This applies an upstream patch that fixes a OPENSSL_config() bug that
causes SSL initialization to fail when the openssl.cnf file is not
found. The config file is not installed by default.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
4a9d2005 Update manual pages
acf6a922 Bump up version number to 1.38.0, LT revision to 31:3:17
4ff45821 Update AUTHORS
42dce01e Merge branch 'nghttpx-fix-backend-selection-on-retry'
a35059e3 nghttpx: Fix bug that altered authority and path affect backend selection
5a30fafd Merge branch 'nghttpx-fix-chunked-request-stall'
dce91ad3 Merge branch 'nghttpx-dont-log-authorization'
2cff8b43 nghttpx: Fix bug that chunked request stalls
be96654d nghttpx: Don't log authorization request header field value with -LINFO
ce962c3f Merge branch 'update-http-parser'
f931504e Update http-parser to v2.9.1
d978f351 Fix bug that on_header callback is still called after stream is closed
ec519f22 Merge pull request #1270 from baitisj/master
e8b213e3 Bump up version number to 1.38.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Enable engine support by default. Right now, some packages require
this, so it is always enabled by the bots. Many packages will compile
differently when engine support is detected, needing engine symbols from
the libraries.
However, being off by default, a user compiling its own image will fail
to run some popular packages from the official repo.
Note that disabling engines did not work in 1.0.2, so this problem never
showed up before.
NPN support has been removed in major browsers & servers, and has become
a small bloat, so it does not make sense to leave it on by default.
Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Currently the Geode builds fails on following kernel module missing
dependencies:
Package kmod-drm-amdgpu is missing dependencies for the following libraries:
backlight.ko
drm_kms_helper.ko
fb.ko
ttm.ko
So this patch tries to fix the kmod-drm-amdgpu module dependecies.
Fixes: 2f239c0 ("x86: video: add amdgpu DRM kernel package")
Fixes: 2f6918e ("x86: video: add radeon DRM module support")
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Commit 6e060bd62c introduced a dependency to the dialout group.
Adding this group to the "group" file in the base-files package is not
enough to handle this dependency, because after a sysupgrade this entry
will be missing in the "group" file.
To address this problem the dependencies to the required groups needs to
be set in the Makefile of the procd package.
Then, the uci-default script "13_fix_group_user" will add the groups
on first boot-up after a sysupgrade.
Fixes: 6e060bd62c ("base-files/hotplug: fix dedicated group for tty devices")
Tested-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Both targets have their own idea of how to use ehci-fsl.
This patch reverts part of commit
68b8d3b079 ("kernel: usb: add FSL EHCI package") and moves
ehci-fsl back into kmod-usb2, while also making it hopefully
useable for the mpc85xx target.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
24f9dc7 Iron out all extra compiler warnings
9d8dbc9 Enable extra compiler checks
ff8d356 mbim-proxy support
ccca03f umbim: add registration set support
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Replace the patch introduced by commit d0b969eee8 ("mac80211: rt2x00:
do not increment sequence number while re-transmitting") was merged
into wireless-drivers.git. Replace our version with the merged version.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
EAP-pwd missing commit validation
Published: April 10, 2019
Identifiers:
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for
scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for
scalar/element)
Latest version available from: https://w1.fi/security/2019-4/
Vulnerability
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate the received scalar and element
values in EAP-pwd-Commit messages properly. This could result in attacks
that would be able to complete EAP-pwd authentication exchange without
the attacker having to know the used password.
A reflection attack is possible against the EAP-pwd server since the
hostapd EAP server did not verify that the EAP-pwd-Commit contains
scalar/element values that differ from the ones the server sent out
itself. This allows the attacker to complete EAP-pwd authentication
without knowing the password, but this does not result in the attacker
being able to derive the session key (MSK), i.e., the attacker would not
be able to complete the following key exchange (e.g., 4-way handshake in
RSN/WPA).
An attack using invalid scalar/element values is possible against both
the EAP-pwd server and peer since hostapd and wpa_supplicant did not
validate these values in the received EAP-pwd-Commit messages. If the
used crypto library does not implement additional checks for the element
(EC point), this could result in attacks where the attacker could use a
specially crafted commit message values to manipulate the exchange to
result in deriving a session key value from a very small set of possible
values. This could further be used to attack the EAP-pwd server in a
practical manner. An attack against the EAP-pwd peer is slightly more
complex, but still consider practical. These invalid scalar/element
attacks could result in the attacker being able to complete
authentication and learn the session key and MSK to allow the key
exchange to be completed as well, i.e., the attacker gaining access to
the network in case of the attack against the EAP server or the attacker
being able to operate a rogue AP in case of the attack against the EAP
peer.
While similar attacks might be applicable against SAE, it should be
noted that the SAE implementation in hostapd and wpa_supplicant does
have the validation steps that were missing from the EAP-pwd
implementation and as such, these attacks do not apply to the current
SAE implementation. Old versions of wpa_supplicant/hostapd did not
include the reflection attack check in the SAE implementation, though,
since that was added in June 2015 for v2.5 (commit 6a58444d27fd 'SAE:
Verify that own/peer commit-scalar and COMMIT-ELEMENT are different').
Vulnerable versions/configurations
All hostapd versions with EAP-pwd support (CONFIG_EAP_PWD=y in the build
configuration and EAP-pwd being enabled in the runtime configuration)
are vulnerable against the reflection attack.
All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration) are vulnerable against the invalid
scalar/element attack when built against a crypto library that does not
have an explicit validation step on imported EC points. The following
list indicates which cases are vulnerable/not vulnerable:
- OpenSSL v1.0.2 or older: vulnerable
- OpenSSL v1.1.0 or newer: not vulnerable
- BoringSSL with commit 38feb990a183 ('Require that EC points are on the
curve.') from September 2015: not vulnerable
- BoringSSL without commit 38feb990a183: vulnerable
- LibreSSL: vulnerable
- wolfssl: vulnerable
Acknowledgments
Thanks to Mathy Vanhoef (New York University Abu Dhabi) for discovering
and reporting the issues and for proposing changes to address them in
the implementation.
Possible mitigation steps
- Merge the following commits to wpa_supplicant/hostapd and rebuild:
CVE-2019-9497:
EAP-pwd server: Detect reflection attacks
CVE-2019-9498:
EAP-pwd server: Verify received scalar and element
EAP-pwd: Check element x,y coordinates explicitly
CVE-2019-9499:
EAP-pwd client: Verify received scalar and element
EAP-pwd: Check element x,y coordinates explicitly
These patches are available from https://w1.fi/security/2019-4/
- Update to wpa_supplicant/hostapd v2.8 or newer, once available
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
hostapd: fix SAE confirm missing state validation
Published: April 10, 2019
Identifiers:
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
Latest version available from: https://w1.fi/security/2019-3/
Vulnerability
When hostapd is used to operate an access point with SAE (Simultaneous
Authentication of Equals; also known as WPA3-Personal), an invalid
authentication sequence could result in the hostapd process terminating
due to a NULL pointer dereference when processing SAE confirm
message. This was caused by missing state validation steps when
processing the SAE confirm message in hostapd/AP mode.
Similar cases against the wpa_supplicant SAE station implementation had
already been tested by the hwsim test cases, but those sequences did not
trigger this specific code path in AP mode which is why the issue was
not discovered earlier.
An attacker in radio range of an access point using hostapd in SAE
configuration could use this issue to perform a denial of service attack
by forcing the hostapd process to terminate.
Vulnerable versions/configurations
All hostapd versions with SAE support (CONFIG_SAE=y in the build
configuration and SAE being enabled in the runtime configuration).
Possible mitigation steps
- Merge the following commit to hostapd and rebuild:
SAE: Fix confirm message validation in error cases
These patches are available from https://w1.fi/security/2019-3/
- Update to hostapd v2.8 or newer, once available
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
EAP-pwd side-channel attack
Published: April 10, 2019
Identifiers:
- CVE-2019-9495 (cache attack against EAP-pwd)
Latest version available from: https://w1.fi/security/2019-2/
Vulnerability
Number of potential side channel attacks were recently discovered in the
SAE implementations used by both hostapd and wpa_supplicant (see
security advisory 2019-1 and VU#871675). EAP-pwd uses a similar design
for deriving PWE from the password and while a specific attack against
EAP-pwd is not yet known to be tested, there is no reason to believe
that the EAP-pwd implementation would be immune against the type of
cache attack that was identified for the SAE implementation. Since the
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) does not support MODP groups, the timing attack described against
SAE is not applicable for the EAP-pwd implementation.
A novel cache-based attack against SAE handshake would likely be
applicable against the EAP-pwd implementation. Even though the
wpa_supplicant/hostapd PWE derivation iteration for EAP-pwd has
protections against timing attacks, this new cache-based attack might
enable an attacker to determine which code branch is taken in the
iteration if the attacker is able to run unprivileged code on the victim
machine (e.g., an app installed on a smart phone or potentially a
JavaScript code on a web site loaded by a web browser). This depends on
the used CPU not providing sufficient protection to prevent unprivileged
applications from observing memory access patterns through the shared
cache (which is the most likely case with today's designs).
The attacker could use information about the selected branch to learn
information about the password and combine this information from number
of handshake instances with an offline dictionary attack. With
sufficient number of handshakes and sufficiently weak password, this
might result in full recovery of the used password if that password is
not strong enough to protect against dictionary attacks.
This attack requires the attacker to be able to run a program on the
target device. This is not commonly the case on an authentication server
(EAP server), so the most likely target for this would be a client
device using EAP-pwd.
The commits listed in the end of this advisory change the EAP-pwd
implementation shared by hostapd and wpa_supplicant to perform the PWE
derivation loop using operations that use constant time and memory
access pattern to minimize the externally observable differences from
operations that depend on the password even for the case where the
attacker might be able to run unprivileged code on the same device.
Vulnerable versions/configurations
All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration).
It should also be noted that older versions of wpa_supplicant/hostapd
prior to v2.7 did not include additional protection against certain
timing differences. The definition of the EAP-pwd (RFC 5931) does not
describe such protection, but the same issue that was addressed in SAE
earlier can be applicable against EAP-pwd as well and as such, that
implementation specific extra protection (commit 22ac3dfebf7b, "EAP-pwd:
Mask timing of PWE derivation") is needed to avoid showing externally
visible timing differences that could leak information about the
password. Any uses of older wpa_supplicant/hostapd versions with EAP-pwd
are recommended to update to v2.7 or newer in addition to the mitigation
steps listed below for the more recently discovered issue.
Possible mitigation steps
- Merge the following commits to wpa_supplicant/hostapd and rebuild:
OpenSSL: Use constant time operations for private bignums
Add helper functions for constant time operations
OpenSSL: Use constant time selection for crypto_bignum_legendre()
EAP-pwd: Use constant time and memory access for finding the PWE
These patches are available from https://w1.fi/security/2019-2/
- Update to wpa_supplicant/hostapd v2.8 or newer, once available
- Use strong passwords to prevent dictionary attacks
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
SAE side-channel attacks
Published: April 10, 2019
Identifiers:
- VU#871675
- CVE-2019-9494 (cache attack against SAE)
Latest version available from: https://w1.fi/security/2019-1/
Vulnerability
Number of potential side channel attacks were discovered in the SAE
implementations used by both hostapd (AP) and wpa_supplicant
(infrastructure BSS station/mesh station). SAE (Simultaneous
Authentication of Equals) is also known as WPA3-Personal. The discovered
side channel attacks may be able to leak information about the used
password based on observable timing differences and cache access
patterns. This might result in full password recovery when combined with
an offline dictionary attack and if the password is not strong enough to
protect against dictionary attacks.
Cache attack
A novel cache-based attack against SAE handshake was discovered. This
attack targets SAE with ECC groups. ECC group 19 being the mandatory
group to support and the most likely used group for SAE today, so this
attack applies to the most common SAE use case. Even though the PWE
derivation iteration in SAE has protections against timing attacks, this
new cache-based attack enables an attacker to determine which code
branch is taken in the iteration if the attacker is able to run
unprivileged code on the victim machine (e.g., an app installed on a
smart phone or potentially a JavaScript code on a web site loaded by a
web browser). This depends on the used CPU not providing sufficient
protection to prevent unprivileged applications from observing memory
access patterns through the shared cache (which is the most likely case
with today's designs).
The attacker can use information about the selected branch to learn
information about the password and combine this information from number
of handshake instances with an offline dictionary attack. With
sufficient number of handshakes and sufficiently weak password, this
might result in full discovery of the used password.
This attack requires the attacker to be able to run a program on the
target device. This is not commonly the case on access points, so the
most likely target for this would be a client device using SAE in an
infrastructure BSS or mesh BSS.
The commits listed in the end of this advisory change the SAE
implementation shared by hostapd and wpa_supplicant to perform the PWE
derivation loop using operations that use constant time and memory
access pattern to minimize the externally observable differences from
operations that depend on the password even for the case where the
attacker might be able to run unprivileged code on the same device.
Timing attack
The timing attack applies to the MODP groups 22, 23, and 24 where the
PWE generation algorithm defined for SAE can have sufficient timing
differences for an attacker to be able to determine how many rounds were
needed to find the PWE based on the used password and MAC
addresses. When the attack is repeated with multiple times, the attacker
may be able to gather enough information about the password to be able
to recover it fully using an offline dictionary attack if the password
is not strong enough to protect against dictionary attacks. This attack
could be performed by an attacker in radio range of an access point or a
station enabling the specific MODP groups.
This timing attack requires the applicable MODP groups to be enabled
explicitly in hostapd/wpa_supplicant configuration (sae_groups
parameter). All versions of hostapd/wpa_supplicant have disabled these
groups by default.
While this security advisory lists couple of commits introducing
additional protection for MODP groups in SAE, it should be noted that
the groups 22, 23, and 24 are not considered strong enough to meet the
current expectation for a secure system. As such, their use is
discouraged even if the additional protection mechanisms in the
implementation are included.
Vulnerable versions/configurations
All wpa_supplicant and hostapd versions with SAE support (CONFIG_SAE=y
in the build configuration and SAE being enabled in the runtime
configuration).
Acknowledgments
Thanks to Mathy Vanhoef (New York University Abu Dhabi) and Eyal Ronen
(Tel Aviv University) for discovering the issues and for discussions on
how to address them.
Possible mitigation steps
- Merge the following commits to wpa_supplicant/hostapd and rebuild:
OpenSSL: Use constant time operations for private bignums
Add helper functions for constant time operations
OpenSSL: Use constant time selection for crypto_bignum_legendre()
SAE: Minimize timing differences in PWE derivation
SAE: Avoid branches in is_quadratic_residue_blind()
SAE: Mask timing of MODP groups 22, 23, 24
SAE: Use const_time selection for PWE in FFC
SAE: Use constant time operations in sae_test_pwd_seed_ffc()
These patches are available from https://w1.fi/security/2019-1/
- Update to wpa_supplicant/hostapd v2.8 or newer, once available
- In addition to either of the above alternatives, disable MODP groups
1, 2, 5, 22, 23, and 24 by removing them from hostapd/wpa_supplicant
sae_groups runtime configuration parameter, if they were explicitly
enabled since those groups are not considered strong enough to meet
current security expectations. The groups 22, 23, and 24 are related
to the discovered side channel (timing) attack. The other groups in
the list are consider too weak to provide sufficient security. Note
that all these groups have been disabled by default in all
hostapd/wpa_supplicant versions and these would be used only if
explicitly enabled in the configuration.
- Use strong passwords to prevent dictionary attacks
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
With this change, the file is reduced from 5186 bytes to 4649 bytes that
its approximately 10.5 percent less memory consumption. For small
devices, sometimes every byte counts.
Also, all other protocol handler use tabs instead of spaces.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This is sold as a dual-band 802.11ac range extender. It has a sliding
switch for Extender mode or Access Point mode, a WPS button, a recessed
Reset button, a hard-power button, and a multitude of LED's, some
multiplexed via an NXP 74AHC164D chip. The internal serial header pinout is
Vcc, Tx, Rx, GND, with GND closest to the corner of the board. You may
connect at 115200 bps, 8 data bits, no parity, 1 stop bit.
Specification:
- System-On-Chip: QCA9558
- CPU/Speed: 720 MHz
- Flash-Chip: Winbond 25Q128FVSG
- Flash size: 16 MiB
- RAM: 128 MiB
- Wireless No1: QCA9558 on-chip 2.4GHz 802.11bgn, 3x3
- Wireless No2: QCA99x0 chip 5GHz 802.11an+ac, 4x4
- PHY: Atheros AR8035-A
Installation:
If you can get to the stock firmware's firmware upgrade option, just feed
it the factory.img and boot as usual. As an alternative, TFTP the
factory.img to the bootloader.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
[whitespace fix in DTS and reorder of make variables]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fix dbclient regression in 2019.77. After exiting the terminal would be left
in a bad state. Reported by Ryan Woodsmall
drop patch applied upstream:
010-tty-modes-werent-reset-for-client.patch
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
We do not need to define an empty Build/Configure since
the default checks for existing ./configure and does nothing
in case nothing is found.
Similar for Build/Compile: we can remove the definition
when we only call the default.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
After getting rid of cryptsetup's heavy openssl dependency, there is now
the problem of missing RIPEMD160 support. RIPEMD160 is used for True/Vera
crypt volumes as well as old LUKS1 ones.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Currently leds migration scripts in ar71xx and lantiq share a lot of
logic and introducing leds migration to another target would mean
copying this code, again. Therefore add common logic to library in
base-files package.
Suggested-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
* allowedips: initialize list head when removing intermediate nodes
Fix for an important regression in removing allowed IPs from the last
snapshot. We have new test cases to catch these in the future as well.
* tools: warn if an AllowedIP has a nonzero host part
If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8)
will now print a warning. Even though we mask this automatically down to
192.168.1.0/24, usually when people specify it like this, it's a mistake.
* wg-quick: add 'strip' subcommand
The new strip subcommand prints the config file to stdout after stripping
it of all wg-quick-specific options. This enables tricks such as:
`wg addconf $DEV <(wg-quick strip $DEV)`.
* tools: avoid unneccessary next_peer assignments in sort_peers()
Small C optimization the compiler was probably already doing.
* peerlookup: rename from hashtables
* allowedips: do not use __always_inline
* device: use skb accessor functions where possible
Suggested tweaks from Dave Miller.
* blake2s: simplify
* blake2s: remove outlen parameter from final
The blake2s implementation has been simplified, since we don't use any of the
fancy tree hashing parameters or the like. We also no longer separate the
output length at initialization time from the output length at finalization
time.
* global: the _bh variety of rcu helpers have been unified
* compat: nf_nat_core.h was removed upstream
* compat: backport skb_mark_not_on_list
The usual assortment of compat fixes for Linux 5.1.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The removed patches are now integrated in the upstream kernel.
Refresh all patches on top of the new backports release.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Add U-Boot for NVIDIA Tegra based boards, with the first being CompuLab
TrimSlice. This is part of initial support for this board.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
New target introduces initial support for NVIDIA Tegra SoC based devices.
It focuses on Tegra 2 CPUs, for successors supporting NEON instruction
set the target should be split in two subtargets.
This initial commit doesn't create any device image, it's groundwork
for further additions.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Commit 124ab1dc0a and 5523ee3459 introduced the assignment of the
group "tty" to /dev/tty* devices in order to support unprivileged
user access to serial devices.
However, due to an improperly rebased commit this feature broke.
This patch restores the lost hunk in hotplug.json file to
re-introduce this feature and also renames the existing "tty" group
to "dialout" as this is the more typical name for such a group
on desktop systems.
Fixes: 5209cfa534 ("procd: fix hotplug.json syntax")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
OpenVPN as of 2.4.7 uses some OpenSSL APIs that are deprecated in
OpenSSL >= 1.1.0.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [white space fix]
361b3e4 proto-shell: return error in case setup fails
a97297d interface: set interface in TEARDOWN state when checking link state
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Increase MAX_WAIT_FW_COMPLETE_ITERATIONS to 10000 as before commit
e5e0700 to prevent timeout as reported here: #308 (Original OP issue is
probably not related though as his post preceeds commit e5e0700).
compile/test target mvebu/mamba, rango
Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
[commit subject and message tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Release notes since last time:
Release notes for wave-1 / 10.1:
2019-03-28: Fix sometimes using bad TID for management frames
in htt-mgt mode. (Backported from wave2, looks
like bug would be the same though.)
Release notes for wave-2 / 10.4:
2019-03-28: Fix off-channel scanning while associated in
proxy-station mode.
2019-03-29: Fix sometimes sending mgt frames on wrong tid when
using htt-mgt. This bug has been around since I first
enabled htt-mgt mode.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
c2cfe9d iwinfo: Fix 802.11ad channel to frequency
Fixes 9725aa271a ("iwinfo: update to latest git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ff1ded6 libfstools: Fix overflow of F2FS_MINSIZE constant
bc2c876 libfstools: Print error in case of loop blkdev failure
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Instead of creating host-routes depending on fwmark as (accidentally)
pushed by commit
1e8bb50b93 ("wireguard: do not add host-dependencies if fwmark is set")
use a new config option 'nohostroute' to explicitely prevent creation
of the route to the endpoint.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The 'fwmark' option is used to define routing traffic to
wireguard endpoints to go through specific routing tables.
In that case it doesn't make sense to setup routes for
host-dependencies in the 'main' table, so skip setting host
dependencies if 'fwmark' is set.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The 4.14.108 bump introduced a missing dependency when building
specific netfilters.
Thsi was not seen as the error does not occur on all targets.
Thanks to Jo-Philipp Wich for providing the fix
Fixes: af6c86dbe5 ("kernel: bump 4.14 to 4.14.108")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
- limit ECC support to ec*-sha2-nistp256:
* DROPBEAR_ECC now provides only basic support for ECC
- provide full ECC support as an option:
* DROPBEAR_ECC_FULL brings back support for ec{dh,dsa}-sha2-nistp{384,521}
- update feature costs in binary size
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* option "keyfile" is more generic than "rsakeyfile".
* option "rsakeyfile" is considered to be deprecated and should be removed
in future releases.
* warn user (in syslog) if option "rsakeyfile" is used
* better check options ("rsakeyfile" and "keyfile"): don't append
"-r keyfile" to command line if file is absent (doesn't exist or empty),
warn user (in syslog) about such files
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Felix Fietkau pointed out that bundled libtomcrypt/libtommath do funny stuff with CFLAGS.
fix this with checking environment variable OPENWRT_BUILD in both libs.
change in dropbear binary size is drastical: 221621 -> 164277.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
compiler complains about messed up CFLAGS in build log:
<command-line>: warning: "_FORTIFY_SOURCE" redefined
<command-line>: note: this is the location of the previous definition
and then linker fails:
mips-openwrt-linux-musl-gcc [...] -o dropbearmulti [...]
collect2: fatal error: ld terminated with signal 11 [Segmentation fault]
compilation terminated.
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans0.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans1.ltrans.o: relocation R_MIPS_HI16 against `ses' can not be used when making a shared object; recompile with -fPIC
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans2.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550
[...]
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550
make[3]: *** [Makefile:198: dropbearmulti] Error 1
make[3]: *** Deleting file 'dropbearmulti'
make[3]: Leaving directory '/build_dir/target-mips_24kc_musl/dropbear-2018.76'
make[2]: *** [Makefile:158: /build_dir/target-mips_24kc_musl/dropbear-2018.76/.built] Error 2
make[2]: Leaving directory '/package/network/services/dropbear'
This FTBFS issue was caused by hardening flags set up by dropbear's configure script.
By default, Dropbear offers hardening via CFLAGS and LDFLAGS,
but this may break or confuse OpenWrt settings.
Remove most Dropbear's hardening settings in favour of precise build,
but preserve Spectre v2 mitigations:
* -mfunction-return=thunk
* -mindirect-branch=thunk
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Release notes since last time:
Release notes for wave-1:
- 2019-03-12: Add btcoex feature flag for 2.4Ghz only adapters,
backported from upstream 10.2 firmware.
- 2019-03-12: Support offloading decrypt of PMF blockack frames
to the host. This lets us do blockack with PMF and
rx-sw-crypt. Normal hwcrypt scenarios would not need this.
Release notes for wave-2:
- 2019-03-12: Fix crash when tearing down VI TID when pending frames
exist. Could reproduce this while doing rmmod when VI
traffic was flowing and PMF was enabled but broken.
Bad luck could rarely cause it to happen in more normal
config too.
- 2019-03-12: Support offloading decrypt of PMF blockack frames to
the host. This lets us do blockack with PMF and
rx-sw-crypt. Normal hwcrypt scenarios would not need this.
- 2019-03-12: Re-work problematic patch that attempted to fix transmit
on non-QOS tids. It appears buggy in several ways,
hopefully improved now. This was introduced last fall.
See github bug 78.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
4d8c7e8 mt76: mt76x02: send no-skb tx status without holding the status lock
7e9e9ad mt76: mt7603: add missing initialization for dev->ps_lock
3a7e6bb mt76: fix potential deadlock on cancelling workqueues
deacb8f mt76: fix using mac80211 tx skb header padding
c9402eb mt76: use napi polling for tx cleanup
60e508e mt76: use readl/writel instead of ioread32/iowrite32
5912e8a mt7603: fix sequence number assignment
95a83cc mt7603: send BAR after powersave wakeup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
a8cf037 netifd: wireless: Add support for GCMP cipher
34a70b6 netifd: wireless: Add support for 802.11ad
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This reverts commit 0331770299.
With LTO enabled valgridn does not build on MIPS32 any more, deactivate
it for now. The patch refresh was not reverted.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Openssl 1.1.0 made wholesale changes to its building system.
Apparently, parallel builds are working now.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
The PKG_MIRROR_HASH was for some reason wrong.
Fixes: d75db67870 ("uboot-fritz4040: bump version to 2019-03-03")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
- Former "mir3g" board name becomes "xiaomi,mir3g".
- Reorder some entries to maintain alphabetical order.
- Change DTS so status LEDs (yellow/red/blue) mimic
Xiaomi stock firmware: (Section Indicator)
<http://files.xiaomi-mi.co.uk/files/router_pro/router%20PRO%20EN.pdf>
<http://files.xiaomi-mi.co.uk/files/Mi_WiFi_router_3/MiWiFi_router3_EN.pdf>
|Yellow: Update (LED flickering), the launch of the system (steady light);
|Blue: during normal operation (steady light);
|Red: Safe mode (display flicker), system failure (steady light);
Signed-off-by: Ozgur Can Leonard <ozgurcan@gmail.com>
[Added link to similar Router 3 model]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
- Tested on Turris MOX, OpenWrt master
- Removed PKG_BUILD_DIR
In build_dir there were two folders
ca-certificates and ca-certificates-20190110 and it failed as files
were in ca-certificates-20190110
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Hardware
--------
CPU: Qualcomm IPQ4018
RAM: 256M
FLASH: 32M SPI NOR W25Q256
ETH: QCA8075
WiFi2: IPQ4018 2T2R 2SS b/g/n
WiFi5: IPQ4018 2T2R 2SS n/ac
LED: - Power amber
- LAN1(PoE) green
- LAN2 green
- Wi-Fi 2.4GHz green
- Wi-Fi 5GHz green
BTN: - WPS
UART: 115200n8 3.3V J1
VCC(1) - GND(2) - TX(3) - RX(4)
Added basic support to get the device up and running for a sysupgrade
image only.
There is currently no way back to factory firmware, so this is a one-way
street to OpenWRT.
Install from factory condition is convoluted, and may brick your device:
1) Enable SSH and disable the CLI on the factory device from the web user
interface (Management->Advanced)
2) Reboot the device
3) Override the default, limited SSH shell:
a) Get into the ssh shell:
ssh admin@192.168.1.1 /bin/sh --login
b) Change the dropbear script to disable the limited shell. At the
empty command prompt type:
sed -i '/login_ssh/s/^/#/g’ dropbear
/etc/init.d/dropbear restart
exit
4) ssh in to a (now-) normal OpenWRT SSH session
5) Flash your built image
a) scp openwrt-ipq40xx-engenius_ens620ext-squashfs-sysupgrade.bin
admin@192.168.1.1:/tmp/
b) ssh admin@192.168.1.1
c) sysupgrade -n
/tmp/openwrt-ipq40xx-engenius_ens620ext-squashfs-sysupgrade.bin
6) After flash completes (it may say "Upgrade failed" followed by
"Upgrade completed") and device reboots, log in to newly flashed
system. Note you will now need to ssh as root rather than admin.
Signed-off-by: Steve Glennon <s.glennon@cablelabs.com>
[whitespace fixes, reordered partitions, removed rng node from 4.14,
fixed 901-arm-boot-add-dts-files.patch]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Update iproute2 to 5.0.0
Remove upstream patch 001-tc-fix-undefined-XATTR_SIZE_MAX
Alter patch 170-ip_tiny as support for IPX and DECnet is dropped
Update patch 010-cake-fwmark to match upstream commit
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Update the out of tree build of cake. Applicable patches are also in
net-next.
057c738 Fix fwmark_shft assignment (again)
ca6c162 Add support for storing mark back into conntrack
7ed9b6c Fix off-by-one error when setting fwmark_shft.
a4a243a sch_cake: Interpret fwmark parameter as a bitmask
29d707e Simplify logic in cake_select_tin()
8acaaee Permit use of connmarks as tin classifiers
348f186 Make the dual modes fairer
99a7297 compat: Don't lock root qdisc when dumping stats on old kernels
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
ipset utility was linked statically to libipset. Disable static library for dynamic linking to save space.
Add -Wl,--gc-sections,--as-needed for further reduction
MIPS ipk size:
ipset: 29KiB -> 2KiB
libipset: 39KiB -> 38KiB
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
The keyword "all" is only supported by `iw set antenna` if
it's used as the only argument.
Convert "all" into a mask before calling `iw set antenna`.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
00ac79d mt7603: fix initialization of max rx length
320af65 mt76: mt7603: use the correct hweight8() function
bdee924 mt76: fix schedule while atomic in mt76x02_reset_state
abcb544 mt76x02: do not enable RTS/CTS by default
e97a209 mt76: remove mt76_queue dependency from tx_queue_skb function pointer
ddd98f8 mt76: remove mt76_queue dependency from tx_prepare_skb function pointer
9bc2d56 mt76: remove mt76_queue dependency from tx_complete_skb function pointer
06c917f mt76: introduce mt76_sw_queue data structure
2dc63b0 mt76: introduce mt76_txq_id field in mt76_queue_entry
312f6fc mt76: remove irqsave/restore in locking for tx status fifo
0fe6386 mt76: move mt76x02_insert_hdr_pad in mt76-core module
efe9a47 mt76: mmio: move mt76_insert_hdr_pad in mt76_dma_tx_queue_skb
0b03f87 mt76: move skb dma mapping before running tx_prepare_skb
f977a92 mt76: introduce mt76_tx_info data structure
72fe286 mt76: use mac80211 txq scheduling
b77b932 mt76: reduce locking in mt76_dma_tx_cleanup
c0ab515 mt76: store wcid tx rate info in one u32 reduce locking
f37ad72 mt76: mt76x02: store software PN/IV in wcid
5323005 mt76: move tx tasklet to struct mt76_dev
688d708 mt76: only schedule txqs from the tx tasklet
42ce040 mt76: use TX_NEEDS_ALIGNED4_SKBS
2660aa9 mt76: mt7603: store software PN/IV in wcid
3ce8a93 mt76: dma: add static qualifier to mt76_dma_tx_queue_skb
81a32aa mt7603: remove mt7603_mcu_init routine
48dc7e9 mt7603: core: do not use magic numbers in mt7603_reg_map
2236490 mt76: usb: reduce code indentation in mt76u_alloc_tx
Signed-off-by: Felix Fietkau <nbd@nbd.name>
dnsmasq (and probably other DHCP servers as well) does not like to hand out
leases with duplicate host names.
Adding support for skipping the hostname makes it easier to deploy setups
where it is not guaranteed to be unique
Signed-off-by: Felix Fietkau <nbd@nbd.name>
In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all*
symbols into the dynamic symbol table. Instead, use --dynamic-list to
export a smaller set of symbols similar to that defined in static-syms.h
in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase.
The symbol set is based on that required by the only plugin, m_xt.so.
Also increment PKG_RELEASE.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE fixup]
This enables using the tc module m_xt.so, which uses the act_ipt kernel
module to allow tc actions based on iptables targets. e.g.
tc filter add dev eth0 parent 1: prio 10 protocol ip \
u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE
Make the SHARED_LIBS parameter configurable and based on tc package
selection.
Fix a problem using the tc m_xt.so plugin as also described in
https://bugs.debian.org/868059:
Sync include/xtables.h from iptables to make sure the right offset is
used when accessing structure members defined in libxtables. One could
get “Extension does not know id …” otherwise. (See also: #868059)
Patch to sync the included xtables.h with system iptables 1.6.x. This
continues to work with iptables 1.8.2.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Add build and runtime dependencies on libelf, allowing tc and ip-full
to load BPF and XDP object files respectively.
Define package 'tc' as a singleton package variant, which can be used to
enable additional functionality limited only to tc. Also set ip-tiny
as the default 'ip' variant.
Preserve optionality of libelf by having configuration script follow the
HAVE_ELF environment variable, used similarly to the HAVE_MNL variable.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Hardware
--------
CPU: Qualcomm IPQ4019
RAM: 256M (NANYA NT5CC128M16JR-EK)
FLASH: 128M NAND (Macronix MX30LF1G18AC-XKI)
ETH: Qualcomm QCA8072
WiFi2: IPQ4019 2T2R 2SS b/g/n
WiFi5: IPQ4019 2T2R 2SS n/ac
WiFi5: QCA9984 4T4R 4SS n/ac
LED: - Connect green/blue/red
- Power green
BTN: WPS/Connect
UART: 115200n8 3.3V
VCC - RX - TX - GND (Square is VCC)
Installation
------------
1. Grab the uboot for the Device from the 'u-boot-fritz3000'
subdirectory. Place it in the same directory as the 'eva_ramboot.py'
script. It is located in the 'scripts/flashing' subdirectory of the
OpenWRT tree.
2. Assign yourself the IP address 192.168.178.10/24. Connect your
Computer to one of the boxes LAN ports.
3. Connect Power to the Box. As soon as the LAN port of your computer
shows link, load the U-Boot to the box using following command.
> ./eva_ramboot.py --offset 0x85000000 192.168.178.1 uboot-fritz3000.bin
4. The U-Boot will now start. Now assign yourself the IP address
192.168.1.70/24. Copy the OpenWRT initramfs (!) image to a TFTP
server root directory and rename it to 'FRITZ3000.bin'.
5. The Box will now boot OpenWRT from RAM. This can take up to two
minutes.
6. Copy the U-Boot and the OpenWRT sysupgrade (!) image to the Box using
scp. SSH into the Box and first write the Bootloader to both previous
kernel partitions.
> mtd write /path/to/uboot-fritz3000.bin uboot0
> mtd write /path/to/uboot-fritz3000.bin uboot1
7. Remove the AVM filesystem partitions to make room for our kernel +
rootfs + overlayfs.
> ubirmvol /dev/ubi0 --name=avm_filesys_0
> ubirmvol /dev/ubi0 --name=avm_filesys_1
8. Flash OpenWRT peristently using sysupgrade.
> sysupgrade -n /path/to/openwrt-sysupgrade.bin
Signed-off-by: David Bauer <mail@david-bauer.net>
AVM devices based on Qualcomm IPQ40xx do not store sector health
information in the OOB area. Make this check optional to support this
platform.
Signed-off-by: David Bauer <mail@david-bauer.net>
Hardware:
CPU: MediaTek MT7621AT (2x880MHz)
RAM: 512MB DDR3
FLASH: 256MB NAND
WiFi: 2.4GHz 4x4 MT7615 b/g/n (Needs driver, See Issues!)
WiFI: 5GHz 4x4 MT7615 a/n/ac (Needs driver, See Issues!)
USB: 1x 3.0
ETH: 1x WAN 10/100/1000 3x LAN 10/100/1000
LED: Power/Status
BTN: RESET
UART: 115200 8n1
Partition layout and boot:
Stock Xiaomi firmware has the MTD split into (among others)
- kernel0 (@0x200000)
- kernel1 (@0x600000)
- rootfs0
- rootfs1
- overlay (ubi)
Xiaomi uboot expects to find kernels at 0x200000 & 0x600000
referred to as system 1 & system 2 respectively.
a kernel is considered suitable for handing control over
if its linux magic number exists & uImage CRC are correct.
If either of those conditions fail, a matching sys'n'_fail flag
is set in uboot env & a restart performed in the hope that the
alternate kernel is okay.
If neither kernel checksums ok and both are marked failed, system 2
is booted anyway.
Note uboot's tftp flash install writes the transferred
image to both kernel partitions.
Installation:
Similar to the Xiaomi MIR3G, we keep stock Xiaomi firmware in
kernel0 for ease of recovery, and install OpenWRT into kernel1 and
after.
The installation file for OpenWRT is a *squashfs-factory.bin file that
contains the kernel and a ubi partition. This is flashed as follows:
nvram set flag_try_sys1_failed=1
nvram set flag_try_sys2_failed=0
nvram commit
dd if=factory.bin bs=1M count=4 | mtd write - kernel1
dd if=factory.bin bs=1M skip=4 | mtd write - rootfs0
reboot
Reverting to stock:
The part of stock firmware we've kept in kernel0 allows us to run stock
recovery, which will re-flash stock firmware from a *.bin file on a USB.
For this we do the following:
fw_setenv flag_try_sys1_failed 0
fw_setenv flag_try_sys2_failed 1
reboot
After reboot the LED status light will blink red, at which point pressing
the 'reset' button will cause stock firmware to be installed from USB.
Issues:
OpenWRT currently does not have support for the MT7615 wifi chips. There is
ongoing work to add mt7615 support to the open source mt76 driver. Until that
support is in place, there are closed-source kernel modules that can be used.
See: https://forum.openwrt.org/t/support-for-xiaomi-wifi-r3p-pro/20290/170
Signed-off-by: Ozgur Can Leonard <ozgurcan@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[02_network remaps, Added link to notes]
Hardware
--------
SOC: QCA9558
RAM: 128M DDR2
Flash: 16MiB SPI-NOR
ETH: QCA8337N: 2x 10/100/1000 PoE and PoE pass-through
WiFi2: QCA9558 (bgn) 2T2R
WiFi5: 2x mPCIE with AR9582 (an) 2T2R
BTN: 1x Reset
GPIO: multiple GPIO on header, PoE passthrough enable
UART: 3.3V 115200 8N1 header on the board
WDG: ATTiny13 watchdog
JTAG: header on the board
USB: 1x connector and 1x header on the board
PoE: 10-32V input in ETH port 1, passthrough in port 2
mPCIE: 2x populated with radios (but replaceable)
OpenWrt is preinstalled from factory. To install use <your-image>-sysupgade.bin
using the web interface or with sysupgrade -n.
Flash from bootloader (in case failsafe does not work)
1. Connect the LibreRouter with a serial adapter (TTL voltage) to the UART
header in the board.
2. Connect an ETH cable and configure static ip addres 192.168.1.10/24
3. Turn on the device and stop the bootloader sending any key through the serial
interface.
4. Use a TFTP server to serve <your image>-sysupgrade.bin file.
5. Execute the following commands at the bootloader prompt:
ath> tftp 82000000 <your image>-sysupgrade.bin
ath> erase 0x9f050000 +$filesize
ath> cp.b 0x82000000 0x9f050000 $filesize
ath> bootm 0x9f050000
More docs
* Bootloader https://github.com/librerouterorg/u-boot
* Board details (schematics, gerbers): https://github.com/librerouterorg/board
Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net>
Openssh uses digest contexts across forks, which is not supported by the
/dev/crypto engine. The speed of digests is usually not worth enabling
them anyway. This changes the default of the DIGESTS option to NONE, so
the user still has the option to enable them.
Added another patch related to the use of encryption contexts across
forks, that ignores a failure to close a previous open session when
reinitializing a context, instead of failing the reinitialization.
Added a link to the Cryptographic Hardware Accelerators document to the
engine pacakges description, to provide more detailed instructions to
configure the engines.
Revert the removal of the OPENSSL_ENGINE_CRYPTO symbol, currently used
by openssh. There is an open PR to update openssh; when merged, this
symbol can be safely removed.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patches]
Imported from patchwork, patches marked with '=' have already been in
our tree:
[v3,1/4] cfg80211: add ratelimited variants of err and warn
[v3,2/4] rt2x00: use ratelimited variants dev_warn/dev_err
[v3,3/4] rt2x00: check number of EPROTO errors
=[v3,4/4] rt2x00: do not print error when queue is full
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add missing /usr/sbin install dir fixing :
install: cannot create regular file 'build_dir/target-x86_64_musl/busybox-1.30.1/.pkgdir/busybox/usr/sbin/ntpd-hotplug': No such file or directory
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
cfb47d30 Take into account larger frame size for prioritization
dbbe4e01 Remove unused field
371bc3a8 clang-format
5e7889c5 Update manual pages
b1b2ad50 Bump up version number to 1.37.0, LT revision to 31:2:17
e043ca83 Update AUTHORS
c2434dfb Simplify stream_less
816ad210 Reuse name when indexing header by referencing dynamic table
f5feb16e Merge pull request #1295 from bratkartoffel/fix-compile-boringssl
adf09f21 Merge pull request #1303 from donny-dont/fix-shared-install
2591960e Explicitly set install location when building shared libs
d93842db nghttpx: Fix backend stall if header and request body are sent in 2 packets
8dc2b263 nghttpx: Use std::priority_queue
8d842701 Update manual pages
de85b0fd Update README
5d6beed5 Merge branch 'nghttpx-backend-weight'
1ff9de4c nghttpx: Backend address selection with weight
34482ed4 Fix compilation with boringssl
9b6ced66 Bump up version number to 1.37.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This fixes the following compile problem with kernel 4.20:
In file included from arp.c:20:0:
include/linux/if_arp.h:121:16: error: 'IFNAMSIZ' undeclared here (not in a function)
char arp_dev[IFNAMSIZ];
^~~~~~~~
make[7]: *** [Makefile:459: arp.o] Error 1
This is caused by commit 6a12709da354 ("net: if_arp: use define instead
of hard-coded value") in the upstream Linux kernel which is integrated
in Linux 4.20.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The configure script broke when used in alpine-3.9 based docker containers. Fixed in wolfSSL >3.15.7.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
This patch re-enables the reset_ppe() functionality for VR9 targets by using
the new lantiq rcu subsystem. The reset sequence in the reset_ppe() function
was taken from the ppa datapath driver of lantiq UGW 7.4.1.
Additionally it adds the required reset definitions to the vr9 dtsi file.
It also prepares the reset_ppe() function calls for the other lantiq targets.
This feature is needed to be able to switch between ltq-atm/ltq-ptm driver
in ATM/PTM Auto-Mode at runtime.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
A tool for reading the TFFS partitions (a name-value storage usually
found in AVM Fritz!Box based devices) on nand flash.
Copyright (c) 2018 Valentin Spreckels <Valentin.Spreckels@Informatik.Uni-Oldenburg.DE>
Based on the fritz_tffs_read tool:
Copyright (c) 2015-2016 Martin Blumenstingl <martin.blumenstingl@googlemail.com>
and on the TFFS 2.0 kernel driver from AVM:
Copyright (c) 2004-2007 AVM GmbH <fritzbox_info@avm.de>
and the TFFS 3.0 kernel driver from AVM:
Copyright (C) 2004-2014 AVM GmbH <fritzbox_info@avm.de>
and the OpenWrt TFFS kernel driver:
Copyright (c) 2013 John Crispin <blogic@openwrt.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Signed-off-by: Valentin Spreckels <Valentin.Spreckels@Informatik.Uni-Oldenburg.de>
Signed-off-by: Andy Binder <AndyBinder@gmx.de>
The patches to the /dev/crypto engine were commited to openssl master,
and will be in the next major version (3.0).
Changes:
- Optimization in computing a digest in one operation, saving an ioctl
- Runtime configuration options for the choice of algorithms to use
- Command to dump useful information about the algorithms supported by
the engine and the system.
- Build the devcrypto engine as a dynamic module, like other engines.
The devcrypto engine is built as a separate package by default, but
options were added to allow building the engines into the main library.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
[refresh patches]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add specific 'variant' for 'bus=ahb,bmi-chip-id=0,bmi-board-id=25' BDF.
Use the same value ('ALFA-Network-AP120C-AC') as sent upstream.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
1d7760d mt76: mt7603: set moredata flag when queueing ps-filtered packets
0b927b2 mt76: fix return value check in mt76_wmac_probe()
e72376d mt76x02: fix hdr pointer in write txwi for USB
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This backports upstream commit
34d5629 ath10k: limit available channels via DT ieee80211-freq-limit
to the 4.19 ath10k-ct version. Without this patch, disabled channels
are still listed as a supported configuration for the radio.
The identical patch was also backported by OpenWRT to the non-ct driver.
It can be dropped as soon as we switch to an ath10k-ct version based on
4.20 or higher.
Signed-off-by: David Bauer <mail@david-bauer.net>
Release notes since last update:
wave-1 firmware:
* Feb 14, 2019: Remove logic that causes assert when swba logic is not
initialized. This was seen when trying to bring up 6 VAP
vdevs. A similar fix went into wave-2 firmware some time
ago.
* Feb 27, 2019: Support up to 32 vAP vdevs, fix stack corruption when
driver requests too many vAP.
* Feb 28, 2019: Support beacon-tx-wmi callback message. This lets driver
properly clean up beacon buffers so we don't crash
(somethings the entire OS/system) due to DMA errors.
wave-2 firmware:
* Feb 27. 2019: Support up to 32 AP vdevs. Previous to this, stack would
be corrupted if you went past 16 AP vdevs.
* Feb 28, 2019: Support beacon-tx-wmi callback message. This lets driver
properly clean up beacon buffers. In wave-1, this could
crash the entire OS, but I didn't see the same crashes
in wave-2, so maybe it is fixed in some other way. Add
the feature regardless as it seems proper.
Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
9360f389234a ath10k: Support up to 24 vAP per radio, fix DMA bug in wave-1.
9cbf8d430974 ath10k-ct: Add 4.20 driver, SGI support for fixed-rate tx.
Runtime tested on: ipq806x
Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
Fix an issue where subinterfaces were not added to the same
firewall zone as their parent.
Fixes: FS#2122
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Currently STA+AP re-transmitting the management frames with
incremented sequence number if hardware is assigning the sequence.
Fix is to assign the sequence number for Beacon by hardware
and for other Management frames software will assign the
sequence number
Signed-off-by: Vijayakumar Durai <vijayakumar.durai1@vivint.com>
3c6df9b mt76: rewrite dma descriptor base and ring size on queue reset
30e757e mt76: mt76x02: when setting a key, use PN from mac80211
fa83406 mt76: mt76x2: implement full device restart on watchdog reset
ead881b mt76: mt76x02: do not sync PN for keys with sw_iv set
ba1d989 mt76: mmio: move mt76x02_set_irq_mask in mt76 module
283ebbe mt76: dma: move mt76x02_init_{tx,rx}_queue in mt76 module
b216d3c mt76: introduce q->stopped parameter
8b437d2 mt76x02: clear sta and vif driver data structures on add
2c62d03 mt76x02: clear running flag when resetting state on restart
6b10cfc mt76: mt76x02: only update the base mac address if necessary
669bc49 mt76: mt76x02: reduce false positives in ED/CCA tx blocking
2ed9382 mt76: mt7603: fix tx status HT rate validation
d2c6823 mt76: mt76x2: fix external LNA gain settings
8ee2259 mt76: mt76x2: fix 2.4 GHz channel gain settings
8bfe6d4 mt76: mt7603: clear ps filtering mode before releasing buffered frames
d13b065 mt76: mt7603: fix up hardware queue index for PS filtered packets
eb1ecc4 mt76: mt7603: notify mac80211 about buffered frames in ps queue
3687eec mt76: mt7603: clear the service period on releasing PS filtered packets
42ab27e mt76: when releasing PS frames, end the service period if no frame was found
461f3b0 mt76: mt76x02: disable ED/CCA by default
Signed-off-by: Felix Fietkau <nbd@nbd.name>
ieee80211w support is only activated in hostapd when at least one
capable driver is build into the image. Many drivers which are capable
of ieee80211 (MFP) and have the MFP_CAPABLE set in the driver are still
missing the DRIVER_11W_SUPPORT dependency. Add this to more driver
capable of ieee80211w.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
b514490 iwinfo: add device id for MediaTek MT7603E
e9e1400 iwinfo: more Ralink and MediaTek WiSoC and PCIe chips
cb108c5 iwinfo: fix capitalization of vendor name
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Contains the following change
eeef7b5 blobmsg_json: blobmsg_format_string: do not escape '/'
Resolves FS#2147
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The change was made with the following commands
cd package/utils/busybox/config
../convert_menuconfig.pl ~/git-repo/openwrt/openwrt/build_dir/target-mips_24kc_musl/busybox-1.30.1
convert_defaults.pl has no changes other than overwriting defaults for
BUSYBOX_DEFAULT_FEATURE_IPV6
Resolves FS#2146
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This is to align with upstream change 72089cf ("config: deindent all
help texts") and to make the follow-up change syncing Config.in files
with current busybox version more reviewable
It was made with the following commands
cd package/utils/busybox/config
find . -name 'Config.in' | xargs sed -ir -e 's/^\t \([^ ]\)/\t\1/'
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
consolidate patch 651-rt2x00-remove-unneccesary-code.patch.
fixup the most obvious whitespace problems in RXIQ and TX-LOFT code.
always backup registers bbpr1, bbpr4, bbpr241 and bbpr242 to avoid
compiler warning about them being potentially uninitialized.
no functional changes (intended)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use tested values on shuttle,kd20 and assumed values for
mitrastar,stg-212 and cloudengines,pogoplug*.
akitio users have yet to report back stock flash layout to support
vendor bootloader environment there as well.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ar has a deterministic (-D) and non-deterministic (-U) mode.
OpenWrt is already using the deterministic mode by default,
but ncurses' configure script force this to be non-deterministic.
Since autoreconf fails to generate a new configure, the configure script
is directly modified.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Hardware
--------
CPU: Qualcomm IPQ4019
RAM: 256M
FLASH: 128M NAND
ETH: QCA8075
VDSL: Intel/Lantiq VRX518 PCIe attached
currently not supported
DECT: Dialog SC14448
currently not supported
WiFi2: IPQ4019 2T2R 2SS b/g/n
WiFi5: IPQ4019 2T2R 2SS n/ac
LED: - Power/DSL green
- WLAN green
- FON/DECT green
- Connect/WPS green
- Info green
- Info red
BTN: - WLAN
- FON
- WPS/Connect
UART: 115200n8 3.3V (located under the Dialog chip)
VCC - RX - TX - GND (Square is VCC)
Installation
------------
1. Grab the uboot for the Device from the 'u-boot-fritz7530'
subdirectory. Place it in the same directory as the 'eva_ramboot.py'
script. It is located in the 'scripts/flashing' subdirectory of the
OpenWRT tree.
2. Assign yourself the IP address 192.168.178.10/24. Connect your
Computer to one of the boxes LAN ports.
3. Connect Power to the Box. As soon as the LAN port of your computer
shows link, load the U-Boot to the box using following command.
> ./eva_ramboot.py --offset 0x85000000 192.168.178.1 uboot-fritz7530.bin
4. The U-Boot will now start. Now assign yourself the IP address
192.168.1.70/24. Copy the OpenWRT initramfs (!) image to a TFTP
server root directory and rename it to 'FRITZ7530.bin'.
5. The Box will now boot OpenWRT from RAM. This can take up to two
minutes.
6. Copy the U-Boot and the OpenWRT sysupgrade (!) image to the Box using
scp. SSH into the Box and first write the Bootloader to both previous
kernel partitions.
> mtd write /path/to/uboot-fritz7530.bin uboot0
> mtd write /path/to/uboot-fritz7530.bin uboot1
7. Remove the AVM filesystem partitions to make room for our kernel +
rootfs + overlayfs.
> ubirmvol /dev/ubi0 --name=avm_filesys_0
> ubirmvol /dev/ubi0 --name=avm_filesys_1
8. Flash OpenWRT peristently using sysupgrade.
> sysupgrade -n /path/to/openwrt-sysupgrade.bin
Signed-off-by: David Bauer <mail@david-bauer.net>
[removed pcie-dts range node, refreshed on top of AP120-AC/E2600AC]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Adds support for the AVM FRITZ!Box 7530.
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [PKG_RELEASE]
Qxwlan E2600AC C1 based on IPQ4019
Specifications:
SOC: Qualcomm IPQ4019
DRAM: 256 MiB
FLASH: 32 MiB Winbond W25Q256
ETH: Qualcomm QCA8075
WLAN: 5G + 5G/2.4G
* 2T2R 2.4/5 GHz
- QCA4019 hw1.0 (SoC)
* 2T2R 5 GHz
- QCA4019 hw1.0 (SoC)
INPUT: Reset buutton
LED: 1x Power ,6 driven by gpio
SERIAL: UART (J5)
UUSB: USB3.0
POWER: 1x DC jack for main power input (9-24 V)
SLOT: Pcie (J25), sim card (J11), SD card (J51)
Flash instruction (using U-Boot CLI and tftp server):
- Configure PC with static IP 192.168.1.10 and tftp server.
- Rename "sysupgrade" filename to "firmware.bin" and place it in tftp
server directory.
- Connect PC with one of RJ45 ports, power up the board and press
"enter" key to access U-Boot CLI.
- Use the following command to update the device to OpenWrt: "run lfw".
Flash instruction (using U-Boot web-based recovery):
- Configure PC with static IP 192.168.1.xxx(2-254)/24.
- Connect PC with one of RJ45 ports, press the reset button, power up
the board and keep button pressed for around 6-7 seconds, until LEDs
start flashing.
- Open your browser and enter 192.168.1.1, select "sysupgrade" image
and click the upgrade button.
Qxwlan E2600AC C2 based on IPQ4019
Specifications:
SOC: Qualcomm IPQ4019
DRAM: 256 MiB
NOR: 16 MiB Winbond W25Q128
NAND: 128MiB Micron MT29F1G08ABAEAWP
ETH: Qualcomm QCA8075
WLAN: 5G + 5G/2.4G
* 2T2R 2.4/5 GHz
- QCA4019 hw1.0 (SoC)
* 2T2R 5 GHz
- QCA4019 hw1.0 (SoC)
INPUT: Reset buutton
LED: 1x Power, 6 driven by gpio
SERIAL: UART (J5)
USB: USB3.0
POWER: 1x DC jack for main power input (9-24 V)
SLOT: Pcie (J25), sim card (J11), SD card (J51)
Flash instruction (using U-Boot CLI and tftp server):
- Configure PC with static IP 192.168.1.10 and tftp server.
- Rename "ubi" filename to "ubi-firmware.bin" and place it in tftp
server directory.
- Connect PC with one of RJ45 ports, power up the board and press
"enter" key to access U-Boot CLI.
- Use the following command to update the device to OpenWrt: "run lfw".
Flash instruction (using U-Boot web-based recovery):
- Configure PC with static IP 192.168.1.xxx(2-254)/24.
- Connect PC with one of RJ45 ports, press the reset button, power up
the board and keep button pressed for around 6-7 seconds, until LEDs
start flashing.
- Open your browser and enter 192.168.1.1, select "ubi" image
and click the upgrade button.
Signed-off-by: 张鹏 <sd20@qxwlan.com>
[ added rng node. whitespace fixes, ported 02_network,
ipq-wifi Makefile, misc dts fixes, trivial message changes ]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* wg-quick: freebsd: allow loopback to work
FreeBSD adds a route for point-to-point destination addresses. We don't
really want to specify any destination address, but unfortunately we
have to. Before we tried to cheat by giving our own address as the
destination, but this had the unfortunate effect of preventing
loopback from working on our local ip address. We work around this with
yet another kludge: we set the destination address to 127.0.0.1. Since
127.0.0.1 is already assigned to an interface, this has the same effect
of not specifying a destination address, and therefore we accomplish the
intended behavior. Note that the bad behavior is still present in Darwin,
where such workaround does not exist.
* tools: remove unused check phony declaration
* highlighter: when subtracting char, cast to unsigned
* chacha20: name enums
* tools: fight compiler slightly harder
* tools: c_acc doesn't need to be initialized
* queueing: more reasonable allocator function convention
Usual nits.
* systemd: wg-quick should depend on nss-lookup.target
Since wg-quick(8) calls wg(8) which does hostname lookups, we should
probably only run this after we're allowed to look up hostnames.
* compat: backport ALIGN_DOWN
* noise: whiten the nanoseconds portion of the timestamp
This mitigates unrelated sidechannel attacks that think they can turn
WireGuard into a useful time oracle.
* hashtables: decouple hashtable allocations from the main device allocation
The hashtable allocations are quite large, and cause the device allocation in
the net framework to stall sometimes while it tries to find a contiguous
region that can fit the device struct. To fix the allocation stalls, decouple
the hashtable allocations from the device allocation and allocate the
hashtables with kvmalloc's implicit __GFP_NORETRY so that the allocations fall
back to vmalloc with little resistance.
* chacha20poly1305: permit unaligned strides on certain platforms
The map allocations required to fix this are mostly slower than unaligned
paths.
* noise: store clamped key instead of raw key
This causes `wg show` to now show the right thing. Useful for doing
comparisons.
* compat: ipv6_stub is sometimes null
On ancient kernels, ipv6_stub is sometimes null in cases where IPv6 has
been disabled with a command line flag or other failures.
* Makefile: don't duplicate code in install and modules-install
* Makefile: make the depmod path configurable
* queueing: net-next has changed signature of skb_probe_transport_header
A 5.1 change. This could change again, but for now it allows us to keep this
snapshot aligned with our upstream submissions.
* netlink: don't remove allowed ips for new peers
* peer: only synchronize_rcu_bh and traverse trie once when removing all peers
* allowedips: maintain per-peer list of allowedips
This is a rather big and important change that makes it much much faster to do
operations involving thousands of peers. Batch peer/allowedip addition and
clearing is several orders of magnitude faster now.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This is bugfix release that incorporated all of the devcrypto engine
patches currently in the tree.
The cleaning procedure in Package/Configure was not removing the
dependency files, causing linking errors during a rebuild with
different options. It was replaced by a simple make clean.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
omcproxy's configuration is lost on every update or installation.
Avoid it by defining the configuration file.
Signed-off-by: David Santamaría Rogado <howl.nsp@gmail.com>
After update to 5.0.1 iw-full package failed to display command list on
ipq40xx arch. Root cause was found to be LTO reordering causing
incorrect detection of command struct size in:
iw.c:552
cmd_size = labs((long)&__section_set - (long)&__section_get);
This reverts commit ef16a394d2.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
If no mcast_rate is set for the wifi-iface then there is no rate_idx (0)
set for the bss. This can break for example 5GHz meshpoint interfaces
because 0 maps to a CCK rate (11Mbit/s).
It must also be avoided that the ath10k-ct internal state for the rates is
not synced with the mac80211 rates state. Otherwise, the user specified
rate (e.g. a wifi-iface mcast_rate for a meshpoint interface) will only be
set on startup. And a short while after that, ath10k-ct specific code in
ath10k_check_apply_special_rates is missing a valid rate in its own
structures and is then recalculating a new default rate. This default rate
is in most situations not the requested rate.
Fixes: 4df3c71cd4 ("ath10k-ct: Update to 2018-12-11 and use version based on 4.19")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
If no mcast_rate is set for the wifi-iface then there is no rate_idx (0)
set for the bss. This breaks for example 5GHz meshpoint interfaces because
0 maps to a CCK rate (11Mbit/s).
Fixes: db90c243a0 ("mac80211: update to version based on 4.19-rc4")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
This should fix the WDS / 4addr mode with ath10k and probably other
devices.
This patch was found here: https://patchwork.kernel.org/patch/10692383/
Fixes: d9eefa7a70 ("mac80211: rebase ontop of v4.18.5")
Reported-by: Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fix crash due to passing invalid r2x00dev->eeprom_file pointer to
release_firmware(). Since we copy eeprom data with EEPROM_SIZE
in rt2800_read_eeprom() we can use eeprom_file->size as marker
if the file was crated by request_firmware().
Acked-by: Kristian Evensen <kristian.evensen@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
On targets that don't have input support enabled in the kernel config,
building kmod-input-touchscreen-ads7846 fails due to a missing
dependency on kmod-input-core. Add the dependency to fix this.
Fixes: 77a54bbf13 ("kernel: add kmod-input-touchscreen-ads7846")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
max_ttl - limit the ttl in the dns answer if greater as $max_ttl
min_cache_ttl - force caching of dns answers even the ttl in the answer
is lower than the $min_cache_ttl
max_cache_ttl - cache only dns answer for $max_cache_ttl.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
This module adds support for ADS7846 based touchscreens used in devices
like the WaveShare 3.5" and 4" LCD displays designed for Raspberry Pi.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This module adds support for the ILI9486 LCD controller used in devices
like the Waveshare 3.5" and 4" LCD displays designed for Raspberry Pi.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This module adds support for small TFT LCD display modules. While this
module also exists in the 4.9 kernel, we are not going to support this
kernel in the next major release, so don't make it available for 4.9.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The kernel modules that provide support for framebuffers in system RAM
are currently included in the kmod-drm-imx package. Move them to a
separate package, so that other modules can depend on them.
Increase the autoload order of the drm-imx* packages to load the modules
after loading the fb modules they depend on.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This makes it clear that localuse when explicitly specified in the
config will have its final say on whether or not the initscript should
touch /etc/resolv.conf, no matter whatever the result of previous
guesswork would be
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This commit updates the file "board-linksys_ea6359v3".
Without this commit, the Linksys EA6350v3 will experience poor wireless
performance in both bands. With this patch, wireless performace will be
comparable to the performance of the stock firmware.
Signed-off-by: Oever González <notengobattery@gmail.com>
The board-files are specific to the target and device. Hence
they need to be set as nonshared. Otherwise they do not show
up on the package repository. This causes problems for
imagebuilder, if it needs to build a image for a specific
device that hasn't had the time to have get its boardfile
upstream.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Apparently this modem replies differently to attempted --get-pin-status
which makes the script fail if a pincode is set. Fix this.
Manufacturer: Sierra Wireless, Incorporated
Model: MC7455
Revision: SWI9X30C_02.24.05.06 r7040 CARMD-EV-FRMWR2 2017/05/19 06:23:09
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Cherry-pick Multi-AP commits from uptream:
9c06f0f6a hostapd: Add Multi-AP protocol support
5abc7823b wpa_supplicant: Add Multi-AP backhaul STA support
a1debd338 tests: Refactor test_multi_ap
bfcdac1c8 Multi-AP: Don't reject backhaul STA on fronthaul BSS
cb3c156e7 tests: Update multi_ap_fronthaul_on_ap to match implementation
56a2d788f WPS: Add multi_ap_subelem to wps_build_wfa_ext()
83ebf5586 wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPS
66819b07b hostapd: Support Multi-AP backhaul STA onboarding with WPS
8682f384c hostapd: Add README-MULTI-AP
b1daf498a tests: Multi-AP WPS provisioning
Add support for Multi-AP to the UCI configuration. Every wifi-iface gets
an option 'multi_ap'. For APs, its value can be 0 (multi-AP support
disabled), 1 (backhaul AP), 2 (fronthaul AP), or 3 (fronthaul + backhaul
AP). For STAs, it can be 0 (not a backhaul STA) or 1 (backhaul STA, can
only associate with backhaul AP).
Also add new optional parameter to wps_start ubus call of
wpa_supplicant to indicate that a Multi-AP backhaul link is required.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Those have by now been merged into wireless-drivers-next:
17ae2acd1a6f rt2x00: remove unneeded check
5991a2ecd070 rt2x00: remove confusing AGC register
9ad3b5565445 rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band
7aca14885ede rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620
c7ff1bfeaf1c rt2800: comment and simplify AGC init for RT6352
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Currently these kernel packages only work on x86, restrict them to that
target.
Fixes: 2f239c02a0 ("x86: video: add amdgpu DRM kernel package")
Fixes: 2f6918ee9b ("x86: video: add radeon DRM module support")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This reverts commit e6d84fa886 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This reverts commit 26681fa6a6 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This reverts commit fc80ef3613 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and
rdma for the ip-full variant
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This reverts commit 248797834b as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Currently it seems impossible to configure /etc/config/dhcp to achieve
the following use case
- run dnsmasq with no-resolv
- re-generate /etc/resolv.conf with "nameserver 127.0.0.1"
Before this change, we have to set resolvfile to /tmp/resolv.conf.auto
to achive the 2nd effect above, but setting resolvfile requires noresolv
being false.
A new boolean option "localuse" is added to indicate that we intend to
use dnsmasq as the local dns resolver. It's false by default and to
align with old behaviour it will be true automatically if resolvfile is
set to /tmp/resolv.conf.auto
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
backport from wireless-drivers-next, replacing some existing patches in
our tree (marked with '=' are those which were already present):
f483039cf51a rt2x00: use simple_read_from_buffer()
=5c656c71b1bf rt2800: move usb specific txdone/txstatus routines to rt2800lib
=0b0d556e0ebb rt2800mmio: use txdone/txstatus routines from lib
=5022efb50f62 rt2x00: do not check for txstatus timeout every time on tasklet
=adf26a356f13 rt2x00: use different txstatus timeouts when flushing
=0240564430c0 rt2800: flush and txstatus rework for rt2800mmio
6eba8fd22352 rt2x00: rt2400pci: mark expected switch fall-through
10bb92217747 rt2x00: rt2500pci: mark expected switch fall-through
916e6bbcfcff rt2x00: rt2800lib: mark expected switch fall-throughs
641dd8068ecb rt2x00: rt61pci: mark expected switch fall-through
750afb08ca71 cross-tree: phase out dma_zalloc_coherent()
=c2e28ef7711f rt2x00: reduce tx power to nominal level on RT6352
a4296994eb80 rt2x00: Work around a firmware bug with shared keys
2587791d5758 rt2x00: no need to check return value of debugfs_create functions
pending on linux-wireless:
rt2x00: remove unneeded check
rt2x00: remove confusing AGC register
rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band
rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620
rt2800: comment and simplify AGC init for RT6352
rt2x00: do not print error when queue is full
rt2800: partially restore old mmio txstatus behaviour
rt2800: new flush implementation for SoC devices
rt2800: move txstatus pending routine
rt2800mmio: fetch tx status changes
rt2800mmio: use timer and work for handling tx statuses timeouts
rt2x00: remove last_nostatus_check
rt2x00: remove not used entry field
rt2x00mmio: remove legacy comment
While at it also rename some existing patches now that there are
separate folders with patches for each driver to make things a bit
nicer to handle.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This applies to kernel 4.10 and newer.
See 8db4c5be88
The above commit added to kernel 4.10 added new dependency
for building the NETFILTER_XT_MATCH_SOCKET (xt_socket.ko)
module. The NF_SOCKET_IPVx options (both of them) need to
be enabled in order to build the NETFILTER_XT_MATCH_SOCKET
module. Without the change the module is not built.
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>