Commit graph

33366 commits

Author SHA1 Message Date
Felix Fietkau
5fcafa319d generic: Fix per interface nf_call_iptables setting
commit r30917 ("kernel: bypass all netfilter hooks if the sysctls for that
functionality have been disabled - eliminates the overhead of enabling
CONFIG_BRIDGE_NETFILTER in the kernel config") introduced an optimization
which should reduce/eliminate the overhead for traffic send over bridges on
kernels compiled with CONFIG_BRIDGE_NETFILTER=y. But this optimization
breaks the nf_call_iptables per bridge setting which is more fine grained
than the global sysctl net.bridge.bridge-nf-call-iptables setting.

A test reflecting a real world setup was created to identify if this really
eliminates the overhead and if per-bridge nf_call_iptables could be used in
some setups to increase the throughput. A Qualcomm Atheros QCA9558 based
system with one ethernet and an ath9k wifi 3x3 in HT40 mode was used.
Cables from the AP to the wifi station were used to reduce interference
problems during the tests.

The wlan interface was put in one bridge interface called br-wlan. This
bridge usually contains some more wlan interfaces. The eth0 was put in a
second bridge called br-lan. This usually contains some other privileged
wlan or mesh interfaces. Routing was added between br-lan and br-wlan.

Three kernels were tested:

 * (default) OpenWrt kernel for this device
 * (brfilter-global) OpenWrt kernel with CONFIG_BRIDGE_NETFILTER=y
 * (brfilter-local)  OpenWrt kernel with CONFIG_BRIDGE_NETFILTER=y and
    without 644-bridge_optimize_netfilter_hooks.patch

The changes to the the netfilter settings of the bridge were done via:

 * (brfilter-global) /sbin/sysctl -w net.bridge.bridge-nf-call-iptables=1
 * (brfilter-lobal) echo 1 > /sys/class/net/br-lan/bridge/nf_call_iptables
   and/or echo 1 > /sys/class/net/br-wan/bridge/nf_call_iptables

A station connected to the wlan0 (AP) interface was used to send traffic to
a PC connected via ethernet. iperf with 3 concurrent transmissions was used
to generate the traffic.

| kernel          | br-nf-* global | nf-call* iface | download | upload   |
|-----------------|----------------|----------------|----------|----------|
| default         | 0              | -              |      209 |      268 |
| brfilter-global | 0              | -              |      185 |      243 |
| brfilter-local  | 0              | -              |      187 |      243 |
| brfilter-local  | 0              | br-lan         |      157 |      226 |
| brfilter-local  | 0              | br-lan br-wlan |      139 |      161 |
| brfilter-global | 1              | -              |      136 |      162 |

Download/upload results in Mibit/s

It can be seen that the patch doesn't eliminate the overhead. It can also
be seen that the throughput of brfilter-global and brfilter-local with
disabled filtering is the roughly the same. Also the throughput for
brfilter-global and brfilter-local for enabled filtering on all bridges is
roughly the same.

But also the brfilter-local throughput is higher when only br-lan requires
the filtering. This setting would not be possible with
644-bridge_optimize_netfilter_hooks.patch applied and thus can only be
compared with brfilter-global and filtering enabled for all interfaces.

Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

SVN-Revision: 46835
2015-09-09 18:40:15 +00:00
Steven Barth
0c8f0186d5 linux: make IPv6 builtin if selected (saves >30KB)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46834
2015-09-09 12:20:36 +00:00
Steven Barth
1fb987e3b8 busybox: fix ip applet and netlink behavior
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46833
2015-09-09 10:38:16 +00:00
Steven Barth
e07959cade package: replace ifconfig-usage with ip
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46832
2015-09-08 17:44:24 +00:00
Steven Barth
579fe7f52a iproute2: improve ip-full coexistence, remove rt_table
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46831
2015-09-08 17:44:17 +00:00
Steven Barth
00045fe9d0 base-files: add /etc/iproute2/rt_tables, replace ifconfig-usage
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46830
2015-09-08 17:44:13 +00:00
Steven Barth
899a23227e busybox: improve applets & deprecate ifconfig, route
added: ip addr, ip route, ip link, traceroute6
removed: hostid, devmem, vconfig, arping
deprecated (to be removed): ifconfig, route

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46829
2015-09-08 17:44:10 +00:00
Rafał Miłecki
f0c747dee5 kernel: describe bridge patch "multicast to unicast"
It was initially added in r41367 by nbd.

SVN-Revision: 46828
2015-09-08 16:43:32 +00:00
Rafał Miłecki
b8c9d6b296 kernel: describe bridge patch "optimize netfilter hooks"
It was initially added in r30917 by nbd.

SVN-Revision: 46827
2015-09-08 16:43:21 +00:00
Rafał Miłecki
255d7ad8ba kernel: describe bridge patch "remove IPv6 depependency of bridge in 2.6.38+"
It was initially added in r27237 by jow as patch from Jonas.

SVN-Revision: 46826
2015-09-08 16:43:10 +00:00
Rafał Miłecki
f8a689d276 kernel: describe bridge patch "port isolate"
It was initially added in r25762 by nbd.

SVN-Revision: 46825
2015-09-08 16:43:04 +00:00
Rafał Miłecki
e77fae4cba kernel: describe bridge patch "always accept EAP"
It was initially added in r26015 by nbd.

SVN-Revision: 46824
2015-09-08 16:42:58 +00:00
Rafał Miłecki
c64214d465 kernel: describe bridge patch "no EAP forward"
It was initially added in r25095 by nbd.

SVN-Revision: 46823
2015-09-08 16:42:50 +00:00
Felix Fietkau
75744d133d kernel: restore 640-bridge_no_eap_forward.patch to its original form
It was corrupted in r38528. The most obvious symptom is repeated messages like this:

Tue Sep  8 08:25:18 2015 kern.warn kernel: [77141.972226] br-lan: received packet on wlan0 with own address as source address

Signed-off-by: Dmitry Ivanov <dima@ubnt.com>

SVN-Revision: 46821
2015-09-08 14:29:55 +00:00
Felix Fietkau
e29efa2fb7 kernel: remove packaging of kmod-crypto-core and kmod-crypto-arc4
Everything except for blkcipher was already built-in, so make blkcipher
built-in as well.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46820
2015-09-08 12:31:04 +00:00
Steven Barth
1b91cd2663 map: be less restrictive when matching lw4over6 prefixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46819
2015-09-08 12:13:29 +00:00
Felix Fietkau
48fe93ea6b iw: reduce size even more (~12k after gzip)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46818
2015-09-08 11:48:48 +00:00
Felix Fietkau
9365745f8e musl: add a hack to remove unused crypt() algorithms, saves ~14k after lzma
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46816
2015-09-08 10:57:11 +00:00
Steven Barth
8a7a939470 dropbear: remove generation and configuration of DSS keys
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46815
2015-09-08 08:59:40 +00:00
Felix Fietkau
a4cf4c35af dropbear: disable 3des, cbc mode, dss support, saves about 5k gzipped
While technically required by the RFC, they are usually completely
unused (DSA), or have security issues (3DES, CBC)

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46814
2015-09-08 08:55:10 +00:00
Felix Fietkau
b13d8e55a7 argp-standalone: fix build error with gcc 5.2 (#20460)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46813
2015-09-08 07:10:07 +00:00
Rafał Miłecki
bda4c3d5e5 brcm47xx: apply serial flash size trick to Netgear WNR1000 V3
It also uses different block size just like WGR614 V10.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 46810
2015-09-08 05:24:57 +00:00
Steven Barth
d196b1fc2e Disable telnet in favor of passwordless SSH
This enables passworldless login for root via SSH whenever no root
password is set (e.g. after reset, flashing without keeping config
or in failsafe) and removes telnet support alltogether.

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46809
2015-09-07 19:29:25 +00:00
Felix Fietkau
b850e1e59f uhttpd: update to the latest version, fixes deferred cgi script processing (#20458)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46807
2015-09-07 19:18:58 +00:00
Rafał Miłecki
d2a9c35af0 brcm47xx: fix reading WGT634U CFE variables with 4.1
This ports fix from r46584 to the 4.1.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 46806
2015-09-07 16:43:29 +00:00
Rafał Miłecki
da2178eb7e brcm47xx: add Netgear WNR1000 V3 support in the Linux arch code
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 46805
2015-09-07 16:29:21 +00:00
Steven Barth
7af30b4cef map: ignore insignificant PSID bits
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46804
2015-09-07 16:21:15 +00:00
Steven Barth
8ac42ac28b odhcpd: fix parsing of host entries without duid
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46803
2015-09-07 13:31:36 +00:00
Steven Barth
60e786c4cd odhcpd: various bugfixes
* ra: don't announce as default router if we aren't (regression)
* ra: reduce maximum announced dns lifetimes due to buggy clients
* dhcpv6: fix mac-based lease-matching

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46802
2015-09-07 09:49:35 +00:00
Steven Barth
049baba1ef nls.mk: add -rpath-link when needed for NLS support
When a package links to a shared library that depends on libiconv or
libintl shared libraries, specifying directory pathes to them via -L
switches is not enough, see "man 1 ld" -rpath-link description.

Signed-off-by: Paul Fertser <fercerpav@gmail.com>

SVN-Revision: 46801
2015-09-07 08:03:34 +00:00
Felix Fietkau
d571f17129 gcc: add missing powerpc patch for 5.2.0
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46800
2015-09-07 06:59:56 +00:00
Felix Fietkau
4077850c7d gcc: remove 4.6.3 leftovers
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46799
2015-09-06 10:07:07 +00:00
Felix Fietkau
400fb6cadc gcc: remove version 4.9-linaro
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46798
2015-09-06 10:07:03 +00:00
Felix Fietkau
edb5d7511b uboot-ar71xx: fix gcc 5.2 compile errors
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46797
2015-09-06 09:57:02 +00:00
Jonas Gorski
8b4df1efd5 ipq806x: add support for Netgear Nighthawk X4 R7500
Add support for the Netgear Nighthawk X4 R7500 and build
appropariate sysupgrade and factory images.

Known issues:
 * 5 GHz wifi not working - there is no quantenna driver
 * One of the USB ports is not working

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46796
2015-09-04 14:46:06 +00:00
Jonas Gorski
6ec4c4b6b9 ipq806x: enable ide led trigger
To use gpio leds as ide leds, we need to enable the trigger to be
included in the kernel.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46795
2015-09-04 14:45:49 +00:00
Jonas Gorski
e1824f2543 base-files: allow setting ide-disk led trigger
Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46794
2015-09-04 14:45:45 +00:00
Jonas Gorski
05e4d736d1 ipq806x: add support for retrieving macs from mtd
Add support for mtd-mac-address for stmac.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46793
2015-09-04 14:45:40 +00:00
Jonas Gorski
4bbfb09362 image: allow exactly KERNEL_SIZE sized kernels
The KERNEL_SIZE should be the maximum size, inclusive, so we need to
check for greater equal, not just greater.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46792
2015-09-04 14:45:16 +00:00
Jonas Gorski
b958c12d2c image: move netgear-image to top and rename to -dni
Use the same naming as netgear-chk.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46791
2015-09-04 14:45:09 +00:00
Jonas Gorski
156a25b9c4 ar71xx: rename NETGEAR_ variables to their netgear names
Netgear names them BOARD_ID and HW_ID, so we should do the same.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46790
2015-09-04 14:45:04 +00:00
Jonas Gorski
89815d4645 ipq806x: build images and add sysupgrade support for AP148
Add full ubi and sysupgrade images for AP148 and add sysupgrade support
for ipq806x to allow updating the current installation.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46789
2015-09-04 14:45:00 +00:00
Jonas Gorski
e3f6876623 ipq806x: clear IMAGES for devices
Ensure that IMAGE-less devices won't keep the IMAGES of any previous
devices.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46788
2015-09-04 14:44:51 +00:00
Jonas Gorski
7a962fb55a ipq806x: wrap legacy image in uImage
Wrap the zImage in a uImage header so we can easily boot it from legacy
u-boots.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46787
2015-09-04 14:44:48 +00:00
Jonas Gorski
5686d67d1c ipq806x: rename "rootfs" to "ubi" on nand
OpenWrt expects the ubi paritition to be named "ubi", not "rootfs".

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46786
2015-09-04 14:44:44 +00:00
Jonas Gorski
9f44a347ea ipq806x: enable smem-parser for nand on AP148
Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46785
2015-09-04 14:44:36 +00:00
Jonas Gorski
a164be8ebe build: add a build step for generic sysupgrade nand image
Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46784
2015-09-04 14:44:27 +00:00
Jonas Gorski
db8ae81f89 image: add a build step for building and appending an ubinized rootfs
Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46783
2015-09-04 14:44:10 +00:00
Jonas Gorski
556d483a6f ipq806x: enable ubiblock support
To allow squashfs on ubi, enable ubiblock support in the kernel.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46782
2015-09-04 14:44:04 +00:00
Steven Barth
4b7ba93083 odhcp6c: correctly extend prefix from RAs
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46781
2015-09-04 06:29:36 +00:00