-WBS-210-510-version-metainfo-to-the-end.patch new file mode 100644 index 00000000..dbe58d7b --- /dev/null +++ b/patches/lede/0079-firmware-utils-tplink-safeloader-move-CPE-WBS-210-510-version-metainfo-to-the-end.patch @@ -0,0 +1,109 @@ +From: Matthias Schiffer +Date: Tue, 10 Apr 2018 17:26:34 +0200 +Subject: firmware-utils: tplink-safeloader: move CPE/WBS 210/510 version metainfo to the end + +Having the metainfo between kernel and rootfs prevents us from resizing +the kernel partition as necessary. + +Signed-off-by: Matthias Schiffer + +diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c +index 11ff2e56e19ec3780f988baf7257810530165b23..2a2329d1f188ea8520b6a4aeef25937e05d48a06 100644 +--- a/tools/firmware-utils/src/tplink-safeloader.c ++++ b/tools/firmware-utils/src/tplink-safeloader.c +@@ -139,10 +139,10 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x170000}, +- {"soft-version", 0x1b0000, 0x00100}, +- {"support-list", 0x1b1000, 0x00400}, +- {"file-system", 0x1c0000, 0x600000}, ++ {"os-image", 0x40000, 0x180000}, ++ {"file-system", 0x1c0000, 0x5f0000}, ++ {"soft-version", 0x7b0000, 0x00100}, ++ {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, + {"default-config", 0x7d0000, 0x10000}, + {"log", 0x7e0000, 0x10000}, +@@ -151,7 +151,7 @@ static struct device_info boards[] = { + }, + + .first_sysupgrade_partition = "os-image", +- .last_sysupgrade_partition = "file-system", ++ .last_sysupgrade_partition = "support-list", + }, + + /** Firmware layout for the CPE510/520 */ +@@ -177,10 +177,10 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x170000}, +- {"soft-version", 0x1b0000, 0x00100}, +- {"support-list", 0x1b1000, 0x00400}, +- {"file-system", 0x1c0000, 0x600000}, ++ {"os-image", 0x40000, 0x180000}, ++ {"file-system", 0x1c0000, 0x5f0000}, ++ {"soft-version", 0x7b0000, 0x00100}, ++ {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, + {"default-config", 0x7d0000, 0x10000}, + {"log", 0x7e0000, 0x10000}, +@@ -189,7 +189,7 @@ static struct device_info boards[] = { + }, + + .first_sysupgrade_partition = "os-image", +- .last_sysupgrade_partition = "file-system", ++ .last_sysupgrade_partition = "support-list", + }, + + { +@@ -209,10 +209,10 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x170000}, +- {"soft-version", 0x1b0000, 0x00100}, +- {"support-list", 0x1b1000, 0x00400}, +- {"file-system", 0x1c0000, 0x600000}, ++ {"os-image", 0x40000, 0x180000}, ++ {"file-system", 0x1c0000, 0x5f0000}, ++ {"soft-version", 0x7b0000, 0x00100}, ++ {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, + {"default-config", 0x7d0000, 0x10000}, + {"log", 0x7e0000, 0x10000}, +@@ -221,7 +221,7 @@ static struct device_info boards[] = { + }, + + .first_sysupgrade_partition = "os-image", +- .last_sysupgrade_partition = "file-system", ++ .last_sysupgrade_partition = "support-list", + }, + + { +@@ -241,10 +241,10 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x170000}, +- {"soft-version", 0x1b0000, 0x00100}, +- {"support-list", 0x1b1000, 0x00400}, +- {"file-system", 0x1c0000, 0x600000}, ++ {"os-image", 0x40000, 0x180000}, ++ {"file-system", 0x1c0000, 0x5f0000}, ++ {"soft-version", 0x7b0000, 0x00100}, ++ {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, + {"default-config", 0x7d0000, 0x10000}, + {"log", 0x7e0000, 0x10000}, +@@ -253,7 +253,7 @@ static struct device_info boards[] = { + }, + + .first_sysupgrade_partition = "os-image", +- .last_sysupgrade_partition = "file-system", ++ .last_sysupgrade_partition = "support-list", + }, + + /** Firmware layout for the C2600 */ diff --git a/patches/lede/0080-ar71xx-increase-kernel-partition-size-for-CPE-WBS-210-510.patch b/patches/lede/0080-ar71xx-increase-kernel-partition-size-for-CPE-WBS-210-510.patch new file mode 100644 index 00000000..839e6753 --- /dev/null +++ b/patches/lede/0080-ar71xx-increase-kernel-partition-size-for-CPE-WBS-210-510.patch @@ -0,0 +1,67 @@ +From: Matthias Schiffer +Date: Tue, 10 Apr 2018 18:14:41 +0200 +Subject: ar71xx: increase kernel partition size for CPE/WBS 210/510 + +Signed-off-by: Matthias Schiffer + +diff --git a/target/linux/ar71xx/image/tp-link.mk b/target/linux/ar71xx/image/tp-link.mk +index be7e846c88f9ebbb8a4e4840e690d7864386bf64..1a6e58fca882fc9d122c184ee8167537751acf25 100644 +--- a/target/linux/ar71xx/image/tp-link.mk ++++ b/target/linux/ar71xx/image/tp-link.mk +@@ -167,7 +167,7 @@ TARGET_DEVICES += archer-c60-v1 + define Device/cpe510-520 + DEVICE_TITLE := TP-LINK CPE510/520 + DEVICE_PACKAGES := rssileds +- MTDPARTS := spi0.0:128k(u-boot)ro,64k(pation-table)ro,64k(product-info)ro,1536k(kernel),6144k(rootfs),192k(config)ro,64k(ART)ro,7680k@0x40000(firmware) ++ MTDPARTS := spi0.0:128k(u-boot)ro,64k(partition-table)ro,64k(product-info)ro,1792k(kernel),5888k(rootfs),192k(config)ro,64k(ART)ro,7680k@0x40000(firmware) + IMAGE_SIZE := 7680k + BOARDNAME := CPE510 + TPLINK_BOARD_NAME := CPE510 +diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c +index 2a2329d1f188ea8520b6a4aeef25937e05d48a06..ba86c71d870c8f38abb92c657c3656086a7782be 100644 +--- a/tools/firmware-utils/src/tplink-safeloader.c ++++ b/tools/firmware-utils/src/tplink-safeloader.c +@@ -139,8 +139,8 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x180000}, +- {"file-system", 0x1c0000, 0x5f0000}, ++ {"os-image", 0x40000, 0x1c0000}, ++ {"file-system", 0x200000, 0x5b0000}, + {"soft-version", 0x7b0000, 0x00100}, + {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, +@@ -177,8 +177,8 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x180000}, +- {"file-system", 0x1c0000, 0x5f0000}, ++ {"os-image", 0x40000, 0x1c0000}, ++ {"file-system", 0x200000, 0x5b0000}, + {"soft-version", 0x7b0000, 0x00100}, + {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, +@@ -209,8 +209,8 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x180000}, +- {"file-system", 0x1c0000, 0x5f0000}, ++ {"os-image", 0x40000, 0x1c0000}, ++ {"file-system", 0x200000, 0x5b0000}, + {"soft-version", 0x7b0000, 0x00100}, + {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, +@@ -241,8 +241,8 @@ static struct device_info boards[] = { + {"default-mac", 0x30000, 0x00020}, + {"product-info", 0x31100, 0x00100}, + {"signature", 0x32000, 0x00400}, +- {"os-image", 0x40000, 0x180000}, +- {"file-system", 0x1c0000, 0x5f0000}, ++ {"os-image", 0x40000, 0x1c0000}, ++ {"file-system", 0x200000, 0x5b0000}, + {"soft-version", 0x7b0000, 0x00100}, + {"support-list", 0x7b1000, 0x00400}, + {"user-config", 0x7c0000, 0x10000}, diff --git a/patches/lede/0081-ar71xx-increase-kernel-partition-size-for-TP-Link-RE450-v1.patch b/patches/lede/0081-ar71xx-increase-kernel-partition-size-for-TP-Link-RE450-v1.patch new file mode 100644 index 00000000..e03db780 --- /dev/null +++ b/patches/lede/0081-ar71xx-increase-kernel-partition-size-for-TP-Link-RE450-v1.patch @@ -0,0 +1,41 @@ +From: Piotr Dymacz +Date: Mon, 6 Nov 2017 23:17:24 +0100 +Subject: ar71xx: increase kernel partition size for TP-Link RE450 v1 + +This increases kernel partition size and fixes rootfs (file-system) +partition size on TP-Link RE450 v1. Also, while we are at it, switch +from statically defined kernel and rootfs partitions in kernel cmdline +to "tplink-fw" mtd splitter. + +Fixes: FS#1072. + +Signed-off-by: Piotr Dymacz + +diff --git a/target/linux/ar71xx/image/tp-link.mk b/target/linux/ar71xx/image/tp-link.mk +index 1a6e58fca882fc9d122c184ee8167537751acf25..60dfe0e3edafcadad4ddc08be7645b49f269907c 100644 +--- a/target/linux/ar71xx/image/tp-link.mk ++++ b/target/linux/ar71xx/image/tp-link.mk +@@ -207,7 +207,7 @@ TARGET_DEVICES += cpe210-220 cpe510-520 wbs210 wbs510 + define Device/re450 + DEVICE_TITLE := TP-LINK RE450 + DEVICE_PACKAGES := kmod-ath10k ath10k-firmware-qca988x +- MTDPARTS := spi0.0:128k(u-boot)ro,1344k(kernel),4672k(rootfs),64k(pation-table)ro,64k(product-info)ro,1856k(config)ro,64k(art)ro,6016k@0x20000(firmware) ++ MTDPARTS := spi0.0:128k(u-boot)ro,6016k(firmware),64k(partition-table)ro,64k(product-info)ro,1856k(config)ro,64k(art)ro + IMAGE_SIZE := 7936k + BOARDNAME := RE450 + TPLINK_BOARD_NAME := RE450 +diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c +index ba86c71d870c8f38abb92c657c3656086a7782be..23b69f3bd0eb66aca650eb2ffd7d5cd2a7cb5194 100644 +--- a/tools/firmware-utils/src/tplink-safeloader.c ++++ b/tools/firmware-utils/src/tplink-safeloader.c +@@ -689,8 +689,8 @@ static struct device_info boards[] = { + */ + .partitions = { + {"fs-uboot", 0x00000, 0x20000}, +- {"os-image", 0x20000, 0x150000}, +- {"file-system", 0x170000, 0x4a0000}, ++ {"os-image", 0x20000, 0x180000}, ++ {"file-system", 0x1a0000, 0x460000}, + {"partition-table", 0x600000, 0x02000}, + {"default-mac", 0x610000, 0x00020}, + {"pin", 0x610100, 0x00020}, From 74f4119c1b84117af92e44982222ec5c805ad97a Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 11 Apr 2018 13:14:00 +0200 Subject: [PATCH 4/5] treewide: add support for building kernel modules used by Gluon into the kernel --- package/gluon-client-bridge/Makefile | 2 +- package/gluon-core/Config.in | 338 ++++++++++++++++++ package/gluon-core/Makefile | 4 + package/gluon-ebtables-limit-arp/Makefile | 5 +- package/gluon-ebtables/Makefile | 12 +- package/gluon-mesh-batman-adv/Makefile | 2 +- package/gluon-mesh-vpn-core/Makefile | 9 +- package/gluon-mesh-vpn-fastd/Makefile | 2 +- package/gluon-mesh-vpn-tunneldigger/Makefile | 2 +- ...build-kmod-packages-with-empty-FILES.patch | 37 ++ 10 files changed, 406 insertions(+), 7 deletions(-) create mode 100644 package/gluon-core/Config.in create mode 100644 patches/lede/0082-include-kernel.mk-build-kmod-packages-with-empty-FILES.patch diff --git a/package/gluon-client-bridge/Makefile b/package/gluon-client-bridge/Makefile index ccf1bcd8..19a0e3a4 100644 --- a/package/gluon-client-bridge/Makefile +++ b/package/gluon-client-bridge/Makefile @@ -9,7 +9,7 @@ define Package/gluon-client-bridge SECTION:=gluon CATEGORY:=Gluon TITLE:=Provides a bridge and a wireless interface for clients to connect to - DEPENDS:=+gluon-core +kmod-veth + DEPENDS:=+gluon-core +kmod-veth +@GLUON_SPECIALIZE_KERNEL:KERNEL_VETH endef $(eval $(call BuildPackageGluon,gluon-client-bridge)) diff --git a/package/gluon-core/Config.in b/package/gluon-core/Config.in new file mode 100644 index 00000000..9def3c29 --- /dev/null +++ b/package/gluon-core/Config.in @@ -0,0 +1,338 @@ +config KERNEL_NET_IP_TUNNEL + bool + +config KERNEL_NET_UDP_TUNNEL + bool + +config KERNEL_VXLAN + bool + select KERNEL_NET_IP_TUNNEL + select KERNEL_NET_UDP_TUNNEL + +config KERNEL_VETH + bool + + +# for fastd + +config KERNEL_TUN + bool + + +# for tunneldigger + +config KERNEL_L2TP_V3 + bool + +config KERNEL_L2TP_IP + bool + +config KERNEL_L2TP_ETH + bool + +config KERNEL_L2TP + bool + select KERNEL_L2TP_V3 + select KERNEL_L2TP_IP + select KERNEL_L2TP_ETH + + +# for simple-tc + +config KERNEL_NET_SCHED + bool + +config KERNEL_NET_CLS + bool + select KERNEL_NET_SCHED + +config KERNEL_NET_CLS_ACT + bool + select KERNEL_NET_CLS + +config KERNEL_NET_CLS_BASIC + bool + select KERNEL_NET_CLS + +config KERNEL_NET_SCH_TBF + bool + select KERNEL_NET_SCHED + +config KERNEL_NET_SCH_INGRESS + bool + select KERNEL_NET_CLS_ACT + + +# for batman-adv + +config KERNEL_DUMMY + bool + +config KERNEL_CRC16 + bool + +config KERNEL_LIBCRC32C + bool + + +# Netfilter modules used by ebtables and fw3 + +config KERNEL_NETFILTER + bool + +config KERNEL_NETFILTER_ADVANCED + bool + select KERNEL_NETFILTER + +config KERNEL_NETFILTER_XTABLES + bool + select KERNEL_NETFILTER_ADVANCED + +config KERNEL_BRIDGE_NF_EBTABLES + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_BRIDGE_EBT_T_FILTER + bool + select KERNEL_BRIDGE_NF_EBTABLES + +config KERNEL_BRIDGE_EBT_T_NAT + bool + select KERNEL_BRIDGE_NF_EBTABLES + +config KERNEL_BRIDGE_EBT_ARP + bool + select KERNEL_BRIDGE_NF_EBTABLES + +config KERNEL_BRIDGE_EBT_IP + bool + select KERNEL_BRIDGE_NF_EBTABLES + +config KERNEL_BRIDGE_EBT_IP6 + bool + select KERNEL_BRIDGE_NF_EBTABLES + +config KERNEL_BRIDGE_EBT_LIMIT + bool + select KERNEL_BRIDGE_NF_EBTABLES + +config KERNEL_BRIDGE_EBT_MARK + bool + select KERNEL_BRIDGE_NF_EBTABLES + +config KERNEL_BRIDGE_EBT_MARK_T + bool + select KERNEL_BRIDGE_NF_EBTABLES + + +# Not all of the following modules are really required for Gluon, but fw3 pulls +# them in, so we add them to the kernel config to reduce the number of loaded +# modules + +# kmod-nf-conntrack + +config KERNEL_NF_CONNTRACK + bool + select KERNEL_NETFILTER_ADVANCED + +config KERNEL_NF_CONNTRACK_RTCACHE + bool + select KERNEL_NF_CONNTRACK + +config KERNEL_NF_CONNTRACK_IPV4 + bool + select KERNEL_NF_CONNTRACK + + +# kmod-nf-conntrack6 + +config KERNEL_NF_CONNTRACK_IPV6 + bool + select KERNEL_NF_CONNTRACK + + +# kmod-nf-ipt + +config KERNEL_NF_REJECT_IPV4 + bool + select KERNEL_NETFILTER_ADVANCED + +config KERNEL_IP_NF_IPTABLES + bool + select KERNEL_NETFILTER_XTABLES + select KERNEL_NF_REJECT_IPV4 + + +# kmod-nf-ipt6 + +config KERNEL_NF_REJECT_IPV6 + bool + select KERNEL_NETFILTER_ADVANCED + +config KERNEL_IP6_NF_IPTABLES + bool + select KERNEL_NETFILTER_XTABLES + select KERNEL_NF_REJECT_IPV6 + + +# kmod-nf-nat + +config KERNEL_NF_NAT + bool + select KERNEL_NF_CONNTRACK + +config KERNEL_NF_NAT_REDIRECT + bool + select KERNEL_NF_NAT + +config KERNEL_NF_NAT_IPV4 + bool + select KERNEL_NETFILTER_ADVANCED + select KERNEL_NF_NAT + +config KERNEL_NF_NAT_MASQUERADE_IPV4 + bool + select KERNEL_NF_NAT_IPV4 + + +# kmod-ipt-core + +config KERNEL_IP_NF_FILTER + bool + select KERNEL_IP_NF_IPTABLES + +config KERNEL_IP_NF_MANGLE + bool + select KERNEL_IP_NF_IPTABLES + +config KERNEL_IP_NF_TARGET_REJECT + bool + select KERNEL_IP_NF_FILTER + +config KERNEL_NETFILTER_XT_MATCH_LIMIT + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MATCH_MAC + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MATCH_MULTIPORT + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MATCH_COMMENT + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MATCH_TIME + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MARK + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_TARGET_LOG + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_TARGET_TCPMSS + bool + select KERNEL_NETFILTER_XTABLES + +# kmod-ip6tables + +config KERNEL_IP6_NF_FILTER + bool + select KERNEL_IP6_NF_IPTABLES + +config KERNEL_IP6_NF_MANGLE + bool + select KERNEL_IP6_NF_IPTABLES + +config KERNEL_IP6_NF_TARGET_REJECT + bool + select KERNEL_IP6_NF_IPTABLES + + +# kmod-ipt-conntrack + +config KERNEL_NETFILTER_XT_MATCH_STATE + bool + select KERNEL_NETFILTER_XTABLES + select KERNEL_NF_CONNTRACK + +config KERNEL_NETFILTER_XT_MATCH_CONNTRACK + bool + select KERNEL_NETFILTER_XTABLES + select KERNEL_NF_CONNTRACK + + +# kmod-ipt-nat + +config KERNEL_IP_NF_NAT + bool + select KERNEL_NF_NAT + select KERNEL_IP_NF_IPTABLES + +config KERNEL_IP_NF_TARGET_MASQUERADE + bool + select KERNEL_NF_NAT_MASQUERADE_IPV4 + select KERNEL_IP_NF_NAT + +config KERNEL_IP_NF_TARGET_REDIRECT + bool + select KERNEL_NF_NAT + select KERNEL_IP_NF_NAT + + +# kmod-ipt-extra + +config KERNEL_NETFILTER_XT_MATCH_ADDRTYPE + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MATCH_OWNER + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MATCH_PKTTYPE + bool + select KERNEL_NETFILTER_XTABLES + +config KERNEL_NETFILTER_XT_MATCH_QUOTA + bool + select KERNEL_NETFILTER_XTABLES + + +config GLUON_SPECIALIZE_KERNEL + bool "Specialize kernel for Gluon" + select KERNEL_VXLAN + select KERNEL_NF_CONNTRACK_RTCACHE + select KERNEL_NF_CONNTRACK_IPV4 + select KERNEL_NF_CONNTRACK_IPV6 + select KERNEL_IP_NF_IPTABLES + select KERNEL_IP6_NF_IPTABLES + select KERNEL_NF_NAT_REDIRECT + select KERNEL_NF_NAT_IPV4 + select KERNEL_NF_NAT_MASQUERADE_IPV4 + select KERNEL_IP_NF_FILTER + select KERNEL_IP_NF_MANGLE + select KERNEL_IP_NF_TARGET_REJECT + select KERNEL_IP6_NF_FILTER + select KERNEL_IP6_NF_MANGLE + select KERNEL_IP6_NF_TARGET_REJECT + select KERNEL_NETFILTER_XT_MATCH_LIMIT + select KERNEL_NETFILTER_XT_MATCH_MAC + select KERNEL_NETFILTER_XT_MATCH_MULTIPORT + select KERNEL_NETFILTER_XT_MATCH_COMMENT + select KERNEL_NETFILTER_XT_MATCH_TIME + select KERNEL_NETFILTER_XT_MARK + select KERNEL_NETFILTER_XT_TARGET_LOG + select KERNEL_NETFILTER_XT_TARGET_TCPMSS + select KERNEL_NETFILTER_XT_MATCH_STATE + select KERNEL_NETFILTER_XT_MATCH_CONNTRACK + select KERNEL_IP_NF_NAT + select KERNEL_IP_NF_TARGET_MASQUERADE + select KERNEL_IP_NF_TARGET_REDIRECT diff --git a/package/gluon-core/Makefile b/package/gluon-core/Makefile index 39218d66..f220b9f4 100644 --- a/package/gluon-core/Makefile +++ b/package/gluon-core/Makefile @@ -23,6 +23,10 @@ define Package/gluon-core/description Gluon community wifi mesh firmware framework: core endef +define Package/gluon-core/config + source "$(SOURCE)/Config.in" +endef + define Package/gluon-core/install $(Gluon/Build/Install) diff --git a/package/gluon-ebtables-limit-arp/Makefile b/package/gluon-ebtables-limit-arp/Makefile index 4562c627..a356b832 100644 --- a/package/gluon-ebtables-limit-arp/Makefile +++ b/package/gluon-ebtables-limit-arp/Makefile @@ -10,7 +10,10 @@ define Package/gluon-ebtables-limit-arp SECTION:=gluon CATEGORY:=Gluon TITLE:=Ebtables limiter for ARP packets - DEPENDS:=+gluon-core +gluon-ebtables gluon-mesh-batman-adv + DEPENDS:=+gluon-core +gluon-ebtables gluon-mesh-batman-adv \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_LIMIT \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_MARK \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_MARK_T endef define Package/gluon-ebtables-limit-arp/description diff --git a/package/gluon-ebtables/Makefile b/package/gluon-ebtables/Makefile index 3ecf9b88..3a2fffdc 100644 --- a/package/gluon-ebtables/Makefile +++ b/package/gluon-ebtables/Makefile @@ -4,13 +4,23 @@ PKG_NAME:=gluon-ebtables PKG_VERSION:=1 PKG_RELEASE:=1 +PKG_CONFIG_DEPENDS := CONFIG_GLUON_SPECIALIZE_KERNEL + include ../gluon.mk define Package/gluon-ebtables SECTION:=gluon CATEGORY:=Gluon TITLE:=Ebtables support - DEPENDS:=+gluon-core +ebtables-tiny +kmod-ebtables +kmod-ebtables-ipv4 +kmod-ebtables-ipv6 + DEPENDS:=+gluon-core +ebtables-tiny \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_T_FILTER \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_T_NAT \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_ARP \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_IP \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_IP6 \ + +!GLUON_SPECIALIZE_KERNEL:kmod-ebtables \ + +!GLUON_SPECIALIZE_KERNEL:kmod-ebtables-ipv4 \ + +!GLUON_SPECIALIZE_KERNEL:kmod-ebtables-ipv6 endef define Package/gluon-ebtables/description diff --git a/package/gluon-mesh-batman-adv/Makefile b/package/gluon-mesh-batman-adv/Makefile index 22355798..a8c4801d 100644 --- a/package/gluon-mesh-batman-adv/Makefile +++ b/package/gluon-mesh-batman-adv/Makefile @@ -9,7 +9,7 @@ define Package/gluon-mesh-batman-adv/common SECTION:=gluon CATEGORY:=Gluon PROVIDES:=gluon-mesh-batman-adv - DEPENDS:=+gluon-core +libgluonutil +gluon-client-bridge +gluon-ebtables +firewall +libiwinfo +kmod-dummy +libnl-tiny +libbatadv + DEPENDS:=+gluon-core +libgluonutil +gluon-client-bridge +gluon-ebtables +firewall +libiwinfo +kmod-dummy +libnl-tiny +libbatadv +@GLUON_SPECIALIZE_KERNEL:KERNEL_DUMMY +@GLUON_SPECIALIZE_KERNEL:KERNEL_CRC16 +@GLUON_SPECIALIZE_KERNEL:KERNEL_LIBCRC32C endef define Package/gluon-mesh-batman-adv-14 diff --git a/package/gluon-mesh-vpn-core/Makefile b/package/gluon-mesh-vpn-core/Makefile index 263ec217..88590573 100644 --- a/package/gluon-mesh-vpn-core/Makefile +++ b/package/gluon-mesh-vpn-core/Makefile @@ -9,7 +9,14 @@ define Package/gluon-mesh-vpn-core SECTION:=gluon CATEGORY:=Gluon TITLE:=Basic support for connecting meshes via VPN tunnels - DEPENDS:=+gluon-core +gluon-wan-dnsmasq +iptables +iptables-mod-extra +simple-tc + DEPENDS:=+gluon-core +gluon-wan-dnsmasq +iptables +iptables-mod-extra +simple-tc \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_ADDRTYPE \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_OWNER \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_PKTTYPE \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_QUOTA \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_NET_CLS_BASIC \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_NET_SCH_TBF \ + +@GLUON_SPECIALIZE_KERNEL:KERNEL_NET_SCH_INGRESS USERID:=:gluon-mesh-vpn=800 endef diff --git a/package/gluon-mesh-vpn-fastd/Makefile b/package/gluon-mesh-vpn-fastd/Makefile index 50b35e5a..477cd48e 100644 --- a/package/gluon-mesh-vpn-fastd/Makefile +++ b/package/gluon-mesh-vpn-fastd/Makefile @@ -9,7 +9,7 @@ define Package/gluon-mesh-vpn-fastd SECTION:=gluon CATEGORY:=Gluon TITLE:=Support for connecting meshes via fastd - DEPENDS:=+gluon-core +libgluonutil +gluon-mesh-vpn-core +fastd + DEPENDS:=+gluon-core +libgluonutil +gluon-mesh-vpn-core +fastd +@GLUON_SPECIALIZE_KERNEL:KERNEL_TUN endef $(eval $(call BuildPackageGluon,gluon-mesh-vpn-fastd)) diff --git a/package/gluon-mesh-vpn-tunneldigger/Makefile b/package/gluon-mesh-vpn-tunneldigger/Makefile index 8b8099b1..d463db41 100644 --- a/package/gluon-mesh-vpn-tunneldigger/Makefile +++ b/package/gluon-mesh-vpn-tunneldigger/Makefile @@ -9,7 +9,7 @@ define Package/gluon-mesh-vpn-tunneldigger SECTION:=gluon CATEGORY:=Gluon TITLE:=Support for connecting meshes via tunneltigger/L2TPv3 pseudowire - DEPENDS:=+gluon-core +gluon-mesh-vpn-core +tunneldigger + DEPENDS:=+gluon-core +gluon-mesh-vpn-core +tunneldigger +@GLUON_SPECIALIZE_KERNEL:KERNEL_L2TP endef $(eval $(call BuildPackageGluon,gluon-mesh-vpn-tunneldigger)) diff --git a/patches/lede/0082-include-kernel.mk-build-kmod-packages-with-empty-FILES.patch b/patches/lede/0082-include-kernel.mk-build-kmod-packages-with-empty-FILES.patch new file mode 100644 index 00000000..c8c4fcc9 --- /dev/null +++ b/patches/lede/0082-include-kernel.mk-build-kmod-packages-with-empty-FILES.patch @@ -0,0 +1,37 @@ +From: Matthias Schiffer +Date: Tue, 10 Apr 2018 09:03:52 +0200 +Subject: include/kernel.mk: build kmod packages with empty FILES + +kmod packages without FILES did not have an install step defined, leading +to no package being built. This affected netfilter/iptables packages, which +filter out builtin modules from FILES. + +Not building a package that it is selected in .config is problematic, as +the generated empty package may be necessary to satisfy dependencies. + +Signed-off-by: Matthias Schiffer + +diff --git a/include/kernel.mk b/include/kernel.mk +index b1d0e8d927cb462b486cfd645d68963f1b6ab8ff..d8d457fe7a5d3584d8aa4e27430da84533c85ed0 100644 +--- a/include/kernel.mk ++++ b/include/kernel.mk +@@ -194,8 +194,7 @@ $(call KernelPackage/$(1)/config) + $(call KernelPackage/depends) + + ifneq ($(if $(filter-out %=y %=n %=m,$(KCONFIG)),$(filter m y,$(foreach c,$(filter-out %=y %=n %=m,$(KCONFIG)),$($(c)))),.),) +- ifneq ($(strip $(FILES)),) +- define Package/kmod-$(1)/install ++ define Package/kmod-$(1)/install + @for mod in $$(call version_filter,$$(FILES)); do \ + if grep -q "$$$$$$$${mod##$(LINUX_DIR)/}" "$(LINUX_DIR)/modules.builtin"; then \ + echo "NOTICE: module '$$$$$$$$mod' is built-in."; \ +@@ -209,8 +208,7 @@ $(call KernelPackage/$(1)/config) + done; + $(call ModuleAutoLoad,$(1),$$(1),$(AUTOLOAD)) + $(call KernelPackage/$(1)/install,$$(1)) +- endef +- endif ++ endef + $(if $(CONFIG_PACKAGE_kmod-$(1)), + else + compile: $(1)-disabled From 02f905f542b11ec6b2e0e950d129f3db4f2005ce Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Thu, 12 Apr 2018 06:11:26 +0200 Subject: [PATCH 5/5] ar71xx: build kernel modules used by Gluon into the kernel ar71xx-generic and -tiny benefit most from the optimized kernel, as they contain all devices with 32MB RAM. We enable CONFIG_GLUON_SPECIALIZE_KERNEL for all targets using the mips24_kc architecture so packages shared between targets don't need to be rebuild all the time. --- targets/ar71xx-generic | 2 ++ targets/ar71xx-mikrotik | 2 ++ targets/ar71xx-nand | 2 ++ targets/ar71xx-tiny | 2 ++ 4 files changed, 8 insertions(+) diff --git a/targets/ar71xx-generic b/targets/ar71xx-generic index f9906f7a..525e441a 100644 --- a/targets/ar71xx-generic +++ b/targets/ar71xx-generic @@ -1,3 +1,5 @@ +config 'CONFIG_GLUON_SPECIALIZE_KERNEL=y' + ATH10K_PACKAGES='-kmod-ath10k kmod-ath10k-ct' ATH10K_PACKAGES_QCA9887= if [ "$GLUON_WLAN_MESH" = 'ibss' ]; then diff --git a/targets/ar71xx-mikrotik b/targets/ar71xx-mikrotik index 9d0f5442..56ac8159 100644 --- a/targets/ar71xx-mikrotik +++ b/targets/ar71xx-mikrotik @@ -1,3 +1,5 @@ +config 'CONFIG_GLUON_SPECIALIZE_KERNEL=y' + # Enable ath5k in addition to ath9k # ath5k cards are commonly used with Mikrotik hardware packages 'kmod-ath5k' diff --git a/targets/ar71xx-nand b/targets/ar71xx-nand index 02961b3a..019ca786 100644 --- a/targets/ar71xx-nand +++ b/targets/ar71xx-nand @@ -1,3 +1,5 @@ +config 'CONFIG_GLUON_SPECIALIZE_KERNEL=y' + factory -ubi-factory .img sysupgrade -squashfs-sysupgrade .tar diff --git a/targets/ar71xx-tiny b/targets/ar71xx-tiny index 79d2a9fe..fd779d77 100644 --- a/targets/ar71xx-tiny +++ b/targets/ar71xx-tiny @@ -1,3 +1,5 @@ +config 'CONFIG_GLUON_SPECIALIZE_KERNEL=y' + no_opkg packages '-uboot-envtools' '-kmod-usb-core' '-kmod-usb-ohci' '-kmod-usb2' '-kmod-usb-ledtrig-usbport'