As part of "T5792: Upgrade to ddclient 3.11.2" in commit 368b89ef056,
ddclient was built using build system from Debian Salsa and source code
from upstream GitHub.
This was subsequently modified in commit 7f7030d9281 to use both build
system and source code from Debian Salsa.
Now that Debian finally has ddclient 3.11.2 release, we can use the
release tag to build the package.
All VyOS kernel modules must live in the appropriate module directory,
example: /lib/modules/6.6.41-amd64-vyos/
In addition we do not abbreviate script options to make reading easier,
without call --help all the time.
Commit 368b89ef05 ("ddclient: T5797: Upgrade to ddclient 3.11.2") bumped the
ddclient version by using the build system from Debian SALSA repo and the
upstream ddclient source code.
Debian now provides the same version from the SALSA repos.
Build OFED drivers and userspace components against the kernel
source tree similar to Intel's NIC drivers.
OFED installers create Debian packages of their own tageting the
kernel version defined in the build invocation if DKMS is omitted.
Script builds with supporting components for VPP to permit handoff
of function to the underlying hardware as appropriate. Updating the
version is fairly trivial along with adding patching as needed to
handle kCFI and hardening measures as they are introduced.
Testing:
Tested against GCC-built Linux Hardened kernel with the various
additions from PR 132 - sustained line-rate testing against 4x100g
links on a single machine at a hair below 200g for each LACP pair.
Fix CVE-2023-48795: (terrapin attack)
The SSH transport protocol with certain OpenSSH extensions allows remote
attackers to bypass integrity checks such that some packets are omitted (from
the extension negotiation message), and a client and server may consequently
end up with a connection for which some security features have been downgraded
or disabled, aka a Terrapin attack.
Bump the `hsflowd` version to `v2.0.55-1`
Fixed and extended PCAP capabilities for not hardware/bridge
interfaces (like GRE tunnel interface).
It fixes crashes the daemon if you use tunnel interfaces
```
hsflowd[9160]: PCAP: tun0 has no supported datalink encapsulaton
hsflowd[9160]: Received signal 11
hsflowd[9160]: SIGSEGV, faulty address is (nil)
```
The correct commit fix in 62346aa672
Updated version starts the hsflowd without issues
The ixgbe driver did not support the 1000BASE-BX standard so for example FS.com
SFP-GE-BX 1310/1490nm 10km transceiver received an unsupported module error even
with allow_unsupported_sfp enabled.
To solve this problem I created a patch that was accepted by Linux upstream
(1b43e0d20f)
so starting from kernel 6.9 the ixgbe driver will have 1000BASE-BX support,
however VyOS uses the out of tree driver so it is necessary to backport the patch.
