Commit Graph

20267 Commits

Author SHA1 Message Date
Eneas U de Queiroz
975036f6f9
openssl: avoid OPENSSL_SMALL_FOOTPRINT, no-asm
Building openssl with OPENSSL_SMALL_FOOTPRINT yelds only from 1% to 3%
decrease in size, dropping performance from 2% to 91%, depending on the
target and algorithm.

For example, using AES256-GCM with 1456-bytes operations, X86_64 appears
to be the least affected with 2% performance penalty and 1% reduction in
size; mips drops performance by 13%, size by 3%;  Arm drops 29% in
performance, 2% in size.

On aarch64, it slows down ghash so much that I consider it broken
(-91%).  SMALL_FOOTPRINT will reduce AES256-GCM performance by 88%, and
size by only 1%.  It makes an AES-capable CPU run AES128-GCM at 35% of
the speed of Chacha20-Poly1305:

Block-size=1456 bytes   AES256-GCM   AES128-GCM  ChaCha20-Poly1305
SMALL_FOOTPRINT           62014.44     65063.23          177090.50
regular                  504220.08    565630.28          182706.16

OpenSSL 1.1.1 numbers are about the same, so this should have been
noticed a long time ago.

This creates an option to use OPENSSL_SMALL_FOOTPRINT, but it is turned
off by default unless SMALL_FLASH or LOW_MEMORY_FOOTPRINT is used.

Compiling with -O3 instead of -Os, for comparison, will increase size by
about 14-15%, with no measureable effect on AES256-GCM performance, and
about 2% increase in Chacha20-Poly1305 performance on Aarch64.

There are no Arm devices with the small flash feature, so drop the
conditional default.  The package is built on phase2, so even if we
include an Arm device with small flash later, a no-asm library would
have to be built from source anyway.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-05 08:24:49 -03:00
Christian Marangi
75f7e2d10b
odhcpd: bump to latest git HEAD
40ab806 config: use dedicated link local function to check interface
a84bff2 netlink: add support for getting interface linklocal
2ea065f Revert "config: recheck have_link_local on interface reload if already init"
4b38e6b config: fix feature for enabling service only when interface RUNNING

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-04-04 06:43:23 +02:00
Lech Perczak
90603d443f uqmi: explicitly disconnect IPv6 address family
Some modems (namely, Telit LE910C4) require the IPv6 connection state to
be cleared explicitly, to avoid reporting "no effect" if IPv6
connection is already connected through autoconnect mechanism, or during
LTE default bearer attach, which would lead to established session, but
without a way to inform protocol handler of the status.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-02 18:54:39 +02:00
Lech Perczak
8c445d56f1 uqmi: set IPv6 family explicitly in status check
Some modems require CID to be set explicitly during IPv6 connection
status check, others require IPv6 address family to be checked explicitly
after establishing connection, in order to provide correct status.
Set both fields in the request to satisfy them.

Fixes: c8a88118af ("uqmi: set CID during 'query-data-status' operation")
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-02 18:54:39 +02:00
Hauke Mehrtens
18d516a649 libnl-tiny: update to the latest version
f5d9b7e libnl-tiny: fix duplicated branch in family.h
11b7c5f attr: add NLA_S* definitions

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-02 02:25:16 +02:00
Andrey Erokhin
506bb436c6 netifd: strip mask from IP address in DHCP client params
ipaddr option can be in CIDR notation,
but udhcp wants just an IP address

Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com>
2023-04-01 22:40:35 +02:00
Ian Dall
ed86454578 dnsmasq: configure dynamic dhcp6 and dhcp4 independently
Given ipv6 has SLAAC it is quite plausible to wish to use dynamic
dhcp4 but static dhcp6. This patch keeps dynamicdhcp as the default
option for both, but is overridden by dynamicdhcpv6 or dynamicdhcpv4

Signed-off-by: Ian Dall <ian@beware.dropbear.id.au>
2023-04-01 22:35:13 +02:00
Ruben Jenster
936df715de dnsmasq: add dhcphostsfile to ujail sandbox
The dhcphostsfile must be mounted into the (ujail) sandbox.
The file can not be accessed without this mount.

Signed-off-by: Ruben Jenster <rjenster@gmail.com>
2023-04-01 22:22:49 +02:00
Aleksander Jan Bajkowski
69a14e4230 kernel: modules: tg3: limit to devices with pci support
Kmod-tg3 supports Ethernet adapters over PCIe bus. On targets without
PCI support, this package is empty. Symbol CONFIG_TIGON3 depends on
CONFIG_PCI.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
2023-04-01 22:06:26 +02:00
Aleksander Jan Bajkowski
31b1330223 kernel: modules: hfcpci: limit to devices with pci support
Kmod-hfcpci and kmod-hfcmulti supports ISDN adapters over PCI. On targets
without PCI support, this package is empty. Symbol CONFIG_MISDN_HFCMULTI
and CONFIG_MISDN_HFCPCI depends on CONFIG_PCI.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
2023-04-01 22:06:26 +02:00
Nick Hainke
fca03b4bad libtraceevent: update to 1.7.2
Changes:
1c6f0f3 libtraceevent: version 1.7.2
73f6a8a libtraceevent: Fix some missing commas in big endian blocks
da2ea6b libtraceevent: Rename "ok" to "token_has_paren" in process_sizeof()
e6f7cfa libtraceevent: No need for testing ok in else if (!ok) in process_sizeof()
a4b1ba5 libtraceevent: Fix double free in parsing sizeof()

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-01 22:02:24 +02:00
Robert Marko
da4f7e51f3 mac80211: ath11k: restore 160MHz support
Recent ath11k sync introduced a regression causing 80+80 and 160MHz to
stop being advertised and thus not selectable due to the respective feature
flags being cleared.

So, until we get answers upstream to what was the reasoning behind this and
it gets fixed, lets just remove the flag clearing to reanable 160MHz.

Fixes: 789a0bac35 ("mac80211: ath11k: sync with ath-next")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-04-01 19:30:48 +02:00
Felix Fietkau
3c3d797c4d busybox: enable taskset by default
This is useful for controlling process affinity on SMP systems

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-04-01 09:16:30 +02:00
Stijn Tintel
53796f9248 arm-trusted-firmware-sunxi: bump to 2.8
Use latest release build instead of a git snapshot. As this tarball
extracts in a trusted-firmware-a-2.8 subdirectory, we no longer need to
override the PKG_NAME defined in trusted-firmware-a.mk. The actual
package name is still the same, so we don't need to update any
dependencies.

Tested on A64-OLinuXino-1Ge16GW.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-04-01 01:22:19 +03:00
Stijn Tintel
17c89fd71f uboot-sunxi: bump to 2020.07
This is the newest release where 210-sunxi-deactivate-binman.patch still
applies.

Tested on A64-Olinuxino-eMMC.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-04-01 01:22:19 +03:00
Felix Fietkau
d54c91bd9a mac80211, mt76: add fixes for recently discovered security issues
Fixes CVE-2022-47522

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-30 11:40:11 +02:00
Szabolcs Hubai
dbd6ebd6d8 comgt: ncm: support Mikrotik R11e-LTE6 modem
The Mikrotik R11e-LTE6 modem is similar to ZTE MF286R modem, added
earlier: it has a Marvel chip, able to work in ACM+RNDIS mode, knows ZTE
specific commands, runs OpenWrt Barrier Breaker fork.
While the modem is able to offer IPv6 address, the RNDIS setup is unable
to complete if there is an IPv6 adress.

While it works in ACM+RNDIS mode, the user experience isn't as good as
with "proto 3g": the modem happily serves a local IP (192.168.1.xxx)
without internet access. Of course, if the modem has enough time
(for example at the second dialup), it will serve a public IP.

Modifing the DHCP Lease (to a short interval before connect and back to
default while finalizing) is a workaround to get a public IP at the
first try.

A safe workaround for this is to excercise an offline script of the
pingcheck program: simply restart (ifdown - ifup) the connection.

Another pitfall is that the modem writes a few messages at startup,
which confuses the manufacturer detection algorithm and got disabled.

    daemon.notice netifd: Interface 'mikrotik' is setting up now
    daemon.notice netifd: mikrotik (2366): Failed to parse message data
    daemon.notice netifd: mikrotik (2366): WARNING: Variable 'ok' does not exist or is not an array/object
    daemon.notice netifd: mikrotik (2366): Unsupported modem
    daemon.notice netifd: mikrotik (2426): Stopping network mikrotik
    daemon.notice netifd: mikrotik (2426): Failed to parse message data
    daemon.notice netifd: mikrotik (2426): WARNING: Variable '*simdetec:1,sim' does not exist or is not an array/object
    daemon.notice netifd: mikrotik (2426): Unsupported modem
    daemon.notice netifd: Interface 'mikrotik' is now down

A workaround for this is to use the "delay" option in the interface
configuration.

I want to thank Forum members dchard (in topic Adding support for
MikroTik hAP ac3 LTE6 kit (D53GR_5HacD2HnD)) [1]
and mrhaav (in topic OpenWrt X86_64 + Mikrotik R11e-LTE6) [2]
for sharing their experiments and works.
Another information page was found at eko.one.pl [3].

[1]: https://forum.openwrt.org/t/137555
[2]: https://forum.openwrt.org/t/151743
[3]: https://eko.one.pl/?p=modem-r11elte

Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
2023-03-29 17:29:02 +02:00
Szabolcs Hubai
91eca7b04f comgt: add quirk for Mikrotik modems based on Mikrotik R11e-LTE6
The MikroTik R11e-LTE6 modem goes into flight mode (CFUN=4) at startup
and the radio is off (*RADIOPOWER: 0):

    AT+RESET
    OK

    OK

    *SIMDETEC:2,NOS

    *SIMDETEC:1,SIM

    *ICCID: 8936500119010596302

    *EUICC: 1

    +MSTK: 11, D025....74F3

    *ADMINDATA: 0, 2, 0

    +CPIN: READY

    *EUICC: 1

    *ECCLIST: 5, 0, 112, 0, 000, 0, 08, 0, 118, 0, 911

    +CREG: 0

    $CREG: 0

    +CESQ: 99,99,255,255,255,255

    *CESQ: 99,99,255,255,255,255,0

    +CGREG: 0

    +CEREG: 0

    +CESQ: 99,99,255,255,255,255

    *CESQ: 99,99,255,255,255,255,0

    *RADIOPOWER: 0

    +MMSG: 0, 0

    +MMSG: 0, 0

    +MMSG: 1, 0

    +MPBK: 1

While the chat script is able to establish the PPP connection,
it's closed instantly by the modem: LCP terminated by peer.

    local2.info chat[7000]: send (ATD*99***1#^M)
    local2.info chat[7000]: expect (CONNECT)
    local2.info chat[7000]: ^M
    local2.info chat[7000]: ATD*99***1#^M^M
    local2.info chat[7000]: CONNECT
    local2.info chat[7000]:  -- got it
    local2.info chat[7000]: send ( ^M)
    daemon.info pppd[6997]: Serial connection established.
    kern.info kernel: [  453.659146] 3g-mikrotik: renamed from ppp0
    daemon.info pppd[6997]: Renamed interface ppp0 to 3g-mikrotik
    daemon.info pppd[6997]: Using interface 3g-mikrotik
    daemon.notice pppd[6997]: Connect: 3g-mikrotik <--> /dev/ttyACM0
    daemon.info pppd[6997]: LCP terminated by peer
    daemon.notice pppd[6997]: Connection terminated.
    daemon.notice pppd[6997]: Modem hangup
    daemon.info pppd[6997]: Exit.
    daemon.notice netifd: Interface 'mikrotik' is now down

Sending "AT+CFUN=1" to modem deactivates the flight mode and
solves the issue:

    daemon.notice netifd: Interface 'mikrotik' is setting up now
    daemon.notice netifd: mikrotik (7051): sending -> AT+CFUN=1
    daemon.notice pppd[7137]: pppd 2.4.9 started by root, uid 0
    local2.info chat[7140]: abort on (BUSY)
    local2.info chat[7140]: abort on (NO CARRIER)
    local2.info chat[7140]: abort on (ERROR)
    local2.info chat[7140]: report (CONNECT)
    local2.info chat[7140]: timeout set to 10 seconds
    local2.info chat[7140]: send (AT&F^M)
    local2.info chat[7140]: expect (OK)
    local2.info chat[7140]: ^M
    local2.info chat[7140]: +CESQ: 99,99,255,255,255,255^M
    local2.info chat[7140]: ^M
    local2.info chat[7140]: *CESQ: 99,99,255,255,255,255,0^M
    local2.info chat[7140]: AT&F^MAT&F^M^M
    local2.info chat[7140]: OK
    local2.info chat[7140]:  -- got it
    ...
    local2.info chat[7140]: send (ATD*99***1#^M)
    local2.info chat[7140]: expect (CONNECT)
    local2.info chat[7140]: ^M
    local2.info chat[7140]: ATD*99***1#^M^M
    local2.info chat[7140]: CONNECT
    local2.info chat[7140]:  -- got it
    local2.info chat[7140]: send ( ^M)
    daemon.info pppd[7137]: Serial connection established.
    kern.info kernel: [  463.094254] 3g-mikrotik: renamed from ppp0
    daemon.info pppd[7137]: Renamed interface ppp0 to 3g-mikrotik
    daemon.info pppd[7137]: Using interface 3g-mikrotik
    daemon.notice pppd[7137]: Connect: 3g-mikrotik <--> /dev/ttyACM0
    daemon.warn pppd[7137]: Could not determine remote IP address: defaulting to 10.64.64.64
    daemon.notice pppd[7137]: local  IP address 100.112.63.62
    daemon.notice pppd[7137]: remote IP address 10.64.64.64
    daemon.notice pppd[7137]: primary   DNS address 185.29.83.64
    daemon.notice pppd[7137]: secondary DNS address 185.62.131.64
    daemon.notice netifd: Network device '3g-mikrotik' link is up
    daemon.notice netifd: Interface 'mikrotik' is now up

To send this AT command to the modem the "runcommand.gcom" script
dependency is moved from comgt-ncm to comgt.
As the comgt-ncm package depends on comgt already, this change
is a NOOP from that point of view.
But from the modem's point it is a low hanging fruit as the modem
is usable with installing comgt and kmod-usb-ncm packages.

Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
2023-03-29 17:29:02 +02:00
Mike Wilson
8f27093ce7 ncm: add error check and retry mechanism for gcom call
This patch solves the problem of receiving "error" responses when
initially calling gcom. This avoids unnecessary NO_DEVICE failures.

A retry loop retries the call after an "error" response within the
specified delay. A successful response will continue with the connection
immediately without waiting for max specified delay, bringing the
interface up sooner.

Signed-off-by: Mike Wilson <mikewse@hotmail.com>
2023-03-28 14:19:33 +02:00
Christian Marangi
42a5917786
ipq-wifi: bump to latest git HEAD
ccd7e46 ipq40xx: add support for Wallystech DR40x9
2ce60e1 Revert "ipq40xx: add support for Wallystech DR40x9"
ea962ca ipq40xx: add Emplus WAP551 BDF

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-27 18:15:13 +02:00
Alexey Bartenev
dc79b51533 ramips: add support for Keenetic Lite III rev. A
General specification:
SoC Type: MediaTek MT7620N (580MHz)
ROM: 8 MB SPI-NOR (W25Q64FV)
RAM: 64 MB DDR (EM6AB160TSD-5G)
Switch: MediaTek MT7530
Ethernet: 5 ports - 5×100MbE (WAN, LAN1-4)
Wireless: 2.4 GHz (MediaTek RT5390): b/g/n
Buttons: 3 button (POWER, RESET, WPS)
Slide switch: 4 position (BASE, ADAPTER, BOOSTER, ACCESS POINT)
Bootloader: U-Boot 1.1.3
Power: 9 VDC, 0.6 A

MAC in stock:
|-	+			|
| LAN 	| RF-EEPROM + 0x04	|
| WLAN	| RF-EEPROM + 0x04	|
| WAN 	| RF-EEPROM + 0x28	|

OEM easy installation
1. Use a PC to browse to http://my.keenetic.net.
2. Go to the System section and open the Files tab.
3. Under the Files tab, there will be a list of system
files. Click on the Firmware file.
4. When a modal window appears, click on the Choose File
button and upload the firmware image.
5. Wait for the router to flash and reboot.

OEM installation using the TFTP method
1. Download the latest firmware image and rename it to
klite3_recovery.bin.
2. Set up a Tftp server on a PC (e.g. Tftpd32) and place the
firmware image to the root directory of the server.
3. Power off the router and use a twisted pair cable to connect
the PC to any of the router's LAN ports.
4. Configure the network adapter of the PC to use IP address
192.168.1.2 and subnet mask 255.255.255.0.
5. Power up the router while holding the reset button pressed.
6. Wait approximately for 5 seconds and then release the
reset button.
7. The router should download the firmware via TFTP and
complete flashing in a few minutes.
After flashing is complete, use the PC to browse to
http://192.168.1.1 or ssh to proceed with the configuration.

Signed-off-by: Alexey Bartenev <41exey@proton.me>
2023-03-27 02:09:58 +02:00
Martin Kennedy
12f52336d2 ath79: Add Aruba AP-175 support
This board is very similar to the Aruba AP-105, but is
outdoor-first. It is very similar to the MSR2000 (though certain
MSR2000 models have a different PHY[^1]).

A U-Boot replacement is required to install OpenWrt on these
devices[^2].

Specifications
--------------
* Device:	Aruba AP-175
* SoC:		Atheros AR7161 680 MHz MIPS
* RAM:		128MB - 2x Mira P3S12D40ETP
* Flash:	16MB MXIC MX25L12845EMI-10G (SPI-NOR)
* WiFi:		2 x DNMA-H92 Atheros AR9220-AC1A 802.11abgn
* ETH:		IC+ IP1001 Gigabit + PoE PHY
* LED:		2x int., plus 12 ext. on TCA6416 GPIO expander
* Console:	CP210X linking USB-A Port to CPU console @ 115200
* RTC:		DS1374C, with internal battery
* Temp:		LM75 temperature sensor

Factory installation:

- Needs a u-boot replacement. The process is almost identical to that
  of the AP105, except that the case is easier to open, and that you
  need to compile u-boot from a slightly different branch:
  https://github.com/Hurricos/u-boot-ap105/tree/ap175

  The instructions for performing an in-circuit reflash with an
  SPI-Flasher like a CH314A can be found on the OpenWrt Wiki
  (https://openwrt.org/toh/aruba/ap-105); in addition a detailed guide
  may be found on YouTube[^3].

- Once u-boot has been replaced, a USB-A-to-A cable may be used to
  connect your PC to the CP210X inside the AP at 115200 baud; at this
  point, the normal u-boot serial flashing procedure will work (set up
  networking; tftpboot and boot an OpenWrt initramfs; sysupgrade to
  OpenWrt proper.)

- There is no built-in functionality to revert back to stock firmware,
  because the AP-175 has been declared by the vendor[^4] end-of-life
  as of 31 Jul 2020. If for some reason you wish to return to stock
  firmware, take a backup of the 16MiB flash before flashing u-boot.

[^1]: https://github.com/shalzz/aruba-ap-310/blob/master/platform/bootloader/apboot-11n/include/configs/msr2k.h#L186

[^2]: https://github.com/Hurricos/u-boot-ap105/tree/ap175

[^3]: https://www.youtube.com/watch?v=Vof__dPiprs

[^4]: https://www.arubanetworks.com/support-services/end-of-life/#product=access-points&version=0

Signed-off-by: Martin Kennedy <hurricos@gmail.com>
2023-03-27 00:27:59 +02:00
Felix Fietkau
3ab670b24e mac80211: fix receiving mesh packets in forwarding=0 networks
When forwarding is set to 0, frames are typically sent with ttl=1.
Move the ttl decrement check below the check for local receive in order to
fix packet drops.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-26 17:19:39 +02:00
Oskari Rauta
1558bbd116 util-linux: add rev utility package
I found use for this in my scripts; I noticed that it is already
compiled with util-linux - there just isn't package for it -
let's package it then.

Description:
The rev utility copies the specified files to the standard output,
reversing the order of characters in everyline.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
2023-03-25 16:39:37 +01:00
Felix Fietkau
9779ee021d mac80211: fix invalid calls to drv_sta_pre_rcu_remove
Potentially fixes some driver data structure corruption issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-24 13:32:51 +01:00
Felix Fietkau
66f0878633 firewall4: update to the latest version
39e8c70957c7 fw4: fix handling the ipset "comment" option
e6e82a55206c fw4: add further symbolic ICMP type declarations
ce9a37829a76 tests: add testcase for automatic includes
30ee17a9c65d fw4: fix syntax errors in ICMP type declarations
1ecfadd52291 fw4: remove accidentally committed .orig and .rej file
04a06bd70b98 fw4: enable flowtable counters

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-24 10:15:23 +01:00
Christian Marangi
eeaa71a3de
odhcpd: bump to latest git HEAD
29c934d config: recheck have_link_local on interface reload if already init

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-24 02:01:07 +01:00
Felix Fietkau
d0a06965e8 mediatek: add kernel code for supporting offloading wlan->eth and wlan->wlan flows
Will be enabled by an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-23 17:54:18 +01:00
Lech Perczak
0eebc6f0dd ath79: support Ruckus ZoneFlex 7341/7343/7363
Ruckus ZoneFlex 7363 is a dual-band, dual-radio 802.11n 2x2 MIMO enterprise
access point. ZoneFlex 7343 is the single band variant of 7363
restricted to 2.4GHz, and ZoneFlex 7341 is 7343 minus two Fast Ethernet
ports.

Hardware highligts:
- CPU: Atheros AR7161 SoC at 680 MHz
- RAM: 64MB DDR
- Flash: 16MB SPI-NOR
- Wi-Fi 2.4GHz: AR9280 PCI 2x2 MIMO radio with external beamforming
- Wi-Fi 5GHz: AR9280 PCI 2x2 MIMO radio with external beamforming
- Ethernet 1: single Gigabit Ethernet port through Marvell 88E1116R gigabit PHY
- Ethernet 2: two Fast Ethernet ports through Realtek RTL8363S switch,
  connected with Fast Ethernet link to CPU.
- PoE: input through Gigabit port
- Standalone 12V/1A power input
- USB: optional single USB 2.0 host port on the -U variants.

Serial console: 115200-8-N-1 on internal H1 header.
Pinout:

H1 ----------
   |1|x3|4|5|
   ----------

Pin 1 is near the "H1" marking.
1 - RX
x - no pin
3 - VCC (3.3V)
4 - GND
5 - TX

Installation:
- Using serial console - requires some disassembly, 3.3V USB-Serial
  adapter, TFTP server, and removing a single PH1 screw.

0. Connect serial console to H1 header. Ensure the serial converter
   does not back-power the board, otherwise it will fail to boot.

1. Power-on the board. Then quickly connect serial converter to PC and
   hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
   you'll enter U-boot shell. Then skip to point 3.
   Connection parameters are 115200-8-N-1.

2. Allow the board to boot.  Press the reset button, so the board
   reboots into U-boot again and go back to point 1.

3. Set the "bootcmd" variable to disable the dual-boot feature of the
   system and ensure that uImage is loaded. This is critical step, and
   needs to be done only on initial installation.

   > setenv bootcmd "bootm 0xbf040000"
   > saveenv

4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed.
   Use the Gigabit interface, Fast Ethernet ports are not supported
   under U-boot:

   > setenv serverip 192.168.1.2
   > setenv ipaddr 192.168.1.1
   > tftpboot 0x81000000 openwrt-ath79-generic-ruckus_zf7363-initramfs-kernel.bin
   > bootm 0x81000000

5. Optional, but highly recommended: back up contents of "firmware" partition:

   $ ssh root@192.168.1.1 cat /dev/mtd1 > ruckus_zf7363_fw_backup.bin

6. Copy over sysupgrade image, and perform actual installation. OpenWrt
   shall boot from flash afterwards:

   $ ssh root@192.168.1.1
   # sysupgrade -n openwrt-ath79-generic-ruckus_zf7363-squashfs-sysupgrade.bin

   After unit boots, it should be available at the usual 192.168.1.1/24.

Return to factory firmware:

1. Copy over the backup to /tmp, for example using scp
2. Unset the "bootcmd" variable:
   fw_setenv bootcmd ""
3. Use sysupgrade with force to restore the backup:
   sysupgrade -F ruckus_zf7363_backup.bin
4. System will reboot.

Quirks and known issues:
- Fast Ethernet ports on ZF7363 and ZF7343 are supported, but management
  features of the RTL8363S switch aren't implemented yet, though the
  switch is visible over MDIO0 bus. This is a gigabit-capable switch, so
  link establishment with a gigabit link partner may take a longer time
  because RTL8363S advertises gigabit, and the port magnetics don't
  support it, so a downshift needs to occur. Both ports are accessible
  at eth1 interface, which - strangely - runs only at 100Mbps itself.
- Flash layout is changed from the factory, to use both firmware image
  partitions for storage using mtd-concat, and uImage format is used to
  actually boot the system, which rules out the dual-boot capability.
- Both radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
  OpenWrt by choice.
  It is controlled by data in the top 64kB of RAM which is unmapped,
  to avoid the interference in the boot process and accidental
  switch to the inactive image, although boot script presence in
  form of "bootcmd" variable should prevent this entirely.
- On some versions of stock firmware, it is possible to obtain root shell,
  however not much is available in terms of debugging facitilies.
  1. Login to the rkscli
  2. Execute hidden command "Ruckus"
  3. Copy and paste ";/bin/sh;" including quotes. This is required only
     once, the payload will be stored in writable filesystem.
  4. Execute hidden command "!v54!". Press Enter leaving empty reply for
     "What's your chow?" prompt.
  5. Busybox shell shall open.
  Source: https://alephsecurity.com/vulns/aleph-2019014
- There is second method to achieve root shell, using command injection
  in the web interface:
  1. Login to web administration interface
  2. Go to Administration > Diagnostics
  3. Enter |telnetd${IFS}-p${IFS}204${IFS}-l${IFS}/bin/sh into "ping"
     field
  4. Press "Run test"
  5. Telnet to the device IP at port 204
  6. Busybox shell shall open.
  Source: https://github.com/chk-jxcn/ruckusremoteshell

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-03-22 22:25:08 +01:00
Lech Perczak
694b8e6521 ath79: support Ruckus ZoneFlex 7351
Ruckus ZoneFlex 7351 is a dual-band, dual-radio 802.11n 2x2 MIMO enterprise
access point.

Hardware highligts:
- CPU: Atheros AR7161 SoC at 680 MHz
- RAM: 64MB DDR
- Flash: 16MB SPI-NOR
- Wi-Fi 2.4GHz: AR9280 PCI 2x2 MIMO radio with external beamforming
- Wi-Fi 5GHz: AR9280 PCI 2x2 MIMO radio with external beamforming
- Ethernet: single Gigabit Ethernet port through Marvell 88E1116R gigabit PHY
- Standalone 12V/1A power input
- USB: optional single USB 2.0 host port on the 7351-U variant.

Serial console: 115200-8-N-1 on internal H1 header.
Pinout:

H1 ----------
   |1|x3|4|5|
   ----------

Pin 1 is near the "H1" marking.
1 - RX
x - no pin
3 - VCC (3.3V)
4 - GND
5 - TX

Installation:
- Using serial console - requires some disassembly, 3.3V USB-Serial
  adapter, TFTP server, and removing a single T10 screw.

0. Connect serial console to H1 header. Ensure the serial converter
   does not back-power the board, otherwise it will fail to boot.

1. Power-on the board. Then quickly connect serial converter to PC and
   hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
   you'll enter U-boot shell. Then skip to point 3.
   Connection parameters are 115200-8-N-1.

2. Allow the board to boot.  Press the reset button, so the board
   reboots into U-boot again and go back to point 1.

3. Set the "bootcmd" variable to disable the dual-boot feature of the
   system and ensure that uImage is loaded. This is critical step, and
   needs to be done only on initial installation.

   > setenv bootcmd "bootm 0xbf040000"
   > saveenv

4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed:

   > setenv serverip 192.168.1.2
   > setenv ipaddr 192.168.1.1
   > tftpboot 0x81000000 openwrt-ath79-generic-ruckus_zf7351-initramfs-kernel.bin
   > bootm 0x81000000

5. Optional, but highly recommended: back up contents of "firmware" partition:

   $ ssh root@192.168.1.1 cat /dev/mtd1 > ruckus_zf7351_fw_backup.bin

6. Copy over sysupgrade image, and perform actual installation. OpenWrt
   shall boot from flash afterwards:

   $ ssh root@192.168.1.1
   # sysupgrade -n openwrt-ath79-generic-ruckus_zf7351-squashfs-sysupgrade.bin

   After unit boots, it should be available at the usual 192.168.1.1/24.

Return to factory firmware:
1. Copy over the backup to /tmp, for example using scp
2. Unset the "bootcmd" variable:
   fw_setenv bootcmd ""
3. Use sysupgrade with force to restore the backup:
   sysupgrade -F ruckus_zf7351_backup.bin
4. System will reboot.

Quirks and known issues:
- Flash layout is changed from the factory, to use both firmware image
  partitions for storage using mtd-concat, and uImage format is used to
  actually boot the system, which rules out the dual-boot capability.
- Both radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
  OpenWrt by choice.
  It is controlled by data in the top 64kB of RAM which is unmapped,
  to avoid the interference in the boot process and accidental
  switch to the inactive image, although boot script presence in
  form of "bootcmd" variable should prevent this entirely.
- On some versions of stock firmware, it is possible to obtain root shell,
  however not much is available in terms of debugging facitilies.
  1. Login to the rkscli
  2. Execute hidden command "Ruckus"
  3. Copy and paste ";/bin/sh;" including quotes. This is required only
     once, the payload will be stored in writable filesystem.
  4. Execute hidden command "!v54!". Press Enter leaving empty reply for
     "What's your chow?" prompt.
  5. Busybox shell shall open.
  Source: https://alephsecurity.com/vulns/aleph-2019014
- There is second method to achieve root shell, using command injection
  in the web interface:
  1. Login to web administration interface
  2. Go to Administration > Diagnostics
  3. Enter |telnetd${IFS}-p${IFS}204${IFS}-l${IFS}/bin/sh into "ping"
     field
  4. Press "Run test"
  5. Telnet to the device IP at port 204
  6. Busybox shell shall open.
  Source: https://github.com/chk-jxcn/ruckusremoteshell

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-03-22 22:25:08 +01:00
Christian Marangi
d2fc620d0a
odhcpd: bump to latest git HEAD
7c0f603 router: skip RA and wait for LINK-LOCAL to be assigned
ba30afc config: skip interface setup if interface not IFF_RUNNING
06b111e Revert "odhcpd: Reduce error messages"
90d6cc9 odhcpd: Reduce error messages

Also drop AUTORELEASE since it got deprecated.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-22 06:39:51 +01:00
Robert Marko
1342afcd27
kernel: qca-ssdk: opt-out of LTO
SSDK is doing everything custom, so trying to use mold and/or LTO
fails, so lets opt-out of using both of them.

Signed-off-by: Robert Marko <robimarko@gmail.com>
[a.heider: split and switch to PKG_BUILD_FLAGS]
Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-03-21 18:28:23 +01:00
Andre Heider
9fe7cc62a6
treewide: opt-out of tree-wide LTO usage
These fail to build with LTO enabled or packages depending on them do.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-03-21 18:28:23 +01:00
Andre Heider
07730ff346
treewide: add support for "lto" in PKG_BUILD_FLAGS
This reduces open coding and allows to easily add a knob to enable
it treewide, where chosen packages can still opt-out via "no-lto".

Some packages used LTO, but not the linker plugin. This unifies 'em
all to attempt to produce better code.
Quoting man gcc(1):
"This improves the quality of optimization by exposing more code to the
link-time optimizer."

Also use -flto=auto instead of -flto=jobserver, as it's not guaranteed
that every buildsystem uses +$(MAKE) correctly.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-03-21 18:28:22 +01:00
Andre Heider
da3700988d
treewide: add support for "gc-sections" in PKG_BUILD_FLAGS
This reduces open coding and allows to easily add a knob to
enable it treewide, where chosen packages can still opt-out via
"no-gc-sections".

Note: libnl, mbedtls and opkg only used the CFLAGS part without the
LDFLAGS counterpart. That doesn't help at all if the goal is to produce
smaller binaries. I consider that an accident, and this fixes it.

Note: there are also packages using only the LDFLAGS part. I didn't
touch those, as gc might have been disabled via CFLAGS intentionally.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-03-21 18:28:22 +01:00
Andre Heider
5c545bdb36
treewide: replace PKG_USE_MIPS16:=0 with PKG_BUILD_FLAGS:=no-mips16
Keep backwards compatibility via PKG_USE_MIPS16 for now, as this is
used in all package feeds.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-03-21 18:28:22 +01:00
Robert Marko
eb564690c9 ipq40xx: add support for Wallystech DR40x9
Adds support for the Wallys DR40x9 series boards.
They come in IPQ4019 and IPQ4029 versions.
IPQ4019/4029 only differ in that that IPQ4029 is the industrial version that is rated to higher temperatures.

Specifications are:
* CPU: Qualcomm IPQ40x9 (4x ARMv7A Cortex A7) at 716 MHz
* RAM: 512 MB
* Storage: 2MB of SPI-NOR, 128 MB of parallel NAND
* USB 3.0 TypeA port for users
* MiniPCI-E with PCI-E 2.0 link
* MiniPCI-E for LTE modems with only USB2.0 link
* 2 SIM card slots that are selected via GPIO11
* MicroSD card slot
* Ethernet: 2x GBe with 24~48V passive POE
* SFP port (Does not work, I2C and GPIO's not connected on hardware)
* DC Jack
* UART header
* WLAN: In-SoC 2x2 802.11b/g/n and 2x2 802.11a/n/ac
* 4x MMCX connectors for WLAN
* Reset button
* 8x LED-s

Installation instructions:
Connect to UART, pins are like this:
-> 3.3V | TX | RX | GND

Settings are 115200 8n1

Boot initramfs from TFTP:
tftpboot 0x84000000 openwrt-ipq40xx-generic-wallys_dr40x9-initramfs-fit-uImage.itb

bootm

Then copy the sysupgrade image to the /tmp folder and execute sysupgrade -n <image_name>

The board file binary was provided from Wallystech on March 14th 2023
including full permission to use and distribute.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2023-03-21 16:38:23 +01:00
Koen Vandeputte
7699a5b1d7 ipq-wifi: bump to latest git HEAD
f9cece0 ipq40xx: add support for Wallystech DR40x9

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2023-03-21 16:38:23 +01:00
Nick Hainke
27a5f33d2c linux-firmware: update to 20230310
Changes:
588dd07 qat: update licence text
a03713d rtl_bt: Update RTL8822C BT USB firmware to 0x0CC6_D2E3
63dac62 rtl_bt: Update RTL8822C BT UART firmware to 0x05C6_D2E3
5adebcf WHENCE: remove duplicate File entries
d32de23 WHENCE: remove trailing white space
24c9df9 linux-firmware: add fw for qat_4xxx
b568bbc Fix symlinks for Intel firmware
f49c572 linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
db6e357 linux-firmware: update firmware for MT7921 WiFi device
4309412 iwlwifi: update core69 and core72 firmwares for Ty device
4cc3eda rtlwifi: Add firmware v16.0 for RTL8710BU aka RTL8188GU
76ad275 brcm: Add nvram for the Lenovo Yoga Book X90F / X90L convertible
1bc8afb brcm: Fix Xiaomi Inc Mipad2 nvram/.txt file macaddr
d02d58a brcm: Add nvram for the Advantech MICA-071 tablet
c51488f rtl_bt: Update RTL8852C BT USB firmware to 0xD7B8_FABF
3653d69 rtl_bt: Add firmware and config files for RTL8821CS
7375bcf rtw89: 8852b: update fw to v0.29.29.0
5148670 rtw89: 8852b: update fw to v0.29.26.0
c600840 liquidio: remove lio_23xx_vsw.bin
23afbfe intel: avs: Add AudioDSP base firmware for CNL-based platforms
284e55d intel: avs: Add AudioDSP base firmware for APL-based platforms
289e3a9 intel: avs: Add AudioDSP base firmware for SKL-based platforms
c7a57ef ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23
6a4e7f6 ath11k: WCN6855 hw2.0: update board-2.bin
0e2486b ath11k: WCN6750 hw1.0: update board-2.bin
f48fbe4 ath11k: IPQ5018 hw1.0: add to WLAN.HK.2.6.0.1-00861-QCAHKSWPL_SILICONZ-1
9dacec6 ath11k: IPQ5018 hw1.0: add board-2.bin
15054af ath10k: QCA6174 hw3.0: update firmware-sdio-6.bin to version WLAN.RMH.4.4.1-00174
024cc5e ath10k: WCN3990 hw1.0: update board-2.bin
a253a37 cnm: update chips&media wave521c firmware.
c0a0bc2 amdgpu: Update GC 11.0.1 firmware
4296b7a intel: catpt: Add AudioDSP base firmware for BDW platforms
f79e4ba linux-firmware: Update AMD cpu microcode
1fd4c55 brcm: revert firmware files for Cypress devices
5aa0b27 brcm: restore previous firmware file for BCM4329 device
c3f3baa rtw88: 8822c: Update normal firmware to v9.9.14
c1181ae i915: Add DMC v2.11 for MTL
2fd61bc linux-firmware: Add firmware for Cirrus CS35L41 on UM3402 ASUS Laptop
a60d908 linux-firmware: Add missing tuning files for HP Laptops using Cirrus Amps
a5046f4 i915: Add DMC v2.18 for ADLP
5c11a37 amdgpu: Add VCN 4.0.2 firmware
5fe2d73 amdgpu: Add PSP 13.0.4 firmware
a3332f8 amdgpu: Add SDMA 6.0.1 fimware
4535de6 amdgpu: Add GC 11.0.1 firmware
2e93e4c amdgpu: Add DCN 3.1.4 firmware
3435843 iwlwifi: remove old intermediate 5.15+ firmwares
494389c iwlwifi: remove 5.10 and 5.15 intermediate old firmwares
177c593 iwlwifi: remove 5.4 and 5.10 intermediate old firmwares
fa3a6d5 iwlwifi: remove 4.19 and 5.4 intermediate old firmwares
d11eb6f iwlwifi: remove old unsupported older than 4.14 LTS
bb2d42d linux-firmware: update firmware for MT7921 WiFi device
3f0f338 linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
f88f1f8 amdgpu: update vangogh firmware

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-20 23:35:18 +01:00
Alexandru Gagniuc
7801161c4b ipq807x: add support for Netgear WAX218
Netgear WAX218 is a 802.11ax AP claiming AX3600 support. It is wall
or ceiling mountable. It can be powered via PoE, or a 12 V adapter.

The board has footprints for 2.54mm UART headers. They're difficult to
solder because the GND is connected to a large copper plane. Only try
soldering if you are very skilled. Otherwise, use pogo pins.

Specifications:
---------------
    * CPU: Qualcomm IPQ8072A Quad core Cortex-A53 2.2GHz
    * RAM: 366 MB of RAM available to OS, not sure of total amount
    * Storage: Macronix MX30UF2G18AC 256MB NAND
    * Ethernet:
            * 2.5G RJ45 port (QCA8081) with PoE input
    * WLAN:
            * 2.4GHz/5GHz with 8 antennas
    * LEDs:
            * Power (Amber)
            * LAN (Blue)
            * 2G WLAN (Blue)
            * 5G WLAN (Blue)
    * Buttons:
            * 1x Factory reset
    * Power: 12V DC Jack
    * UART: Two 4-pin unpopulated headers near the LEDs
            * "J2 UART" is the CPU UART, 3.3 V level

Installation:
=============

Web UI method
-------------

Flashing OpenWRT using the vendor's Web UI is problematic on this
device. The u-boot mechanism for communicating the active rootfs is
antiquated and unreliable. Instead of setting the kernel commandline,
it relies on patching the DTS partitions of the nand node. The way
partitions are patched is incompatible with newer kernels.

Newer kernels use the SMEM partition table, which puts "rootfs" on
mtd12. The vendor's Web UI will flash to either mtd12 or mtd14. One
reliable way to boot from mtd14 and avoid boot loops is to use an
initramfs image.

 1. In the factory web UI, navigate to System Manager -> Firmware.
 2. In the "Local Firmware Upgrade" section, click Browse
 3. Navigate and select the 'web-ui-factory.fit' image
 4. Click "Upload"
 5. On the following page, click on "Proceed"

The flash proceeds at this point and the system will reboot
automatically to OpenWRT.

 6. Flash the 'nand-sysupgrade.bin' using Luci or the commandline

SSH method
----------

Enable SSH using the CLI or Web UI. The root account is locked out to
ssh, and the admin account defaults to Netgear's CLI application.
So we need to get creative:

First, make sure the device boots from the second firmware partition:

    ssh -okexalgorithms=diffie-hellman-group14-sha1 admin@<ipaddr> \
        /usr/sbin/fw_setenv active_fw 1

Then reboot the device, and run the update:

    scp -O -o kexalgorithms=diffie-hellman-group14-sha1 \
        -o hostkeyalgorithms=ssh-rsa \
        netgear_wax218-squashfs-nand-factory.ubi \
        admin@<ipaddr>:/tmp/openwrt.ubi

    ssh -okexalgorithms=diffie-hellman-group14-sha1 admin@<ipaddr> \
        /usr/sbin/ubiformat /dev/mtd12 -f /tmp/openwrt.ubi

    ssh -okexalgorithms=diffie-hellman-group14-sha1 admin@<ipaddr> \
        /usr/sbin/fw_setenv active_fw 0

Now reboot the device, and it should boot into a ready-to-use OpenWRT.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Tested-by: Francisco G Luna <frangonlun@gmail.com>
2023-03-20 11:40:36 -05:00
Robert Marko
789a0bac35 mac80211: ath11k: sync with ath-next
Synchronize the ath11k backports with the current ath-next tree.

This brings in actually setting the MU-MIMO parameters in HW and 6GHz
regulatory support along with some minor resource handling fixes.

This allows to easily backport further fixes as cherry picking them has
started requiring manual conflict resolution.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-03-20 12:23:11 +01:00
Nick Hainke
d033c3ba87
mac80211: mark patches accepted upstream
Add kernel tags to the patches that got accepted upstream.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-19 18:10:36 +01:00
Kristjan Krušič
cd47a58b73
ipq-wifi: bump to latest git HEAD
31ff96d ipq806x: add support for Nokia Airscale AC400i
1af1df2 ath11k: ipq8074: add Netgear WAX218

Signed-off-by: Kristjan Krušič <kristjan.krusic@krusic22.com>
2023-03-19 18:02:35 +01:00
Kristjan Krušič
f574b535eb
ipq806x: add support for Nokia Airscale AC400i
Hardware
--------

SoC:    Qualcomm IPQ8065
RAM:    512 MB DDR3
Flash:  256 MB NAND (Macronix MX30UF2G18AC) (split into 2x128MB)
        4 MB SPI-NOR (Macronix MX25U3235F)
WLAN:   Qualcomm Atheros QCA9984 - 2.4Ghz
        Qualcomm Atheros QCA9984 - 5Ghz
ETH:    eth0 - POE (100Mbps in U-Boot, 1000Mbps in OpenWrt)
        eth1 - (1000Mbps in both)
        Auto-negotiation broken on both.
USB:    USB 2.0
LED:    5G, 2.4G, ETH1, ETH2, CTRL, PWR (All support green and red)
BTN:    Reset
Other:  SD card slot (non-functional)
Serial: 115200bps, near the Ethernet transformers, labeled 9X.
        Connections from the arrow to the 9X text:
		[NC] - [TXD] - [GND] - [RXD] - [NC]

Installation
------------

0. Connect to the device
Plug your computer into LAN2 (1000Mbps connection required).
If you use the LAN1/POE port, set your computer to force a 100Mbps link.

Connect to the device via TTL (Serial) 115200n8.
Locate the header (or solder pads) labeled 9X,
near the Ethernet jacks/transformers.
There should be an arrow on the other side of the header marking.
The connections should go like this:
(from the arrow to the 9X text): NC - TXD - GND - RXD - NC

1. Prepare for installation
While the AP is powering up, interrupt the startup process.
MAKE SURE TO CHECK YOUR CURRENT PARTITION!

If you see: "Current Partition is : partB" or
"Need to switch partition from partA to partB",
you have to force the device into partA mode, before continuing.
This can be done by changing the PKRstCnt to 5 and resetting the device.

setenv PKRstCnt 5
saveenv
reset

After you interrupt the startup process again,
you should see: Need to switch partition from partB to partA

You can now continue to the next step.

If you see: "Current Partition is : partA",
you can continue to the next step.

2. Prevent partition switching.
To prevent the device from switching partitions,
we are going to modify the startup command.
set bootcmd "setenv PKRstCnt 0; saveenv; bootipq"
setenv

3. First boot
Now, we have to boot the OpenWrt intifs.
The easiest way to do this is by using Tiny PXE.
You can also use the normal U-Boot tftp method.

Run "bootp" this will get an IP from the DHCP server
and possibly the firmware image.
If it doesn't download the firmware image, run "tftpboot".

Now run "bootm" to run the image.

You might see:
"ERROR: new format image overwritten - must RESET the board to recover"
this means that the image you are trying to load is too big.
Use a smaller image for the initial boot.

4. Install OpenWrt from initfs
Once you are booted into OpenWrt,
transfer the OpenWrt upgrade image and
use sysupgrade to install OpenWrt to the device.

Signed-off-by: Kristjan Krušič <kristjan.krusic@krusic22.com>
2023-03-19 18:02:34 +01:00
Nick Hainke
ab514c28a8 nftables: update to 1.0.7
Release Notes:
https://marc.info/?l=netfilter-devel&m=167873533214563&w=2

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-19 17:00:45 +01:00
Nick Hainke
8d975708fc libnftnl: update to 1.2.5
Upstream switched to "tar.xz".

Release Notes:
https://www.spinics.net/lists/netfilter/msg61016.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-19 17:00:45 +01:00
Christian Marangi
2e72ee1b23
ipq-wifi: bump to latest git HEAD
86180c4 ath10k-firmware: IPQ4019 hw1.0:  Rename variant to ZTE MF18A specific BDF

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-18 12:46:33 +01:00
Christian Marangi
880b4811c2
ipq-wifi: bump to latest git HEAD
1f35a8c ath10k-firmware: IPQ4019 hw1.0:  Add variant to Teltonika RUTX10 specific BDF
a49672f ath10k-firmware: QCA99X0 hw2.0:  Add variant to ZTE MF18A specific BDF

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-18 12:06:13 +01:00
John Audia
fbfec3286e kernel: tcindex classifier has been retired
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=v5.15.100&id=7c183dc0af472dec33d2c0786a5e356baa8cad19

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-03-18 12:48:27 +01:00
Eneas U de Queiroz
1781e7408a
uencrypt: split common and library-specific code
This splits the code in 4 files:
 - uencrypt.h
 - uencrypt.c - main program
 - uencrypt-openssl.c - OpenSSL/wolfSSL implementation
 - uencrypt-mbedtls - mbedTLS implementation

Other changes, accounting for ~400 bytes increase in ipk size:
 - more error condition checking and reporting,
 - hide key and iv command line arguments

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-03-17 17:22:54 -03:00
Eneas U de Queiroz
4662adef2a
uencrypt: add support for mbedtls
This commit includes some additional changes:
 - better handling of iv and keys in openssl/wolfssl variants
 - fix compiler warnings and whitespace
 - build all 3 variants as separate packages
 - adjust the new package name in targets' DEVICE_PACKAGES
 - remove PKG_FLAGS:=nonshared

[Beeline SmartBox Flash - OK]
Tested-by: Mikhail Zhilkin <csharper2005@gmail.com>
[after test: replaced a hardcoded IV size of 16 by cipher_info->iv_size]
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-03-17 17:22:53 -03:00
Mantas Pucka
93b7f0f0ed
ipq-wifi: bump to latest git HEAD and add 8devices boards
2dae618 ipq-wifi: update 8devices Jalapeno BDF
08e92db ipq-wifi: update 8devices Habanero BDF

Signed-off-by: Mantas Pucka <mantas@8devices.com>
[ split ipq40xx changes in separate commit ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-17 14:35:49 +01:00
Christian Marangi
6634fb00dd
rpcd: bump to latest git HEAD
d978830 rc: add option to get info for a single script in list method
632b4fc rc: add option to skip running check for list method
5577db9 rc: add support for scanning USE_PROCD and skip running if not supported
4de3f02 rc: fix and improve script scanning START and STOP

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-17 03:34:50 +01:00
Christian Marangi
f576762814
firmware: ipq-wifi: use project branch and drop local file
Source BDF files out of project dedicated repository and drop local file
from openwrt main repository.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-03-15 16:26:57 +01:00
Mark Mentovai
8dea8bde2a
odhcp6c: add "verbose" option
odhcp6c logs messages related to its activity when invoked with -v, but
there is no way to configure this from within OpenWrt. This adds a UCI
option to turn on odhcp6c logging, disabled by default. To enable, set,
for example, network.wan6.verbose = 1.

Signed-off-by: Mark Mentovai <mark@mentovai.com>
2023-03-14 22:47:34 +01:00
Nick Hainke
56f4d5ec6b elfutils: update to 1.89
Release Notes:
https://sourceware.org/pipermail/elfutils-devel/2023q1/006023.html

Refresh patch:
- 003-libintl-compatibility.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-12 13:54:50 +01:00
Nick Hainke
166ab6f90e strace: update to 6.2
Release Notes:
https://github.com/strace/strace/releases/tag/v6.2

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-10 20:57:32 +01:00
Hauke Mehrtens
73db6ca08b kernel: modules: add missing kmod-mdio-devres for lan743x
This fixes a build problem on some targets.

Fixes: 3e9005546a ("kernel: modules: package Microchip LAN743x PCIe gigE driver")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-10 01:45:38 +01:00
Hauke Mehrtens
d9a00c5e2d binutils: Deactivate msgpack
Deactivate the msgpack option. The binutils build might detect the
libmsgpackc.so.2 library and will try to link against it, if it is not
explicitly deactivated.

This prevents the following build errors seen in the build bots.
Package binutils is missing dependencies for the following libraries:
libmsgpackc.so.2

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-09 21:38:17 +01:00
Chuanhong Guo
f30757b94e
kernel: modules: add missing kmod-ptp for lan743x
Fixes: 3e9005546a ("kernel: modules: package Microchip LAN743x PCIe gigE driver")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2023-03-09 17:27:15 +08:00
Tim Harvey
3e9005546a kernel: modules: package Microchip LAN743x PCIe gigE driver
Package the Microchip LAN743x PCIe gigE driver

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2023-03-08 23:57:13 +01:00
Aleksey Nasibulin
d45659a571 ramips: add support for SNR-CPE-ME2-SFP
SNR-CPE-ME2-SFP is a wireless router with SFP cage manufactured by SNR/NAG company.

Specification:
- SoC: MediaTek MT7621A
- CPU: 880MHz
- Flash: 16 MB (GD25Q127CSIG)
- RAM:  256 MB
- WLAN: 2.4 GHz, 5 GHz (MediaTek MT7615DN)
- Ethernet: 4x 10/100/1000 Mbps
- SFP cage (using RTL8211FS-CG)
- USB 3.0 port
- Power: 12 VDC, 2 A

Flash instruction via TFTP:
1. Boot SNR-CPE-ME2 to recovery mode
  (press reset button and power on device, hold button for ~10 seconds)
2. Send firmware via TFTP client:
 TFTP Server address: 192.168.1.1
 TFTP Client address: 192.168.1.131
3. Wait ~120 seconds to complete flashing
4. Do sysupgrade using web-interface

MAC Addresses(stock)
--------------------
+----------+------------------+-------------------+
| use      | address          | example           |
+----------+------------------+-------------------+
| Device   | label            | 6A:C4:DD:xx:xx:28 |
| Ethernet | + 1              | 6A:C4:DD:xx:xx:29 |
| 2g       | + 2              | 6A:C4:DD:xx:xx:2A |
| 5g       | + 3              | 6A:C4:DD:xx:xx:2B |
+----------+------------------+-------------------+

Notes:
- Reading sfp eeprom is not supported [1] (driver issue). Stock image has the same situation.

References:
1. https://forum.openwrt.org/t/mt7621-and-reading-sfp-eeprom/152249

Signed-off-by: Aleksey Nasibulin <alealexpro100@ya.ru>
2023-03-08 23:44:59 +01:00
Felix Fietkau
9d8374cadc qosify: update to the latest version
ca4509cf84d2 bpf: switch to using bpf_skb_utils.h
d064439009d0 qosify-bpf: skip unnecessary flow lookups
9c625ae96f2d map: fix deleting port based rules
9a47ea4b683d map: fix return code check for bpf_map_get_next_key calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 21:53:37 +01:00
David Bauer
35f6d79513 mpc85xx: add support for Watchguard Firebox T10
Hardware
--------
SoC:    Freescale P1010
RAM:    512MB
FLASH:  1 MB SPI-NOR
        512 MB NAND
ETH:    3x Gigabite Ethernet (Atheros AR8033)
SERIAL: Cisco RJ-45 (115200 8N1)
RTC:    Battery-Backed RTC (I2C)

Installation
------------

1. Patch U-Boot by dumping the content of the SPI-Flash using a SPI
   programmer. The SHA1 hash for the U-Boot password is currently
   unknown.

   A tool for patching U-Boot is available at
   https://github.com/blocktrron/t10-uboot-patcher/

   You can also patch the unknown password yourself. The SHA1 hash is
   E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA

2. Interrupt the bootmenu by pressing CTRL+C. A password prompt appears.
   The patched password is '1234' (without quotation marks)

3. Download the OpenWrt initramfs image. Copy it to a TFTP server
   reachable at 10.0.1.13/24 and rename it to uImage.

4. Connect the TFTP server to ethernet port 0 of the Watchguard T10.

5. Download and boot the initramfs image by entering "tftpboot; bootm;"
   in U-Boot.

6. After OpenWrt booted, create a UBI volume on the old data partition.
   The "ubi" mtd partition should be mtd7, check this using

   $ cat /proc/mtd

   Create a UBI partition by executing

   $ ubiformat /dev/mtd7 -y

7. Increase the loadable kernel-size of U-Boot by executing

   $ fw_setenv SysAKernSize 800000

8. Transfer the OpenWrt sysupgrade image to the Watchguard T10 using
   scp. Install the image by using sysupgrade:

   $ sysupgrade -n <path-to-sysupgrade>

   Note: The LAN ports of the T10 are 1 & 2 while 0 is WAN. You might
   have to change the ethernet-port.

9. OpenWrt should now boot from the internal NAND. Enjoy.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-03-07 14:05:02 +01:00
Felix Fietkau
635d177ac9 hostapd: enable radius server support
This is useful in combination with the built-in eap server support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 10:24:05 +01:00
Felix Fietkau
cf992ca862 hostapd: add missing return code for the bss_mgmt_enable ubus method
Fixes bogus errors on ubus calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 10:24:05 +01:00
Felix Fietkau
d10e1b4a71 hostapd: add support for defining multiple acct/auth servers
This allows adding backup servers, in case the primary ones fail.
Assume that port and shared secret are going to be the same.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-07 10:24:05 +01:00
Eneas U de Queiroz
c75cd5f602
openssl: fix variable reference in conffiles
Fix the trivial abscence of $() when assigning engine config files to
the main libopenssl-config package even if the corresponding engines
were not built into the main library.

This is mostly cosmetic, since scripts/ipkg-build tests the file's
presence before it is actually included in the package's conffiles.

Fixes: 30b0351039 "openssl: configure engine packages during install"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-03-06 18:11:36 -03:00
Eneas U de Queiroz
387c2df15c
openssl: fix sysupgrade failure with devcrypto
The bump to 3.0.8 inadvertently removed patches that are needed here,
but were not adopted upstream.  The most important one changes the
default value of the DIGESTS setting from ALL to NONE.  The absence of
this patch causes a sysupgrade failure while the engine is in use with
digests enabled.  When this happens, the system fails to boot with a
kernel panic.

Also, explicitly set DIGESTS to NONE in the provided config file, and
change the default ciphers setting to disable ECB, which has been
recommended for a long time and may cause trouble with some apps.

The config file change by itself is not enough because the config file
may be preserved during sysupgrade.

For people affected by this bug:

You can either:
1. remove, the libopenssl-devcrypto package
2. disable the engine in /etc/config/openssl;
3. change /etc/ssl/engines.cnf.d/devcrypto.cnf to set DIGESTS=NONE;
4. update libopenssl-devcrypto to >=3.0.8-3

However, after doing any of the above, **you must reboot the device
before running sysupgrade** to ensure no running application is using
the engine.  Running `/etc/init.d/openssl restart` is not enough.

Fixes: 7e7e76afca "openssl: bump to 3.0.8"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-03-06 18:09:13 -03:00
Hauke Mehrtens
a03076cc39 binutils: Update to version 2.40
binutils 2.39: https://lists.gnu.org/archive/html/info-gnu/2022-08/msg00002.html
binutils 2.40: https://lists.gnu.org/archive/html/info-gnu/2023-01/msg00003.html

This version includes a new libsframe.so library, pack it into the
libbfd package as it is used by this library. Also deactivate some
optional configuration options for now.

An extra patch to fix compile problem in AARCH64 is added.
gprofng needs a C++ standard library, deactivate it for now.

Activate feature-disassembler-init-styled in bpftools too to fix
compilation with the updated binutils.

An bpftool version 7.0 or later is needed for binutils 2.39 and later.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-05 19:23:42 +01:00
Hauke Mehrtens
26a65e852c bpftool: Update to version 7.1.0
bpftool changelog: https://github.com/libbpf/bpftool/releases
libbpf changelog: https://github.com/libbpf/libbpf/releases

This updates the bfptool to version 7.1.0. This also includes an update
of the libbpf to version 1.1.

This also adds some new feature options and removes some old ones which
were also removed form the source code. zlib for example is now
mandatory.

Add -flto also to LD flags to make it really work.

Before this change bpftool was on a git commit between version 6.7 and
6.8 and libbpf was on a commit between version 0.7 and 0.8.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-05 19:23:42 +01:00
Rosen Penev
d650ca9247 mac80211: enable ATH9K_HWRNG
in kernel 5.17, fcd09c90c3c5254b18ef34e30c57c65d34290a84 integrated it
better with thee random framework.

Gives boot time randomness on supported devices.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2023-03-05 19:13:22 +01:00
Rosen Penev
44c24b3ac5 ksmbd: update to 3.4.7
Remove upstreamed patches.

Switch to normal tarballs. Codeload recently had a reproducibility issue.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2023-03-05 18:48:40 +01:00
Tim Harvey
8298270b60 kernel: add kmod-hwmon-max6642 support
Add package for Maxim MAX6642 i2c based temperature sensor.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2023-03-05 16:45:25 +01:00
Hauke Mehrtens
11822d8be2 uci: update to git HEAD
5de3871 cli: drop redundant uci_add_delta_path() call for -P
f49a2fd delta: simplify uci_load_delta() by using a helper
9b6605e uci: fix use-after-free uci_set on update option
b7ceda9 uci: maintain option position in uci_set
7e01d66 uci: optimize update option in uci_set
47697e6 uci: fix use-after-free uci_add_list
74f2797 uci: fix atomicity of uci_add_list
b2f3417 uci: maintain option position in uci_add_list
16e8a3b uci: fix memory leak uci_set on update section
ae61e1c uci: optimize update section in uci_set
04d0c46 uci: macro uci_alloc_element not in uci.h

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-05 16:39:24 +01:00
Nick Hainke
69ff678711 dtc: update to 1.7.0
Changelog:
039a994 Bump version to v1.7.0
3f29d6d pylibfdt: add size_hint parameter for get_path
2022bb1 checks: Update #{size,address}-cells check for 'dma-ranges'
abbd523 pylibfdt: Work-around SWIG limitations with flexible arrays
a41509b libfdt: Replace deprecated 0-length arrays with proper flexible arrays
2cd89f8 dtc: Warning rather than error on possible truncation of cell values
55778a0 libfdt: tests: add get_next_tag_invalid_prop_len
7359034 libfdt: prevent integer overflow in fdt_next_tag
035fb90 libfdt: add fdt_get_property_by_offset_w helper
98a0700 Makefile: fix infinite recursion by dropping non-existent `%.output`
a036cc7 Makefile: limit make re-execution to avoid infinite spin
c6e9210 libdtc: remove duplicate judgments
e37c256 Don't generate erroneous fixups from reference to path
5045465 libfdt: Don't mask fdt_get_name() returned error
e64a204 manual.txt: Follow README.md and remove Jon
f508c83 Update README in MANIFEST.in and setup.py to README.md
c2ccf8a Add description of Signed-off-by lines
90b9d9d Split out information for contributors to CONTRIBUTING.md
0ee1d47 Remove Jon Loeliger from maintainers list
b33a73c Convert README to README.md
7ad6073 Allow static building with meson
fd9b8c9 Allow static building with make
fda71da libfdt: Handle failed get_name() on BEGIN_NODE
c7c7f17 Fix test script to run also on dash shell
01f23ff Add missing relref_merge test to meson test list
ed31080 pylibfdt: add FdtRo.get_path()
c001fc0 pylibfdt: fix swig build in install
26c54f8 tests: add test cases for label-relative path references
ec7986e dtc: introduce label relative path references
651410e util: introduce xstrndup helper
4048aed setup.py: fix out of tree build
ff5afb9 Handle integer overflow in check_property_phandle_args()
ca72944 README: Explain how to add a new API function
c0c2e11 Fix a UB when fdt_get_string return null
cd5f69c tests: setprop_inplace: use xstrdup instead of unchecked strdup
a04f690 pylibfdt: add Property.as_*int*_array()
8310271 pylibfdt: add Property.as_stringlist()
d152126 Fix Python crash on getprop deallocation
17739b7 Support 'r' format for printing raw bytes with fdtget
45f3d1a libfdt: overlay: make overlay_get_target() public
c19a4ba libfdt: fix an incorrect integer promotion
1cc41b1 pylibfdt: Add packaging metadata
db72398 README: Update pylibfdt install instructions
383e148 pylibfdt: fix with Python 3.10
23b56cb pylibfdt: Move setup.py to the top level
69a7607 pylibfdt: Split setup.py author name and email
0b106a7 pylibfdt: Use setuptools_scm for the version
c691776 pylibfdt: Use setuptools instead of distutils
5216f3f libfdt: Add static lib to meson build
4eda259 CI: Cirrus: bump used FreeBSD from 12.1 to 13.0
0a3a9d3 checks: Add an interrupt-map check
8fd2474 checks: Ensure '#interrupt-cells' only exists in interrupt providers
d8d1a9a checks: Drop interrupt provider '#address-cells' check
52a16fd checks: Make interrupt_provider check dependent on interrupts_extended_is_cell
37fd700 treesource: Maintain phandle label/path on output
e33ce1d flattree: Use '\n', not ';' to separate asm pseudo-ops
d24cc18 asm: Use assembler macros instead of cpp macros
ff3a30c asm: Use .asciz and .ascii instead of .string
5eb5927 fdtdump: fix -Werror=int-to-pointer-cast
0869f82 libfdt: Add ALIGNMENT error string
69595a1 checks: Fix bus-range check
72d09e2 Makefile: add -Wsign-compare to warning options
b587787 checks: Fix signedness comparisons warnings
69bed6c dtc: Wrap phandle validity check
9102211 fdtget: Fix signedness comparisons warnings
d966f08 tests: Fix signedness comparisons warnings
ecfb438 dtc: Fix signedness comparisons warnings: pointer diff
5bec74a dtc: Fix signedness comparisons warnings: reservednum
24e7f51 fdtdump: Fix signedness comparisons warnings

Remove upstreamed:
- 0001-Support-r-format-for-printing-raw-bytes-with-fdtget.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-05 01:37:24 +01:00
Nick Hainke
79c3f8ce24 mac80211: refresh patches
The last mac80211 commits did not refresh the patches.

Refresh:
- ath/402-ath_regd_optional.patch
- ath10k/080-ath10k_thermal_config.patch
- ath10k/974-ath10k_add-LED-and-GPIO-controlling-support-for-various-chipsets.patch
- ath9k/551-ath9k_ubnt_uap_plus_hsr.patch
- rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-05 01:32:08 +01:00
Chukun Pan
3e4c014008 bpf-headers: fix package category
This removes the non-selectable 'Kernel' item
when make menuconfig.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2023-03-04 17:18:56 +01:00
Felix Fietkau
b934c63518 uboot-mediatek: mark all packages as hidden
They are enabled by selecting devices. Fixes build errors when enabling extra
devices without creating a new config from scratch.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-04 16:27:25 +01:00
Felix Fietkau
f6a7ce2501 mac80211: fix regression in sw a-msdu tx introduced in mesh improvement patches
Fixes: 6262d3eb06 ("mac80211: sync mesh fast xmit patch with upstream requested changes")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-03 11:21:26 +01:00
David Bauer
7662700613 fritz-tools: fix segfault in caldata-extract
* Fix incorrect error message in case input file opening fails
 * Don't close files in case the pointers are invalid

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-03-02 17:04:28 +01:00
Felix Fietkau
19817fa3f5 mac80211: add mesh fast-rx support
This helps bring down rx CPU usage by avoiding calls to the rx handlers in
the slow path. Supports forwarding and local rx, including A-MSDU.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-02 14:04:07 +01:00
Felix Fietkau
23b46b1c61 linux-firmware: add mt7986 offload firmware
This is needed for WED support on MT7986.
Enable it by default for the filogic subtarget.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-02 11:25:17 +01:00
Felix Fietkau
4dd0eaffc1 mt76: update to the latest version
71d84bfb343e wifi: mt76: mt76x0u: report firmware version through ethtool
99d13130b517 wifi: mt76: support ww power config in dts node
09c614734880 Revert "wifi: mt76: mt7996: rely on mt76_connac2_mac_decode_he_radiotap"
e1c9c1cb50a8 mt76: mt7921: Let PCI core handle power state and use pm_sleep_ptr()
34064dbcd72a wifi: mt76: mt7921e: add pci .shutdown() support
18ccfa73a9e2 wifi: mt76: remove redundent MCU_UNI_CMD_* definitions
282845ce7f3d wifi: mt76: mt7921: fix wrong command to set STA channel
546934dacfd4 wifi: mt76: mt7921: fix PCI DMA hang after reboot
fc2ed0dfc5b0 wifi: mt76: mt7996: Remove unneeded semicolon
1b602db9c235 wifi: mt76: mt7915: unlock on error in mt7915_thermal_temp_store()
ce2438aa616a wifi: mt76: mt7996: fix radiotap bitfield
17ec2146b8f0 wifi: mt76: dynamic channel bandwidth changes in AP mode
ab2d3650a456 wifi: mt76: mt7915: expose device tree match table
90d78253498e wifi: mt76: mt7915: add dev->hif2 support for mt7916 WED device
a69c34a60451 wifi: mt76: mt7915: rework init flow in mt7915_thermal_init()
39079b5e44a7 wifi: mt76: drop the incorrect scatter and gather frame
f9ca70d6367a wifi: mt76: mt7915: add back 160MHz channel width support for MT7915
eff7666e1aa4 wifi: mt76: handle failure of vzalloc in mt7615_coredump_work
920bc6e1fc8e wifi: mt76: do not run mt76_unregister_device() on unregistered hw
b0721b96927b wifi: mt76: connac: refresh tx session timer for WED device
c32d6d849c43 wifi: mt76: usb: fix use-after-free in mt76u_free_rx_queue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-02 11:18:27 +01:00
Felix Fietkau
97a060dce2 mac80211: add patch for allowing the driver to refresh aggregation sessions
Required by a mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-02 11:18:27 +01:00
Felix Fietkau
ee9d706c20 mac80211: backport upstream HE/VHT capability handling changes
Will be required by an mt76 update at some point

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-02 11:17:34 +01:00
Felix Fietkau
6262d3eb06 mac80211: sync mesh fast xmit patch with upstream requested changes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-03-02 11:17:34 +01:00
Tim Harvey
339a67cb7f kernel: fix hwmon-gsc driver
Fix hwmon-gsc driver by replacing out-of-tree hwmon-gsc driver with in-tree
driver that was merged in Linux v5.8:
 - remove the old out-of-tree module
 - add configuration for the in-tree modules

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2023-03-01 23:25:41 +01:00
Nick Hainke
7ce266767c kexec-tools: update to 2.0.26
Release Notes:
- 2.0.22: https://www.spinics.net/lists/kexec/msg26864.html
- 2.0.23: https://www.spinics.net/lists/kexec/msg27693.html
- 2.0.24: https://www.spinics.net/lists/kexec/msg28922.html
- 2.0.25: https://lore.kernel.org/all/YuYl22cyGldQQc5m@vergenet.net/
- 2.0.26: https://www.spinics.net/lists/kexec/msg30743.html

Remove upstreamed patch:
- 001-arm-do-not-copy-magic-4-bytes-of-appended-DTB-in-zIm.patch

Tested-by: Linhui Liu <liulinhui36@gmail.com> # x86_64
Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-03-01 22:13:27 +01:00
Florian Eckert
b3702fda8f kernel: add tty led trigger kernel module package
This allows LEDs to be controlled by activity on ttys which includes
serial devices like '/dev/ttyS0'.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2023-03-01 22:10:42 +01:00
Rafał Miłecki
fdd1af9a44 fstools: update to the latest master
bfe882d libblkid-tiny: add exfat superblock support

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-02-28 10:05:19 +01:00
Felix Fietkau
1272cb0a0d mac80211: fix mesh path discovery based on unicast packets
If a packet has reached its intended destination, it was bumped to the code
that accepts it, without first checking if a mesh_path needs to be created
based on the discovered source.
Fix this by moving the destination address check further down

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-26 23:45:07 +01:00
Felix Fietkau
2f96580c52 mac80211: rework mesh fast xmit implementation
Refactor in order to make use of generic fast xmit functions
Fix issues with mesh SA/DA addressing

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-26 23:45:07 +01:00
Tomasz Maciej Nowak
bdd78897c3 grub2: re-add test module
It seems more hardware needs early load of firmware when initialised
to work properly (at least Intel hardware). One of previous case is CPU
microcode, which this series[1] tried to change. The second one is Intel
graphics IC, which needs firmware for controlling DMC circuit (switch
conncted display to DC6 power state). As it stands, the i915 module is
built-in and it seems the hardware can't cope with firmware loaded
later from rootfs, it needs to be supplied when the module is loaded.
Unfortunately we need bootloader to handle the load of firmware in this
case, but as previously mentioned series[1], there was an error when
initrd was hardcoded, instead of testing existence for it and then
loading. To remedy this in later the 55b808e0c4 ('x86: image: add test
module to bootloader') was commited. Which was later accidentally
dropped when grub2 image creation was moved to packages. Therefore bring
back test module, so we can test for cases of existing firmware in
grub.cfg.

1. https://patchwork.ozlabs.org/project/openwrt/cover/20181120162044.16371-1-tomek_n@o2.pl

Fixes: 5a5df62d95 ("x86/grub2: move grub2 image creation to package")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
2023-02-26 22:22:48 +01:00
Daniel González Cabanelas
be0f1c1b26 mvebu: add support for Buffalo LinkStation LS220DE
The Buffalo LinkStation LS220DE is a dual bay NAS, based on Marvell
Armada 370

Hardware:
   SoC:         Marvell Armada 88F6707
   CPU:         Cortex-A9 800 MHz, 1 core
   Flash 1:     SPI-NOR 1 MiB (U-Boot)
   Flash 2:     NAND 512 MiB (OS)
   RAM:         DDR3 256 MiB
   Ethernet:    1x 1GbE
   USB:         1x 2.0
   SATA:        2x 3Gb/s
   LEDs/Input:  5x / 2x (1x button, 1x slide-switch)
   Fan:         1x casing

Flash instructions, from hard drive:
  1. Get access to the "boot" partition at the hard drive where the stock
     firmware is installed. It can be done with acp-commander or by
     plugging the hard drive to a computer.
  2. Backup the stock uImage:
         mv /boot/uImage.buffalo /boot/uImage.buffalo.bak
  3. Move and rename the Openwrt initramfs image to the boot partition:
         mv openwrt-initramfs-kernel.bin /boot/uImage.buffalo
  4. Power on the Linkstation with the hardrive inside. Now Openwrt will
     boot, but still not installed.
  5. Connect via ssh to OpenWrt:
         ssh root@192.168.1.1
  6. Rename boot files inside boot partition
         mount -t ext3 /dev/sda1 /mnt
         mv /mnt/uImage.buffalo /mnt/uImage.buffalo.openwrt.bak
         mv /mnt/initrd.buffalo /mnt/initrd.buffalo.bak
  7. Format ubi partitions at the NAND flash ("kernel_ubi" and "ubi"):
         ubiformat /dev/mtd0 -y
         ubidetach -p /dev/mtd1
         ubiformat /dev/mtd1 -y
  8. Flash the sysupgrade image:
         sysupgrade -n openwrt-squashfs-sysupgrade.bin
  9. Wait until it finish, the device will reboot with OpenWrt installed
     on the NAND flash.

Restore the stock firmware:
  1. Take the hard drive used for the installation and restore boot backup
     files to their original names:
         mount -t ext3 /dev/sda1 /mnt
         mv /mnt/uImage.buffalo.bak /mnt/uImage.buffalo
         mv /mnt/initrd.buffalo.bak /mnt/initrd.buffalo
  2. Boot from the hard drive and perform a stock firmware update using
     the Buffalo utility. The NAND will be restored to the original
     state.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
2023-02-26 22:22:48 +01:00
Felix Fietkau
1d82a47b49 mac80211: fix mesh fast xmit header cache flush
split into multiple functions depending on sta, mpath or mpp

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-26 08:13:44 +01:00
Tobias Hilbig
888b207f1a ncurses: add alacritty terminfo
Add terminfo file for the terminal emulator alacritty.

https://github.com/alacritty/alacritty

Signed-off-by: Tobias Hilbig <web.tobias@hilbig-ffb.de>
2023-02-26 01:12:02 +01:00
Kevin Darbyshire-Bryant
c9df2d5c64 dnsmasq: bump to v2.89
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2023-02-25 20:49:47 +00:00
Hauke Mehrtens
2a104365dc netifd: update to the latest version
ed65a00 netifd: bridge: Fix format string position
19372d8 netifd: Fix multiple -Wsign-compare warnings
8ebf033 netifd: Do not return values in void function
c77417a netifd: Explicitly zero initialize variables
463a120 netifd: Activate -Wextra compile warnings

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-02-25 19:57:47 +01:00
Hauke Mehrtens
32a9fdfc02 ustream-ssl: update to Git version 2023-02-25
498f6e2 ustream-mbedtls: Use getrandom() instead of /dev/urandom

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-02-25 18:37:26 +01:00
Nick Hainke
638ebd3067 iproute2: update to 6.2
Release Notes:
https://lwn.net/Articles/923952/

Refresh patches:
- 110-darwin_fixes.patch
- 115-add-config-xtlibdir.patch
- 140-allow_pfifo_fast.patch
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 155-keep_tirpc_optional.patch
- 170-ip_tiny.patch
- 175-reduce-dynamic-syms.patch
- 180-drop_FAILED_POLICY.patch
- 190-fix-nls-rpath-link.patch
- 195-build_variant_ip_tc.patch
- 200-drop_libbsd_dependency.patch
- 300-selinux-configurable.patch

Remove upstreamed:
- 320-configure-Remove-include-sys-stat.h.patch

While working on it remove AUTORELEASE.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-25 13:32:35 +01:00
Nick Hainke
c98a202446 ethtool: update to 6.2
Release notes:
- Feature: link down event statistics (no option)
- Feature: JSON output for coalesce (-c)
- Feature: new link modes (no option)
- Feature: JSON output for ring (-g)
- Feature: netlink handler for RSS get (-x)
- Fix: fix boolean value output in JSON output
- Fix: fix build errors and warnings

Remove upstreamed patches:
- 100-uapi-Bring-in-if-h.patch
- 101-netlink-Fix-maybe-uninitialized-meters-variable.patch
- 102-raw-marvell-c-Fix-build-with-musl-libc.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-25 13:29:07 +01:00
Nick Hainke
530f5c2fda libcap: update to 2.67
Release notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.o8papfkfh1x9

While working on it, remove $(AUTORELEASE).

Tested-by: Linhui Liu liulinhui36@gmail.com # Xiaomi AX3600
Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-25 00:14:38 +01:00
Mark Baker
f35e2422b8 base-files: add support for retrieving IPv6 assignments
In DHCPv6-PD enabled environments, addresses are assigned to interfaces.
These new functions retrieve the IPv6 assigned prefix(es).

Signed-off-by: Mark Baker <mark@vpost.net>
2023-02-24 23:56:36 +01:00
Robert Marko
524704e677
mac80211: ath11k: sync with ath-next
Synchronize the ath11k backports with the current ath-next tree.

This backports several memory leak issues, PCI IRQ fixup, peer add locking
fix as well as IPQ5018 support, though IPQ5018 support is unused for now.

This allows to easily backport further fixes as cherry picking them has
started requiring manual conflict resolution.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-02-22 10:31:48 +01:00
Eneas U de Queiroz
595509cc78
openssl: fix powerpc & arc libatomic dependencies
PowerPC CONFIG_ARCH is defined as powerpc, not ppc.  Fix that in the
DEPENDS condition.

Arc needs to be built with libatomic.  Change the OpenSSL configuration
file, and add it to the libatomic DEPENDS condition.

Fixes: 7e7e76afca "openssl: bump to 3.0.8"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-02-22 11:05:06 -03:00
Eneas U de Queiroz
7e7e76afca
openssl: bump to 3.0.8
This is a major update to the current LTS version, supported until
2026-09-07.

Changelog:
https://github.com/openssl/openssl/blob/openssl-3.0.8/CHANGES.md

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-02-20 11:24:17 +01:00
Felix Fietkau
57db2280a2 mac80211: fix mesh issues and improve performance
fix forwarding received mesh a-msdu packets
add fast xmit support for mesh to improve performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-20 12:59:51 +01:00
Leon M. Busch-George
ae751535de
hostapd: always use sae_password for mesh/SAE auth
This patch fixes a corner case when using passwords that are exactly 64
characters in length with mesh mode or passwords longer than 63 characters
with SAE because 'psk' is used instead of 'sae_password'.
SAE is obligatory for 802.11s (mesh point).

The 'psk' option for hostapd is suited for WPA2 and enforces length
restrictions on passwords. Values of 64 characters are treated as PMKs.
With SAE, PMKs are always generated during the handshake and there are no
length restrictions.
The 'sae_password' option is more suited for SAE and should be used
instead.

Before this patch, the 'sae_password' option is only used with mesh mode
passwords that are not 64 characters long.
As a consequence:
- mesh passwords can't be 64 characters in length
- SAE only works with passwords with lengths >8 and <=63 (due to psk
  limitation).

Fix this by always using 'sae_password' with SAE/mesh and applying the PMK
differentiation only when PSK is used.

Fixes: #11324
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ improve commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-19 19:43:57 +01:00
Leon M. Busch-George
3c10c42ddd
hostapd: add quotes in assignments
It's generally advised to use quotes for variable assignments in bash.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
2023-02-19 19:43:54 +01:00
Yuan Tao
fa08d900d4 base-files: sysfixtime: Fix time on the fake RTC
On some devices the chip has RTC but no battery save time.
This leads back to getting the wrong time
and skipping the check of the last file modification date.

This commit ensures that the file time is checked even
if the RTC exists.
which would ordinarily return an approbiate
system time used for e.g. certificate generation.

Tested-on: NanoPi R2S

Signed-off-by: Yuan Tao <ty@wevs.org>
2023-02-19 20:04:59 +08:00
Andre Heider
78dc8e2b13 wireguard-tools: remove unnecessary .mk includes
Including kernel.mk moves the package build folder in the linux one, which
is confusing since this isn't building any kernel modules.

package-defaults.mk is already included my package.mk.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-02-18 19:59:12 +01:00
Brian Norris
a3adbec370 kernel: kmod-ramoops: Include pstore console support
Pstore ramoops support is useful even when there isn't an explicit
panic/crash. We can log all kernel messages via a "console", and then
retrieve them in the event of some non-kernel-panic reset (e.g.,
watchdog).

Since the buffer memory is already reserved, there isn't much overhead
to doing this.

The new console files will show up as:

  /sys/fs/pstore/console-ramoops-N

Cc: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2023-02-18 19:58:22 +01:00
Andre Heider
0859c7129f elfutils: fix build with GCC 11
GCC 11 doesn't know about -Wno-error=use-after-free and aborts
compilation.

Fixes: 2748c45d "elfutils: Ignore wrong use-after-free error"
Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-02-18 19:55:37 +01:00
Tim Harvey
29d02d8ce5 kernel: can: fix MCP251x CAN controller module autoload
Fix autoload module name for can-mcp251x kmod.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2023-02-18 19:54:08 +01:00
Aviana Cruz
144fa4d4e7 netfilter: add kmod-nf-conntrack
There have been some demands for the `ct count` expression,
like https://forum.openwrt.org/t/22-03-2-unable-to-use-ct-count-nft-rules/146680.

This adds the required kernel modules for the expression to work.

Signed-off-by: Aviana Cruz <gwencroft@proton.me>
2023-02-18 17:12:30 +01:00
Michael Pratt
4ef86c620f ramips: add support for Senao Engenius EPG600
FCC ID: A8J-EPG600

Engenius EPG600 is an indoor wireless router with
1 Gb ethernet switch, dual-band wireless,
internal antenna plates, USB, and phone lines (not supported)

this board is a Senao device:
the hardware is equivalent to EnGenius ESR600 (except for phone lines)
the software is Senao SDK which is based on openwrt and uboot
which uses the legacy Senao header with Vendor / Product IDs
to verify the firmware upgrade image.

**Specification:**

  - MT7620 SOC		MIPS 24kec, 2.4 GHz WMAC, 2x2
  - RT5592N WLAN	PCI chip, 5 GHz, 2x2
  - QCA8337N Gb SW	RGMII GbE, SW P0 -- SOC P5, 5 LEDs
  - 40 MHz clock
  - 16 MB FLASH		MX25L12845EMI-10G
  - 64 MB RAM		NT5TU32M16
  - UART console	J2, populated
  - USB 2.0 port	direct to SOC
  - 6 GPIO LEDs		power, 2G, 5G, wps2g, wps5g, line
  - 3 buttons		reset, wps, "reg" (registeration)
  - 4 antennas		internal omni-directional plates

NOT YET SUPPORTED: VoIP

  - Si3050-FT + Si3019-FT	Voice DAA, SPI control, PCM data
  - Phone Ports "TEL", "LINE"	RJ11, 4P2C (2 pins)

**MAC addresses:**

  MAC address labeled as MAC ADDRESS
  MACs present in both wifi cal data and uboot environment

  eth0.1/phy1	----	*:82	rf 0x4
  phy0		----	*:83	factory 0x4
  eth0.2	MAC	*:b8	"wanaddr"

**Installation:**

  Method 1: Firmware upgrade page:

    (if you cannot access the APs webpage)
    factory reset with the reset button
    connect ethernet to a computer
    OEM webpage at 192.168.0.1
    username and password 'admin'

    Navigate to gear icon, "Device Management", "Tools"
    select the factory.dlf image
    Upload and verify checksum

  Method 2: Serial to upload initramfs:

    Follow directions for TFTP recovery
    upload and boot initramfs and do a sysupgrade

**TFTP recovery:**

  Requires UART serial console, reset button does nothing

  rename initramfs-kernel.bin to 'uImageEPG600'
  make available on TFTP server at 192.168.99.8
  power board, interrupt boot with "4"
  execute `tftpboot` and `bootm` (with the load address)

**Return to OEM:**

  Images from OEM are provided, but not compatible
  with openwrt sysupgrade. So it must be modified.

  Alternatively, back up all mtd partitions before flashing

**Note on switch registers:**

  The necessary registers needed for the QCA8337 switch
  can be read from interrupted boot (tftpboot, bootm)
  by using the following lines in the switch driver ar8327.c
  in the function 'ar8327_hw_config_of'
  where 'qca,ar8327-initvals' is parsed from DTS
  before the new register values are written:

    pr_info("0x04 %08x\n", ar8xxx_read(priv, AR8327_REG_PAD0_MODE));
    pr_info("0x08 %08x\n", ar8xxx_read(priv, AR8327_REG_PAD5_MODE));
    pr_info("0x0c %08x\n", ar8xxx_read(priv, AR8327_REG_PAD6_MODE));
    pr_info("0x10 %08x\n", ar8xxx_read(priv, AR8327_REG_POWER_ON_STRAP));

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-02-18 16:55:35 +01:00
Yuu Toriyama
1173edf23b wireless-regdb: update to 2023.02.13
Changes:
  7f7a9f7 wireless-regdb: update regulatory database based on preceding changes
  660a1ae wireless-regdb: Update regulatory info for Russia (RU) on 5GHz
  fe05cc9 wireless-regdb: Update regulatory rules for Japan (JP) on 6GHz
  d8584dc wireless-regdb: Update regulatory rules for Japan (JP) on 5GHz
  c04fd9b wireless-regdb: update regulatory rules for Switzerland (CH)
  f29772a wireless-regdb: Update regulatory rules for Brazil (BR)

Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
2023-02-18 16:27:37 +01:00
Stijn Tintel
65c9b5ffb0 odhcpd: bump to git HEAD
dfab0fa dhcpv4: detect noarp interfaces
  5a17751 router: improve RA logging
  edc5e17 router: always check ra_default

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-02-17 16:30:03 +02:00
Stijn Tintel
baf76634f3 build: add option to use preinit IP as LAN IP
We currently have build options to customize the IP address used in the
preinit phase of the boot process, but not to set the default LAN IP.

Introduce a boolean build option that, when enabled, results in the IP
address configured for the preinit phase, to be also used as the default
LAN IP address.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2023-02-17 16:20:03 +02:00
Robert Marko
061e863bae
kernel: modules: package Aquantia PHY driver
Package the Aquantia AQR PHY driver as kmod.

This enables using the Aquantia driver with hwmon support on targets where
hwmon is not compiled-in.

Currently, in case when AQR driver is compiled-in but hwmon core is not
hwmon code in AQR driver will not get compiled because of macro
IS_REACHABLE(CONFIG_HWMON) evaluating to false.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-02-15 23:28:57 +01:00
Rafał Miłecki
3c66ac7e22 iptables: iptables-mod-conntrack-extra: don't select kmod-ipt-raw
Package kmod-ipt-raw enables CONFIG_IP_NF_RAW and packages
iptable_raw.ko

According to kernel's net/netfilter/Kconfig there are only 3 kernel
symbols that depend on the IP_NF_RAW:
1. NETFILTER_XT_TARGET_CT (xt_CT.ko)
2. NETFILTER_XT_TARGET_NOTRACK (unused symbol?!)
3. NETFILTER_XT_TARGET_TRACE (xt_TRACE.ko)

Now: iptables-mod-conntrack-extra selects kmod-ipt-conntrack-extra which
provides: xt_helper.ko nf_conncount.ko xt_connlimit.ko xt_connmark.ko
xt_recent.ko and xt_connbytes.ko (none of them seems to require
iptable_raw.ko).

It seems there is no explicit reason for iptables-mod-conntrack-extra to
require kmod-ipt-raw (iptables_raw.ko).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-02-15 14:28:08 +01:00
Rafał Miłecki
601257e388 netifd: refactor packet steering init
1. Move setup code to independent script file
2. Add init.d script to allow automatic updates
3. Support platform specific /usr/libexec/platform/packet-steering.sh

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-02-15 14:25:38 +01:00
Daniel Golle
e8625c89ef treewide: replace /sys/devices/virtual/ubi by /sys/class/ubi
Starting from Linux Kernel version 6.3 UBI devices will no longer be
considered virtual, but rather have an MTD device parent. Hence they
will no longer be listed under /sys/devices/virtual/ubi which is
used in multiple places in OpenWrt. Prepare for future kernels by
using /sys/class/ubi instead of /sys/devuces/virtual/ubi.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-02-15 03:27:59 +00:00
Daniel Golle
62e583ddb9 fstools: update to git HEAD
12155d3 libfstools: use class interface to iterate over ubi devices

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-02-15 03:27:35 +00:00
Felix Fietkau
ac4fae2338 ucode: update to the latest version
08c709c58187 rtnl: add support for registering an uloop based listener
599a7fb59380 Merge pull request #140 from nbd168/rtnl
c4125c516e0a nl80211: fix NL80211_ATTR_SURVEY_INFO
c43bb9d8fe8d Merge pull request #141 from dhewg/master
c1342d934b2d nl80211: add missing ucv_get() calls
9022b270683a rtnl: add missing ucv_get() calls
837cffec5a5c Merge pull request #142 from nbd168/ref-fixes
65b1f181e642 rtnl: add missing uc_vm_registry_set call
ab2f3f70257d Merge pull request #143 from nbd168/rtnl-fix

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-14 09:59:16 +01:00
INAGAKI Hiroshi
f490295bf2
ipq807x: add support for Buffalo WXR-5950AX12
Buffalo WXR-5950AX12 is a 2.4/5 GHz band 11ax (Wi-Fi 6) router, based on
IPQ8074A.

Specification:

- SoC         : Qualcomm IPQ8074A
- RAM         : DDR3 1024 MiB (2x Nanya NT5CC256M16ER-EK)
- Flash       : RAW NAND 256 MiB (Winbond W29N02GZBIBA)
- WLAN        : 2.4/5 GHz (IPQ8074A)
- Ethernet    : 5 ports
  - WAN       : 100/1000/2500/10000 Mbps x1 (AQR113C)
  - LAN       : 100/1000/2500/10000 Mbps x1 (AQR113C),
                10/100/1000 Mbps x3 (QCA8075)
- LED/Keys    : 8x/5x
- UART        : pin header on PCB (J7)
  - assignment: 3.3V, GND, TX, RX from disc marking
  - settings  : 115200n8
- Power       : 12 VDC, 4 A

Flash instruction using initramfs image:

1. Prepare TFTP server with IP address 192.168.11.10
2. Rename OpenWrt initramfs image to "WXR-5950AX12-initramfs.uImage and
   place it to TFTP directory
3. Hold AOSS (WPS) button and power on WXR-5950AX12
4. WXR-5950AX12 downloads initramfs image from TFTP server and boots
   with it automatically
5. Upload sysupgrade image to WXR-5950AX12 and perform sysupgrade
6. Wait ~120 seconds to complete flashing

Partition layout:

0x000000000000-0x000000100000 : "0:sbl1"
0x000000100000-0x000000200000 : "0:mibib"
0x000000200000-0x000000280000 : "0:bootconfig"
0x000000280000-0x000000300000 : "0:bootconfig1"
0x000000300000-0x000000600000 : "0:qsee"
0x000000600000-0x000000900000 : "0:qsee_1"
0x000000900000-0x000000980000 : "0:devcfg"
0x000000980000-0x000000a00000 : "0:devcfg_1"
0x000000a00000-0x000000a80000 : "0:apdp"
0x000000a80000-0x000000b00000 : "0:apdp_1"
0x000000b00000-0x000000b80000 : "0:rpm"
0x000000b80000-0x000000c00000 : "0:rpm_1"
0x000000c00000-0x000000c80000 : "0:cdt"
0x000000c80000-0x000000d00000 : "0:cdt_1"
0x000000d00000-0x000000d80000 : "0:appsblenv"
0x000000d80000-0x000000e80000 : "0:appsbl"
0x000000e80000-0x000000f80000 : "0:appsbl_1"
0x000000f80000-0x000001000000 : "0:art"
0x000001000000-0x000001080000 : "0:art_1"
0x000001080000-0x000001100000 : "0:orgdata"
0x000001100000-0x000001180000 : "0:orgdata_1"
0x000001180000-0x000005180000 : "rootfs"
0x000005180000-0x000009180000 : "rootfs_recover"
0x000009180000-0x000010000000 : "user_property"

Notes:

- WXR-5950AX12 has 2x OS images on NAND flash. The 1st image is for
  normal operation and the 2nd one is for recoverying or firmware
  upgrading on stock.

- Stock U-Boot checks MD5 hashes in "fw_hash" volume in each "root*"
  partition when booting. This is just a comparation of hash strings.

  Behaviors:

  - both "fw_hash" volumes exist, hashes are rootfs == rootfs_recover
    ---> boot from rootfs

  - both "fw_hash" volumes exist, hashes are rootfs != rootfs_recover
    ---> boot from rootfs_recover

    Note: this behavior is used for firmware upgrading on stock

  - "fw_hash" volume in rootfs is missing
    ---> boot from rootfs_recover

  - "fw_hash" volume in rootfs_recover is missing
    ---> boot from rootfs

  - "fw_hash" volumes in both root* partition are missing
    ---> boot from rootfs_recover

Reverting to stock firmware:

1. Decrypt official image by buffalo-enc and remove header

   example of decryption:

   $ buffalo-enc -i wxr_5950ax12_jp_305 -o wxr_5950ax12_jp_305.dec \
                 -d -k olaffuB -O 0xc8

   example of removing header (v3.05):

   - before

   $ hexdump -n 64 -v -C wxr_5950ax12_jp_305.dec
   00000000  57 58 52 2d 35 39 35 30  41 58 31 32 5f 33 2e 30  |WXR-5950AX12_3.0|
   00000010  35 5f 31 2e 30 31 5f 4a  50 5f 6a 70 5f 71 63 61  |5_1.01_JP_jp_qca|
   00000020  0a 66 69 6c 65 6c 65 6e  3d 34 35 33 35 30 39 31  |.filelen=4535091|
   00000030  32 0a 55 42 49 23 01 00  00 00 00 00 00 00 00 00  |2.UBI#..........|
   00000040

   - after

   $ hexdump -n 64 -v -C wxr_5950ax12_jp_305.ubi
   00000000  55 42 49 23 01 00 00 00  00 00 00 00 00 00 00 00  |UBI#............|
   00000010  00 00 08 00 00 00 10 00  78 cf c4 91 00 00 00 00  |........x.......|
   00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
   00000030  00 00 00 00 00 00 00 00  00 00 00 00 3d 2a 64 fd  |............=*d.|
   00000040

2. Boot WXR-5950AX12 with OpenWrt initramfs image

3. Upload modified stock image to WXR-5950AX12

4. Find partitions "rootfs" and "rootfs_recover"

   example:

   root@OpenWrt:/# cat /proc/mtd
   dev:    size   erasesize  name
   ...
   mtd22: 04000000 00020000 "rootfs"
   mtd23: 04000000 00020000 "rootfs_recover"
   ...

   in this case, "rootfs" is mtd22 and "rootfs_recover" is mtd23

5. Format "rootfs"/"rootfs_recover" partition with the uploaded image

   example:

   ubiformat /dev/mtd22 -f /tmp/wxr_5950ax12_jp_305.ubi
   ubiformat /dev/mtd23 -f /tmp/wxr_5950ax12_jp_305.ubi

6. Remove "rootfs"/"rootfs_data" volume from user_property partition

   example:

   . /lib/upgrade/nand.sh
   UBI=$(nand_attach_ubi user_property)
   ubirmvol /dev/$UBI -N rootfs
   ubirmvol /dev/$UBI -N rootfs_data

7. Reboot

MAC addresses:

LAN    : 50:C4:DD:xx:xx:28 (0:APPSBLENV, ethaddr (text))
WAN    : 50:C4:DD:xx:xx:28 (0:APPSBLENV, ethaddr (text))
2.4 GHz: 50:C4:DD:xx:xx:30 (0:APPSBLENV, wlan0addr (text))
5 GHz  : 50:C4:DD:xx:xx:38 (0:APPSBLENV, wlan1addr (text))

Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2023-02-12 01:18:39 +01:00
INAGAKI Hiroshi
54c5f33b30 uboot-envtools: add support for APRESIA ApresiaLightGS120GT-SS
This patch adds support for APRESIA ApresiaLightGS120GT-SS to
uboot-envtools.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2023-02-13 12:22:17 +01:00
Felix Fietkau
ec33a6ca2c mac80211: add fixes for receiving A-MSDU packets on mesh interfaces
The standard defines the A-MSDU header length field differently for mesh
compared to other modes. Deal with this accordingly and work around broken
implementations (e.g. ath10k, ath11k).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-13 11:45:43 +01:00
Nick Hainke
9639ef2a5b e2fsprogs: update to 1.47.0
Release notes:
https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.47.0

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-13 00:48:25 +01:00
Karl Chan
92276eef70 ramips: add support for ASUS RT-AX54
Specifications:
- Device: ASUS RT-AX54 (AX1800S/HP,AX54HP)
- SoC: MT7621AT
- Flash: 128MB
- RAM: 256MB
- Switch: 1 WAN, 4 LAN (10/100/1000 Mbps)
- WiFi: MT7905 2x2 2.4G + MT7975 2x2 5G
- LEDs: 1x POWER (blue, configurable)
        1x LAN (blue, configurable)
        1x WAN (blue, configurable)
	1x 2.4G (blue, not configurable)
	1x 5G (blue, not configurable)

Flash by U-Boot TFTP method:
- Configure your PC with IP 192.168.1.2
- Set up TFTP server and put the factory.bin image on your PC
- Connect serial port(rate:115200) and turn on AP, then interrupt "U-Boot Boot Menu" by hitting any key
   Select "2. Upgrade firmware"
   Press enter when show "Run firmware after upgrading? (Y/n):"
   Select 0 for TFTP method
   Input U-Boot's IP address: 192.168.1.1
   Input TFTP server's IP address: 192.168.1.2
   Input IP netmask: 255.255.255.0
   Input file name: openwrt-ramips-mt7621-asus_rt-ax1800hp-squashfs-factory.bin
- Restart AP aftre see the log "Firmware upgrade completed!"

Signed-off-by: Karl Chan <exkc@exkc.moe>
2023-02-12 18:27:45 +01:00
John Audia
4ae86b3358 openssl: bump to 1.1.1t
Removed upstreamed patch: 010-padlock.patch

Changes between 1.1.1s and 1.1.1t [7 Feb 2023]

  *) Fixed X.400 address type confusion in X.509 GeneralName.

     There is a type confusion vulnerability relating to X.400 address processing
     inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
     but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
     vulnerability may allow an attacker who can provide a certificate chain and
     CRL (neither of which need have a valid signature) to pass arbitrary
     pointers to a memcmp call, creating a possible read primitive, subject to
     some constraints. Refer to the advisory for more information. Thanks to
     David Benjamin for discovering this issue. (CVE-2023-0286)

     This issue has been fixed by changing the public header file definition of
     GENERAL_NAME so that x400Address reflects the implementation. It was not
     possible for any existing application to successfully use the existing
     definition; however, if any application references the x400Address field
     (e.g. in dead code), note that the type of this field has changed. There is
     no ABI change.
     [Hugo Landau]

  *) Fixed Use-after-free following BIO_new_NDEF.

     The public API function BIO_new_NDEF is a helper function used for
     streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
     to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
     be called directly by end user applications.

     The function receives a BIO from the caller, prepends a new BIO_f_asn1
     filter BIO onto the front of it to form a BIO chain, and then returns
     the new head of the BIO chain to the caller. Under certain conditions,
     for example if a CMS recipient public key is invalid, the new filter BIO
     is freed and the function returns a NULL result indicating a failure.
     However, in this case, the BIO chain is not properly cleaned up and the
     BIO passed by the caller still retains internal pointers to the previously
     freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
     then a use-after-free will occur. This will most likely result in a crash.
     (CVE-2023-0215)
     [Viktor Dukhovni, Matt Caswell]

  *) Fixed Double free after calling PEM_read_bio_ex.

     The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
     decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
     data. If the function succeeds then the "name_out", "header" and "data"
     arguments are populated with pointers to buffers containing the relevant
     decoded data. The caller is responsible for freeing those buffers. It is
     possible to construct a PEM file that results in 0 bytes of payload data.
     In this case PEM_read_bio_ex() will return a failure code but will populate
     the header argument with a pointer to a buffer that has already been freed.
     If the caller also frees this buffer then a double free will occur. This
     will most likely lead to a crash.

     The functions PEM_read_bio() and PEM_read() are simple wrappers around
     PEM_read_bio_ex() and therefore these functions are also directly affected.

     These functions are also called indirectly by a number of other OpenSSL
     functions including PEM_X509_INFO_read_bio_ex() and
     SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
     internal uses of these functions are not vulnerable because the caller does
     not free the header argument if PEM_read_bio_ex() returns a failure code.
     (CVE-2022-4450)
     [Kurt Roeckx, Matt Caswell]

  *) Fixed Timing Oracle in RSA Decryption.

     A timing based side channel exists in the OpenSSL RSA Decryption
     implementation which could be sufficient to recover a plaintext across
     a network in a Bleichenbacher style attack. To achieve a successful
     decryption an attacker would have to be able to send a very large number
     of trial messages for decryption. The vulnerability affects all RSA padding
     modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
     (CVE-2022-4304)
     [Dmitry Belyavsky, Hubert Kario]

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-02-12 00:08:29 +01:00
Xu Yiming
1a145ccb0a
kernel: kmod-fs-ntfs3: fix typo
Fix typo that mistaken the description of ntfs3 for fuse.

Signed-off-by: Xu Yiming <xuyiming.open@outlook.com>
2023-02-09 03:16:51 +01:00
Nick Hainke
b6bc924b19 e2fsprogs: update to 1.46.6
Release information:
https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.6

Remove upstreamed patch:
- 004-CVE-2022-1304-libext2fs-add-sanity-check-to-extent-manipulation.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-02-08 00:14:53 +01:00
Leon M. George
67d2a7ef9e
base-files: ipcalc.sh: fix awk regex syntax
It worked fine before but gawk warns about it.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:58 +01:00
Leon M. George
2903924b57
base-files: ipcalc.sh: trim for statement
For gawk compatibility.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Leon M. George
e4bd3de1be
dnsmasq: refuse to add empty DHCP range
Use ipcalc's return value to react to invalid range specifications.
By simply ignoring the range instead of aborting with an error code,
dnsmasq should still start when there's an error (best effort).
Aborting the config generation or working with invalid range specs leaves
dnsmasq crash-looping which is the right thing to do concerning that
particular interface but it also hinders DHCP service on other interfaces
and DNS on the router itself.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Leon M. George
6ce9f42b98
base-files: ipcalc.sh: use shebang to invoke awk
There's hardly an shell logic in ipcalc.sh and a $* that would garble
parameter positions.
Move the awk invokation to the shebang.

A rename from "ipcalc.sh" to "ipcalc" is desirable but could prove tricky
with packages in other repositories depending on the filename.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:57 +01:00
Leon M. George
a40a96e54b
base-files: ipcalc.sh: fail when network is too small
It's possible to move range boundaries in a way that the start address
lies behind the end address.
Detect this condition and exit with an error message.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:56 +01:00
Leon M. George
4fe106afd1
base-files: ipcalc.sh: don't include own address in range
Make sure our own address doesn't lie in the calculated range.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:56 +01:00
Leon M. George
00a20335ba
base-files: ipcalc.sh: check for params before calculating start/end
With this patch, ipcalc only calculates range boundaries if the
corresponding parameters are supplied.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2023-02-07 21:05:52 +01:00
Christian Marangi
f28a604df4
iwinfo: bump to latest git HEAD
c7eb8eb nl80211: restore iterating over all devices in nl80211_phy2ifname()

Fixes: #11902
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-06 21:36:51 +01:00
Christian Marangi
3ef655375a
fstools: bump to latest Git HEAD
14d535e partname: Correct fstools_partname_fallback_scan comparison

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-04 20:04:58 +01:00
Brian Norris
3cd882744d base-files: upgrade: Fix export_partdevice() quoting
$BOOTDEV_MAJOR may be empty for many of the uevents parsed in this
function. This condition thus tends to fail benignly (we just skip to
the next device), but it can really clutter the stage2 sysupgrade
stderr, since it looks like the "=" operand doesn't have an appropriate
left-hand argument.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2023-02-03 14:09:46 +01:00
Brian Norris
ecafdfa894 kernel: modules: add lkdtm module
Useful for debugging panic/error handling, crash logging, and more.

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
2023-02-03 13:48:11 +01:00
Jan Hoffmann
b91d7d9d78 ltq-*-app: extend ubus metrics/statistics
Expose a few additional useful values via ubus:

- Channel error counters (CRC, FEC)
- Retransmission counters (MINEFTR, LEFTRS)
- Impulse noise protection level
- Rate adaptation mode
- OLR statistics (Bitswap, SRA, SOS)
- Pilot tones
- Upstream/downstream band information

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2023-02-03 13:40:47 +01:00
Jan Hoffmann
723963543a ltq-vdsl-vr9: fix upstream MINEFTR
The upstream value read from the device seems to already be in bits per
second, so there is no need to multiply by 1000 again (which for typical
values causes an overflow of the 32-bit unsigned integer).

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
2023-02-03 13:33:36 +01:00
Chen Minqiang
fcde517d35 wolfssl: fix build with make < 4.2
Inline the preinst.arm-ce script. Support for including was added in
make 4.2 and is not working with older make versions.

Fixes: https://github.com/openwrt/openwrt/issues/11866
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2023-02-03 12:18:19 +01:00
Glenn Strauss
2a691fc7f2 mbedtls: x509 crt verify SAN iPAddress
backport from
X509 crt verify SAN iPAddress
https://github.com/Mbed-TLS/mbedtls/pull/6475

addresses
curl built with mbedtls fails on https://1.1.1.1/ (IP address in SubjectAltName)
https://github.com/Mbed-TLS/mbedtls/issues/6473

filed for
mbedTLS: BADCERT_CN_MISMATCH on https://1.1.1.1 with curl+mbedtls
https://github.com/openwrt/packages/issues/19677

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-02-03 11:27:58 +01:00
Felix Fietkau
acd8e94d20 mt76: update PKG_SOURCE_HASH
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-02-02 11:37:48 +01:00