Refresh patches
Upstream commits since last bump:
3b6eb19 Log DNSSEC trust anchors at startup.
f3e5787 Trivial comment change.
c851c69 Log failure to confirm an address in DHCPv6.
a3bd7e7 Fix missing fatal errors when parsing some command-line/config options.
ab5ceaf Document the --help option in the french manual
1f2f69d Fix recurrent minor spelling mistake in french manual
f361b39 Fix some mistakes in french translation of the manual
eb1fe15 When replacing cache entries, preserve CNAMES which target them.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 1e93ef8498)
As dnsmasq is started earlier than netifd usage of network.sh functions
at boottime will fail; therefore don't call at boottime the functions
which construct the dhcp pool/relay info.
As interface triggers are installed the dhcp pool/relay info will be
constructed when the interface gets reported as up by netifd.
At the same time also register interface triggers based on DHCP relay
config.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 2336b942b3)
Refresh patches and backport upstream to current HEAD:
a997ca0 Fix sometimes missing DNSSEC RRs when DNSSEC validation not enabled.
51e4eee Fix address-dependent domains for IPv6.
05ff659 Fix stupid infinite loop introduced by preceding commit.
db0f488 Handle some corner cases in RA contructed interfaces with addresses changing interface.
7dcca6c Warn about the impact of cache-size on performance.
090856c Allow zone transfer in authoritative mode whenever auth-peer is specified.
cc5cc8f Sane error message when pcap file header is wrong.
c488b68 Handle standard and contructed dhcp-ranges on the same interface.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit fbf475403b)
This fixes kernel hang when booting on BCM4718A1 (& probably BCM4717A1).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4c1aa64b4d)
The most important is probably regression fix in handling platform
NVRAM. That bug stopped hardware from being properly calibrated breaking
e.g. 5 GHz for Netgear R8000.
Other than that it triggers memory dumps when experiencing firmware
problems which is important for debugging purposes.
Fixes: 2811c97803 ("mac80211: backport brcmfmac firmware & clm_blob loading rework")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b26214adb5)
40e0931 libubus: pass an empty UBUS_ATTR_DATA block if msg is NULL on invoke
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 7316515891)
Reduces .ipk size on MIPS from 41.6k to 41.1k
Changes:
30463d0 zones: add interface/subnet bound LOG rules
0e77bf2 options: treat time strings as UTC times
d2bbeb7 firewall3: make reject types selectable by user
aa8846b ubus: avoid dumping interface state with NULL message
Cherry picked and squashed from commits:
a3f2451fba firewall: update to latest git HEAD
433d71e73e fw3: update to latest git HEAD
ef96d1e34a firewall: compile with LTO enabled
1e83f775a3 firewall3: update to latest git HEAD
3ee2c76ae0 firewall: update to latest git HEAD
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
884be45 libubus: check for non-NULL data before running callbacks
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit a5c3bbaf56)
This watchdog script tries to re-resolve hostnames for inactive WireGuard peers.
Use it for peers with a frequently changing dynamic IP.
persistent_keepalive must be set, recommended value is 25 seconds.
Run this script from cron every minute:
echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root
Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
[bump the package release]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 20c4819c7b)
80b41cd version: bump snapshot
fe5f0f6 recieve: disable NAPI busy polling
e863f40 device: destroy workqueue before freeing queue
81a2e7e wg-quick: allow link local default gateway
95951af receive: use gro call instead of plain call
d9501f1 receive: account for zero or negative budget
e80799b tools: only error on wg show if all interfaces failk
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[Added commit log to commit description]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 57b808ec88)
* device: print daddr not saddr in missing peer error
* receive: style
Debug messages now make sense again.
* wg-quick: android: support excluding applications
Android now supports excluding certain apps (uids) from the tunnel.
* selftest: ratelimiter: improve chance of success via retry
* qemu: bump default kernel version
* qemu: decide debug kernel based on KERNEL_VERSION
Some improvements to our testing infrastructure.
* receive: use NAPI on the receive path
This is a big change that should both improve preemption latency (by not
disabling it unconditionally) and vastly improve rx performance on most
systems by using NAPI. The main purpose of this snapshot is to test out this
technique.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 4630159294)
This partly reverts ca32373c95 which lets
profiles that suppress packages to alter the package selection for all
devices of the target when building with CONFIG_TARGET_PER_DEVICE_ROOTFS.
In particular, this caused the brcm47xx Edimax PS-1208MFG profile to
disable mtd, dropbear, firewall and other essential packages for all
brcm47xx/generic builds.
To solve this problem, prevent profiles from mangling the global
DEFAULT_PACKAGES selection and restrict the supression of negated
packages to the local PACKAGE variable list only.
Fixes ca32373c95 ("target.mk: let profile remove from DEFAULT_PACKAGES")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 69ea512c62)
The WDR4900v1 uses the P1040 SoC, so the device tree pulls in the
definition for the related P1010 SoC. However, the P1040 lacks the
CAAM/SEC4 hardware crypto accelerator which the P1010 device tree
defines. If left defined, this causes the CAAM drivers (if present) to
attempt to use the non-existent device, making various crypto-related
operations (e.g. macsec and ipsec) fail.
This commit overrides the incorrect dt node definition in the included
file.
See also:
- https://bugs.openwrt.org/index.php?do=details&task_id=1262
- https://community.nxp.com/thread/338432#comment-474107
Signed-off-by: Tim Small <tim@seoss.co.uk>
(cherry picked from commit e97aaf483c)
iproute2's tc was updated to support the recently upstreamed cake qdisc.
Backport this canonical support from upstream into iproute2 v4.16
There is no kernel kmod/userspace tc ABI change in this release from the
previous package bump, so everyone can breath a sigh of relief.
This is largely a code style change, the exception to prove the rule:
option 'autorate_ingress' has been changed to 'autorate-ingress' to fit
in with upstream option naming expectations.
No openwrt package (e.g. sqm-scripts) has knowledge of
'autorate_ingress' thus only users who made their own scripts or used
it within the 'dangerous configuration' options of sqm-scripts will be
affected.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The original vendor's driver programmed the dma controller's
AHB HPROT values to enable bufferable, privileged mode. This
along with the "same priorty for both channels" fixes the
freezes according to @takimata, @And.short, that have been
reported on the forum by @ticerex.
Furtheremore, @takimata reported that the patch also improved
the performance of the HDDs considerably:
|<https://forum.lede-project.org/t/wd-mybook-live-duo-two-disks/16195/55>
|It seems your patch unleashed the full power of the SATA port.
|Where I was previously hitting a really hard limit at around
|82 MB/s for reading and 27 MB/s for writing, I am now getting this:
|
|root@OpenWrt:/mnt# time dd if=/dev/zero of=tempfile bs=1M count=1024
|1024+0 records in
|1024+0 records out
|real 0m 13.65s
|user 0m 0.01s
|sys 0m 11.89s
|
|root@OpenWrt:/mnt# time dd if=tempfile of=/dev/null bs=1M count=1024
|1024+0 records in
|1024+0 records out
|real 0m 8.41s
|user 0m 0.01s
|sys 0m 4.70s
|
|This means: 121 MB/s reading and 75 MB/s writing!
|
|[...]
|
|The drive is a WD Green WD10EARX taken from an older MBL Single.
|I repeated the test a few times with even larger files to rule out
|any caching, I'm still seeing the same great performance. OpenWrt is
|now completely on par with the original MBL firmware's performance.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Restarting service sysctl echos multiple errors like:
sysctl: -e: No such file or directory
After the first filename, all remaining arguments are treated
as files.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
procd needs processes to stay in foreground to remain under its gaze and
control. Failure to do so means service stop commands fail to actually
stop the process (procd doesn't think it's running 'cos the process has
exited already as part of its forking routing)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 9d5a246930)
Drop the parallel-unsafe custom Build/dtb macro and use the .dtb artifacts
produced by the generic image build code.
Also remove unused .dtb references in the mt7623 subtarget.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 8194f9ef4a)
First of all lengths should be compared after checking all blocks for
being good/bad. It's because requested length may differ from a final
one if there were some bad blocks.
Secondly it makes sense to also compare crc32 since we already have a
new one calculated.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 82498a7f7a)
Reading MTD data with (p)read doesn't return any error when accessing
bad block. As the result, with current code, CRC32 covers "data" stored
in bad blocks.
That behavior doesn't match CFE's one (bootloader simply skips bad
blocks) and may result in:
1) Invalid CRC32
2) CFE refusing to boot firmware with a following error:
Boot program checksum is invalid
Fix that problem by checking every block before reading its content.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 0f54489f75)
Bump to the latest cake recipe.
This backports tc class support to kernel 4.9 and other than conditional
kernel compilation pre-processor macros represents the cake that has
gone upstream into kernel 4.19. Loud cheer!
Fun may be had by changing cake tin classification for packets on
ingress. e.g.
tc filter add dev ifb4eth0 parent 800b: protocol ip u32 match \
ip dport 6981 0xffff action skbedit priority 800b:1
Where 800b: represents the filter handle for the ifb obtained by 'tc
qdisc' and the 1 from 800b:1 represents the cake tin number. So the
above example puts all incoming packets destined for port 6981 into the
BULK (lowest priority) tin.
f39ab9a Obey tin_order for tc filter classifiers
1e2473f Clean up after latest backport.
82531d0 Reorder includes to fix out of tree compilation
52cbc00 Code style cleanup
6cdb496 Fix argument order for NL_SET_ERR_MSG_ATTR()
cab17b6 Remove duplicate call to qdisc_watchdog_init()
71c7991 Merge branch 'backport-classful'
32aa7fb Fix compilation on Linux 4.9
9f8fe7a Fix compilation on Linux 4.14
ceab7a3 Rework filter classification
aad5436 Fixed version of class stats
be1c549 Add cake-specific class stats
483399d Use tin_order for class dumps
80dc129 Add class dumping
0c8e6c1 Fix dropping when using filters
c220493 Add the minimum class ops
5ed54d2 Start implementing tc filter/class support
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit c729c43b39)
The previous callback code was fragile, dependent on some UCI callback
bugs and side-effects now fixed in master commit 73d8a6ab.
Update scripts to use callbacks where appropriate and necessary, while
using normal UCI config parsing for all else. This results in smaller,
simpler, more robust code. Use callbacks in generate.sh to only process
'interface' defaults and the varying entries for 'reclassify', 'default'
and 'classify' sections. Also switch qos-stat to use non-callback UCI
handling.
The current changes work independently of 73d8a6ab (i.e. both before and
after), and are consistent with UCI config parsing documentation.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
There are several long-standing issues present in the UCI shell API as
documented in https://wiki.openwrt.org/doc/devel/config-scripting. They
relate both to high-level, user-defined callback functions used to
process UCI config files, and also to low-level functions used within
scripts generally.
The related problems have been encountered now and in the past, e.g.
https://forum.openwrt.org/viewtopic.php?id=54295, and include:
a) UCI parsing option() function and user-defined option_cb() callbacks
being erroneously called during processing of "list" config file entries;
b) normal usage of the low-level config_set() unexpectedy calling any
defined option_cb() if present; and
c) handling of the list_cb() not respecting the NO_CALLBACK variable.
Root causes include a function stack "inversion", where the low-level
config_set() function incorrectly calls the high-level option() function,
intended only for processing the "option" keyword of UCI config files.
This change addresses the inversion and other issues, making the option
handling code more consistent and smaller, and simplifying developers'
usage of UCI callbacks.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Starting with 4.14, the "amcc,dwc-otg" needs to be used
in order to get the usb-otg to work.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 12b80f1cab)
Fix broken DHCPv6 servers which provide the server unicast option but
do not reply on DHCPv6 renew messages directed to the IPv6 address
contained in the server unicast option which results in broken IPv6
connectivity.
67ae6a7 odhcp6c: add option to ignore Server Unicast option
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This commit adds the get_status_led method to diag.sh, which sets the
boot-led as status-led for scripts using this method to get a
status-led.
This method is used platform-independent in downstream project gluon to
set the LED used to indicate the config-mode.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 4fc005197a)
On Debian, busybox does have a time applet, but it does not support the -f
flag. Catch this in prereq check to give users to proper error message.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit b123921a92)
An incorrect variable name was referenced in KERNEL_FILE_DEPENDS, leading
to the omission of the backport-* patch dirs in the generation of the
prepared stamp name.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 36fa1bbf6f)
Backport hot off the press upstream netlink patch. Fixes stats display
from CAKE qdisc on MIPS allowing us to bump CAKE to latest version.
The gen_stats facility will add a header for the toplevel nlattr of type
TCA_STATS2 that contains all stats added by qdisc callbacks. A reference
to this header is stored in the gnet_dump struct, and when all the
per-qdisc callbacks have finished adding their stats, the length of the
containing header will be adjusted to the right value.
However, on architectures that need padding (i.e., that don't set
CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS), the padding nlattr is added
before the stats, which means that the stored pointer will point to the
padding, and so when the header is fixed up, the result is just a very
big padding nlattr. Because most qdiscs also supply the legacy TCA_STATS
struct, this problem has been mostly invisible, but we exposed it with
the netlink attribute-based statistics in CAKE.
Fix the issue by fixing up the stored pointer if it points to a padding
nlattr.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 3698b34a00)
- remove misaligned custom buffer allocation in the NAND driver
- remove broken bounce buffer implementation for 16-byte align
Let the MTD core take care of both
Fixes messages like these:
[ 102.820541] Data buffer not 16 bytes aligned: 87daf08c
Signed-off-by: Felix Fietkau <nbd@nbd.name>
08719b1 mt76: use a per rx queue page fragment cache
4d2c565 mt76x2: reset HW before probe
f622975 mt76x2: fix CCK protection control frame rate
6780375 mt76x2: add frame protection support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Using the NAPI or netdev frag cache along with other drivers can lead to
32 KiB pages being held for a long time, despite only being used for
very few page fragment.
This can happen if the ethernet driver grabs one or two fragments for rx
ring refill, while other drivers use (and free up) the remaining
fragments. The 32 KiB higher-order page can only be freed once all users
have freed their fragments, which only happens after the rings of all
drivers holding the fragments have wrapped around.
Depending on the traffic patterns, this can waste a lot of memory and
look a lot like a memory leak
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Allow enabling/commenting/disabling each feed individually by using a
tristate config symbol.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 16035a7dd3)
FEEDS_ENABLED and FEEDS_DISABLED are derived from FEEDS_AVAILABLE, not
FEEDS_INSTALLED.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 6dac434c00)
Setting CONFIG_FEED_... symbols combined two different effects: Disabling
a feed in the generated opkg distfeeds.conf, and omitting the feed from
PACKAGE_SUBDIRS.
It does not make sense to omit built feeds from PACKAGE_SUBDIRS, as it will
only lead to packages that can be enabled in .config (and that will
consequently be built) not to be found during rootfs creation, breaking
the build. All feeds that packages are emitted to should simply always be
added to PACKAGE_SUBDIRS instead; the CONFIG_FEED_... only configure the
generated distfeeds.conf like this.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 9af22f1ac9)
The src-dummy method does not actually obtain any feed, but it can be used
to insert addtional entries into the opkg distfeeds.conf. This is useful to
make package feeds available to users without requiring the corresponding
source feeds to be available during build.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 6bdd5d8459)
The line that produces factory image was accidentally left by me while
testing before inital commit.
I came to the conclusion that flashing from OEM firmware does not work
(seems to share this behavior with other tplinks based on mt7628).
I have not done any further analysis, as I was unable to open the
case and attach a serial port (too much glue). Maybe i will try once
more.
So the way to do initial flashing (or un-bricking) is to use the
tftp-recover image. It is possible to revert to OEM firmware with tftp
recovery; in this case the first 512 bytes the image file need to be
cut off.
Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com>
[add explaination provided via mail as commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Refreshed all patches
Reworked patches to match upstream:
335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch
Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
