Skip to content

build: upgrade OpenWrt base to 25.12 (kernel 6.12)#43

Open
ispyisail wants to merge 18 commits into
masterfrom
openwrt-2512
Open

build: upgrade OpenWrt base to 25.12 (kernel 6.12)#43
ispyisail wants to merge 18 commits into
masterfrom
openwrt-2512

Conversation

@ispyisail

Copy link
Copy Markdown
Owner

Upgrades the OpenWrt base from 24.10 to 25.12 (v25.12.5, kernel 6.12.94). Supersedes PR #41, which was reverted (see below) — this is a curated reland of the same underlying work, scoped to the bump itself.

What changed since #41

PR #41 mixed the bump with an unrelated in-progress feature (gpkg apk-backend work) and some debugging-journey commits that shouldn't have been in reviewed history, and it merged before all four primary targets were verified — mediatek/ath79/ipq40xx all failed to build on it. This PR is the same bump content, scoped down to just the bump, with every fix backed by a real, provable root cause, and all four primary targets build clean before this is proposed for merge.

The unrelated work from #41 will land as separate, independently reviewable PRs: the gpkg apk-backend integration, a netfilter warning-only cleanup, a defensive NULL-guard fix, and a build-script error-reporting improvement.

Base bump and patch re-derivation

Pin to OpenWrt 25.12 (v25.12.5); re-derive patches 004/027/101 and the mediatek uboot serial-rx-buffer patch against the new tree; drop patches 023/024 (absorbed upstream); force USE_APK=n in profile diffconfigs (gpkg remains the package manager); re-derive the x86 diffconfigs.

GCC 14 / new-toolchain build fixes

Fixes for implicit-function-declaration, incompatible-pointer-type, macro collisions, CMake 4's stricter cmake_minimum_required enforcement, and cross-compile probe failures across libbbtargz, libnftbwctl, zip, samba36, gargoyle/qos-gargoyle, mbedtls-clu, https-dns-proxy, and libffi.

Runtime bugs exposed by the new kernel/userspace (found via the vnet simulator)

  • nft_bandwidth corrupted the rootfs on kernel 6.12. The module declares 17 netlink attributes; 6.12 added a check rejecting >16 in nft_register_expr(). init() didn't roll back its earlier nf_register_sockopt() on that failure, leaving the kernel sockopt table pointing at unloaded module code — any later sockopt call (Gargoyle's own bandwidth tooling) jumped into freed memory, manifesting as unbootable ext4 corruption. Fixed by unregistering the sockopt on failure and dropping the unused NFTA_BANDWIDTH_MINUTESWEST attribute.
  • nft list ruleset aborted on every box. nftables 1.1.6 resolves statement ops through a central switch that BUG()s on unknown types, replacing the old ops-pointer mechanism. The bandwidth/timerange/webmon/weburl statement integrations now register their cases. Rule loading was unaffected; listing crashed once any bandwidth statement existed — which is every stock config.
  • ip6_tables.ko silently failed to build on every target. Kernel 6.12 gates it behind a hidden select-only symbol that nothing in Gargoyle's package set selected for IPv6 (IPv4 only worked by accident, via an unrelated package's selection). Fixed generically in the kernel config so all targets get it, not just x86.
  • wifi: stamgr roaming scan/disconnect detection under 25.12; broken APs when country is left at the '00' default.

Verification

All four primary targets: FULL_BUILD=true from-scratch, zero errors, images produced.

  • x86: full vnet 3-site simulator suite, 230/235, zero real failures (5 todo are the long-standing documented ones: T-OVPN-13, T-IPV6-10/11/12, T-WG-12). All wifi phases, captive portal, VLAN manager, multitab, page smoke (43/43) green. nft list ruleset verified exit-0 with live bandwidth statements rendering correctly.
  • mediatek: both subtargets (mt7622, filogic — GL-iNet MT6000's platform); MT6000 sysupgrade image produced; kmod-nf-ipt6 packaged on both.
  • ath79: both profiles (generic, nand).
  • ipq40xx: clean build.

Remaining targets (bcm27xx, bcm47xx, ipq806x, mvebu, ramips, rockchip) were not touched in this bump and keep their existing 24.10-generation full configs, per the existing project convention of only converting a target once a buildroot exists to verify against.

Shane Ringrose added 16 commits July 9, 2026 21:40
branch_name/branch_id/packages_branch repointed from openwrt-24.10 to
openwrt-25.12 -- confirmed the openwrt-25.12 branch exists in both
openwrt/openwrt and openwrt/packages, matching build.sh's existing
checkout convention exactly.

openwrt_commit pinned to f0a60eee2f (the v25.12.5 tag's dereferenced
commit, not branch head) for reproducibility -- same convention as the
prior 24.10 pin. 24.10 security support ends 2026-09-05; this is Stage
1 of a two-stage bump (base first with USE_APK=n, apk flip separately)
-- see docs/openwrt-2512-bump-plan.md in gargoyle-tools for the full
track plan.
004-fix_postinst_prerm_scripts, 027-wireguard_tools_bump, and
101-gargoyle_ssid_override needed re-anchoring against the 25.12 tree
(context drift, not logic changes). targets/mediatek/patches/001-uboot
needed the same treatment: 25.12 dropped the --enable SERIAL_RX_BUFFER
line the patch modified from UBOOT_CUSTOMIZE_CONFIG; re-derived against
the new block, adds back both the enable and the 256-byte size.
…nned versions

Discovered live during a real B2 build (Gargoyle's netfilter-match-modules
integration script, netfilter-match-modules/integrate_netfilter_modules.sh,
downloads the exact package-Makefile-pinned nftables/libnftnl source and
re-applies package/.../patches/*.patch against it as part of preparing to
layer Gargoyle's own custom NFT match modules on top) -- both patches
failed against the real, current 25.12-pinned versions (nftables 1.1.6,
libnftnl 1.3.1), non-fatally to the overall build but a real correctness
gap worth fixing properly rather than ignoring.

023-nftables-remove-patch-files.patch deleted a stray tests/shell/
run-tests.sh.rej file that shipped in nftables' own 24.10-era source
tarball. Verified directly against the real nftables-1.1.6.tar.xz: that
file no longer exists in the tarball at all -- upstream's own release
process cleaned it up. Nothing left for this patch to do.

024-backport_nftables_bitwise_mask_xor.patch backported a specific
upstream libnftnl commit (12bd1aea5, Jeremy Sowden, "add new bitwise
boolean attributes to nf_tables.h") into an older libnftnl's headers.
Verified directly against the real libnftnl-1.3.1.tar.xz's
include/linux/netfilter/nf_tables.h: every field this patch adds
(NFT_BITWISE_MASK_XOR, NFT_BITWISE_AND/OR/XOR, the NFT_BITWISE_BOOL
backwards-compat define, NFTA_BITWISE_SREG2) is already present
natively. libnftnl 1.3.1 ships with zero patches at all in
package/libs/libnftnl/patches/ once these two are removed.

This is exactly the "check whether upstream absorbed the change
natively" scenario from the 24.10 bump's own patch-024 lesson -- these
two patches needed deleting, not re-deriving. Verified via a fresh
v25.12.5 scratch clone + the real scripts/patch-kernel.sh: all 22
remaining patches apply clean, and the nftables/libnftnl patches/
directories end up containing only upstream's own native patches (3 for
nftables, none for libnftnl) with nothing left over from us to fail.
On 24.10, USE_APK "depends on BROKEN" with no explicit default --
structurally unselectable, so no existing Gargoyle diffconfig ever
needed to mention it. On 25.12, that "depends on BROKEN" is gone,
replaced with "default y". An existing diffconfig that stays silent on
USE_APK would pick up y automatically on a fresh make defconfig against
the new base -- exactly the violation the whole two-stage bump
strategy (base bump first with the legacy opkg backend unchanged, apk
flip separately once #39's backend is proven
on-target) depends on avoiding.

Added "# CONFIG_USE_APK is not set" to all 9 diffconfig-format profiles
across the 4 targets the ericpaulbishop#1028 port already converted (x86 x5
profiles, mediatek x2, ath79 x2, ipq40xx x1), alphabetically placed
immediately before the existing USE_FS_ACL_ATTR line already present
in every one of them. The 7 remaining full-config targets are
untouched here -- they stay in their existing full-config form until
B5 converts them against a real 25.12 buildroot, per the ericpaulbishop#1028 port's
own original sequencing decision.

Not yet verified that this override survives a real make defconfig
against a genuine 25.12 buildroot -- that needs full feeds/toolchain
setup and is the first thing the next phase (B2, x86 full build) must
confirm.
…kage tree

make defconfig -> scripts/diffconfig.sh -> byte-identical round-trip
verify for each profile (default, alix, vnet-wifi, x64, x64-wifi),
per the established ericpaulbishop#1028-port method -- never hand-edited. Every
diff is explained by real 25.12-era Kconfig drift, confirmed via the
resolved .config, not a functional change:

- CONFIG_KERNEL_EROFS_FS_POSIX_ACL: new kernel option in 25.12's
  Config-kernel.in, resolves to off (matches every other *_POSIX_ACL
  default in these profiles).
- CONFIG_PACKAGE_apk-mbedtls: new package (apk's own mbedtls crypto
  backend), resolves to off -- consistent with Stage 1's USE_APK=n.
- kmod-video-async/kmod-video-cpia2/kmod-video-fwnode: these Kconfig
  symbols no longer exist anywhere in the 25.12 kernel tree (confirmed
  via grep -- upstream media-subsystem restructuring between 6.6 and
  6.12), so the old "not set" lines were pure noise referencing
  nonexistent options.
- ucode-mod-uloop / ucode-mod-digest: both remain enabled in the real
  resolved .config for every profile that had them before (confirmed
  via grep) -- diffconfig.sh's minimizer just picked a different
  implied-vs-explicit split of which lines are needed to reproduce
  the same resolved state, not a package selection change.
- kmod-i2c-core (alix only): newly appears as an explicit `=y` line;
  also confirmed present and enabled in the resolved .config.

CONFIG_USE_APK is not set survived in all 5 re-derived profiles,
confirming Stage 1's diffconfig fix from B1 is still correctly
resolved.
CMake 4.x (bundled in the 25.12 host toolchain) hard-rejects any
package whose own CMakeLists.txt declares cmake_minimum_required below
3.5 (hit libid3tag, lzo; likely more packages carry the same old
CMakeLists.txt pattern). Fixed globally via
-DCMAKE_POLICY_VERSION_MINIMUM=3.5 in include/cmake.mk's target and
host cmake invocations, rather than patching every package individually
as each one surfaces.
…reakage

mbedtls-clu and https-dns-proxy: PKG_MIRROR_HASH no longer matches a
fresh git-archive of the exact pinned commit -- the archive-generation
mechanism itself changed between 24.10 and 25.12, not the source
content. Verified by re-checking out each pinned commit fresh and
confirming the new hash is reproducible. Updated the hash constants.

libffi: PKG_FIXUP:=autoreconf regenerates the build system with this
toolchain's newer host autoconf/automake, which introduces a
build-vs-host triplet mismatch ("No rule to make target
'all-configured'"). libffi 3.4.6's release tarball already ships a
working, upstream-tested ./configure; removed the fixup rather than
chasing the newer autoconf's behavior change.
unarchive.c calls seek_by_read() with no prior prototype (2007-era
code extracted from busybox with the declaration left behind). GCC 14
(first used by this toolchain as of the 25.12 bump) makes implicit
function declarations a hard error by default, where GCC <= 13 only
warned -- breaking this package's build outright and, with it, image
assembly for every x86 profile in the B2 full build.

Same root cause and same fix already validated for the host-side gapk
dev-loop build (tests/gapk/build-host.sh in gargoyle-tools); applying
the identical workaround here rather than trying to source/restore the
real prototype from 2007-era upstream busybox code.
package/zip's stock "generic" build target runs unix/configure's
feature-detection probes, which try to compile+link+run tiny test
programs -- impossible under cross-compilation, so every probe
silently assumes the worst and falls back to a batch of "-DNO_*"/
"-DZMEM" defines selecting zip's own bundled 2008-era K&R-style
fallback implementations (memset/mktime/etc), each guarded by a
hand-written prototype that assumes no real ANSI <string.h>/<time.h>
exists. musl provides working, conformant versions of every one of
these, so the whole batch has always been a false positive for this
cross build -- GCC <= 13 only warned about the resulting conflicts;
GCC 14 (new in this toolchain, 25.12) makes them hard errors
("conflicting types for 'memset'", "invalid use of undefined type
'struct tm'").

Split Build/Compile into two steps (generate flags, strip the whole
-DNO_*/-DZMEM batch, then build) instead of patching zip's own
Makefile/configure or whack-a-moling one define at a time as each
newly becomes a hard error. Added a matching Build/Install since the
override replaces the stock MAKE_FLAGS-based generic+install combo.
Verified via a real scoped compile: zip_3.0-r5_x86_64.ipk now builds
clean.
…nclude)

Two unrelated GCC14-newly-fatal issues found compiling this legacy
(3.6.25) samba build:

- smbd/vfs.c: samba's own libreplace shim conditionally redefines
  mkdir(dir, mode) -> mkdir(dir) when its own configure probe decides
  the target's real mkdir() doesn't support a mode argument. That
  probe's test program (lib/replace's HAVE_MKDIR_MODE check) never
  includes <sys/stat.h>, so mkdir() has no visible prototype in the
  probe itself -- GCC <= 13 only warned on the resulting implicit
  declaration, letting the probe "succeed"; GCC 14 makes it a hard
  error, flipping the cached result to "no" and activating the 2-arg
  replacement macro. That macro then collides at the token level with
  an unrelated 3-arg handle->fns->mkdir(handle, path, mode) vfs
  member-function call elsewhere in the same file (C macros don't
  respect struct member access syntax). Fixed the same way this
  Makefile already works around many other broken cross-compile
  probes: supply the known-correct answer directly via
  CONFIGURE_VARS (libreplace_cv_mkdir_has_mode=yes), rather than
  patching samba's own probe source.

- utils/owrt_smbpasswd.c (an OpenWrt-authored file, not upstream
  samba, created via patches/111-owrt_smbpasswd.patch): calls
  mdfour() with no declaration in scope anywhere it includes -- an
  implicit-declaration warning under GCC <= 13, a hard error under
  GCC 14. Added the missing `#include "../lib/crypto/md4.h"` (the
  same relative include path used elsewhere in this samba tree, e.g.
  rpc_server/netlogon/srv_netlog_nt.c) to the patch, bumping its
  new-file hunk header from +1,249 to +1,250 to match.

Verified via a real full scoped compile: samba36-server_3.6.25-r14_x86_64.ipk
now builds clean.
GCC 14 promotes incompatible-pointer-type from warning to hard error.
Three real type mismatches surfaced across nft_bwctl.c,
gargoyle_header_footer.c, and qosmon.c.
kernel 6.12 gates ip6_tables.ko behind the hidden select-only
IP6_NF_IPTABLES_LEGACY symbol. CONFIG_IP6_NF_IPTABLES=m alone (all
that kmod-nf-ipt6 sets) no longer builds it, so kmod-nf-ipt6 fails to
package -- on every target, as the mediatek build just demonstrated.
The IPv4 twin only works by accident: kmod-ipt-core's
CONFIG_IP_NF_FILTER=m selects the IPv4 legacy symbol, and that package
is in Gargoyle's set; no IPv6 equivalent is.

Move the fix from target/linux/x86/config-6.12 to
target/linux/generic/config-6.12 so every target gets it, and answer
the open question left in the B2 notes about why IPv4 resolved =m.
…ps table

nftables 1.1.6 (the version this OpenWrt base ships) resolves statement
ops through a central switch in stmt_ops()/__stmt_ops_by_type() and
BUG()s on any type missing from it, instead of reading the ops pointer
stored in the statement as older versions did. Gargoyle's integration
fragments define bandwidth/timerange/webmon/weburl statement ops but
never added cases to that switch, so any ruleset containing one of
these statements -- which is every Gargoyle default firewall; a stock
config carries ~80 bandwidth/timerange statements -- made
'nft list ruleset' abort:

  BUG: Unknown statement type 10
  Assertion failed: 0 (src/statement.c: stmt_ops: 1366)

Rules still loaded fine (fw4 input goes through the parser, not this
path); only listing/inspection crashed. Add one case per module to the
switch via new meta insertions anchored after the STMT_REJECT case.
Verified live: rebuilt libnftables side-loaded onto a vnet VM lists
the full ruleset cleanly, exit 0.
nft_bandwidth declared 17 netlink attributes (NFTA_BANDWIDTH_MAX), one
over the 16-attribute limit (NFT_EXPR_MAXATTR) that kernel 6.12 added
to nft_register_expr(): WARN_ON_ONCE(type->maxattr > NFT_EXPR_MAXATTR).
That check does not exist on kernel 6.6, which is why this only shows
up on the 25.12 kernel bump. Confirmed by diffing net/netfilter/
nf_tables_api.c between the v6.6 and v6.12 kernel tags.

The registration failure alone would just mean the module fails to
load, but init() calls nf_register_sockopt() *before* attempting
nft_register_expr(), and never rolled that back on failure. When a
module's init() returns nonzero the kernel does not call its exit/
fini function and unloads the module's code -- leaving the kernel's
global sockopt table (BANDWIDTH_SET=2048, BANDWIDTH_GET=2049) pointing
at freed memory. Any later setsockopt/getsockopt on those commands
(the exact interface Gargoyle's userspace bandwidth/quota tooling
uses) jumps into that freed memory, and the resulting corruption lands
wherever it lands -- in testing, consistently on ext4 metadata,
producing "doubly allocated" / "deleted inode referenced" errors and
an unbootable image. Root-caused and confirmed via QEMU monitor
screendumps, module-by-module isolation, and a live serial-console
insmod reproduction that surfaced the WARN_ON_ONCE with a full stack
trace.

Two changes:
- init() now calls nf_unregister_sockopt() if nft_register_expr()
  (or the earlier id_map allocation) fails, before returning the
  error. This alone prevents the corruption regardless of attribute
  count, turning any future registration failure into a clean load
  failure instead of a dangling kernel function pointer.
- Removed NFTA_BANDWIDTH_MINUTESWEST, bringing the attribute count to
  exactly 16. It was declared in the kernel-side parse policy but
  never actually read by init() or written by dump() -- dead on the
  kernel side. It did have real plumbing in the userspace libnftnl
  wire-format code (get/set/build/parse), which is now cleaned up to
  match; nothing in Gargoyle's own rule-generation scripts ever
  populated it. Kept the two enums (kernel header and the userspace
  wire-format copy in libnftnl/include_linux_netfilter_bandwidth.h)
  numerically synchronized, since a mismatch there would desync the
  netlink wire protocol between kernel and userspace.

Verified: with only nft_bandwidth enabled, the vnet-wifi x86 image
now boots clean on kernel 6.12.94 -- lsmod shows nft_bandwidth loaded
and registered under nf_tables, no WARNING, no ext4 errors, apk
writes succeed post-boot. Isolated confirmation that nft_webmon and
nft_weburl were never affected by this bug (module-by-module boot
testing, both clean independently).
Every AP left at its out-of-the-box default (country never explicitly
configured) silently never reaches a real operating channel under
25.12 -- confirmed live: iwinfo shows Channel: 0/unknown, iw dev prints
no channel/ssid line at all, and no client can ever scan or associate,
even though hostapd's own process is running and the interface exists.

Root cause, traced end to end: '00' is cfg80211's own generic/"world
safe mode" regulatory-domain placeholder (confirmed via `iw reg get`:
"country 00: DFS-UNSET"), not a real ISO country code -- but
wireless.wifi-device.json's schema aliases UCI's 'country' field
straight onto hostapd config's 'country_code' unconditionally
(default: country_code), and separately defaults 'ieee80211d' (the
802.11d Country IE toggle) to true regardless of whether a real
country is configured, even though the schema's own description says
ieee80211d "Requires country". hostapd itself has been tightened
(also part of this bump) to hard-reject country_code=00 combined with
ieee80211d=1 as invalid -- confirmed directly: running the exact
generated config standalone gets "Invalid country_code '00' / Cannot
enable IEEE 802.11d without setting the country_code" and refuses to
start. netifd's newer global multi-BSS hostapd daemon doesn't
propagate that failure as a hard error though -- it silently leaves
the BSS half-configured (interface/SSID/encryption present, channel
never set), which is why every symptom looked like "the AP sort of
exists but never really works" rather than an obvious startup crash.

This is not hwsim/vnet-specific: Gargoyle's own wireless UI
(basic.js) never sets a country code, and UCI's own default leaves it
at '00' on first boot, so any real router where the admin enables
WiFi without separately configuring an advanced country setting would
hit this identically.

Fixed in wifi-scripts' own hostapd.uc: device_country_code() already
had an early-return guard for "no country_code set", gated only on
existence -- extended it to also treat the '00' placeholder as
"unset", matching the schema's own documented intent. Verified via a
real end-to-end test: after the fix, a freshly-enabled AP with country
left at '00' reaches a genuine operating channel (iwinfo: Channel: 6,
Tx-Power: 20 dBm) and a real client completes full WPA2 association
(wpa_supplicant: CTRL-EVENT-CONNECTED).
…25.12

The rewritten ucode iwinfo CLI broke two things check_sta()/
get_scan_results() depended on:

- iwinfo <iface> scan fails outright ("Netlink error while awaiting
  scan results: No event received"), even on a real, already-up
  interface. Separately, a disabled=1 wifi-iface now produces zero
  kernel interface at all under this netifd (unlike 24.10), so there's
  nothing to scan against in the idle case either way, and a live STA
  interface is already owned by netifd's global wpa_supplicant, which
  refuses a second externally-triggered scan on the same vif.
  get_scan_results() now scans through a short-lived, daemon-independent
  interface created directly on the phy with plain `iw`, parsing `iw
  scan`'s block-structured text output instead of iwinfo's.

- iwinfo <iface> info keeps reporting the last-associated ESSID after a
  real disconnect, confirmed live against `iw link` and `wpa_cli status`
  (both correctly show the link is gone) while iwinfo stayed wrong for
  150+ seconds. check_sta()'s old "unknown" substring check never
  caught this, since the degraded fields it inspected print "0", not the
  literal word "unknown". check_sta() now derives connected state and
  signal quality from `iw dev <iface> link` directly.

Verified live end to end: real association, real failover after
killing the active AP, and real blacklisting on repeated auth failure
all now complete within their expected budgets (vnet phase 19, 5/5).
Shane Ringrose added 2 commits July 10, 2026 21:27
The comment in 031 claimed hostapd "now" hard-rejects country_code=00
combined with ieee80211d=1. Both halves were wrong, as flagged in
review: hostapd has rejected any country_code with characters outside
A-Z at config-parse time since 2.10 (2022) -- see the Feb 2022
"Invalid country_code '00'" hostap list threads -- and that rejection
is unconditional. The "Cannot enable IEEE 802.11d without setting the
country_code" error observed in testing is a follow-on (the rejected
line leaves the country empty while ieee80211d=1 is still present),
not the trigger.

What actually changed in 25.12 is the generation side: a radio left at
its out-of-the-box default now ends up with country '00' in UCI, and
the ucode wifi-scripts schema (wireless.wifi-device.json) aliases
'country' straight onto 'country_code', handing hostapd a config it
has always refused. The old shell path had the same -n guard but never
saw a '00' in UCI, which is why 24.10 never hit this.

Comment-only change; the code hunk is identical. Re-verified the patch
still applies cleanly against pristine hostapd.uc (reverse/forward
round-trip).
Reconciles Michael's V2 netfilter patches (derived against a pre-25.12
tree) with this branch, which had independently landed about half of
them (statement-ops registration in 0bbaf23; the sockopt cleanup and
.owner in 327a8eb). Three parts:

1. Switch the kernel-6.12 nft_bandwidth registration fix from
   attribute-removal to a maxattr bump, partially reverting 327a8eb.
   That commit dropped NFTA_BANDWIDTH_MINUTESWEST to get the attribute
   count under kernel 6.12's new WARN_ON_ONCE(type->maxattr >
   NFT_EXPR_MAXATTR) [16] in nft_register_expr(). Michael's approach
   keeps the attribute (restored here across the kernel header, both
   libnftnl wire-format enums, and the userspace get/set/build/parse
   plumbing) and instead raises NFT_EXPR_MAXATTR to 17.
   NFT_EXPR_MAXATTR is a kernel-internal sizing constant (bounds a
   fixed-size on-stack netlink attribute array), not uAPI, so the bump
   carries no wire-format risk. The mechanism is general: a module
   ships an optional "maxattr" file naming the ceiling it needs, and
   integrate_netfilter_modules.sh patches nf_tables.h to at least that
   value (nf_tables.h is added to the generated-patch file walk so the
   bump actually lands in 650-custom_netfilter_match_modules.patch).
   327a8eb's sockopt-cleanup-on-failed-init, which prevents the
   dangling-sockopt rootfs corruption regardless of attribute count,
   is kept -- both approaches want it.

2. Build-warning cleanups for the newer toolchain: libxt_bandwidth.c
   drops its local ipany typedef for the header's own union
   xt_bandwidth_ipany and casts %lld printf args to (long long);
   libxt_webmon.c gains unistd.h; the iptables weburl regexp.c renames
   its END opcode macro to P_END (collision under newer kernel
   headers) and regexp.h declares my_strcspn; xt_webmon.c, xt_weburl.c
   and the three nft_* modules gain forward declarations for their
   non-static functions. nft_webmon's init() now removes its /proc
   entries if nft_register_expr() fails, mirroring the bandwidth
   sockopt cleanup: on a nonzero init() return the kernel unloads the
   module without calling fini(), and the stale proc file ops would
   point into freed memory.

3. Rename the nftables modules' bundled dependency dirs to
   nft_<name>_deps (bandwidth/webmon/weburl) so they can't collide
   with their iptables counterparts' identically-named dirs, updating
   the module includes to match.

Verified: full x86.vnet-wifi firmware build from this tree, then the
complete vnet simulator suite -- all three sites boot clean on kernel
6.12 with nft_bandwidth registered (lsmod-visible, no WARN_ON, no
ext4 corruption -- the exact failure mode 327a8eb diagnosed), and
the bandwidth/quota, webmon and weburl paths exercised by the suite
pass. NFTA_BANDWIDTH_MAX lands at exactly 17 (= the PAD index = the
declared .maxattr), matching the shipped maxattr ceiling.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant