Merge branch 'openwrt:master' into master

2023-07-11 10:33:56 +05:30 · 2023-07-11 10:33:56 +05:30 · 434b6202d2
commit 434b6202d2
parent 44c8433cd2 7709b85f86
40 changed files with 1656 additions and 124 deletions
--- a/admin/btop/Makefile
+++ b/admin/btop/Makefile
@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=btop
 PKG_VERSION:=1.2.13
-PKG_RELEASE:=2
+PKG_RELEASE:=3

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL=https://codeload.github.com/aristocratos/btop/tar.gz/v$(PKG_VERSION)?
@ -12,6 +12,7 @@ PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
 PKG_LICENSE:=Apache-2.0
 PKG_LICENSE_FILES:=LICENSE

+PKG_BUILD_FLAGS:=no-lto
 PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1

--- a/admin/nyx/Makefile
+++ b/admin/nyx/Makefile
@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=nyx
 PKG_VERSION:=2.1.0
-PKG_RELEASE:=2
+PKG_RELEASE:=3

 PYPI_NAME:=nyx
 PKG_HASH:=88521488d1c9052e457b9e66498a4acfaaa3adf3adc5a199892632f129a5390b
--- a/admin/nyx/patches/01-python311.patch
+++ b/admin/nyx/patches/01-python311.patch
@ -0,0 +1,32 @@
+From dcaddf2ab7f9d2ef8649f98bb6870995ebe0b893 Mon Sep 17 00:00:00 2001
+From: Juan Orti Alcaine <jortialc@redhat.com>
+Date: Mon, 27 Jun 2022 19:38:34 +0200
+Subject: [PATCH] Replace inspect.getargspec usage to support python 3.11
+
+---
+ nyx/panel/__init__.py | 2 +-
+ test/__init__.py      | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/nyx/panel/__init__.py
+++ b/nyx/panel/__init__.py
+@@ -78,7 +78,7 @@ class KeyHandler(collections.namedtuple(
+       is_match = self._key_func(key) if self._key_func else key.match(self.key)
+ 
+       if is_match:
+-        if inspect.getargspec(self._action).args == ['key']:
+        if inspect.getfullargspec(self._action).args == ['key']:
+           self._action(key)
+         else:
+           self._action()
+--- a/test/__init__.py
+++ b/test/__init__.py
+@@ -94,7 +94,7 @@ def render(func, *args, **kwargs):
+     nyx.curses.CURSES_SCREEN.erase()
+     start_time = time.time()
+ 
+-    func_args = inspect.getargspec(func).args
+    func_args = inspect.getfullargspec(func).args
+ 
+     if func_args[:1] == ['subwindow'] or func_args[:2] == ['self', 'subwindow']:
+       def _draw(subwindow):
--- a/lang/lua-rs232/Makefile
+++ b/lang/lua-rs232/Makefile
@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=lua-rs232
 PKG_SOURCE_DATE:=2019-11-20
 PKG_SOURCE_VERSION:=c106c94d1a5a84e8582c936528303528608776c2
-PKG_RELEASE:=2
+PKG_RELEASE:=3

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/srdgame/librs232
--- a/lang/lua-rs232/patches/010-gcc13.patch
+++ b/lang/lua-rs232/patches/010-gcc13.patch
@ -0,0 +1,56 @@
+From 3467c3c354263b066ad47bddfe6eb869c0111e0d Mon Sep 17 00:00:00 2001
+From: Damian Wrobel <dwrobel@ertelnet.rybnik.pl>
+Date: Tue, 24 Jan 2023 10:19:16 +0100
+Subject: [PATCH] Fix rs232_set_* prototypes mismatch
+
+Fixes compilation error on gcc 13 (excerpt):
+ rs232_posix.c:490:1: error: conflicting types for 'rs232_set_baud' \
+   due to enum/integer mismatch; have 'unsigned int(struct rs232_port_t *, \
+   enum rs232_baud_e)' [-Werror=enum-int-mismatch]
+  490 | rs232_set_baud(struct rs232_port_t *p, enum rs232_baud_e baud)
+      | ^~~~~~~~~~~~~~
+ In file included from rs232_posix.c:39:
+ ../include/librs232/rs232.h:203:24: note: previous declaration of \
+   'rs232_set_baud' with type 'unsigned int(struct rs232_port_t *, unsigned int)'
+  203 | RS232_LIB unsigned int rs232_set_baud(struct rs232_port_t *p, unsigned int baud);
+      |                        ^~~~~~~~~~~~~~
+
+ rs232_posix.c:591:1: error: conflicting types for 'rs232_set_dtr' \
+  due to enum/integer mismatch; have 'unsigned int(struct rs232_port_t *, \
+  enum rs232_dtr_e)' [-Werror=enum-int-mismatch]
+  591 | rs232_set_dtr(struct rs232_port_t *p, enum rs232_dtr_e state)
+      | ^~~~~~~~~~~~~
+ In file included from rs232_posix.c:39:
+  ../include/librs232/rs232.h:208:24: note: previous declaration of 'rs232_set_dtr' \
+  with type 'unsigned int(struct rs232_port_t *, unsigned int)'
+  208 | RS232_LIB unsigned int rs232_set_dtr(struct rs232_port_t *p, unsigned int dtr);
+      |                        ^~~~~~~~~~~~~
+
+Signed-off-by: Damian Wrobel <dwrobel@ertelnet.rybnik.pl>
+---
+ include/librs232/rs232.h | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+--- a/include/librs232/rs232.h
+++ b/include/librs232/rs232.h
+@@ -200,13 +200,13 @@ RS232_LIB unsigned int rs232_port_open(s
+ RS232_LIB unsigned int rs232_close(struct rs232_port_t *p);
+ RS232_LIB unsigned int rs232_flush(struct rs232_port_t *p);
+ RS232_LIB void rs232_set_device(struct rs232_port_t *p, const char *device);
+-RS232_LIB unsigned int rs232_set_baud(struct rs232_port_t *p, unsigned int baud);
+-RS232_LIB unsigned int rs232_set_stop(struct rs232_port_t *p, unsigned int stop);
+-RS232_LIB unsigned int rs232_set_data(struct rs232_port_t *p, unsigned int data);
+-RS232_LIB unsigned int rs232_set_parity(struct rs232_port_t *p, unsigned int parity);
+-RS232_LIB unsigned int rs232_set_flow(struct rs232_port_t *p, unsigned int flow);
+-RS232_LIB unsigned int rs232_set_dtr(struct rs232_port_t *p, unsigned int dtr);
+-RS232_LIB unsigned int rs232_set_rts(struct rs232_port_t *p, unsigned int rts);
+RS232_LIB unsigned int rs232_set_baud(struct rs232_port_t *p, enum rs232_baud_e baud);
+RS232_LIB unsigned int rs232_set_stop(struct rs232_port_t *p, enum rs232_stop_e stop);
+RS232_LIB unsigned int rs232_set_data(struct rs232_port_t *p, enum rs232_data_e data);
+RS232_LIB unsigned int rs232_set_parity(struct rs232_port_t *p, enum rs232_parity_e parity);
+RS232_LIB unsigned int rs232_set_flow(struct rs232_port_t *p, enum rs232_flow_e flow);
+RS232_LIB unsigned int rs232_set_dtr(struct rs232_port_t *p, enum rs232_dtr_e state);
+RS232_LIB unsigned int rs232_set_rts(struct rs232_port_t *p, enum rs232_rts_e state);
+ RS232_LIB const char * rs232_get_device(struct rs232_port_t *p);
+ RS232_LIB unsigned int rs232_get_baud(struct rs232_port_t *p);
+ RS232_LIB unsigned int rs232_get_stop(struct rs232_port_t *p);
--- a/lang/luaposix/Makefile
+++ b/lang/luaposix/Makefile
@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luaposix
-PKG_VERSION:=36.1
+PKG_VERSION:=36.2.1
 PKG_RELEASE:=1

 PKG_SOURCE_URL:=https://codeload.github.com/$(PKG_NAME)/$(PKG_NAME)/tar.gz/v$(PKG_VERSION)?
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=e680ba9b9c7ae28c0598942cb00df7c7fbc70b82863bb55f028ea7dc101e39ac
+PKG_HASH:=44e5087cd3c47058f9934b90c0017e4cf870b71619f99707dd433074622debb1
 PKG_MAINTAINER:=Maxim Storchak <m.storchak@gmail.com>
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=COPYING
--- a/lang/luaposix/patches/900-disable-ldoc.patch
+++ b/lang/luaposix/patches/900-disable-ldoc.patch
@ -1,11 +0,0 @@
--- a/lukefile
-+++ b/lukefile
-@@ -35,8 +35,6 @@ incdirs  = {
-    '$LUA_INCDIR',
- }
- 
-ldocs    = 'build-aux/config.ld.in'
-
- modules  = {
-    ['posix']               = 'lib/posix/init.lua',
-    ['posix._base']         = 'lib/posix/_base.lua',
--- a/libs/file/Makefile
+++ b/libs/file/Makefile
@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=file
-PKG_VERSION:=5.41
-PKG_RELEASE:=2
+PKG_VERSION:=5.44
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://download.openpkg.org/components/cache/file/ \
 	ftp://ftp.astron.com/pub/file/
-PKG_HASH:=13e532c7b364f7d57e23dfeea3147103150cb90593a57af86c10e4f6e411603f
+PKG_HASH:=3751c7fba8dbc831cb8d7cc8aff21035459b8ce5155ef8b0880a27d028475f3b

 PKG_MAINTAINER:=Marko Ratkaj <markoratkaj@gmail.com>
 PKG_LICENSE:=BSD-2-Clause
@ -82,21 +82,23 @@ define Build/InstallDev
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/magic.h $(1)/usr/include/
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libmagic.{a,so*} $(1)/usr/lib/
+	${INSTALL_DIR} $(1)/usr/lib/pkgconfig
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/libmagic.pc $(1)/usr/lib/pkgconfig/
 endef

 define Package/file/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/file $(1)/usr/bin/
+endef
+
+define Package/libmagic/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libmagic.so.* $(1)/usr/lib/
 	$(INSTALL_DIR) $(1)/usr/share/misc
 	$(SED) "/^#/d" $(PKG_INSTALL_DIR)/usr/share/file/magic
 	$(SED) "/^$$$$/d" $(PKG_INSTALL_DIR)/usr/share/file/magic
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/file/magic $(1)/usr/share/misc/
 endef

-define Package/libmagic/install
-	$(INSTALL_DIR) $(1)/usr/lib
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libmagic.so.* $(1)/usr/lib/
-endef
-
 $(eval $(call BuildPackage,file))
 $(eval $(call BuildPackage,libmagic))
--- a/libs/libaio/Makefile
+++ b/libs/libaio/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=libaio
 PKG_VERSION:=0.3.113
-PKG_RELEASE:=2
+PKG_RELEASE:=3

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://releases.pagure.org/libaio
@ -20,7 +20,7 @@ PKG_LICENSE:=LGPL-2.1-only
 PKG_LICENSE_FILES:=COPYING

 PKG_BUILD_PARALLEL:=1
-PKG_BUILD_FLAGS:=no-mips16
+PKG_BUILD_FLAGS:=no-mips16 no-lto
 PKG_INSTALL:=1

 include $(INCLUDE_DIR)/package.mk
--- a/libs/libre2/Makefile
+++ b/libs/libre2/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=re2
-PKG_VERSION:=2021-02-02
-PKG_RELEASE:=2
+PKG_VERSION:=2023-02-01
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/google/re2/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=1396ab50c06c1a8885fb68bf49a5ecfd989163015fd96699a180d6414937f33f
+PKG_HASH:=cbce8b7803e856827201a132862e41af386e7afd9cc6d9a9bc7a4fa4d8ddbdde

 PKG_MAINTAINER:=
 PKG_LICENSE:=BSD-3-Clause
@ -23,7 +23,7 @@ define Package/re2
  DEPENDS:=+libstdcpp
  TITLE:=RE2 - C++ regular expression library
  URL:=https://github.com/google/re2
-  ABI_VERSION:=6
+  ABI_VERSION:=10
 endef

 define Package/re2/description
--- a/libs/liburing/Makefile
+++ b/libs/liburing/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=liburing
-PKG_VERSION:=2.3
+PKG_VERSION:=2.4
 PKG_RELEASE:=1

-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://git.kernel.dk/cgit/liburing/snapshot
-PKG_HASH:=a65a6adbe80425c1c4d0740532ba42c3d4fd9dadd17a0e0bfd31c29e1c14dba8
+PKG_HASH:=ca260e7a5820c2d0e737ec1e9b999f10776dbe84a169a02a0eff10c8eeaf3394

 PKG_MAINTAINER:=Christian Lachner <gladiac@gmail.com>
 PKG_LICENSE:=MIT
--- a/libs/nlohmannjson/Makefile
+++ b/libs/nlohmannjson/Makefile
@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=nlohmannjson
-PKG_VERSION:=3.10.2
-PKG_RELEASE:=2
+PKG_VERSION:=3.11.2
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
 PKG_SOURCE_URL:=https://codeload.github.com/nlohmann/json/zip/v$(PKG_VERSION)?
-PKG_HASH:=6e407a7a7a6fe2f20396270ed561afeda03cd238ccb32ad94b7f985b0aa113fe
+PKG_HASH:=95651d7d1fcf2e5c3163c3d37df6d6b3e9e5027299e6bd050d157322ceda9ac9
 PKG_BUILD_DIR:=$(BUILD_DIR)/json-$(PKG_VERSION)

 PKG_MAINTAINER:=Leonid Esman <leonid.esman@gmail.com>
@ -34,9 +34,10 @@ endef

 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include/nlohmann
-	$(CP) $(PKG_INSTALL_DIR)/usr/include/nlohmann/json.hpp $(1)/usr/include/nlohmann
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/nlohmann/json.hpp $(1)/usr/include/nlohmann
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/nlohmann/json_fwd.hpp $(1)/usr/include/nlohmann
 	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/nlohmann_json.pc $(1)/usr/lib/pkgconfig
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/nlohmann_json.pc $(1)/usr/lib/pkgconfig
 endef

 $(eval $(call BuildPackage,nlohmannjson))
--- a/net/banip/Makefile
+++ b/net/banip/Makefile
@ -5,8 +5,8 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=banip
-PKG_VERSION:=0.8.8
-PKG_RELEASE:=2
+PKG_VERSION:=0.8.9
+PKG_RELEASE:=4
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

--- a/net/banip/files/README.md
+++ b/net/banip/files/README.md
@ -17,7 +17,9 @@ IP address blocking is commonly used to protect against brute force attacks, pre
 | antipopads          | antipopads IPs                 |         |         |    x    | [Link](https://github.com/dibdot/banIP-IP-blocklists)         |
 | asn                 | ASN IPs                        |         |         |    x    | [Link](https://asn.ipinfo.app)                                |
 | backscatterer       | backscatterer IPs              |    x    |    x    |         | [Link](https://www.uceprotect.net/en/index.php)               |
+| binarydefense       | binary defense banlist         |    x    |    x    |         | [Link](https://iplists.firehol.org/?ipset=bds_atif)           |
 | bogon               | bogon prefixes                 |    x    |    x    |         | [Link](https://team-cymru.com)                                |
+| bruteforceblock     | bruteforceblocker IPs          |    x    |    x    |         | [Link](https://danger.rulez.sk/index.php/bruteforceblocker/)  |
 | country             | country blocks                 |    x    |    x    |         | [Link](https://www.ipdeny.com/ipblocks)                       |
 | cinsscore           | suspicious attacker IPs        |    x    |    x    |         | [Link](https://cinsscore.com/#list)                           |
 | darklist            | blocks suspicious attacker IPs |    x    |    x    |         | [Link](https://darklist.de)                                   |
@ -26,6 +28,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
 | drop                | spamhaus drop compilation      |    x    |    x    |         | [Link](https://www.spamhaus.org)                              |
 | dshield             | dshield IP blocklist           |    x    |    x    |         | [Link](https://www.dshield.org)                               |
 | edrop               | spamhaus edrop compilation     |    x    |    x    |         | [Link](https://www.spamhaus.org)                              |
+| etcompromised       | ET compromised hosts           |    x    |    x    |         | [Link](https://iplists.firehol.org/?ipset=et_compromised)     |
 | feodo               | feodo tracker                  |    x    |    x    |    x    | [Link](https://feodotracker.abuse.ch)                         |
 | firehol1            | firehol level 1 compilation    |    x    |    x    |         | [Link](https://iplists.firehol.org/?ipset=firehol_level1)     |
 | firehol2            | firehol level 2 compilation    |    x    |    x    |         | [Link](https://iplists.firehol.org/?ipset=firehol_level2)     |
@ -34,6 +37,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
 | greensnow           | suspicious server IPs          |    x    |    x    |         | [Link](https://greensnow.co)                                  |
 | iblockads           | Advertising IPs                |         |         |    x    | [Link](https://www.iblocklist.com)                            |
 | iblockspy           | Malicious spyware IPs          |    x    |    x    |         | [Link](https://www.iblocklist.com)                            |
+| ipblackhole         | blackhole IPs                  |    x    |    x    |         | [Link](https://ip.blackhole.monster)                          |
 | ipthreat            | hacker and botnet TPs          |    x    |    x    |         | [Link](https://ipthreat.net)                                  |
 | myip                | real-time IP blocklist         |    x    |    x    |         | [Link](https://myip.ms)                                       |
 | nixspam             | iX spam protection             |    x    |    x    |         | [Link](http://www.nixspam.org)                                |
@ -72,7 +76,8 @@ IP address blocking is commonly used to protect against brute force attacks, pre
 * Per feed it can be defined whether the wan-input chain, the wan-forward chain or the lan-forward chain should be blocked (default: all chains)
 * Automatic blocklist backup & restore, the backups will be used in case of download errors or during startup
 * Automatically selects one of the following download utilities with ssl support: aria2c, curl, uclient-fetch or full wget
-* Supports an 'allowlist only' mode, this option restricts internet access from/to a small number of secure websites/IPs
+* Provides HTTP ETag or entity tag support to download only ressources that have been updated on the server side, to save bandwith and speed up banIP reloads
+* Supports an 'allowlist only' mode, this option restricts internet access from/to a given number of secure websites/IPs
 * Deduplicate IPs accross all Sets (single IPs only, no intervals)
 * Provides comprehensive runtime information
 * Provides a detailed Set report
@ -86,7 +91,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre

 ## Prerequisites
 * **[OpenWrt](https://openwrt.org)**, latest stable release or a snapshot with nft/firewall 4 and logd/logread support
-* A download utility with SSL support: 'aria2c', 'curl', full 'wget' or 'uclient-fetch' with one of the 'libustream-*' SSL libraries
+* A download utility with SSL support: 'aria2c', 'curl', full 'wget' or 'uclient-fetch' with one of the 'libustream-*' SSL libraries, the latter one doesn't provide support for ETag HTTP header
 * A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default
 * For E-Mail notifications you need to install and setup the additional 'msmtp' package

@ -145,7 +150,7 @@ Available commands:
 | ban_autoblocklist       | option | 1                             | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) |
 | ban_autoblocksubnet     | option | 0                             | add entire subnets to the blocklist Sets based on an additional RDAP request with the suspicious IP          |
 | ban_autoallowuplink     | option | subnet                        | limit the uplink autoallow function to: 'subnet', 'ip' or 'disable' it at all                                |
-| ban_allowlistonly       | option | 0                             | restrict the internet access from/to a small number of secure websites/IPs                                   |
+| ban_allowlistonly       | option | 0                             | restrict the internet access from/to a given number of secure websites/IPs                                   |
 | ban_basedir             | option | /tmp                          | base working directory while banIP processing                                                                |
 | ban_reportdir           | option | /tmp/banIP-report             | directory where banIP stores the report files                                                                |
 | ban_backupdir           | option | /tmp/banIP-backup             | directory where banIP stores the compressed backup files                                                     |
@ -292,6 +297,9 @@ Depending on the options 'ban_autoallowlist' and 'ban_autoallowuplink' the uplin
 Furthermore, you can reference external Allowlist URLs with additional IPv4 and IPv6 feeds (see 'ban_allowurl').  
 Both local lists also accept domain names as input to allow IP filtering based on these names. The corresponding IPs (IPv4 & IPv6) will be extracted and added to the Sets. You can also start the domain lookup separately via /etc/init.d/banip lookup at any time.

+**allowlist-only mode**  
+banIP supports an "allowlist only" mode. This option restricts the internet access from/to a small number of secure MACs, IPs or domains, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the allowlist (plus the external Allowlist URLs) are blocked.
+
 **MAC/IP-binding**
 banIP supports concatenation of local MAC addresses with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments. Following notations in the local allow and block lists are allowed:
 ```
@ -313,9 +321,6 @@ C8:C2:9B:F7:80:12 192.168.1.10                     => this will be populated to
 C8:C2:9B:F7:80:12                                  => this will be populated to v6MAC-Set with the IP-wildcard ::/0
 ```

-**allowlist-only mode**  
-banIP supports an "allowlist only" mode. This option restricts the internet access from/to a small number of secure MACs, IPs or domains, and block access from/to the rest of the internet. All IPs and Domains which are _not_ listed in the allowlist are blocked.
-
 **redirect Asterisk security logs to lodg/logread**  
 banIP only supports logfile scanning via logread, so to monitor attacks on Asterisk, its security log must be available via logread. To do this, edit '/etc/asterisk/logger.conf' and add the line 'syslog.local0 = security', then run 'asterisk -rx reload logger' to update the running Asterisk configuration.

--- a/net/banip/files/banip-functions.sh
+++ b/net/banip/files/banip-functions.sh
@ -79,6 +79,7 @@ ban_fetchparm=""
 ban_fetchinsecure=""
 ban_fetchretry="5"
 ban_rdapparm=""
+ban_etagparm=""
 ban_cores=""
 ban_memory=""
 ban_packages=""
@ -332,25 +333,28 @@ f_getfetch() {
 			[ "${ban_fetchinsecure}" = "1" ] && insecure="--check-certificate=false"
 			ban_fetchparm="${ban_fetchparm:-"${insecure} --timeout=20 --retry-wait=10 --max-tries=${ban_fetchretry} --max-file-not-found=${ban_fetchretry} --allow-overwrite=true --auto-file-renaming=false --log-level=warn --dir=/ -o"}"
 			ban_rdapparm="--timeout=5 --allow-overwrite=true --auto-file-renaming=false --dir=/ -o"
+			ban_etagparm="--timeout=5 --allow-overwrite=true --auto-file-renaming=false --dir=/ --dry-run --log -"
 			;;
 		"curl")
 			[ "${ban_fetchinsecure}" = "1" ] && insecure="--insecure"
-			ban_fetchparm="${ban_fetchparm:-"${insecure} --connect-timeout 20 --retry-delay 10 --retry ${ban_fetchretry} --retry-all-errors --fail --silent --show-error --location -o"}"
+			ban_fetchparm="${ban_fetchparm:-"${insecure} --connect-timeout 20 --retry-delay 10 --retry ${ban_fetchretry} --retry-max-time $((ban_fetchretry * 20)) --retry-all-errors --fail --silent --show-error --location -o"}"
 			ban_rdapparm="--connect-timeout 5 --silent --location -o"
+			ban_etagparm="--connect-timeout 5 --silent --location --head"
+			;;
+		"wget")
+			[ "${ban_fetchinsecure}" = "1" ] && insecure="--no-check-certificate"
+			ban_fetchparm="${ban_fetchparm:-"${insecure} --no-cache --no-cookies --timeout=20 --waitretry=10 --tries=${ban_fetchretry} --retry-connrefused -O"}"
+			ban_rdapparm="--timeout=5 -O"
+			ban_etagparm="--timeout=5 --spider --server-response"
 			;;
 		"uclient-fetch")
 			[ "${ban_fetchinsecure}" = "1" ] && insecure="--no-check-certificate"
 			ban_fetchparm="${ban_fetchparm:-"${insecure} --timeout=20 -O"}"
 			ban_rdapparm="--timeout=5 -O"
 			;;
-		"wget")
-			[ "${ban_fetchinsecure}" = "1" ] && insecure="--no-check-certificate"
-			ban_fetchparm="${ban_fetchparm:-"${insecure} --no-cache --no-cookies --timeout=20 --waitretry=10 --tries=${ban_fetchretry} --retry-connrefused -O"}"
-			ban_rdapparm="--timeout=5 -O"
-			;;
 	esac

-	f_log "debug" "f_getfetch  ::: auto/update: ${ban_autodetect}/${update}, cmd: ${ban_fetchcmd:-"-"}, fetch_parm: ${ban_fetchparm:-"-"}, rdap_parm: ${ban_rdapparm:-"-"}"
+	f_log "debug" "f_getfetch  ::: auto/update: ${ban_autodetect}/${update}, cmd: ${ban_fetchcmd:-"-"}, fetch_parm: ${ban_fetchparm:-"-"}, rdap_parm: ${ban_rdapparm:-"-"}, etag_parm: ${ban_etagparm:-"-"}"
 }

 # get wan interfaces
@ -462,7 +466,7 @@ f_getuplink() {
 		for ip in ${ban_uplink}; do
 			if ! "${ban_grepcmd}" -q "${ip} " "${ban_allowlist}"; then
 				if [ "${update}" = "0" ]; then
-					"${ban_sedcmd}" -i '/# uplink added on /d' "${ban_allowlist}"
+					"${ban_sedcmd}" -i "/# uplink added on /d" "${ban_allowlist}"
 				fi
 				printf "%-42s%s\n" "${ip}" "# uplink added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_allowlist}"
 				f_log "info" "add uplink '${ip}' to local allowlist"
@ -471,7 +475,7 @@ f_getuplink() {
 		done
 		ban_uplink="${ban_uplink%%?}"
 	elif [ "${ban_autoallowlist}" = "1" ] && [ "${ban_autoallowuplink}" = "disable" ]; then
-		"${ban_sedcmd}" -i '/# uplink added on /d' "${ban_allowlist}"
+		"${ban_sedcmd}" -i "/# uplink added on /d" "${ban_allowlist}"
 		update="1"
 	fi

@ -502,6 +506,31 @@ f_getelements() {
 	[ -s "${file}" ] && printf "%s" "elements={ $("${ban_catcmd}" "${file}" 2>/dev/null) };"
 }

+# handle etag http header
+#
+f_etag() {
+	local http_head http_code etag_id etag_rc out_rc="4" feed="${1}" feed_url="${2}" feed_suffix="${3}"
+
+	if [ -n "${ban_etagparm}" ]; then
+		[ ! -f "${ban_backupdir}/banIP.etag" ] && : >"${ban_backupdir}/banIP.etag"
+		http_head="$("${ban_fetchcmd}" ${ban_etagparm} "${feed_url}" 2>&1)"
+		http_code="$(printf "%s" "${http_head}" | "${ban_awkcmd}" 'tolower($0)~/^http\/[0123\.]+ /{printf "%s",$2}')"
+		etag_id="$(printf "%s" "${http_head}" | "${ban_awkcmd}" 'tolower($0)~/^[[:space:]]*etag: /{gsub("\"","");printf "%s",$2}')"
+		etag_rc="${?}"
+
+		if [ "${http_code}" = "404" ] || { [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && "${ban_grepcmd}" -q "^${feed}${feed_suffix}.*${etag_id}\$" "${ban_backupdir}/banIP.etag"; }; then
+			out_rc="0"
+		elif [ "${etag_rc}" = "0" ] && [ -n "${etag_id}" ] && ! "${ban_grepcmd}" -q "^${feed}${feed_suffix}.*${etag_id}\$" "${ban_backupdir}/banIP.etag"; then
+			"${ban_sedcmd}" -i "/^${feed}${feed_suffix}/d" "${ban_backupdir}/banIP.etag"
+			printf "%-20s%s\n" "${feed}${feed_suffix}" "${etag_id}" >>"${ban_backupdir}/banIP.etag"
+			out_rc="2"
+		fi
+	fi
+
+	f_log "debug" "f_etag      ::: feed: ${feed}, suffix: ${feed_suffix:-"-"}, http_code: ${http_code:-"-"}, etag_id: ${etag_id:-"-"} , etag_rc: ${etag_rc:-"-"}, rc: ${out_rc}"
+	return "${out_rc}"
+}
+
 # build initial nft file with base table, chains and rules
 #
 f_nftinit() {
@ -547,13 +576,13 @@ f_nftinit() {
 	feed_rc="${?}"

 	f_log "debug" "f_nftinit   ::: devices: ${ban_dev}, priority: ${ban_nftpriority}, policy: ${ban_nftpolicy}, loglevel: ${ban_nftloglevel}, rc: ${feed_rc:-"-"}, log: ${feed_log:-"-"}"
-	return ${feed_rc}
+	return "${feed_rc}"
 }

 # handle downloads
 #
 f_down() {
-	local log_input log_forwardwan log_forwardlan start_ts end_ts tmp_raw tmp_load tmp_file split_file ruleset_raw handle
+	local log_input log_forwardwan log_forwardlan start_ts end_ts tmp_raw tmp_load tmp_file split_file ruleset_raw handle rc etag_rc
 	local cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed="${1}" proto="${2}" feed_url="${3}" feed_rule="${4}" feed_flag="${5}"

 	start_ts="$(date +%s)"
@ -616,12 +645,35 @@ f_down() {
 		} >"${tmp_flush}"
 	fi

-	# restore local backups during init
+	# restore local backups
 	#
-	if { [ "${ban_action}" != "reload" ] || [ "${feed_url}" = "local" ]; } && [ "${feed%v*}" != "allowlist" ] && [ "${feed%v*}" != "blocklist" ]; then
-		f_restore "${feed}" "${feed_url}" "${tmp_load}"
-		restore_rc="${?}"
-		feed_rc="${restore_rc}"
+	if { [ "${ban_action}" != "reload" ] || [ "${feed_url}" = "local" ] || [ -n "${ban_etagparm}" ]; } && [ "${feed%v*}" != "allowlist" ] && [ "${feed%v*}" != "blocklist" ]; then
+		if [ -n "${ban_etagparm}" ] && [ "${ban_action}" = "reload" ] && [ "${feed_url}" != "local" ]; then
+			etag_rc="0"
+			if [ "${feed%v*}" = "country" ]; then
+				for country in ${ban_country}; do
+					f_etag "${feed}" "${feed_url}${country}-aggregated.zone" ".${country}"
+					rc="${?}"
+					[ "${rc}" = "4" ] && break
+					etag_rc="$((etag_rc + rc))"
+				done
+			elif [ "${feed%v*}" = "asn" ]; then
+				for asn in ${ban_asn}; do
+					f_etag "${feed}" "${feed_url}AS${asn}" ".{asn}"
+					rc="${?}"
+					[ "${rc}" = "4" ] && break
+					etag_rc="$((etag_rc + rc))"
+				done
+			else
+				f_etag "${feed}" "${feed_url}"
+				etag_rc="${?}"
+			fi
+		fi
+		if [ "${etag_rc}" = "0" ] || [ "${ban_action}" != "reload" ] || [ "${feed_url}" = "local" ]; then
+			f_restore "${feed}" "${feed_url}" "${tmp_load}" "${etag_rc}"
+			restore_rc="${?}"
+			feed_rc="${restore_rc}"
+		fi
 	fi

 	# prepare local allowlist
@ -781,10 +833,7 @@ f_down() {
 				"gz")
 					feed_log="$("${ban_fetchcmd}" ${ban_fetchparm} "${tmp_raw}" "${feed_url}" 2>&1)"
 					feed_rc="${?}"
-					if [ "${feed_rc}" = "0" ]; then
-						"${ban_zcatcmd}" "${tmp_raw}" 2>/dev/null >"${tmp_load}"
-						feed_rc="${?}"
-					fi
+					[ "${feed_rc}" = "0" ] && "${ban_zcatcmd}" "${tmp_raw}" 2>/dev/null >"${tmp_load}"
 					rm -f "${tmp_raw}"
 					;;
 			esac
@ -898,35 +947,36 @@ f_down() {
 	rm -f "${tmp_split}" "${tmp_nft}"
 	end_ts="$(date +%s)"

-	f_log "debug" "f_down      ::: name: ${feed}, cnt_dl: ${cnt_dl:-"-"}, cnt_set: ${cnt_set:-"-"}, split_size: ${ban_splitsize:-"-"}, time: $((end_ts - start_ts)), rc: ${feed_rc:-"-"}, log: ${feed_log:-"-"}"
+	f_log "debug" "f_down      ::: feed: ${feed}, cnt_dl: ${cnt_dl:-"-"}, cnt_set: ${cnt_set:-"-"}, split_size: ${ban_splitsize:-"-"}, time: $((end_ts - start_ts)), rc: ${feed_rc:-"-"}, log: ${feed_log:-"-"}"
 }

 # backup feeds
 #
 f_backup() {
-	local backup_rc feed="${1}" feed_file="${2}"
+	local backup_rc="4" feed="${1}" feed_file="${2}"

-	gzip -cf "${feed_file}" >"${ban_backupdir}/banIP.${feed}.gz"
-	backup_rc="${?}"
+	if [ -s "${feed_file}" ]; then
+		gzip -cf "${feed_file}" >"${ban_backupdir}/banIP.${feed}.gz"
+		backup_rc="${?}"
+	fi

-	f_log "debug" "f_backup    ::: name: ${feed}, source: ${feed_file##*/}, target: banIP.${feed}.gz, rc: ${backup_rc}"
-	return ${backup_rc}
+	f_log "debug" "f_backup    ::: feed: ${feed}, file: banIP.${feed}.gz, rc: ${backup_rc}"
+	return "${backup_rc}"
 }

 # restore feeds
 #
 f_restore() {
-	local tmp_feed restore_rc="1" feed="${1}" feed_url="${2}" feed_file="${3}" feed_rc="${4:-"0"}"
+	local tmp_feed restore_rc="4" feed="${1}" feed_url="${2}" feed_file="${3}" in_rc="${4}"

-	[ "${feed_rc}" != "0" ] && restore_rc="${feed_rc}"
 	[ "${feed_url}" = "local" ] && tmp_feed="${feed%v*}v4" || tmp_feed="${feed}"
-	if [ -f "${ban_backupdir}/banIP.${tmp_feed}.gz" ]; then
+	if [ -s "${ban_backupdir}/banIP.${tmp_feed}.gz" ]; then
 		"${ban_zcatcmd}" "${ban_backupdir}/banIP.${tmp_feed}.gz" 2>/dev/null >"${feed_file}"
 		restore_rc="${?}"
 	fi

-	f_log "debug" "f_restore   ::: name: ${feed}, source: banIP.${tmp_feed}.gz, target: ${feed_file##*/}, in_rc: ${feed_rc}, rc: ${restore_rc}"
-	return ${restore_rc}
+	f_log "debug" "f_restore   ::: feed: ${feed}, file: banIP.${tmp_feed}.gz, in_rc: ${in_rc:-"-"}, rc: ${restore_rc}"
+	return "${restore_rc}"
 }

 # remove disabled Sets
--- a/net/banip/files/banip.feeds
+++ b/net/banip/files/banip.feeds
@ -40,6 +40,11 @@
 		"descr": "backscatterer IPs",
 		"flag": "gz"
 	},
+	"binarydefense":{
+		"url_4": "https://iplists.firehol.org/files/bds_atif.ipset",
+		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
+		"descr": "binary defense banlist"
+	},
 	"bogon":{
 		"url_4": "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt",
 		"url_6": "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt",
@ -47,6 +52,11 @@
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "bogon prefixes"
 	},
+	"bruteforceblock":{
+		"url_4": "https://danger.rulez.sk/projects/bruteforceblocker/blist.php",
+		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
+		"descr": "bruteforceblocker IPs"
+	},
 	"cinsscore":{
 		"url_4": "https://cinsscore.com/list/ci-badguys.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
@ -95,6 +105,11 @@
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"descr": "spamhaus edrop compilation"
 	},
+	"etcompromised":{
+		"url_4": "https://iplists.firehol.org/files/et_compromised.ipset",
+		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
+		"descr": "ET compromised hosts"
+	},
 	"feodo":{
 		"url_4": "https://feodotracker.abuse.ch/downloads/ipblocklist.txt",
 		"rule_4": "BEGIN{RS=\"\\r\\n\"}/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
@ -137,10 +152,16 @@
 		"descr": "malicious spyware IPs",
 		"flag": "gz"
 	},
+	"ipblackhole":{
+		"url_4": "https://ip.blackhole.monster/blackhole-today",
+		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
+		"descr": "blackhole IP blocklist"
+	},
 	"ipthreat":{
-		"url_4": "https://lists.ipthreat.net/file/ipthreat-lists/threat/threat-30.txt",
+		"url_4": "https://lists.ipthreat.net/file/ipthreat-lists/threat/threat-30.txt.gz",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[-[:space:]]?/{printf \"%s,\\n\",$1}",
-		"descr": "hacker and botnet IPs"
+		"descr": "hacker and botnet IPs",
+		"flag": "gz"
 	},
 	"myip":{
 		"url_4": "https://myip.ms/files/blacklist/general/latest_blacklist.txt",
--- a/net/frp/Makefile
+++ b/net/frp/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=frp
-PKG_VERSION:=0.48.0
+PKG_VERSION:=0.51.0
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/fatedier/frp/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=efba8ec9fad3369ce62631369f52b78a7248df426b5b54311e96231adac5cc76
+PKG_HASH:=80ccfa40c4e25309ddb48818f6342bc59f7639be83ab6ef59ffab5caeedc37e8

 PKG_MAINTAINER:=Richard Yu <yurichard3839@gmail.com>
 PKG_LICENSE:=Apache-2.0
--- a/net/iperf3/Makefile
+++ b/net/iperf3/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=iperf
-PKG_VERSION:=3.13
+PKG_VERSION:=3.14
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://downloads.es.net/pub/iperf
-PKG_HASH:=bee427aeb13d6a2ee22073f23261f63712d82befaa83ac8cb4db5da4c2bdc865
+PKG_HASH:=723fcc430a027bc6952628fa2a3ac77584a1d0bd328275e573fc9b206c155004

 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_LICENSE:=BSD-3-Clause
--- a/net/net-mtools/Makefile
+++ b/net/net-mtools/Makefile
@ -0,0 +1,40 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=net-mtools
+PKG_VERSION:=2.3
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL=https://github.com/troglobit/mtools
+PKG_SOURCE_VERSION:=db665a4303c38cee908eba4dac50873c3f1d899c
+PKG_MIRROR_HASH:=687e3743e46c8ddd23f03168b4021ed08b1a858b2a6743db3b62cb3d4c3592a0
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/net-mtools
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=Debug multicast setups with mtools (msend and mreceive)
+  URL:=https://github.com/troglobit/mtools
+endef
+
+define Package/net-mtools/description
+  The tools msend and mreceive can be particulary useful
+  when debugging multicast setups.
+
+  msend continuously sends UDP packets to the multicast
+  group specified by the -g and -p options.
+
+  mreceive joins a multicast group specified by the -g and
+  -p options, then receives and displays the multicast
+  packets sent to this group:port combination by the msend
+  command.
+endef
+
+define Package/net-mtools/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_BUILD_DIR)/msend $(1)/usr/sbin/
+	$(CP) $(PKG_BUILD_DIR)/mreceive $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,net-mtools))
--- a/net/net-mtools/patches/001-mreceive-refactor-multicast-joining-to-separate-func.patch
+++ b/net/net-mtools/patches/001-mreceive-refactor-multicast-joining-to-separate-func.patch
@ -0,0 +1,66 @@
+From 0cfc04eac370ee33118e17a298d4739c94cacc73 Mon Sep 17 00:00:00 2001
+From: Vladimir Oltean <vladimir.oltean@nxp.com>
+Date: Tue, 19 Apr 2022 12:28:03 +0300
+Subject: [PATCH 1/6] mreceive: refactor multicast joining to separate function
+
+Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
+---
+ mreceive.c | 33 ++++++++++++++++++---------------
+ 1 file changed, 18 insertions(+), 15 deletions(-)
+
+--- a/mreceive.c
+++ b/mreceive.c
+@@ -61,12 +61,27 @@ Usage: mreceive [-g GROUP] [-p PORT] [-i
+   -h           Print the command usage.\n\n", VERSION);
+ }
+ 
+static void igmp_join(int s, in_addr_t multiaddr, in_addr_t interface)
+{
+	struct ip_mreq mreq;
+	int ret;
+
+	mreq.imr_multiaddr.s_addr = multiaddr;
+	mreq.imr_interface.s_addr = interface;
+
+	ret = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP,
+			 (char *)&mreq, sizeof(mreq));
+	if (ret == SOCKET_ERROR) {
+		printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n");
+		exit(1);
+	}
+}
+
+ int main(int argc, char *argv[])
+ {
+ 	struct sockaddr_in stLocal, stFrom;
+ 	unsigned char achIn[BUFSIZE];
+ 	int s, i;
+-	struct ip_mreq stMreq;
+ 	int iTmp, iRet;
+ 	int ipnum = 0;
+ 	int ii;
+@@ -153,22 +168,10 @@ int main(int argc, char *argv[])
+ 
+ 	/* join the multicast group. */
+ 	if (!ipnum) {		/* single interface */
+-		stMreq.imr_multiaddr.s_addr = inet_addr(TEST_ADDR);
+-		stMreq.imr_interface.s_addr = INADDR_ANY;
+-		iRet = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, (char *)&stMreq, sizeof(stMreq));
+-		if (iRet == SOCKET_ERROR) {
+-			printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n");
+-			exit(1);
+-		}
+		igmp_join(s, inet_addr(TEST_ADDR), INADDR_ANY);
+ 	} else {
+ 		for (i = 0; i < ipnum; i++) {
+-			stMreq.imr_multiaddr.s_addr = inet_addr(TEST_ADDR);
+-			stMreq.imr_interface.s_addr = IP[i];
+-			iRet = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, (char *)&stMreq, sizeof(stMreq));
+-			if (iRet == SOCKET_ERROR) {
+-				printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n");
+-				exit(1);
+-			}
+			igmp_join(s, inet_addr(TEST_ADDR), IP[i]);
+ 		}
+ 	}
+ 
--- a/net/net-mtools/patches/002-mreceive-join-IGMP-group-by-interface.patch
+++ b/net/net-mtools/patches/002-mreceive-join-IGMP-group-by-interface.patch
@ -0,0 +1,113 @@
+From 65af96e0907ba9367aab9c1534b11c7f674c1e6a Mon Sep 17 00:00:00 2001
+From: Vladimir Oltean <vladimir.oltean@nxp.com>
+Date: Tue, 19 Apr 2022 13:29:07 +0300
+Subject: [PATCH 2/6] mreceive: join IGMP group by interface
+
+mreceive uses the old-style struct ip_mreq for IP_ADD_MEMBERSHIP, which
+takes the source address of the interface wishing to join.
+
+Since the IPV6_ADD_MEMBERSHIP variant only takes a struct ipv6_mreq
+which contains the ifindex and not the source address, we need to add
+support for that.
+
+In preparation for IPv6 support, add logic to join an IGMP group either
+by source address or by interface name, whichever is specified.
+
+Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
+---
+ mreceive.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 46 insertions(+), 5 deletions(-)
+
+--- a/mreceive.c
+++ b/mreceive.c
+@@ -23,6 +23,7 @@
+ #include <string.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+#include <net/if.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+ #include <sys/time.h>
+@@ -61,7 +62,7 @@ Usage: mreceive [-g GROUP] [-p PORT] [-i
+   -h           Print the command usage.\n\n", VERSION);
+ }
+ 
+-static void igmp_join(int s, in_addr_t multiaddr, in_addr_t interface)
+static void igmp_join_by_saddr(int s, in_addr_t multiaddr, in_addr_t interface)
+ {
+ 	struct ip_mreq mreq;
+ 	int ret;
+@@ -77,10 +78,34 @@ static void igmp_join(int s, in_addr_t m
+ 	}
+ }
+ 
+static void igmp_join_by_if_name(int s, in_addr_t multicast,
+				 const char *if_name)
+{
+	struct ip_mreqn mreq = {};
+	int if_index;
+	int ret;
+
+	if_index = if_nametoindex(if_name);
+	if (!if_index) {
+		perror("if_nametoindex");
+		exit(1);
+	}
+
+	mreq.imr_multiaddr.s_addr = multicast;
+	mreq.imr_ifindex = if_index;
+
+	ret = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq));
+	if (ret) {
+		perror("setsockopt() IP_ADD_MEMBERSHIP");
+		exit(1);
+	}
+}
+
+ int main(int argc, char *argv[])
+ {
+ 	struct sockaddr_in stLocal, stFrom;
+ 	unsigned char achIn[BUFSIZE];
+	const char *if_name;
+ 	int s, i;
+ 	int iTmp, iRet;
+ 	int ipnum = 0;
+@@ -131,6 +156,17 @@ int main(int argc, char *argv[])
+ 				ii++;
+ 				ipnum++;
+ 			}
+		} else if (strcmp(argv[ii], "-I") == 0) {
+			ii++;
+			if (ii < argc) {
+				if (if_name) {
+					printf("Single interface expected\n");
+					exit(1);
+				}
+
+				if_name = argv[ii];
+				ii++;
+			}
+ 		} else if (strcmp(argv[ii], "-n") == 0) {
+ 			ii++;
+ 			NUM = 1;
+@@ -167,11 +203,16 @@ int main(int argc, char *argv[])
+ 	}
+ 
+ 	/* join the multicast group. */
+-	if (!ipnum) {		/* single interface */
+-		igmp_join(s, inet_addr(TEST_ADDR), INADDR_ANY);
+	if (if_name) {
+		igmp_join_by_if_name(s, inet_addr(TEST_ADDR), if_name);
+ 	} else {
+-		for (i = 0; i < ipnum; i++) {
+-			igmp_join(s, inet_addr(TEST_ADDR), IP[i]);
+		if (!ipnum) {		/* single interface */
+			igmp_join_by_saddr(s, inet_addr(TEST_ADDR), INADDR_ANY);
+		} else {
+			for (i = 0; i < ipnum; i++) {
+				igmp_join_by_saddr(s, inet_addr(TEST_ADDR),
+						   IP[i]);
+			}
+ 		}
+ 	}
+ 
--- a/net/net-mtools/patches/003-mreceive-support-IPv6.patch
+++ b/net/net-mtools/patches/003-mreceive-support-IPv6.patch
@ -0,0 +1,578 @@
+From cc7f68045e5f3cfc6c932996af784ab319951426 Mon Sep 17 00:00:00 2001
+From: Vladimir Oltean <vladimir.oltean@nxp.com>
+Date: Tue, 19 Apr 2022 13:29:20 +0300
+Subject: [PATCH 3/6] mreceive: support IPv6
+
+Extend the mreceive program with a generalization of sockets,
+addresses and socket options that covers both IPv4 and IPv6.
+
+Most of the lower-level implementation is moved to common.c and exported
+through common.h such that it can be reused by msend at a later time.
+
+The makefile rule to link object files into executables is updated to
+look at all specified objects rather than just the first, by using $^
+instead of $<. Otherwise, common.o would be ignored when linking
+mreceive.
+
+Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
+---
+ Makefile   |   8 +-
+ common.c   | 261 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ common.h   |  36 ++++++++
+ mreceive.c | 142 ++++++++++-------------------
+ 4 files changed, 349 insertions(+), 98 deletions(-)
+ create mode 100644 common.c
+ create mode 100644 common.h
+
+--- a/Makefile
+++ b/Makefile
+@@ -20,8 +20,8 @@ mandir      = $(prefix)/share/man/man8
+ # ttcp is currently not part of the distribution because its not tested
+ # yet.  Please test and let me know at GitHub so I can include it! :)
+ EXEC       := msend mreceive
+-OBJS       := $(EXEC:=.o)
+-DEPS       := $(EXEC:=.d)
+OBJS       := msend.o mreceive.o common.o
+DEPS       := msend.d mreceive.d common.d
+ MANS        = $(addsuffix .8,$(EXEC))
+ DISTFILES   = README.md LICENSE.md
+ 
+@@ -33,10 +33,10 @@ all: $(EXEC)
+ 
+ .o:
+ 	@printf "  LINK    $@\n"
+-	@$(CC) $(CFLAGS) $(LDFLAGS) -Wl,-Map,$@.map -o $@ $< $(LDLIBS$(LDLIBS-$(@)))
+	@$(CC) $(CFLAGS) $(LDFLAGS) -Wl,-Map,$@.map -o $@ $^ $(LDLIBS$(LDLIBS-$(@)))
+ 
+ msend:    msend.o
+-mreceive: mreceive.o
+mreceive: mreceive.o common.o
+ ttcp:     ttcp.o
+ 
+ install: $(EXEC)
+--- /dev/null
+++ b/common.c
+@@ -0,0 +1,261 @@
+/*
+ * common.c -- Common functions for mreceive.c and msend.c
+ */
+#include <arpa/inet.h>
+#include <net/if.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "common.h"
+
+int ip_address_parse(const char *string, struct ip_address *ip)
+{
+	int ret;
+
+	ret = inet_pton(AF_INET6, string, &ip->addr6);
+	if (ret > 0) {
+		ip->family = AF_INET6;
+	} else {
+		ret = inet_pton(AF_INET, string, &ip->addr);
+		if (ret > 0) {
+			ip->family = AF_INET;
+		} else {
+			fprintf(stderr, "IP address %s not in known format\n",
+			        string);
+			return -1;
+		}
+	}
+
+	return 0;
+}
+
+int socket_create(struct sock *s, int family, int port)
+{
+	struct sockaddr *serv_addr;
+	int sockopt = 1;
+	int fd, ret;
+
+	memset(s, 0, sizeof(*s));
+
+	if (family == AF_INET) {
+		serv_addr = (struct sockaddr *)&s->udp4;
+		s->udp4.sin_addr.s_addr = htonl(INADDR_ANY);
+		s->udp4.sin_port = htons(port);
+		s->udp4.sin_family = AF_INET;
+		s->addr_size = sizeof(struct sockaddr_in);
+	} else {
+		serv_addr = (struct sockaddr *)&s->udp6;
+		s->udp6.sin6_addr = in6addr_any;
+		s->udp6.sin6_port = htons(port);
+		s->udp6.sin6_family = AF_INET6;
+		s->addr_size = sizeof(struct sockaddr_in6);
+	}
+
+	fd = socket(family, SOCK_DGRAM, 0);
+	if (fd < 0) {
+		perror("socket");
+		return fd;
+	}
+
+	/* avoid EADDRINUSE error on bind() */
+	ret = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &sockopt, sizeof(int));
+	if (ret) {
+		perror("setsockopt() SO_REUSEADDR");
+		close(fd);
+		return ret;
+	}
+
+	ret = bind(fd, serv_addr, s->addr_size);
+	if (ret) {
+		perror("bind");
+		close(fd);
+		return ret;
+	}
+
+	s->fd = fd;
+
+	return 0;
+}
+
+static int igmp_join_by_saddr(struct sock *s, const struct ip_address *mc,
+			      struct ip_address *saddr)
+{
+	struct ip_mreq mreq = {};
+	int fd = s->fd;
+	int off = 0;
+	int ret;
+
+	memcpy(&mreq.imr_multiaddr, &mc->addr, sizeof(struct in_addr));
+	memcpy(&mreq.imr_interface.s_addr, &saddr->addr,
+	       sizeof(struct in_addr));
+
+	ret = setsockopt(fd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq));
+	if (ret) {
+		perror("setsockopt() IP_ADD_MEMBERSHIP");
+		return -1;
+	}
+
+	ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP, &off, sizeof(int));
+	if (ret) {
+		perror("setsockopt() IP_MULTICAST_LOOP");
+		return -1;
+	}
+
+	return 0;
+}
+
+static int igmp_join_by_if_name(struct sock *s, const struct ip_address *mc,
+				const char *if_name)
+{
+	struct ip_mreqn mreq = {};
+	int fd = s->fd;
+	int if_index;
+	int off = 0;
+	int ret;
+
+	if_index = if_nametoindex(if_name);
+	if (!if_index) {
+		perror("if_nametoindex");
+		return -1;
+	}
+
+	memcpy(&mreq.imr_multiaddr, &mc->addr, sizeof(struct in_addr));
+	mreq.imr_ifindex = if_index;
+
+	ret = setsockopt(fd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq));
+	if (ret) {
+		perror("setsockopt() IP_ADD_MEMBERSHIP");
+		return -1;
+	}
+
+	ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP, &off, sizeof(int));
+	if (ret) {
+		perror("setsockopt() IP_MULTICAST_LOOP");
+		return -1;
+	}
+
+	return 0;
+}
+
+static int mld_join(struct sock *s, const struct ip_address *mc,
+		    const char *if_name)
+{
+	struct ipv6_mreq mreq = {};
+	int if_index, off = 0;
+	int fd = s->fd;
+	int ret;
+
+	if_index = if_nametoindex(if_name);
+	if (!if_index) {
+		perror("if_nametoindex");
+		return -1;
+	}
+
+	memcpy(&mreq.ipv6mr_multiaddr, &mc->addr6, sizeof(struct in6_addr));
+	mreq.ipv6mr_interface = if_index;
+	ret = setsockopt(fd, IPPROTO_IPV6, IPV6_ADD_MEMBERSHIP, &mreq,
+			 sizeof(mreq));
+	if (ret) {
+		perror("setsockopt IPV6_ADD_MEMBERSHIP");
+		return -1;
+	}
+
+	ret = setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &off,
+			 sizeof(int));
+	if (ret) {
+		perror("setsockopt IPV6_MULTICAST_LOOP");
+		return -1;
+	}
+
+	return 0;
+}
+
+int mc_join(struct sock *s, const struct ip_address *mc, const char *if_name,
+	    int num_saddrs, struct ip_address *saddrs)
+{
+	int i, ret;
+
+	if (if_name) {
+		switch (mc->family) {
+		case AF_INET:
+			return igmp_join_by_if_name(s, mc, if_name);
+		case AF_INET6:
+			return mld_join(s, mc, if_name);
+		default:
+			return -1;
+		}
+	}
+
+	if (!num_saddrs) {		/* single interface */
+		struct ip_address saddr = {
+			.family = AF_INET,
+			.addr.s_addr = INADDR_ANY,
+		};
+
+		return igmp_join_by_saddr(s, mc, &saddr);
+	}
+
+	for (i = 0; i < num_saddrs; i++) {
+		ret = igmp_join_by_saddr(s, mc, &saddrs[i]);
+		if (ret)
+			return ret;
+	}
+
+	return 0;
+}
+
+static int igmp_set_ttl(int fd, int ttl)
+{
+	int ret;
+
+	ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_TTL, &ttl, sizeof(int));
+	if (ret)
+		perror("setsockopt() IP_MULTICAST_TTL");
+
+	return ret;
+}
+
+static int mld_set_hop_limit(int fd, int limit)
+{
+	int ret;
+
+	ret = setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &limit,
+			 sizeof(int));
+	if (ret)
+		perror("setsockopt() IPV6_MULTICAST_HOPS");
+
+	return ret;
+}
+
+int mc_set_hop_limit(struct sock *s, int limit)
+{
+	switch (s->addr_size) {
+	case sizeof(struct sockaddr_in):
+		return igmp_set_ttl(s->fd, limit);
+	case sizeof(struct sockaddr_in6):
+		return mld_set_hop_limit(s->fd, limit);
+	default:
+		return -1;
+	}
+}
+
+int mc_recv(struct sock *s, void *buf, size_t len, struct sock *from)
+{
+	from->addr_size = sizeof(struct sockaddr_in6);
+
+	return recvfrom(s->fd, buf, len, 0, (struct sockaddr *)&(from->udp6),
+			&from->addr_size);
+}
+
+int socket_get_port(const struct sock *s)
+{
+	switch (s->addr_size) {
+	case sizeof(struct sockaddr_in):
+		return ntohs(s->udp4.sin_port);
+	case sizeof(struct sockaddr_in6):
+		return ntohs(s->udp6.sin6_port);
+	default:
+		return 0;
+	}
+}
+--- /dev/null
+++ b/common.h
+@@ -0,0 +1,36 @@
+/*
+ * common.h -- Common header for mreceive.c and msend.c
+ */
+#ifndef _COMMON_H
+#define _COMMON_H
+
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/ip6.h>
+
+struct ip_address {
+	int family;
+	union {
+		struct in_addr addr;
+		struct in6_addr addr6;
+	};
+};
+
+struct sock {
+	socklen_t addr_size;
+	union {
+		struct sockaddr_in udp4;
+		struct sockaddr_in6 udp6;
+	};
+	int fd;
+};
+
+int ip_address_parse(const char *string, struct ip_address *ip);
+int socket_create(struct sock *s, int family, int port);
+int mc_join(struct sock *s, const struct ip_address *mc, const char *if_name,
+	    int num_saddrs, struct ip_address *saddrs);
+int mc_set_hop_limit(struct sock *s, int limit);
+int mc_recv(struct sock *s, void *buf, size_t len, struct sock *from);
+int socket_get_port(const struct sock *s);
+
+#endif
+--- a/mreceive.c
+++ b/mreceive.c
+@@ -28,6 +28,8 @@
+ #include <arpa/inet.h>
+ #include <sys/time.h>
+ 
+#include "common.h"
+
+ #define TRUE 1
+ #define FALSE 0
+ #ifndef INVALID_SOCKET
+@@ -43,7 +45,7 @@
+ 
+ char *TEST_ADDR = "224.1.1.1";
+ int TEST_PORT = 4444;
+-unsigned long IP[MAXIP];
+struct ip_address IP[MAXIP];
+ int NUM = 0;
+ 
+ void printHelp(void)
+@@ -62,52 +64,12 @@ Usage: mreceive [-g GROUP] [-p PORT] [-i
+   -h           Print the command usage.\n\n", VERSION);
+ }
+ 
+-static void igmp_join_by_saddr(int s, in_addr_t multiaddr, in_addr_t interface)
+-{
+-	struct ip_mreq mreq;
+-	int ret;
+-
+-	mreq.imr_multiaddr.s_addr = multiaddr;
+-	mreq.imr_interface.s_addr = interface;
+-
+-	ret = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP,
+-			 (char *)&mreq, sizeof(mreq));
+-	if (ret == SOCKET_ERROR) {
+-		printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n");
+-		exit(1);
+-	}
+-}
+-
+-static void igmp_join_by_if_name(int s, in_addr_t multicast,
+-				 const char *if_name)
+-{
+-	struct ip_mreqn mreq = {};
+-	int if_index;
+-	int ret;
+-
+-	if_index = if_nametoindex(if_name);
+-	if (!if_index) {
+-		perror("if_nametoindex");
+-		exit(1);
+-	}
+-
+-	mreq.imr_multiaddr.s_addr = multicast;
+-	mreq.imr_ifindex = if_index;
+-
+-	ret = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq));
+-	if (ret) {
+-		perror("setsockopt() IP_ADD_MEMBERSHIP");
+-		exit(1);
+-	}
+-}
+-
+ int main(int argc, char *argv[])
+ {
+-	struct sockaddr_in stLocal, stFrom;
+ 	unsigned char achIn[BUFSIZE];
+-	const char *if_name;
+-	int s, i;
+-	int iTmp, iRet;
+	const char *if_name = NULL;
+	struct ip_address mc;
+	struct sock s, from;
+ 	int ipnum = 0;
+ 	int ii;
+ 	unsigned int numreceived;
+@@ -116,6 +78,8 @@ int main(int argc, char *argv[])
+ 	int starttime;
+ 	int curtime;
+ 	struct timeval tv;
+	int ret;
+	int i;
+ 
+ /*
+   if( argc < 2 ) {
+@@ -152,7 +116,10 @@ int main(int argc, char *argv[])
+ 		} else if (strcmp(argv[ii], "-i") == 0) {
+ 			ii++;
+ 			if ((ii < argc) && !(strchr(argv[ii], '-'))) {
+-				IP[ipnum] = inet_addr(argv[ii]);
+				ret = ip_address_parse(argv[ii], &IP[ipnum]);
+				if (ret)
+					exit(1);
+
+ 				ii++;
+ 				ipnum++;
+ 			}
+@@ -177,73 +144,59 @@ int main(int argc, char *argv[])
+ 		}
+ 	}
+ 
+-	/* get a datagram socket */
+-	s = socket(AF_INET, SOCK_DGRAM, 0);
+-	if (s == INVALID_SOCKET) {
+-		printf("socket() failed.\n");
+	ret = ip_address_parse(TEST_ADDR, &mc);
+	if (ret)
+ 		exit(1);
+-	}
+ 
+-	/* avoid EADDRINUSE error on bind() */
+-	iTmp = TRUE;
+-	iRet = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&iTmp, sizeof(iTmp));
+-	if (iRet == SOCKET_ERROR) {
+-		printf("setsockopt() SO_REUSEADDR failed.\n");
+	if (mc.family == AF_INET6 && ipnum) {
+		printf("Joining IPv6 groups by source address not supported, use -I\n");
+ 		exit(1);
+ 	}
+ 
+-	/* name the socket */
+-	stLocal.sin_family = AF_INET;
+-	stLocal.sin_addr.s_addr = htonl(INADDR_ANY);
+-	stLocal.sin_port = htons(TEST_PORT);
+-	iRet = bind(s, (struct sockaddr *)&stLocal, sizeof(stLocal));
+-	if (iRet == SOCKET_ERROR) {
+-		printf("bind() failed.\n");
+	if (mc.family == AF_INET6 && !if_name) {
+		printf("-I is mandatory with IPv6\n");
+ 		exit(1);
+ 	}
+ 
+-	/* join the multicast group. */
+-	if (if_name) {
+-		igmp_join_by_if_name(s, inet_addr(TEST_ADDR), if_name);
+-	} else {
+-		if (!ipnum) {		/* single interface */
+-			igmp_join_by_saddr(s, inet_addr(TEST_ADDR), INADDR_ANY);
+-		} else {
+-			for (i = 0; i < ipnum; i++) {
+-				igmp_join_by_saddr(s, inet_addr(TEST_ADDR),
+-						   IP[i]);
+-			}
+-		}
+-	}
+	/* get a datagram socket */
+	ret = socket_create(&s, mc.family, TEST_PORT);
+	if (ret)
+		exit(1);
+ 
+-	/* set TTL to traverse up to multiple routers */
+-	iTmp = TTL_VALUE;
+-	iRet = setsockopt(s, IPPROTO_IP, IP_MULTICAST_TTL, (char *)&iTmp, sizeof(iTmp));
+-	if (iRet == SOCKET_ERROR) {
+-		printf("setsockopt() IP_MULTICAST_TTL failed.\n");
+	/* join the multicast group. */
+	ret = mc_join(&s, &mc, if_name, ipnum, IP);
+	if (ret)
+ 		exit(1);
+-	}
+ 
+-	/* disable loopback */
+-	/* iTmp = TRUE; */
+-	iTmp = FALSE;
+-	iRet = setsockopt(s, IPPROTO_IP, IP_MULTICAST_LOOP, (char *)&iTmp, sizeof(iTmp));
+-	if (iRet == SOCKET_ERROR) {
+-		printf("setsockopt() IP_MULTICAST_LOOP failed.\n");
+	/* set TTL to traverse up to multiple routers */
+	ret = mc_set_hop_limit(&s, TTL_VALUE);
+	if (ret)
+ 		exit(1);
+-	}
+ 
+ 	printf("Now receiving from multicast group: %s\n", TEST_ADDR);
+ 
+ 	for (i = 0;; i++) {
+-		socklen_t addr_size = sizeof(struct sockaddr_in);
+		char from_buf[INET6_ADDRSTRLEN];
+ 		static int iCounter = 1;
+		const char *addr_str;
+ 
+ 		/* receive from the multicast address */
+ 
+-		iRet = recvfrom(s, achIn, BUFSIZE, 0, (struct sockaddr *)&stFrom, &addr_size);
+-		if (iRet < 0) {
+-			printf("recvfrom() failed.\n");
+		ret = mc_recv(&s, achIn, BUFSIZE, &from);
+		if (ret < 0) {
+			perror("recvfrom");
+			exit(1);
+		}
+
+		if (mc.family == AF_INET) {
+			addr_str = inet_ntop(AF_INET, &from.udp4.sin_addr,
+					     from_buf, INET6_ADDRSTRLEN);
+		} else {
+			addr_str = inet_ntop(AF_INET6, &from.udp6.sin6_addr,
+					     from_buf, INET6_ADDRSTRLEN);
+		}
+		if (!addr_str) {
+			perror("inet_ntop");
+ 			exit(1);
+ 		}
+ 
+@@ -256,7 +209,8 @@ int main(int argc, char *argv[])
+ 			numreceived =
+ 			    (unsigned int)achIn[0] + ((unsigned int)(achIn[1]) << 8) + ((unsigned int)(achIn[2]) << 16) +
+ 			    ((unsigned int)(achIn[3]) >> 24);
+-			fprintf(stdout, "%5d\t%s:%5d\t%d.%03d\t%5d\n", iCounter, inet_ntoa(stFrom.sin_addr), ntohs(stFrom.sin_port),
+			fprintf(stdout, "%5d\t%s:%5d\t%d.%03d\t%5d\n", iCounter,
+				from_buf, socket_get_port(&from),
+ 				curtime / 1000000, (curtime % 1000000) / 1000, numreceived);
+ 			fflush(stdout);
+ 			rcvCountNew = numreceived;
+@@ -276,7 +230,7 @@ int main(int argc, char *argv[])
+ 			rcvCountOld = rcvCountNew;
+ 		} else {
+ 			printf("Receive msg %d from %s:%d: %s\n",
+-			       iCounter, inet_ntoa(stFrom.sin_addr), ntohs(stFrom.sin_port), achIn);
+			       iCounter, from_buf, socket_get_port(&from), achIn);
+ 		}
+ 		iCounter++;
+ 	}
--- a/net/net-mtools/patches/004-msend-support-IPv6.patch
+++ b/net/net-mtools/patches/004-msend-support-IPv6.patch
@ -0,0 +1,401 @@
+From 9aa908fc2dd84cfed151fa260b39465978079274 Mon Sep 17 00:00:00 2001
+From: Vladimir Oltean <vladimir.oltean@nxp.com>
+Date: Tue, 19 Apr 2022 19:28:59 +0300
+Subject: [PATCH 4/6] msend: support IPv6
+
+Finish the conversion by updating msend to use the common procedures
+that support IPv6.
+
+I've only tested this with a link-local source address.
+
+Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
+---
+ Makefile   |   2 +-
+ common.c   |  62 +++++++++++++++++++++----
+ common.h   |   5 +-
+ mreceive.c |   2 +-
+ msend.c    | 131 +++++++++++++++++++++++++++++------------------------
+ 5 files changed, 132 insertions(+), 70 deletions(-)
+
+--- a/Makefile
+++ b/Makefile
+@@ -35,7 +35,7 @@ all: $(EXEC)
+ 	@printf "  LINK    $@\n"
+ 	@$(CC) $(CFLAGS) $(LDFLAGS) -Wl,-Map,$@.map -o $@ $^ $(LDLIBS$(LDLIBS-$(@)))
+ 
+-msend:    msend.o
+msend:    msend.o common.o
+ mreceive: mreceive.o common.o
+ ttcp:     ttcp.o
+ 
+--- a/common.c
+++ b/common.c
+@@ -30,7 +30,8 @@ int ip_address_parse(const char *string,
+ 	return 0;
+ }
+ 
+-int socket_create(struct sock *s, int family, int port)
+int socket_create(struct sock *s, int family, int port,
+		  struct ip_address *saddr, const char *if_name)
+ {
+ 	struct sockaddr *serv_addr;
+ 	int sockopt = 1;
+@@ -40,13 +41,16 @@ int socket_create(struct sock *s, int fa
+ 
+ 	if (family == AF_INET) {
+ 		serv_addr = (struct sockaddr *)&s->udp4;
+-		s->udp4.sin_addr.s_addr = htonl(INADDR_ANY);
+		s->udp4.sin_addr = saddr ? saddr->addr :
+				   (struct in_addr) {
+					.s_addr = htonl(INADDR_ANY),
+				   };
+ 		s->udp4.sin_port = htons(port);
+ 		s->udp4.sin_family = AF_INET;
+ 		s->addr_size = sizeof(struct sockaddr_in);
+ 	} else {
+ 		serv_addr = (struct sockaddr *)&s->udp6;
+-		s->udp6.sin6_addr = in6addr_any;
+		s->udp6.sin6_addr = saddr ? saddr->addr6 : in6addr_any;
+ 		s->udp6.sin6_port = htons(port);
+ 		s->udp6.sin6_family = AF_INET6;
+ 		s->addr_size = sizeof(struct sockaddr_in6);
+@@ -66,11 +70,22 @@ int socket_create(struct sock *s, int fa
+ 		return ret;
+ 	}
+ 
+-	ret = bind(fd, serv_addr, s->addr_size);
+-	if (ret) {
+-		perror("bind");
+-		close(fd);
+-		return ret;
+	if (if_name) {
+		/* Bind to device, required for IPv6 link-local addresses */
+		ret = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, if_name,
+				 IFNAMSIZ - 1);
+		if (ret) {
+			perror("setsockopt() SO_BINDTODEVICE");
+			close(fd);
+			return ret;
+		}
+	} else {
+		ret = bind(fd, serv_addr, s->addr_size);
+		if (ret) {
+			perror("bind");
+			close(fd);
+			return ret;
+		}
+ 	}
+ 
+ 	s->fd = fd;
+@@ -248,6 +263,12 @@ int mc_recv(struct sock *s, void *buf, s
+ 			&from->addr_size);
+ }
+ 
+int mc_send(struct sock *s, struct sock *to, void *buf, size_t len)
+{
+	return sendto(s->fd, buf, len, 0, (struct sockaddr *)&(to->udp4),
+		      s->addr_size);
+}
+
+ int socket_get_port(const struct sock *s)
+ {
+ 	switch (s->addr_size) {
+@@ -259,3 +280,28 @@ int socket_get_port(const struct sock *s
+ 		return 0;
+ 	}
+ }
+
+int socket_set_loopback(struct sock *s, int loop)
+{
+	int fd = s->fd;
+	int ret;
+
+	switch (s->addr_size) {
+	case sizeof(struct sockaddr_in):
+		ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_LOOP, &loop,
+				 sizeof(int));
+		if (ret)
+			perror("setsockopt IP_MULTICAST_LOOP");
+		break;
+	case sizeof(struct sockaddr_in6):
+		ret = setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &loop,
+				 sizeof(int));
+		if (ret)
+			perror("setsockopt IPV6_MULTICAST_LOOP");
+		break;
+	default:
+		return 0;
+	}
+
+	return ret;
+}
+--- a/common.h
+++ b/common.h
+@@ -26,11 +26,14 @@ struct sock {
+ };
+ 
+ int ip_address_parse(const char *string, struct ip_address *ip);
+-int socket_create(struct sock *s, int family, int port);
+int socket_create(struct sock *s, int family, int port,
+		  struct ip_address *saddr, const char *if_name);
+ int mc_join(struct sock *s, const struct ip_address *mc, const char *if_name,
+ 	    int num_saddrs, struct ip_address *saddrs);
+ int mc_set_hop_limit(struct sock *s, int limit);
+ int mc_recv(struct sock *s, void *buf, size_t len, struct sock *from);
+int mc_send(struct sock *s, struct sock *to, void *buf, size_t len);
+ int socket_get_port(const struct sock *s);
+int socket_set_loopback(struct sock *s, int loop);
+ 
+ #endif
+--- a/mreceive.c
+++ b/mreceive.c
+@@ -159,7 +159,7 @@ int main(int argc, char *argv[])
+ 	}
+ 
+ 	/* get a datagram socket */
+-	ret = socket_create(&s, mc.family, TEST_PORT);
+	ret = socket_create(&s, mc.family, TEST_PORT, NULL, NULL);
+ 	if (ret)
+ 		exit(1);
+ 
+--- a/msend.c
+++ b/msend.c
+@@ -30,6 +30,8 @@
+ #include <signal.h>
+ #include <sys/time.h>
+ 
+#include "common.h"
+
+ #define TRUE 1
+ #define FALSE 0
+ #ifndef INVALID_SOCKET
+@@ -45,18 +47,16 @@ char *TEST_ADDR = "224.1.1.1";
+ int TEST_PORT = 4444;
+ int TTL_VALUE = 1;
+ int SLEEP_TIME = 1000;
+-unsigned long IP = INADDR_ANY;
+ int NUM = 0;
+ 
+ int join_flag = 0;		/* not join */
+ 
+ typedef struct timerhandler_s {
+-	int s;
+	struct sock *s;
+	struct sock *to;
+ 	char *achOut;
+ 	int len;
+ 	int n;
+-	struct sockaddr *stTo;
+-	int addr_size;
+ } timerhandler_t;
+ timerhandler_t handler_par;
+ void timerhandler();
+@@ -87,16 +87,15 @@ Usage:  msend [-g GROUP] [-p PORT] [-joi
+ 
+ int main(int argc, char *argv[])
+ {
+-	struct sockaddr_in stLocal, stTo;
+	struct ip_address *saddr = NULL, mc;
+	struct sock s = {}, to = {};
+	const char *if_name = NULL;
+ 	char achOut[BUFSIZE] = "";
+-	int s, i;
+-	struct ip_mreq stMreq;
+-	int iTmp, iRet;
+ 	int ii = 1;
+-	int addr_size = sizeof(struct sockaddr_in);
+ 	struct itimerval times;
+ 	sigset_t sigset;
+ 	struct sigaction act;
+	int ret, i;
+ 
+ 	if ((argc == 2) && (strcmp(argv[ii], "-v") == 0)) {
+ 		printf("msend version 2.2\n");
+@@ -126,7 +125,32 @@ int main(int argc, char *argv[])
+ 		} else if (strcmp(argv[ii], "-i") == 0) {
+ 			ii++;
+ 			if ((ii < argc) && !(strchr(argv[ii], '-'))) {
+-				IP = inet_addr(argv[ii]);
+				if (saddr) {
+					printf("Single source address allowed\n");
+					exit(1);
+				}
+
+				saddr = calloc(1, sizeof(*saddr));
+				if (!saddr) {
+					printf("Low memory\n");
+					exit(1);
+				}
+
+				ret = ip_address_parse(argv[ii], saddr);
+				if (ret)
+					exit(1);
+
+				ii++;
+			}
+		} else if (strcmp(argv[ii], "-I") == 0) {
+			ii++;
+			if (ii < argc) {
+				if (if_name) {
+					printf("Single interface expected\n");
+					exit(1);
+				}
+
+				if_name = argv[ii];
+ 				ii++;
+ 			}
+ 		} else if (strcmp(argv[ii], "-t") == 0) {
+@@ -158,62 +182,50 @@ int main(int argc, char *argv[])
+ 		}
+ 	}
+ 
+-	/* get a datagram socket */
+-	s = socket(AF_INET, SOCK_DGRAM, 0);
+-	if (s == INVALID_SOCKET) {
+-		printf("socket() failed.\n");
+	ret = ip_address_parse(TEST_ADDR, &mc);
+	if (ret)
+ 		exit(1);
+-	}
+ 
+-	/* avoid EADDRINUSE error on bind() */
+-	iTmp = TRUE;
+-	iRet = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&iTmp, sizeof(iTmp));
+-	if (iRet == SOCKET_ERROR) {
+-		printf("setsockopt() SO_REUSEADDR failed.\n");
+	if (join_flag && mc.family == AF_INET6 && !if_name) {
+		printf("-I is mandatory when joining IPv6 group\n");
+ 		exit(1);
+ 	}
+ 
+-	/* name the socket */
+-	stLocal.sin_family = AF_INET;
+-	stLocal.sin_addr.s_addr = IP;
+-	stLocal.sin_port = htons(TEST_PORT);
+-	iRet = bind(s, (struct sockaddr *)&stLocal, sizeof(stLocal));
+-	if (iRet == SOCKET_ERROR) {
+-		printf("bind() failed.\n");
+	/* get a datagram socket */
+	ret = socket_create(&s, mc.family, TEST_PORT, saddr, if_name);
+	if (ret)
+ 		exit(1);
+-	}
+ 
+ 	/* join the multicast group. */
+-	stMreq.imr_multiaddr.s_addr = inet_addr(TEST_ADDR);
+-	stMreq.imr_interface.s_addr = IP;
+ 	if (join_flag == 1) {
+-		iRet = setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, (char *)&stMreq, sizeof(stMreq));
+-		if (iRet == SOCKET_ERROR) {
+-			printf("setsockopt() IP_ADD_MEMBERSHIP failed.\n");
+		ret = mc_join(&s, &mc, if_name, 0, NULL);
+		if (ret)
+ 			exit(1);
+-		}
+ 	}
+ 
+ 	/* set TTL to traverse up to multiple routers */
+-	iTmp = TTL_VALUE;
+-	iRet = setsockopt(s, IPPROTO_IP, IP_MULTICAST_TTL, (char *)&iTmp, sizeof(iTmp));
+-	if (iRet == SOCKET_ERROR) {
+-		printf("setsockopt() IP_MULTICAST_TTL failed.\n");
+	ret = mc_set_hop_limit(&s, TTL_VALUE);
+	if (ret)
+ 		exit(1);
+-	}
+ 
+ 	/* enable loopback */
+-	iTmp = TRUE;
+-	iRet = setsockopt(s, IPPROTO_IP, IP_MULTICAST_LOOP, (char *)&iTmp, sizeof(iTmp));
+-	if (iRet == SOCKET_ERROR) {
+-		printf("setsockopt() IP_MULTICAST_LOOP failed.\n");
+	ret = socket_set_loopback(&s, 1);
+	if (ret)
+ 		exit(1);
+-	}
+ 
+ 	/* assign our destination address */
+-	stTo.sin_family = AF_INET;
+-	stTo.sin_addr.s_addr = inet_addr(TEST_ADDR);
+-	stTo.sin_port = htons(TEST_PORT);
+	if (mc.family == AF_INET) {
+		to.udp4.sin_addr = mc.addr;
+		to.udp4.sin_port = htons(TEST_PORT);
+		to.udp4.sin_family = AF_INET;
+		to.addr_size = sizeof(struct sockaddr_in);
+	} else {
+		to.udp6.sin6_addr = mc.addr6;
+		to.udp6.sin6_port = htons(TEST_PORT);
+		to.udp6.sin6_family = AF_INET6;
+		to.addr_size = sizeof(struct sockaddr_in6);
+	}
+
+ 	printf("Now sending to multicast group: %s\n", TEST_ADDR);
+ 
+ 	SLEEP_TIME *= 1000;	/* convert to microsecond */
+@@ -237,12 +249,11 @@ int main(int argc, char *argv[])
+ 		times.it_interval.tv_usec = (long)(SLEEP_TIME % 1000000);
+ 		setitimer(ITIMER_REAL, &times, NULL);
+ 
+-		handler_par.s = s;
+		handler_par.s = &s;
+		handler_par.to = &to;
+ 		handler_par.achOut = achOut;
+ 		handler_par.len = strlen(achOut) + 1;
+ 		handler_par.n = 0;
+-		handler_par.stTo = (struct sockaddr *)&stTo;
+-		handler_par.addr_size = addr_size;
+ 
+ 		/* now wait for the alarms */
+ 		sigemptyset(&sigset);
+@@ -252,8 +263,6 @@ int main(int argc, char *argv[])
+ 		return 0;
+ 	} else {
+ 		for (i = 0; i < 10; i++) {
+-			int addr_size = sizeof(struct sockaddr_in);
+-
+ 			if (NUM) {
+ 				achOut[3] = (unsigned char)(i >> 24);
+ 				achOut[2] = (unsigned char)(i >> 16);
+@@ -264,9 +273,10 @@ int main(int argc, char *argv[])
+ 				printf("Send out msg %d to %s:%d: %s\n", i, TEST_ADDR, TEST_PORT, achOut);
+ 			}
+ 
+-			iRet = sendto(s, achOut, (NUM ? 4 : strlen(achOut) + 1), 0, (struct sockaddr *)&stTo, addr_size);
+-			if (iRet < 0) {
+-				printf("sendto() failed.\n");
+			ret = mc_send(&s, &to, achOut,
+				      NUM ? 4 : strlen(achOut) + 1);
+			if (ret < 0) {
+				perror("sendto");
+ 				exit(1);
+ 			}
+ 		}		/* end for(;;) */
+@@ -277,8 +287,8 @@ int main(int argc, char *argv[])
+ 
+ void timerhandler(void)
+ {
+-	int iRet;
+ 	static int iCounter = 1;
+	int ret;
+ 
+ 	if (NUM) {
+ 		handler_par.achOut = (char *)(&iCounter);
+@@ -287,11 +297,14 @@ void timerhandler(void)
+ 	} else {
+ 		printf("Sending msg %d, TTL %d, to %s:%d: %s\n", iCounter, TTL_VALUE, TEST_ADDR, TEST_PORT, handler_par.achOut);
+ 	}
+-	iRet = sendto(handler_par.s, handler_par.achOut, handler_par.len, handler_par.n, handler_par.stTo, handler_par.addr_size);
+-	if (iRet < 0) {
+-		printf("sendto() failed.\n");
+
+	ret = mc_send(handler_par.s, handler_par.to, handler_par.achOut,
+		      handler_par.len);
+	if (ret < 0) {
+		perror("sendto");
+ 		exit(1);
+ 	}
+
+ 	iCounter++;
+ 	return;
+ }
--- a/net/net-mtools/patches/005-mreceive-msend-add-new-I-option-to-the-help-text.patch
+++ b/net/net-mtools/patches/005-mreceive-msend-add-new-I-option-to-the-help-text.patch
@ -0,0 +1,33 @@
+From bf95bdeccab98cec77dc1b10bce0b215754e4e46 Mon Sep 17 00:00:00 2001
+From: Vladimir Oltean <vladimir.oltean@nxp.com>
+Date: Thu, 21 Apr 2022 16:45:08 +0300
+Subject: [PATCH 5/6] mreceive: msend: add new -I option to the help text
+
+Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
+---
+ mreceive.c | 2 ++
+ msend.c    | 2 ++
+ 2 files changed, 4 insertions(+)
+
+--- a/mreceive.c
+++ b/mreceive.c
+@@ -58,6 +58,8 @@ Usage: mreceive [-g GROUP] [-p PORT] [-i
+   -p PORT      UDP port number used in the multicast packets.  Default: 4444\n\
+   -i ADDRESS   IP addresses of one or more interfaces to listen for the given\n\
+                multicast group.  Default: the system default interface.\n\
+  -I interface The interface on which to receive. Can be specified as an\n\
+               alternative to -i.\n\
+   -n           Interpret the contents of the message as a number instead of\n\
+                a string of characters.  Use this with `msend -n`\n\
+   -v           Print version information.\n\
+--- a/msend.c
+++ b/msend.c
+@@ -72,6 +72,8 @@ Usage:  msend [-g GROUP] [-p PORT] [-joi
+   -p PORT      UDP port number used in the multicast packets.  Default: 4444\n\
+   -i ADDRESS   IP address of the interface to use to send the packets.\n\
+                The default is to use the system default interface.\n\
+  -I interface The interface on which to send. Can be specified as an\n\
+               alternative to -i.\n\
+   -join        Multicast sender will join the multicast group.\n\
+                By default a sender never joins the group.\n\
+   -P PERIOD    Interval in milliseconds between packets.  Default 1000 msec\n\
--- a/net/net-mtools/patches/006-msend-send-a-limited-number-of-test-packets.patch
+++ b/net/net-mtools/patches/006-msend-send-a-limited-number-of-test-packets.patch
@ -0,0 +1,81 @@
+From 1013b0a83aef868e6cd33b2f467b9f886b41e7bc Mon Sep 17 00:00:00 2001
+From: Vladimir Oltean <vladimir.oltean@nxp.com>
+Date: Fri, 22 Apr 2022 12:59:56 +0300
+Subject: [PATCH 6/6] msend: send a limited number of test packets
+
+For easier integration into a selftest framework, limit the amount of
+packets that the program sends via a command-line argument.
+
+Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
+---
+ msend.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+--- a/msend.c
+++ b/msend.c
+@@ -56,7 +56,7 @@ typedef struct timerhandler_s {
+ 	struct sock *to;
+ 	char *achOut;
+ 	int len;
+-	int n;
+	int num_pkts;
+ } timerhandler_t;
+ timerhandler_t handler_par;
+ void timerhandler();
+@@ -82,6 +82,7 @@ Usage:  msend [-g GROUP] [-p PORT] [-joi
+                the first router will drop the packets!  Default: 1\n\
+   -text \"text\" Specify a string to use as payload in the packets, also\n\
+                displayed by the mreceive command.  Default: empty\n\
+  -c           Number of packets to send. Default: send indefinitely\n\
+   -n           Encode -text argument as a number instead of a string.\n\
+   -v           Print version information.\n\
+   -h           Print the command usage.\n\n", VERSION);
+@@ -97,6 +98,7 @@ int main(int argc, char *argv[])
+ 	struct itimerval times;
+ 	sigset_t sigset;
+ 	struct sigaction act;
+	int num_pkts = 0;
+ 	int ret, i;
+ 
+ 	if ((argc == 2) && (strcmp(argv[ii], "-v") == 0)) {
+@@ -171,6 +173,12 @@ int main(int argc, char *argv[])
+ 			ii++;
+ 			NUM = 1;
+ 			ii++;
+		} else if (strcmp(argv[ii], "-c") == 0) {
+			ii++;
+			if ((ii < argc) && !(strchr(argv[ii], '-'))) {
+				num_pkts = atoi(argv[ii]);
+				ii++;
+			}
+ 		} else if (strcmp(argv[ii], "-text") == 0) {
+ 			ii++;
+ 			if ((ii < argc) && !(strchr(argv[ii], '-'))) {
+@@ -255,7 +263,7 @@ int main(int argc, char *argv[])
+ 		handler_par.to = &to;
+ 		handler_par.achOut = achOut;
+ 		handler_par.len = strlen(achOut) + 1;
+-		handler_par.n = 0;
+		handler_par.num_pkts = num_pkts;
+ 
+ 		/* now wait for the alarms */
+ 		sigemptyset(&sigset);
+@@ -264,7 +272,7 @@ int main(int argc, char *argv[])
+ 		}
+ 		return 0;
+ 	} else {
+-		for (i = 0; i < 10; i++) {
+		for (i = 0; num_pkts && i < num_pkts; i++) {
+ 			if (NUM) {
+ 				achOut[3] = (unsigned char)(i >> 24);
+ 				achOut[2] = (unsigned char)(i >> 16);
+@@ -307,6 +315,9 @@ void timerhandler(void)
+ 		exit(1);
+ 	}
+ 
+	if (iCounter == handler_par.num_pkts)
+		exit(1);
+
+ 	iCounter++;
+ 	return;
+ }
--- a/net/net-mtools/patches/100-mreceive-msend-fix-wrong-version-in-v-output.patch
+++ b/net/net-mtools/patches/100-mreceive-msend-fix-wrong-version-in-v-output.patch
@ -0,0 +1,37 @@
+From e0c9115e1ceb6621d6c04ae8bfd423a0452fea9c Mon Sep 17 00:00:00 2001
+From: Christian Marangi <ansuelsmth@gmail.com>
+Date: Wed, 5 Jul 2023 11:03:40 +0200
+Subject: [PATCH] mreceive: msend: fix wrong version in -v output
+
+-v output was never changed to follow VERSION declared in Makefile and
+was still hardcoded. Fix this to improve version output and align to -h
+output.
+
+Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
+---
+ mreceive.c | 2 +-
+ msend.c    | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/mreceive.c
+++ b/mreceive.c
+@@ -93,7 +93,7 @@ int main(int argc, char *argv[])
+ 	ii = 1;
+ 
+ 	if ((argc == 2) && (strcmp(argv[ii], "-v") == 0)) {
+-		printf("mreceive version 2.2\n");
+		printf("mreceive version %s\n", VERSION);
+ 		return 0;
+ 	}
+ 	if ((argc == 2) && (strcmp(argv[ii], "-h") == 0)) {
+--- a/msend.c
+++ b/msend.c
+@@ -102,7 +102,7 @@ int main(int argc, char *argv[])
+ 	int ret, i;
+ 
+ 	if ((argc == 2) && (strcmp(argv[ii], "-v") == 0)) {
+-		printf("msend version 2.2\n");
+		printf("msend version %s\n", VERSION);
+ 		return 0;
+ 	}
+ 	if ((argc == 2) && (strcmp(argv[ii], "-h") == 0)) {
--- a/net/net-mtools/test.sh
+++ b/net/net-mtools/test.sh
@ -0,0 +1,4 @@
+#!/bin/sh
+
+msend -v | grep "$2"
+mreceive -v | grep "$2"
--- a/net/nginx/Config_ssl.in
+++ b/net/nginx/Config_ssl.in
@ -175,6 +175,11 @@ config NGINX_HTTP_V2
 	prompt "Enable HTTP_V2 module"
 	default y

+config NGINX_HTTP_QUIC
+	bool
+	prompt "Enable QUIC support"
+	default n
+
 config NGINX_PCRE
 	bool
 	prompt "Enable PCRE library usage"
--- a/net/nginx/Makefile
+++ b/net/nginx/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=nginx
-PKG_VERSION:=1.25.0
+PKG_VERSION:=1.25.1
 PKG_RELEASE:=2

 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://nginx.org/download/
-PKG_HASH:=5ed44d45943272a4e8a5bcf4434237210f2de31b903fca5e381c1bbd7eee1e8c
+PKG_HASH:=f09071ac46e0ea3adc0008ef0baca229fc6b4be4533baef9bbbfba7de29a8602

 PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de> \
 				Ansuel Smith <ansuelsmth@gmail.com>
@ -27,6 +27,7 @@ PKG_BUILD_FLAGS:=gc-sections

 # 3rd-party modules
 PKG_MOD_EXTRA := \
+	geoip2 \
 	lua \
 	rtmp \
 	dav-ext \
@ -75,6 +76,7 @@ PKG_CONFIG_DEPENDS := \
 	CONFIG_NGINX_HTTP_UPSTREAM_ZONE \
 	CONFIG_NGINX_HTTP_CACHE \
 	CONFIG_NGINX_HTTP_V2 \
+	CONFIG_NGINX_HTTP_QUIC \
 	CONFIG_NGINX_PCRE \
 	CONFIG_NGINX_HTTP_REAL_IP \
 	CONFIG_NGINX_HTTP_SECURE_LINK \
@ -158,16 +160,15 @@ endef

 define Package/nginx-full
  $(Package/nginx/default)
-  TITLE += with ALL module selected
-  DEPENDS+=+libpcre +nginx-ssl-util +zlib +libxml2 \
-    $(foreach m,$(PKG_MOD_ALL),+nginx-mod-$(m))
+  TITLE += with ALL config selected
+  DEPENDS+=+libpcre +nginx-ssl-util +zlib +libxml2
  EXTRA_DEPENDS:=nginx-ssl-util (>=1.5-1) (<2)
  VARIANT:=full
  PROVIDES += nginx-ssl
 endef

 Package/nginx-full/description = $(Package/nginx/description) \
-  This variant is compiled with ALL module selected.
+  This variant is compiled with ALL config selected.

 Package/nginx-full/install = $(Package/nginx-ssl/install)

@ -198,6 +199,13 @@ define Package/nginx-mod-luci/install
 	$(INSTALL_BIN) ./files-luci-support/60_nginx-luci-support $(1)/etc/uci-defaults/60_nginx-luci-support
 endef

+define Download/nginx-mod-geoip2
+  VERSION:=1cabd8a1f68ea3998f94e9f3504431970f848fbf
+  URL:=https://github.com/leev/ngx_http_geoip2_module.git
+  MIRROR_HASH:=b4bd8517f6595f28e9cea5370045df476e0f7fa9ca3611d71ba85c518f1a7eda
+  PROTO:=git
+endef
+
 define Download/nginx-mod-headers-more
  VERSION:=bea1be3bbf6af28f6aa8cf0c01c07ee1637e2bd0
  URL:=https://github.com/openresty/headers-more-nginx-module.git
@ -393,6 +401,7 @@ CONFIGURE_ARGS += \
 	$(if $(call IsEnabled,NGINX_FLV),--with-http_flv_module) \
 	$(if $(call IsEnabled,NGINX_DAV),--with-http_dav_module) \
 	$(if $(call IsEnabled,NGINX_HTTP_AUTH_REQUEST),--with-http_auth_request_module) \
+	$(if $(call IsEnabled,NGINX_HTTP_QUIC),--with-http_v3_module) \
 	$(if $(call IsEnabled,NGINX_HTTP_V2),--with-http_v2_module) \
 	$(if $(call IsEnabled,NGINX_HTTP_REAL_IP),--with-http_realip_module) \
 	$(if $(call IsEnabled,NGINX_HTTP_SECURE_LINK),--with-http_secure_link_module) \
@ -423,6 +432,8 @@ $(eval $(call BuildModule,brotli,,ngx_http_brotli_filter ngx_http_brotli_static,
 	Add support for brotli compression module.))
 $(eval $(call BuildModule,naxsi,,ngx_http_naxsi, \
 	Enable NAXSI module.))
+$(eval $(call BuildModule,geoip2,+@NGINX_STREAM_CORE_MODULE +libmaxminddb,ngx_http_geoip2 ngx_stream_geoip2, \
+	Enable MaxMind GeoIP2 module.))

 # TODO: remove after a transition period (together with pkg nginx-util):
 # It is for smoothly substituting nginx and nginx-mod-luci-ssl (by nginx-ssl
--- a/net/pdns-recursor/Makefile
+++ b/net/pdns-recursor/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=pdns-recursor
-PKG_VERSION:=4.8.4
+PKG_VERSION:=4.9.0
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/
-PKG_HASH:=f0a63fd08e03da82fa20d333ea5179d1b9259f4264546cf4995286677d9458c7
+PKG_HASH:=d36f162843e367646a661a785ca0becde9b68552855bf40532aebafa103966f3

 PKG_MAINTAINER:=Peter van Dijk <peter.van.dijk@powerdns.com>
 PKG_LICENCE:=GPL-2.0-only
--- a/net/pdns-recursor/patches/100-disable-recursor.conf-dist.patch
+++ b/net/pdns-recursor/patches/100-disable-recursor.conf-dist.patch
@ -1,6 +1,6 @@
 --- a/Makefile.am
 +++ b/Makefile.am
-@@ -503,12 +503,6 @@ $(srcdir)/effective_tld_names.dat:
+@@ -507,12 +507,6 @@ $(srcdir)/effective_tld_names.dat:
 pubsuffix.cc: $(srcdir)/effective_tld_names.dat
 	$(AM_V_GEN)./mkpubsuffixcc
 
--- a/net/pdns/Makefile
+++ b/net/pdns/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=pdns
-PKG_VERSION:=4.8.0
+PKG_VERSION:=4.8.1
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/
-PKG_HASH:=61a96bbaf8b0ca49a9225a2254b9443c4ff8e050d337437d85af4de889e10127
+PKG_HASH:=66dd3ee2654f42b4eb80260f94ecb48e313a81817f58125ce48c14c2d26e309e

 PKG_MAINTAINER:=Peter van Dijk <peter.van.dijk@powerdns.com>
 PKG_LICENCE:=GPL-2.0-only
--- a/net/snort3/Makefile
+++ b/net/snort3/Makefile
@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=snort3
-PKG_VERSION:=3.1.64.0
+PKG_VERSION:=3.1.65.0
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/snort3/snort3/archive/refs/tags/
-PKG_HASH:=57be62557178526059ded86d0bebf8a57aa4a46db9390a48ae030b6e45f1dc61
+PKG_HASH:=c798e34703e1e6710fa7eecc4684f2cac58e310f85ce5d5f832945a036e7f542

 PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
 PKG_LICENSE:=GPL-2.0-only
--- a/net/tailscale/Makefile
+++ b/net/tailscale/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=tailscale
-PKG_VERSION:=1.42.0
+PKG_VERSION:=1.44.0
 PKG_RELEASE:=1

 PKG_SOURCE:=tailscale-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=09de9bacda98de8d733cff162572b7eac857d13db783776ba2a2450a44ecc5e9
+PKG_HASH:=dc230cf3ac290140e573268a6e8f17124752ef064c8d3a86765a9dbb6f1bd354

 PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec1@gmail.com>
 PKG_LICENSE:=BSD-3-Clause
--- a/utils/dfu-programmer/Makefile
+++ b/utils/dfu-programmer/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=dfu-programmer
-PKG_VERSION:=1.0.0
+PKG_VERSION:=1.1.0
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/$(PKG_NAME)/$(PKG_NAME)/releases/download/v$(PKG_VERSION)/
-PKG_HASH:=867eaf0a8cd10123715491807ab99cecb54dc6f09dddade4b2a42b0b0ef9e6b0
+PKG_HASH:=844e469be559657bc52c9d9d03c30846acd11ffbb1ddd42438fa8af1d2b8587d

 PKG_MAINTAINER:=Stefan Hellermann <stefan@the2masters.de>
 PKG_LICENSE:=GPL-2.0
--- a/utils/stress-ng/Makefile
+++ b/utils/stress-ng/Makefile
@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=stress-ng
-PKG_VERSION:=0.15.06
+PKG_VERSION:=0.15.10
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/ColinIanKing/stress-ng/tar.gz/refs/tags/V$(PKG_VERSION)?
-PKG_HASH:=c38cefcf0a83f6c65aed7c36e57a9a1ee8373418ef71cf089a75b0661dcd4623
+PKG_HASH:=fcd86e1b8db5b2c22182cefbf4b3131a8599bff5bdd85edf776ec15c2d80e8f1

 PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
 PKG_LICENSE:=GPL-2.0-only
--- a/utils/stress-ng/patches/001-disable-extra-stressors.patch
+++ b/utils/stress-ng/patches/001-disable-extra-stressors.patch
@ -0,0 +1,15 @@
+--- a/Makefile.config
+++ b/Makefile.config
+@@ -319,9 +319,9 @@ compiler: configdir
+ libraries: \
+ 	compiler \
+ 	LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \
+-	LIB_EGL LIB_GBM LIB_GLES2 LIB_IPSEC_MB LIB_JPEG \
+-	LIB_JUDY LIB_KMOD LIB_MD LIB_MPFR LIB_PTHREAD LIB_PTHREAD_SPINLOCK \
+-	LIB_RT LIB_SCTP LIB_XXHASH LIB_Z
+	LIB_IPSEC_MB LIB_JPEG \
+	LIB_JUDY LIB_KMOD LIB_MD LIB_PTHREAD LIB_PTHREAD_SPINLOCK \
+	LIB_RT LIB_SCTP LIB_Z
+ 
+ LIB_AIO: compiler
+ 	$(call check,test-libaio,HAVE_LIB_AIO,$(LIB_AIO),$(LIB_AIO))
--- a/utils/stress-ng/patches/001-disable-gpu-stressor.patch
+++ b/utils/stress-ng/patches/001-disable-gpu-stressor.patch
@ -1,11 +0,0 @@
--- a/Makefile.config
-+++ b/Makefile.config
-@@ -264,7 +264,7 @@ clean:
- libraries: \
- 	configdir \
- 	LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \
-	LIB_EGL LIB_GBM LIB_GLES2 LIB_IPSEC_MB LIB_JPEG \
-+	LIB_IPSEC_MB LIB_JPEG \
- 	LIB_JUDY LIB_KMOD LIB_MD LIB_PTHREAD LIB_PTHREAD_SPINLOCK \
- 	LIB_RT LIB_SCTP LIB_XXHASH LIB_Z
- 
--- a/utils/stress-ng/patches/002-disable-compiler-test.patch
+++ b/utils/stress-ng/patches/002-disable-compiler-test.patch
@ -0,0 +1,13 @@
+--- a/Makefile.config
+++ b/Makefile.config
+@@ -309,10 +309,6 @@ clean:
+ 	@rm -rf $(CONFIGS) config config.h
+ 
+ compiler: configdir
+-	@echo "checking compiler ..."
+-	@$(CC) test/test-compiler.c -o test/test-compiler
+-	@echo "" > $(CONFIGS)/$$(./test/test-compiler)
+-	@rm -f test/test-compiler
+ 	$(call check,test-glibc,HAVE_GLIBC,using glibc)
+ 
+ .PHONY: libraries
--- a/utils/stress-ng/patches/002-disable-xxhash.patch
+++ b/utils/stress-ng/patches/002-disable-xxhash.patch
@ -1,11 +0,0 @@
--- a/Makefile.config
-+++ b/Makefile.config
-@@ -266,7 +266,7 @@ libraries: \
- 	LIB_AIO LIB_APPARMOR LIB_BSD LIB_CRYPT LIB_DL \
- 	LIB_IPSEC_MB LIB_JPEG \
- 	LIB_JUDY LIB_KMOD LIB_MD LIB_PTHREAD LIB_PTHREAD_SPINLOCK \
-	LIB_RT LIB_SCTP LIB_XXHASH LIB_Z
-+	LIB_RT LIB_SCTP LIB_Z
- 
- LIB_AIO:
- 	$(call check,test-libaio,HAVE_LIB_AIO,$(LIB_AIO),$(LIB_AIO))