* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 82674728e37b93f16238d3314806c8330d7554fb
@ 2022-02-23 15:54 Peter Müller
0 siblings, 0 replies; only message in thread
From: Peter Müller @ 2022-02-23 15:54 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 14645 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 82674728e37b93f16238d3314806c8330d7554fb (commit)
via 59dc2a4c471343d930d0c2c7abc097970ed95819 (commit)
via dcd8a86b03f63a96c2232cf020cde419c420fff1 (commit)
via 2598706f2310aa863e585c68e020c8df3a749c8d (commit)
via 7cdd550577065923b0430e79fa1fe6c722911840 (commit)
via 9c689924980c6d0ae4d6ecd8e34f06147edbcb1c (commit)
via 5d0d1144fbd0413cbb3215804dbb1b3238248670 (commit)
via 8fa66ce750dee06140e55b689a0645860e005b11 (commit)
from 5de5bec3f4553267965213ead119369ea42c2f4c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 82674728e37b93f16238d3314806c8330d7554fb
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Feb 23 15:54:13 2022 +0000
Core Update 165: Ship vpnmain.cgi
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 59dc2a4c471343d930d0c2c7abc097970ed95819
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 23 10:16:41 2022 +0000
vpnmain.cgi: Select Curve 25519 as default
This was supposed to be enabled by default. Due to a copy-and-paste
error, it was, however, not selected for IKE, but only for ESP.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit dcd8a86b03f63a96c2232cf020cde419c420fff1
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Feb 22 17:19:10 2022 +0000
oci-python-sdk: Depend on python3-certifi
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2598706f2310aa863e585c68e020c8df3a749c8d
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Feb 23 15:51:33 2022 +0000
Core Update 165: Ship dhcpcd-related changes
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 7cdd550577065923b0430e79fa1fe6c722911840
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Feb 22 12:18:06 2022 +0000
dhcpcd: Allow freely setting MTU
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 9c689924980c6d0ae4d6ecd8e34f06147edbcb1c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Feb 22 12:18:05 2022 +0000
dhcpcd: Remove old MTU setting script
This is being replaced by adding the MTU option to any routes that
dhcpcd installs.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 5d0d1144fbd0413cbb3215804dbb1b3238248670
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Feb 22 12:18:04 2022 +0000
dhcpcd: Force setting MTU through dhcpcd
The DHCP server can instruct clients to configure a certain MTU.
This used to be done by setting the MTU of the interface. However,
dhcpcd has changed this behaviour using routes to.
We used to have a modified version of the old mechanism which no longer
works well with the new system and is therefore to be dropped.
This is the first commit in the series implementing the new behaviour
and telling dhcpcd to use the configured MTU.
Fixes: #12563
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 8fa66ce750dee06140e55b689a0645860e005b11
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Wed Feb 23 15:36:25 2022 +0000
Revert "gcc: Compile without ZSTD"
https://lists.ipfire.org/pipermail/development/2022-February/012544.html
This reverts commit 0b6ba4a0ca2e08cd9fc56e99e80d33a6fe88b395.
-----------------------------------------------------------------------
Summary of changes:
config/dhcpc/dhcpcd-hooks/10-mtu | 33 ----------------
config/rootfiles/common/dhcpcd | 1 -
.../{oldcore/125 => core/165}/filelists/dhcpcd | 0
config/rootfiles/core/165/filelists/files | 4 +-
config/rootfiles/core/165/update.sh | 1 +
html/cgi-bin/vpnmain.cgi | 2 +-
lfs/dhcpcd | 2 +-
lfs/gcc | 3 +-
lfs/oci-python-sdk | 4 +-
make.sh | 2 +-
src/initscripts/networking/functions.network | 11 ++++--
...0-Allow-free-selection-of-MTU-by-the-user.patch | 44 ++++++++++++++++++++++
12 files changed, 62 insertions(+), 45 deletions(-)
delete mode 100644 config/dhcpc/dhcpcd-hooks/10-mtu
copy config/rootfiles/{oldcore/125 => core/165}/filelists/dhcpcd (100%)
create mode 100644 src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
Difference in files:
diff --git a/config/dhcpc/dhcpcd-hooks/10-mtu b/config/dhcpc/dhcpcd-hooks/10-mtu
deleted file mode 100644
index 8eb429751..000000000
--- a/config/dhcpc/dhcpcd-hooks/10-mtu
+++ /dev/null
@@ -1,33 +0,0 @@
-# Configure the MTU for the interface
-
-eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
-
-set_mtu()
-{
- local mtu=$1
- ip link set "$interface" mtu "$mtu"
-
- # test for buggy nic that lose link at mtu set...
- carrier=`cat /sys/class/net/$interface/carrier`
- if [ "$carrier" == "0" ]; then
- syslog info "Warning! Carrier loss after MTU set. Reinit needed..."
- ip link set "$interface" down
- ip link set "$interface" up
- exit 1
- fi
-}
-
-if [ -n "$new_interface_mtu" ] && $if_up; then
- if [ $RED_DHCP_FORCE_MTU -ge 576 ]; then
- new_interface_mtu=$RED_DHCP_FORCE_MTU
- fi
- if [ ! "$new_interface_mtu" == "$ifmtu" ]; then
- # The smalled MTU dhcpcd can work with is 576
- if [ "$new_interface_mtu" -gt 576 ]; then
- if set_mtu "$new_interface_mtu"; then
- syslog info "MTU set to $new_interface_mtu"
- fi
- fi
- fi
-fi
-
diff --git a/config/rootfiles/common/dhcpcd b/config/rootfiles/common/dhcpcd
index 672a47a30..d36b105f1 100644
--- a/config/rootfiles/common/dhcpcd
+++ b/config/rootfiles/common/dhcpcd
@@ -9,7 +9,6 @@ var/ipfire/dhcpc/dhcpcd-hooks
#var/ipfire/dhcpc/dhcpcd-hooks/00-linux
#var/ipfire/dhcpc/dhcpcd-hooks/01-test
#var/ipfire/dhcpc/dhcpcd-hooks/02-dump
-#var/ipfire/dhcpc/dhcpcd-hooks/10-mtu
#var/ipfire/dhcpc/dhcpcd-hooks/30-hostname
#var/ipfire/dhcpc/dhcpcd-hooks/70-dhcpcd.exe
var/ipfire/dhcpc/dhcpcd-run-hooks
diff --git a/config/rootfiles/core/165/filelists/dhcpcd b/config/rootfiles/core/165/filelists/dhcpcd
new file mode 120000
index 000000000..1e799dabb
--- /dev/null
+++ b/config/rootfiles/core/165/filelists/dhcpcd
@@ -0,0 +1 @@
+../../../common/dhcpcd
\ No newline at end of file
diff --git a/config/rootfiles/core/165/filelists/files b/config/rootfiles/core/165/filelists/files
index a5ae67f43..34be4b071 100644
--- a/config/rootfiles/core/165/filelists/files
+++ b/config/rootfiles/core/165/filelists/files
@@ -1,5 +1,6 @@
-etc/rc.d/init.d/firewall
etc/rc.d/helper/oci-setup
+etc/rc.d/init.d/firewall
+etc/rc.d/init.d/networking/functions.network
opt/pakfire/etc/pakfire.conf
opt/pakfire/lib/functions.pl
srv/web/ipfire/cgi-bin/backup.cgi
@@ -8,6 +9,7 @@ srv/web/ipfire/cgi-bin/logs.cgi/ovpnclients.dat
srv/web/ipfire/cgi-bin/media.cgi
srv/web/ipfire/cgi-bin/pakfire.cgi
srv/web/ipfire/cgi-bin/qos.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
srv/web/ipfire/cgi-bin/wirelessclient.cgi
srv/web/ipfire/html/themes/ipfire/include/css/style.css
usr/lib/firewall/firewall-lib.pl
diff --git a/config/rootfiles/core/165/update.sh b/config/rootfiles/core/165/update.sh
index 8899ab7e9..fe4449fff 100644
--- a/config/rootfiles/core/165/update.sh
+++ b/config/rootfiles/core/165/update.sh
@@ -94,6 +94,7 @@ rm -rvf \
/usr/sbin/ovpn-collectd-convert \
/usr/sbin/pknlusr \
/usr/share/xt_geoip/ \
+ /var/ipfire/dhcpc/dhcpcd-hooks/10-mtu \
/var/ipfire/firewall/p2protocols
# Stop services
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index fb0af104f..3652627e9 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -2360,7 +2360,7 @@ END
#use default advanced value
$cgiparams{'IKE_ENCRYPTION'} = 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[18];
$cgiparams{'IKE_INTEGRITY'} = 'sha2_512|sha2_256'; #[19];
- $cgiparams{'IKE_GROUPTYPE'} = 'curve448|curve448|4096|3072|2048'; #[20];
+ $cgiparams{'IKE_GROUPTYPE'} = 'curve448|curve25519|4096|3072|2048'; #[20];
$cgiparams{'IKE_LIFETIME'} = '3'; #[16];
$cgiparams{'ESP_ENCRYPTION'} = 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21];
$cgiparams{'ESP_INTEGRITY'} = 'sha2_512|sha2_256'; #[22];
diff --git a/lfs/dhcpcd b/lfs/dhcpcd
index 8c4a593ad..03349ddc7 100644
--- a/lfs/dhcpcd
+++ b/lfs/dhcpcd
@@ -70,6 +70,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
cd $(DIR_APP) && ./configure \
--prefix="" \
--sysconfdir=/var/ipfire/dhcpc \
@@ -90,7 +91,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
rm -f $(CONFIG_ROOT)/dhcpc/dhcpcd-hooks/50-ypbind
install -m 644 $(DIR_SRC)/config/dhcpc/dhcpcd.conf $(CONFIG_ROOT)/dhcpc/
- install -m 444 $(DIR_SRC)/config/dhcpc/dhcpcd-hooks/10-mtu $(CONFIG_ROOT)/dhcpc/dhcpcd-hooks
chown root:root $(CONFIG_ROOT)/dhcpc/dhcpcd.conf
diff --git a/lfs/gcc b/lfs/gcc
index 563e94c16..f78891e24 100644
--- a/lfs/gcc
+++ b/lfs/gcc
@@ -182,8 +182,7 @@ EXTRA_CONFIG += \
--disable-multilib \
--with-bugurl=https://bugzilla.ipfire.org \
--disable-libunwind-exceptions \
- --enable-gnu-unique-object \
- --without-zstd
+ --enable-gnu-unique-object
export XCFLAGS = $(CFLAGS)
export TCFLAGS = $(CFLAGS)
diff --git a/lfs/oci-python-sdk b/lfs/oci-python-sdk
index 988e5a3bb..817723fe6 100644
--- a/lfs/oci-python-sdk
+++ b/lfs/oci-python-sdk
@@ -34,8 +34,8 @@ TARGET = $(DIR_INFO)/$(THISAPP)
PROG = oci-python-sdk
PAK_VER = 1
-DEPS = python3-click python3-circuitbreaker python3-cryptography \
- python3-dateutil python3-pytz python3-six
+DEPS = python3-certifi python3-click python3-circuitbreaker \
+ python3-cryptography python3-dateutil python3-pytz python3-six
###############################################################################
# Top-level Rules
diff --git a/make.sh b/make.sh
index b6d8153d2..054827bad 100755
--- a/make.sh
+++ b/make.sh
@@ -1084,6 +1084,7 @@ buildbase() {
lfsmake2 tzdata
lfsmake2 cleanup-toolchain
lfsmake2 zlib
+ lfsmake2 zstd
lfsmake2 autoconf
lfsmake2 automake
lfsmake2 libtool
@@ -1094,7 +1095,6 @@ buildbase() {
lfsmake2 libxcrypt
lfsmake2 file
lfsmake2 gcc
- lfsmake2 zstd
lfsmake2 sed
lfsmake2 berkeley
lfsmake2 coreutils
diff --git a/src/initscripts/networking/functions.network b/src/initscripts/networking/functions.network
index 7ec50f436..eae4a7b7c 100644
--- a/src/initscripts/networking/functions.network
+++ b/src/initscripts/networking/functions.network
@@ -61,7 +61,7 @@ dhcpcd_start() {
# This function will start a dhcpcd on a speciefied device.
local device="$1"
- local dhcp_start=""
+ local dhcp_start=()
boot_mesg -n "Starting dhcpcd on the ${device} interface..."
@@ -76,11 +76,16 @@ dhcpcd_start() {
# Check if a DHCP hostname has been set.
if [ -n "${RED_DHCP_HOSTNAME}" ]; then
- dhcp_start+="-h ${RED_DHCP_HOSTNAME}"
+ dhcp_start+=( "-h" "${RED_DHCP_HOSTNAME}" )
+ fi
+
+ # Tell dhcpcd to use the configured MTU
+ if [ -n "${RED_DHCP_FORCE_MTU}" ]; then
+ dhcp_start+=( "--static" "mtu=${RED_DHCP_FORCE_MTU}" )
fi
# Start dhcpcd.
- /sbin/dhcpcd ${dhcp_start} ${device} >/dev/null 2>&1
+ /sbin/dhcpcd "${dhcp_start[@]}" ${device} >/dev/null 2>&1
ret="$?"
if [ "${ret}" -eq 0 ]; then
diff --git a/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch b/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
new file mode 100644
index 000000000..69a35daf5
--- /dev/null
+++ b/src/patches/dhcpcd-9.4.0-Allow-free-selection-of-MTU-by-the-user.patch
@@ -0,0 +1,44 @@
+From 1acff721a3874a74efc9921a1e07bd48bd7efab0 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer(a)ipfire.org>
+Date: Tue, 22 Feb 2022 12:07:15 +0000
+Subject: [PATCH] Allow free selection of MTU by the user
+
+Various ISPs (or equipment?) seem to hand out an MTU of only 576 bytes.
+Hwoever, this does not seem to be intentional which is why we would like
+to manually overwrite this in the configuration.
+
+dhcpcd only allows setting a maximum MTU of 1472 bytes which does not
+seem to have any rationale (any more). Although Ethernet might limit any
+MTU to less, IPv6 and IPv4 support MTUs of up to 64KiB.
+
+This patch allows the user to configure the MTU freely with providing
+some sanity check.
+
+Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
+---
+ src/dhcp-common.h | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/dhcp-common.h b/src/dhcp-common.h
+index a82fcd4c..d6620822 100644
+--- a/src/dhcp-common.h
++++ b/src/dhcp-common.h
+@@ -46,10 +46,11 @@
+ #define NS_MAXLABEL MAXLABEL
+ #endif
+
+-/* Max MTU - defines dhcp option length */
+-#define IP_UDP_SIZE 28
+-#define MTU_MAX 1500 - IP_UDP_SIZE
+-#define MTU_MIN 576 + IP_UDP_SIZE
++/* Max/Min MTU */
++#define MTU_MAX 65536
++#define MTU_MIN 576
++
++#define IP_UDP_SIZE 28
+
+ #define OT_REQUEST (1 << 0)
+ #define OT_UINT8 (1 << 1)
+--
+2.30.2
+
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-02-23 15:54 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-23 15:54 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 82674728e37b93f16238d3314806c8330d7554fb Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox