diff options
Diffstat (limited to 'scripts/package-build/linux-kernel')
14 files changed, 1466 insertions, 50 deletions
diff --git a/scripts/package-build/linux-kernel/.gitignore b/scripts/package-build/linux-kernel/.gitignore index f3a564a4..f1fb5374 100644 --- a/scripts/package-build/linux-kernel/.gitignore +++ b/scripts/package-build/linux-kernel/.gitignore @@ -9,6 +9,7 @@ /ovpn-dco /nat-rtsp* /jool* +/ipt-netflow* /qat* /QAT* *.tar.gz diff --git a/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig b/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig index fe174f63..e6ea3893 100644 --- a/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig +++ b/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig @@ -234,7 +234,7 @@ CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y -CONFIG_IO_URING=y +# CONFIG_IO_URING is not set CONFIG_ADVISE_SYSCALLS=y CONFIG_MEMBARRIER=y CONFIG_KALLSYMS=y @@ -1975,7 +1975,7 @@ CONFIG_RASPBERRYPI_FIRMWARE=y CONFIG_QCOM_SCM=y # CONFIG_QCOM_SCM_DOWNLOAD_MODE_DEFAULT is not set CONFIG_SYSFB=y -# CONFIG_SYSFB_SIMPLEFB is not set +CONFIG_SYSFB_SIMPLEFB=y CONFIG_TI_SCI_PROTOCOL=y CONFIG_TURRIS_MOX_RWTM=m # CONFIG_ARM_FFA_TRANSPORT is not set @@ -3353,7 +3353,8 @@ CONFIG_SERIAL_8250_TEGRA=y # Non-8250 serial port support # # CONFIG_SERIAL_AMBA_PL010 is not set -# CONFIG_SERIAL_AMBA_PL011 is not set +CONFIG_SERIAL_AMBA_PL011=y +CONFIG_SERIAL_AMBA_PL011_CONSOLE=y # CONFIG_SERIAL_EARLYCON_SEMIHOST is not set # CONFIG_SERIAL_MESON is not set # CONFIG_SERIAL_TEGRA is not set @@ -3401,7 +3402,7 @@ CONFIG_TTY_PRINTK=m CONFIG_TTY_PRINTK_LEVEL=6 # CONFIG_PRINTER is not set # CONFIG_PPDEV is not set -CONFIG_VIRTIO_CONSOLE=m +CONFIG_VIRTIO_CONSOLE=y CONFIG_IPMI_HANDLER=m CONFIG_IPMI_DMI_DECODE=y CONFIG_IPMI_PLAT_DATA=y @@ -4495,8 +4496,141 @@ CONFIG_VIDEO_CMDLINE=y # CONFIG_AUXDISPLAY is not set # CONFIG_PANEL is not set # CONFIG_TEGRA_HOST1X is not set -# CONFIG_DRM is not set +CONFIG_DRM=y +# CONFIG_DRM_DEBUG_MM is not set +CONFIG_DRM_KMS_HELPER=y +# CONFIG_DRM_DEBUG_DP_MST_TOPOLOGY_REFS is not set # CONFIG_DRM_DEBUG_MODESET_LOCK is not set +CONFIG_DRM_FBDEV_EMULATION=y +CONFIG_DRM_FBDEV_OVERALLOC=100 +# CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set +# CONFIG_DRM_LOAD_EDID_FIRMWARE is not set +CONFIG_DRM_TTM=y +CONFIG_DRM_TTM_HELPER=y +CONFIG_DRM_GEM_SHMEM_HELPER=y + +# +# I2C encoder or helper chips +# +# CONFIG_DRM_I2C_CH7006 is not set +# CONFIG_DRM_I2C_SIL164 is not set +# CONFIG_DRM_I2C_NXP_TDA998X is not set +# CONFIG_DRM_I2C_NXP_TDA9950 is not set +# end of I2C encoder or helper chips + +# +# ARM devices +# +# CONFIG_DRM_HDLCD is not set +# CONFIG_DRM_MALI_DISPLAY is not set +# CONFIG_DRM_KOMEDA is not set +# end of ARM devices + +# CONFIG_DRM_RADEON is not set +# CONFIG_DRM_AMDGPU is not set +# CONFIG_DRM_NOUVEAU is not set +# CONFIG_DRM_VGEM is not set +# CONFIG_DRM_VKMS is not set +# CONFIG_DRM_ROCKCHIP is not set +# CONFIG_DRM_VMWGFX is not set +# CONFIG_DRM_UDL is not set +# CONFIG_DRM_AST is not set +# CONFIG_DRM_MGAG200 is not set +# CONFIG_DRM_RCAR_DU is not set +# CONFIG_DRM_RZG2L_MIPI_DSI is not set +# CONFIG_DRM_SHMOBILE is not set +# CONFIG_DRM_SUN4I is not set +CONFIG_DRM_QXL=y +CONFIG_DRM_VIRTIO_GPU=y +CONFIG_DRM_VIRTIO_GPU_KMS=y +# CONFIG_DRM_MSM is not set +# CONFIG_DRM_TEGRA is not set +CONFIG_DRM_PANEL=y + +# +# Display Panels +# +# CONFIG_DRM_PANEL_ARM_VERSATILE is not set +# CONFIG_DRM_PANEL_SAMSUNG_S6E88A0_AMS452EF01 is not set +# CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0 is not set +# CONFIG_DRM_PANEL_SHARP_LS037V7DW01 is not set +# end of Display Panels + +CONFIG_DRM_BRIDGE=y +CONFIG_DRM_PANEL_BRIDGE=y + +# +# Display Interface Bridges +# +# CONFIG_DRM_CHIPONE_ICN6211 is not set +# CONFIG_DRM_CHRONTEL_CH7033 is not set +# CONFIG_DRM_DISPLAY_CONNECTOR is not set +# CONFIG_DRM_FSL_LDB is not set +# CONFIG_DRM_ITE_IT6505 is not set +# CONFIG_DRM_LONTIUM_LT8912B is not set +# CONFIG_DRM_LONTIUM_LT9211 is not set +# CONFIG_DRM_LONTIUM_LT9611 is not set +# CONFIG_DRM_LONTIUM_LT9611UXC is not set +# CONFIG_DRM_ITE_IT66121 is not set +# CONFIG_DRM_LVDS_CODEC is not set +# CONFIG_DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW is not set +# CONFIG_DRM_NWL_MIPI_DSI is not set +# CONFIG_DRM_NXP_PTN3460 is not set +# CONFIG_DRM_PARADE_PS8622 is not set +# CONFIG_DRM_PARADE_PS8640 is not set +# CONFIG_DRM_SAMSUNG_DSIM is not set +# CONFIG_DRM_SIL_SII8620 is not set +# CONFIG_DRM_SII902X is not set +# CONFIG_DRM_SII9234 is not set +# CONFIG_DRM_SIMPLE_BRIDGE is not set +# CONFIG_DRM_THINE_THC63LVD1024 is not set +# CONFIG_DRM_TOSHIBA_TC358762 is not set +# CONFIG_DRM_TOSHIBA_TC358764 is not set +# CONFIG_DRM_TOSHIBA_TC358767 is not set +# CONFIG_DRM_TOSHIBA_TC358768 is not set +# CONFIG_DRM_TOSHIBA_TC358775 is not set +# CONFIG_DRM_TI_DLPC3433 is not set +# CONFIG_DRM_TI_TFP410 is not set +# CONFIG_DRM_TI_SN65DSI83 is not set +# CONFIG_DRM_TI_SN65DSI86 is not set +# CONFIG_DRM_TI_TPD12S015 is not set +# CONFIG_DRM_ANALOGIX_ANX6345 is not set +# CONFIG_DRM_ANALOGIX_ANX78XX is not set +# CONFIG_DRM_ANALOGIX_ANX7625 is not set +# CONFIG_DRM_I2C_ADV7511 is not set +# CONFIG_DRM_CDNS_DSI is not set +# CONFIG_DRM_CDNS_MHDP8546 is not set +# CONFIG_DRM_IMX8QM_LDB is not set +# CONFIG_DRM_IMX8QXP_LDB is not set +# CONFIG_DRM_IMX8QXP_PIXEL_COMBINER is not set +# CONFIG_DRM_IMX8QXP_PIXEL_LINK_TO_DPI is not set +# end of Display Interface Bridges + +# CONFIG_DRM_IMX_DCSS is not set +# CONFIG_DRM_IMX_LCDC is not set +# CONFIG_DRM_V3D is not set +# CONFIG_DRM_LOONGSON is not set +# CONFIG_DRM_ETNAVIV is not set +# CONFIG_DRM_HISI_HIBMC is not set +# CONFIG_DRM_HISI_KIRIN is not set +# CONFIG_DRM_LOGICVC is not set +# CONFIG_DRM_MXSFB is not set +# CONFIG_DRM_IMX_LCDIF is not set +# CONFIG_DRM_MESON is not set +# CONFIG_DRM_ARCPGU is not set +# CONFIG_DRM_BOCHS is not set +# CONFIG_DRM_CIRRUS_QEMU is not set +# CONFIG_DRM_GM12U320 is not set +CONFIG_DRM_SIMPLEDRM=y +# CONFIG_DRM_PL111 is not set +# CONFIG_DRM_XEN_FRONTEND is not set +# CONFIG_DRM_LIMA is not set +# CONFIG_DRM_PANFROST is not set +# CONFIG_DRM_TIDSS is not set +# CONFIG_DRM_GUD is not set +# CONFIG_DRM_SSD130X is not set +# CONFIG_DRM_HYPERV is not set +# CONFIG_DRM_LEGACY is not set CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y # diff --git a/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig b/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig index 124c9aa8..9e8b1986 100644 --- a/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig +++ b/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.6.69 Kernel Configuration +# Linux/x86 6.6.93 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Debian 12.2.0-14) 12.2.0" CONFIG_CC_IS_GCC=y @@ -19,7 +19,7 @@ CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND=y CONFIG_TOOLS_SUPPORT_RELR=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y -CONFIG_PAHOLE_VERSION=0 +CONFIG_PAHOLE_VERSION=124 CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_TABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y @@ -257,7 +257,7 @@ CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y -CONFIG_IO_URING=y +# CONFIG_IO_URING is not set CONFIG_ADVISE_SYSCALLS=y CONFIG_MEMBARRIER=y CONFIG_KALLSYMS=y @@ -522,6 +522,7 @@ CONFIG_CPU_SRSO=y # CONFIG_GDS_FORCE_MITIGATION is not set CONFIG_MITIGATION_RFDS=y CONFIG_MITIGATION_SPECTRE_BHI=y +CONFIG_MITIGATION_ITS=y CONFIG_ARCH_HAS_ADD_PAGES=y # @@ -1072,7 +1073,6 @@ CONFIG_SKB_EXTENSIONS=y CONFIG_PACKET=m CONFIG_PACKET_DIAG=m CONFIG_UNIX=y -CONFIG_UNIX_SCM=y CONFIG_AF_UNIX_OOB=y CONFIG_UNIX_DIAG=m CONFIG_TLS=y @@ -1798,8 +1798,6 @@ CONFIG_ETHTOOL_NETLINK=y # # Device Drivers # -CONFIG_HAVE_EISA=y -# CONFIG_EISA is not set CONFIG_HAVE_PCI=y CONFIG_PCI=y CONFIG_PCI_DOMAINS=y @@ -2406,7 +2404,7 @@ CONFIG_FUSION_CTL=m # CONFIG_MACINTOSH_DRIVERS is not set CONFIG_NETDEVICES=y -CONFIG_MII=m +CONFIG_MII=y CONFIG_NET_CORE=y CONFIG_BONDING=m CONFIG_DUMMY=m @@ -2803,21 +2801,21 @@ CONFIG_PPP_ASYNC=m CONFIG_PPP_SYNC_TTY=m # CONFIG_SLIP is not set CONFIG_SLHC=m -CONFIG_USB_NET_DRIVERS=m +CONFIG_USB_NET_DRIVERS=y # CONFIG_USB_CATC is not set # CONFIG_USB_KAWETH is not set # CONFIG_USB_PEGASUS is not set CONFIG_USB_RTL8150=m CONFIG_USB_RTL8152=m CONFIG_USB_LAN78XX=m -CONFIG_USB_USBNET=m +CONFIG_USB_USBNET=y CONFIG_USB_NET_AX8817X=m CONFIG_USB_NET_AX88179_178A=m -CONFIG_USB_NET_CDCETHER=m -CONFIG_USB_NET_CDC_EEM=m -CONFIG_USB_NET_CDC_NCM=m -CONFIG_USB_NET_HUAWEI_CDC_NCM=m -CONFIG_USB_NET_CDC_MBIM=m +CONFIG_USB_NET_CDCETHER=y +CONFIG_USB_NET_CDC_EEM=y +CONFIG_USB_NET_CDC_NCM=y +CONFIG_USB_NET_HUAWEI_CDC_NCM=y +CONFIG_USB_NET_CDC_MBIM=y # CONFIG_USB_NET_DM9601 is not set # CONFIG_USB_NET_SR9700 is not set # CONFIG_USB_NET_SR9800 is not set @@ -2832,11 +2830,11 @@ CONFIG_USB_NET_SMSC95XX=m # CONFIG_USB_NET_ZAURUS is not set # CONFIG_USB_NET_CX82310_ETH is not set # CONFIG_USB_NET_KALMIA is not set -CONFIG_USB_NET_QMI_WWAN=m +CONFIG_USB_NET_QMI_WWAN=y # CONFIG_USB_HSO is not set # CONFIG_USB_NET_INT51X1 is not set # CONFIG_USB_IPHETH is not set -CONFIG_USB_SIERRA_NET=m +CONFIG_USB_SIERRA_NET=y # CONFIG_USB_VL600 is not set # CONFIG_USB_NET_CH9200 is not set # CONFIG_USB_NET_AQC111 is not set @@ -3081,7 +3079,11 @@ CONFIG_MAC80211_HWSIM=m # # Wireless WAN # -# CONFIG_WWAN is not set +CONFIG_WWAN=y +CONFIG_WWAN_DEBUGFS=y +CONFIG_WWAN_HWSIM=m +CONFIG_IOSM=m +CONFIG_MTK_T7XX=m # end of Wireless WAN CONFIG_XEN_NETDEV_FRONTEND=m @@ -4418,6 +4420,7 @@ CONFIG_HID_GENERIC=m # CONFIG_HID_THRUSTMASTER is not set # CONFIG_HID_UDRAW_PS3 is not set # CONFIG_HID_U2FZERO is not set +# CONFIG_HID_UNIVERSAL_PIDFF is not set # CONFIG_HID_WACOM is not set # CONFIG_HID_WIIMOTE is not set # CONFIG_HID_XINMO is not set @@ -4524,7 +4527,7 @@ CONFIG_USB_SL811_HCD=m # CONFIG_USB_ACM=m # CONFIG_USB_PRINTER is not set -CONFIG_USB_WDM=m +CONFIG_USB_WDM=y # CONFIG_USB_TMC is not set # @@ -4571,7 +4574,8 @@ CONFIG_USB_STORAGE=m # # USB port drivers # -CONFIG_USB_SERIAL=m +CONFIG_USB_SERIAL=y +# CONFIG_USB_SERIAL_CONSOLE is not set CONFIG_USB_SERIAL_GENERIC=y CONFIG_USB_SERIAL_SIMPLE=m # CONFIG_USB_SERIAL_AIRCABLE is not set @@ -4607,16 +4611,16 @@ CONFIG_USB_SERIAL_MXUPORT=m # CONFIG_USB_SERIAL_NAVMAN is not set CONFIG_USB_SERIAL_PL2303=m CONFIG_USB_SERIAL_OTI6858=m -CONFIG_USB_SERIAL_QCAUX=m -CONFIG_USB_SERIAL_QUALCOMM=m +CONFIG_USB_SERIAL_QCAUX=y +CONFIG_USB_SERIAL_QUALCOMM=y CONFIG_USB_SERIAL_SPCP8X5=m CONFIG_USB_SERIAL_SAFE=m # CONFIG_USB_SERIAL_SAFE_PADDED is not set -CONFIG_USB_SERIAL_SIERRAWIRELESS=m +CONFIG_USB_SERIAL_SIERRAWIRELESS=y # CONFIG_USB_SERIAL_SYMBOL is not set CONFIG_USB_SERIAL_TI=m # CONFIG_USB_SERIAL_CYBERJACK is not set -CONFIG_USB_SERIAL_WWAN=m +CONFIG_USB_SERIAL_WWAN=y CONFIG_USB_SERIAL_OPTION=m # CONFIG_USB_SERIAL_OMNINET is not set # CONFIG_USB_SERIAL_OPTICON is not set @@ -5023,20 +5027,27 @@ CONFIG_VIRTIO_PCI_LIB_LEGACY=m CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_PCI=m CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_VDPA=m # CONFIG_VIRTIO_PMEM is not set CONFIG_VIRTIO_BALLOON=m CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_MMIO=m CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y -CONFIG_VIRTIO_VDPA=m CONFIG_VDPA=m -CONFIG_VHOST_VDPA=m +# CONFIG_VDPA_USER is not set +# CONFIG_IFCVF is not set +# CONFIG_MLX5_VDPA_NET is not set +# CONFIG_MLX5_VDPA_STEERING_DEBUG is not set +# CONFIG_VP_VDPA is not set +# CONFIG_ALIBABA_ENI_VDPA is not set +# CONFIG_SNET_VDPA is not set CONFIG_VHOST_IOTLB=m CONFIG_VHOST_TASK=y CONFIG_VHOST=m CONFIG_VHOST_MENU=y CONFIG_VHOST_NET=m CONFIG_VHOST_VSOCK=m +CONFIG_VHOST_VDPA=m # CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set # @@ -5481,9 +5492,9 @@ CONFIG_TMPFS_XATTR=y # CONFIG_TMPFS_INODE64 is not set # CONFIG_TMPFS_QUOTA is not set CONFIG_HUGETLBFS=y +# CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set CONFIG_HUGETLB_PAGE=y CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y -# CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set CONFIG_ARCH_HAS_GIGANTIC_PAGE=y CONFIG_CONFIGFS_FS=m CONFIG_EFIVAR_FS=m @@ -5588,7 +5599,6 @@ CONFIG_NLS_ISO8859_1=m CONFIG_NLS_UTF8=m # CONFIG_DLM is not set # CONFIG_UNICODE is not set -CONFIG_IO_WQ=y # end of File systems # diff --git a/scripts/package-build/linux-kernel/build-ipt-netflow.sh b/scripts/package-build/linux-kernel/build-ipt-netflow.sh new file mode 100755 index 00000000..9245a416 --- /dev/null +++ b/scripts/package-build/linux-kernel/build-ipt-netflow.sh @@ -0,0 +1,69 @@ +#!/bin/sh +CWD=$(pwd) +KERNEL_VAR_FILE=${CWD}/kernel-vars + +IPT_NETFLOW_SRC=${CWD}/ipt-netflow +if [ ! -d ${IPT_NETFLOW_SRC} ]; then + echo "ipt_NETFLOW source not found" + exit 1 +fi + +if [ ! -f ${KERNEL_VAR_FILE} ]; then + echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" + exit 1 +fi + +cd ${IPT_NETFLOW_SRC} +if [ -d .git ]; then + git reset --hard HEAD + git clean --force -d -x +fi + +. ${KERNEL_VAR_FILE} + +DRIVER_VERSION=$(git describe | sed s/^v//) + +# Build up Debian related variables required for packaging +DEBIAN_ARCH=$(dpkg --print-architecture) +DEBIAN_DIR="tmp/" +DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control" +DEBIAN_POSTINST="${CWD}/vyos-ipt-netflow.postinst" + +./configure --enable-aggregation --kdir=${KERNEL_DIR} +make all + +if [ "x$?" != "x0" ]; then + exit 1 +fi + +if [ -f ${DEBIAN_DIR}.deb ]; then + rm ${DEBIAN_DIR}.deb +fi + +if [ ! -d ${DEBIAN_DIR} ]; then + mkdir -p ${DEBIAN_DIR} +fi + +# build Debian package +echo "I: Building Debian package vyos-ipt-netflow" +cp ipt_NETFLOW.ko ${DEBIAN_DIR} +cp libipt_NETFLOW.so ${DEBIAN_DIR} +cp libip6t_NETFLOW.so ${DEBIAN_DIR} + +# Sign generated Kernel modules +${CWD}/sign-modules.sh ${DEBIAN_DIR} + +echo "#!/bin/sh" > ${DEBIAN_POSTINST} +echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} + +cd ${CWD} + +fpm --input-type dir --output-type deb --name vyos-ipt-netflow \ + --version ${DRIVER_VERSION} --deb-compression gz \ + --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ + --description "ipt_NETFLOW module" \ + --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ + --license "GPL2" -C ${IPT_NETFLOW_SRC}/tmp --after-install ${DEBIAN_POSTINST} \ + ipt_NETFLOW.ko=/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra/ipt_NETFLOW.ko \ + libipt_NETFLOW.so=/lib/$(uname -m)-linux-gnu/xtables/libipt_NETFLOW.so \ + libip6t_NETFLOW.so=/lib/$(uname -m)-linux-gnu/xtables/libip6t_NETFLOW.so diff --git a/scripts/package-build/linux-kernel/build-kernel.sh b/scripts/package-build/linux-kernel/build-kernel.sh index e3efd127..62dd7829 100755 --- a/scripts/package-build/linux-kernel/build-kernel.sh +++ b/scripts/package-build/linux-kernel/build-kernel.sh @@ -36,12 +36,13 @@ do done # Change name of Signing Cert -sed -i -e "s/CN =.*/CN=VyOS build time autogenerated kernel key/" certs/default_x509.genkey +sed -i -e "s/CN =.*/CN=VyOS Networks build time autogenerated Kernel key/" certs/default_x509.genkey TRUSTED_KEYS_FILE=trusted_keys.pem # start with empty key file echo -n "" > $TRUSTED_KEYS_FILE -CERTS=$(find ../../../../data/live-build-config/includes.chroot/var/lib/shim-signed/mok -name "*.pem" -type f || true) +GIT_ROOT=$(git rev-parse --show-toplevel) +CERTS=$(find ${GIT_ROOT}/data/certificates -name "*.pem" -type f || true) if [ ! -z "${CERTS}" ]; then # add known public keys to Kernel certificate chain for file in $CERTS; do diff --git a/scripts/package-build/linux-kernel/build.py b/scripts/package-build/linux-kernel/build.py index 6a43fc25..5d891c71 100755 --- a/scripts/package-build/linux-kernel/build.py +++ b/scripts/package-build/linux-kernel/build.py @@ -18,6 +18,7 @@ import datetime import glob import shutil +import sys import toml import os import subprocess @@ -37,6 +38,7 @@ def ensure_dependencies(dependencies: list) -> None: return print("I: Ensure Debian build dependencies are met") + run(['sudo', 'apt-get', 'update'], check=True) run(['sudo', 'apt-get', 'install', '-y'] + dependencies, check=True) @@ -59,8 +61,12 @@ def clone_or_update_repo(repo_dir: Path, scm_url: str, commit_id: str) -> None: run(['git', 'checkout', commit_id], cwd=repo_dir, check=True) #run(['git', 'pull'], cwd=repo_dir, check=True) else: - run(['git', 'clone', scm_url, str(repo_dir)], check=True) - run(['git', 'checkout', commit_id], cwd=repo_dir, check=True) + try: + run(['git', 'clone', scm_url, str(repo_dir)], check=True) + run(['git', 'checkout', commit_id], cwd=repo_dir, check=True) + except CalledProcessError as e: + print(f"Failed to clone or checkout: {e}") + sys.exit(1) def create_tarball(package_name, source_dir=None): @@ -112,9 +118,6 @@ def build_package(package: dict, dependencies: list) -> None: # Clone or update the repository #clone_or_update_repo(repo_dir, package['scm_url'], package['commit_id']) - # Ensure dependencies - #ensure_dependencies(dependencies) - # Prepare the package if required #if package.get('prepare_package', False): # prepare_package(repo_dir, package.get('install_data', '')) @@ -143,6 +146,8 @@ def build_package(package: dict, dependencies: list) -> None: build_realtek_r8152() elif package['build_cmd'] == 'build_jool': build_jool() + elif package['build_cmd'] == 'build_ipt_netflow': + build_ipt_netflow(package['commit_id'], package['scm_url']) elif package['build_cmd'] == 'build_openvpn_dco': build_openvpn_dco(package['commit_id'], package['scm_url']) create_tarball(f'{package["name"]}-{package["commit_id"]}', f'{package["name"]}') @@ -238,6 +243,11 @@ def build_jool(): """Build Jool""" run(['echo y | ./build-jool.py'], check=True, shell=True) +def build_ipt_netflow(commit_id, scm_url): + """Build ipt_NETFLOW""" + repo_dir = Path('ipt-netflow') + clone_or_update_repo(repo_dir, scm_url, commit_id) + run(['./build-ipt-netflow.sh'], check=True, shell=True) def build_openvpn_dco(commit_id, scm_url): """Build OpenVPN DCO""" @@ -258,6 +268,7 @@ if __name__ == '__main__': arg_parser = ArgumentParser() arg_parser.add_argument('--config', default='package.toml', help='Path to the package configuration file') arg_parser.add_argument('--packages', nargs='+', help='Names of packages to build (default: all)', default=[]) + arg_parser.add_argument('--install-dependencies', '-i', help='Only install build dependencies', action='store_true') args = arg_parser.parse_args() # Load package configuration @@ -268,6 +279,13 @@ if __name__ == '__main__': with open(defaults_path, 'r') as file: defaults = toml.load(file) + # Load global dependencies + global_dependencies = config.get('dependencies', {}).get('packages', []) + if global_dependencies: + ensure_dependencies(global_dependencies) + if args.install_dependencies: + exit(0) + packages = config['packages'] # Filter packages if specific packages are specified in the arguments diff --git a/scripts/package-build/linux-kernel/package.toml b/scripts/package-build/linux-kernel/package.toml index 2d80fdfe..b98bcd2f 100644 --- a/scripts/package-build/linux-kernel/package.toml +++ b/scripts/package-build/linux-kernel/package.toml @@ -22,7 +22,6 @@ commit_id = "1.13.0" scm_url = "https://github.com/accel-ppp/accel-ppp.git" build_cmd = "build_accel_ppp" - [[packages]] name = "ovpn-dco" commit_id = "v0.2.20231117" @@ -35,7 +34,6 @@ commit_id = "475af0a" scm_url = "https://github.com/maru-sama/rtsp-linux.git" build_cmd = "build_nat_rtsp" - [[packages]] name = "qat" commit_id = "" @@ -77,3 +75,51 @@ name = "realtek-r8152" commit_id = "" scm_url = "" build_cmd = "build_realtek_r8152" + +[[packages]] +name = "ipt-netflow" +commit_id = "0eb2092e93" +scm_url = "https://github.com/aabc/ipt-netflow" +build_cmd = "build_ipt_netflow" + +[dependencies] +packages = [ + "cmake", + "gnupg2", + "rsync", + "libelf-dev", + "libncurses5-dev", + "flex", + "bison", + "bc", + "kmod", + "cpio", + "dwarves", + "nasm", + "rdfind", + "pciutils", + "yasm", + "libudev-dev", + "ruby", + "ruby-dev", + "rubygems", + "build-essential", + "libdw-dev", + "libunwind-dev", + "systemtap-sdt-dev", + "libslang2-dev", + "python-dev-is-python3", + "libzstd-dev", + "libcap-dev", + "libnuma-dev", + "libbabeltrace-ctf-dev", + "libpfm4-dev", + "libtraceevent-dev", + "liblua5.3-dev", + "libssl3", + "libssl-dev", + "libpcre3-dev", + "libnl-genl-3-dev", + "libxtables-dev", + "asciidoc-base" +] diff --git a/scripts/package-build/linux-kernel/patches/accel-ppp/0002-Add-vrf-support-for-Framed-Route-and-Framed-IPv6-Rou.patch b/scripts/package-build/linux-kernel/patches/accel-ppp/0002-Add-vrf-support-for-Framed-Route-and-Framed-IPv6-Rou.patch new file mode 100644 index 00000000..b963050f --- /dev/null +++ b/scripts/package-build/linux-kernel/patches/accel-ppp/0002-Add-vrf-support-for-Framed-Route-and-Framed-IPv6-Rou.patch @@ -0,0 +1,639 @@ +From 5587c45d9e3264f45eba636941cf80b90f2f6186 Mon Sep 17 00:00:00 2001 +From: Chris Hills <chris@brsk.co.uk> +Date: Thu, 29 Jun 2023 09:24:36 +0100 +Subject: [PATCH 2/4] Add vrf support for Framed-Route and Framed-IPv6-Route + +(cherry picked from commit 899dc375fe01672a5eae2d7f7db81edc0d2a4440) +--- + accel-pppd/CMakeLists.txt | 4 + + accel-pppd/ctrl/ipoe/ipoe.c | 20 ++++ + accel-pppd/ifcfg.c | 6 +- + accel-pppd/ipv6/dhcpv6.c | 8 ++ + accel-pppd/libnetlink/iputils.c | 110 ++++++++++++++++- + accel-pppd/libnetlink/iputils.h | 11 ++ + accel-pppd/libnetlink/rt_names.c | 196 +++++++++++++++++++++++++++++++ + accel-pppd/libnetlink/rt_names.h | 14 +++ + accel-pppd/radius/radius.c | 21 +++- + 9 files changed, 384 insertions(+), 6 deletions(-) + create mode 100644 accel-pppd/libnetlink/rt_names.c + create mode 100644 accel-pppd/libnetlink/rt_names.h + +diff --git a/accel-pppd/CMakeLists.txt b/accel-pppd/CMakeLists.txt +index ab8a350..c3995ea 100644 +--- a/accel-pppd/CMakeLists.txt ++++ b/accel-pppd/CMakeLists.txt +@@ -123,6 +123,10 @@ ADD_EXECUTABLE(accel-pppd + main.c + ) + ++IF (DEFINED HAVE_VRF) ++ target_sources(accel-pppd PRIVATE libnetlink/rt_names.c) ++ENDIF (DEFINED HAVE_VRF) ++ + TARGET_LINK_LIBRARIES(accel-pppd triton rt pthread ${crypto_lib} pcre) + set_property(TARGET accel-pppd PROPERTY CMAKE_SKIP_BUILD_RPATH FALSE) + set_property(TARGET accel-pppd PROPERTY CMAKE_BUILD_WITH_INSTALL_RPATH FALSE) +diff --git a/accel-pppd/ctrl/ipoe/ipoe.c b/accel-pppd/ctrl/ipoe/ipoe.c +index 61b7c23..6f23fd6 100644 +--- a/accel-pppd/ctrl/ipoe/ipoe.c ++++ b/accel-pppd/ctrl/ipoe/ipoe.c +@@ -1067,9 +1067,17 @@ static void __ipoe_session_activate(struct ipoe_session *ses) + + if (ses->ifindex == -1 && !serv->opt_ifcfg) { + if (!serv->opt_ip_unnumbered) ++#ifdef HAVE_VRF ++ iproute_add(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0, NULL); ++#else + iproute_add(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0); ++#endif + else ++#ifdef HAVE_VRF ++ iproute_add(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0, NULL); ++#else + iproute_add(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0); ++#endif + } + + if (ses->l4_redirect) +@@ -1170,7 +1178,11 @@ static void ipoe_session_started(struct ap_session *s) + + if (ses->ses.ipv4->peer_addr != ses->yiaddr) + //ipaddr_add_peer(ses->ses.ifindex, ses->router, ses->yiaddr); // breaks quagga ++#ifdef HAVE_VRF ++ iproute_add(ses->ses.ifindex, ses->router, ses->yiaddr, 0, conf_proto, 32, 0, NULL); ++#else + iproute_add(ses->ses.ifindex, ses->router, ses->yiaddr, 0, conf_proto, 32, 0); ++#endif + + if (ses->ifindex != -1 && ses->xid) { + ses->dhcpv4 = dhcpv4_create(ses->ctrl.ctx, ses->ses.ifname, ""); +@@ -1254,9 +1266,17 @@ static void ipoe_session_finished(struct ap_session *s) + } else if (ses->started) { + if (!serv->opt_ifcfg) { + if (!serv->opt_ip_unnumbered) ++#ifdef HAVE_VRF ++ iproute_del(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0, NULL); ++#else + iproute_del(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0); ++#endif + else ++#ifdef HAVE_VRF ++ iproute_del(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0, NULL); ++#else + iproute_del(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0); ++#endif + } + } + +diff --git a/accel-pppd/ifcfg.c b/accel-pppd/ifcfg.c +index 3750060..3b1848e 100644 +--- a/accel-pppd/ifcfg.c ++++ b/accel-pppd/ifcfg.c +@@ -234,7 +234,11 @@ void __export ap_session_ifdown(struct ap_session *ses) + if (!a->installed) + continue; + if (a->prefix_len > 64) ++#ifdef HAVE_VRF ++ ip6route_del(ses->ifindex, &a->addr, a->prefix_len, NULL, 0, 0, ses->vrf_name); ++#else + ip6route_del(ses->ifindex, &a->addr, a->prefix_len, NULL, 0, 0); ++#endif + else { + struct in6_addr addr; + memcpy(addr.s6_addr, &a->addr, 8); +@@ -376,4 +380,4 @@ int __export ap_session_vrf(struct ap_session *ses, const char *vrf_name, int le + + return 0; + } +-#endif +\ No newline at end of file ++#endif +diff --git a/accel-pppd/ipv6/dhcpv6.c b/accel-pppd/ipv6/dhcpv6.c +index 158771b..41e6c3f 100644 +--- a/accel-pppd/ipv6/dhcpv6.c ++++ b/accel-pppd/ipv6/dhcpv6.c +@@ -159,7 +159,11 @@ static void ev_ses_finished(struct ap_session *ses) + if (pd->dp_active) { + struct ipv6db_addr_t *p; + list_for_each_entry(p, &ses->ipv6_dp->prefix_list, entry) ++#ifdef HAVE_VRF ++ ip6route_del(0, &p->addr, p->prefix_len, NULL, 0, 0, ses->vrf_name); ++#else + ip6route_del(0, &p->addr, p->prefix_len, NULL, 0, 0); ++#endif + } + + ipdb_put_ipv6_prefix(ses, ses->ipv6_dp); +@@ -181,7 +185,11 @@ static void insert_dp_routes(struct ap_session *ses, struct dhcpv6_pd *pd, struc + addr = NULL; + + list_for_each_entry(p, &ses->ipv6_dp->prefix_list, entry) { ++#ifdef HAVE_VRF ++ if (ip6route_add(ses->ifindex, &p->addr, p->prefix_len, addr, 0, 0, ses->vrf_name)) { ++#else + if (ip6route_add(ses->ifindex, &p->addr, p->prefix_len, addr, 0, 0)) { ++#endif + err = errno; + inet_ntop(AF_INET6, &p->addr, str1, sizeof(str1)); + if (addr) +diff --git a/accel-pppd/libnetlink/iputils.c b/accel-pppd/libnetlink/iputils.c +index 23325fc..6c61fc2 100644 +--- a/accel-pppd/libnetlink/iputils.c ++++ b/accel-pppd/libnetlink/iputils.c +@@ -11,7 +11,9 @@ + #include <errno.h> + #include <time.h> + #include <sys/uio.h> +-//#include <linux/if_link.h> ++#ifdef HAVE_VRF ++#include <linux/if_link.h> ++#endif + //#include <linux/if_addr.h> + //#include <linux/rtnetlink.h> + #include <linux/fib_rules.h> +@@ -21,6 +23,9 @@ + #include "libnetlink.h" + #include "iputils.h" + #include "ap_net.h" ++#ifdef HAVE_VRF ++#include "rt_names.h" ++#endif + + #ifdef ACCEL_DP + #define _malloc(x) malloc(x) +@@ -457,7 +462,82 @@ int __export ipaddr_del_peer(int ifindex, in_addr_t addr, in_addr_t peer) + return r; + } + ++#ifdef HAVE_VRF ++__u32 ipvrf_get_table(const char *vrf_name) ++{ ++ struct iplink_req { ++ struct nlmsghdr n; ++ struct ifinfomsg i; ++ char buf[4096]; ++ } req; ++ struct rtnl_handle *rth = net->rtnl_get(); ++ struct rtattr *tb[IFLA_MAX+1]; ++ struct rtattr *li[IFLA_INFO_MAX+1]; ++ struct rtattr *vrf_attr[IFLA_VRF_MAX + 1]; ++ struct ifinfomsg *ifi; ++ int len; ++ __u32 tb_id = RT_TABLE_MAIN; ++ ++ log_ppp_info2("utils: getting route table for %s\n", vrf_name); ++ ++ if (!vrf_name) ++ return tb_id; ++ ++ memset(&req, 0, sizeof(req) - 4096); ++ ++ req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)); ++ req.n.nlmsg_flags = NLM_F_REQUEST; ++ req.n.nlmsg_type = RTM_GETLINK; ++ req.i.ifi_family = AF_UNSPEC; ++ ++ addattr_l(&req.n, 4096, IFLA_IFNAME, vrf_name, strlen(vrf_name)); ++ ++ if (rtnl_talk(rth, &req.n, 0, 0, &req.n, NULL, NULL, 0) < 0) { ++ if (errno == ENODEV && !strcmp(vrf_name, "default")) ++ if (rtnl_rttable_a2n(&tb_id, "main")) ++ log_ppp_error( ++ "BUG: route table \"main\" not found.\n"); ++ return tb_id; ++ } ++ ++ ifi = NLMSG_DATA(&req.n); ++ ++ len = req.n.nlmsg_len; ++ ++ len -= NLMSG_LENGTH(sizeof(*ifi)); ++ if (len < 0) ++ goto out; ++ ++ parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifi), len); ++ ++ if (!tb[IFLA_LINKINFO]) ++ goto out; ++ ++ parse_rtattr_nested(li, IFLA_INFO_MAX, tb[IFLA_LINKINFO]); ++ ++ if (!li[IFLA_INFO_KIND] || !li[IFLA_INFO_DATA]) ++ goto out; ++ ++ if (strcmp(RTA_DATA(li[IFLA_INFO_KIND]), "vrf")) ++ goto out; ++ ++ parse_rtattr_nested(vrf_attr, IFLA_VRF_MAX, li[IFLA_INFO_DATA]); ++ if (vrf_attr[IFLA_VRF_TABLE]) ++ tb_id = *(__u32 *)RTA_DATA(vrf_attr[IFLA_VRF_TABLE]); ++ ++ if (!tb_id) ++ log_ppp_error("BUG: VRF %s is missing table id\n", vrf_name); ++ ++out: ++ return tb_id; ++} ++#endif ++ ++#ifdef HAVE_VRF ++int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name) ++#else + int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio) ++#endif + { + struct ipaddr_req { + struct nlmsghdr n; +@@ -472,11 +552,17 @@ int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw + + memset(&req, 0, sizeof(req) - 4096); + ++#ifdef HAVE_VRF ++ __u32 rt_table = ipvrf_get_table(vrf_name); ++#else ++ __u32 rt_table = RT_TABLE_MAIN; ++#endif ++ + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); + req.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE; + req.n.nlmsg_type = RTM_NEWROUTE; + req.i.rtm_family = AF_INET; +- req.i.rtm_table = RT_TABLE_MAIN; ++ req.i.rtm_table = rt_table; + req.i.rtm_scope = gw ? RT_SCOPE_UNIVERSE : RT_SCOPE_LINK; + req.i.rtm_protocol = proto; + req.i.rtm_type = RTN_UNICAST; +@@ -500,7 +586,11 @@ int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw + return r; + } + ++#ifdef HAVE_VRF ++int __export iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name) ++#else + int __export iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio) ++#endif + { + struct ipaddr_req { + struct nlmsghdr n; +@@ -543,7 +633,11 @@ int __export iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw + return r; + } + ++#ifdef HAVE_VRF ++int __export ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio, const char *vrf_name) ++#else + int __export ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio) ++#endif + { + struct ipaddr_req { + struct nlmsghdr n; +@@ -558,11 +652,17 @@ int __export ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, + + memset(&req, 0, sizeof(req) - 4096); + ++#ifdef HAVE_VRF ++ __u32 rt_table = ipvrf_get_table(vrf_name); ++#else ++ __u32 rt_table = RT_TABLE_MAIN; ++#endif ++ + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); + req.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE; + req.n.nlmsg_type = RTM_NEWROUTE; + req.i.rtm_family = AF_INET6; +- req.i.rtm_table = RT_TABLE_MAIN; ++ req.i.rtm_table = rt_table; + req.i.rtm_scope = RT_SCOPE_UNIVERSE; + req.i.rtm_protocol = proto; + req.i.rtm_type = RTN_UNICAST; +@@ -584,7 +684,11 @@ int __export ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, + return r; + } + ++#ifdef HAVE_VRF ++int __export ip6route_del(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio, const char *vrf_name) ++#else + int __export ip6route_del(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio) ++#endif + { + struct ipaddr_req { + struct nlmsghdr n; +diff --git a/accel-pppd/libnetlink/iputils.h b/accel-pppd/libnetlink/iputils.h +index 9292cea..c3063f4 100644 +--- a/accel-pppd/libnetlink/iputils.h ++++ b/accel-pppd/libnetlink/iputils.h +@@ -4,6 +4,7 @@ + #include <linux/if_link.h> + #include <netinet/in.h> + #include <stdint.h> ++#include <config.h> + + typedef int (*iplink_list_func)(int index, int flags, const char *name, int iflink, int vid, void *arg); + +@@ -20,12 +21,22 @@ int ipaddr_add_peer(int ifindex, in_addr_t addr, in_addr_t peer_addr); + int ipaddr_del(int ifindex, in_addr_t addr, int mask); + int ipaddr_del_peer(int ifindex, in_addr_t addr, in_addr_t peer); + ++#ifdef HAVE_VRF ++int iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name); ++int iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name); ++#else + int iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio); + int iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio); ++#endif + in_addr_t iproute_get(in_addr_t dst, in_addr_t *gw); + ++#ifdef HAVE_VRF ++int ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio, const char *vrf_name); ++int ip6route_del(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio, const char *vrf_name); ++#else + int ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio); + int ip6route_del(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio); ++#endif + int ip6addr_add(int ifindex, struct in6_addr *addr, int prefix_len); + int ip6addr_add_peer(int ifindex, struct in6_addr *addr, struct in6_addr *peer_addr); + int ip6addr_del(int ifindex, struct in6_addr *addr, int prefix_len); +diff --git a/accel-pppd/libnetlink/rt_names.c b/accel-pppd/libnetlink/rt_names.c +new file mode 100644 +index 0000000..5591a67 +--- /dev/null ++++ b/accel-pppd/libnetlink/rt_names.c +@@ -0,0 +1,196 @@ ++/* SPDX-License-Identifier: GPL-2.0-or-later */ ++/* ++ * rt_names.c rtnetlink names DB. ++ * ++ * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> ++ */ ++ ++#include <stdio.h> ++#include <stdlib.h> ++#include <unistd.h> ++#include <fcntl.h> ++#include <string.h> ++#include <sys/time.h> ++#include <sys/socket.h> ++#include <dirent.h> ++#include <limits.h> ++ ++#include <asm/types.h> ++#include <linux/rtnetlink.h> ++ ++#include "rt_names.h" ++#include "utils.h" ++ ++#define NAME_MAX_LEN 512 ++#define CONFDIR "/etc/iproute2" ++ ++int numeric; ++ ++struct rtnl_hash_entry { ++ struct rtnl_hash_entry *next; ++ const char *name; ++ unsigned int id; ++}; ++ ++static int fread_id_name(FILE *fp, int *id, char *namebuf) ++{ ++ char buf[NAME_MAX_LEN]; ++ ++ while (fgets(buf, sizeof(buf), fp)) { ++ char *p = buf; ++ ++ while (*p == ' ' || *p == '\t') ++ p++; ++ ++ if (*p == '#' || *p == '\n' || *p == 0) ++ continue; ++ ++ if (sscanf(p, "0x%x %s\n", id, namebuf) != 2 && ++ sscanf(p, "0x%x %s #", id, namebuf) != 2 && ++ sscanf(p, "%d %s\n", id, namebuf) != 2 && ++ sscanf(p, "%d %s #", id, namebuf) != 2) { ++ strcpy(namebuf, p); ++ return -1; ++ } ++ return 1; ++ } ++ return 0; ++} ++ ++static void ++rtnl_hash_initialize(const char *file, struct rtnl_hash_entry **hash, int size) ++{ ++ struct rtnl_hash_entry *entry; ++ FILE *fp; ++ int id; ++ char namebuf[NAME_MAX_LEN] = {0}; ++ int ret; ++ ++ fp = fopen(file, "r"); ++ if (!fp) ++ return; ++ ++ while ((ret = fread_id_name(fp, &id, &namebuf[0]))) { ++ if (ret == -1) { ++ fprintf(stderr, "Database %s is corrupted at %s\n", ++ file, namebuf); ++ fclose(fp); ++ return; ++ } ++ ++ if (id < 0) ++ continue; ++ ++ entry = malloc(sizeof(*entry)); ++ if (entry == NULL) { ++ fprintf(stderr, "malloc error: for entry\n"); ++ break; ++ } ++ entry->id = id; ++ entry->name = strdup(namebuf); ++ entry->next = hash[id & (size - 1)]; ++ hash[id & (size - 1)] = entry; ++ } ++ fclose(fp); ++} ++ ++static struct rtnl_hash_entry dflt_table_entry = { .name = "default" }; ++static struct rtnl_hash_entry main_table_entry = { .name = "main" }; ++static struct rtnl_hash_entry local_table_entry = { .name = "local" }; ++ ++static struct rtnl_hash_entry *rtnl_rttable_hash[256] = { ++ [RT_TABLE_DEFAULT] = &dflt_table_entry, ++ [RT_TABLE_MAIN] = &main_table_entry, ++ [RT_TABLE_LOCAL] = &local_table_entry, ++}; ++ ++static int rtnl_rttable_init; ++ ++static void rtnl_rttable_initialize(void) ++{ ++ struct dirent *de; ++ DIR *d; ++ int i; ++ ++ rtnl_rttable_init = 1; ++ for (i = 0; i < 256; i++) { ++ if (rtnl_rttable_hash[i]) ++ rtnl_rttable_hash[i]->id = i; ++ } ++ rtnl_hash_initialize(CONFDIR "/rt_tables", ++ rtnl_rttable_hash, 256); ++ ++ d = opendir(CONFDIR "/rt_tables.d"); ++ if (!d) ++ return; ++ ++ while ((de = readdir(d)) != NULL) { ++ char path[PATH_MAX]; ++ size_t len; ++ ++ if (*de->d_name == '.') ++ continue; ++ ++ /* only consider filenames ending in '.conf' */ ++ len = strlen(de->d_name); ++ if (len <= 5) ++ continue; ++ if (strcmp(de->d_name + len - 5, ".conf")) ++ continue; ++ ++ snprintf(path, sizeof(path), ++ CONFDIR "/rt_tables.d/%s", de->d_name); ++ rtnl_hash_initialize(path, rtnl_rttable_hash, 256); ++ } ++ closedir(d); ++} ++ ++const char *rtnl_rttable_n2a(__u32 id, char *buf, int len) ++{ ++ struct rtnl_hash_entry *entry; ++ ++ if (!rtnl_rttable_init) ++ rtnl_rttable_initialize(); ++ entry = rtnl_rttable_hash[id & 255]; ++ while (entry && entry->id != id) ++ entry = entry->next; ++ if (!numeric && entry) ++ return entry->name; ++ snprintf(buf, len, "%u", id); ++ return buf; ++} ++ ++int rtnl_rttable_a2n(__u32 *id, const char *arg) ++{ ++ static const char *cache; ++ static unsigned long res; ++ struct rtnl_hash_entry *entry; ++ char *end; ++ unsigned long i; ++ ++ if (cache && strcmp(cache, arg) == 0) { ++ *id = res; ++ return 0; ++ } ++ ++ if (!rtnl_rttable_init) ++ rtnl_rttable_initialize(); ++ ++ for (i = 0; i < 256; i++) { ++ entry = rtnl_rttable_hash[i]; ++ while (entry && strcmp(entry->name, arg)) ++ entry = entry->next; ++ if (entry) { ++ cache = entry->name; ++ res = entry->id; ++ *id = res; ++ return 0; ++ } ++ } ++ ++ i = strtoul(arg, &end, 0); ++ if (!end || end == arg || *end || i > RT_TABLE_MAX) ++ return -1; ++ *id = i; ++ return 0; ++} +diff --git a/accel-pppd/libnetlink/rt_names.h b/accel-pppd/libnetlink/rt_names.h +new file mode 100644 +index 0000000..2ba6fe9 +--- /dev/null ++++ b/accel-pppd/libnetlink/rt_names.h +@@ -0,0 +1,14 @@ ++/* SPDX-License-Identifier: GPL-2.0 */ ++#ifndef RT_NAMES_H_ ++#define RT_NAMES_H_ 1 ++ ++#include <asm/types.h> ++ ++const char *rtnl_rttable_n2a(__u32 id, char *buf, int len); ++const char *rtnl_dsfield_get_name(int id); ++ ++int rtnl_rttable_a2n(__u32 *id, const char *arg); ++ ++extern int numeric; ++ ++#endif +diff --git a/accel-pppd/radius/radius.c b/accel-pppd/radius/radius.c +index 2406ba0..a45666f 100644 +--- a/accel-pppd/radius/radius.c ++++ b/accel-pppd/radius/radius.c +@@ -313,6 +313,7 @@ int rad_proc_attrs(struct rad_req_t *req) + } else if (attr->vendor->id == VENDOR_Accel_PPP) { + switch (attr->attr->id) { + case Accel_VRF_Name: ++ log_ppp_info2("radius: setting vrf_name to %s\n", attr->val.string); + if (rpd->ses->vrf_name) + _free(rpd->ses->vrf_name); + rpd->ses->vrf_name = _malloc(attr->len + 1); +@@ -642,15 +643,23 @@ static void ses_started(struct ap_session *ses) + char nbuf[INET6_ADDRSTRLEN]; + char gwbuf[INET6_ADDRSTRLEN]; + ++#ifdef HAVE_VRF ++ if (ip6route_add(gw_spec ? 0 : rpd->ses->ifindex, &fr6->prefix, fr6->plen, gw_spec ? &fr6->gw : NULL, 3, fr6->prio, rpd->ses->vrf_name)) { ++#else + if (ip6route_add(gw_spec ? 0 : rpd->ses->ifindex, &fr6->prefix, fr6->plen, gw_spec ? &fr6->gw : NULL, 3, fr6->prio)) { ++#endif + log_ppp_warn("radius: failed to add route %s/%hhu %s %u\n", +- u_ip6str(&fr6->prefix, nbuf), fr6->plen, +- u_ip6str(&fr6->gw, gwbuf), fr6->prio); ++ u_ip6str(&fr6->prefix, nbuf), fr6->plen, ++ u_ip6str(&fr6->gw, gwbuf), fr6->prio); + } + } + + for (fr = rpd->fr; fr; fr = fr->next) { ++#ifdef HAVE_VRF ++ if (iproute_add(fr->gw ? 0 : rpd->ses->ifindex, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio, rpd->ses->vrf_name)) { ++#else + if (iproute_add(fr->gw ? 0 : rpd->ses->ifindex, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio)) { ++#endif + char dst[17], gw[17]; + u_inet_ntoa(fr->dst, dst); + u_inet_ntoa(fr->gw, gw); +@@ -689,12 +698,20 @@ static void ses_finishing(struct ap_session *ses) + * when the interface is removed. + */ + if (!IN6_IS_ADDR_UNSPECIFIED(&fr6->gw)) ++#ifdef HAVE_VRF ++ ip6route_del(0, &fr6->prefix, fr6->plen, &fr6->gw, 3, fr6->prio, rpd->ses->vrf_name); ++#else + ip6route_del(0, &fr6->prefix, fr6->plen, &fr6->gw, 3, fr6->prio); ++#endif + } + + for (fr = rpd->fr; fr; fr = fr->next) { + if (fr->gw) ++#ifdef HAVE_VRF ++ iproute_del(0, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio, rpd->ses->vrf_name); ++#else + iproute_del(0, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio); ++#endif + } + + if (rpd->acct_started || rpd->acct_req) +-- +2.39.5 + diff --git a/scripts/package-build/linux-kernel/patches/accel-ppp/0002-Radius-Dns-Server-IPv6-Address.patch b/scripts/package-build/linux-kernel/patches/accel-ppp/0002-Radius-Dns-Server-IPv6-Address.patch new file mode 100644 index 00000000..a8991801 --- /dev/null +++ b/scripts/package-build/linux-kernel/patches/accel-ppp/0002-Radius-Dns-Server-IPv6-Address.patch @@ -0,0 +1,195 @@ +From: Ben Hardill <ben@hardill.me.uk> +Date: Tue, 13 Mar 2025 05:00:00 +0000 +Subject: [PATCH] PPPoE: IPv6 DNS from Radius - managing the DNS-Server-IPv6-Address attribute + +Patch authored by Ben Hardill from +https://github.com/accel-ppp/accel-ppp/pull/69 +--- +diff --git a/accel-pppd/include/ap_session.h b/accel-pppd/include/ap_session.h +index 70515133..507eae04 100644 +--- a/accel-pppd/include/ap_session.h ++++ b/accel-pppd/include/ap_session.h +@@ -84,6 +84,7 @@ struct ap_session + struct ipv4db_item_t *ipv4; + struct ipv6db_item_t *ipv6; + struct ipv6db_prefix_t *ipv6_dp; ++ struct ipv6db_item_t *ipv6_dns; + char *ipv4_pool_name; + char *ipv6_pool_name; + char *dpv6_pool_name; +diff --git a/accel-pppd/ipv6/dhcpv6.c b/accel-pppd/ipv6/dhcpv6.c +index 158771b1..1ef48132 100644 +--- a/accel-pppd/ipv6/dhcpv6.c ++++ b/accel-pppd/ipv6/dhcpv6.c +@@ -214,19 +214,41 @@ static void insert_status(struct dhcpv6_packet *pkt, struct dhcpv6_option *opt, + status->code = htons(code); + } + +-static void insert_oro(struct dhcpv6_packet *reply, struct dhcpv6_option *opt) ++static void insert_oro(struct dhcpv6_packet *reply, struct dhcpv6_option *opt, struct ap_session *ses) + { + struct dhcpv6_option *opt1; +- int i, j; ++ int i = 0, j = 0, k = 0; + uint16_t *ptr; + struct in6_addr addr, *addr_ptr; ++ struct ipv6db_addr_t *dns; + + for (i = ntohs(opt->hdr->len) / 2, ptr = (uint16_t *)opt->hdr->data; i; i--, ptr++) { + if (ntohs(*ptr) == D6_OPTION_DNS_SERVERS) { +- if (conf_dns_count) { +- opt1 = dhcpv6_option_alloc(reply, D6_OPTION_DNS_SERVERS, conf_dns_count * sizeof(addr)); +- for (j = 0, addr_ptr = (struct in6_addr *)opt1->hdr->data; j < conf_dns_count; j++, addr_ptr++) +- memcpy(addr_ptr, conf_dns + j, sizeof(addr)); ++ if (ses->ipv6_dns && !list_empty(&ses->ipv6_dns->addr_list)) { ++ list_for_each_entry(dns, &ses->ipv6_dns->addr_list, entry) { ++ j++; ++ } ++ if (j >= 3) { ++ j = 3; ++ } ++ opt1 = dhcpv6_option_alloc(reply, D6_OPTION_DNS_SERVERS, j * sizeof(addr)); ++ addr_ptr = (struct in6_addr *)opt1->hdr->data; ++ list_for_each_entry(dns, &ses->ipv6_dns->addr_list, entry) { ++ if (k < j) { ++ memcpy(addr_ptr, &dns->addr, sizeof(addr)); ++ k++; ++ addr_ptr++; ++ } else { ++ break; ++ } ++ } ++ ++ } else { ++ if (conf_dns_count) { ++ opt1 = dhcpv6_option_alloc(reply, D6_OPTION_DNS_SERVERS, conf_dns_count * sizeof(addr)); ++ for (j = 0, addr_ptr = (struct in6_addr *)opt1->hdr->data; j < conf_dns_count; j++, addr_ptr++) ++ memcpy(addr_ptr, conf_dns + j, sizeof(addr)); ++ } + } + } else if (ntohs(*ptr) == D6_OPTION_DOMAIN_LIST) { + if (conf_dnssl_size) { +@@ -434,7 +456,10 @@ static void dhcpv6_send_reply(struct dhcpv6_packet *req, struct dhcpv6_pd *pd, i + + // Option Request + } else if (ntohs(opt->hdr->code) == D6_OPTION_ORO) { +- insert_oro(reply, opt); ++ if (ses->ipv6_dns &&!list_empty(&ses->ipv6_dns->addr_list)) { ++ log_ppp_info2("User specific IPv6 DNS entries\n"); ++ } ++ insert_oro(reply, opt, ses); + + } else if (ntohs(opt->hdr->code) == D6_OPTION_RAPID_COMMIT) { + if (req->hdr->type == D6_SOLICIT) +@@ -594,7 +619,7 @@ static void dhcpv6_send_reply2(struct dhcpv6_packet *req, struct dhcpv6_pd *pd, + } + // Option Request + } else if (ntohs(opt->hdr->code) == D6_OPTION_ORO) +- insert_oro(reply, opt); ++ insert_oro(reply, opt, ses); + } + + opt1 = dhcpv6_option_alloc(reply, D6_OPTION_PREFERENCE, 1); +diff --git a/accel-pppd/ipv6/nd.c b/accel-pppd/ipv6/nd.c +index 297e4d63..b3054274 100644 +--- a/accel-pppd/ipv6/nd.c ++++ b/accel-pppd/ipv6/nd.c +@@ -174,7 +174,32 @@ static void ipv6_nd_send_ra(struct ipv6_nd_handler_t *h, struct sockaddr_in6 *ds + rinfo++; + }*/ + +- if (conf_dns_count) { ++ if (ses->ipv6_dns && !list_empty(&ses->ipv6_dns->addr_list)) { ++ int i = 0, j = 0; ++ struct ipv6db_addr_t *dns; ++ ++ list_for_each_entry(dns, &ses->ipv6_dns->addr_list, entry) { ++ i++; ++ } ++ if (i >= 3) { ++ i = 3; ++ } ++ rdnssinfo = (struct nd_opt_rdnss_info_local *)pinfo; ++ memset(rdnssinfo, 0, sizeof(*rdnssinfo)); ++ rdnssinfo->nd_opt_rdnssi_type = ND_OPT_RDNSS_INFORMATION; ++ rdnssinfo->nd_opt_rdnssi_len = 1 + 2 * i; ++ rdnssinfo->nd_opt_rdnssi_lifetime = htonl(conf_rdnss_lifetime); ++ rdnss_addr = (struct in6_addr *)rdnssinfo->nd_opt_rdnssi; ++ list_for_each_entry(dns, &ses->ipv6_dns->addr_list, entry) { ++ if (j < i) { ++ memcpy(rdnss_addr, &dns->addr, sizeof(*rdnss_addr)); ++ j++; ++ rdnss_addr++; ++ } else { ++ break; ++ } ++ } ++ } else if (conf_dns_count) { + rdnssinfo = (struct nd_opt_rdnss_info_local *)pinfo; + memset(rdnssinfo, 0, sizeof(*rdnssinfo)); + rdnssinfo->nd_opt_rdnssi_type = ND_OPT_RDNSS_INFORMATION; +diff --git a/accel-pppd/radius/radius.c b/accel-pppd/radius/radius.c +index 786faa56..1379b0b2 100644 +--- a/accel-pppd/radius/radius.c ++++ b/accel-pppd/radius/radius.c +@@ -403,6 +403,12 @@ int rad_proc_attrs(struct rad_req_t *req) + case Framed_IPv6_Route: + rad_add_framed_ipv6_route(attr->val.string, rpd); + break; ++ case DNS_Server_IPv6_Address: ++ a = _malloc(sizeof(*a)); ++ memset(a, 0, sizeof(*a)); ++ a->addr = attr->val.ipv6addr; ++ list_add_tail(&a->entry, &rpd->ipv6_dns.addr_list); ++ break; + } + } + +@@ -420,6 +426,9 @@ int rad_proc_attrs(struct rad_req_t *req) + if (!rpd->ses->ipv6_dp && !list_empty(&rpd->ipv6_dp.prefix_list)) + rpd->ses->ipv6_dp = &rpd->ipv6_dp; + ++ if (!rpd->ses->ipv6_dns && !list_empty(&rpd->ipv6_dns.addr_list)) ++ rpd->ses->ipv6_dns = &rpd->ipv6_dns; ++ + return res; + } + +@@ -584,10 +593,12 @@ static void ses_starting(struct ap_session *ses) + INIT_LIST_HEAD(&rpd->plugin_list); + INIT_LIST_HEAD(&rpd->ipv6_addr.addr_list); + INIT_LIST_HEAD(&rpd->ipv6_dp.prefix_list); ++ INIT_LIST_HEAD(&rpd->ipv6_dns.addr_list); + + rpd->ipv4_addr.owner = &ipdb; + rpd->ipv6_addr.owner = &ipdb; + rpd->ipv6_dp.owner = &ipdb; ++ rpd->ipv6_dns.owner = &ipdb; + + list_add_tail(&rpd->pd.entry, &ses->pd_list); + +@@ -764,6 +775,12 @@ static void ses_finished(struct ap_session *ses) + _free(a); + } + ++ while (!list_empty(&rpd->ipv6_dns.addr_list)) { ++ a = list_entry(rpd->ipv6_dns.addr_list.next, typeof(*a), entry); ++ list_del(&a->entry); ++ _free(a); ++ } ++ + fr6 = rpd->fr6; + while (fr6) { + struct framed_ip6_route *next = fr6->next; +diff --git a/accel-pppd/radius/radius_p.h b/accel-pppd/radius/radius_p.h +index 988f154f..eaa5acb0 100644 +--- a/accel-pppd/radius/radius_p.h ++++ b/accel-pppd/radius/radius_p.h +@@ -65,6 +65,7 @@ struct radius_pd_t { + struct ipv4db_item_t ipv4_addr; + struct ipv6db_item_t ipv6_addr; + struct ipv6db_prefix_t ipv6_dp; ++ struct ipv6db_item_t ipv6_dns; + int acct_interim_interval; + int acct_interim_jitter; + diff --git a/scripts/package-build/linux-kernel/patches/accel-ppp/0003-Simplify-implementation-of-vrf-support-for-iproute_a.patch b/scripts/package-build/linux-kernel/patches/accel-ppp/0003-Simplify-implementation-of-vrf-support-for-iproute_a.patch new file mode 100644 index 00000000..3c8fff94 --- /dev/null +++ b/scripts/package-build/linux-kernel/patches/accel-ppp/0003-Simplify-implementation-of-vrf-support-for-iproute_a.patch @@ -0,0 +1,213 @@ +From 4898832b90a6b929b8316fe55085b14c3afcf4a8 Mon Sep 17 00:00:00 2001 +From: Chris Hills <chris@brsk.co.uk> +Date: Mon, 3 Jul 2023 14:42:22 +0100 +Subject: [PATCH 3/4] Simplify implementation of vrf support for + iproute_add/del + +(cherry picked from commit 85cbd27bd440e0a4836bb9e03c933e05fd321769) +--- + accel-pppd/ctrl/ipoe/ipoe.c | 24 ++---------------------- + accel-pppd/libnetlink/iputils.c | 16 ---------------- + accel-pppd/libnetlink/iputils.h | 5 ----- + accel-pppd/radius/radius.c | 16 ---------------- + accel-pppd/session.c | 1 + + 5 files changed, 3 insertions(+), 59 deletions(-) + +diff --git a/accel-pppd/ctrl/ipoe/ipoe.c b/accel-pppd/ctrl/ipoe/ipoe.c +index 6f23fd6..3a6c85b 100644 +--- a/accel-pppd/ctrl/ipoe/ipoe.c ++++ b/accel-pppd/ctrl/ipoe/ipoe.c +@@ -1021,9 +1021,9 @@ static void __ipoe_session_activate(struct ipoe_session *ses) + in_addr_t gw; + iproute_get(ses->router, &gw, NULL); + if (gw) +- iproute_add(0, ses->siaddr, ses->yiaddr, gw, conf_proto, 32); ++ iproute_add(0, ses->siaddr, ses->yiaddr, gw, conf_proto, 32, NULL); + else +- iproute_add(0, ses->siaddr, ses->router, gw, conf_proto, 32); ++ iproute_add(0, ses->siaddr, ses->router, gw, conf_proto, 32, NULL); + }*/ + + if (serv->opt_mode == MODE_L3) +@@ -1067,17 +1067,9 @@ static void __ipoe_session_activate(struct ipoe_session *ses) + + if (ses->ifindex == -1 && !serv->opt_ifcfg) { + if (!serv->opt_ip_unnumbered) +-#ifdef HAVE_VRF + iproute_add(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0, NULL); +-#else +- iproute_add(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0); +-#endif + else +-#ifdef HAVE_VRF + iproute_add(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0, NULL); +-#else +- iproute_add(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0); +-#endif + } + + if (ses->l4_redirect) +@@ -1178,11 +1170,7 @@ static void ipoe_session_started(struct ap_session *s) + + if (ses->ses.ipv4->peer_addr != ses->yiaddr) + //ipaddr_add_peer(ses->ses.ifindex, ses->router, ses->yiaddr); // breaks quagga +-#ifdef HAVE_VRF + iproute_add(ses->ses.ifindex, ses->router, ses->yiaddr, 0, conf_proto, 32, 0, NULL); +-#else +- iproute_add(ses->ses.ifindex, ses->router, ses->yiaddr, 0, conf_proto, 32, 0); +-#endif + + if (ses->ifindex != -1 && ses->xid) { + ses->dhcpv4 = dhcpv4_create(ses->ctrl.ctx, ses->ses.ifname, ""); +@@ -1266,17 +1254,9 @@ static void ipoe_session_finished(struct ap_session *s) + } else if (ses->started) { + if (!serv->opt_ifcfg) { + if (!serv->opt_ip_unnumbered) +-#ifdef HAVE_VRF + iproute_del(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0, NULL); +-#else +- iproute_del(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0); +-#endif + else +-#ifdef HAVE_VRF + iproute_del(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0, NULL); +-#else +- iproute_del(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0); +-#endif + } + } + +diff --git a/accel-pppd/libnetlink/iputils.c b/accel-pppd/libnetlink/iputils.c +index 6c61fc2..60eca8b 100644 +--- a/accel-pppd/libnetlink/iputils.c ++++ b/accel-pppd/libnetlink/iputils.c +@@ -533,11 +533,7 @@ out: + } + #endif + +-#ifdef HAVE_VRF + int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name) +-#else +-int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio) +-#endif + { + struct ipaddr_req { + struct nlmsghdr n; +@@ -586,11 +582,7 @@ int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw + return r; + } + +-#ifdef HAVE_VRF + int __export iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name) +-#else +-int __export iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio) +-#endif + { + struct ipaddr_req { + struct nlmsghdr n; +@@ -633,11 +625,7 @@ int __export iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw + return r; + } + +-#ifdef HAVE_VRF + int __export ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio, const char *vrf_name) +-#else +-int __export ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio) +-#endif + { + struct ipaddr_req { + struct nlmsghdr n; +@@ -684,11 +672,7 @@ int __export ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, + return r; + } + +-#ifdef HAVE_VRF + int __export ip6route_del(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio, const char *vrf_name) +-#else +-int __export ip6route_del(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio) +-#endif + { + struct ipaddr_req { + struct nlmsghdr n; +diff --git a/accel-pppd/libnetlink/iputils.h b/accel-pppd/libnetlink/iputils.h +index c3063f4..d3a93f4 100644 +--- a/accel-pppd/libnetlink/iputils.h ++++ b/accel-pppd/libnetlink/iputils.h +@@ -21,13 +21,8 @@ int ipaddr_add_peer(int ifindex, in_addr_t addr, in_addr_t peer_addr); + int ipaddr_del(int ifindex, in_addr_t addr, int mask); + int ipaddr_del_peer(int ifindex, in_addr_t addr, in_addr_t peer); + +-#ifdef HAVE_VRF + int iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name); + int iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name); +-#else +-int iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio); +-int iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio); +-#endif + in_addr_t iproute_get(in_addr_t dst, in_addr_t *gw); + + #ifdef HAVE_VRF +diff --git a/accel-pppd/radius/radius.c b/accel-pppd/radius/radius.c +index a45666f..9d567b7 100644 +--- a/accel-pppd/radius/radius.c ++++ b/accel-pppd/radius/radius.c +@@ -643,11 +643,7 @@ static void ses_started(struct ap_session *ses) + char nbuf[INET6_ADDRSTRLEN]; + char gwbuf[INET6_ADDRSTRLEN]; + +-#ifdef HAVE_VRF + if (ip6route_add(gw_spec ? 0 : rpd->ses->ifindex, &fr6->prefix, fr6->plen, gw_spec ? &fr6->gw : NULL, 3, fr6->prio, rpd->ses->vrf_name)) { +-#else +- if (ip6route_add(gw_spec ? 0 : rpd->ses->ifindex, &fr6->prefix, fr6->plen, gw_spec ? &fr6->gw : NULL, 3, fr6->prio)) { +-#endif + log_ppp_warn("radius: failed to add route %s/%hhu %s %u\n", + u_ip6str(&fr6->prefix, nbuf), fr6->plen, + u_ip6str(&fr6->gw, gwbuf), fr6->prio); +@@ -655,11 +651,7 @@ static void ses_started(struct ap_session *ses) + } + + for (fr = rpd->fr; fr; fr = fr->next) { +-#ifdef HAVE_VRF + if (iproute_add(fr->gw ? 0 : rpd->ses->ifindex, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio, rpd->ses->vrf_name)) { +-#else +- if (iproute_add(fr->gw ? 0 : rpd->ses->ifindex, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio)) { +-#endif + char dst[17], gw[17]; + u_inet_ntoa(fr->dst, dst); + u_inet_ntoa(fr->gw, gw); +@@ -698,20 +690,12 @@ static void ses_finishing(struct ap_session *ses) + * when the interface is removed. + */ + if (!IN6_IS_ADDR_UNSPECIFIED(&fr6->gw)) +-#ifdef HAVE_VRF + ip6route_del(0, &fr6->prefix, fr6->plen, &fr6->gw, 3, fr6->prio, rpd->ses->vrf_name); +-#else +- ip6route_del(0, &fr6->prefix, fr6->plen, &fr6->gw, 3, fr6->prio); +-#endif + } + + for (fr = rpd->fr; fr; fr = fr->next) { + if (fr->gw) +-#ifdef HAVE_VRF + iproute_del(0, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio, rpd->ses->vrf_name); +-#else +- iproute_del(0, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio); +-#endif + } + + if (rpd->acct_started || rpd->acct_req) +diff --git a/accel-pppd/session.c b/accel-pppd/session.c +index c01417f..fedb6f5 100644 +--- a/accel-pppd/session.c ++++ b/accel-pppd/session.c +@@ -68,6 +68,7 @@ void __export ap_session_init(struct ap_session *ses) + ses->ifindex = -1; + ses->unit_idx = -1; + ses->net = net; ++ ses->vrf_name = NULL; + } + + void __export ap_session_set_ifindex(struct ap_session *ses) +-- +2.39.5 + diff --git a/scripts/package-build/linux-kernel/patches/accel-ppp/0004-Fix-whitespace-in-accel-pppd-libnetlink-iputils.c.patch b/scripts/package-build/linux-kernel/patches/accel-ppp/0004-Fix-whitespace-in-accel-pppd-libnetlink-iputils.c.patch new file mode 100644 index 00000000..9273c8a3 --- /dev/null +++ b/scripts/package-build/linux-kernel/patches/accel-ppp/0004-Fix-whitespace-in-accel-pppd-libnetlink-iputils.c.patch @@ -0,0 +1,26 @@ +From a959ab0c0d659a8b314b98bb577a79ec9ed3542c Mon Sep 17 00:00:00 2001 +From: Chris Hills <chris@brsk.co.uk> +Date: Tue, 11 Jul 2023 10:14:52 +0100 +Subject: [PATCH 4/4] Fix whitespace in accel-pppd/libnetlink/iputils.c + +(cherry picked from commit 10d2fba58928dcb4604a04169cbb3a8c9e8a172f) +--- + accel-pppd/libnetlink/iputils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/accel-pppd/libnetlink/iputils.c b/accel-pppd/libnetlink/iputils.c +index 60eca8b..afe2380 100644 +--- a/accel-pppd/libnetlink/iputils.c ++++ b/accel-pppd/libnetlink/iputils.c +@@ -551,7 +551,7 @@ int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw + #ifdef HAVE_VRF + __u32 rt_table = ipvrf_get_table(vrf_name); + #else +- __u32 rt_table = RT_TABLE_MAIN; ++ __u32 rt_table = RT_TABLE_MAIN; + #endif + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); +-- +2.39.5 + diff --git a/scripts/package-build/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch b/scripts/package-build/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch index 7bd0b04b..107fdc67 100644 --- a/scripts/package-build/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch +++ b/scripts/package-build/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch @@ -6,6 +6,7 @@ Subject: [PATCH] VyOS: Add linkstate IP device attribute Backport of earlier Vyatta patch. (cherry picked from commit 7c5a851086686be14ae937c80d6cee34814dbefc) + --- Documentation/networking/ip-sysctl.rst | 11 +++++++++++ include/linux/inetdevice.h | 1 + @@ -100,7 +101,7 @@ index c33b1ecc591e..7576d51cd16d 100644 }; diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 8360939acf85..b13832a08d28 100644 +index bb9add46e382..20346b1dd103 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -5674,6 +5674,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf, @@ -111,7 +112,7 @@ index 8360939acf85..b13832a08d28 100644 } static inline size_t inet6_ifla6_size(void) -@@ -7103,6 +7104,13 @@ static const struct ctl_table addrconf_sysctl[] = { +@@ -7116,6 +7117,13 @@ static const struct ctl_table addrconf_sysctl[] = { .extra1 = (void *)SYSCTL_ZERO, .extra2 = (void *)SYSCTL_ONE, }, @@ -126,10 +127,10 @@ index 8360939acf85..b13832a08d28 100644 .procname = "ioam6_id", .data = &ipv6_devconf.ioam6_id, diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index 5715d54f3d0b..e88971b512ba 100644 +index 53197087353a..4fed0253cf83 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -682,6 +682,14 @@ static inline void rt6_probe(struct fib6_nh *fib6_nh) +@@ -716,6 +716,14 @@ static inline void rt6_probe(struct fib6_nh *fib6_nh) } #endif @@ -144,7 +145,7 @@ index 5715d54f3d0b..e88971b512ba 100644 /* * Default Router Selection (RFC 2461 6.3.6) */ -@@ -723,6 +731,8 @@ static int rt6_score_route(const struct fib6_nh *nh, u32 fib6_flags, int oif, +@@ -757,6 +765,8 @@ static int rt6_score_route(const struct fib6_nh *nh, u32 fib6_flags, int oif, if (!m && (strict & RT6_LOOKUP_F_IFACE)) return RT6_NUD_FAIL_HARD; diff --git a/scripts/package-build/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch b/scripts/package-build/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch index b19a8d25..115f6831 100644 --- a/scripts/package-build/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch +++ b/scripts/package-build/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch @@ -19,6 +19,7 @@ for bug #303, and will allow that commit to be reverted. Bug #425 http://bugzilla.vyos.net/show_bug.cgi?id=425 (cherry picked from commit a93f1128bc83b5a6628da242e71c18ef05e81ea2) + --- fs/notify/inotify/Kconfig | 9 +++ fs/notify/inotify/inotify_user.c | 114 ++++++++++++++++++++++++++++++- @@ -190,7 +191,7 @@ index 1c4bfdab008d..cf567cc33679 100644 struct inotify_inode_mark *i_mark) { diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c -index 2c056d737c27..2cb1f0024e70 100644 +index 93ee57bc82ad..5f4f886d011e 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -15,6 +15,7 @@ @@ -201,7 +202,7 @@ index 2c056d737c27..2cb1f0024e70 100644 #include <linux/file.h> #include <linux/fs_context.h> #include <linux/fs_parser.h> -@@ -1528,6 +1529,18 @@ static void ovl_inode_init_once(void *foo) +@@ -1533,6 +1534,18 @@ static void ovl_inode_init_once(void *foo) inode_init_once(&oi->vfs_inode); } @@ -220,7 +221,7 @@ index 2c056d737c27..2cb1f0024e70 100644 static int __init ovl_init(void) { int err; -@@ -1543,18 +1556,24 @@ static int __init ovl_init(void) +@@ -1548,18 +1561,24 @@ static int __init ovl_init(void) err = ovl_aio_request_cache_init(); if (!err) { err = register_filesystem(&ovl_fs_type); @@ -294,5 +295,5 @@ index 8d20caa1b268..c126e2f93a73 100644 + #endif /* _LINUX_INOTIFY_H */ -- -2.39.2 +2.39.5 diff --git a/scripts/package-build/linux-kernel/patches/kernel/build-linux-perf-package.patch b/scripts/package-build/linux-kernel/patches/kernel/build-linux-perf-package.patch new file mode 100644 index 00000000..082ad589 --- /dev/null +++ b/scripts/package-build/linux-kernel/patches/kernel/build-linux-perf-package.patch @@ -0,0 +1,62 @@ +diff --git c/scripts/package/builddeb i/scripts/package/builddeb +index d7dd0d04c70c..6f4a9a7c2c62 100755 +--- c/scripts/package/builddeb ++++ i/scripts/package/builddeb +@@ -182,6 +182,16 @@ install_libc_headers () { + mv $pdir/usr/include/asm $pdir/usr/include/$host_arch/ + } + ++install_perf () { ++ pdir=$1 ++ ++ rm -rf $pdir ++ ++ $MAKE -C tools/ perf_install prefix=$pdir/usr ++ mv tools/perf/$pdir/usr $srctree/$pdir ++ ++} ++ + rm -f debian/files + + packages_enabled=$(dh_listpackages) +@@ -199,6 +209,8 @@ do + install_libc_headers debian/linux-libc-dev;; + linux-headers-*) + install_kernel_headers debian/linux-headers ${package#linux-headers-};; ++ linux-perf-*) ++ install_perf debian/linux-perf ${package};; + esac + done + +@@ -213,6 +225,8 @@ do + create_package ${package} debian/linux-libc-dev;; + linux-headers-*) + create_package ${package} debian/linux-headers;; ++ linux-perf-*) ++ create_package ${package} debian/linux-perf;; + esac + done + +diff --git c/scripts/package/mkdebian i/scripts/package/mkdebian +index 5044224cf671..21f98ae50be0 100755 +--- c/scripts/package/mkdebian ++++ i/scripts/package/mkdebian +@@ -238,6 +238,18 @@ Description: Linux support headers for userspace development + Multi-Arch: same + EOF + ++cat <<EOF >> debian/control ++ ++Package: linux-perf-$version ++Section: devel ++Architecture: $debarch ++Depends: \${shlibs:Depends} ++Description: Performance analysis tools for Linux $version ++ This package contains the 'perf' performance analysis tools for Linux ++ kernel version $version . ++Multi-Arch: same ++EOF ++ + if is_enabled CONFIG_MODULES; then + cat <<EOF >> debian/control + |