[bot] AutoMerging: merge all upstream's changes:

* https://github.com/coolsnowwolf/lede:
  kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6}
  kernel: bump 5.10 to 5.10.142 (coolsnowwolf#10084)
  dnsmasq: add patch for DHCPv6 to honor IPv6 address on MAC address
  toolchain: Use GCC 8 by default for mips target
  ntfs3-mount: drop ntfs3-oot
  fs: port ntfs3 from kernel 5.19 to 5.10
  fs: port ntfs3 from kernel 5.19 to 5.4

Author: github-actions[bot]

include/kernel-5.10

@@ -1,2 +1,2 @@
-LINUX_VERSION-5.10 = .138
-LINUX_KERNEL_HASH-5.10.138 = 29a003bb8e0e3a45942f703370fb0b3460e6fdcbbad37424423c9cf831ab5ba8
+LINUX_VERSION-5.10 = .142
+LINUX_KERNEL_HASH-5.10.142 = 3f47ebdb9afe152a0c32c1157336ef13fa5cc08ac6d884dfc1f6ddc2b7dba268

include/netfilter.mk

@@ -355,6 +355,12 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_IPV6, $(P_V6)nft_fib
 
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_QUEUE,CONFIG_NFT_QUEUE, $(P_XT)nft_queue),))
 
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_SOCKET,CONFIG_NFT_SOCKET, $(P_XT)nft_socket),))
+
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_TPROXY,CONFIG_NFT_TPROXY, $(P_XT)nft_tproxy),))
+
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_COMPAT,CONFIG_NFT_COMPAT, $(P_XT)nft_compat),))
+
 # userland only
 IPT_BUILTIN += $(NF_IPT-y) $(NF_IPT-m)
 IPT_BUILTIN += $(IPT_CORE-y) $(IPT_CORE-m)

package/kernel/linux/modules/fs.mk

@@ -530,7 +530,7 @@ $(eval $(call KernelPackage,fs-ntfs))
 define KernelPackage/fs-ntfs3
   SUBMENU:=$(FS_MENU)
   TITLE:=NTFS3 Read-Write file system support
-  DEPENDS:=@(LINUX_5_15||LINUX_5_19) +kmod-nls-base
+  DEPENDS:=@(LINUX_5_4||LINUX_5_10||LINUX_5_15||LINUX_5_19) +kmod-nls-base
   KCONFIG:= \
 	CONFIG_NTFS3_FS \
 	CONFIG_NTFS3_64BIT_CLUSTER=y \

package/kernel/linux/modules/netfilter.mk

@@ -161,6 +161,26 @@ endef
 
 $(eval $(call KernelPackage,nf-flow))
 
+define KernelPackage/nf-socket
+  SUBMENU:=$(NF_MENU)
+  TITLE:=Netfilter socket lookup support
+  KCONFIG:= $(KCOFNIG_NF_SOCKET)
+  FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
+  AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m)))
+endef
+
+$(eval $(call KernelPackage,nf-socket))
+
+
+define KernelPackage/nf-tproxy
+  SUBMENU:=$(NF_MENU)
+  TITLE:=Netfilter tproxy support
+  KCONFIG:= $(KCOFNIG_NF_TPROXY)
+  FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
+  AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m)))
+endef
+
+$(eval $(call KernelPackage,nf-tproxy))
 
 define AddDepends/ipt
   SUBMENU:=$(NF_MENU)
@@ -1179,3 +1199,47 @@ define KernelPackage/nft-queue
 endef
 
 $(eval $(call KernelPackage,nft-queue))
+
+define KernelPackage/nft-socket
+  SUBMENU:=$(NF_MENU)
+  TITLE:=Netfilter nf_tables socket support
+  DEPENDS:=+kmod-nft-core +kmod-nf-socket
+  FILES:=$(foreach mod,$(NFT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
+  AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_SOCKET-m)))
+  KCONFIG:=$(KCONFIG_NFT_SOCKET)
+endef
+
+$(eval $(call KernelPackage,nft-socket))
+
+define KernelPackage/nft-tproxy
+  SUBMENU:=$(NF_MENU)
+  TITLE:=Netfilter nf_tables tproxy support
+  DEPENDS:=+kmod-nft-core +kmod-nf-tproxy +kmod-nf-conntrack
+  FILES:=$(foreach mod,$(NFT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
+  AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_TPROXY-m)))
+  KCONFIG:=$(KCONFIG_NFT_TPROXY)
+endef
+
+$(eval $(call KernelPackage,nft-tproxy))
+
+define KernelPackage/nft-compat
+  SUBMENU:=$(NF_MENU)
+  TITLE:=Netfilter nf_tables compat support
+  DEPENDS:=+kmod-nft-core +kmod-nf-ipt
+  FILES:=$(foreach mod,$(NFT_COMPAT-m),$(LINUX_DIR)/net/$(mod).ko)
+  AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_COMPAT-m)))
+  KCONFIG:=$(KCONFIG_NFT_COMPAT)
+endef
+
+$(eval $(call KernelPackage,nft-compat))
+
+define KernelPackage/nft-xfrm
+  SUBMENU:=$(NF_MENU)
+  TITLE:=Netfilter nf_tables xfrm support (ipsec)
+  DEPENDS:=+kmod-nft-core
+  FILES:=$(foreach mod,$(NFT_XFRM-m),$(LINUX_DIR)/net/$(mod).ko)
+  AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_XFRM-m)))
+  KCONFIG:=$(KCONFIG_NFT_XFRM)
+endef
+
+$(eval $(call KernelPackage,nft-xfrm))

package/lean/ntfs3-mount/Makefile

@@ -10,7 +10,7 @@ define Package/ntfs3-mount
   CATEGORY:=Utilities
   SUBMENU:=Filesystem
   TITLE:=NTFS mount script for Paragon NTFS3 driver
-  DEPENDS:=+LINUX_5_4:kmod-fs-ntfs3-oot +(LINUX_5_15||LINUX_5_19):kmod-fs-ntfs3
+  DEPENDS:=+kmod-fs-ntfs3
   PKGARCH:=all
 endef
 

package/network/config/firewall4/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewall4
-PKG_RELEASE:=1
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall4.git
-PKG_SOURCE_DATE:=2021-03-31
-PKG_SOURCE_VERSION:=29fba840201287b9265888adba6298779b750af5
-PKG_MIRROR_HASH:=1d26a611aeecdf37f09e4cdee6b192e5da087abf6e0fc7a9ca97a80e58d14222
+PKG_SOURCE_DATE:=2022-09-01
+PKG_SOURCE_VERSION:=f5fcdcf2c51f6f0a4b116c352000c4fe0523be77
+PKG_MIRROR_HASH:=57ef6f161abdd323019c026c959ab875fdfd3c972b8dc7767623634b1c259138
 PKG_MAINTAINER:=Jo-Philipp Wich <[email protected]>
 PKG_LICENSE:=ISC
 
@@ -21,8 +21,13 @@ define Package/firewall4
   SECTION:=net
   CATEGORY:=Base system
   TITLE:=OpenWrt 4th gen firewall
-  DEPENDS:=+ucode +ucode-mod-fs +ucode-mod-uci +ucode-mod-ubus +kmod-nft-core +kmod-nft-fib +kmod-nft-nat +kmod-nft-nat6 +nftables-json
-  CONFLICTS:=firewall kmod-ipt-nat
+  DEPENDS:= \
+	+kmod-nft-core +kmod-nft-fib +kmod-nft-offload \
+	+kmod-nft-nat \
+	+nftables-json \
+	+ucode +ucode-mod-fs +ucode-mod-ubus +ucode-mod-uci
+  EXTRA_DEPENDS:=ucode (>= 2022-03-22)
+  PROVIDES:=uci-firewall
 endef
 
 define Package/firewall4/description

package/network/services/dnsmasq/files/dhcp.conf

@@ -20,7 +20,7 @@ config dnsmasq
 	#list notinterface	lo
 	#list bogusnxdomain     '64.94.110.11'
 	option localservice	1  # disable to allow DNS requests from non-local subnets
-	option filter_aaaa	0
+	option filter_aaaa	1
 	option cachesize	8000
 	option mini_ttl		3600
 	option ednspacket_max	1232

package/network/services/dnsmasq/patches/300-DHCPv6-Honor-assigning-IPv6-address-based-on-MAC-add.patch

@@ -0,0 +1,166 @@
+From 93ac8f9d469ff08d41170eb6934842b3626d5fdd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pali=20Roh=C3=A1r?= <[email protected]>
+Date: Wed, 23 Dec 2015 22:10:44 +0100
+Subject: [PATCH] DHCPv6: Honor assigning IPv6 address based on MAC address
+
+Currently IPv6 addresses are assigned to tuple (IAID, DUID). When system
+changes IAID/DUID then old assigned IPv6 address cannot be reused, even
+when in config file was DHCPv6 assignment based on MAC address (and not on
+DUID).
+
+IAID/DUID is changed when rebooting from one operating system to another;
+or after reinstalling system. In reality it is normal that DUID of some
+machine is changed, so people rather assign also IPv6 addresses based on
+MAC address.
+
+So assigning IPv6 based on MAC address in dnsmasq is currently semi-broken.
+
+This patch tries to fix it and honors IPv6 config rules with MAC address,
+to always assign particular IPv6 address to specific MAC address (when
+configured). And ignores the fact if IAID/DUID was changed.
+
+Normally IPv6 address should be assigned by IAID/DUID (which also state
+DHCPv6 RFCs), but dnsmasq has already some support for assigning IPv6
+address based on MAC address, when users configured in config file.
+
+So this patch just tries to fix above problem for user configuration with
+MAC addresses. It does not change assignment based on DUID.
+---
+ src/rfc3315.c | 55 +++++++++++++++++++++++++++++++++++++++++++--------
+ 1 file changed, 47 insertions(+), 8 deletions(-)
+
+--- a/src/rfc3315.c
++++ b/src/rfc3315.c
+@@ -48,7 +48,7 @@ static int build_ia(struct state *state,
+ static void end_ia(int t1cntr, unsigned int min_time, int do_fuzz);
+ static void mark_context_used(struct state *state, struct in6_addr *addr);
+ static void mark_config_used(struct dhcp_context *context, struct in6_addr *addr);
+-static int check_address(struct state *state, struct in6_addr *addr);
++static int check_address(struct state *state, struct dhcp_config *config, struct in6_addr *addr);
+ static int config_valid(struct dhcp_config *config, struct dhcp_context *context, struct in6_addr *addr, struct state *state, time_t now);
+ static struct addrlist *config_implies(struct dhcp_config *config, struct dhcp_context *context, struct in6_addr *addr);
+ static void add_address(struct state *state, struct dhcp_context *context, unsigned int lease_time, void *ia_option, 
+@@ -688,8 +688,13 @@ static int dhcp6_no_relay(struct state *
+ 		      }
+ 		    else if (!(c = address6_available(state->context, &req_addr, solicit_tags, plain_range)))
+ 		      continue; /* not an address we're allowed */
+-		    else if (!check_address(state, &req_addr))
++		    else if (!check_address(state, config, &req_addr))
+ 		      continue; /* address leased elsewhere */
++		    else if (state->mac_len && config &&
++			     config_has_mac(config, state->mac, state->mac_len, state->mac_type) &&
++			     match_netid(c->filter, solicit_tags, plain_range) &&
++			     !config_implies(config, c, &req_addr))
++		      continue; /* another static address is configured */
+ 		    
+ 		    /* add address to output packet */
+ 		    add_address(state, c, lease_time, ia_option, &min_time, &req_addr, now);
+@@ -701,7 +706,10 @@ static int dhcp6_no_relay(struct state *
+ 	    
+ 	    /* Suggest configured address(es) */
+ 	    for (c = state->context; c; c = c->current) 
+-	      if (!(c->flags & CONTEXT_CONF_USED) &&
++	      if ((!(c->flags & CONTEXT_CONF_USED) ||
++		   (state->mac_len && config &&
++		    config_has_mac(config, state->mac, state->mac_len, state->mac_type)
++		   )) &&
+ 		  match_netid(c->filter, solicit_tags, plain_range) &&
+ 		  config_valid(config, c, &addr, state, now))
+ 		{
+@@ -725,6 +733,11 @@ static int dhcp6_no_relay(struct state *
+ 		req_addr = ltmp->addr6;
+ 		if ((c = address6_available(state->context, &req_addr, solicit_tags, plain_range)))
+ 		  {
++		    if (state->mac_len && config &&
++			config_has_mac(config, state->mac, state->mac_len, state->mac_type) &&
++			match_netid(c->filter, solicit_tags, plain_range) &&
++			!config_implies(config, c, &req_addr))
++		      continue; /* skip this lease because another static address is configured */
+ 		    add_address(state, c, c->lease_time, NULL, &min_time, &req_addr, now);
+ 		    mark_context_used(state, &req_addr);
+ 		    get_context_tag(state, c);
+@@ -859,7 +872,7 @@ static int dhcp6_no_relay(struct state *
+ 			put_opt6_string(_("address unavailable"));
+ 			end_opt6(o1);
+ 		      }
+-		    else if (!check_address(state, &req_addr))
++		    else if (!check_address(state, config, &req_addr))
+ 		      {
+ 			/* Address leased to another DUID/IAID */
+ 			o1 = new_opt6(OPTION6_STATUS_CODE);
+@@ -989,6 +1002,16 @@ static int dhcp6_no_relay(struct state *
+ 		  {
+ 		    unsigned int lease_time;
+ 
++		    /* check if another static address is preferred */
++		    if (state->mac_len && config &&
++		        config_has_mac(config, state->mac, state->mac_len, state->mac_type) &&
++		        !config_implies(config, this_context, &req_addr))
++		      {
++			preferred_time = valid_time = 0;
++			message = _("deprecated");
++		      }
++		    else
++		      {
+ 		    get_context_tag(state, this_context);
+ 		    
+ 		    if (config_implies(config, this_context, &req_addr) && have_config(config, CONFIG_TIME))
+@@ -1014,6 +1037,7 @@ static int dhcp6_no_relay(struct state *
+ 		    
+ 		    if (preferred_time == 0)
+ 		      message = _("deprecated");
++		      }
+ 
+ 		    address_assigned = 1;
+ 		  }
+@@ -1070,11 +1094,22 @@ static int dhcp6_no_relay(struct state *
+ 		 ia_option = opt6_find(opt6_next(ia_option, ia_end), ia_end, OPTION6_IAADDR, 24))
+ 	      {
+ 		struct in6_addr req_addr;
++		struct dhcp_context *c;
++		int config_addr_ok = 1;
+ 
+ 		/* alignment */
+ 		memcpy(&req_addr, opt6_ptr(ia_option, 0), IN6ADDRSZ);
++
++		c = address6_valid(state->context, &req_addr, tagif, 1);
++
++		if (c && state->mac_len && config &&
++		    config_has_mac(config, state->mac, state->mac_len, state->mac_type) &&
++		    !config_implies(config, c, &req_addr))
++		  {
++		    config_addr_ok = 0;
++		  }
+ 		
+-		if (!address6_valid(state->context, &req_addr, tagif, 1))
++		if (!c || !config_addr_ok)
+ 		  {
+ 		    o1 = new_opt6(OPTION6_STATUS_CODE);
+ 		    put_opt6_short(DHCP6NOTONLINK);
+@@ -1692,11 +1727,15 @@ static void mark_config_used(struct dhcp
+       context->flags |= CONTEXT_CONF_USED;
+ }
+ 
+-/* make sure address not leased to another CLID/IAID */
+-static int check_address(struct state *state, struct in6_addr *addr)
++/* check that ipv6 address belongs to config with same mac address as in state or ipv6 address is not leased to another CLID/IAID */
++static int check_address(struct state *state, struct dhcp_config *config, struct in6_addr *addr)
+ { 
+   struct dhcp_lease *lease;
+ 
++  if (state->mac_len && config &&
++      config_has_mac(config, state->mac, state->mac_len, state->mac_type))
++    return 1;
++
+   if (!(lease = lease6_find_by_addr(addr, 128, 0)))
+     return 1;
+ 
+@@ -1773,7 +1812,7 @@ static int config_valid(struct dhcp_conf
+ 	  {
+ 	    setaddr6part(addr, addrpart+i);
+ 	    
+-	    if (check_address(state, addr))
++	    if (check_address(state, config, addr))
+ 	      return 1;
+ 	  }
+       }

target/linux/ath79/patches-5.10/910-unaligned_access_hacks.patch

@@ -706,7 +706,7 @@
  EXPORT_SYMBOL(xfrm_parse_spi);
 --- a/net/ipv4/tcp_input.c
 +++ b/net/ipv4/tcp_input.c
-@@ -4093,14 +4093,16 @@ static bool tcp_parse_aligned_timestamp(
+@@ -4116,14 +4116,16 @@ static bool tcp_parse_aligned_timestamp(
  {
  	const __be32 *ptr = (const __be32 *)(th + 1);
 

target/linux/generic/backport-5.10/600-v5.12-net-extract-napi-poll-functionality-to-__napi_poll.patch

@@ -18,7 +18,7 @@ Signed-off-by: David S. Miller <[email protected]>
 
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
-@@ -6809,15 +6809,10 @@ void __netif_napi_del(struct napi_struct
+@@ -6810,15 +6810,10 @@ void __netif_napi_del(struct napi_struct
  }
  EXPORT_SYMBOL(__netif_napi_del);
 
@@ -35,7 +35,7 @@ Signed-off-by: David S. Miller <[email protected]>
  	weight = n->weight;
 
  	/* This NAPI_STATE_SCHED test is for avoiding a race
-@@ -6837,7 +6832,7 @@ static int napi_poll(struct napi_struct
+@@ -6838,7 +6833,7 @@ static int napi_poll(struct napi_struct
  			    n->poll, work, weight);
 
  	if (likely(work < weight))
@@ -44,7 +44,7 @@ Signed-off-by: David S. Miller <[email protected]>
 
  	/* Drivers must not modify the NAPI state if they
  	 * consume the entire weight.  In such cases this code
-@@ -6846,7 +6841,7 @@ static int napi_poll(struct napi_struct
+@@ -6847,7 +6842,7 @@ static int napi_poll(struct napi_struct
  	 */
  	if (unlikely(napi_disable_pending(n))) {
  		napi_complete(n);
@@ -53,7 +53,7 @@ Signed-off-by: David S. Miller <[email protected]>
  	}
 
  	if (n->gro_bitmask) {
-@@ -6864,12 +6859,29 @@ static int napi_poll(struct napi_struct
+@@ -6865,12 +6860,29 @@ static int napi_poll(struct napi_struct
  	if (unlikely(!list_empty(&n->poll_list))) {
  		pr_warn_once("%s: Budget exhausted after napi rescheduled\n",
  			     n->dev ? n->dev->name : "backlog");