Configuration override options was misleading. In reality those are
options you most probably don't want to mess too much with so let's call
them rather advanced options.

This also moves PUBLISH_BRANCH in example configuration file to
section: don't mess with. This is because now we provide it from
defaults and user just should not mess with it unless he know what he is
doing.

OpenWRT commit to be used is specified in feeds.conf file with rest of
feeds now so it makes not sense to overwrite it. This is just confusing
without any real gain in here. You can always modify feeds.conf file to
achieve the same.

This makes sure if there isn't this package, the build fails
Also, reorder section Turris packages

We have to ensure that languages are installed when module is installed.
It does not matter if that is done immediately or later but it has to be
done. The solution in here is to check if module is installed and if so
also request languages for it.

This is just basically rebase of those patches on top of 4.19 kernel.
It seems that there is no change in this case between 4.14 and 4.19.

This adds code that is not pkglists dependent and when any Foris plugin
is installed it should automatically also maintain languages.

Note that lists are not aware of Foris packages existence so they need
list of all existing plugins.

Upstream Luci now uses sysntpd service instead of calling ntpd directly
as it seems. At least this patch no longer applies and there is no ntpd
string in latest Luci codebase. This means that I am dropping this
patch.

This just reorders options in file to more appropriate place.

n8v8R authored 5 years ago and Karel Koci committed 5 years ago

This option adds the "rt" expression that you can use to match packet routing information such as the packet nexthop.

This option adds the "bitmap" set type that is used to build sets whose keys are smaller or equal to 16 bits.

This option adds the "objref" expression that allows you to refer to stateful objects, such as counters and quotas.

This is required if you intend to use the userspace queueing infrastructure (also known as NFQUEUE) from nftables.

This is required if you intend to use any of existing x_tables match/target extensions over the nf_tables framework.

This option allows using the FIB expression from the netdev table. The lookup will be delegated to the IPv4 or IPv6 FIB depending on the protocol of the packet.

This module enables IPv4 packet duplication support for nf_tables.

This module enables IPv6 packet duplication support for nf_tables.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>

n8v8R authored 5 years ago and Karel Koci committed 5 years ago

closes https://gitlab.labs.nic.cz/turris/turris-build/issues/64

# CONFIG_NETFILTER_XT_TARGET_HMARK
This option adds the "HMARK" target.
The target allows you to create rules in the "raw" and "mangle" tables which set the skbuff mark by means of hash calculation within a given range. The nfmark can influence the routing method and can also be used by other subsystems to change their behaviour.

# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP 
This option adds a "TCPOPTSTRIP" target, which allows you to strip TCP options from TCP packets.

# CONFIG_NETFILTER_XT_MATCH_CGROUP
Socket/process control group matching allows you to match locally generated packets based on which net_cls control group processes belong to.

# CONFIG_NETFILTER_XT_MATCH_IPCOMP
This match extension allows you to match a range of CPIs(16 bits) inside IPComp header of IPSec packets.

# CONFIG_NETFILTER_XT_MATCH_L2TP 
This option adds an "L2TP" match, which allows you to match against L2TP protocol header fields.

# CONFIG_NETFILTER_XT_MATCH_OSF
This option selects the Passive OS Fingerprinting match module that allows to passively match the remote operating system by analyzing incoming TCP SYN packets.
Rules and loading software can be downloaded from http://www.ioremap.net/projects/osf

# CONFIG_NETFILTER_XT_MATCH_SCTP
With this option enabled, you will be able to use the `sctp' match in order to match on SCTP source/destination ports and SCTP chunk types.

There seems to be a dependency on kernel package with magic in it so we
do not have to append magic to kmods as well.

There were two patches in patches/openwrt/to-upstream directory that
were fixes of hack patch. Those of course should not be send to upstream
and should be part of that specific patch. This commit merges those
patches to that patch.

Primary change here is that we dropped restart exclusion. Updater
service is no longer there and there might no longer be need to not
restart base-files services. It simplifies code and drops Turris
specific changes.

It seems that upstream fixed problem with luajit compilation. It might
break because we are dropping patch that upstream does not provide.
Let's try it without this patch. If we encunter problems with
compilation then we should add given patch and also push it to upstream.