Commit graph

14667 commits

Author SHA1 Message Date
Felix Fietkau
5fcafa319d generic: Fix per interface nf_call_iptables setting
commit r30917 ("kernel: bypass all netfilter hooks if the sysctls for that
functionality have been disabled - eliminates the overhead of enabling
CONFIG_BRIDGE_NETFILTER in the kernel config") introduced an optimization
which should reduce/eliminate the overhead for traffic send over bridges on
kernels compiled with CONFIG_BRIDGE_NETFILTER=y. But this optimization
breaks the nf_call_iptables per bridge setting which is more fine grained
than the global sysctl net.bridge.bridge-nf-call-iptables setting.

A test reflecting a real world setup was created to identify if this really
eliminates the overhead and if per-bridge nf_call_iptables could be used in
some setups to increase the throughput. A Qualcomm Atheros QCA9558 based
system with one ethernet and an ath9k wifi 3x3 in HT40 mode was used.
Cables from the AP to the wifi station were used to reduce interference
problems during the tests.

The wlan interface was put in one bridge interface called br-wlan. This
bridge usually contains some more wlan interfaces. The eth0 was put in a
second bridge called br-lan. This usually contains some other privileged
wlan or mesh interfaces. Routing was added between br-lan and br-wlan.

Three kernels were tested:

 * (default) OpenWrt kernel for this device
 * (brfilter-global) OpenWrt kernel with CONFIG_BRIDGE_NETFILTER=y
 * (brfilter-local)  OpenWrt kernel with CONFIG_BRIDGE_NETFILTER=y and
    without 644-bridge_optimize_netfilter_hooks.patch

The changes to the the netfilter settings of the bridge were done via:

 * (brfilter-global) /sbin/sysctl -w net.bridge.bridge-nf-call-iptables=1
 * (brfilter-lobal) echo 1 > /sys/class/net/br-lan/bridge/nf_call_iptables
   and/or echo 1 > /sys/class/net/br-wan/bridge/nf_call_iptables

A station connected to the wlan0 (AP) interface was used to send traffic to
a PC connected via ethernet. iperf with 3 concurrent transmissions was used
to generate the traffic.

| kernel          | br-nf-* global | nf-call* iface | download | upload   |
|-----------------|----------------|----------------|----------|----------|
| default         | 0              | -              |      209 |      268 |
| brfilter-global | 0              | -              |      185 |      243 |
| brfilter-local  | 0              | -              |      187 |      243 |
| brfilter-local  | 0              | br-lan         |      157 |      226 |
| brfilter-local  | 0              | br-lan br-wlan |      139 |      161 |
| brfilter-global | 1              | -              |      136 |      162 |

Download/upload results in Mibit/s

It can be seen that the patch doesn't eliminate the overhead. It can also
be seen that the throughput of brfilter-global and brfilter-local with
disabled filtering is the roughly the same. Also the throughput for
brfilter-global and brfilter-local for enabled filtering on all bridges is
roughly the same.

But also the brfilter-local throughput is higher when only br-lan requires
the filtering. This setting would not be possible with
644-bridge_optimize_netfilter_hooks.patch applied and thus can only be
compared with brfilter-global and filtering enabled for all interfaces.

Signed-off-by: Sven Eckelmann <sven@open-mesh.com>

SVN-Revision: 46835
2015-09-09 18:40:15 +00:00
Rafał Miłecki
f0c747dee5 kernel: describe bridge patch "multicast to unicast"
It was initially added in r41367 by nbd.

SVN-Revision: 46828
2015-09-08 16:43:32 +00:00
Rafał Miłecki
b8c9d6b296 kernel: describe bridge patch "optimize netfilter hooks"
It was initially added in r30917 by nbd.

SVN-Revision: 46827
2015-09-08 16:43:21 +00:00
Rafał Miłecki
255d7ad8ba kernel: describe bridge patch "remove IPv6 depependency of bridge in 2.6.38+"
It was initially added in r27237 by jow as patch from Jonas.

SVN-Revision: 46826
2015-09-08 16:43:10 +00:00
Rafał Miłecki
f8a689d276 kernel: describe bridge patch "port isolate"
It was initially added in r25762 by nbd.

SVN-Revision: 46825
2015-09-08 16:43:04 +00:00
Rafał Miłecki
e77fae4cba kernel: describe bridge patch "always accept EAP"
It was initially added in r26015 by nbd.

SVN-Revision: 46824
2015-09-08 16:42:58 +00:00
Rafał Miłecki
c64214d465 kernel: describe bridge patch "no EAP forward"
It was initially added in r25095 by nbd.

SVN-Revision: 46823
2015-09-08 16:42:50 +00:00
Felix Fietkau
75744d133d kernel: restore 640-bridge_no_eap_forward.patch to its original form
It was corrupted in r38528. The most obvious symptom is repeated messages like this:

Tue Sep  8 08:25:18 2015 kern.warn kernel: [77141.972226] br-lan: received packet on wlan0 with own address as source address

Signed-off-by: Dmitry Ivanov <dima@ubnt.com>

SVN-Revision: 46821
2015-09-08 14:29:55 +00:00
Felix Fietkau
e29efa2fb7 kernel: remove packaging of kmod-crypto-core and kmod-crypto-arc4
Everything except for blkcipher was already built-in, so make blkcipher
built-in as well.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46820
2015-09-08 12:31:04 +00:00
Rafał Miłecki
bda4c3d5e5 brcm47xx: apply serial flash size trick to Netgear WNR1000 V3
It also uses different block size just like WGR614 V10.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 46810
2015-09-08 05:24:57 +00:00
Rafał Miłecki
d2a9c35af0 brcm47xx: fix reading WGT634U CFE variables with 4.1
This ports fix from r46584 to the 4.1.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 46806
2015-09-07 16:43:29 +00:00
Rafał Miłecki
da2178eb7e brcm47xx: add Netgear WNR1000 V3 support in the Linux arch code
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 46805
2015-09-07 16:29:21 +00:00
Jonas Gorski
8b4df1efd5 ipq806x: add support for Netgear Nighthawk X4 R7500
Add support for the Netgear Nighthawk X4 R7500 and build
appropariate sysupgrade and factory images.

Known issues:
 * 5 GHz wifi not working - there is no quantenna driver
 * One of the USB ports is not working

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46796
2015-09-04 14:46:06 +00:00
Jonas Gorski
6ec4c4b6b9 ipq806x: enable ide led trigger
To use gpio leds as ide leds, we need to enable the trigger to be
included in the kernel.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46795
2015-09-04 14:45:49 +00:00
Jonas Gorski
05e4d736d1 ipq806x: add support for retrieving macs from mtd
Add support for mtd-mac-address for stmac.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46793
2015-09-04 14:45:40 +00:00
Jonas Gorski
b958c12d2c image: move netgear-image to top and rename to -dni
Use the same naming as netgear-chk.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46791
2015-09-04 14:45:09 +00:00
Jonas Gorski
156a25b9c4 ar71xx: rename NETGEAR_ variables to their netgear names
Netgear names them BOARD_ID and HW_ID, so we should do the same.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46790
2015-09-04 14:45:04 +00:00
Jonas Gorski
89815d4645 ipq806x: build images and add sysupgrade support for AP148
Add full ubi and sysupgrade images for AP148 and add sysupgrade support
for ipq806x to allow updating the current installation.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46789
2015-09-04 14:45:00 +00:00
Jonas Gorski
e3f6876623 ipq806x: clear IMAGES for devices
Ensure that IMAGE-less devices won't keep the IMAGES of any previous
devices.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46788
2015-09-04 14:44:51 +00:00
Jonas Gorski
7a962fb55a ipq806x: wrap legacy image in uImage
Wrap the zImage in a uImage header so we can easily boot it from legacy
u-boots.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46787
2015-09-04 14:44:48 +00:00
Jonas Gorski
5686d67d1c ipq806x: rename "rootfs" to "ubi" on nand
OpenWrt expects the ubi paritition to be named "ubi", not "rootfs".

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46786
2015-09-04 14:44:44 +00:00
Jonas Gorski
9f44a347ea ipq806x: enable smem-parser for nand on AP148
Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46785
2015-09-04 14:44:36 +00:00
Jonas Gorski
556d483a6f ipq806x: enable ubiblock support
To allow squashfs on ubi, enable ubiblock support in the kernel.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46782
2015-09-04 14:44:04 +00:00
Felix Fietkau
efb08b9602 ar7: fix HIGHMEM_START (#20427)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46773
2015-09-02 16:22:44 +00:00
Jonas Gorski
7d6cff4882 kernel: update 3.18 to 3.18.21
Changelog:
 * https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.21

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46768
2015-09-02 10:18:15 +00:00
Felix Fietkau
7747092ed1 ramips: fix devicetree corruption with some boot loaders if the caches are not ready at boot
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 46766
2015-09-02 09:24:05 +00:00
Felix Fietkau
2416e506f5 kernel: bridge, multicast-to-unicast: fix echoes on STA
Currently, multicast packets from an STA are sent to any according
multicast listener directly through the bridge multicast-to-unicast
feature. Unfortunately, so far this includes the originating STA, too,
resulting in multicast packets being echo'ed back to the originating STA
if it itself is a multicast listener for that group.

This behaviour breaks IPv6 duplicate address detection: An IPv6 Neighbor
Solicitation for IPv6 Duplicate Address Detection is being echo'ed back,
resulting in the host falsely detecting an address collision, which
makes the node unable to claim an IPv6 address and use IPv6 in general.

Mac80211 unfortunately only prevents the echoes for us for multicast
frames. For the multicast frames cast to a unicast destination we'll
need to take care of excluding the originator ourselves.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

SVN-Revision: 46765
2015-09-02 09:23:59 +00:00
Jonas Gorski
1bc35a08d1 lantiq: remove dead EASY33016 image recipe
Support for lantiq_svip_be has been removed a while ago, so EASY33016
images weren't buildable anymore. Remove the recipes as well as gzip
compressed kernel support, as EASY33016 was the last user of it.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46760
2015-08-30 12:18:22 +00:00
Jonas Gorski
efb2c403cf ramips: disable the openwrt commandline hack
We don't make use of it, so no need to have it enabled.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46759
2015-08-30 12:18:14 +00:00
Jonas Gorski
6920a664e8 malta: disable the openwrt commandline hack
We don't make use of it, so no need to have it enabled.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46758
2015-08-30 12:18:05 +00:00
Jonas Gorski
09609b4e44 brcm63xx: disable the openwrt commandline hack
We don't make use of it, so no need to have it enabled.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46757
2015-08-30 12:18:00 +00:00
Jonas Gorski
f5601a97a2 brcm47xx: disable the openwrt commandline hack
We don't make use of it, so no need to have it enabled.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46756
2015-08-30 12:17:57 +00:00
Jonas Gorski
22d707ecd8 ath25: disable the openwrt commandline hack
We don't make use of it, so no need to have it enabled.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46755
2015-08-30 12:17:56 +00:00
Jonas Gorski
900b87e96c adm5120: disable the openwrt commandline hack
We don't make use of it, so no need to have it enabled.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46754
2015-08-30 12:17:54 +00:00
Jonas Gorski
5ebd02e8d5 brcm63xx: remove legacy led/button related patches
We register all gpio buttons and leds through DT, so no need to keep
fixes/additions for the platform data based bay.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46753
2015-08-30 12:17:52 +00:00
Jonas Gorski
78f253f9b1 brcm63xx: add Comtrend VR-3026e support
Add support for Comtrend VR-3026e v1.
The device is almost identical to the Comtrend VR-3025un.

Signed-off-by: Martin Tesar <tesarmar@gmail.com>
Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46752
2015-08-30 12:17:46 +00:00
Rafał Miłecki
a9559efe43 brcm47xx: fix Linksys E1200 V2 image filename
Drop unwanted suffix (copy & paste mistake).

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 46742
2015-08-29 09:23:19 +00:00
Rafał Miłecki
f87990840d bcm53xx: support sysupgrade with Netgear R7000 original firmware
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 46732
2015-08-26 15:21:14 +00:00
Rafał Miłecki
8f77e9f668 bcm53xx: add OpenWrt specific stuff for Netgear R7000
This adds DT things that couldn't be upstreamed yet.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 46731
2015-08-26 15:21:07 +00:00
Rafał Miłecki
36a8075d90 bcm53xx: use pending Netgear R7000 patch
It includes support for LEDs and buttons.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 46730
2015-08-26 14:51:47 +00:00
Rafał Miłecki
1111782e20 bcm53xx: use backported patches for UART0 and profiling
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 46729
2015-08-26 14:39:06 +00:00
Jonas Gorski
05a3cdd71f brcm63xx: fix WAP-5813n default network config
/etc/uci-defaults/02_network had a typo, making it generate the wrong
network config.

Closes #20407.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46727
2015-08-26 13:03:09 +00:00
Jonas Gorski
a486ffacea linux: fix off-by-one in handling in /proc/net/route
Add an upstream fix for /proc/net/route causing missing routes doing
several continued reads from it.

Only 4.1+ is affected.

Closes #20403.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46726
2015-08-26 10:11:41 +00:00
Jonas Gorski
77a70a0716 brcm63xx: enable dual rx/tx spi support for hsspi
should improve flash access times. Should be harmless to gnerally
enable regardless if a flash supporting dual reads is attached. In
doubt, spi-nor will just fall back to serial reads.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46725
2015-08-25 22:04:53 +00:00
Felix Fietkau
ddf8858cea kernel: bridge, multicast-to-unicast: assign src after pskb_may_pull()
A call to pskb_may_pull() might reallocate skb->data. Therefore we
should only assign the src-pointer after any potential reallocations.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46721
2015-08-25 07:25:20 +00:00
Felix Fietkau
ea9963bb21 Revert "kernel: disable multicast-to-unicast translation for ipv6 neighbor solicitation (#17625)"
This reverts commit a080e8e1943156168913d0353a2e99d1151102aa.

It did not fix the problem but just hid some symptom. The real issue was
that IGMP/MLD report suppression was not considered for the
multicast-to-unicast feature. A recent netifd which isolates IGMP/MLD
reports between STAs by utilizing AP-isolation and bridge-hairpinning
should have fixed this.

It is perfectly fine to apply multicast-to-unicast to IPv6 Neighbor
Solicitations, too (once that feature is configured correctly).

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 46720
2015-08-25 07:25:10 +00:00
Jonas Gorski
2d53e22357 kernel: remove already upstream applied patch
Remove 131-MIPS-export-get_c0_perfcount_int.patch which was already applied
in 4.1.6. This fixes the following build error:

arch/mips/ath79/setup.c:217:77: error: redefinition of '__kstrtab_get_c0_perfcount_int'
arch/mips/ath79/setup.c:211:77: note: previous definition of '__kstrtab_get_c0_perfcount_int' was here
arch/mips/ath79/setup.c:217:350: error: redefinition of '__ksymtab_get_c0_perfcount_int'
arch/mips/ath79/setup.c:211:350: note: previous definition of '__ksymtab_get_c0_perfcount_int' was here
scripts/Makefile.build:258: recipe for target 'arch/mips/ath79/setup.o' failed

Reported-by: swalker
Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46715
2015-08-23 21:33:57 +00:00
Jonas Gorski
548630d74e adm5120: make patches apply again
Fix patches not applying anymore since r46654.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46714
2015-08-23 19:11:07 +00:00
Jonas Gorski
2d379e796f kernel: update 4.1 to 4.1.6
Changelog:
* https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46713
2015-08-23 18:06:11 +00:00
Jonas Gorski
2190f090bb mvebu: kirkwood: fix ehci-orion probe if generic-phy isn't enabled
Properly treat -ENOSYS as no PHY, else ehci-orion won't work without
generic phy support.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 46711
2015-08-23 13:35:03 +00:00