aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic
Commit message (Collapse)AuthorAgeFilesLines
* kernel: add missing symbol when enabling PTP supportKoen Vandeputte2019-10-081-0/+1
| | | | | | | | | | | | | | | | Discovered by enabling PTP_1588_CLOCK: net/sched/Kconfig:44: warning: menuconfig statement without prompt * * Restart config... * * * PTP clock support * PTP clock support (PTP_1588_CLOCK) [Y/n/?] y Driver for the National Semiconductor DP83640 PHYTER (DP83640_PHY) [N/m/y/?] (NEW) Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: port upstream nft_flow_offload changes to xt_FLOWOFFLOAD and fix ↵Felix Fietkau2019-09-268-121/+170
| | | | | | | | | | | routing issues Replace an old cleanup patch that never made it upstream with the proper upstream fix. This patch was incompatible with the recent changes that affected the way that the flow tuple dst entry was used. Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commits 442ecce76169d and c8933ce533656)
* netfilter: fix crash in flow offload by adding netns supportHsiuWen Yen2019-09-261-2/+7
| | | | | | | | | | | | | | | | | | | | | Commit fcb41decf6c6 ("config: enable some useful features on !SMALL_FLASH devices") enabled netns, which in turn lead to the crash in the flow offload target. When the flow offloading framework intends to delete a flow from the hardware table, it is necessary to retrieve the namespace from nf_flowtable->ft_net. However, no one ever wrote the namespace into nf_flowtable->ft_net in advance. So the framework will mistakenly use a NULL namespace to execute dev_get_by_index_rcu(net, ifindex), leading to the kernel panic. Ref: FS#2321 Fixes: fcb41decf6c6 ("config: enable some useful features on !SMALL_FLASH devices") Tested-by: Simon Tretter <simon@mediaarchitectu.re> Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com> [merged patch into offload patch, fix for 4.19, SOB fix, commit subj/msg touches] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry-picked from commit d344591e72e5ca96a2bf70a2df38961553185ce8)
* kernel: bump 4.14 to 4.14.146Koen Vandeputte2019-09-241-1/+1
| | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-14814 - CVE-2019-14815 - CVE-2019-14816 - CVE-2019-14821 Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: add disable_eap_hack sysfs attributeEtienne Champetier2019-09-231-4/+55
| | | | | | | | We are not sure if 640-bridge-only-accept-EAP-locally.patch is still needed as a first step, add disable_eap_hack sysfs config to allow to disable it Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> (cherry picked from commit 7d542dc8047d276517b296132926e722004065e0)
* kernel: bump 4.14 to 4.14.145Koen Vandeputte2019-09-204-8/+8
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.144Koen Vandeputte2019-09-201-2/+2
| | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 816-pcie-support-layerscape.patch Fixes: - CVE-2019-15030 Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ar71xx: make IRQ fixes target specificKoen Vandeputte2019-09-141-57/+0
| | | | | | | | | | | Move the IRQ fix from generic to ar71xx specific. Other targets like ath79 have specific pathes to delete this code. This resulted in a build failure on ath79 Fixes: 00d48bcac08a ("ar71xx: Fix potentially missed IRQ handling during dispatch") Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ar71xx: Fix potentially missed IRQ handling during dispatchKoen Vandeputte2019-09-131-0/+57
| | | | | | | | | | | If both interrupts are set in the current implementation only the 1st will be handled and the 2nd will be skipped due to the "if else" condition. Fix this by using the same approach as done for QCA955x just below it. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.143Koen Vandeputte2019-09-132-291/+1
| | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 390-v5.3-net-sched-fix-action-ipt-crash.patch Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: net_sched: fix a NULL pointer deref in ipt actionCong Wang2019-09-082-1/+291
| | | | | | | | | | | | | | | | | | | | | The net pointer in struct xt_tgdtor_param is not explicitly initialized therefore is still NULL when dereferencing it. So we have to find a way to pass the correct net pointer to ipt_destroy_target(). The best way I find is just saving the net pointer inside the per netns struct tcf_idrinfo, which could make this patch smaller. Fixes: 0c66dc1ea3f0 ("netfilter: conntrack: register hooks in netns when needed by ruleset") Reported-and-tested-by: Tony Ambardar <itugrok@xxxxxxxxx> Cc: Jamal Hadi Salim <jhs@xxxxxxxxxxxx> Cc: Jiri Pirko <jiri@xxxxxxxxxxx> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> [Backport for kernel v4.19 and v4.14] [Bug Link: https://bugzilla.kernel.org/show_bug.cgi?id=204681] Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (cherry picked from commit 7735cce0c5c306bd9eea20ca2805e4a492c02be9)
* kernel: bump 4.14 to 4.14.140Koen Vandeputte2019-08-282-4/+4
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.139Koen Vandeputte2019-08-271-1/+1
| | | | | | | | | | | | Refreshed all patches. Also add a missing symbol for x86 which got used now in this bump. - ISCSI_IBFT Compile-tested on: cns3xxx, x86_64 Runtime-tested on: cns3xxx, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: Activate CONFIG_OPTIMIZE_INLININGHauke Mehrtens2019-08-172-9/+104
| | | | | | | | | | | | | | | | | | | | | | | | This will reduce the size of the kernel if CONFIG_CC_OPTIMIZE_FOR_SIZE is set like for all targets with small_flash feature flag. I haven't seen any changes for an ARM64 target which optimizes the kernel for speed instead. On the ath79/tiny target the uncompressed kernel size was reduced by 3.2% and the compressed kernel size by 2.1% kernel size with CONFIG_OPTIMIZE_INLINING=n 4346412 build_dir/target-mips_24kc_musl/linux-ath79_tiny/vmlinux 1391169 build_dir/target-mips_24kc_musl/linux-ath79_tiny/tplink_tl-wr941-v4-kernel.bin Kernel size with CONFIG_OPTIMIZE_INLINING=y 4212396 build_dir/target-mips_24kc_musl/linux-ath79_tiny/vmlinux 1362051 build_dir/target-mips_24kc_musl/linux-ath79_tiny/tplink_tl-wr941-v4-kernel.bin This change is currently pending for kernel 5.2 and already in linux-next, this updates our patch to match the upstream version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 6dac1c0a9b94b62b6412b74a8997f728570f36be)
* kernel: bump 4.14 to 4.14.138Koen Vandeputte2019-08-142-13/+13
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.137Koen Vandeputte2019-08-094-6/+6
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.136Koen Vandeputte2019-08-0616-26/+26
| | | | | | | | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch Remove upstreamed: - 100-powerpc-4xx-uic-clear-pending-interrupt-after-irq-ty.patch - 088-0002-i2c-qup-fixed-releasing-dma-without-flush-operation.patch - 500-arm64-dts-marvell-Fix-A37xx-UART0-register-size.patch Fixes: - CVE-2019-13648 - CVE-2019-10207 Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.134Koen Vandeputte2019-07-312-48/+1
| | | | | | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 049-v4.20-mips-remove-superfluous-check-for-linux.patch Fixes: - CVE-2019-3846 - CVE-2019-3900 Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: cherry pick patch removing __linux__ checkFredrik Olofsson2019-07-101-0/+47
| | | | | | | | | | | This is already included in newer upstream. Needed to build BPF programs using the MIPS kernel include files. Without this patch, clang fails with "#error Use a Linux compiler or give up." in sgidefs.h when building BPF programs. Signed-off-by: Fredrik Olofsson <fredrik.olofsson@anyfinetworks.com> (cherry-picked from commit 7d96c301d6afc9f360c26b404e435e8e03c1e207)
* kernel: bump 4.14 to 4.14.132Koen Vandeputte2019-07-094-7/+7
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.130Koen Vandeputte2019-06-251-1/+1
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.129Koen Vandeputte2019-06-244-23/+5
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: update act_ctinfoKevin Darbyshire-Bryant2019-06-201-10/+28
| | | | | | | | Follow upstream changes - header file changes no executable difference at all Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 5273fb6b21b953428e2f9ea5892872db5aaf22c1)
* kernel: bump 4.14 to 4.14.128Koen Vandeputte2019-06-206-15/+15
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.127Koen Vandeputte2019-06-182-3/+3
| | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-11479 - CVE-2019-11478 - CVE-2019-11477 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.126Koen Vandeputte2019-06-182-1/+111
| | | | | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 816-pcie-support-layerscape.patch This patch also restores the initial implementation of the ath79 perfcount IRQ issue. (78ee6b1a40b5) It was wrongfully backported upstream initially and got reverted now. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: backport 4.18 patch adding DMI_PRODUCT_SKURafał Miłecki2019-06-171-0/+57
| | | | | | | | | | It's needed for applying some hardware quirks. This fixes: drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c:60:20: error: 'DMI_PRODUCT_SKU' undeclared here (not in a function); did you mean 'DMI_PRODUCT_UUID'? DMI_EXACT_MATCH(DMI_PRODUCT_SKU, "T8"), Fixes: c52054e568d1 ("mac80211: brcm: backport remaining brcmfmac 5.2 patches") Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 4d11c4c3784196ed3e5b5a1f81fa415d99ef32b0)
* kernel: mt29f_spinand: fix memory leak during page programMantas Pucka2019-06-151-0/+90
| | | | | | | | | Memory is allocated with devm_kzalloc() on every page program and leaks until device is closed (which never happens). Convert to kzalloc() and handle error paths manually. Signed-off-by: Mantas Pucka <mantas@8devices.com>
* kernel: bump 4.14 to 4.14.125 (FS#2305 FS#2297)Koen Vandeputte2019-06-124-25/+3
| | | | | | | | | | | | | | | | Refreshed all patches. This bump contains upstream commits which seem to avoid (not properly fix) the errors as seen in FS#2305 and FS#2297 Altered patches: - 403-net-mvneta-convert-to-phylink.patch - 410-sfp-hack-allow-marvell-10G-phy-support-to-use-SFP.patch Compile-tested on: ar71xx, cns3xxx, imx6, mvebu, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: drop everything not on kernel version 4.14Daniel Golle2019-06-12380-66506/+0
| | | | | | | | | | * Remove testing patches for kernel version 4.19 * remove targets ar7, ixp4xx, orion Those targets are still on kernel 4.9, patches for 4.14 were not ready in time. They may be readded once people prepare and test patches for kernel 4.14. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mpc85xx: convert TL-WDR4900 v1 to simpleImageChristian Lamparter2019-06-102-0/+59
| | | | | | | | | | | | | | | | | Converts the TP-Link WDR4900 v1 to use the simpleImage in the hopes of prolonging the life of the device. While at it, the patch makes the fdt.bin an ARTIFACT and sets the KERNEL_SIZE to 2684 KiB as a precaution since the stock u-boot is using a fixed kernel size. Note: Give the image some time, it will take much longer to extract and boot. [tested for 4.14/4.19] Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Co-authored-by: Pawel Dembicki <paweldembicki@gmail.com> Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
* kernel: re-add bridge allow reception on disabled portChen Minqiang2019-06-073-9/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The "bridge allow reception on disabled port" implementation was broken after these commits: 08802d93e2c1 ("kernel: bump 4.19 to 4.19.37") b765f4be407c ("kernel: bump 4.14 to 4.14.114") 456f486b53a7 ("kernel: bump 4.9 to 4.9.171") This leads to issues when for example WDS is used, tied to a bridge: [ 96.503771] wlan1: send auth to d4:5f:25:eb:09:82 (try 1/3) [ 96.517956] wlan1: authenticated [ 96.526209] wlan1: associate with d4:5f:25:eb:09:82 (try 1/3) [ 97.086156] wlan1: associate with d4:5f:25:eb:09:82 (try 2/3) [ 97.200919] wlan1: RX AssocResp from d4:5f:25:eb:09:82 (capab=0x11 status=0 aid=1) [ 97.208706] wlan1: associated [ 101.312913] wlan1: deauthenticated from d4:5f:25:eb:09:82 (Reason: 2=PREV_AUTH_NOT_VALID) It seems upstream introduced a new patch, [1] so we have to reimplement these patches properly: target/linux/generic/pending-4.9/150-bridge_allow_receiption_on_disabled_port.patch target/linux/generic/pending-4.14/150-bridge_allow_receiption_on_disabled_port.patch target/linux/generic/pending-4.19/150-bridge_allow_receiption_on_disabled_port.patch [1] https://lkml.org/lkml/2019/4/24/1228 Fixes: 08802d93e2c1 ("kernel: bump 4.19 to 4.19.37") Fixes: b765f4be407c ("kernel: bump 4.14 to 4.14.114") Fixes: 456f486b53a7 ("kernel: bump 4.9 to 4.9.171") Signed-off-by: Chen Minqiang <ptpt52@gmail.com> [updated commit message and title] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: backport act_ctinfoKevin Darbyshire-Bryant2019-06-062-0/+1201
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ctinfo is a new tc filter action module. It is designed to restore information contained in firewall conntrack marks to other packet fields and is typically used on packet ingress paths. At present it has two independent sub-functions or operating modes, DSCP restoration mode & skb mark restoration mode. The DSCP restore mode: This mode copies DSCP values that have been placed in the firewall conntrack mark back into the IPv4/v6 diffserv fields of relevant packets. The DSCP restoration is intended for use and has been found useful for restoring ingress classifications based on egress classifications across links that bleach or otherwise change DSCP, typically home ISP Internet links. Restoring DSCP on ingress on the WAN link allows qdiscs such as but by no means limited to CAKE to shape inbound packets according to policies that are easier to set & mark on egress. Ingress classification is traditionally a challenging task since iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT lookups, hence are unable to see internal IPv4 addresses as used on the typical home masquerading gateway. Thus marking the connection in some manner on egress for later restoration of classification on ingress is easier to implement. Parameters related to DSCP restore mode: dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the conntrack mark field contain the DSCP value to be restored. statemask - a 32 bit mask of (usually) 1 bit length, outside the area specified by dscpmask. This represents a conditional operation flag whereby the DSCP is only restored if the flag is set. This is useful to implement a 'one shot' iptables based classification where the 'complicated' iptables rules are only run once to classify the connection on initial (egress) packet and subsequent packets are all marked/restored with the same DSCP. A mask of zero disables the conditional behaviour ie. the conntrack mark DSCP bits are always restored to the ip diffserv field (assuming the conntrack entry is found & the skb is an ipv4/ipv6 type) e.g. dscpmask 0xfc000000 statemask 0x01000000 |----0xFC----conntrack mark----000000---| | Bits 31-26 | bit 25 | bit24 |~~~ Bit 0| | DSCP | unused | flag |unused | |-----------------------0x01---000000---| | | | | ---| Conditional flag v only restore if set |-ip diffserv-| | 6 bits | |-------------| The skb mark restore mode (cpmark): This mode copies the firewall conntrack mark to the skb's mark field. It is completely the functional equivalent of the existing act_connmark action with the additional feature of being able to apply a mask to the restored value. Parameters related to skb mark restore mode: mask - a 32 bit mask applied to the firewall conntrack mark to mask out bits unwanted for restoration. This can be useful where the conntrack mark is being used for different purposes by different applications. If not specified and by default the whole mark field is copied (i.e. default mask of 0xffffffff) e.g. mask 0x00ffffff to mask out the top 8 bits being used by the aforementioned DSCP restore mode. |----0x00----conntrack mark----ffffff---| | Bits 31-24 | | | DSCP & flag| some value here | |---------------------------------------| | | v |------------skb mark-------------------| | | | | zeroed | | |---------------------------------------| Overall parameters: zone - conntrack zone control - action related control (reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX>) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Make suitable adjustments for backporting to 4.14 & 4.19 and add to SCHED_MODULES_FILTER Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: handle CFQ_GROUP_IOSCHED/CGROUP_HUGETLB in config-4.14Yangbo Lu2019-06-061-0/+2
| | | | | | | | The generic config-4.14 should handle below configs. - CONFIG_CFQ_GROUP_IOSCHED - CONFIG_CGROUP_HUGETLB Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* Revert "kernel: backport act_ctinfo"Kevin Darbyshire-Bryant2019-06-062-1201/+0
| | | | | | | | | | This reverts commit 7c50182e0cdce0366715082872a2afbcf208bbf8. Produces build error: Package kmod-sched is missing dependencies for the following libraries: nf_conntrack.ko Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: backport act_ctinfoKevin Darbyshire-Bryant2019-06-062-0/+1201
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ctinfo is a new tc filter action module. It is designed to restore information contained in firewall conntrack marks to other packet fields and is typically used on packet ingress paths. At present it has two independent sub-functions or operating modes, DSCP restoration mode & skb mark restoration mode. The DSCP restore mode: This mode copies DSCP values that have been placed in the firewall conntrack mark back into the IPv4/v6 diffserv fields of relevant packets. The DSCP restoration is intended for use and has been found useful for restoring ingress classifications based on egress classifications across links that bleach or otherwise change DSCP, typically home ISP Internet links. Restoring DSCP on ingress on the WAN link allows qdiscs such as but by no means limited to CAKE to shape inbound packets according to policies that are easier to set & mark on egress. Ingress classification is traditionally a challenging task since iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT lookups, hence are unable to see internal IPv4 addresses as used on the typical home masquerading gateway. Thus marking the connection in some manner on egress for later restoration of classification on ingress is easier to implement. Parameters related to DSCP restore mode: dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the conntrack mark field contain the DSCP value to be restored. statemask - a 32 bit mask of (usually) 1 bit length, outside the area specified by dscpmask. This represents a conditional operation flag whereby the DSCP is only restored if the flag is set. This is useful to implement a 'one shot' iptables based classification where the 'complicated' iptables rules are only run once to classify the connection on initial (egress) packet and subsequent packets are all marked/restored with the same DSCP. A mask of zero disables the conditional behaviour ie. the conntrack mark DSCP bits are always restored to the ip diffserv field (assuming the conntrack entry is found & the skb is an ipv4/ipv6 type) e.g. dscpmask 0xfc000000 statemask 0x01000000 |----0xFC----conntrack mark----000000---| | Bits 31-26 | bit 25 | bit24 |~~~ Bit 0| | DSCP | unused | flag |unused | |-----------------------0x01---000000---| | | | | ---| Conditional flag v only restore if set |-ip diffserv-| | 6 bits | |-------------| The skb mark restore mode (cpmark): This mode copies the firewall conntrack mark to the skb's mark field. It is completely the functional equivalent of the existing act_connmark action with the additional feature of being able to apply a mask to the restored value. Parameters related to skb mark restore mode: mask - a 32 bit mask applied to the firewall conntrack mark to mask out bits unwanted for restoration. This can be useful where the conntrack mark is being used for different purposes by different applications. If not specified and by default the whole mark field is copied (i.e. default mask of 0xffffffff) e.g. mask 0x00ffffff to mask out the top 8 bits being used by the aforementioned DSCP restore mode. |----0x00----conntrack mark----ffffff---| | Bits 31-24 | | | DSCP & flag| some value here | |---------------------------------------| | | v |------------skb mark-------------------| | | | | zeroed | | |---------------------------------------| Overall parameters: zone - conntrack zone control - action related control (reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX>) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Make suitable adjustments for backporting to 4.14 & 4.19 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.19 to 4.19.48Koen Vandeputte2019-06-059-17/+17
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: generic: make kernel-debug.tar.bz2 usable againPetr Štetiar2019-06-053-72/+0
| | | | | | | | | | | This patch removes 202-reduce_module_size.patch which is causing missing debug symbols in kernel modules, leading to unusable kernel-debug.tar.bz2 on all platforms, making debugging of release kernel crashes difficult. Cc: Felix Fietkau <nbd@nbd.name> Acked-by: Jonas Gorski <jonas.gorski@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: generic: remove broken and obsolete phy_ethtool_ioctlPetr Štetiar2019-06-052-190/+0
| | | | | | | | | | Remove 701-phy_extension.patch from 4.14 and 4.19 kernel, as it's currenlty broken and fixing doesn't make sense as most of it is deprecated anyway. Cc: John Crispin <john@phrozen.org> Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1982 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: bump 4.19 to 4.19.47Koen Vandeputte2019-06-032-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: imx6 Runtime-tested on: imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.123Koen Vandeputte2019-06-031-1/+1
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.19 to 4.19.46Koen Vandeputte2019-06-035-15/+15
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.122Koen Vandeputte2019-06-034-7/+7
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.179Koen Vandeputte2019-06-031-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested: ar7 Runtime-tested: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* at91: Update kernel to version 4.14Hauke Mehrtens2019-05-302-0/+4
| | | | | | | | This adds support for kernel 4.14 to the target and directly make it the default kernel version to use. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Tested-by: Sandeep Sheriker <sandeepsheriker.mallikarjun@microchip.com>
* kernel: bump 4.19 to 4.19.44Koen Vandeputte2019-05-214-117/+7
| | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 103-MIPS-perf-ath79-Fix-perfcount-IRQ-assignment.patch Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.120Koen Vandeputte2019-05-2126-345/+235
| | | | | | | | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 103-MIPS-perf-ath79-Fix-perfcount-IRQ-assignment.patch - 060-fix-oxnas-rps-dt-match.patch Altered patches: - 0067-generic-Mangle-bootloader-s-kernel-arguments.patch - 006-mvebu-Mangle-bootloader-s-kernel-arguments.patch - 996-generic-Mangle-bootloader-s-kernel-arguments.patch Compile-tested on: ar71xx, cns3xxx, imx6, mvebu, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* generic: ar8216: group MIB counters and use two basic ones only by defaultChuanhong Guo2019-05-203-81/+150
| | | | | | | | | | | | | | | | | There are too many MIB counters that almost nobody needs since commit d6366ce3665f ("generic: ar8216: mib_work_func: read all port mibs everytime"). In the worker function to poll MIB data, it deals with all ports instead of only one port every time, which introduces too many mdio operations that it becomes a heavy CPU load even on not-emulated MDIO bus. This commit groups MIB counters and enable only TxBytes and RxGoodBytes by default (both of which are necessary to get swconfig led working.) and adds an swconfig attribute to allow enabling all counters if users need them. Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* generic: ar8216: add mib_poll_interval switch attributeChuanhong Guo2019-05-203-8/+63
| | | | | | | | | | | | | | This allows specifying interval of polling MIB counters from userspace and allow completely turning off MIB counter support by setting mib_poll_interval to 0. Since MIB counter polling is a heavy CPU load for GPIO emulated MDIO bus, disable this behavior by default. Those who wants to use swconfig LEDs can enable them with qca,mib-poll-interval dts property or with swconfig command. Fixes: FS#2230 ("kworker spikes 100% cpu every 2 second.") Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* kernel: Move some DSA config options to generic configHauke Mehrtens2019-05-141-0/+4
| | | | | | | This moves some new configuration options to the generic kernel configuration instead of configuring them for each target on our own. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>