This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 82674728e37b93f16238d3314806c8330d7554fb (commit) via 59dc2a4c471343d930d0c2c7abc097970ed95819 (commit) via dcd8a86b03f63a96c2232cf020cde419c420fff1 (commit) via 2598706f2310aa863e585c68e020c8df3a749c8d (commit) via 7cdd550577065923b0430e79fa1fe6c722911840 (commit) via 9c689924980c6d0ae4d6ecd8e34f06147edbcb1c (commit) via 5d0d1144fbd0413cbb3215804dbb1b3238248670 (commit) via 8fa66ce750dee06140e55b689a0645860e005b11 (commit) from 5de5bec3f4553267965213ead119369ea42c2f4c (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 82674728e37b93f16238d3314806c8330d7554fb Author: Peter Müller peter.mueller@ipfire.org Date: Wed Feb 23 15:54:13 2022 +0000
Core Update 165: Ship vpnmain.cgi
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 59dc2a4c471343d930d0c2c7abc097970ed95819 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Feb 23 10:16:41 2022 +0000
vpnmain.cgi: Select Curve 25519 as default
This was supposed to be enabled by default. Due to a copy-and-paste error, it was, however, not selected for IKE, but only for ESP.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit dcd8a86b03f63a96c2232cf020cde419c420fff1 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Feb 22 17:19:10 2022 +0000
oci-python-sdk: Depend on python3-certifi
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2598706f2310aa863e585c68e020c8df3a749c8d Author: Peter Müller peter.mueller@ipfire.org Date: Wed Feb 23 15:51:33 2022 +0000
Core Update 165: Ship dhcpcd-related changes
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 7cdd550577065923b0430e79fa1fe6c722911840 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Feb 22 12:18:06 2022 +0000
dhcpcd: Allow freely setting MTU
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 9c689924980c6d0ae4d6ecd8e34f06147edbcb1c Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Feb 22 12:18:05 2022 +0000
dhcpcd: Remove old MTU setting script
This is being replaced by adding the MTU option to any routes that dhcpcd installs.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 5d0d1144fbd0413cbb3215804dbb1b3238248670 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Feb 22 12:18:04 2022 +0000
dhcpcd: Force setting MTU through dhcpcd
The DHCP server can instruct clients to configure a certain MTU.
This used to be done by setting the MTU of the interface. However, dhcpcd has changed this behaviour using routes to.
We used to have a modified version of the old mechanism which no longer works well with the new system and is therefore to be dropped.
This is the first commit in the series implementing the new behaviour and telling dhcpcd to use the configured MTU.
Fixes: #12563 Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
commit 8fa66ce750dee06140e55b689a0645860e005b11 Author: Peter Müller peter.mueller@ipfire.org Date: Wed Feb 23 15:36:25 2022 +0000
Revert "gcc: Compile without ZSTD"
https://lists.ipfire.org/pipermail/development/2022-February/012544.html
This reverts commit 0b6ba4a0ca2e08cd9fc56e99e80d33a6fe88b395.
-----------------------------------------------------------------------
Summary of changes: config/dhcpc/dhcpcd-hooks/10-mtu | 33 ---------------- config/rootfiles/common/dhcpcd | 1 - .../{oldcore/125 => core/165}/filelists/dhcpcd | 0 config/rootfiles/core/165/filelists/files | 4 +- config/rootfiles/core/165/update.sh | 1 + html/cgi-bin/vpnmain.cgi | 2 +- lfs/dhcpcd | 2 +- lfs/gcc | 3 +- lfs/oci-python-sdk | 4 +- make.sh | 2 +- src/initscripts/networking/functions.network | 11 ++++-- ...0-Allow-free-selection-of-MTU-by-the-user.patch | 44 ++++++++++++++++++++++ 12 files changed, 62 insertions(+), 45 deletions(-) delete mode 100644 config/dhcpc/dhcpcd-hooks/10-mtu copy config/rootfiles/{oldcore/125 => core/165}/filelists/dhcpcd (100%) create mode 100644 src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
Difference in files: diff --git a/config/dhcpc/dhcpcd-hooks/10-mtu b/config/dhcpc/dhcpcd-hooks/10-mtu deleted file mode 100644 index 8eb429751..000000000 --- a/config/dhcpc/dhcpcd-hooks/10-mtu +++ /dev/null @@ -1,33 +0,0 @@ -# Configure the MTU for the interface - -eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) - -set_mtu() -{ - local mtu=$1 - ip link set "$interface" mtu "$mtu" - - # test for buggy nic that lose link at mtu set... - carrier=`cat /sys/class/net/$interface/carrier` - if [ "$carrier" == "0" ]; then - syslog info "Warning! Carrier loss after MTU set. Reinit needed..." - ip link set "$interface" down - ip link set "$interface" up - exit 1 - fi -} - -if [ -n "$new_interface_mtu" ] && $if_up; then - if [ $RED_DHCP_FORCE_MTU -ge 576 ]; then - new_interface_mtu=$RED_DHCP_FORCE_MTU - fi - if [ ! "$new_interface_mtu" == "$ifmtu" ]; then - # The smalled MTU dhcpcd can work with is 576 - if [ "$new_interface_mtu" -gt 576 ]; then - if set_mtu "$new_interface_mtu"; then - syslog info "MTU set to $new_interface_mtu" - fi - fi - fi -fi - diff --git a/config/rootfiles/common/dhcpcd b/config/rootfiles/common/dhcpcd index 672a47a30..d36b105f1 100644 --- a/config/rootfiles/common/dhcpcd +++ b/config/rootfiles/common/dhcpcd @@ -9,7 +9,6 @@ var/ipfire/dhcpc/dhcpcd-hooks #var/ipfire/dhcpc/dhcpcd-hooks/00-linux #var/ipfire/dhcpc/dhcpcd-hooks/01-test #var/ipfire/dhcpc/dhcpcd-hooks/02-dump -#var/ipfire/dhcpc/dhcpcd-hooks/10-mtu #var/ipfire/dhcpc/dhcpcd-hooks/30-hostname #var/ipfire/dhcpc/dhcpcd-hooks/70-dhcpcd.exe var/ipfire/dhcpc/dhcpcd-run-hooks diff --git a/config/rootfiles/core/165/filelists/dhcpcd b/config/rootfiles/core/165/filelists/dhcpcd new file mode 120000 index 000000000..1e799dabb --- /dev/null +++ b/config/rootfiles/core/165/filelists/dhcpcd @@ -0,0 +1 @@ +../../../common/dhcpcd \ No newline at end of file diff --git a/config/rootfiles/core/165/filelists/files b/config/rootfiles/core/165/filelists/files index a5ae67f43..34be4b071 100644 --- a/config/rootfiles/core/165/filelists/files +++ b/config/rootfiles/core/165/filelists/files @@ -1,5 +1,6 @@ -etc/rc.d/init.d/firewall etc/rc.d/helper/oci-setup +etc/rc.d/init.d/firewall +etc/rc.d/init.d/networking/functions.network opt/pakfire/etc/pakfire.conf opt/pakfire/lib/functions.pl srv/web/ipfire/cgi-bin/backup.cgi @@ -8,6 +9,7 @@ srv/web/ipfire/cgi-bin/logs.cgi/ovpnclients.dat srv/web/ipfire/cgi-bin/media.cgi srv/web/ipfire/cgi-bin/pakfire.cgi srv/web/ipfire/cgi-bin/qos.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi srv/web/ipfire/cgi-bin/wirelessclient.cgi srv/web/ipfire/html/themes/ipfire/include/css/style.css usr/lib/firewall/firewall-lib.pl diff --git a/config/rootfiles/core/165/update.sh b/config/rootfiles/core/165/update.sh index 8899ab7e9..fe4449fff 100644 --- a/config/rootfiles/core/165/update.sh +++ b/config/rootfiles/core/165/update.sh @@ -94,6 +94,7 @@ rm -rvf \ /usr/sbin/ovpn-collectd-convert \ /usr/sbin/pknlusr \ /usr/share/xt_geoip/ \ + /var/ipfire/dhcpc/dhcpcd-hooks/10-mtu \ /var/ipfire/firewall/p2protocols
# Stop services diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index fb0af104f..3652627e9 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -2360,7 +2360,7 @@ END #use default advanced value $cgiparams{'IKE_ENCRYPTION'} = 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[18]; $cgiparams{'IKE_INTEGRITY'} = 'sha2_512|sha2_256'; #[19]; - $cgiparams{'IKE_GROUPTYPE'} = 'curve448|curve448|4096|3072|2048'; #[20]; + $cgiparams{'IKE_GROUPTYPE'} = 'curve448|curve25519|4096|3072|2048'; #[20]; $cgiparams{'IKE_LIFETIME'} = '3'; #[16]; $cgiparams{'ESP_ENCRYPTION'} = 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21]; $cgiparams{'ESP_INTEGRITY'} = 'sha2_512|sha2_256'; #[22]; diff --git a/lfs/dhcpcd b/lfs/dhcpcd index 8c4a593ad..03349ddc7 100644 --- a/lfs/dhcpcd +++ b/lfs/dhcpcd @@ -70,6 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch cd $(DIR_APP) && ./configure \ --prefix="" \ --sysconfdir=/var/ipfire/dhcpc \ @@ -90,7 +91,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) rm -f $(CONFIG_ROOT)/dhcpc/dhcpcd-hooks/50-ypbind
install -m 644 $(DIR_SRC)/config/dhcpc/dhcpcd.conf $(CONFIG_ROOT)/dhcpc/ - install -m 444 $(DIR_SRC)/config/dhcpc/dhcpcd-hooks/10-mtu $(CONFIG_ROOT)/dhcpc/dhcpcd-hooks
chown root:root $(CONFIG_ROOT)/dhcpc/dhcpcd.conf
diff --git a/lfs/gcc b/lfs/gcc index 563e94c16..f78891e24 100644 --- a/lfs/gcc +++ b/lfs/gcc @@ -182,8 +182,7 @@ EXTRA_CONFIG += \ --disable-multilib \ --with-bugurl=https://bugzilla.ipfire.org \ --disable-libunwind-exceptions \ - --enable-gnu-unique-object \ - --without-zstd + --enable-gnu-unique-object
export XCFLAGS = $(CFLAGS) export TCFLAGS = $(CFLAGS) diff --git a/lfs/oci-python-sdk b/lfs/oci-python-sdk index 988e5a3bb..817723fe6 100644 --- a/lfs/oci-python-sdk +++ b/lfs/oci-python-sdk @@ -34,8 +34,8 @@ TARGET = $(DIR_INFO)/$(THISAPP) PROG = oci-python-sdk PAK_VER = 1
-DEPS = python3-click python3-circuitbreaker python3-cryptography \ - python3-dateutil python3-pytz python3-six +DEPS = python3-certifi python3-click python3-circuitbreaker \ + python3-cryptography python3-dateutil python3-pytz python3-six
############################################################################### # Top-level Rules diff --git a/make.sh b/make.sh index b6d8153d2..054827bad 100755 --- a/make.sh +++ b/make.sh @@ -1084,6 +1084,7 @@ buildbase() { lfsmake2 tzdata lfsmake2 cleanup-toolchain lfsmake2 zlib + lfsmake2 zstd lfsmake2 autoconf lfsmake2 automake lfsmake2 libtool @@ -1094,7 +1095,6 @@ buildbase() { lfsmake2 libxcrypt lfsmake2 file lfsmake2 gcc - lfsmake2 zstd lfsmake2 sed lfsmake2 berkeley lfsmake2 coreutils diff --git a/src/initscripts/networking/functions.network b/src/initscripts/networking/functions.network index 7ec50f436..eae4a7b7c 100644 --- a/src/initscripts/networking/functions.network +++ b/src/initscripts/networking/functions.network @@ -61,7 +61,7 @@ dhcpcd_start() { # This function will start a dhcpcd on a speciefied device.
local device="$1" - local dhcp_start="" + local dhcp_start=()
boot_mesg -n "Starting dhcpcd on the ${device} interface..."
@@ -76,11 +76,16 @@ dhcpcd_start() {
# Check if a DHCP hostname has been set. if [ -n "${RED_DHCP_HOSTNAME}" ]; then - dhcp_start+="-h ${RED_DHCP_HOSTNAME}" + dhcp_start+=( "-h" "${RED_DHCP_HOSTNAME}" ) + fi + + # Tell dhcpcd to use the configured MTU + if [ -n "${RED_DHCP_FORCE_MTU}" ]; then + dhcp_start+=( "--static" "mtu=${RED_DHCP_FORCE_MTU}" ) fi
# Start dhcpcd. - /sbin/dhcpcd ${dhcp_start} ${device} >/dev/null 2>&1 + /sbin/dhcpcd "${dhcp_start[@]}" ${device} >/dev/null 2>&1 ret="$?"
if [ "${ret}" -eq 0 ]; then diff --git a/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch b/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch new file mode 100644 index 000000000..69a35daf5 --- /dev/null +++ b/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch @@ -0,0 +1,44 @@ +From 1acff721a3874a74efc9921a1e07bd48bd7efab0 Mon Sep 17 00:00:00 2001 +From: Michael Tremer michael.tremer@ipfire.org +Date: Tue, 22 Feb 2022 12:07:15 +0000 +Subject: [PATCH] Allow free selection of MTU by the user + +Various ISPs (or equipment?) seem to hand out an MTU of only 576 bytes. +Hwoever, this does not seem to be intentional which is why we would like +to manually overwrite this in the configuration. + +dhcpcd only allows setting a maximum MTU of 1472 bytes which does not +seem to have any rationale (any more). Although Ethernet might limit any +MTU to less, IPv6 and IPv4 support MTUs of up to 64KiB. + +This patch allows the user to configure the MTU freely with providing +some sanity check. + +Signed-off-by: Michael Tremer michael.tremer@ipfire.org +--- + src/dhcp-common.h | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/dhcp-common.h b/src/dhcp-common.h +index a82fcd4c..d6620822 100644 +--- a/src/dhcp-common.h ++++ b/src/dhcp-common.h +@@ -46,10 +46,11 @@ + #define NS_MAXLABEL MAXLABEL + #endif + +-/* Max MTU - defines dhcp option length */ +-#define IP_UDP_SIZE 28 +-#define MTU_MAX 1500 - IP_UDP_SIZE +-#define MTU_MIN 576 + IP_UDP_SIZE ++/* Max/Min MTU */ ++#define MTU_MAX 65536 ++#define MTU_MIN 576 ++ ++#define IP_UDP_SIZE 28 + + #define OT_REQUEST (1 << 0) + #define OT_UINT8 (1 << 1) +-- +2.30.2 +
hooks/post-receive -- IPFire 2.x development tree