gl-infra-builder-FUjr/patches-siflower-18.x/4004-fix-update-firewall-to-2019-11-22.patch

From 0d086ea8ca59de8393df2bf11c605bb574dc1818 Mon Sep 17 00:00:00 2001
From: gl-dengxinfa <xinfa.deng@gl-inet.com>
Date: Tue, 8 Nov 2022 18:24:34 +0800
Subject: [PATCH] fix: update firewall to 2019-11-22

---
 .../package/network/config/firewall/Makefile  |  8 ++--
 ...cp-mss-clamping-also-on-ingress-path.patch | 33 ++++++++++++++++
 ...ns-fix-parsing-of-boolean-attributes.patch | 38 +++++++++++++++++++
 3 files changed, 75 insertions(+), 4 deletions(-)
 create mode 100644 openwrt-18.06/package/network/config/firewall/patches/0001-zones-apply-tcp-mss-clamping-also-on-ingress-path.patch
 create mode 100644 openwrt-18.06/package/network/config/firewall/patches/0002-options-fix-parsing-of-boolean-attributes.patch

diff --git a/openwrt-18.06/package/network/config/firewall/Makefile b/openwrt-18.06/package/network/config/firewall/Makefile
index 669973520..c927dafab 100644
--- a/openwrt-18.06/package/network/config/firewall/Makefile
+++ b/openwrt-18.06/package/network/config/firewall/Makefile
@@ -9,13 +9,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewall
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git
-PKG_SOURCE_DATE:=2018-12-06
-PKG_SOURCE_VERSION:=14589c80cde937162da02414a0103653a566e866
-PKG_MIRROR_HASH:=c0ed3c441c619d4571e4fd5d75e537f72cbf0d9cbaf7d938b0f5cd524228dacc
+PKG_SOURCE_DATE:=2019-11-22
+PKG_SOURCE_VERSION:=8174814a507489ebbe8bb85c1004e1f02919ca82
+PKG_MIRROR_HASH:=84e0cca2d47470bdb1788a8ae044cc425be8ff650a1137474ba43a15040085da
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=ISC
 
diff --git a/openwrt-18.06/package/network/config/firewall/patches/0001-zones-apply-tcp-mss-clamping-also-on-ingress-path.patch b/openwrt-18.06/package/network/config/firewall/patches/0001-zones-apply-tcp-mss-clamping-also-on-ingress-path.patch
new file mode 100644
index 000000000..9e23dfd2b
--- /dev/null
+++ b/openwrt-18.06/package/network/config/firewall/patches/0001-zones-apply-tcp-mss-clamping-also-on-ingress-path.patch
@@ -0,0 +1,33 @@
+From 4a7df7d8c4e40fd2ce0d9f125755249dee17a8bd Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4tech@gmail.com>
+Date: Fri, 24 Jul 2020 12:52:59 +0800
+Subject: [PATCH] zones: apply tcp mss clamping also on ingress path
+
+Fixes FS#3231
+
+Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
+Acked-by: Jo-Philipp Wich <jo@mein.io>
+(cherry picked from commit e9b90dfac2225927c035f6a76277b850c282dc9a)
+---
+ zones.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/zones.c b/zones.c
+index 01fb706..3d54a76 100644
+--- a/zones.c
++++ b/zones.c
+@@ -552,6 +552,14 @@ print_interface_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
+ 			fw3_ipt_rule_target(r, "TCPMSS");
+ 			fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", NULL);
+ 			fw3_ipt_rule_replace(r, "FORWARD");
++
++			r = fw3_ipt_rule_create(handle, &tcp, dev, NULL, sub, NULL);
++			fw3_ipt_rule_addarg(r, false, "--tcp-flags", "SYN,RST");
++			fw3_ipt_rule_addarg(r, false, "SYN", NULL);
++			fw3_ipt_rule_comment(r, "Zone %s MTU fixing", zone->name);
++			fw3_ipt_rule_target(r, "TCPMSS");
++			fw3_ipt_rule_addarg(r, false, "--clamp-mss-to-pmtu", NULL);
++			fw3_ipt_rule_replace(r, "FORWARD");
+ 		}
+ 	}
+ 	else if (handle->table == FW3_TABLE_RAW)
diff --git a/openwrt-18.06/package/network/config/firewall/patches/0002-options-fix-parsing-of-boolean-attributes.patch b/openwrt-18.06/package/network/config/firewall/patches/0002-options-fix-parsing-of-boolean-attributes.patch
new file mode 100644
index 000000000..c7a4593f1
--- /dev/null
+++ b/openwrt-18.06/package/network/config/firewall/patches/0002-options-fix-parsing-of-boolean-attributes.patch
@@ -0,0 +1,38 @@
+From 78d52a28c66ad0fd2af250038fdcf4239ad37bf2 Mon Sep 17 00:00:00 2001
+From: Remi NGUYEN VAN <remi.nguyenvan+openwrt@gmail.com>
+Date: Sat, 15 Aug 2020 13:50:27 +0900
+Subject: [PATCH] options: fix parsing of boolean attributes
+
+Boolean attributes were parsed the same way as string attributes,
+so a value of { "bool_attr": "true" } would be parsed correctly, but
+{ "bool_attr": true } (without quotes) was parsed as false.
+
+Fixes FS#3284
+
+Signed-off-by: Remi NGUYEN VAN <remi.nguyenvan+openwrt@gmail.com>
+---
+ options.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/options.c
++++ b/options.c
+@@ -1170,6 +1170,9 @@ fw3_parse_blob_options(void *s, const st
+ 						if (blobmsg_type(e) == BLOBMSG_TYPE_INT32) {
+ 							snprintf(buf, sizeof(buf), "%d", blobmsg_get_u32(e));
+ 							v = buf;
++						} else if (blobmsg_type(o) == BLOBMSG_TYPE_BOOL) {
++							snprintf(buf, sizeof(buf), "%d", blobmsg_get_bool(o));
++							v = buf;
+ 						} else {
+ 							v = blobmsg_get_string(e);
+ 						}
+@@ -1189,6 +1192,9 @@ fw3_parse_blob_options(void *s, const st
+ 				if (blobmsg_type(o) == BLOBMSG_TYPE_INT32) {
+ 					snprintf(buf, sizeof(buf), "%d", blobmsg_get_u32(o));
+ 					v = buf;
++				} else if (blobmsg_type(o) == BLOBMSG_TYPE_BOOL) {
++					snprintf(buf, sizeof(buf), "%d", blobmsg_get_bool(o));
++					v = buf;
+ 				} else {
+ 					v = blobmsg_get_string(o);
+ 				}
-- 
2.34.1