modules: update LEDE
efb6ca189641 base-files: /lib/functions.sh: ignore errors in insert_modules b5ba01a0d3f6 fstools: update to latest lede-17.01 branch a9b607740273 kernel: bump kernel 4.4 to 4.4.126 for 17.01 09d95e44fc3d mbedtls: change libmbedcrypto.so soversion back to 0 4673a0bffc89 kernel: mtd: bcm47xxpart: improve handling TRX partition size Also switch to the upstreamed version of "kernel: disable accept_ra by default".
This commit is contained in:
parent
dff02d5d60
commit
7bb6a775b1
2
modules
2
modules
@ -2,7 +2,7 @@ GLUON_FEEDS='openwrt gluon routing luci'
|
||||
|
||||
LEDE_REPO=https://git.lede-project.org/openwrt/openwrt.git
|
||||
LEDE_BRANCH=lede-17.01
|
||||
LEDE_COMMIT=6577fe2198f5c75acb1dba789941d96a036f4dae
|
||||
LEDE_COMMIT=efb6ca189641aec64ba94f0d6d4e008fb2c1668b
|
||||
|
||||
PACKAGES_OPENWRT_REPO=https://github.com/openwrt/packages.git
|
||||
PACKAGES_OPENWRT_BRANCH=lede-17.01
|
||||
|
@ -12,7 +12,7 @@ as a separate package.
|
||||
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
||||
|
||||
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
|
||||
index 40963d5bd4a7fce5834c4cd6aa6d5454662c063e..685e3c4061528e2b28054cce53258889b48c05b2 100644
|
||||
index 1d034fdede7598f15b1f802c47e834990e5852d9..f473ef732106eb8fa05e7c5b59df176fef33e42d 100644
|
||||
--- a/package/base-files/Makefile
|
||||
+++ b/package/base-files/Makefile
|
||||
@@ -19,7 +19,9 @@ PKG_BUILD_DEPENDS:=usign/host
|
||||
|
@ -8,7 +8,7 @@ by upgraded.
|
||||
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
||||
|
||||
diff --git a/package/system/fstools/Makefile b/package/system/fstools/Makefile
|
||||
index 16f2f7e77062b528a4e3b9d0b5b4f4072e3b5756..f0f6c3d7eec3e90ab1403ae766c95d03104a0d29 100644
|
||||
index 6f1f511d387e900426832f40966012bc11d53075..f2e0580912ab7d475fab576bea4fd84f0dfe6a3d 100644
|
||||
--- a/package/system/fstools/Makefile
|
||||
+++ b/package/system/fstools/Makefile
|
||||
@@ -8,7 +8,7 @@
|
||||
|
@ -7,19 +7,6 @@ FS#1073.
|
||||
|
||||
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
||||
|
||||
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
|
||||
index 685e3c4061528e2b28054cce53258889b48c05b2..6ae4b9262e369f5e93f59133d1c0b61a0d6c2224 100644
|
||||
--- a/package/base-files/Makefile
|
||||
+++ b/package/base-files/Makefile
|
||||
@@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk
|
||||
include $(INCLUDE_DIR)/version.mk
|
||||
|
||||
PKG_NAME:=base-files
|
||||
-PKG_RELEASE:=173.5
|
||||
+PKG_RELEASE:=173.5.1
|
||||
PKG_FLAGS:=nonshared
|
||||
|
||||
PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/
|
||||
diff --git a/package/base-files/files/etc/sysctl.d/10-default.conf b/package/base-files/files/etc/sysctl.d/10-default.conf
|
||||
index 7c3344dba339514c023c3b13c592e9ce9ca1ff55..98867b7c7ba1d1ce181f721cdfd17517069fcdf2 100644
|
||||
--- a/package/base-files/files/etc/sysctl.d/10-default.conf
|
||||
|
@ -9,18 +9,9 @@ old defaults get replaced properly.
|
||||
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
||||
|
||||
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
|
||||
index 6ae4b9262e369f5e93f59133d1c0b61a0d6c2224..339528d3ba8a5ab40c2d8fa246c937d61fb4856d 100644
|
||||
index f473ef732106eb8fa05e7c5b59df176fef33e42d..32b1ce0923cb984ff32e4444a18eccdad7572d70 100644
|
||||
--- a/package/base-files/Makefile
|
||||
+++ b/package/base-files/Makefile
|
||||
@@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk
|
||||
include $(INCLUDE_DIR)/version.mk
|
||||
|
||||
PKG_NAME:=base-files
|
||||
-PKG_RELEASE:=173.5.1
|
||||
+PKG_RELEASE:=173.5.2
|
||||
PKG_FLAGS:=nonshared
|
||||
|
||||
PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/
|
||||
@@ -59,8 +59,6 @@ define Package/base-files/conffiles
|
||||
/etc/shadow
|
||||
/etc/shells
|
||||
|
@ -2,169 +2,31 @@ From: Matthias Schiffer <mschiffer@universe-factory.net>
|
||||
Date: Thu, 12 Apr 2018 22:14:56 +0200
|
||||
Subject: kernel: disable accept_ra by default
|
||||
|
||||
Our script setting accept_ra to 0 on all interfaces got lost in the
|
||||
transition to procd. This remained unnoticed for a long time, as was also
|
||||
Our commands setting accept_ra to 0 on all interfaces got lost in the
|
||||
transition to procd. This remained unnoticed for a long time, as we also
|
||||
enable forwarding on all interfaces, which prevents RA handling by default.
|
||||
|
||||
Providing a way to ensure net.ipv6.conf.default.accept_ra is set early
|
||||
enough is a nicer solution than fixing up interfaces in a script (given the
|
||||
patch is accepted upstream).
|
||||
Restore the commands, while also fixing a possible race condition in the
|
||||
old version.
|
||||
|
||||
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
||||
|
||||
diff --git a/target/linux/generic/config-3.18 b/target/linux/generic/config-3.18
|
||||
index 4c3215b594cea9f3d001f8a9f73bbdf78e30ceff..bf13cefde0c5dc45788da9dea57aca5def9b152b 100644
|
||||
--- a/target/linux/generic/config-3.18
|
||||
+++ b/target/linux/generic/config-3.18
|
||||
@@ -1604,6 +1604,7 @@ CONFIG_IOSCHED_NOOP=y
|
||||
# CONFIG_IPC_NS is not set
|
||||
# CONFIG_IPMI_HANDLER is not set
|
||||
# CONFIG_IPV6 is not set
|
||||
+# CONFIG_IPV6_ACCEPT_RA_DEFAULT is not set
|
||||
# CONFIG_IPV6_MIP6 is not set
|
||||
# CONFIG_IPV6_MROUTE is not set
|
||||
# CONFIG_IPV6_MROUTE_MULTIPLE_TABLES is not set
|
||||
diff --git a/target/linux/generic/config-4.4 b/target/linux/generic/config-4.4
|
||||
index a8fd15d1a4a40681d80da06ad7a826966287d8d8..e2d69426370a3e50703c48fb60c5b1b3aa601ef3 100644
|
||||
--- a/target/linux/generic/config-4.4
|
||||
+++ b/target/linux/generic/config-4.4
|
||||
@@ -1671,6 +1671,7 @@ CONFIG_IOSCHED_NOOP=y
|
||||
# CONFIG_IPC_NS is not set
|
||||
# CONFIG_IPMI_HANDLER is not set
|
||||
# CONFIG_IPV6 is not set
|
||||
+# CONFIG_IPV6_ACCEPT_RA_DEFAULT is not set
|
||||
# CONFIG_IPV6_ILA is not set
|
||||
# CONFIG_IPV6_MIP6 is not set
|
||||
# CONFIG_IPV6_MROUTE is not set
|
||||
diff --git a/target/linux/generic/patches-3.18/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch b/target/linux/generic/patches-3.18/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..6067be31830f6cc788708632dba36f338eb67d39
|
||||
--- /dev/null
|
||||
+++ b/target/linux/generic/patches-3.18/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch
|
||||
@@ -0,0 +1,60 @@
|
||||
+From 782710d7f18a2c9999410cb7cfc92955463897d8 Mon Sep 17 00:00:00 2001
|
||||
+Message-Id: <782710d7f18a2c9999410cb7cfc92955463897d8.1523559442.git.mschiffer@universe-factory.net>
|
||||
+From: Matthias Schiffer <mschiffer@universe-factory.net>
|
||||
+Date: Thu, 12 Apr 2018 20:08:05 +0200
|
||||
+Subject: [PATCH net-next] ipv6: provide Kconfig switch to disable accept_ra by
|
||||
+ default
|
||||
diff --git a/package/base-files/files/etc/init.d/sysctl b/package/base-files/files/etc/init.d/sysctl
|
||||
index 8722126a6612d67a3f615166a7fbec146207e97f..a236a0194b665ff56c8330930bfd44709d1b0d3d 100755
|
||||
--- a/package/base-files/files/etc/init.d/sysctl
|
||||
+++ b/package/base-files/files/etc/init.d/sysctl
|
||||
@@ -26,6 +26,14 @@ apply_defaults() {
|
||||
net.ipv6.ip6frag_high_thresh="$frag_high_thresh" \
|
||||
net.netfilter.nf_conntrack_frag6_low_thresh="$frag_low_thresh" \
|
||||
net.netfilter.nf_conntrack_frag6_high_thresh="$frag_high_thresh"
|
||||
+
|
||||
+Many distributions and users prefer to handle router advertisements in
|
||||
+userspace; one example is OpenWrt, which includes a combined RA and DHCPv6
|
||||
+client. For such configurations, accept_ra should not be enabled by
|
||||
+default.
|
||||
+
|
||||
+As setting net.ipv6.conf.default.accept_ra via sysctl.conf or similar
|
||||
+facilities may be too late to catch all interfaces and common sysctl.conf
|
||||
+tools do not allow setting an option for all existing interfaces, this
|
||||
+patch provides a Kconfig option to control the default value of
|
||||
+default.accept_ra.
|
||||
+
|
||||
+Using default.accept_ra is preferable to all.accept_ra for our usecase,
|
||||
+as disabling all.accept_ra would preclude users from explicitly enabling
|
||||
+accept_ra on individual interfaces.
|
||||
+
|
||||
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
||||
+---
|
||||
+ net/ipv6/Kconfig | 12 ++++++++++++
|
||||
+ net/ipv6/addrconf.c | 2 +-
|
||||
+ 2 files changed, 13 insertions(+), 1 deletion(-)
|
||||
+
|
||||
+--- a/net/ipv6/Kconfig
|
||||
++++ b/net/ipv6/Kconfig
|
||||
+@@ -21,6 +21,18 @@ menuconfig IPV6
|
||||
+
|
||||
+ if IPV6
|
||||
+
|
||||
++config IPV6_ACCEPT_RA_DEFAULT
|
||||
++ bool "IPv6: Accept router advertisements by default"
|
||||
++ default y
|
||||
++ help
|
||||
++ The kernel can internally handle IPv6 router advertisements for
|
||||
++ stateless address autoconfiguration (SLAAC) and route configuration,
|
||||
++ which can be configured in detail and per-interface using a number of
|
||||
++ sysctl options. This option controls the default value of
|
||||
++ net.ipv6.conf.default.accept_ra.
|
||||
++
|
||||
++ If unsure, say Y.
|
||||
++
|
||||
+ config IPV6_ROUTER_PREF
|
||||
+ bool "IPv6: Router Preference (RFC 4191) support"
|
||||
+ ---help---
|
||||
+--- a/net/ipv6/addrconf.c
|
||||
++++ b/net/ipv6/addrconf.c
|
||||
+@@ -207,7 +207,7 @@ static struct ipv6_devconf ipv6_devconf_
|
||||
+ .forwarding = 0,
|
||||
+ .hop_limit = IPV6_DEFAULT_HOPLIMIT,
|
||||
+ .mtu6 = IPV6_MIN_MTU,
|
||||
+- .accept_ra = 1,
|
||||
++ .accept_ra = IS_ENABLED(CONFIG_IPV6_ACCEPT_RA_DEFAULT),
|
||||
+ .accept_redirects = 1,
|
||||
+ .autoconf = 1,
|
||||
+ .force_mld_version = 0,
|
||||
diff --git a/target/linux/generic/patches-4.4/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch b/target/linux/generic/patches-4.4/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..8184a27705348c609d09c39a6d90b810d28fdead
|
||||
--- /dev/null
|
||||
+++ b/target/linux/generic/patches-4.4/690-ipv6-provide-Kconfig-switch-to-disable-accept_ra-by-.patch
|
||||
@@ -0,0 +1,60 @@
|
||||
+From 782710d7f18a2c9999410cb7cfc92955463897d8 Mon Sep 17 00:00:00 2001
|
||||
+Message-Id: <782710d7f18a2c9999410cb7cfc92955463897d8.1523559442.git.mschiffer@universe-factory.net>
|
||||
+From: Matthias Schiffer <mschiffer@universe-factory.net>
|
||||
+Date: Thu, 12 Apr 2018 20:08:05 +0200
|
||||
+Subject: [PATCH net-next] ipv6: provide Kconfig switch to disable accept_ra by
|
||||
+ default
|
||||
+
|
||||
+Many distributions and users prefer to handle router advertisements in
|
||||
+userspace; one example is OpenWrt, which includes a combined RA and DHCPv6
|
||||
+client. For such configurations, accept_ra should not be enabled by
|
||||
+default.
|
||||
+
|
||||
+As setting net.ipv6.conf.default.accept_ra via sysctl.conf or similar
|
||||
+facilities may be too late to catch all interfaces and common sysctl.conf
|
||||
+tools do not allow setting an option for all existing interfaces, this
|
||||
+patch provides a Kconfig option to control the default value of
|
||||
+default.accept_ra.
|
||||
+
|
||||
+Using default.accept_ra is preferable to all.accept_ra for our usecase,
|
||||
+as disabling all.accept_ra would preclude users from explicitly enabling
|
||||
+accept_ra on individual interfaces.
|
||||
+
|
||||
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
||||
+---
|
||||
+ net/ipv6/Kconfig | 12 ++++++++++++
|
||||
+ net/ipv6/addrconf.c | 2 +-
|
||||
+ 2 files changed, 13 insertions(+), 1 deletion(-)
|
||||
+
|
||||
+--- a/net/ipv6/Kconfig
|
||||
++++ b/net/ipv6/Kconfig
|
||||
+@@ -20,6 +20,18 @@ menuconfig IPV6
|
||||
+
|
||||
+ if IPV6
|
||||
+
|
||||
++config IPV6_ACCEPT_RA_DEFAULT
|
||||
++ bool "IPv6: Accept router advertisements by default"
|
||||
++ default y
|
||||
++ help
|
||||
++ The kernel can internally handle IPv6 router advertisements for
|
||||
++ stateless address autoconfiguration (SLAAC) and route configuration,
|
||||
++ which can be configured in detail and per-interface using a number of
|
||||
++ sysctl options. This option controls the default value of
|
||||
++ net.ipv6.conf.default.accept_ra.
|
||||
++
|
||||
++ If unsure, say Y.
|
||||
++
|
||||
+ config IPV6_ROUTER_PREF
|
||||
+ bool "IPv6: Router Preference (RFC 4191) support"
|
||||
+ ---help---
|
||||
+--- a/net/ipv6/addrconf.c
|
||||
++++ b/net/ipv6/addrconf.c
|
||||
+@@ -222,7 +222,7 @@ static struct ipv6_devconf ipv6_devconf_
|
||||
+ .forwarding = 0,
|
||||
+ .hop_limit = IPV6_DEFAULT_HOPLIMIT,
|
||||
+ .mtu6 = IPV6_MIN_MTU,
|
||||
+- .accept_ra = 1,
|
||||
++ .accept_ra = IS_ENABLED(CONFIG_IPV6_ACCEPT_RA_DEFAULT),
|
||||
+ .accept_redirects = 1,
|
||||
+ .autoconf = 1,
|
||||
+ .force_mld_version = 0,
|
||||
+ # first set default, then all interfaces to avoid races with appearing interfaces
|
||||
+ if [ -d /proc/sys/net/ipv6/conf ]; then
|
||||
+ echo 0 > /proc/sys/net/ipv6/conf/default/accept_ra
|
||||
+ for iface in /proc/sys/net/ipv6/conf/*/accept_ra; do
|
||||
+ echo 0 > "$iface"
|
||||
+ done
|
||||
+ fi
|
||||
}
|
||||
|
||||
start() {
|
||||
|
Loading…
Reference in New Issue
Block a user