diff --git a/config/show_config b/config/show_config index d0ed8af74d..f7bc75036a 100644 --- a/config/show_config +++ b/config/show_config @@ -95,6 +95,7 @@ show_config() { config_message="$config_message\n - SAMBA server support:\t\t $SAMBA_SERVER" config_message="$config_message\n - SFTP server support:\t\t\t $SFTP_SERVER" config_message="$config_message\n - OpenVPN support:\t\t\t $OPENVPN_SUPPORT" + config_message="$config_message\n - WireGuard support:\t\t\t $WIREGUARD_SUPPORT" # OS configuration diff --git a/distributions/LibreELEC/options b/distributions/LibreELEC/options index 10503e5bc7..0a7087c331 100644 --- a/distributions/LibreELEC/options +++ b/distributions/LibreELEC/options @@ -115,6 +115,9 @@ # build and install OpenVPN support (yes / no) OPENVPN_SUPPORT="yes" +# build and install WireGuard support (yes / no) + WIREGUARD_SUPPORT="yes" + # build and install diskmounter support (udevil) # this service provide auto mounting support for external drives in the # mediacenter also automount internally drives at boottime via udev (yes / no) diff --git a/packages/network/connman/package.mk b/packages/network/connman/package.mk index 69bd12703f..733f670734 100644 --- a/packages/network/connman/package.mk +++ b/packages/network/connman/package.mk @@ -3,11 +3,11 @@ # Copyright (C) 2019-present Team LibreELEC (https://libreelec.tv) PKG_NAME="connman" -PKG_VERSION="1.37" -PKG_SHA256="6ce29b3eb0bb16a7387bc609c39455fd13064bdcde5a4d185fab3a0c71946e16" +PKG_VERSION="9c781b75657bb72a9d65ba7cc73aa5111ae13eb2" # pre 1.38 +PKG_SHA256="384ac276b593e919614f8615da8641dac4268c8e6ebc1166b78b3d260d5ca242" PKG_LICENSE="GPL" PKG_SITE="http://www.connman.net" -PKG_URL="https://www.kernel.org/pub/linux/network/connman/$PKG_NAME-$PKG_VERSION.tar.xz" +PKG_URL="https://git.kernel.org/pub/scm/network/connman/connman.git/snapshot/connman-$PKG_VERSION.tar.gz" PKG_DEPENDS_TARGET="toolchain glib readline dbus iptables wpa_supplicant" PKG_LONGDESC="A modular network connection manager." PKG_TOOLCHAIN="autotools" @@ -46,7 +46,14 @@ PKG_CONFIGURE_OPTS_TARGET="WPASUPPLICANT=/usr/bin/wpa_supplicant \ --with-systemdunitdir=/usr/lib/systemd/system \ --disable-silent-rules" +if [ "$WIREGUARD_SUPPORT" = "yes" ]; then + PKG_CONFIGURE_OPTS_TARGET+=" --enable-wireguard=builtin" +else + PKG_CONGIGURE_OPTS_TARGET+=" --disable-wireguard" +fi + PKG_MAKE_OPTS_TARGET="storagedir=/storage/.cache/connman \ + vpn_storagedir=/storage/.config/wireguard \ statedir=/run/connman" post_makeinstall_target() { @@ -81,4 +88,7 @@ post_install() { add_group system 430 enable_service connman.service + if [ "$WIREGUARD_SUPPORT" = "yes" ]; then + enable_service connman-vpn.service + fi } diff --git a/packages/network/connman/system.d/connman-vpn.service b/packages/network/connman/system.d/connman-vpn.service new file mode 100644 index 0000000000..6711bd4b68 --- /dev/null +++ b/packages/network/connman/system.d/connman-vpn.service @@ -0,0 +1,14 @@ +[Unit] +Description=ConnMan VPN service + +[Service] +Type=dbus +BusName=net.connman.vpn +ExecStart=/usr/sbin/connman-vpnd -n +StandardOutput=null +CapabilityBoundingSet=CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID +ProtectHome=read-only +ProtectSystem=full + +[Install] +WantedBy=multi-user.target diff --git a/packages/network/libmnl/package.mk b/packages/network/libmnl/package.mk index c2122650e2..ec2eb2b51d 100644 --- a/packages/network/libmnl/package.mk +++ b/packages/network/libmnl/package.mk @@ -9,5 +9,3 @@ PKG_SITE="http://netfilter.org/projects/libmnl" PKG_URL="http://netfilter.org/projects/libmnl/files/$PKG_NAME-$PKG_VERSION.tar.bz2" PKG_DEPENDS_TARGET="toolchain" PKG_LONGDESC="A minimalistic user-space library oriented to Netlink developers." - -PKG_CONFIGURE_OPTS_TARGET="--disable-shared --enable-static" diff --git a/packages/network/wireguard-linux-compat/modules-load.d/wireguard.conf b/packages/network/wireguard-linux-compat/modules-load.d/wireguard.conf new file mode 100644 index 0000000000..a82c63a203 --- /dev/null +++ b/packages/network/wireguard-linux-compat/modules-load.d/wireguard.conf @@ -0,0 +1 @@ +wireguard diff --git a/packages/network/wireguard-linux-compat/package.mk b/packages/network/wireguard-linux-compat/package.mk new file mode 100644 index 0000000000..0b537f031f --- /dev/null +++ b/packages/network/wireguard-linux-compat/package.mk @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2019-present Team LibreELEC (https://libreelec.tv) + +PKG_NAME="wireguard-linux-compat" +PKG_VERSION="v0.0.20200121" +PKG_SHA256="509a26a28ac1e96cf15d9a457a4143c43d4455eee877fdef20ebf11cbfd012b6" +PKG_LICENSE="GPLv2" +PKG_SITE="https://www.wireguard.com" +PKG_URL="https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-$PKG_VERSION.tar.xz" +PKG_DEPENDS_TARGET="toolchain linux libmnl" +PKG_NEED_UNPACK="$LINUX_DEPENDS" +PKG_LONGDESC="WireGuard VPN kernel module" +PKG_TOOLCHAIN="manual" +PKG_IS_KERNEL_PKG="yes" + +pre_make_target() { + unset LDFLAGS +} + +make_target() { + kernel_make KERNELDIR=$(kernel_path) -C src/ module +} + +makeinstall_target() { + mkdir -p $INSTALL/$(get_full_module_dir)/$PKG_NAME + cp src/*.ko $INSTALL/$(get_full_module_dir)/$PKG_NAME +} diff --git a/packages/network/wireguard-tools/config/system.d/wireguard.service.sample b/packages/network/wireguard-tools/config/system.d/wireguard.service.sample new file mode 100644 index 0000000000..02904fddee --- /dev/null +++ b/packages/network/wireguard-tools/config/system.d/wireguard.service.sample @@ -0,0 +1,13 @@ +[Unit] +Description=WireGuard VPN Service +After=network-online.target nss-lookup.target connman-vpn.service +Wants=network-online.target nss-lookup.target connman-vpn.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/connmanctl connect vpn_service_name_goes_here +ExecStop=/usr/bin/connmanctl disconnect vpn_service_name_goes_here + +[Install] +WantedBy=multi-user.target diff --git a/packages/network/wireguard-tools/config/wireguard/wireguard.config.sample b/packages/network/wireguard-tools/config/wireguard/wireguard.config.sample new file mode 100644 index 0000000000..9ff945349e --- /dev/null +++ b/packages/network/wireguard-tools/config/wireguard/wireguard.config.sample @@ -0,0 +1,14 @@ +[provider_wireguard] +Type = WireGuard +Name = WireGuard VPN Tunnel +Host = 3.2.5.6 +Domain = my.home.network +WireGuard.Address = 10.2.0.2/24 +WireGuard.ListenPort = 51820 +WireGuard.PrivateKey = qKIj010hDdWSjQQyVCnEgthLXusBgm3I6HWrJUaJymc= +WireGuard.PublicKey = zzqUfWGIil6QxrAGz77HE5BGUEdD2PgHYnCg3CDKagE= +WireGuard.PresharedKey = DfEYeVs04HS9XhKGM4/ZXHG3Qc4MFK2AJd8XouYDbRQ= +WireGuard.DNS = 8.8.8.8, 1.1.1.1 +WireGuard.AllowedIPs = 0.0.0.0/0 +WireGuard.EndpointPort = 51820 +WireGuard.PersistentKeepalive = 25 diff --git a/packages/network/wireguard-tools/package.mk b/packages/network/wireguard-tools/package.mk new file mode 100644 index 0000000000..9a440e57dc --- /dev/null +++ b/packages/network/wireguard-tools/package.mk @@ -0,0 +1,31 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2019-present Team LibreELEC (https://libreelec.tv) + +PKG_NAME="wireguard-tools" +PKG_VERSION="v1.0.20200121" +PKG_SHA256="e7aa8985dfeb495eff4b90b1817ea6c44f59ed124bac9fc85f6ba78173beef29" +PKG_LICENSE="GPLv2" +PKG_SITE="https://www.wireguard.com" +PKG_URL="https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-$PKG_VERSION.tar.xz" +PKG_DEPENDS_TARGET="toolchain linux libmnl" +PKG_NEED_UNPACK="$LINUX_DEPENDS" +PKG_LONGDESC="WireGuard VPN userspace tools" +PKG_TOOLCHAIN="manual" +PKG_IS_KERNEL_PKG="yes" + +pre_make_target() { + unset LDFLAGS +} + +make_target() { + kernel_make KERNELDIR=$(kernel_path) -C src/ wg +} + +makeinstall_target() { + mkdir -p $INSTALL/usr/bin + cp $PKG_DIR/scripts/wg-keygen $INSTALL/usr/bin + cp $PKG_BUILD/src/wg $INSTALL/usr/bin + + mkdir -p $INSTALL/usr + cp -R $PKG_DIR/config $INSTALL/usr +} diff --git a/packages/network/wireguard-tools/scripts/wg-keygen b/packages/network/wireguard-tools/scripts/wg-keygen new file mode 100755 index 0000000000..342e3add04 --- /dev/null +++ b/packages/network/wireguard-tools/scripts/wg-keygen @@ -0,0 +1,25 @@ +#!/bin/sh + +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2019-present Team LibreELEC (https://libreelec.tv) + +if [ -x /usr/bin/wg ]; then + + umask 077 + mkdir -p /storage/.cache/wireguard + + if [ ! -f /storage/.cache/wireguard/privatekey ]; then + wg genkey > /storage/.cache/wireguard/privatekey + fi + if [ ! -f /storage/.cache/wireguard/publickey ]; then + wg pubkey < /storage/.cache/wireguard/privatekey > /storage/.cache/wireguard/publickey + fi + if [ ! -f /storage/.cache/wireguard/preshared ]; then + wg genpsk > /storage/.cache/wireguard/preshared + fi + +fi + +echo "WireGuard keys have been saved to /storage/.cache/wireguard/" + +exit 0 diff --git a/packages/network/wireguard-tools/tmpfiles.d/z_03_wireguard.conf b/packages/network/wireguard-tools/tmpfiles.d/z_03_wireguard.conf new file mode 100644 index 0000000000..6557517671 --- /dev/null +++ b/packages/network/wireguard-tools/tmpfiles.d/z_03_wireguard.conf @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2019-present Team LibreELEC (https://libreelec.tv) + +d /storage/.cache/wireguard 0755 root root - - diff --git a/packages/virtual/network/package.mk b/packages/virtual/network/package.mk index 76a14503a3..c13737907c 100644 --- a/packages/virtual/network/package.mk +++ b/packages/virtual/network/package.mk @@ -22,6 +22,10 @@ if [ "$OPENVPN_SUPPORT" = "yes" ]; then PKG_DEPENDS_TARGET="$PKG_DEPENDS_TARGET openvpn" fi +if [ "$WIREGUARD_SUPPORT" = "yes" ]; then + PKG_DEPENDS_TARGET="$PKG_DEPENDS_TARGET wireguard-tools wireguard-linux-compat" +fi + # nss needed by inputstream.adaptive, chromium etc. if [ "$TARGET_ARCH" = "x86_64" ] || [ "$TARGET_ARCH" = "arm" ]; then PKG_DEPENDS_TARGET="$PKG_DEPENDS_TARGET nss" diff --git a/projects/Allwinner/linux/linux.aarch64.conf b/projects/Allwinner/linux/linux.aarch64.conf index e35244c61e..c8b8ce261d 100644 --- a/projects/Allwinner/linux/linux.aarch64.conf +++ b/projects/Allwinner/linux/linux.aarch64.conf @@ -741,7 +741,7 @@ CONFIG_NET_IP_TUNNEL=m # CONFIG_SYN_COOKIES is not set # CONFIG_NET_IPVTI is not set CONFIG_NET_UDP_TUNNEL=m -# CONFIG_NET_FOU is not set +CONFIG_NET_FOU=m # CONFIG_NET_FOU_IP_TUNNELS is not set # CONFIG_INET_AH is not set CONFIG_INET_ESP=y @@ -777,6 +777,7 @@ CONFIG_IPV6_SIT=m # CONFIG_IPV6_SIT_6RD is not set CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set +CONFIG_IPV6_FOU=m # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_IPV6_SEG6_LWTUNNEL is not set diff --git a/projects/Allwinner/linux/linux.arm.conf b/projects/Allwinner/linux/linux.arm.conf index c88605cbc3..dd61b22353 100644 --- a/projects/Allwinner/linux/linux.arm.conf +++ b/projects/Allwinner/linux/linux.arm.conf @@ -763,7 +763,7 @@ CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V2 is not set # CONFIG_SYN_COOKIES is not set CONFIG_NET_UDP_TUNNEL=m -# CONFIG_NET_FOU is not set +CONFIG_NET_FOU=m # CONFIG_NET_FOU_IP_TUNNELS is not set # CONFIG_INET_AH is not set CONFIG_INET_ESP=m @@ -795,6 +795,7 @@ CONFIG_IPV6_SIT=m # CONFIG_IPV6_SIT_6RD is not set CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set +CONFIG_IPV6_FOU=m # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_IPV6_SEG6_LWTUNNEL is not set diff --git a/projects/Generic/linux/linux.x86_64.conf b/projects/Generic/linux/linux.x86_64.conf index b401135c1e..4d739447fe 100644 --- a/projects/Generic/linux/linux.x86_64.conf +++ b/projects/Generic/linux/linux.x86_64.conf @@ -844,7 +844,12 @@ CONFIG_UNIX=y CONFIG_UNIX_SCM=y # CONFIG_UNIX_DIAG is not set # CONFIG_TLS is not set +CONFIG_XFRM=y # CONFIG_XFRM_USER is not set +# CONFIG_XFRM_INTERFACE is not set +# CONFIG_XFRM_SUB_POLICY is not set +# CONFIG_XFRM_MIGRATE is not set +# CONFIG_XFRM_STATISTICS is not set # CONFIG_NET_KEY is not set # CONFIG_XDP_SOCKETS is not set CONFIG_INET=y @@ -867,7 +872,8 @@ CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set # CONFIG_IP_PIMSM_V2 is not set # CONFIG_SYN_COOKIES is not set -# CONFIG_NET_FOU is not set +CONFIG_NET_UDP_TUNNEL=m +CONFIG_NET_FOU=m # CONFIG_NET_FOU_IP_TUNNELS is not set # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set @@ -914,6 +920,7 @@ CONFIG_IPV6_SIT=m # CONFIG_IPV6_SIT_6RD is not set CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set +CONFIG_IPV6_FOU=m # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_IPV6_SEG6_LWTUNNEL is not set @@ -1032,6 +1039,7 @@ CONFIG_NETFILTER_XT_MATCH_IPRANGE=m # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_OSF is not set CONFIG_NETFILTER_XT_MATCH_OWNER=m +# CONFIG_NETFILTER_XT_MATCH_POLICY is not set # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set diff --git a/projects/RPi/devices/RPi/linux/linux.arm.conf b/projects/RPi/devices/RPi/linux/linux.arm.conf index 99fdb026b3..ee4459d84e 100644 --- a/projects/RPi/devices/RPi/linux/linux.arm.conf +++ b/projects/RPi/devices/RPi/linux/linux.arm.conf @@ -648,7 +648,12 @@ CONFIG_PACKET=y CONFIG_UNIX=y # CONFIG_UNIX_DIAG is not set # CONFIG_TLS is not set +CONFIG_XFRM=y # CONFIG_XFRM_USER is not set +# CONFIG_XFRM_INTERFACE is not set +# CONFIG_XFRM_SUB_POLICY is not set +# CONFIG_XFRM_MIGRATE is not set +# CONFIG_XFRM_STATISTICS is not set # CONFIG_NET_KEY is not set # CONFIG_XDP_SOCKETS is not set CONFIG_INET=y @@ -671,7 +676,8 @@ CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set # CONFIG_IP_PIMSM_V2 is not set # CONFIG_SYN_COOKIES is not set -# CONFIG_NET_FOU is not set +CONFIG_NET_UDP_TUNNEL=m +CONFIG_NET_FOU=m # CONFIG_NET_FOU_IP_TUNNELS is not set # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set @@ -718,6 +724,7 @@ CONFIG_IPV6_SIT=m # CONFIG_IPV6_SIT_6RD is not set CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set +CONFIG_IPV6_FOU=m # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_IPV6_SEG6_LWTUNNEL is not set @@ -834,6 +841,7 @@ CONFIG_NETFILTER_XT_MATCH_IPRANGE=m # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_OSF is not set CONFIG_NETFILTER_XT_MATCH_OWNER=m +# CONFIG_NETFILTER_XT_MATCH_POLICY is not set # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set diff --git a/projects/RPi/devices/RPi2/linux/linux.arm.conf b/projects/RPi/devices/RPi2/linux/linux.arm.conf index c83925f7a2..b7140541ef 100644 --- a/projects/RPi/devices/RPi2/linux/linux.arm.conf +++ b/projects/RPi/devices/RPi2/linux/linux.arm.conf @@ -752,7 +752,12 @@ CONFIG_PACKET=y CONFIG_UNIX=y # CONFIG_UNIX_DIAG is not set # CONFIG_TLS is not set +CONFIG_XFRM=y # CONFIG_XFRM_USER is not set +# CONFIG_XFRM_INTERFACE is not set +# CONFIG_XFRM_SUB_POLICY is not set +# CONFIG_XFRM_MIGRATE is not set +# CONFIG_XFRM_STATISTICS is not set # CONFIG_NET_KEY is not set # CONFIG_XDP_SOCKETS is not set CONFIG_INET=y @@ -775,7 +780,8 @@ CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set # CONFIG_IP_PIMSM_V2 is not set # CONFIG_SYN_COOKIES is not set -# CONFIG_NET_FOU is not set +CONFIG_NET_UDP_TUNNEL=m +CONFIG_NET_FOU=m # CONFIG_NET_FOU_IP_TUNNELS is not set # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set @@ -822,6 +828,7 @@ CONFIG_IPV6_SIT=m # CONFIG_IPV6_SIT_6RD is not set CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set +CONFIG_IPV6_FOU=m # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_IPV6_SEG6_LWTUNNEL is not set @@ -938,6 +945,7 @@ CONFIG_NETFILTER_XT_MATCH_IPRANGE=m # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_OSF is not set CONFIG_NETFILTER_XT_MATCH_OWNER=m +# CONFIG_NETFILTER_XT_MATCH_POLICY is not set # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set diff --git a/projects/RPi/devices/RPi4/linux/linux.arm.conf b/projects/RPi/devices/RPi4/linux/linux.arm.conf index 3db0209c62..575d3a1622 100644 --- a/projects/RPi/devices/RPi4/linux/linux.arm.conf +++ b/projects/RPi/devices/RPi4/linux/linux.arm.conf @@ -810,7 +810,12 @@ CONFIG_PACKET=y CONFIG_UNIX=y # CONFIG_UNIX_DIAG is not set # CONFIG_TLS is not set +CONFIG_XFRM=y # CONFIG_XFRM_USER is not set +# CONFIG_XFRM_INTERFACE is not set +# CONFIG_XFRM_SUB_POLICY is not set +# CONFIG_XFRM_MIGRATE is not set +# CONFIG_XFRM_STATISTICS is not set # CONFIG_NET_KEY is not set # CONFIG_XDP_SOCKETS is not set CONFIG_INET=y @@ -833,7 +838,8 @@ CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set # CONFIG_IP_PIMSM_V2 is not set # CONFIG_SYN_COOKIES is not set -# CONFIG_NET_FOU is not set +CONFIG_NET_UDP_TUNNEL=m +CONFIG_NET_FOU=m # CONFIG_NET_FOU_IP_TUNNELS is not set # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set @@ -880,6 +886,7 @@ CONFIG_IPV6_SIT=m # CONFIG_IPV6_SIT_6RD is not set CONFIG_IPV6_NDISC_NODETYPE=y # CONFIG_IPV6_TUNNEL is not set +CONFIG_IPV6_FOU=m # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_IPV6_SEG6_LWTUNNEL is not set @@ -996,6 +1003,7 @@ CONFIG_NETFILTER_XT_MATCH_IPRANGE=m # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_OSF is not set CONFIG_NETFILTER_XT_MATCH_OWNER=m +# CONFIG_NETFILTER_XT_MATCH_POLICY is not set # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set @@ -1565,6 +1573,7 @@ CONFIG_MACVLAN=m # CONFIG_MACVTAP is not set # CONFIG_IPVLAN is not set # CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set # CONFIG_GTP is not set # CONFIG_MACSEC is not set CONFIG_NETCONSOLE=y diff --git a/projects/Rockchip/devices/MiQi/linux/rockchip-4.4/linux.arm.conf b/projects/Rockchip/devices/MiQi/linux/rockchip-4.4/linux.arm.conf index 58adfd8792..9a752dd649 100644 --- a/projects/Rockchip/devices/MiQi/linux/rockchip-4.4/linux.arm.conf +++ b/projects/Rockchip/devices/MiQi/linux/rockchip-4.4/linux.arm.conf @@ -685,7 +685,7 @@ CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V2 is not set # CONFIG_SYN_COOKIES is not set CONFIG_NET_UDP_TUNNEL=m -# CONFIG_NET_FOU is not set +CONFIG_NET_FOU=m # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set @@ -716,6 +716,7 @@ CONFIG_IPV6=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set # CONFIG_IPV6_SIT is not set # CONFIG_IPV6_TUNNEL is not set +CONFIG_IPV6_FOU=m # CONFIG_IPV6_GRE is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set @@ -832,6 +833,7 @@ CONFIG_NETFILTER_XT_MATCH_IPRANGE=m # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_OSF is not set CONFIG_NETFILTER_XT_MATCH_OWNER=m +# CONFIG_NETFILTER_XT_MATCH_POLICY is not set # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set diff --git a/projects/Rockchip/devices/RK3328/linux/rockchip-4.4/linux.aarch64.conf b/projects/Rockchip/devices/RK3328/linux/rockchip-4.4/linux.aarch64.conf index 0c3042d15e..4387733298 100644 --- a/projects/Rockchip/devices/RK3328/linux/rockchip-4.4/linux.aarch64.conf +++ b/projects/Rockchip/devices/RK3328/linux/rockchip-4.4/linux.aarch64.conf @@ -560,7 +560,12 @@ CONFIG_PACKET=y # CONFIG_PACKET_DIAG is not set CONFIG_UNIX=y # CONFIG_UNIX_DIAG is not set +CONFIG_XFRM=y # CONFIG_XFRM_USER is not set +# CONFIG_XFRM_INTERFACE is not set +# CONFIG_XFRM_SUB_POLICY is not set +# CONFIG_XFRM_MIGRATE is not set +# CONFIG_XFRM_STATISTICS is not set # CONFIG_NET_KEY is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y @@ -574,7 +579,7 @@ CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V2 is not set # CONFIG_SYN_COOKIES is not set CONFIG_NET_UDP_TUNNEL=m -# CONFIG_NET_FOU is not set +CONFIG_NET_FOU=m # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set @@ -605,6 +610,7 @@ CONFIG_IPV6=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set # CONFIG_IPV6_SIT is not set # CONFIG_IPV6_TUNNEL is not set +CONFIG_IPV6_FOU=m # CONFIG_IPV6_GRE is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set @@ -721,6 +727,7 @@ CONFIG_NETFILTER_XT_MATCH_IPRANGE=m # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_OSF is not set CONFIG_NETFILTER_XT_MATCH_OWNER=m +# CONFIG_NETFILTER_XT_MATCH_POLICY is not set # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set diff --git a/projects/Rockchip/devices/RK3399/linux/rockchip-4.4/linux.aarch64.conf b/projects/Rockchip/devices/RK3399/linux/rockchip-4.4/linux.aarch64.conf index 54cd642257..31f9059f81 100644 --- a/projects/Rockchip/devices/RK3399/linux/rockchip-4.4/linux.aarch64.conf +++ b/projects/Rockchip/devices/RK3399/linux/rockchip-4.4/linux.aarch64.conf @@ -590,7 +590,12 @@ CONFIG_PACKET=y # CONFIG_PACKET_DIAG is not set CONFIG_UNIX=y # CONFIG_UNIX_DIAG is not set +CONFIG_XFRM=y # CONFIG_XFRM_USER is not set +# CONFIG_XFRM_INTERFACE is not set +# CONFIG_XFRM_SUB_POLICY is not set +# CONFIG_XFRM_MIGRATE is not set +# CONFIG_XFRM_STATISTICS is not set # CONFIG_NET_KEY is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y @@ -604,7 +609,7 @@ CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V2 is not set # CONFIG_SYN_COOKIES is not set CONFIG_NET_UDP_TUNNEL=m -# CONFIG_NET_FOU is not set +CONFIG_NET_FOU=m # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set @@ -635,6 +640,7 @@ CONFIG_IPV6=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set # CONFIG_IPV6_SIT is not set # CONFIG_IPV6_TUNNEL is not set +CONFIG_IPV6_FOU=m # CONFIG_IPV6_GRE is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set @@ -751,6 +757,7 @@ CONFIG_NETFILTER_XT_MATCH_IPRANGE=m # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_OSF is not set CONFIG_NETFILTER_XT_MATCH_OWNER=m +# CONFIG_NETFILTER_XT_MATCH_POLICY is not set # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set diff --git a/projects/Rockchip/devices/TinkerBoard/linux/rockchip-4.4/linux.arm.conf b/projects/Rockchip/devices/TinkerBoard/linux/rockchip-4.4/linux.arm.conf index 58adfd8792..9a752dd649 100644 --- a/projects/Rockchip/devices/TinkerBoard/linux/rockchip-4.4/linux.arm.conf +++ b/projects/Rockchip/devices/TinkerBoard/linux/rockchip-4.4/linux.arm.conf @@ -685,7 +685,7 @@ CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V2 is not set # CONFIG_SYN_COOKIES is not set CONFIG_NET_UDP_TUNNEL=m -# CONFIG_NET_FOU is not set +CONFIG_NET_FOU=m # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set @@ -716,6 +716,7 @@ CONFIG_IPV6=y # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set # CONFIG_IPV6_SIT is not set # CONFIG_IPV6_TUNNEL is not set +CONFIG_IPV6_FOU=m # CONFIG_IPV6_GRE is not set # CONFIG_IPV6_MULTIPLE_TABLES is not set # CONFIG_IPV6_MROUTE is not set @@ -832,6 +833,7 @@ CONFIG_NETFILTER_XT_MATCH_IPRANGE=m # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set # CONFIG_NETFILTER_XT_MATCH_OSF is not set CONFIG_NETFILTER_XT_MATCH_OWNER=m +# CONFIG_NETFILTER_XT_MATCH_POLICY is not set # CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set