This commit adds u-boot support for the NanoPi R3S.
Signed-off-by: Kevin Zhang <kevin@kevinzhang.me>
Link: https://github.com/openwrt/openwrt/pull/16738
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Drop the patch to re-add the vlan_hdr struct
because it is required now to build xdp-filter.
Signed-off-by: Til Kaiser <mail@tk154.de>
Link: https://github.com/openwrt/openwrt/pull/16798
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add INET diag socket monitoring interface module for MultiPath TCP.
It allows using native Linux socket diagnostic tools such as 'ss' for
Multipath TCP connections.
Co-authored-by: Rodrigo B. de Sousa Martins <rodrigo.sousa.577@gmail.com>
Signed-off-by: sKy King <29267720+sKyissKy@users.noreply.github.com>
Link: https://github.com/openwrt/openwrt/pull/12884
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fixes the following security problem:
* CVE-2024-49195: Fix a buffer underrun in mbedtls_pk_write_key_der()
when called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled, and
the output buffer is smaller than the actual output. Fix a related
buffer underrun in mbedtls_pk_write_key_pem() when called on an opaque
RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled and MBEDTLS_MPI_MAX_SIZE is
smaller than needed for a 4096-bit RSA key.
Link: https://github.com/openwrt/openwrt/pull/16768
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
It seems some package (sstp-client) makes use of pppd.pc file to detect
the ppp version as 2.5.0 changed some API.
Also install the .pc file to permit the version detection of pppd.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Supports reading the same parameters currently being used by iwinfo.
Preparation for replacing iwinfo with a rewrite in ucode.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This allows to obtain detailed diagnostic information about the DSL
connection from the modem. The script is copied from the corresponding
packages for VDSL modems.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20241019174041.1281093-4-jan@3e8.eu/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is a preparation for adding support for dsl_cpe_pipe.sh with a
similar set of commands compared to the VDSL variant.
The configuration is simplified by using the "--enable-model" option.
Other options are chosen to match the VDSL variant, while also making
sure that previously enabled options stay like that. However, ReTx
options stay disabled, because of incompatibility with the ubus code.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20241019174041.1281093-3-jan@3e8.eu/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is a preparation for adding support for dsl_cpe_pipe.sh with a
similar set of commands compared to the VDSL variant.
The configuration is simplified by using the "--enable-model" option.
Other options are chosen to match the VDSL variant, while also making
sure that previously enabled options stay like that. However, ReTx
options stay disabled, because of incompatibility with the ubus code.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20241019174041.1281093-2-jan@3e8.eu/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
65bb027 CMakeLists.txt: bump minimum cmake version
252a9b0 libubus: Make UBUS_* macros work cleanly in C++
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit adds the build date during compilation to the os-release file.
This information can then be used later to output this via the the ubus,
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Link: https://github.com/openwrt/openwrt/pull/15987
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
don't use configuration directories which are relative
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for handling of DNS RR (Resource Records) requests, which
are needed for the HTTPS Type 65 records, introduced to support the
DNS-based Service Discovery (DNS-SD) mechanism for HTTPS services and
defined in the RFC 9460 (9.1. Query Names for HTTPS RRs).
Ref: https://forum.openwrt.org/t/resolving-query-type-65-to-local-address-for-ios-clients-in-dnsmasq/179504/11
uci config usage:
config dnsrr
option rrname 'foo.example.com'
option rrnumber '65'
option hexdata '00'
hexdata is optional.
Available since dnsmasq 2.62 (for around 12 years at this point).
Note: dnsmasq dns-rr are not affected by filter-rr
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Tested-by: Vladimir Kochkovski <ask@getvladimir.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Prevents problems when variables contain spaces.
Tested on: 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Users can now freely add new dnsmasq parameters (i.e. a whole config)
via extraconf. This means users can add their own parameters without
changes to init or GUI.
Co-opted the default of confdir also to include the instance name.
This way each instance gets its own .d directory (and separate instances
do not all inherit the same 'extraconftext').
Usage:
config dnsmasq 'config'
...
option extraconftext 'cache-size=2048\nlog-async=20'
config dnsmasq 'blah'
...
option extraconftext 'cache-size=128\nlog-async=5'
or even (which would produce staggered output but still valid)
config dnsmasq 'blah'
...
option extraconftext 'cache-size=128
log-async=5'
See https://forum.openwrt.org/t/add-dnsmasq-custom-options-field-in-luci-gui/193184
Tested on: 23.05.3, 22.03.6
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Tested-by: Vladimir Kochkovski <ask@getvladimir.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
dnsmasq v2.90 introduced `--cache-rr=<rrtype>[,<rrtype>...]`.
uci config usage:
config dnsmasq
...
option cache_rr 'AAAA,CNAME,NXDOMAIN,SRV,...'
The dnsmasq instance internally builds a linked list of RR to cache
from the individually supplied parameters, so it's allowed to provide
multiples:
... --cache-rr=AAAA --cache-rr=A ...
See https://forum.openwrt.org/t/resolving-query-type-65-to-local-address-for-ios-clients-in-dnsmasq/179504
Tested on: 23.05.2
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Tested-by: Vladimir Kochkovski <ask@getvladimir.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
dnsmasq v2.90 introduced `--filter-rr=<rrtype>[,<rrtype>...]`.
uci config usage:
config dnsmasq
...
option filter_rr 'AAAA,CNAME,NXDOMAIN,SRV,...'
The dnsmasq instance internally builds a linked list of RR to filter
from the individually supplied parameters, so it's harmless to provide
synonyms:
... --filter-A --filter-rr=A ...
See https://forum.openwrt.org/t/resolving-query-type-65-to-local-address-for-ios-clients-in-dnsmasq/179504/23
Tested on: 23.05.2
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Tested-by: Vladimir Kochkovski <ask@getvladimir.com>
Link: https://github.com/openwrt/openwrt/pull/14975
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch allows the use of SAE when using PPSK after
https://w1.fi/cgit/hostap/commit/?id=fcbdaae8a52e542705a651ee78b39b02935fda20
added support for it.
It also implements a fix so that this option works with SAE. The reason this
doesn't work out of the box is because OpenWRT deviates from hostapd defaults
by setting `sae_pwe` option to 2 which makes this mode not function properly
(results in every auth attempt being denied).
That issue was addressed by not overriding hostapd's default for the `sae_pwe`
option when the PPSK option is in use. This should be fine because hostapd's
test cases specifically test this mode with the default SAE parameters. See:
https://w1.fi/cgit/hostap/commit/?id=c34b35b54e81dbacd9dee513b74604c87f93f6a3
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/16343
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Allows removal of the remove function by letting devm handle everything.
Avoids gotos as well.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16507
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update package to the latest stable version and drop upstreamed patches:
0001-arm-mvebu-turris_omnia-Enable-LTO-by-default-on-Turr.patch
100-mvebu-armada-8k-respect-CONFIG_DISTRO_DEFAULTS.patch
Other patches automatically refreshed (line numbers only)
Add custom config flags to disable building efimkcapsule by default.
This introduces a dependency to GnuTLS which is not present and we do
not need it here.
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
Link: https://github.com/openwrt/openwrt/pull/16676
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
From the upstream repo:
Instead of assuming only one register is used, track all 16 regs
individually.
This avoids need for the 'PREV_PAYLOAD' hack and also avoids the need to
clear out old flags:
When we see that register 'x' will be written to, that register state is
reset automatically.
Existing dissector decodes
ip saddr 1.2.3.4 meta l4proto tcp
... as
-s 6.0.0.0 -p tcp
iptables-nft -s 1.2.3.4 -p tcp is decoded correctly because the expressions
are ordered like:
meta l4proto tcp ip saddr 1.2.3.4
|
... and 'meta l4proto' did clear the PAYLOAD flag.
The simpler fix is:
ctx->flags &= ~NFT_XT_CTX_PAYLOAD;
in nft_parse_cmp(), but that breaks dissection of '1-42', because
the second compare ('cmp lte 42') will not find the
payload expression anymore.
This commit fixes#11169 and openwrt/packages#22727, and potentially anyone that uses iptables-nft legacy support.
Signed-off-by: Rodrigo B. de Sousa Martins <rodrigo.sousa.577@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16504
[Added patch header]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The already existing uci function ucidef_set_network_device_path
can be used to specify a unique PCI address to name a network interface.
However, I noticed that some NIC ports share the same PCI address
but are still distinguishable by the dev_port value of the network
interface's sysfs entry.
This commit adds a new uci function ucidef_set_network_device_path_port,
which is similar to ucidef_set_network_device_path but takes an
additional argument where the user can specify the dev_port value.
The internal function preinit_config_port loops through
all network interfaces at the given PCI address and chooses the one
where the dev_port value matches.
This was tested on an x86_64 device using a Mellanox ConnectX-3 card.
Signed-off-by: Til Kaiser <mail@tk154.de>
Link: https://github.com/openwrt/openwrt/pull/16560
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Set the boot flag for the igc, mlx4-core, and mlx5-core network device drivers
to load them at a more early stage of the boot process.
This is required for network drivers whose network interface PCI paths are set
via ucidef_set_network_device_path inside the 02_network script since it is
called after kernel modules are loaded from modules-boot.d but before they are
loaded from the modules.d directory.
Signed-off-by: Til Kaiser <mail@tk154.de>
Link: https://github.com/openwrt/openwrt/pull/16560
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Upstream patch updated to fix kernel 6.6 compilation. It was also split
up into 5. Do the same here.
The patches are taken from this upstreasm PR:
https://github.com/kaloz/mwlwifi/pull/413
Renamed other patches so as to not overlap.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15452
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for NEC Aterm series devices based on QCA9558.
The following devices have almost the same hardware, so the same U-Boot
binary can be used for them.
- NEC Aterm WG1400HP
- NEC Aterm WG1800HP
- NEC Aterm WG1800HP2
By the way, on NetBSD-based NEC Aterm devices, only 0x20000 (128KiB) is
available for a bootloader on the flash chip and that limitation is too
small for mainline U-Boot with the default options. So many
features/commands not required for booting OpenWrt and recoverying are
disabled on that devices, like the followings.
- networking support
- FIT support
- all decompression methods support
etc...
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16297
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add initial support for Qualcomm Atheros QCA955x series SoCs.
This support was based on the QCA956x support, QSDK, GPL tar of TP-Link
Archer C5 v1.20.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16297
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add Realtek RTL8192DU support to the rtlwifi package.
The RTL8192DU chipset is a 802.11a/b/g/n chip which supports 2.4 and 5 GHz at
up to 40 MHz channel bandwidth, three hardware variations exist:
* single MAC/ single PHY
* single MAC/ double PHY
* double MAC/ double PHY
This driver has been successully tested on a single MAC/ single PHY variant
0bda:8194 (DeLock 88540, https://www.delock.com/produkt/88540/merkmale.html)
rtl_usb: rx_max_size 15360, rx_urb_num 8, in_ep 1
rtl8192du: Driver for Realtek RTL8192DU WLAN interface
rtl8192du: Loading firmware file rtlwifi/rtl8192dufw.bin
ieee80211 phy0: Selected rate control algorithm 'rtl_rc'
usbcore: registered new interface driver rtl8192du
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor
* mesh point
* P2P-client
* P2P-GO
interface combinations are not supported
The new rtlwifi based driver rtl8192du has been merged in kernel v6.11.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Link: https://github.com/openwrt/openwrt/pull/16721
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit packages the newly merged firmware (v39.0) for Realtek RTL8192DU
802.11a/b/g/n USB wireless cards.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Link: https://github.com/openwrt/openwrt/pull/16721
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Increase the default system log buffer size option
in /etc/config/system from 64 kB to 128 kB.
64 kB is barely enough for the boot items of a modern router
with a few add-on packages, but any subsequent logging will
quickly cause the early boot items to get overwritten in the
round-robin log buffer. Double the buffer size to 128 kB.
(Note: built-in default in ubox logd itself is still 16 kB)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/16723
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The swconfig-based b53 driver for the BCM53128 switch stopped working
after commits b2cfed48f6 (Revert "swconfig: fix Broadcom b53 support")
and e4e410733f (kernel: export switch_generic_set_link() symbol). This
rendered the 8 LAN ports of the EdgeSwitch 8XP non-functional, so the
image compilation for the device was disabled (5a1d7d8c1b).
This commit adds the kmod-dsa-b53-mdio and kmod-dsa-b53 packages
with the upstream B53 DSA driver, replacing the swconfig-based
kmod and kmod-switch-bcm53xx-mdio downstream ones that are not used by
any other device.
The 8 LAN ports of the EdgeSwitch 8XP are usable again. The 02_network
init script has been updated with the new DSA interfaces lan1 .. lan8.
Image building has been reenabled for the device, adding the usual DSA
incompatibility notice.
Tested on a Ubiquiti EdgeSwitch 8XP.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Link: https://github.com/openwrt/openwrt/pull/11680
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
ffba75c9cd8f iptables: free xtables_match if found in need_protomatch
bf1d5fdf6234 iptables: fix regression with unintended free in need_protomatch
1aef9791a21e defaults.c: fix ipv6 flow offloading
Signed-off-by: Felix Fietkau <nbd@nbd.name>