Commit Graph

48242 Commits

Author SHA1 Message Date
Felix Fietkau
dfd62e575c ramips: enable packet steering by default on mt7621
It provides a significant performance boost, especially with flow offloading
enabled

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 16:17:12 +02:00
Felix Fietkau
4baf90de8d netifd: disable receive packet steering for DSA slave devices
It is already handled on the master device. Doing it twice reduces
performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 16:17:12 +02:00
Felix Fietkau
bf3f06f1ba mt76: enable hostapd 802.11ax support if kmod-mt7915e is selected
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 12:56:35 +02:00
Felix Fietkau
41d7a14ead hostapd: add config symbol for allowing drivers to enable 802.11ax support
Also expose a build feature for it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 12:56:35 +02:00
Christian Lamparter
61307544d1 ath79: wndr3700 series: fix wifi range & throughput
This patch adds ar71xx's GPIO setup for the 2.4GHz and 5GHz antennae
demultiplexer:

| 158         /* 2.4 GHz uses the first fixed antenna group (1, 0, 1, 0) */
| 159         ap9x_pci_setup_wmac_gpio(0, (0xf << 6), (0xa << 6));
| 160
| 161         /* 5 GHz uses the second fixed antenna group (0, 1, 1, 0) */
| 162         ap9x_pci_setup_wmac_gpio(1, (0xf << 6), (0x6 << 6));

This should restore the range and throughput of the 2.4GHz radio
on all the derived wndr3700 variants and versions with the AR7161 SoC.
A special case is the 5GHz radio. The original wndr3700(v1) will
benefit from this change. However the wndr3700v2 and later revisions
were unaffected by the missing bits, as there is no demultiplexer
present in the later designs.

This patch uses gpio-hogs within the device-tree for all
wndr3700/wndr3800/wndrmac variants.

Notes:

Based on the PCB pictures, the WNDR3700(v1) really had eight
independent antennae. Four antennae for each radio and all of
those were printed on the circut board.

The WNDR3700v2 and later have just six antennae. Four of those
are printed on the circuit board and serve the 2.4GHz radio.
Whereas the remaining two are special 5GHz Rayspan Patch Antennae
which are directly connected to the 5GHz radio.

Hannu Nyman dug pretty deep and unearthed a treasure of information
regarding the history of how these values came to be in the OpenWrt
archives: <https://dev.archive.openwrt.org/ticket/6533.html>.

Mark Mentovai came across the fixed antenna group when he was looking
into the driver:

    fixed_antenna_group 1, (0, 1, 0, 1)
    fixed_antenna_group 2, (0, 1, 1, 0)
    fixed_antenna_group 3, (1, 0, 0, 1)
    fixed_antenna_group 4, (1, 0, 1, 0)

Fixes: FS#3088

Reported-by: Luca Bensi
Reported-by: Maciej Mazur
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Debugged-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-06-09 21:10:45 +02:00
Christian Lamparter
f611b014a7 ca-certificates: update to version 20200601
This patch updates the ca-certificates and ca-bundle package.
This version changed the files directory again, to work/, so
PKG_BUILD_DIR was brought back.

A list of changes from Debian's change-log entry for 20200601 [0]:

  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.40.
    Closes: #956411, #955038
  * mozilla/blacklist.txt
    Add distrusted Symantec CA list to blacklist for explicit removal.
    Closes: #911289
    Blacklist expired root certificate, "AddTrust External Root"
    Closes: #961907
    The following certificate authorities were added (+):
    + "Certigna Root CA"
    + "emSign ECC Root CA - C3"
    + "emSign ECC Root CA - G3"
    + "emSign Root CA - C1"
    + "emSign Root CA - G1"
    + "Entrust Root Certification Authority - G4"
    + "GTS Root R1"
    + "GTS Root R2"
    + "GTS Root R3"
    + "GTS Root R4"
    + "Hongkong Post Root CA 3"
    + "UCA Extended Validation Root"
    + "UCA Global G2 Root"
    The following certificate authorities were removed (-):
    - "AddTrust External Root"
    - "Certinomis - Root CA"
    - "Certplus Class 2 Primary CA"
    - "Deutsche Telekom Root CA 2"
    - "GeoTrust Global CA"
    - "GeoTrust Primary Certification Authority"
    - "GeoTrust Primary Certification Authority - G2"
    - "GeoTrust Primary Certification Authority - G3"
    - "GeoTrust Universal CA"
    - "thawte Primary Root CA"
    - "thawte Primary Root CA - G2"
    - "thawte Primary Root CA - G3"
    - "VeriSign Class 3 Public Primary Certification Authority - G4"
    - "VeriSign Class 3 Public Primary Certification Authority - G5"
    - "VeriSign Universal Root Certification Authority"

[0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-06-09 18:07:38 +02:00
Daniel Golle
fd0cc72d9c oxnas: build with 8021Q VLAN support
CONFIG_VLAN_8021Q was explicitely disabled in oxnas kernel config.
Don't do that, so VLANs can be used on the target.

Fixes: dcc34574ef ("oxnas: bring in new oxnas target")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-06-09 16:47:24 +01:00
Petr Štetiar
e5aa498acb kernel: bump 5.4 to 5.4.45
Fixes CVE-2020-10757 via upstream commit df4988aa1c96 ("mm: Fix mremap
not considering huge pmd devmap").

Resolved merge conflict in the following patches:

 bcm27xx: 950-0128-gpiolib-Don-t-prevent-IRQ-usage-of-output-GPIOs.patch

Refreshed patches, removed upstreamed patch:

 generic: 751-v5.8-net-dsa-mt7530-set-CPU-port-to-fallback-mode.patch
 generic: 754-v5.7-net-dsa-mt7530-fix-roaming-from-DSA-user-ports.patch

Run tested: qemu-x86-64
Build tested: x86/64, imx6, sunxi/a53

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-09 16:59:33 +02:00
Petr Štetiar
df6a33a8d4 hostapd: update to latest Git hostap_2_9-1331-g5a8b366233f5
Bump to latest Git and refresh all patches in order to get fix for "UPnP
SUBSCRIBE misbehavior in hostapd WPS AP" (CVE-2020-12695).

 General security vulnerability in the way the callback URLs in the UPnP
 SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
 Some of the described issues may be applicable to the use of UPnP in WPS
 AP mode functionality for supporting external registrars.

Ref: https://w1.fi/security/2020-1/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-09 16:59:33 +02:00
Perry Melange
22468cc40c ramips: erx and erx-sfp: fix missing WAN interface
This partially reverts commit 5acd1ed0be ("ramips: mt7621: fix
Ubiquiti ER-X ports names and MAC addresses"), this change was discussed
in https://github.com/openwrt/openwrt/pull/2901#discussion_r407238452

With commit 5acd1ed0be ("ramips: mt7621: fix Ubiquiti ER-X ports names
and MAC addresses"), all the ports were put into the LAN bridge, with
the argument that the OEM firmware does not have a WAN port enabled.  In
the default OEM setup, all of the ports except eth0 are dead and eth0 is
set to a static IP address without providing DHCP services when
connected.  It is only after the wizard has been run that eth0 becomes
the WAN port and all the rest of the ports belong to LAN with DHCP
enabled.

Having all of the ports set to the LAN bridge does not mirror the default
OEM setup.  To accomplish that, then only eth0 would be in the LAN bridge.
But this is not the expected behaviour of OpenWrt.

Therefore this proposal to set eth0 to WAN and eth1-N to LAN provides
the expected behaviour expected from OpenWrt, maintains the current
documentation as up-to-date, and does not require the user to manually
detach eth0 from the LAN bridge, create the WAN(6) interface(s), and set
eth0 to the WAN(6) interface(s).

Fixes: 5acd1ed0be ("ramips: mt7621: fix Ubiquiti ER-X ports names and MAC addresses")
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
[commit subject and description tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-09 16:59:33 +02:00
Joseph C. Lehner
0a73c61cb9 mkchkimg: use higher version code
This patch changes the version code of the image header
from `1.1.99_0.0.0.0` to `99.99.99_99.99.99.99`. This
is neccessary on some devices where the stock firmware
checks the version field, possibly preventing third-party
firmware from being installed.

Reviewed-by: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
2020-06-09 16:59:33 +02:00
Kevin Darbyshire-Bryant
68b94f0fb4 umdnsd: update to latest git HEAD
d13290b Fix advertised IPv6 addresses

Don't just serve link-local addresses via mdns, offer all.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-06-08 20:16:17 +01:00
Stijn Tintel
8a858363b0 hostapd: silence rm
When bringing up wifi the first time after boot, these warnings appear:

netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.psk': No such file or directory
netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.vlan': No such file or directory

Silence them by adding the "-f" option to rm.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
2020-06-08 08:59:02 +03:00
John Crispin
c37487a63d mediatek: fix image/mt7622.mk
Signed-off-by: John Crispin <john@phrozen.org>
2020-06-07 20:59:39 +02:00
Álvaro Fernández Rojas
6fca1646dd bcm63xx: bcm6328: switch to upstream boot sel patch
BCM6328 boot selection fix has been upstreamed.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-06-07 20:26:17 +02:00
Daniel González Cabanelas
ff2c96333f bcm63xx: add support for the Sercomm H500-s
Sercomm H500-s is an xDSL dual band wireless router based on Broadcom
BCM63167 SoC.

Hardware:
   SoC:          Broadcom BCM63167
   CPU:          BMIPS4350 V8.0, 400 MHz, 2 cores
   Flash:        NAND 128 MiB
   RAM:          DDR3 128 MiB
   Ethernet:     4x 10/100/1000 Mbps
   Switch:       BCM53134S
   Wireless:     802.11b/g/n: BCM435f (integrated)
                 802.11ac:    Quantenna QT3740BC (onboard SoC)
   USB:          1x 2.0
   LEDs/Buttons: 11x / 2x

Flash instruction, web UI:
  1. Reset to defaults using the reset button if the admin password is
     unknown
  2. Login into the web UI as admin.
     Address:  http://192.168.0.1
     User:     admin
     Password: VF-ESVodafone-H-500-s or l033i-h500s
  3. Go to Settings -> Firmware Update, and select the Openwrt factory
     firmware
  4. Update the firmware.
  5. Wait until it finish, the device will reboot with Openwrt installed
     on the alternative image partitions keeping the stock firmware in
     the former.

Notes:
  - The patch also adds support for the lowi version. Only the factory
    firmware is different.
  - The integrated Wifi in the Broadcom Soc isn't still supported.
  - The Quantenna 802.11ac wifi works ok, but needs to be configured with
    the Quantenna client application. It can't be configured with Luci
    nor any iw command since it's a separated subsystem linked via
    ethernet.
  - The BCM53134S external switch is managed via MDIO which isn't
    supported in this target. Therefore it will behave as a dumb switch.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
2020-06-07 20:26:17 +02:00
Álvaro Fernández Rojas
9eb9d0baa0 bcm63xx: image: support device-specific load address
Some CFEs are located at the address currently used for relocation and lzma
loader load address, so we need to provide a way to override it.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-06-07 20:26:17 +02:00
Daniel González Cabanelas
27c20a1ef5 bcm63xx: image: don't add the CFE to the sercomm factory
There is no need to include the CFE bootloader in the Sercomm factory
images.

There might be a case when this could be useful:
  - We are running the stock firmware on the first Sercomm image
  - The second partition storing the botloader was erased (unlikely)
Even in this case flashing an image without a bootlader is harmless.

Don't include the bootloader in the factory image creation and rid of the
risk of flashing factory images with an untested bootloader partition.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
2020-06-07 20:26:17 +02:00
Daniel González Cabanelas
598ba5b169 bcm63xx: kernel: add BCM63167 cpuid variant
The BCM63167 is a BCM63268 SoC with a different physical packaging.

Add the CPU ID to allow supporting routers with this SoC (i.e Sercomm
H500-s)

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
2020-06-07 20:26:17 +02:00
Álvaro Fernández Rojas
66f7062160 bcm63xx: vr-3032u: add missing compatible property
SoC is a BCM63168.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-06-07 20:26:17 +02:00
Álvaro Fernández Rojas
57dce7c8f3 bcm63xx: vg-8050: add missing compatible property
SoC is a BCM63169.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-06-07 20:26:17 +02:00
John Crispin
ad39d06df7 mediatek: add mt7531 DSA support
Signed-off-by: John Crispin <john@phrozen.org>
2020-06-07 19:10:51 +02:00
John Crispin
f72a2b004c mediatek: add bpi-r64 emmc support
Signed-off-by: John Crispin <john@phrozen.org>
2020-06-07 17:53:37 +02:00
John Crispin
55b97b6885 mediatek: make emmc image generation work on mt7622
Signed-off-by: John Crispin <john@phrozen.org>
2020-06-07 17:52:21 +02:00
John Crispin
127ad76311 mediatek: switch over to extended upstream eip97 driver
Signed-off-by: John Crispin <john@phrozen.org>
2020-06-07 17:52:21 +02:00
Sungbo Eo
3559b46b62 mediatek: tidy up image subtarget Makefiles
- sort device recipes alphabetically
- adjust board name of ELECOM WRC-2533GENT
- harmonize line wrapping

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[rebased]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-07 15:23:16 +02:00
Stijn Tintel
25787e002b bcm27xx-gpu-fw: bump to most recent good version
This updates to the last firmware version before the switch to building
from the common firmware branch, which introduces various issues.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-06-07 10:26:54 +03:00
Stijn Tintel
afdc413d9d Revert "bcm27xx-gpu-fw: update to latest version"
This reverts commit 9e467a764b.

The Raspberry Pi firmware recently switched to building from the common
firmware branch. This introduces changes in the core clock handling,
causing various issues.

E.g. enable_uart=1 no longer fixes the core clock frequency to 250MHz.
When the disable-bt DT overlay is not loaded, the core clock frequency
is increased to 400MHz. As a result, the UART baud rate is no longer
correct, and this causes garbled serial console, or communication
problems with HATs that use the UART.

As a workaround, the core clock could be fixed to 250MHz by adding
'core_freq=250' in /boot/config.txt, but as there appear to be other
issues than just the UART being broken, the safer bet is to revert the
firmware for now.

Upstream bug: https://github.com/raspberrypi/firmware/issues/1376

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-06-07 10:25:50 +03:00
Stijn Tintel
050c31fa26 bcm27xx: fix unmounting /boot after sysupgrade
Due to a typo, /boot is not properly unmounted after copying the backup
file to it. Fix the typo to solve this.

Fixes: 246916ddf4 ("brcm2708: use x86's upgrade scripts for all rpi targets")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-06-07 06:00:08 +03:00
Hans Dedecker
9e7fe7faf5 netifd: update to latest git HEAD
51e9fb8 system-linux: improve handling of device rename

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-06 20:55:53 +02:00
Toke Høiland-Jørgensen
56db8e4615 kernel: Add kmod-sch-cake-virtual intermediate package
As reported in https://github.com/openwrt/packages/issues/12072, the
imagebuilder fails due to a dependency resolution error when the userspace
packages are built using a target that has a different kernel version than
that which is being run. To resolve this, add a virtual kernel package with
the conditional dependency currently used in sqm-scripts. The idea is to
move the sqm-scripts dependency to this virtual package, which hopefully
should be consistent with the actual kernel module being built.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2020-06-06 19:15:43 +01:00
Hans Dedecker
4e65838871 nghttp2: bump to 1.41.0
8f7b008b Update bash_completion
83086ba9 Update manual pages
c3b46625 Merge pull request from GHSA-q5wr-xfw9-q7xr
3eecc2ca Bump version number to v1.41.0, LT revision to 34:0:20
881c060d Update AUTHORS
f8da73bd Earlier check for settings flood
336a98fe Implement max settings option
ef415836 Revert "Add missing connection error handling"
979e6c53 Merge pull request #1459 from nghttp2/proxyprotov2
b7d16101 Add missing connection error handling
cd53bd81 Merge pull request #1460 from gportay/patch-1
e5625b8c Fix doc
c663349f integration: Add PROXY protocol v2 tests
854e9fe3 nghttpx: Always call init_forwarded_for
c60ea227 Update doc
49cd8e6e nghttpx: Add PROXY-protocol v2 support
3b17a659 Merge pull request #1453 from Leo-Neat/master
600fcdf5 Merge pull request #1455 from xjtian/long_serials
4922bb41 static_cast size parameter in StringRef constructor to size_t
aad86975 Fix get_x509_serial for long serial numbers
dc7a7df6 Adding CIFuzz
b3f85e2d Merge pull request #1444 from nghttp2/fix-recv-window-flow-control-issue
ffb49c6c Merge pull request #1435 from geoffhill/master
2ec58551 Fix receiving stream data stall
459df42b Merge pull request #1442 from nghttp2/upgrade-llhttp
a4c1fed5 Bump llhttp to 2.0.4
866eadb5 Enable session_create_idle_stream test, fix errors
5e13274b Fix typo
e0d7f7de h2load: Allow port in --connect-to
df575f96 h2load: add --connect-to option
1fff7379 clang-format-9
b40c6c86 Merge pull request #1418 from vszakats/patch-1
9bc2c75e lib/CMakeLists.txt: Make hard-coded static lib suffix optional
2d5f7659 Bump up version number to 1.41.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-06 14:11:41 +02:00
Kevin Darbyshire-Bryant
7b4877c204 kernel: sch_cake: use skb hash improve wireguard compatibility
While the other fq-based qdiscs take advantage of skb->hash and doesn't
recompute it if it is already set, sch_cake does not.

This was a deliberate choice because sch_cake hashes various parts of the
packet header to support its advanced flow isolation modes. However,
foregoing the use of skb->hash entirely loses a few important benefits:

- When skb->hash is set by hardware, a few CPU cycles can be saved by not
  hashing again in software.

- Tunnel encapsulations will generally preserve the value of skb->hash from
  before the encapsulation, which allows flow-based qdiscs to distinguish
  between flows even though the outer packet header no longer has flow
  information.

It turns out that we can preserve these desirable properties in many cases,
while still supporting the advanced flow isolation properties of sch_cake.
This patch does so by reusing the skb->hash value as the flow_hash part of
the hashing procedure in cake_hash() only in the following conditions:

- If the skb->hash is marked as covering the flow headers (skb->l4_hash is
  set)

AND

- NAT header rewriting is either disabled, or did not change any values
  used for hashing. The latter is important to match local-origin packets
  such as those of a tunnel endpoint.

The immediate motivation for fixing this was the recent patch to WireGuard
to preserve the skb->hash on encapsulation. As such, this is also what I
tested against; with this patch, added latency under load for competing
flows drops from ~8 ms to sub-1ms on an RRUL test over a WireGuard tunnel
going through a virtual link shaped to 1Gbps using sch_cake. This matches
the results we saw with a similar setup using sch_fq_codel when testing the
WireGuard patch.

Fixes: 046f6fd5daef ("sched: Add Common Applications Kept Enhanced (cake) qdisc")
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-06-05 21:03:26 +01:00
DENG Qingfang
898969636d mvebu: remove ClearFog Pro SUPPORTED_DEVICES
A direct upgrade from previous swconfig version with
incompatible settings to DSA will break the internet.
Remove SUPPORTED_DEVICES so users cannot upgrade directly.

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[rebase after Linksys rename, adjust title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-05 21:54:53 +02:00
Paul Spooren
df6f3090c4 mvebu: rename Linksys devices based on their common names
The Linksys devices in mvebu target feature a mixed naming,
where parts are based on the official product name (device
node, image; e.g. WRT3200ACM) and parts are based on the
internal code name (DTS file name, compatible, LED labels;
e.g. rango). This inconsistent naming has been perceived
as quite confusing.

A recent attempt by Paul Spooren to harmonize this naming
in kernel has been declined there. However, for us it still
makes sense to apply at least a part of these changes
locally.

Primarily, this patch changes the compatible in DTS and thus
the board name used in various scripts to have them in line
with the device, model and image names. Due to the recent
switch from swconfig to DSA, this allows us to drop
SUPPORTED_DEVICES and thus prevent seamless upgrade between
these incompatible setups.

However, this does not include the LED label rename from
Paul's initial patch: I don't think it's worth keeping the
enormous diff locally for this case, as we can implement
this much easier in 01_leds if we have to live with the
inconsistency anyway.

Signed-off-by: Paul Spooren <mail@aparcar.org>
[rebase, extend to all devices, drop DT LED changes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-05 21:54:43 +02:00
Rafał Miłecki
8c31afb978 kernel: b53: fix compilation with kernels 5.5+
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-06-05 12:42:45 +02:00
DENG Qingfang
5b9ba4a93e generic: mt7530: support adjusting EEE
Add support for adjusting EEE with ethtool

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-06-04 22:21:42 +02:00
DENG Qingfang
7c47f6601d generic: mt7530: fix roaming from DSA user ports
When a client moves from a DSA user port to a software port in a bridge,
it cannot reach any other clients that connected to the DSA user ports.
That is because SA learning on the CPU port is disabled, so the switch
ignores the client's frames from the CPU port and still thinks it is at
the user port.

Fix it by enabling SA learning on the CPU port.

To prevent the switch from learning from flooding frames from the CPU
port, set skb->offload_fwd_mark to 1 for unicast and broadcast frames,
and let the switch flood them instead of trapping to the CPU port.
Multicast frames still need to be trapped to the CPU port for snooping,
so set the SA_DIS bit of the MTK tag to 1 when transmitting those frames
to disable SA learning.

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-06-04 22:21:42 +02:00
DENG Qingfang
dc4ffaa5ab generic: fix DSA VLAN filtering
Currently enabling VLAN filtering blocks all traffic in the bridge
immediately. That is because DSA ignores all VLAN setup when VLAN
filtering is disabled, and when it is enabled, there is no VLAN entry
in the VLAN table, causing all traffic to be blocked.

Add patches to allow VLAN setup even if VLAN filtering is disabled.

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-06-04 22:21:42 +02:00
DENG Qingfang
d56d05f01f generic: mt7530: set CPU port to fallback mode
Currently, setting a bridge's self PVID to other value and deleting
the default VID 1 renders untagged ports of that VLAN unable to talk to
the CPU port:

	bridge vlan add dev br0 vid 2 pvid untagged self
	bridge vlan del dev br0 vid 1 self
	bridge vlan add dev sw0p0 vid 2 pvid untagged
	bridge vlan del dev sw0p0 vid 1
	# br0 cannot send untagged frames out of sw0p0 anymore

That is because the CPU port is set to security mode and its PVID is
still 1, and untagged frames are dropped due to VLAN member violation.

Set the CPU port to fallback mode so untagged frames can pass through.

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-06-04 22:21:42 +02:00
Felix Fietkau
81b59efefd ramips/mediatek: select kmod-mt7615-firmware where kmod-mt7615e is selected
The new mt76 version splits out the firmware, because the driver can also be
used for MT7663/MT7613

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-04 21:52:57 +02:00
Felix Fietkau
2dd26fda16 kernel: fix portability issue with perf on linux 5.4
Remove dependencies on core kernel headers in host tools used to build perf,
which break on any non-linux system

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-04 21:52:57 +02:00
John Crispin
5aa2ddd0d6 hostapd: add support for wifi-station and wifi-vlan sections
This patch adds support for 2 new uci sections.

config wifi-vlan
	# iface is optional. if it is not defined the vlan will apply
	# to all interfaces
        option iface	default_radio0
        option name	guest
        option vid	100
        option network	guest

config wifi-station
	# iface is optional. if it is not defined the station will apply
	# to all interfaces
        option iface	default_radio0
        # mac is optional. if it is not defined it will be a catch all
	# for any sta using this key
	option mac	'00:11:22:33:44:55'
        # vid is optional. if it is not defined, the sta will be part of
	# the primary iface.
	option vid	100
        option key	testtest

With this patch applied it is possible to use multiple PSKs on a single BSS.

Signed-off-by: John Crispin <john@phrozen.org>
2020-06-04 13:36:37 +02:00
John Crispin
303b463394 netifd: update to latest HEAD
db275e1 interface-ip: fix build on non-linux systems
3392046 system-dummy: fix missing return
a56b457 netifd: wireless: add support for tracking wifi-station sections
4ce33ce netifd: wireless: add support for tracking wifi-vlan sections

Signed-off-by: John Crispin <john@phrozen.org>
2020-06-04 13:36:37 +02:00
DENG Qingfang
712e00877d mvebu: rename Linksys Mamba WAN port
Rename it to wan to match Linksys Armada 385 series

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-06-03 20:34:15 +02:00
DENG Qingfang
5a49cbf6c4 mvebu: remove swconfig package
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-06-03 20:34:15 +02:00
DENG Qingfang
24410595e9 generic: backport mv88e6xxx port mirroring support
Backport port mirroring support for mv88e6xxx

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-06-03 20:34:15 +02:00
DENG Qingfang
be309bfd74 mvebu: drop 06_set_iface_mac preinit script
MAC address is set in board.d script
Interface swapping is not needed anymore as switching to DSA breaks
previous configuration anyway

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-06-03 20:34:15 +02:00
DENG Qingfang
9b34ea4f62 mvebu: use ucidef to set up MAC address
Use ucidef to set up MAC address instead of preinit script

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-06-03 20:34:15 +02:00
DENG Qingfang
4149d2b91c mvebu: use eth0 as DSA CPU port for Linksys WRT
eth0 has HW MAC address while eth2 does not.
Use eth0 instead so we don't have to set LAN MAC manually.
Disable unused eth2, until multi CPU port is supported.

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-06-03 20:34:14 +02:00