Remove upstreamed patches:
- 001-src-nl_extras.h-fix-compatibility-with-libnl-3.3.0.patch
Changes:
- examples: add README with details to the various examples
- examples: af_ieee802154_tx example
- examples: af_ieee802154_rx example
- examples: add af_packet_rx example
- examples: af_inet6_rx example
- examples: af_packet_tx example
- examples: af_inet6_tx example
- examples: add .gitignore file for examples directory
- src/nl_extras.h: fix compatibility with libnl 3.3.0
- wpan-ping: add the support to set wpan-ping interval
- wpan-ping: Add the filtering function for frame receiving
Signed-off-by: Nick Hainke <vincent@systemli.org>
- Use SPDX
- Add PKG_RELEASE
- Change wpan.cakelab.org to linux-wpan.org/wpan-tools.html
- Switch to github.com as PKG_SOURCE_URL
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changes:
1bb4162 libnl-3.7.0 release
897ec9c route: act: Allow full set of actions on gact,skbedit,mirred
00e46f1 Use print() function in both Python 2 and Python 3
083c1b6 sriov: fix setting ce_mask when parsing VF stat counter
2e9a4f7 Fix typos and errors
cc87ad2 changelog: update URL to git history
bde0b4c changelog: fix typos in ChangeLog
44988e6 route: format recently added code with clang-format
df6e38b route/act: add NAT action
7304c42 route: format recently added code with clang-format
f8eb218 cls: flower: extend flower API
e5dc111 flower: use correct attribute when filling out flags
df6058c tests: merge branch 'th/test-link'
9772c1d tests: add unit tests for creating links
4713b76 github: run unit tests several times and directly
8025547 github: export NLTST_SEED_RAND= to randomize unit tests
7efeca2 tests: add test utils
f6f4d36 tests: reformat unit test files with clang-format
135a706 utils: add _NL_AUTO_DEFINE_FCN_STRUCT() macro
0ea11be utils: add _nl_thread_local macro
9b04936 route: fix crash caused by parse_multipath() by wrong free()
2effffe route/link: Set the cache ops when cloning a link
5ecd56c route/link: add lock around rtnl_link_af_ops_put()
e1a077a route/link: avoid accessing af_ops after af_free() in rtnl_link_set_family()
3f4f1dd xfrm/sa: fix reference counters of sa selector addresses
d3c783f all: merge branch 'th/coverity-fixes'
23a75c5 xfrm: fix uninitalized variables in build_xfrm_ae_message()
d52dbcb route: fix check for NULL in nh_encap_dump()
1f61096 route/qdisc/mqprio: fix bufferoverflow and argument checking in rtnl_qdisc_mqprio_set_*()
f918c3a route/sriov: fix buffer overflow in rtnl_link_sriov_parse_vflist()
d4c7972 all: fix "-Wformat" warnings for nl_dump*()
6b2f238 netlink/utils.h: mark nl_dump() with __attribute__((format(printf,a,b)))
d3bd278 netlink/utils.h: add internal _nl_attribute_printf macro for public headers
a30b26d socket: workaround undefined behavior coverity warning in generate_local_port()
8acf6d5 nl-pktloc-lookup: fix buffer overflow when printing alignment
bf3585f route/link/sriov: fix initializing vlans in rtnl_link_sriov_clone()
dd06d22 route/qdisc/netem: fix bogus "%" in format string netem_dump_details()
f50a802 route/u32: fix u32_dump_details() to print data
fa79ee3 link/vrf: avoid coverity warning in rtnl_link_vrf_set_tableid() about CONSTANT_EXPRESSION_RESULT
31380f8 utils: suppress coverity warning in nl_cli_load_module() about leaked handle
aa398b5 route/ip6vti,ip6gre: fix printing invalid data in ip6{vti,gre}_dump_details()
40683cc netlink/private: add internal helper utils
6615dc0 route/link: workaround coverity warning about leak in rtnl_link_set_type()
ff5ef61 all: avoid coverity warnings about assigning variable but not using it
f58a3c0 route/mdb: check parser error in mdb_msg_parser() for nested MDBA_MDB attribute
46506d3 route/mdb: add and use rtnl_mdb_entry_free() internal helper method
46e85d2 route/mdb: fix leak in mdb_msg_parser()
b0641dd route/mdb: add _nl_auto_rtnl_mdb cleanup macro
d544105 route/mdb: fix buffer overflow in mdb_msg_parser()
4d12b63 tests: silently ignore EACCES for setting uid_map for test namespace
ec712a4 tests: cleanup unshare_user() and use _nltst_fclose()
85e3c5d tests: add _assert_nltst_netns() helper
39e4d8d github: test out-of-tree build and "--disable-static"
d63e473 github: build documentation in CI test
fa7f97f build: avoid building check-direct with --disable-static
8c741a7 tools: fix aborting on failure in "tools/build_release.sh" script
e2aa409 doc: fix markup error in "doc/route.txt"
4f3b4f9 doc: fix python2-ism in "doc/resolve-asciidoc-refs.py"
Signed-off-by: Nick Hainke <vincent@systemli.org>
Backport upstream fix to build on kernel 5.15.52 or later since kernel
devs backported newer functionality to older kernels.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Apply an upstream patch that removes unnecessary CFLAGs, avoiding
generation of incompatible code.
Commit 0bd5367233 is reverted so the
accelerated version builds by default on x86_64.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
*) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation would not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.
(CVE-2022-2097)
[Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]
Signed-off-by: Dustin Lundquist <dustin@null-ptr.net>
Make sure the 'configure' shell script finds the libintl when linking
the test programs for discovering libpcap and libbpf.
Reported-by: @trippleflux
Fixes: 6ad1bea2a6 ("xdp-tools: add package")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The SDK does not have the LLVM toolchain yet.
Hopefully fixes errors in the form:
xsk_def_xdp_prog.c:4:10: fatal error: 'bpf/bpf_helpers.h' file not found
#include <bpf/bpf_helpers.h>
Fixes: 6ad1bea2a6 ("xdp-tools: add package")
Signed-off-by: Nick Hainke <vincent@systemli.org>
Without this, WOLFSSL_HAS_DH can be disabled even if WOLFSSL_HAS_WPAS is
enabled, resulting in an "Anonymous suite requires DH" error when trying
to compile wolfssl.
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
Reviewed-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Changes between 1.1.1o and 1.1.1p [21 Jun 2022]
*) In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further bugs where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection have been
fixed.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-2068)
[Daniel Fiala, Tomáš Mráz]
*) When OpenSSL TLS client is connecting without any supported elliptic
curves and TLS-1.3 protocol is disabled the connection will no longer fail
if a ciphersuite that does not use a key exchange based on elliptic
curves can be negotiated.
[Tomáš Mráz]
Signed-off-by: Andre Heider <a.heider@gmail.com>
libjson-c is happy to pick up libbsd both on the host and target.
Reproducible with
make package/libbsd/compile;make package/libjson-c/compile
Also fixes host compilation on Arch Linux for a similar reason.
Undefined reference to arc4random.
Fixes: f3a198697f ("libjson-c: update to 0.16")
Acked-by: Thomas Huehn thomas.huehn@hs-nordhausen.de
Acked-by: Nick Hainke vincent@systemli.org
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Disable lz4 and lzo2 manually.
Fixes errors in the form of:
Package f2fsck is missing dependencies for the following libraries:
liblz4.so.1
liblzo2.so.2
Fixes: 8b9e806160 ("f2fs-tools: update to 1.15.0")
Acked-by: Thomas Huehn <thomas.huehn@hs-nordhausen.de>
Signed-off-by: Nick Hainke <vincent@systemli.org>
xdp-tools - Library and utilities for use with the eXpress Data Path:
Fast Programmable Packet Processing in the Operating System Kernel
* libxdp: library for attaching XDP programs and using AF_XDP sockets
* xdp-filter: a simple XDP-powered packet filter
* xdp-loader: an XDP program loader
* xdpdump: tool for capturing packets at the XDP layer
Thanks to Nick @PolynomialDivision Hainke for testing and fixing!
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Improvements
- Added an interface of raising des Strausses awareness.
- Added --tips option to print strace tips, tricks, and tweaks at the end of the tracing session.
- Enhanced decoding of bpf and io_uring_register syscalls.
- Implemented decoding of COUNTER_*, RTC_PARAM_GET, and RTC_PARAM_SET ioctl commands.
- Updated lists of BPF_*, BR_*, BTRFS_*, IFA_*, IFLA_*, IORING_*, KEY_*, KVM_*, MADV_*, and UFFD_* constants.
- Updated lists of ioctl commands from Linux 5.18.
Bug fixes
- Fixed printing of the updated value of union bpf_attr.next_id on the exiting of bpf(BPF_*_GET_NEXT_ID) calls.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Improvements
- Added 64-bit LoongArch architecture support.
- Extended personality designation syntax of syscall specification expressions to support all@pers and %class@pers.
- Enhanced rejection of invalid syscall numbers in syscall specification expressions.
- Implemented decoding of set_mempolicy_home_node syscall, introduced in Linux 5.17.
- Implemented decoding of IFLA_GRO_MAX_SIZE and TCA_ACT_IN_HW_COUNT netlink attributes.
- Implemented decoding of PR_SET_VMA operation of prctl syscall.
- Implemented decoding of siginfo_t.si_pkey field.
- Implemented decoding of LIRC ioctl commands.
- Updated lists of FAN_*, IORING_*, IOSQE_*, KEY_*, KVM_*, MODULE_INIT_*, TCA_ACT_*, and *_MAGIC constants.
- Updated lists of ioctl commands from Linux 5.17.
Signed-off-by: Nick Hainke <vincent@systemli.org>
The mac80211-hwsim and the Intel iwlwifi driver support ieee80211ax, add
the missing DRIVER_11AX_SUPPORT dependency too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fix:
- 001-dont-build-docs.patch
Remove upstreamed patch:
- 010-clang.patch
Changelog:
Deprecated and removed features:
--------------------------------
* JSON_C_OBJECT_KEY_IS_CONSTANT is deprecated in favor of
JSON_C_OBJECT_ADD_CONSTANT_KEY
* Direct access to lh_table and lh_entry structure members is deprecated.
Use access functions instead, lh_table_head(), lh_entry_next(), etc...
* Drop REFCOUNT_DEBUG code.
New features
------------
* The 0.16 release introduces no new features
Build changes
-------------
* Add a DISABLE_EXTRA_LIBS option to skip using libbsd
* Add a DISABLE_JSON_POINTER option to skip compiling in json_pointer support.
Significant changes and bug fixes
---------------------------------
* Cap string length at INT_MAX to avoid various issues with very long strings.
* json_object_deep_copy: fix deep copy of strings containing '\0'
* Fix read past end of buffer in the "json_parse" command
* Avoid out of memory accesses in the locally provided vasprintf() function
(for those platforms that use it)
* Handle allocation failure in json_tokener_new_ex
* Fix use-after-free in json_tokener_new_ex() in the event of printbuf_new() returning NULL
* printbuf_memset(): set gaps to zero - areas within the print buffer which
have not been initialized by using printbuf_memset
* printbuf: return -1 on invalid arguments (len < 0 or total buffer > INT_MAX)
* sprintbuf(): propagate printbuf_memappend errors back to the caller
Optimizations
--------------
* Speed up parsing by replacing ctype functions with simplified, faster
non-locale-sensitive ones in json_tokener and json_object_to_json_string.
* Neither vertical tab nor formfeed are considered whitespace per the JSON spec
* json_object: speed up creation of objects, calloc() -> malloc() + set fields
* Avoid needless extra strlen() call in json_c_shallow_copy_default() and
json_object_equal() when the object is known to be a json_type_string.
Other changes
-------------
* Validate size arguments in arraylist functions.
* Use getrandom() if available; with GRND_NONBLOCK to allow use of json-c
very early during boot, such as part of cryptsetup.
* Use arc4random() if it's available.
* random_seed: on error, continue to next method instead of exiting the process
* Close file when unable to read from /dev/urandom in get_dev_random_seed()
Signed-off-by: Nick Hainke <vincent@systemli.org>
Refresh:
- 100-portability.patch
Changelog:
ea4ea5e6 Document MacOS test workaround.
b14fc902 Add missing file fat-arm64.c to tar file.
6720f433 Update config.guess and config.sub to latest versions.
a2be57f0 NEWS entries for Nettle-3.8.
bff9a605 Update version numbers, for nettle-3.8.
36386678 Fix comment typo
e05fd5a9 Add ChangeLog entry for SM3 contribution.
8739faa8 Document cbc_aes128_encrypt, cbc_aes192_encrypt and cbc_aes256_encrypt.
efb2ec7f Deleted the manual's incomplete and out of date list of authors.
af38c91f New more accurate AUTHORS file.
ba084efa Fix ChangeLog typo.
0fff3097 ChangeLog entries for s390x ghash update.
75b687a8 Fix comment typo.
5d0089ed Refactor s390x-specific code for new ghash organization
2aabd5e2 ppc: Update fat setup for new ghash organization.
8f5fddfb ppc: Update vpmsumd ghash to new organization.
1227381e Comment fix.
9939f866 arm64: Update fat setup for new ghash organization.
ab62f731 Fix comment error
b1645555 arm64: Update pclmul ghash to new organization.
6b80b889 Update fat setup for new ghash organization.
d382fcc0 Delete _ghash_digest.
d11c4cd9 x86_64: Update pclmul ghash to new organization.
f79cc0c1 x86_64: Update table-based ghash to new organization.
bdc2fc31 Move _ghash_digest.
1d438ad4 Refactor GCM C implementation.
bdf820df New function block16_zero.
d966ea0d Delete code for GCM_TABLE_BITS != 8.
60edc290 x86_64: Fat setup for GCM.
be245313 Fix comment typo.
f8fa4f1f x86_64: Initial implementation of gcm using the pclmulqdq instructions.
23f75f58 Rearrange gcm configuration defines, and add tests for internal functions.
483ccbc9 Add tests for edge cases in poly1305 digest folding.
f3656a44 x86_64: Rewrite of poly1305 assembly.
b7268727 ChangeLog entry for arm64 implementation of chacha.
1d4a985c ChangeLog entries for new ppc64 ecc files.
99be366f ecc: Add powerpc64 assembly for ecc_448_modp
53f7ae66 Move a comment.
e643dcf1 ecc: Add powerpc64 assembly for ecc_25519_modp
741191d1 ecc: Add powerpc64 assembly for ecc_224_modp
4adcb4af Simplify poly1305-test, more use of tstring length.
b48217c8 Add randomized tests of poly1305.
dbf178c0 Arrange so that GMP or mini-gmp is always available for tests.
7d83510e ChangeLog entries for new ppc64 ecc files.
02bbf7d1 ecc: Add powerpc64 assembly for ecc_521_modp
2bc7dfad ecc: Add powerpc64 assembly for ecc_384_modp
9b6c0639 ecc: Add powerpc64 assembly for ecc_192_modp
39af7b2e [Arm64] Optimize Chacha20
c82876a5 [S390x] Alerting assembler of machine type
044d24b0 [S390x] Optimize Chacha20
94228f87 tests: Use inline function for dummy definition of test_randomize.
7926debe Share ecc point validation function in testutils.c.
25f73004 Whitespace cleanup
0ec184d8 ppc: Reduce number of registers used for ecc_secp256r1_redc.
c7cf1939 ppc: New configure test for ELFV2_ABI
f57640ea x86_64: Improved ecc_secp256r1_redc
dd65a63e ChangeLog for previous change.
ecd4eacf ppc: Add powerpc64 assembly for ecc_256_redc
b2758f7c doc: documentation for SM3 hash
0ea74c02 Comment improvements for x86_64 ecc_secp256r1_redc
78aabc69 nettle-benchmark: bench SM3 hashes
7f77ccb4 hmac: add support for SM3 hash function
e2edd9be testsuite: add test for SM3 hash function
b72886e5 Add OSCCA SM3 hash algorithm
d2e4e531 Delete function mpz_limbs_read_n.
dd566239 Delete function mpz_limbs_cmp.
07d5e755 gitlab-ci: Enable randomized tests
64ce8c77 Randomize more tests
a6f9bdeb Reduce allocation in modinv test
957482d9 Fix sqrt_ratio test for v = 0 case.
7f730943 Reduce allocation in sqrt tests
2c9a600d Move NETTLE_TEST_SEED logic to testutils.c.
48d61c28 Delete obsolete comment.
ac95be13 Fix and test for sqrt(0) special case.
ffe0f587 eccdata: Output ecc_sqrt_z and ECC_SQRT_E only when computed.
65c95c79 Fix comment typo.
8db66280 Let secp384r1 inverse and sqrt share most of the powering.
5b2758a3 eccdata: Delete generation of unused values ecc_sqrt_t and ECC_SQRT_T_BITS.
b3abfac5 eccdata: Generate both redc and non-redc versions of ecc_sqrt_z.
2dbe065d Implement secp224r1 square root, based on patch by Wim Lewis.
c8daa71c New function ecc_mod_equal_p, based on patch by Wim Lewis.
4be1725f New function ecc_mod_pow_127m1, used for ecc_secp224r1_inv.
4e987de3 Implement secp521r1 square root, based on patch by Wim Lewis.
2adc4268 Implement secp384r1 square root, based on patch by Wim Lewis.
bc07754f Implement secp256r1 square root, based on patch by Wim Lewis.
35f12552 Implement secp192r1 square root, based on patch by Wim Lewis.
c2726388 Renamed sqrt_itch --> sqrt_ratio_itch, and curve25519 and curve448 sqrt functions.
03421be1 Rename ecc sqrt --> sqrt_ratio.
652bdc79 New function ecc_mod_zero_p.
571d2cc2 [S390x] Improvements on documentation and instruction set usage for SHA3 permute
26b0f47b New function sec_zero_p.
259ec19a [S390x] Remove lgr instructions by using xgrk instead of xgr instruction
73722fb0 Rewrite of secp256r1 mod functions.
45028ff2 Extend ecc-mod-test, with improved coverage of corner cases.
806d6f6a [S390x] Optimize SHA3 permute using vector facility
78f44318 Change "signature on digest" --> "of digest".
0f90c076 Doc fixes.
52c86f94 Delete a few old FIXME comments
2b68ee47 Use @url and https consistently for references. Fix overlong lines.
ea4b2e86 Use texi2pdf to generate the pdf manual
54bbc09b ChangeLog entries for doc structure improvements.
cc92638c Divide Cipher section into menu and nodes, and some other minor fixes.
5e6af10b Delete explicit node pointers in nettle.texinfo
55584f4e Change CBC-AES interface
7a966ac3 Test AEAD encrypt/decrypt with message split into pieces.
686fd559 More checks for null pointers in test_aead, to silent static analyzer.
41a72c24 Fix checks of HAVE_NATIVE_cbc_aes*_encrypt
d5b0b9cb Fix fat builds for x86_64 windows
419d7af5 x86_64: Fat setup for assembly CBC AES.
121290e0 x86_64: Assembly CBC AES aesni functions.
1f58b09c Add specialized functions for cbc-aes.
99dffa9c ChangeLog entries for recent contributions.
38092fde gitlab-ci: Use mini-gmp for big-endian powerpc64 cross build
4147279b gitlab-ci: Explicitly install cross libgmp-dev packages
8c2321d2 gitlab-ci: No-assembly cross-build for s390x, to test big-endian
d4cd2965 gitlab-ci: Delete mips build
9765f8b9 [S390x] Optimize SHA256 and SHA512 compress functions
463553ae x86_64: New 2-way aesni loop also for aes256
c7391e5c x86_64: Refactor aesni assembly, with specific functions for each key size.
4ea2a1f8 [S390x] Optimize SHA1 compress
a47813c2 [AArch64] Utilize AES 1-block macros in 4-block macros
5f7740a3 [AArch64] Load AES keys at function prologue
76c7418c ChangeLog entries for previous change.
f7bc3e1b [AArch64] Move AES round macros to machine.m4
39d1e2a3 [AArch64] Optimize AES with fat build support
b8054a1d [S390x] Optimize memxor3 using vector facility with fat support
422219fe [S390x] Optimize memxor
3900fe65 Add fat-s390x.c to OPT_SOURCES.
c2f16582 Fix name of s390x/fat directory in make dist target.
4fc00c4d [S390x] add FAT_TEST_LIST variable to enable fat build testing
856c62ef [S390x] Replace inline assembly and fix fat filenames
3be3ff3e [S390x] Fat build support for AES and GHASH
9f9d4c4b arm64: Add sha2 to aarch64 fat tests.
774917ec ChangeLog entry for arm64 sha256..
7b446327 [AArch64] Fat build support for SHA-256 compress
6c84092d [S390x] wipe parameter block content and leftover bytes of data from stack
7d301d93 [S390x] wipe hash subkey from stack once GHASH operation completed
d1c8417f [AArch64] Optimize SHA-256 compress
33bfc509 [S390x] Use uppercase for macro names in machine.m4 and enhance the documentation for GHASH implementation
94be863c Add sha1 to aarch64 fat tests.
6c89ed3c ChangeLog entry for previous change.
e5a9dbf4 arm64: Fat build support for SHA1 compress
530e4c8d [S390x] Update configure.ac and Makefile.in
b0525367 [S390x] Implement alloc_stack and free_stack macros in machine.m4
72448928 [S390x] Optimize GHASH
20fedc01 Update Nettle-3.7.3 NEWS.
c80961c6 Add input check to rsa_decrypt family of functions.
cd6059ae Change _rsa_sec_compute_root_tr to take a fix input size.
401e0bdd Fix comment typos.
fd6d9ba7 Add check that message length to _pkcs1_sec_decrypt is valid.
e60d8367 ChangeLog entry for arm64 sha1.
47cafcf2 aarch64: Optimize SHA1 Compress
a46a17e9 Fix C++-style comments
022e51a2 ChangeLog entries for aes keywrap.
0145efbc Implement aes key wrap and key unwrap (RFC 3394)
61bcbbf8 gitlab-ci: Explicitly pass --enable-s390x-msa to s390x build.
3b1bb7cb Fix comment typo.
c23701f3 Reorder and indent asm_replace_list.
c2a14fa3 ChangeLog entry for new s390x AES implementation.
1f38723e Append s390x-specific asm file names to asm_replace_list in configure.ac
71dafe91 [S390x] Basic AES-192 and AES-256 optimizations
8247fa21 ppc: Fix macro name SWAP_MASK to use all uppercase.
b9f0ede2 Update config.guess and config.sub.
46515038 [S390x] Basic AES-128 optimization
f4dc5f20 Split aes-encrypt.c and aes-decrypt.c into one file per key size.
0bff7a2b Initial config for s390x, contributed by Mamone Tarsha.
06d6ef33 nettle-benchmark: avoid -Wmaybe-uninitialized warnings
dda3f4fd gitlab-ci: Fix only: variables: check, and quote variables.
c2b56cd7 gitlab-ci: Use pipeline variable S390X_ACCOUNT
c25774e2 gitlab-ci: Add remote tests for s390x.
d5972ced Add forward declaration of struct aes_table.
085317d6 ChangeLog entries for arm64 fat build.
944881d7 ChangeLog entry for nettle-3.7.2 release
f9e0e1f4 NEWS entries for 3.7.2.
1585f6ac [AArch64] Support fat build for GCM optimization
03b8ba39 [AArch64] Use m4 macros in gcm-hash.asm and add documentation comments
3f43c143 [AArch64] Update README to be on par with other architectures
b30e0ca6 Fix canonical reduction in gostdsa_vko.
d9b564e4 Similar fix for eddsa.
fbaefb64 Analogous fix to ecc_gostdsa_verify.
c24b3616 Ensure ecdsa_sign output is canonically reduced.
2397757b Fix bug in ecc_ecdsa_verify.
5b7608fd Use ecc_mod_mul_canonical for point comparison.
2bf497ba New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical.
a471ae85 aarch64: Rename arm64/v8/ --> arm64/crypto/
0489825e aarch64: Use .arch armv8-a+crypto directive.
d32152f4 aarch64: Move m4 definitions after .file directive
f3dda9f4 ChangeLog entries for arm64 gcm_hash.
b098f19b arch64: Fix clang build
fd9dd9d7 arch64: Fix copyright line and typos
a3f91c0e aarch64: Adjust gcm-hash assembly for big-endian systems
09d77a10 aarch64: Implement GHASH using the crypto extension pmul instructions.
0c5429d3 aarch64: Add README
dbd16501 Add an empty machine.m64 to make configure happy
ebf9ae83 Recognize arm64 in configure
Signed-off-by: Nick Hainke <vincent@systemli.org>
Adjust
- 100-tcpdump_mini.patch
Remove upstreamed patches:
- 101-CVE-2020-8037.patch
- 102-CVE-2018-16301.patch
Changelog:
Wednesday, June 9, 2021 by gharris
Summary for 4.99.1 tcpdump release
Source code:
Squelch some compiler warnings
ICMP: Update the snapend for some nested IP packets.
MACsec: Update the snapend thus the ICV field is not payload
for the caller.
EIGRP: Fix packet header fields
SMB: Disable printer by default in CMake builds
OLSR: Print the protocol name even if the packet is invalid
MSDP: Print ": " before the protocol name
ESP: Remove padding, padding length and next header from the buffer
DHCPv6: Update the snapend for nested DHCPv6 packets
OpenFlow 1.0: Get snapend right for nested frames.
TCP: Update the snapend before decoding a MPTCP option
Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks
ForCES: Refine SPARSEDATA-TLV length check.
ASCII/hex: Use nd_trunc_longjmp() in truncation cases
GeoNet: Add a ND_TCHECK_LEN() call
Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES().
BGP: Fix overwrites of global 'astostr' temporary buffer
ARP: fix overwrites of static buffer in q922_string().
Frame Relay: have q922_string() handle errors better.
Building and testing:
Rebuild configure script when building release
Fix "make clean" for out-of-tree autotools builds
CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH.
Documentation:
man: Update a reference as www.cifs.org is gone. [skip ci]
man: Update DNS sections
Solaris:
Fix a compile error with Sun C
Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl.
Summary for 4.99.0 tcpdump release
CVE-2018-16301: For the -F option handle large input files safely.
Improve the contents, wording and formatting of the man page.
Print unsupported link-layer protocol packets in hex.
Add support for new network protocols and DLTs: Arista, Autosar SOME/IP,
Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand
(IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch
Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS,
ZigBee Encapsulation Protocol (ZEP).
Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP,
ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS,
NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD,
VXLAN-GPE.
User interface:
Make SLL2 the default for Linux "any" pseudo-device.
Add --micro and --nano shorthands.
Add --count to print a counter only instead of decoding.
Add --print, to cause packet printing even with -w.
Add support for remote capture if libpcap supports it.
Display the "wireless" flag and connection status.
Flush the output packet buffer on a SIGUSR2.
Add the snapshot length to the "reading from file ..." message.
Fix local time printing (DST offset in timestamps).
Allow -C arguments > 2^31-1 GB if they can fit into a long.
Handle very large -f files by rejecting them.
Report periodic stats only when safe to do so.
Print the number of packets captured only as often as necessary.
With no -s, or with -s 0, don't specify the snapshot length with newer
versions of libpcap.
Improve version and usage message printing.
Building and testing:
Install into bindir, not sbindir.
autoconf: replace --with-system-libpcap with --disable-local-libpcap.
Require the compiler to support C99.
Better detect and use various C compilers and their features.
Add CMake as the second build system.
Make out-of-tree builds more reliable.
Use pkg-config to detect libpcap if available.
Improve Windows support.
Add more tests and improve the scripts that run them.
Test both with "normal" and "x87" floating-point.
Eliminate dependency on libdnet.
FreeBSD:
Print a proper error message about monitor mode VAP.
Use libcasper if available.
Fix failure to capture on RDMA device.
Include the correct capsicum header.
Source code:
Start the transition to longjmp() for packet truncation handling.
Introduce new helper functions, including GET_*(), nd_print_protocol(),
nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others.
Put integer signedness right in many cases.
Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix
alignment issues, especially on SPARC.
Fix many C compiler, Coverity, UBSan and cppcheck warnings.
Fix issues detected with AddressSanitizer.
Remove many workarounds for older compilers and OSes.
Add a sanity check on packet header length.
Add and remove plenty of bounds checks.
Clean up pcap_findalldevs() call to find the first interface.
Use a short timeout, rather than immediate mode, for text output.
Handle DLT_ENC files *not* written on the same OS and byte-order host.
Add, and use, macros to do locale-independent case mapping.
Use a table instead of getprotobynumber().
Get rid of ND_UNALIGNED and ND_TCHECK().
Make roundup2() generally available.
Resync SMI list
against Wireshark.
Fix many typos.
Co-Developed-by: Ivan Pavlov <AuthorReflex@gmail.com>
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Release Notes:
- The libiconv library is now licensed under the LGPL version 2.1,
instead of the LGPL version 2.0. The iconv program continues to
be licensed under GPL version 3.
- Added converters for many single-byte EBCDIC encodings: IBM-{037,
273,277,278,280,282,284,285,297,423,424,425,500,838,870,871,875},
IBM-{880,905,924,1025,1026,1047,1097,1112,1122,1123,1130,1132,1137,
1140}, IBM-{1141,1142,1143,1144,1145,1146,1147,1148,1149,1153,1154,
1155,1156,1157}, IBM-{1158,1160,1164,1165,1166,4971,12712,16804}.
They are available through the configure option
'--enable-extra-encodings'.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add patches:
- 100-configure.ac-fix-AC_ARG_WITH.patch
Remove upstreamed patches:
- 200-resize_f2fs-fix_wrong_ovp_calculation.patch
Changelog:
64f2596 f2fs-tools: upgrade version 1.15.0
d9d5b11 f2fs-tools: build silently
299c0b5 fsck.f2fs: fix broken file_map output
3af62be f2fs-tools: show segment/section layout correctly
4d9c009 f2fs-tools: use android config only if there's no config.h
0b9b89f dump.f2fs: compress: fix dstlen of LZ4_compress_fast_extState()
eee3969 mkfs.f2fs: check uuid library
e5fe1a2 f2fs-tools: use fsync() in Android
ea9921f f2fs-tools: support zoned device in Android
a8fefc2 android_config.h: add missing liblz4
0c54cf7 libf2fs_io: add unused mactor to avoid build failure
6eebd13 ci: Enable -Wall, -Wextra and -Werror
c491657 Fix PowerPC format string warnings
70e4139 Suppress a compiler warning about integer truncation
7a1206a Annotate switch/case fallthrough
b964b79 Change #ifdef _WIN32 checks into #ifdef HAVE_.*
28de4d1 tools/f2fs_io: Fix the type of 'ret'
fdff1ab fsck/segment.c: Remove dead code
ede3bde fsck/main.c: Suppress a compiler warning
93c6483 tools/f2fscrypt.c: Fix build without uuid/uuid.h header file
559e60e fsck: Remove a superfluous include directive
98f7f56 mkfs/f2fs_format.c: Suppress a compiler warning
ef011a4 configure.ac: Detect selinux/android.h
2e59ab8 configure.ac: Detect the sparse/sparse.h header
1790203 Fix the MinGW build
ecd27dc Use %zu to format size_t
24663b6 Include <stddef.h> instead of defining offsetof()
cdefef0 Move the be32_to_cpu() definition
1612bf9 Remove unnecessary __attribute__((packed)) annotations
7a5109f f2fs_fs.h: Use standard fixed width integer types
e61203c Suppress a compiler warning
9425b47 Verify structure sizes at compile time
006bb13 Change one array member into a flexible array member
cb4c5d6 ci: Build f2fstools upon push and pull requests
f3033fb Change the ANDROID_WINDOWS_HOST macro into _WIN32
87d7a95 Switch from the u_int to the uint types
c483354 configure.ac: Enable cross-compilation
3e97d07 configure.ac: Sort header file names alphabetically
91ba5e5 configure.ac: Enable the automake -Wall option
ae65a15 configure.ac: Remove two prototype tests
d24fd5c configure.ac: Stop using obsolete macros
6afcf64 libf2fs: don't allow mkfs / fsck on non power-of-2 zoned devices
c7757ec man: update mkfs.f2fs to give the default android option
46e1b83 f2fs-tools: use proper 64bit types for PPC
97ce230 mkfs.f2fs: fix wrong indentation and clean up
0d3d26d mkfs.f2fs: set project quota by default for -g android for v4.14+
1de1db8 f2fs-tools: add atomic write related options to f2fs_io write command
85cd72a mkfs.f2fs: set required quota types only
028af9f fsck.f2fs: Add progression feedback
972d710 fsck.f2fs: do not assert if i_size is missing i_blocks in symlink
f63551b f2fs-tools: separate other bugs in fsck_verify
ade81b9 f2fs-tools: remove false failure alarm when fixing quota
99bc497 f2fs-tools: fall back to the original version check when clock_gettime is not supported
1603a3d mkfs.f2fs: wipe other FS magics given -f
63d5004 fsck.f2fS: is_valid_summary(): check whether offset is out of bounds
3fd996c Avoid redefined ALIGN_UP
1edc138 fsck.f2fs: Update the usage about option of preen mode
49159df f2fs-tools: change fiemap print out format
8bcb58e f2fs_io: add rename w/ fsync option
9429e86 fsck.f2fs: add basic compress related check/fix
529967e f2fs-tools: make fiemap command in accordance with uapi
1228009 f2fs-tools: rebuild the quota inode if it is corrupted
9ee091e f2fs-tools: add periodic check in kernel version check
1bc7658 dump.f2fs: minor clean ups
69952e3 f2fs-tools: fix wrong value of reserve_new_block parameter in page_symlink
76d2a91 f2fs-tools: add extent cache for each file
8d464ee f2fs-tools: fix wrong file offset
acd2518 fsck|dump.f2fs: add -M to get file map
027488e mkfs.f2fs: remove android features for RO
e01ad31 f2fs-tools: fix metadata region overlap with zoned block device zones
f3b93bf sload.f2fs: Reword "IMMUTABLE" in strings/comments
820b5e3 sload.f2fs: use F2FS_COMPRESS_RELEASED instead of IMMUTABLE bit
1d2683f f2fs-tools: support small RO partition
a9594c6 fsck.f2fs: add "-l" to show the layout information
38e3115 f2fs_io: add to show immutable bit
6afd3e9 tools: Introduce f2fslabel
3218ff9 f2fs-tools: correct get kernel version logic
19d49b5 dump.f2fs: fix memory leak caused by dump_node_blk()
15d4d7b fsck.f2fs: fix memory leak caused by fsck_chk_orphan_node()
1900c22 mkfs.f2fs: fix memory leak in not enough segments error path
5cc365c resize.f2fs: fix memory leak caused by migrate_nat()
870915f f2fs_io: split definition check for crypto ioctl
91f9db2 fsck.f2fs: update kernel version in superblock on forced check
1531853 f2fs_io: Add get file name encryption mode
3bfcca8 f2fs-tool: increase debug level from 0 to 1 in migrate_block
5263ae2 resize.f2fs: fix to check free space before shrink
159752d resize.f2fs: fix wrong sit/nat bitmap during rebuild_checkpoint()
98e6463 resize.f2fs: add force option to rewrite broken calculation
f056fbe resize.f2fs: fix wrong ovp calculation
80dba0f Add -P option to preserve file owner
f0fda11 libf2fs: fix memory leak caused by get_rootdev()
5144f2f mkfs.f2fs: add VM disk files to hot data types
73c0871 libzoned: use blk_zone_v2 and blk_zone_report_v2 by default
9cb5150 f2fs-tools: fix wrong blk_zone_rep_v2 definition
15474db mkfs.f2fs: allocate zones together to avoid random access
316e128 mkfs.f2fs: adjust zone alignment when using multi-partitions
cc57f2c fsck.f2fs: fix alignment on multi-partition support
ff7172e f2fs-tools: Miscellaneous cleanup to README.
2b26417 mkfs.f2fs.8: Better document the -g argument.
e05afe5 mkfs.f2fs.8: fix formatting for -l parameter in man page
747b74c f2fs-tools: Make sload.f2fs reproduce hard links
b585244 f2fs-tools:sload.f2fs compression support
7b63f7b f2fs_io: add compress/decompress commands
457392a f2fs-tools: Added #ifdef WITH_func
d322d47 f2fs-tools: fix a few spelling errors in f2fs-tools
fcd5cd0 f2fs-tools: skipped to end on error syntax error
31d30f0 mkfs.f2fs: show a message when compression is enabled
1d4c7e7 f2fs_io: add get/set compression option
4bd7008 Fix ASSERT() macro with '%' in the expression
ca0ed8a f2fs-toos: fsck.f2fs Fix bad return value
c954e7c fsck.f2fs: do xnid sanity check only during fsck
1bfc173 f2fs_io: add erase option
e59bb17 mkfs.f2fs.8: document the verity feature
8fd836f fsck: clear unexpected casefold flags
1a7415a mkfs.f2fs: add -h and --help
717d70d f2fs_io: change fibmap to fiemap
Signed-off-by: Nick Hainke <vincent@systemli.org>
This enables building WolfSSL with Curve448, which can be used by
Strongswan. This has been tested on a Linksys E8450, running OpenWrt
22.03-rc4.
This allows parity with OpenSSL, which already supports Curve448 in
OpenWrt 21.02.
Fixesopenwrt/packages#18812.
Signed-off-by: Joel Low <joel@joelsplace.sg>
Remove upstreamed patch:
- 100-build-add-Libs.private-field-in-libnl-pkg-config-file.patch
cacaa5f libnl-3.6.0 release
855c02f route/mdb: merge branch 'troglobit:mdb-dump-fixes'
930fc11 route/mdb: add support for MAC multicast entries
2d68caf route/mdb: add missing detils and stats dump callbacks
d9ed99b nl-monitor: support for setting libnl debug level
4c41e0d nl-monitor: add missing --help to long_opts[]
7e96356 Check validation type against end of enum
4e153bc route/link: add VLAN bridge binding flag
b7256d3 github: build unit tests also with "clang"
8111933 route: assert that "rtnl_link_info_ops" refcount does not drop below zero
4f5c846 lib: merge branch 'th/object-clone-fixes'
d23fb81 lib: make nl_object_clone() out-of-memory safe
7f7452c route: fix ref counting for l_info_ops and io_clone()
620d024 route: drop unnecessary oo_clone() implementation from netconf
93a02eb netfilter: make log-msg,queue-msg setters robust against ENOMEM
23902d0 xfrm/sa: clone user_offload in xfrm_sa_clone()
29e5092 xfrm/sa: style cleanup xfrm_sa_clone()
14a9ebc utils: add internal _nl_memdup() helper
2e0d7f8 lib: add rtnl_link_info_ops_get() and take lock for rtnl_link_info_ops's io_refcnt
e884286 lib: include <netlink-private/utils.h> in <netlink-private/netlink.h>
7d43191 tests: merge branch 'th/tests-netns'
a7bbdab tests: add unit test for nl_object_clone() and nl_object_diff()
fdb0121 tests: add new "netns" test suite
9102872 tests: add fixture/teardown for tests to run in separate netns
9a42798 tests: cleanup creating test suites
1fc3e07 tests: refactor tests and add n-test-util helper library
7a3d6e2 netlink: add _NL_N_ELEMENTS() macro
3da4f7d netlink: add _nl_streq()/_nl_streq0() helper
1ad8555 netlink: add _nl_auto_nl_socket cleanup macro
c8a5729 lib: add _nl_close() helper
80868e6 clang-format: add ".clang-format" from linux kernel
2782ed3 github: build tests with "-std=gnu11"
af59b9a github: split tests in separate steps
c8f7902 build: add "check-progs" make target to build unit tests
23b4d33 route/cls: add TCA_FLOWER_KEY_VLAN_ETH_TYPE to "flower_policy" policy
1f8dc89 route/cls: return -NLE_INVAL in case rtnl_tc_data_peek() fails
ef5f3eb route/cls: merge branch 'westermo:cls-flower'
c385c84 route/cls: no need to copy simple fields in flower_clone()
79217d8 route/cls: make output pointers in rtnl_flower_get_{src,dst}_mac() optional
64e0836 route/cls: adjust whitspace/indentation
5ac9ce3 route/cls: use SPDX-License-Identifier
1a1c4e5 route/cls: reorder fields in "struct rtnl_flower" and adjust indentation
ef46de1 route/cls: add flower classifier
f0aad20 route: merge branch 'pugo:master'
d0cfecc route: make argument of rtnl_link_can_set_{bittiming,data_bittiming}() const
6a92268 route: add rtnl_link_can_set_data_bittiming_const()
841553b route: drop bitrate,sample-point getters/setters from can link
37998f7 route: rename rtnl_link_can_get_data_bt_const() to rtnl_link_can_get_data_bittiming_const()
96d3a6b route: fix adding rtnl_link_can_* symbols to symbol file
881e329 route: fix indentation
37c10ef route/link: add CAN FD support
d56bf73 route/mdb: merge branch 'rubensfig:mdb'
e0b2406 route/mdb: drop setting ifindex in mdb_clone()
d78a6eb route/mdb: minor cleanup in "mdb.c"
57a6d51 route/mdb: drop extra MDB attributes and rework mdb_compare()
0b44562 route/mdb: hide rtnl_mdb_entry_alloc() from public API
1c65ff7 route/mdb: reorder fields in "rtnl_mdb_entry" for tighther packing
1ac5403 route/mdb: use nl_list_for_each_entry_safe() for destroying list in mdb_free_data()
92035e2 route/mdb: cleanup mdb.h header
6237621 build: sort file names in Makefile.am
0ec6c6c mdb: support bridge multicast database notification
c980034 route/cls: merge branch 'westermo:classifier-api-extension'
a694c33 route/cls: rename rtnl_cls_get{,_by_prio}() API to rtnl_cls_find_by{handle,prio}()
88a5138 route/cls: allow fetching of classifiers from cache
90577b5 route: merge branch 'TummyFish:master'
299f61a license: use SPDX license identifiers and drop license comments
05a540d ip6vti: Add fwmark API
41e4365 ip6gre: Add fwmark API
ebc7df3 sit: Add fwmark API
8e1da8e ipip: Add fwmark API
bda19be ip6_tnl: Add fwmark API
cdc6c0f ipvti: Add fwmark API
2995710 ipgre: Add fwmark API
d9dc6c2 ip6vti: Add IPv6 VTI support
be86170 license: use SPDX license identifiers and drop license comments
919d9c6 route: merge branch 'westermo:fib-lookup'
1ff9b38 route/route: don't report failure when we receive a route in rtnl_route_lookup()
53bc27e route/route: support FIB lookups using rtnl
ed76b9a build: sort files in Makefile.am
46b22c1 route/link: merge branch 'westermo:team-support'
586a6b6 build: fix new symbols in "libnl-route-3.sym"
831f125 route/link: add support for team device
6c59580 route/link: Move LINK_ATTR_IFNAME to a proper location
f77cd25 route/netconf: full API export
f59f443 build: add Libs.private field in libnl pkg-config file
b3333e0 route/qdisc: allow fetching qdiscs by their kind
9a39188 netlink: merge branch 'michael-dev:feature/nflog-vlan-v3'
a93fc5f nflog: add recent missing symbols to "libnl-nf-3.sym"
7b4df53 nflog: add missing symbols to "libnl-nf-3.sym"
8266436 nflog:add conntrack flag and enable flags for nflog
246904d nflog: add CT support
59fc1d7 nflog: add mac_header support
c268c48 nflog: add vlan attribute
2548468 refresh linux/netfilter/nfnetlink_log.h with linux 5.4
4edffbd route/link: Add IPv6 GRE support
5d69587 route: add global sectin in "libnl-route-3.sym"
d0cf3a9 neigh: support to add fdb entry
3bf0a9c cls:u32: fix u32_clone() function
3147d86 route:tc: fix rtnl_tc_clone() calling to_clone() and add comment
c027e54 route:cls: fix dangling pointers in to_clone() implementations
47c04fb route:act: drop unnecessary implementations for to_clone()
79f7c9d tests: add test for cloning cls:u32 object
b1caff8 github: run unit tests under valgrind
38b3be3 tests: cleanup tests and avoid leaks
c2b94b9 lib: add more _nl_auto* cleanup macros
1f05e5a tests: replace libcheck's fail_if() macro by ck_assert*()
6341d89 log: fix typo in dumping msg
bfee88b route: fix memory leak of l_info_ops in link_msg_parser()
431ba83 route: merge branch 'qbdwlr:mplsPR'
cc680d4 route: add accessors for setting/getting ENCAP_MPLS attributes
efe8aad route: remove incorrect nl_addr_valid() from rtnl_route_nh_set_newdst(), etc.
0688bc6 netfilter/ct: fix use of reply/orig for conntrack requests
5d92516 route: don't use internal bit mask constants in NLA_PUT in can_put_attrs()
6fe9418 lib: fix descriptions for nl_cache_pickup()/nl_cache_pickup_checkdup()
d0d91c7 route: merge branch 't0mmmy90:check-if-nh-exists-while-updating-ipv6-multipath-route'
28a652b route: fix duplicate check for next hop for IPv6 multipath routes
03bfd2f route: check if nh exists while updating route
92c9237 ci: add github-actions
3d1fb00 tests/check-addr: replace deprecated fail_if() macro from libcheck with ck_assert_msg()
d9cad53 xfrm: fix naming consistency in xfrmnl_sp_get_curlifetime()
c0e82db cli: Add C++ linkage support
000a3bd yyerror: update to POSIX standard
f865a99 xfrm: merge branch 'spellingmistake:master'
0306ae2 xfrm: fix libnl-xfrm-3.sym linker versioning
8950194 xfrm: ensure minlen in policy for XFRMA_OFFLOAD_DEV
c8f33a4 xfrm: Add support for xfrm user offloading
b6cc13d Supporting Hardware offload capability for MACsec
39944c6 route/link: check calloc() return value
12cc0aa zero stack allocated memory in xfrmnl_build_sa_delete_request
5f39502 merge branch 'bengal/coverity'
26f342d route/qdisc: handle error of calloc()
d1a151e route/qdisc: fix memory leak in netem.c
aa092d1 route/link: fix copy-paste error in geneve.c
30552e8 route/cls: fix cgroup's clone() function
764c30a route: let route/link join RTNLGRP_IPV6_IFINFO mcast group
b24e833 doc: update link to mscgen-filter
0b5d17d addr: merge branch 'lcrestez-dn:dadfailed'
30924e7 tests: Add test for rtnl_addr_flags2str
5c05c75 addr: Add address flag `dadfailed`
2abeec8 xfrm: remove superfluous xfrm_userpolicy_id from dump request
5611487 lib/trivial: whitespace
ab015e1 lib: merge branch 'th/object-identical-fix'
36b0894 lib: allow to compare incomplete objects in nl_object_identical()
5020077 lib: let nl_object_identical() declare the same object as identical
406ebc8 lib: fix using right compare mask in nl_object_diff64()
8637c70 lib/trivial fix indentation
4be6062 route/link: avoid cloning link policy in link_msg_parser()
ba3c51c route/link: fix link_msg_parser() for using the af_ops of the link family
f9d0181 lib: use proper int type for id attributes in nl_object_identical()
68b3431 lib: fix documentation of nl_cache_dump_filter to have @params optional
2375cde lib: fix spelling errors in "netlink/handlers.h"
3faf26c gitignore: fix ignoring check-direct build artifacts
47fb1c0 xfrm: remove superfluous xfrm_usersa_id from dump request
846d288 travis: install "check" in travis
d64a0ec route: convert non-leading tabs to spaces in "include/netlink/route/link.h"
aaefd92 route: add test for valid content of map_stat_id_from_IPSTATS_MIB_v2 array
bab9e77 route/link: add RTNL_LINK_REASM_OVERLAPS stat
bae11ec tests: add "check-direct" test
2d50b04 route: add "netlink-private/route/utils.h" header
9a52b3d gitignore: merge all gitignore files in top level directory
4c5f2d6 merge branch 'th/license-comment-cleanup'
2d3e690 license: update "doc/COPYING" license text
1389188 license: add SPDX license identifer to "configure.ac" files
503aa5e license: fix and add SPDX license identifiers and drop license comments
4333aef license: cleanup copyright comments
956635b license: fix SPDX license identifier for nl-auto.h
5614b4c lib: merge branch 'th/cleanup-errout'
17e09aa rtnl/route: use cleanup attribute in "lib/route/link.c"
b50be8f rtnl/route: use cleanup attribute in "lib/route/route_obj.c"
fca338b rtnl/route: fix NLE_NOMEM handling in parse_multipath()
2957d8f rtnl/link: fix leaking rtnl_link_af_ops in link_msg_parser()
77b4f68 rtnl/route: only consider negative error codes as error
6870ece lib: cleanup nla_parse() to return early on error
a858a0b lib: use _nl_strncpy*() instead of plain strncpy()
018c694 lib: cleanup _nl_strncpy_assert()
e97b990 lib: rename _nl_strncpy() to _nl_strncpy_assert()
5ffbc6f lib: add _NL_RETURN_*() helper macros
abb7391 lib: add "include/netlink-private/nl-auto.h" header
ecd15bc lib: add _nl_assert_not_reached()
9cc38dc lib/route: adjust coding style
01ea9a6 route/link: Check for null pointer in macvlan
Signed-off-by: Nick Hainke <vincent@systemli.org>
Beeline SmartBox GIGA is a wireless WiFi 5 router manufactured by
Sercomm company.
Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 256 MiB, Nanya NT5CC128M16JR-EK
Flash: 128 MiB, Macronix MX30LF1G18AC
Wireless 2.4 GHz (MT7603EN): b/g/n, 2x2
Wireless 5 GHz (MT7613BE): a/n/ac, 2x2
Ethernet: 3 ports - 2xGbE (WAN, LAN1), 1xFE (LAN2)
USB ports: 1xUSB3.0
Button: 1 button (Reset/WPS)
PCB ID: DBE00B-1.6MM
LEDs: 1 RGB LED
Power: 12 VDC, 1.5 A
Connector type: barrel
Bootloader: U-Boot
Installation
-----------------
1. Downgrade stock (Beeline) firmware to v.1.0.02;
2. Give factory OpenWrt image a shorter name, e.g. 1001.img;
3. Upload and update the firmware via the original web interface.
Remark: You might need make the 3rd step twice if your running firmware
is booted from the Slot 1 (Sercomm0 bootflag). The stock firmware
reverses the bootflag (Sercomm0 / Sercomm1) on each firmware update.
Revert to stock
---------------
1. Change the bootflag to Sercomm1 in OpenWrt CLI and then reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
2. Optional: Update with any stock (Beeline) firmware if you want to
overwrite OpenWrt in Slot 0 completely.
MAC Addresses
-------------
+-----+-----------+---------+
| use | address | example |
+-----+-----------+---------+
| LAN | label | *:16 |
| WAN | label + 1 | *:17 |
| 2g | label + 4 | *:1a |
| 5g | label + 5 | *:1b |
+-----+-----------+---------+
The label MAC address was found in Factory 0x21000
Notes
-----
1. The following scripts are required for the build:
sercomm-crypto.py - already exists in OpenWrt
sercomm-partition-tag.py - already exists in OpenWrt
sercomm-payload.py - already exists in OpenWrt
sercomm-pid.py - new, the part of this pull request
sercomm-kernel-header.py - new, the part of this pull request
2. This device (same as other Sercomm S2,S3-based devices) requires
special LZMA and LOADADDR settings for successful boot:
LZMA_TEXT_START=0x82800000
KERNEL_LOADADDR=0x81001000
LOADADDR=0x80001000
3. This device (same as several other Sercomm-based devices - Beeline,
Netgear, Etisalat, Rostelecom) has partition map (mtd1) containing
real partition offsets, which may differ from device to device
depending on the number and location of bad blocks on NAND.
"fixed-partitions" is used if the partition map is not found or
corrupted. This behavour (it's the same as on stock firmware) is
provided by MTD_SERCOMM_PARTS module.
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Operating Channel Validation (OCV) is a security feature designed to
prevent person-in-the-middle multi-channel attacks. Compile -basic and
-full variants with support for OCV. This feature can be configured in the
wireless config by setting ocv equal to one of the following values:
0 = disabled (hostapd/wpa_supplicant default)
1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the
driver indicates support for operating channel validation.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
Operating Channel Validation (OCV) is a security feature designed to
prevent person-in-the-middle multi-channel attacks. Compile the -basic and
-full variants of hostapd with this feature, and enable discovery of this
feature for future luci integration. OCV can be configured by setting ocv
equal to one of the following values in the wireless config:
0 = disabled (hostapd/wpa_supplicant default)
1 = enabled
2 = enabled in workaround mode - Allow STA that claims OCV capability to
connect even if the STA doesn't send OCI or negotiate PMF.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
c07f45927839 firmware: update mt7622 firmware to version 20220630
af406a2d1c36 mt76: do not use skb_set_queue_mapping for internal purposes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This external switch driver should be loaded on boot for network
support in failsafe mode.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This external switch driver should be loaded on boot for network
support in failsafe mode.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
In Turris MOX SDIO card [1], which uses Marvell 88W997 and its driver
mwifiex, you might get cryptic messages, which are not helpful to use.
@pali created patch, which improves messages by the driver and he will
send this to Linux kernel soon.
Before:
[ 81.026156] mwifiex_sdio mmc1:0001:1: CMD_RESP: cmd 0x20 error, result=0x1
After:
[ 15.784018] mwifiex_sdio mmc1:0001:1: CMD_RESP: cmd RF_ANTENNA (0x20) error, result=0x1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
SDIO chip 88W9997 from NXP [1] is quite limited by its firmware and
driver. Add hacky patch to allow up to 4 SSID instead of 3 SSID.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Add support for Methode euroDPU which is based on uDPU but does not
have a second SFP cage, instead of which a Maxlinear G.hn IC is used.
PHY mode is set to 1000Base-X despite Maxlinear IC being capable of
2500Base-X since until 5.15 support for mvebu is available trying to use
2500Base-X will cause buffer overruns for which the fix is not easily
backportable.
Installation instructions:
1. Boot the FIT initramfs image (openwrt-mvebu-cortexa53-methode_edpu-initramfs.itb)
2. sysupgrade using the openwrt-mvebu-cortexa53-methode_edpu-firmware.tgz
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
uDPU DTS has pending upstream fixups, so backport those as well as split
the DTS into a DTSI and DTS in preparation for euroDPU support which
uses uDPU as the base.
Ethernet aliases have not yet been sent upstream but will be soon in order
for U-boot to set the correct MAC on both ethernet interfaces instead of
just one.
Since U-boot environment now has its own partition, update the envtools
config script to search for it instead.
Patch hardcoding PHY mode is also not applicable anymore, so drop it and
set in the uDPU DTS directly.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
OpenWrt now uses firewall4 (nft) by default,
so iptables should also default to nftables backend.
When multiple packages provide the same virtual package,
opkg pick the first one by alphabetical order,
so we rename iptables-legacy to iptables-zz-legacy and add
iptables-legacy in PROVIDES.
We also need to remove IPTABLES_NFTABLES config as
this cause recursive dependencies.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Enabling mbo by default on 802.11ax devices breaks for encryption types
that do not enable 802.11w by default. Disable mbo by default to fix
this. Enabling mbo by default on 802.11ax devices was not explained in
the commit message anyway.
Fixes: 6eee983656 ("hostapd: introduce mbo option")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Introduce a new option background_radar to toggle hostapd's background
radar feature. Enabling this allows DFS CAC to run on dedicated radio RF
chains while the radio(s) are otherwise running normal AP activities on
other channels.
As OpenWrt configures hostapd to use a channel list even when a single
channel is configured, using this feature requires a list of channels in
/etc/config/wireless. Alternatively, channel can be set to auto.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Support the use of MBO in the bss_transition_request ubus method.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Introduce a new option mbo to toggle Multi Band Operation aka Agile
Multiband for a BSS.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Multi Band Operation is required for 802.11ax certification, so let's
enable it if 802.11ax support is enabled.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Multi Band Operation aka Agile Multiband introduces new Transition
and Transition Rejection Reason Codes that should improve client
steering. Add a config symbol to enable it, and enable it by default for
the full variants.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Enable ath10k offload by default. This improves wireless performance
without requiring user configuration.
This adds ath10k_core to the AUTOLOAD section so that the frame_mode
paramter can be added to /etc/modules.d and passed to the driver.
The frame_mode 2 enables ethernet mode on the firmware/driver.
This parameter is set by passing a different value to the frame_mode
value on kmod insmod.
Link to the original patchset:
https://patchwork.kernel.org/project/linux-wireless/cover/20220516032519.29831-1-ryazanov.s.a@gmail.com/
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Changes:
9c44557 opkg_remove: avoid remove pkg repeatly with option --force-removal-of-dependent-packages
2edcfad libopkg: set 'const' attribute for argv
This should fix the CI error in the packages repository, which happens with perl.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
9eabf30 Release version 5.18.
2b3ddcb ethtool: fec: Change the prompt string to adapt to current situations
d660dde pretty: add missing message descriptions for rings
aaeb16a pretty: support u8 enumerated types
6b320b8 rings: add support to set/get cqe size
41fddc0 update UAPI header copies
42e6c28 help: fix alignment of rx-buf-len parameter
e1d0a19 ethtool.8: Fix typo in man page
37f0586 Release version 5.17.
8c2984c strset: do not put a pointer to a local variable to nlctx
8fd02a2 ioctl: add the memory free operation after send_ioctl call fails
b9f25ea ethtool: Add support for OSFP transceiver modules
6e79542 features: add --json support
5ed5ce5 Merge branch 'next' into master
b90abbb man: document recently added parameters
51a9312 tunables: add support to get/set tx copybreak buf size
a081c2a rings: add support to set/get rx buf len
d699bab Merge branch 'master' into next
52db6b9 Merge branch 'review/module-extstate' into next
6407b52 monitor: add option for --show-module/--set-module
1f35786 ethtool: Add transceiver module extended state
2d4c5b7 ethtool: Add ability to control transceiver modules' power mode
005908b Update UAPI header copies
Signed-off-by: Nick Hainke <vincent@systemli.org>
WolfSSL is crashing with an illegal opcode in some x86_64 CPUs that have
AES instructions but lack other extensions that are used by WolfSSL
when AES-NI is enabled.
Disable the option by default for now until the issue is properly fixed.
People can enable them in a custom build if they are sure it will work
for them.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This reverts the airtime scheduler back from the virtual-time based scheduler
to the deficit round robin scheduler implementation.
This reduces burstiness and improves fairness by improving interaction with AQL.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
1696f9eb8b40 mt76: mt7915: do not copy ieee80211_ops pointer in mt7915_mmio_probe
a4db5869d660 mt76: mt7915: update mpdu density in 6g capability
500c18014d95 mt76: mt7915: add sta_rec with EXTRA_INFO_NEW for the first time only
3ef66fc7c714 mt76: do not check the ccmp pn for ONLY_MONITOR frame
dd682eead016 mt76: mt7915: update the maximum size of beacon offload
4fb991f2c997 mt76: mt7615: add sta_rec with EXTRA_INFO_NEW for the first time only
ba39ed3b44f1 mt76: mt76x02: improve reliability of the beacon hang check
fd8211cf7c59 mt76: mt7921: sync with updated patch
f2edd340ddb4 mt76: allow receiving frames with invalid CCMP PN via monitor interfaces
b6e865e2cc70 mt76: mt7615: fix throughput regression on DFS channels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The MAC can be stored in OTP memory or in flash memory, currently the
driver could read it only from OTP. Backport the patch allowing setting
the MAC address from flash. Some modules have the OTP programmed but
the ODM/OEM decided to overwrite it with value stored in flash.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
These narrowments are no longer useful, since there's no lower version
than 5.10 supported in tree.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Remove backport:
- 001-examples-compile-with-make-check.patch
87fdf683 build: Bump version to 1.0.3
c4ec825b nft: simplify chain lookup in do_list_chain
4f6724f1 intervals: fix compilation --with-mini-gmp
4c20fe95 json: update json output ordering to place rules after chains
57741350 netlink_delinearize: release last register on exit
d6fdb0d8 sets_with_ifnames: add test case for concatenated range
88b2345a segtree: add pretty-print support for wildcard strings in concatenated sets
806ab081 netlink: swap byteorder for host-endian concat data
c224aa6b intervals: deletion should adjust range not yet in the kernel
ea1f1c9f optimize: memleak in statement matrix
0a6dbfce optimize: merge nat rules with same selectors into map
743b0e81 optimize: do not clone unsupported statement
c8b35039 optimize: incorrect logic in verdict comparison
fc4da141 src: fix always-true assertions
d1289bff intervals: set on EXPR_F_KERNEL flag for new elements in set cache
721b9dec tests: add concat test case with integer base type subkey
22b750aa src: allow use of base integer types as set keys in concatenations
3ed9fada intervals: build list of elements to be added from cache
e45b4939 intervals: fix deletion of multiple ranges with automerge
3b7b22ae intervals: add elements with EXPR_F_KERNEL to purge list only
ea31855d netlink: remove unused argument from helper function
48204bd7 intervals: Simplify element sanity checks
ab1b21be intervals: unset EXPR_F_KERNEL for adjusted elements
e0beff27 src: restore interval sets work with string datatypes
3e8d934e intervals: support to partial deletion with automerge
7a6e1604 evaluate: allow for zero length ranges
3da9643f intervals: add support to automerge with kernel elements
7b061e63 mnl: update mnl_nft_setelem_del() to allow for more reuse
fdb8e0ff src: remove rbtree datastructure
81e36530 src: replace interval segment tree overlap and automerge
f1cc44ed src: add EXPR_F_KERNEL to identify expression in the kernel
ad43b84e segtree: add support for get element with sets that contain ifnames
06db2308 segtree: use correct byte order for 'element get'
4c6681a7 tests: add testcases for interface names in sets
5e393ea1 segtree: add string "range" reversal support
2fb4d7ea src: make interval sets work with string datatypes
403936c1 evaluate: string prefix expression must retain original length
ada50f84 segtree: split prefix and range creation to a helper function
ae7d32fc evaluate: keep prefix expression length
d2b23984 evaluate: make byteorder conversion on string base type a no-op
c36ecfc2 tests: py: Add meta time tests without 'meta' keyword
6fa4ff56 tests: py: Don't colorize output if stderr is redirected
f561a0cc tests: monitor: Hide temporary file names from error output
75fea8a5 tests: py: extend meta time coverage
4460b839 meta: fix compiler warning in date_type_parse()
02100978 meta: time: use uint64_t instead of time_t
4e0026dc include: add missing `#include`
ab74fb5b examples: add .gitignore file
bcad4761 tests: py: add inet/vmap tests
214494aa optimize: Restore optimization for raw payload expressions
82762ab6 src: allow to use integer type header fields via typeof set declaration
64bb3f43 src: allow to use typeof of raw expressions in set declaration
ff0f30e3 expression: typeof verdict needs verdict datatype
60f5c107 src: copy field_count for anonymous object maps as well
4cf97abf rule: Avoid segfault with anonymous chains
4e718641 evaluate: init cmd pointer for new on-stack context
1ea71c23 optimize: do not assume log prefix
3f36cc6c optimize: do not merge unsupported statement expressions
19960c8d optimize: incorrect assert() for unexpected expression type
3de1dbd2 optimize: more robust statement merge with vmap
99eb4696 optimize: fix vmap with anonymous sets
e8f0fa21 scanner: Fix for ipportmap nat statements
59d184be scanner: dup, fwd, tproxy: Move to own scopes
069a0450 scanner: meta: Move to own scope
2165324d scanner: at: Move to own scope
a67fce7f scanner: nat: Move to own scope
578467c1 scanner: policy: move to own scope
a1669709 scanner: flags: move to own scope
020372d9 scanner: reject: Move to own scope
543bf3c2 scanner: import, export: Move to own scopes
88105810 scanner: reset: move to own Scope
8a7e430a scanner: monitor: Move to own Scope
e5547017 scanner: rt: Extend scope over rt0, rt2 and srh
04c95f14 scanner: type: Move to own scope
62a95698 scanner: dst, frag, hbh, mh: Move to own scopes
a060d912 scanner: ah, esp: Move to own scopes
4e215fdf scanner: osf: Move to own scope
5166b298 scanner: dccp, th: Move to own scopes
3e04a6e2 scanner: udp{,lite}: Move to own scope
bbdcfbfa scanner: comp: Move to own scope.
232f2c32 scanner: synproxy: Move to own scope
26b53653 scanner: tcp: Move to own scope
f5722119 scanner: igmp: Move to own scope
a7d8cca9 scanner: icmp{,v6}: Move to own scope
5d837d27 src: add tcp option reset support
1d507ce7 build: explicitly pass --version-script to linker
e98a9b83 libnftables.map: export new nft_ctx_{get,set}_optimize API
9eb98b3b tests: add test case for flowtable with owner flag
18a08fb7 examples: compile with `make check' and add AM_CPPFLAGS
Signed-off-by: Nick Hainke <vincent@systemli.org>
4554ee652caf mt76: mt7921: fix warning Using plain integer as NULL pointer
a3f1d6ccf3ca mt76: mt7921: add missing bh-disable around rx napi schedule
9aeca2a5ce47 mt76: mt7921: get rid of mt7921_mcu_exit
fee8a5911c76 mt76: connac: move shared fw structures in connac module
db4d784ae7ba mt76: mt7921: move fw toggle in mt7921_load_firmware
16ab6bf49556 mt76: connac: move mt76_connac2_load_ram in connac module
29fd748801c6 mt76: connac: move mt76_connac2_load_patch in connac module
051c68d18214 mt76: mt7663: rely on mt76_connac2_fw_trailer
d6ae3505ac6c mt76: enable the VHT extended NSS BW feature
488a5ccc9762 mt76: mt7921: rely on mt76_dev in mt7921_mac_write_txwi signature
934029bb93e2 mt76: mt7915: rely on mt76_dev in mt7915_mac_write_txwi signature
ecefae4c7d72 mt76: connac: move mac connac2 defs in mt76_connac2_mac.h
b5eecc841df8 mt76: connac: move connac2_mac_write_txwi in mt76_connac module
012e619a07b9 mt76: connac: move mt76_connac2_mac_add_txs_skb in connac module
1b492be795ea mt76: mt7921: not support beacon offload disable command
f1f46d3b4b19 mt76: mt7921: fix command timeout in AP stop period
cae61112ef1d mt76: connac: move HE radiotap parsing in connac module
487674062643 mt76: connac: move mt76_connac2_reverse_frag0_hdr_trans in mt76-connac module
649bdc4983c4 mt76: connac: move mt76_connac2_mac_fill_rx_rate in connac module
cb75aaa39252 mt76: mt7921s: remove unnecessary goto in mt7921s_mcu_drv_pmctrl
e0eaf66eaebb mt76: mt7615: do not update pm stats in case of error
f8d125b4ea30 mt76: mt7921: do not update pm states in case of error
6329a834907e mt76: mt7921s: fix possible sdio deadlock in command fail
8a04f1b04662 mt76: mt7921: fix aggregation subframes setting to HE max
e52283439094 mt76: mt7915: disable UL MU-MIMO for mt7915
fd3958970e3d mt76: mt7921: enlarge maximum VHT MPDU length to 11454
18df38fe77f7 mt76: mt7915: get rid of unnecessary new line in mt7915_mac_write_txwi
149e95f5d7a6 mt76: connac: move mt76_connac_fw_txp in common module
899d192e8a79 mt76: move mt7615_txp_ptr in mt76_connac module
7184f0a6f6a5 mt76: connac: move mt76_connac_tx_free in shared code
c42d45278fa5 mt76: connac: move mt76_connac_tx_complete_skb in shared code
0993f4ef96f8 mt76: connac: move mt76_connac_write_hw_txp in shared code
467960fab791 mt76: connac: move mt7615_txp_skb_unmap in common code
2e758064b085 mt76: mt7915: rely on mt76_connac_tx_free
2065a7901671 mt76: move mcu_txd/mcu_rxd structures in shared code
576c1b7c472b mt76: move mt76_connac2_mcu_fill_message in mt76_connac module
7275f7758090 mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Document the ubus methods we added to hostapd so that people don't have
to read code to figure out which methods are available and what they do.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This adds a few fixes for compiling against Linux 5.10:
1. segment_eq() has been removed with upstream commit
428e2976a5bf7e7f5554286d7a5a33b8147b106a ("uaccess: remove
segment_eq") and can use uaccess_kernel() instead
2. ioremap_nocache() is removed and is now an alias for ioremap() with
upstream commit 4bdc0d676a643140bdf17dbf7eafedee3d496a3c ("remove
ioremap_nocache and devm_ioremap_nocache")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Existing conntracks will continue to be SNATed to 192.0.0.1 even after
464xlat interface gets teared down. To prevent this, matching
conntracks must be killed.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
On x86, when both CONFIG_GRUB_CONSOLE and CONFIG_GRUB_SERIAL are set (as
they are by default), the kernel command line will have two console=
entries, such as
console=tty0 console=ttyS0,115200n8
Failsafe was only running a shell on the first defined console, the VGA
console. This is a problem for devices like apu2, where there is only a
serial console and it appears on ttyS0.
Moreover, the console prompt to enter failsafe during boot was delivered
to, and its input read from, the last console= on the kernel command
line. So while the failsafe shell was on the first defined console, only
the last defined console could be used to enter failsafe during boot.
In contrast, the x86 bootloader (GRUB) operates on both the serial
console and the VGA console by virtue of "terminal_{input,output}
console serial". GRUB also provided an alternate means to enter failsafe
from either console. The presence of two console= kernel command line
parameters causes kernel messages to be delivered to both. Under normal
operation (not failsafe), procd runs login in accordance with inittab,
which on x86 specifies ttyS0, hvc0, and tty1, allowing login through any
of serial, hypervisor, or VGA console. Thus, serial access was
consistently available on x86 devices with serial consoles under normal
operation, except for shell access in failsafe mode (without editing the
kernel command line).
By presenting the failsafe prompt, reading failsafe prompt input, and
running failsafe shells on all consoles listed in /proc/cmdline,
failsafe mode will work correctly on devices with a serial console (like
apu2), and the same image without any need for reconfiguration can be
shared by devices with the more traditional (for x86) VGA console. This
improvement should benefit any system with multiple console= arguments,
including x86 and bcm27xx (Raspberry Pi).
Signed-off-by: Mark Mentovai <mark at moxienet.com>
adds `libusb-1.0.so` link on the target root again.
Fixes: 43539a6aab ("libusb: make InstallDev explicit")
Signed-off-by: Leo Soares <leo@hyper.ag>
(added fixed tag, reworded commit)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This backports encap offload support from upstream.
On some ath10k devices there can be about 10% improvement on tx throughput.
Users can turn it on by setting frame_mode=2.
Signed-off-by: Zhijun You <hujy652@gmail.com>
This adds support for the Netgear PGZNG1, also known as the ADT Pulse
Gateway.
Hardware:
CPU: Atheros AR9344
Memory: 256MB
Storage: 256MB NAND Hynix H27U2G8F2CTR-BC
USB: 1x USB 2.0
Ethernet: 2x 100Mb/s
WiFi: Atheros AR9340 2.4GHz 2T2R
Leds: 8 LEDs
Button: 1x Reset Button
UART:
Header marked JPE1. Pinout is VCC, TX, RX, GND. The marked pin, closest
to the JPE1 marking, is VCC. Note VCC isn't required to be connected
for UART to work.
Enable Stock Firmware Shell Access:
1. Interrupt u-boot and run the following commands
setenv console_mode 1
saveenv
reset
This will enable a UART shell in the firmware. You can then login using
the root password of `icontrol`. If that doesn't work, the device is
running a firmware based on OpenWRT where you can drop into failsafe to
mount the FS and then modify /etc/passwd.
Installation Instructions:
1. Interupt u-boot and run the following commands
setenv active_image 0
setenv stock_bootcmd nboot 0x81000000 0 \${kernel_offset}
setenv openwrt_bootcmd nboot 0x82000000 0 \${kernel_offset}
setenv bootcmd run openwrt_bootcmd
saveenv
2. boot initramfs image via TFTP u-boot
tftpboot 0x82000000 openwrt-ath79-nand-netgear_pgzng1-initramfs-kernel.bin; bootm 0x82000000
3. Once booted, use LuCI sysupgrade to
flash openwrt-ath79-nand-netgear_pgzng1-squashfs-sysupgrade.bin
MAC Table:
WAN (eth0): xx:xa - caldata 0x0
LAN (eth1): xx:xb - caldata 0x6
WLAN (phy0): xx:xc - burned into ath9k caldata
Not Working:
Z-Wave
RS422
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
(added more hw-info, fixed file permissions)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch adds support for the mainline kernel module for the PCA955x
LED driver. Note this requires i2c and GPIO support. Also worth calling
out this driver also enables GPIO support, depending on device tree
configuration.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
This row is no longer necessary as it was replaced by LOCALVERSION in
uboot.mk, which explicitly sets OpenWrt version to all U-boot packages accross
OpenWrt. [1]
[1] d6aa9d9e07
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
The MBL has a 512KiB Microchip SST39VF040 chip for uboot and
not much else.
Thanks to Ewald who figured out that the "jedec-probe" vs.
"jedec-flash" was the wrong binding. With this information
and the jedec-probe support enabled => the chip works.
| physmap-flash 4fff80000.nor_flash: physmap platform flash device: [mem 0x4fff80000-0x4ffffffff]
| Found: SST 39LF040
| 4fff80000.nor_flash: Found 1 x8 devices at 0x0 in 8-bit bank
Suggested-by: Ewald Comhaire <e.comhaire@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Hardware specification
----------------------
* RTL8382M SoC, 1 MIPS 4KEc core @ 500MHz
* 128MB DRAM
* 32MB NOR Flash
* 16 x 10/100/1000BASE-T ports
- Internal PHY with 8 ports (RTL8218B)
- External PHY with 8 ports (RTL8218B)
* 4 x Gigabit RJ45/SFP Combo ports
- External PHY with 4 SFP ports (RTL8214FC)
* Power LED
* Reset button on front panel
* UART (115200 8N1) via unpopulated standard 0.1" pin header marked J6
UART pinout
-----------
[o]ooo|J6
| ||`------ GND
| |`------- RX
| `-------- TX
`---------- Vcc (3V3)
Boot initramfs image from U-Boot
--------------------------------
1. Press Escape key during `Hit Esc key to stop autoboot` prompt
2. Press CTRL+C keys to get into real U-Boot prompt
3. Init network with `rtk network on` command
4. Load image with `tftpboot 0x8f000000 openwrt-realtek-rtl838x-d-link_dgs-1210-20-initramfs-kernel.bin` command
5. Boot the image with `bootm` command
To install, upload the sysupgrade image to the OEM webpage or sysupgrade
from the system running from initramfs image.
It has been developed and tested on device with F1 revision.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
[correct initramfs image name]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
4383528e0 P2P: Use weighted preferred channel list for channel selection
f2c5c8d38 QCA vendor attribute to configure RX link speed threshold for roaming
94bc94b20 Add QCA vendor attribute for DO_ACS to allow using existing scan entries
b9e2826b9 P2P: Filter 6 GHz channels if peer doesn't support them
d5a9944b8 Reserve QCA vendor sub command id 206..212
ed63c286f Remove space before tab in QCA vendor commands
e4015440a ProxyARP: Clear bridge parameters on deinit only if hostapd set them
02047e9c8 hs20-osu-client: Explicit checks for snprintf() result
cd92f7f98 FIPS PRF: Avoid duplicate SHA1Init() functionality
5c87fcc15 OpenSSL: Use internal FIPS 186-2 PRF with OpenSSL 3.0
9e305878c SAE-PK: Fix build without AES-SIV
c41004d86 OpenSSL: Convert more crypto_ec_key routines to new EVP API
667a2959c OpenSSL: crypto_ec_key_get_public_key() using new EVP_PKEY API
5b97395b3 OpenSSL: crypto_ec_key_get_private_key() using new EVP_PKEY API
177ebfe10 crypto: Convert crypto_ec_key_get_public_key() to return new ec_point
26780d92f crypto: Convert crypto_ec_key_get_private_key() to return new bignum
c9c2c2d9c OpenSSL: Fix a memory leak on crypto_hash_init() error path
6d19dccf9 OpenSSL: Free OSSL_DECODER_CTX in tls_global_dh()
4f4479ef9 OpenSSL: crypto_ec_key_parse_{priv,pub}() without EC_KEY API
b092d8ee6 tests: imsi_privacy_attr
563699174 EAP-SIM/AKA peer: IMSI privacy attribute
1004fb7ee tests: Testing functionality to discard DPP Public Action frames
355069616 tests: Add forgotten files for expired IMSI privacy cert tests
b9a222cdd tests: sigma_dut and DPP curve-from-URI special functionality
fa36e7ee4 tests: sigma_dut controlled STA and EAP-AKA parameters
99165cc4b Rename wpa_supplicant imsi_privacy_key configuration parameter
dde7f90a4 tests: Update VM setup example to use Ubuntu 22.04 and UML
426932f06 tests: EAP-AKA and expired imsi_privacy_key
35eda6e70 EAP-SIM peer: Free imsi_privacy_key on an error path
1328cdeb1 Do not try to use network profile with invalid imsi_privacy_key
d1652dc7c OpenSSL: Refuse to accept expired RSA certificate
866e7b745 OpenSSL: Include rsa.h for OpenSSL 3.0
bc99366f9 OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using TLS 1.0/1.1
39e662308 tests: Work around reentrant logging issues due to __del__ misuse
72641f924 tests: Clean up failed test list in parallel-vm.py
e36a7c794 tests: Support pycryptodome
a44744d3b tests: Set ECB mode for AES explicitly to work with cryptodome
e90ea900a tests: sigma_dut DPP TCP Configurator as initiator with addr from URI
ed325ff0f DPP: Allow TCP destination (address/port) to be used from peer URI
e58dabbcf tests: DPP URI with host info
37bb4178b DPP: Host information in bootstrapping URI
1142b6e41 EHT: Do not check HE PHY capability info reserved fields
7173992b9 tests: Flush scan table in ap_wps_priority to make it more robust
b9313e17e tests: Update ap_wpa2_psk_ext_delayed_ptk_rekey to match implementation
bc3699179 Use Secure=1 in PTK rekeying EAPOL-Key msg 1/4 and 2/4
d2ce1b4d6 tests: Wait for request before responding in dscp_response
Compile-tested: all versions / ath79-generic, ramips-mt7621
Run-tested: hostapd-wolfssl / ath79-generic, ramips-mt7621
Signed-off-by: David Bauer <mail@david-bauer.net>
Downstream projects might re-generate device-specific configuration
based on OpenWrt's defaults on each upgrade, thus being unaffected by
forward- as well as backwards-breaking configuration.
Add a new sysupgrade parameter, which allows sysupgrades between minor
compat-versions. Upgrades will still fail upon mismatching major compat
versions.
Signed-off-by: David Bauer <mail@david-bauer.net>
11f5c7b fw4.uc: fix zone helper assignment
b9d35ff fw4.uc: don't skip zone for unavailable helper
e35e26b tests: add test for zone helpers
a063317 ruleset: fix conntrack helpers
e1cb763 ruleset: reuse zone-jump.uc template for notrack and helper chain jumps
11410b8 ruleset: reorder declarations & output tweaks
880dd31 fw4: fix skipping invalid IPv6 ipset entries
5994466 fw4: simplify `is_loopback_dev()`
53886e5 fw4: fix crash in parse_cthelper() if no helpers are present
11256ff fw4: add support for configurable includes
3b5a033 tests: add test coverage for firewall includes
d79911c fw4: support sets with timeout capability but without default expiry
15c3831 fw4: add support for `option log` in rule and redirect sections
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Select matching U-Boot for both v1 and v2 variants.
Fixes: 15a02471bb ("mediatek: new target mt7622-ubnt-unifi-6-lr-v1")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Before this change UCI sections of both types were parsed in order as
specified in UCI. That didn't work well with all drivers (e.g. b53).
It seems that VLAN setup can reset / overwrite previously set ports
parameters. It resulted in "switch_port" options defined above
"switch_vlan"s being silently ignored.
Ideally swconfig & all drivers should be improved to handle that
properly but it'd be a waste of time at this point as DSA replaces
swconfig. Use this minor parsing change as a quick fix.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
MTS WG430223 is a wireless AC1300 (WiFi 5) router manufactured by
Arcadyan company. It's very similar to Beeline Smartbox Flash (Arcadyan
WG443223).
Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 128 MiB
Flash: 128 MiB (Winbond W29N01HV)
Wireless 2.4 GHz (MT7615DN): b/g/n, 2x2
Wireless 5 GHz (MT7615DN): a/n/ac, 2x2
Ethernet: 3xGbE (WAN, LAN1, LAN2)
USB ports: No
Button: 1 (Reset/WPS)
LEDs: 2 (Red, Green)
Power: 12 VDC, 1 A
Connector type: Barrel
Bootloader: U-Boot (Ralink UBoot Version: 5.0.0.2)
OEM: Arcadyan WG430223
Installation
------------
1. Login to the router web interface (superadmin:serial number)
2. Navigate to Administration -> Miscellaneous -> Access control lists &
enable telnet & enable "Remote control from any IP address"
3. Connect to the router using telnet (default admin:admin)
4. Place *factory.trx on any web server (192.168.1.2 in this example)
5. Connect to the router using telnet shell (no password required)
6. Save MAC adresses to U-Boot environment:
uboot_env --set --name eth2macaddr --value $(ifconfig | grep eth2 | \
awk '{print $5}')
uboot_env --set --name eth3macaddr --value $(ifconfig | grep eth3 | \
awk '{print $5}')
uboot_env --set --name ra0macaddr --value $(ifconfig | grep ra0 | \
awk '{print $5}')
uboot_env --set --name rax0macaddr --value $(ifconfig | grep rax0 | \
awk '{print $5}')
7. Ensure that MACs were saved correctly:
uboot_env --get --name eth2macaddr
uboot_env --get --name eth3macaddr
uboot_env --get --name ra0macaddr
uboot_env --get --name rax0macaddr
8. Download and write the OpenWrt images:
cd /tmp
wget http://192.168.1.2/factory.trx
mtd_write erase /dev/mtd4
mtd_write write factory.trx /dev/mtd4
9. Set 1st boot partition and reboot:
uboot_env --set --name bootpartition --value 0
Back to Stock
-------------
1. Run in the OpenWrt shell:
fw_setenv bootpartition 1
reboot
2. Optional step. Upgrade the stock firmware with any version to
overwrite the OpenWrt in Slot 1.
MAC addresses
-------------
+-----------+-------------------+----------------+
| Interface | MAC | Source |
+-----------+-------------------+----------------+
| label | A4:xx:xx:51:xx:F4 | No MACs was |
| LAN | A4:xx:xx:51:xx:F6 | found on Flash |
| WAN | A4:xx:xx:51:xx:F4 | [1] |
| WLAN_2g | A4:xx:xx:51:xx:F5 | |
| WLAN_5g | A6:xx:xx:21:xx:F5 | |
+-----------+-------------------+----------------+
[1]:
a. Label wasb't found neither in factory nor in other places.
b. MAC addresses are stored in encrypted partition "glbcfg". Encryption
key hasn't known yet. To ensure the correct MACs in OpenWrt, a hack
with saving of the MACs to u-boot-env during the installation was
applied.
c. Default Ralink ethernet MAC address (00:0C:43:28:80:A0) was found in
"Factory" 0xfff0. It's the same for all MTS WG430223 devices. OEM
firmware also uses this MAC when initialazes ethernet driver. In
OpenWrt we use it only as internal GMAC (eth0), all other MACs are
unique. Therefore, there is no any barriers to the operation of several
MTS WG430223 devices even within the same broadcast domain.
Stock firmware image format
---------------------------
The same as Beeline Smartbox Flash but with another trx magic
+--------------+---------------+----------------------------------------+
| Offset | | Description |
+==============+===============+========================================+
| 0x0 | 31 52 48 53 | TRX magic "1RHS" |
+--------------+---------------+----------------------------------------+
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Fix hostapd feature detection after the bump to 2022-05-08.
getopt was not updated correctly after upstream added support for -q arg.
This reenables feature detection so that LuCi can check for features like
SAE, fast roaming etc.
Fixes: c35ff1affe ("hostapd: update to 2022-05-08")
Signed-off-by: Robert Marko <robimarko@gmail.com>
902b321 wireless-regdb: Update regulatory rules for Israel (IL)
20f6f34 wireless-regdb: add missing spaces for US S1G rules
25652b6 wireless-regdb: Update regulatory rules for Australia (AU)
081873f wireless-regdb: update regulatory database based on preceding changes
166fbdd wireless-regdb: add db files missing from previous commit
e3f03f9 Regulatory update for 6 GHz operation in Canada (CA)
888da5f Regulatory update for 6 GHz operation in United States (US)
647bcaa Regulatory update for 6 GHz operation in FI
c6b079d wireless-regdb: update regulatory rules for Bulgaria (BG) on 6GHz
2ed39be wireless-regdb: Remove AUTO-BW from 6 GHz rules
7a6ad1a wireless-regdb: Unify 6 GHz rules for EU contries
68a8f2f wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7e06706 iw: event: report missing radar events
5909e73 iw: survey: add support for radio stats
64bf570 update nl80211.h
0900996 iw: print Radar background capability if supported
56c6077 iw: print out assoc comeback event
a4e5418 iw: support 160MHz frequency command for 6GHz band
5a71b72 iw: Print local EHT capabilities
e3287a1 station: print EHT rate information
ff67fb2 iw: fix double tab in mesh path header
05a5267 iw: fix 'upto' -> 'up to'
00a2985 iw: handle VHT extended NSS
82e0bd1 update nl80211.h
c95877c info: add missing extended features
0976378 info: refactor extended features
79f20cb bump version to 5.19
Sync nl80211.h with our version of mac80211 and remove parts of the iw
code that are not supported by our version of mac80211.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Sync nl80211.h with upstream in order to maintain parity with
nl80211_copy.h shipped with hostapd.
This is necessary, as currently the enum value for
NL80211_EXT_FEATURE_RADAR_BACKGROUND mismatches between hostapd and
mac80211. This breaks background radar capability detection in hostapd.
Reported-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: David Bauer <mail@david-bauer.net>
Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build
the now non-shared package, openvpn will not be selected, and WolfSSL
will be built without it. Then phase2 bots have CONFIG_ALL=y, which
will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This
changes the version hash, causing dependency failures, as shared
packages expect the phase2 hash.
Fixes: #9738
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
libwolfssl-benchmark should NOT be compiled as nonshared but
currently there is a bug where, on buildbot stage2, the package
is recompiled to build libwolfssl-benchmark and the dependency
change to the new libwolfssl version.
Each dependant package will now depend on the new wolfssl package
instead of the one previously on stage1 that has a different package
HASH.
Set the nonshared PKGFLAGS global while this gets investigated
and eventually fixed.
Fixes: 0a2edc2714 ("wolfssl: enable CPU crypto instructions")
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
commit c3a4cddaaf ("hostapd: remove hostapd-hs20 variant")
as well as
commit 9f1927173a ("hostapd: wpas: add missing config symbols")
indicate hostapd-full should support Hotspot 2.0 already, but only
wpa_supplicant (and wpad) do.
How this happened is not really clear, as no commit adding support for
Hotspot 2.0 is in the history.
Fix this and add Hotspot 2.0 capability to hostapd-full.
Signed-off-by: David Bauer <mail@david-bauer.net>
Add the current BSS color to hostapd get_status method. This field is
set to -1 in case BSS color is not active for the BSS.
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
In case no specific BSS color is configured, set it to a random value.
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
Update hostapd to Git HEAD from 2022-05-08. This allows us to take
advantage of background radar-detection as well as BSS color collision
detection.
Suggested-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
This patch allows the user to set `auth_server` and related settings on
non WPA2 Enterprise AP modes in `/etc/config/wireless`, too, so the
Radius Attributes for Dynamic VLAN Assignment can be fetched from Radius.
Without this patch, `auth_server` and other needed options are only
written to `hostapd-phy<n>.conf` when `option encryption wpa2` is set.
`hostapd` however supports "Station MAC address -based authentication" for
non WPA Enterprise Modes, too.
A classic approch is to use `accept_mac_file` which contains MAC addr
and VLAN-ID pairs. But, using `accept_mac_file` does not support
VLAN assignment for unknown stations.
This is a sample `freeradius3` config, where a known station
("7e:a6:a7:2a:93:d2") is assigned to VLAN `65` and unknown stations are
assigned to VLAN `67`.
```
"7ea6a72a93d2" Cleartext-Password := "7ea6a72a93d2"
Tunnel-Type = "VLAN",
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Private-Group-Id = 65
DEFAULT Cleartext-Password := "%{User-Name}"
Tunnel-Type = "VLAN",
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Private-Group-Id = 67
```
Other option is to configure known stations via `accept_mac_file` and
using only Radius for unknown stations.
I tested this patch only with `wpa_key_mgmt=WPA-PSK`, and assumed that
it should work with other Encryption/Access Mode, too.
Signed-off-by: Bernd Naumann <bernd.naumann@kr217.de>
This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures. Add this to the hardware acceleration choice, since they
can't be enabled at the same time.
The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them. There is no run-time detection of this for arm.
NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Enabling different hardware crypto acceleration should not change the
library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in.
Patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800, x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
The ZyXEL GS1900-24E is a 24 port gigabit switch similar to other GS1900
switches.
Specifications
--------------
* Device: ZyXEL GS1900-24E
* SoC: Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash: 16 MiB Macronix MX25L12835F
* RAM: 128 MiB DDR2 SDRAM Nanya NT5TU128M8GE
* Ethernet: 24x 10/100/1000 Mbps
* LEDs: 1 PWR LED (green, not configurable)
1 SYS LED (green, configurable)
24 ethernet port link/activity LEDs (green, SoC controlled)
* Buttons: 1 "RESET" button on front panel
* Switch: 1 Power switch on rear of device
* Power 120-240V AC C13
* UART: 1 serial header (JP2) with populated standard pin connector on
the left side of the PCB.
Pinout (front to back):
+ Pin 1 - VCC marked with white dot
+ Pin 2 - RX
+ Pin 3 - TX
+ PIn 4 - GND
Serial connection parameters: 115200 8N1.
Installation
------------
OEM upgrade method:
* Log in to OEM management web interface
* Navigate to Maintenance > Firmware
* Select the HTTP radio button
* Select the Active radio button
* Use the browse button to locate the
realtek-rtl838x-zyxel_gs1900-24e-initramfs-kernel.bin
file and select open so File Path is updated with filename.
* Select the Apply button. Screen will display "Prepare
for firmware upgrade ...".
*Wait until screen shows "Do you really want to reboot?"
then select the OK button
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/realtek-rtl838x-zyxel_gs1900-24e-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
* Since the GS1900-24E is a dual-partition device, you want to keep the OEM
firmware on the backup partition for the time being. OpenWrt can only boot
from the first partition anyway (hardcoded in the DTS). To make sure we are
manipulating the first partition, issue the following commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-rtl838x-zyxel_gs1900-24e-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24e-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
Signed-off-by: Raylynn Knight <rayknight@me.com>
All known users of this ubus method have been updated to use the new
bss_transition_request method instead.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Major changes are:
Add support for smbd-direct multi-desctriptor.
Add support for dkms.
Add support for key exchange.
Fix seveal bugs.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This patch adds support for Linksys WHW01 v1 ("Velop") [FCC ID Q87-03331].
Specification
-------------
SOC: Qualcomm IPQ4018
WiFi 1: Qualcomm QCA4019 IEEE 802.11b/g/n
WiFi 2: Qualcomm QCA4019 IEEE 802.11a/n/ac
Bluetooth: Qualcomm CSR8811 (A12U)
Ethernet: Qualcomm QCA8072 (2-port)
SPI Flash 1: Mactronix MX25L1605D (2MB)
SPI Flash 2: Winbond W25M02GV (256MB)
DRAM: Nanya NT5CC128M16IP-DI (256MB)
LED Controller: NXP PCA963x (I2C)
Buttons: Single reset button (GPIO).
Notes
-----
There does not appear to be a way to trigger TFTP recovery without entering
U-Boot. The device must be opened to access the serial console in order to
first flash OpenWrt onto a device from factory.
The device has automatic recovery backed by a second set of partitions on
the larger of the two SPI flash ICs. Both the primary and secondary must
be flashed to prevent accidental rollback to "factory" after 3 failed boot
attempts.
Serial console
--------------
A serial console is available on the following pins of the populated J2
connector on the device mainboard (115200 8n1).
(<-- Top of PCB / Device)
J2
[o o o o o o]
| | |
| | `-- GND
| `---- TX
`--------- RX
Installation instructions
-------------------------
1. Setup TFTP server with server IP set to 192.168.1.236.
2. Copy compiled `...squashfs-factory.bin` to `nodes-jr.img` in tftp root.
3. Connect to console using pinout detailed in the serial console section.
4. Power on device and press enter when prompted to drop into U-Boot.
5. Flash first partition device via `run flashimg`.
6. Once complete, reset device and allow to power up completely.
7. Once comfortable with device upgrade reboot and drop back into U-Boot.
8. Flash the second partition (recovery) via `run flashimg2`.
Revert to "factory"
-------------------
1. Download latest firmware update from vendor support site.
2. Copy extracted `.img` file to `nodes-jr.img` in tftp root.
3. Connect to console using pinout detailed in the serial console section.
4. Power on device and press enter when prompted to drop into U-Boot.
5. Flash first partition device via `run flashimg`.
6. Once complete, reset device and allow to power up completely.
7. Once comfortable with device upgrade reboot and drop back into U-Boot.
8. Flash the second partition (recovery) via `run flashimg2`.
Link: https://github.com/openwrt/openwrt/pull/3682
Signed-off-by: Peter Adkins <peter@sunkenlab.com>
(calibration from nvmem, updated to 5.10+5.15)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Make ar8216/8327 swconfig driver modularizable and add
entry to the netdevices.mk kernel modules file.
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
latency and short-term fairness is improved by fixing the tx queue sorting
so that it considers the pending AQL budget
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Needed by strongSwan IPsec VPN for strongswan-mod-chapoly. Not to be confused with
kmod-crypto-LIB-chacha20poly1305, which is an 8-byte nonce version used
by wireguard.
Signed-off-by: Xu Wang <xwang1498@gmx.com>
Aruba deploys a BDF in the root filesystem, however this matches the one
used for the DK04 reference board.
The board-specific BDFs are built into the kernel. The AP-365 shows
sinificant degraded performance with increased range when used with the
reference BDF.
Replace the BDF with the one extracted from Arubas kernel.
Signed-off-by: David Bauer <mail@david-bauer.net>
2f793a4 lua: add optional path filter to objects() method
2bebf93 ubusd: handle invoke on event object without data
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2e1fcf4 netifd: fix hwmode for 60g band
39ef9fe interface-ip: fix memory corruption bug when using jail network namespaces
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
557c98e init: selinux: don't relabel virtual filesystems
7a00968 init: only relabel rootfs if started from initramfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
210991d fw4: prefer /dev/stdin if available
4e5e322 fw4: make `fw4 restart` behavior more robust
221040e ruleset: emit time ranges when both start and stop times are specified
30a7d47 fw4: fix datetime parsing
fb9a6b2 ruleset: correct mangle_output chain type
6dd2617 fw4: fix logic flaw in testing hw flow offloading support
c7c9c84 fw4: ensure that negative bitcounts are properly translated
c4a78ed fw4: fix typo in emitted set types
Fixes: #9764, #9923, #9927, #9935, #9955
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add ieee80211_rx_check_bss_color_collision routine in order to introduce
BSS color collision detection in mac80211 if it is not supported in HW/FW
(e.g. for mt7915 chipset).
Add IEEE80211_HW_DETECTS_COLOR_COLLISION flag to let the driver notify
BSS color collision detection is supported in HW/FW. Set this for ath11k
which apparently didn't need this code.
Tested-by: Peter Chiu <Chui-Hao.Chiu@mediatek.com>
Co-developed-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Link: https://lore.kernel.org/r/a05eeeb1841a84560dc5aaec77894fcb69a54f27.1648204871.git.lorenzo@kernel.org
[clarify commit message a bit, move flag to mac80211]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Buidbots are currently choking on the following compile error:
In file included from tools/aisimage.c:9:
include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory
# include <openssl/evp.h>
^~~~~~~~~~~~~~~
compilation terminated.
This is caused by a complete overriding of make flags which are provided
correctly in `UBOOT_MAKE_FLAGS` variable, but currently overriden
instead of extended. This then leads to the usage of build host include
dirs, which are not available.
Fix it by extending `UBOOT_MAKE_FLAGS` variable in all device recipes.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Original patch: https://github.com/cifsd-team/ksmbd-tools/issues/227
adapted for ksmbd kernel module v3.4.3 by me.
Fixes crash in v3.4.3 only. Use original patch when updating to v3.4.4
as this one will fail hunk #1.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
4b4849cf5e5a interface-ip: unify host and proto route handling
507c0513d176 interface-ip: add support for excluding interfaces in host route lookup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
86ca9c6 devstatus: prints to terminal
95de949 deal with /rom/dev/console label inconsistencies
ab6b6ee uci: hack to deal with potentially mislabeled char files
acf9172 dnsmasq this can't be right
021db5b luci-app-tinyproxy
cf3a9c4 support/secmark: removes duplicate loopback rules
eeb2610 dhcp servers: recv dhcp client packets
d5a5fc3 more support/secmark "fixes"
35d8604 update support secmark
4c155c0 packets these were caused by labeling issues with loopback
fad35a5 nftables reads routing table
f9c5a04 umurmur: kill an mumur instance that does not run as root
10a10c6 mmc stordev make this consistent
ab3ec5b Makefile: sort with LC_ALL=C
b34eaa5 fwenv rules
8c2960f adds rfkill nodedev and some mmc partitions to stordev
5a9ffe9 rcboot runs fwenv with a transition
9954bf6 dnsmasq in case of tcp
ab66468 dnsmasq try this
5bfcb88 dnsmasq stubby not sure why this is happening
863f549 luci not sure why it recv and send server packets
d5cddb0 uhttpd sends sigkill luci cgi
44cc04d stubby: it does not maintain anything in there
db730b4 Adds stubby
ccbcf0e tor simplify network access
a308065 tor basic
a9c0163 znc loose ends
327a9af acme: allow acme_cleanup.sh to restart znc
4015614 basic znc
7ef14a2 support/secmark: clarify some things
3107afe README: todo qrencode
943035a README and secmark doc
4c90937 ttyd: fix that socket leak again
3239adf dnsmasq icmp packets and fix a tty leak issue
b41d38f Makefile: optimize
95d05b1 sandbox dontaudit ttyd leak
0b7d670 rpcd: reads mtu
e754bf1 opkg-lists try this
35fb530 opkg-lists: custom
4328754 opkg try to address mislabeled /tmp/opkg-lists
3e2385c rcnftqos
95eae2d ucode
c86d366 luci diagnostics
e10b443 rpcd packets and wireguard/luci
a25e020 igmpproxt packets
0106f00 luci
dcef79c nftqos related
3c9bc90 related to nft-qos and luci
f8502d4 dnsmasq more related to /usr/lib/dnsmasq/dhcp-script.sh
29a4271 dnsmasq: related to /usr/lib/dnsmasq/dhcp-script.sh
0c5805a some nft-qos
1100b41 adds a label for /tmp/.ujailnoafile
e141a83 initscript: i labeled ujail procd.execfile
a3b0302 Makefile: adds a default target + packets target
6a3f8ef label usign as opkg and label fwtool and sysupgrade
04d1cc7 sysupgrade: i meant don't do the fc spec
763bec0 sysupgrade: dont do /tmp/sysupgrade.img
af2306f adds a failsafe.tmpfile and labels validate_firmware_image
5b15760 fwenv: comment doesnt make sense
370ac3b fwenv: executes shell
67e3fcb fwenv: adds fw_setsys
544d211 adds procd execfile module to label procd related exec files
99d5f13 rclocalconffile: treat /etc/rc.button like /etc/rc.local
4dfd662 label uclient-fetch the same as wget
75d8212 osreleasemiscfile: adds /etc/device_info
0c1f116 adds a rcbuttonconffile for /etc/rc.button (base-files)
ccd23f8 adds a syslog.conffile for /etc/syslog.conf (busybox)
f790600 adds a libattr.conffile for /etc/xattr.conf
fcc028e fwenv: adds fwsys
1255470 xtables: various iptables alternatives
a7c4035 Revert "sqm: runs xtables, so also allow nftables"
0d331c3 sqm: runs xtables, so also allow nftables
f34076b acme: will run nftables in the near future
6217046 allow ssl.read types to read /tmp/etc/ssl/engines.cnf
d0deea3 fixes dns packets
8399efc Revert "sandbox: see if dontauditing this affects things"
73d716a sandbox: see if dontauditing this affects things
b5ee097 sandbox: also allow readinherited dropbear pipes
12ee46b iwinfo traverses /tmp/run/wpa_supplicant
4a4d724 agent.cil: also reads inherited dropbear pipes
d48013f support/secmark: i tightened my dns packet policy
645ad9e dns packets redone
4790b25 dnsnetpacket: fix obj macro template
d9fafff redo dns packets
0a68498 ttyd: leaks a netlink route socket
1d2e6be .gitattributes: remove todo
e1bb954 usbutil: reads bus sysfile symlinks
d275a32 support/secmark: clean it up a little
af5ce12 Makefile: exclude packet types in default make target
3caacdf support/secmark: document tunable/boolean
e3dd3e6 invalidpacketselinuxbool: make it build-time again
54f0ccf odhcpd packet fix
4a864ba contrib/secmark: add a big FAT warning
bead937 contrib/secmark: adds note about secmark support
146ae16 netpacket remove test
2ce9899 dns packets, odhcp6c raw packet, 4123 ntpnts for netnod
070a45f chrony and unbound packets
eba894f rawip socket packets cannot be labeled
656ae0b adds isakmp (500), ipsec-nat-t (4500) and rawip packet types
35325db adds igmp packet type
5cf444c adds icmp packet type
2e41304 sandbox some more packet access for sandbox net
12caad6 packet accesses
b8eb9a8 adds a trunkload of packet types
a42a336 move rules related to invalid netpeers and ipsec associations
a9e40e0 xtables/nftables allow relabelto all packet types
aa5a52c README: adds item to wish list
3a96eec experiment: simple label based packet filtering
26d6f95 nftables reads/writes fw pipes
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
c22eeef fw4: support negative CIDR bit notation
628d791 hotplug: reliably handle interfaces with ubus zone hints
d005293 fw4: store zone associations from ubus in statefile as well
b268225 fw4: filter non hw-offload capable devices when resolving lower devices
57984e0 fw4: always resolve lower flowtable devices
7782017 tests: fix mocked `fd.read("line")` api
72b196d config: remove restictions on DHCPv6 allow rule
f0cc317 fw4: refactor family selection for forwarding rules
b0b8122 treewide: use modern syntax
05995f1 fw4: fix emitting device jump rules for family restricted zones
b479815 fw4: fix family auto-selection for config nat rules
2816a82 ruleset: ensure that family-agnostic ICMP rules cover ICMPv6 as well
2379c3d tests: add test coverage for zone family selection logic
Fixes: #5066, #9611, #9765, #9854
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Since we now provide the BDF-s for MikroTik IPQ40xx devices on the fly,
there is noneed to include package and ship them like we do now.
This also resolves the performance issues that happen as MikroTik
changes the boards and ships them under the same revision but they
actually ship with and require a different BDF.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Some ath10k IPQ40xx devices like the MikroTik hAP ac2 and ac3 require the
BDF-s to be extracted from the device storage instead of shipping packaged
API 2 BDF-s.
This is required as MikroTik has started shipping boards that require BDF-s
to be updated, as otherwise their WLAN performance really suffers.
This is however impossible as the devices that require this are release under
the same revision and its not possible to differentiate them from devices
using the older BDF-s.
In OpenWrt we are extracting the calibration data during runtime and we are
able to extract the BDF-s in the same manner, however we cannot package the
BDF-s to API 2 format on the fly and can only use API 1 to provide BDF-s on
the fly.
This is an issue as the ath10k driver explicitly looks only for the board.bin
file and not for something like board-bus-device.bin like it does for pre-cal
data.
Due to this we have no way of providing correct BDF-s on the fly, so lets
extend the ath10k driver to first look for BDF-s in the board-bus-device.bin
format, for example: board-ahb-a800000.wifi.bin
If that fails, look for the default board file name as defined previously.
So, backport the upstream ath10k patch.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Update ath10k-ct to the latest version which includes the backported
ath10k commit for requesting API 1 BDF-s with a unique name like caldata.
Signed-off-by: Robert Marko <robimarko@gmail.com>
HOST_LOADLIBES was renamed to KBUILD_HOSTLDLIBS in kernel 4.19. As the
oldest kernel version we support is 5.10, cleanup HOST_LOADLIBES use.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The upcoming dwarves host package requires elfutils. As dependencies for
tools must exist in tools, we need to move elfutils host build there.
As there is at least one package that depends on this, and there is no
proper way to create such dependency in the build system, build it
unconditionally when not building on macOS.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This is mostly a bug fix release, including two that were already
patched here:
- 300-fix-SSL_get_verify_result-regression.patch
- 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This release comes with a security fix related to c_rehash. OpenWrt
does not ship or use it, so it was not affected by the bug.
There is a fix for a possible crash in ERR_load_strings() when
configured with no-err, which OpenWrt does by default.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Compiles faster, is PIC by default, and does not have pkgconfig files
with wrong paths.
Add various fixes to it as it seems cross compilation was never tested.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
f2d6752901f2 blob: clear buf->head when freeing a buffer
45210ce14136 list.h: add container_of_safe macro
cfa372ff8aed blobmsg: implicitly reserve space for 0-terminator in string buf alloc
d2223ef9da71 blobmsg: work around false positive gcc -Warray-bounds warnings
Signed-off-by: Felix Fietkau <nbd@nbd.name>
From Andreas Böhler:
"Some revisions of the FRITZ!7530 use a Toshiba NAND with 8 bit ECC
in contrast to the Macronix NAND with 4 bit ECC.".
Uboot needs to know this in order to have a chance to load from
the NAND.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Kalle Valo managed to add the qca9980's boardfile in the
upstream repository. Sourcing the file from his repository
is no longer needed.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The ZyXEL GS1900-16 is a 16 port gigabit switch similar to other GS1900 switches.
Specifications
--------------
* Device: ZyXEL GS1900-16
* SoC: Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash: 16 MiB Macronix MX25L12835F
* RAM: 128 MiB DDR2 SDRAM Nanya NT5TU128M8HE
* Ethernet: 16x 10/100/1000 Mbps
* LEDs: 1 PWR LED (green, not configurable)
1 SYS LED (green, configurable)
16 ethernet port link/activity LEDs (green, SoC controlled)
* Buttons: 1 "RESET" button on front panel
* Power 120-240V AC C13
* UART: 1 serial header (J12) with populated standard pin connector on
the right back of the PCB.
Pinout (front to back):
+ Pin 1 - VCC marked with white dot
+ Pin 2 - RX
+ Pin 3 - TX
+ PIn 4 - GND
Serial connection parameters: 115200 8N1.
Installation
------------
OEM upgrade method:
* Log in to OEM management web interface
* Navigate to Maintenance > Firmware
* Select the HTTP radio button
* Select the Active radio button
* Use the browse button to locate the
realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin
file amd select open so File Path is update with filename.
* Select the Apply button. Screen will display "Prepare
for firmware upgrade ...".
*Wait until screen shows "Do you really want to reboot?"
then select the OK button
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
* Since the GS1900-16 is a dual-partition device, you want to keep the OEM
firmware on the backup partition for the time being. OpenWrt can only boot
from the first partition anyway (hardcoded in the DTS). To make sure we are
manipulating the first partition, issue the following commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/openwrt-realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
Signed-off-by: Raylynn Knight <rayknight@me.com>
[removed duplicate patch title, align RAM specification]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
With 5.4 out of the picture, remove LINUX_5_10 here. This is
needed for the WNDR4700 as otherwise kmod-usb3 isn't available
for 5.15.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
upstream linux have these watchdogs locked behind X86.
These will not build on other architectures. So move them
to target/linux/x86/modules.mk
drivers/watchdog/Kconfig:
|config F71808E_WDT
| tristate "Fintek F718xx, F818xx Super I/O Watchdog"
| depends on X86
|[...]
|config IT87_WDT
| tristate "IT87 Watchdog Timer"
| depends on X86
|[...]
|config ITCO_WDT
| tristate "Intel TCO Timer/Watchdog"
| depends on (X86 || IA64) && PCI
|[...]
|config W83627HF_WDT
| tristate "Watchdog timer for W83627HF/W83627DHG and compatibles"
| depends on X86
|[...]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
the Intel i6300esb is QEMU's default watchdog. And unlike
the real "Intel i6300ESB I/O Controller hub" hardware, the
i6300esb watchdog driver works on non-x86 targets like for
ARM (armvirt 32bit) and potentially virtual PowerPC and MIPS
targets (if there was any).
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Hardware specs:
SoC: Qualcomm IPQ8065 (dual core Cortex-A15)
RAM: 512 MB DDR3
Flash: 256 MB NAND, 32 MB NOR
WiFi: QCA9983 2.4 GHz, QCA9984 5 GHz
Switch: QCA8337
Ethernet: 5x 10/100/1000 Mbit/s
USB: 1x USB 3.0 Type-A
Buttons: WPS, Reset
Power: 12 VDC, 2.5 A
Ethernet ports:
1x WAN: connected to eth2
4x LAN: connected via the switch to eth0 and eth1
(eth0 is disabled in OEM firmware)
MAC addresses (OEM and OpenWrt):
fw_env @ 0x00 d4🆎82:??:??:?a LAN (eth1)
fw_env @ 0x06 d4🆎82:??:??:?b WAN (eth2)
fw_env @ 0x0c d4🆎82:??:??:?c WLAN 2.4 GHz (ath1)
fw_env @ 0x12 d4🆎82:??:??:?d WLAN 5 GHz (ath0)
fw_env @ 0x18 d4🆎82:??:??:?e OEM usage unknown (eth0 in OpenWrt)
OID d4🆎82 is registered to:
ARRIS Group, Inc., 6450 Sequence Drive, San Diego CA 92121, US
More info:
https://openwrt.org/inbox/toh/arris/tr4400_v2
IMPORTANT:
This port requires moving the 'fw_env' partition prior to first boot to
consolidate 70% of the usable space in flash into a contiguous partition.
'fw_env' contains factory-programmed MAC addresses, SSIDs, and passwords.
Its contents must be copied to 'rootfs_1' prior to booting via initramfs.
Note that the stock 'fw_env' partition will be wiped during sysupgrade.
A writable 'stock_fw_env' partition pointing to the old, stock location
is included in the port to help rolling back this change if desired.
Installation:
- Requires serial access and a TFTP server.
- Fully boot stock, press ENTER, type in:
mtd erase /dev/mtd21
dd if=/dev/mtd22 bs=128K count=1 | mtd write - /dev/mtd21
umount /config && ubidetach -m 23 && mtd erase /dev/mtd23
- Reboot and interrupt U-Boot by pressing a key, type in:
set mtdids 'nand0=nand0'
set mtdparts 'mtdparts=nand0:155M@0x6500000(mtd_ubi)'
set bootcmd 'ubi part mtd_ubi && ubi read 0x44000000 kernel && bootm'
env save
- Setup TFTP server serving initramfs image as 'recovery.bin', type in:
set ipaddr 192.168.1.1
set serverip 192.168.1.2
tftpboot recovery.bin && bootm
- Use sysupgrade to install squashfs image.
This port is based on work done by AmadeusGhost <amadeus@jmu.edu.cn>.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
[add 5.15 changes for 0069-arm-boot-add-dts-files.patch]
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Add NVRAM quirks script for the bcm53xx target. Split NVRAM quirks for the
bcm47xx and bcm53xx targets. Move clear partialboot NVRAM quirk for Linksys
EA9500 here. Add set wireless LED behaviour quirk for Asus RT-AC88U.
Use boot() instead of start() as nvram commands are meant to be executed
only once, at boot.
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.
Fixes: #5066
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Stop the connection when the control daemon is terminated. The code is
a modified version of the termination routine in version 4.23.1 of the
daemon (which doesn't support VR9 modems anymore).
This could also be implemented by calling the acos and acs commands via
dsl_cpe_pipe.sh in the init script. However, doing it in the daemon
itself has the advantage of also working if it is terminated in another
way (for example during sysupgrade).
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
The driver maintains elapsed times by repeatedly accumulating the time
since the previous update in a loop. For the elapsed showtime time, the
time difference is truncated to seconds before adding it, leading to a
sizable error over time.
Move the truncation to before calculation of the time difference in
order to remove this error. Also maintain the total elapsed time in the
same way in full seconds, to prevent the unsigned 32-bit counter from
wrapping around after about 50 days.
Testing on a VR9 device shows that the reported line uptime now matches
the actual elapsed wall time. The ADSL variant is only compile-tested,
but it should also work as the relevant code is identical.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Right now, both ltq-adsl-mei and ltq-vdsl-mei are always built, even
when they aren't necessary for the selected variant. This can cause the
build to fail, for example ltq-vdsl-mei doesn't build successfully here
on xway target due to the vectoring callback.
Make these dependencies conditional on the specific package variants,
so they are only built when actually needed.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Remove forgotten redundant selinuxenabled call and skip the whole
thing in case $IPKG_INSTROOT is set as labels are anyway applied only
later on in fakeroot when squashfs is created.
Fixes: 6d7272852e ("base-files: add missing $IPKG_INSTROOT to restorecon call")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
try to clean up some labeling inconsistencies
iwinfo loose ends
ucode loose ends
Makefile: adjust mintesttgt (adds blockmount/blockd)
nftables: reads inherited netifd pipe
ucode: reads inherited netifd pipes
mountroot: fowner
sandbox: writes inherited dropbear pipes
unbound related to /tmp/etc/ssl
unbound loose ends
adds a sslconftmpfile for /tmp/etc/ssl
README: maintain a wish list in the README
iwinfo: netifd forgot write
gptfdisk loose ends
iwinfo: netifd wpad reads/writes inherited netifd fifo files
netifd (mac80211.sh) executes iwinfo
luci: executes wireguard
luci-cgi: audits xtables execute access
rcuhttpd: lists ssl certfile dirs
iwinfo, wifi,nftables usage of ttyd pty if available
urandomseed: seedrng needs cap_sys_admin
iwinfo iwinfo, nftables and some chronyd rules related to ntp nts server
nftables, wifi and adds iwinfo skel
nftables, rpcd, ucode
nftables, ucode and seedrng ucode, fw3/nftables, luci
adds ucode skel and some fw3/nftables related
urandomseed: some seedrng rules
fw3 adds some support for fw4
urandomseed: /etc/seedrng is for seed.credit
hotplugcal: runs ucode which is interpreter like
adds a nftables skeleton and makes xtables optional
agent: allow all agents to write inherited dropbear pipes
urandomseed: this seems to be replaced by seedrng
kmodloader: label /etc/modules.conf kmodloader.conffile
Revert "shelexecfile: remove auditallow rule"
Makefile: sort the modules to process by secilc
Moves back to git.defensec.nl
unbound odhcpd (ip) reads net proc
tcp dump
shelexecfile: remove auditallow rule
rrd.cil: fixes indent
Target rddtool from cgi-io instead of runnit it without transition
rrd.cil related
rrd, rpcd, cgiio clean ups related to luci-app-statistics
Rules for rrd files and luci-statistics
unboundcontrol ordering
Several missing permissions
blockmount, dnsmasq, hotplugcall, rpcd, unbound
adds mctp_socket (linux 5.15)
ip: forgot tc-tiny type transition to go along with the fc spec
ip: adds a fc spec for tc-tiny (called by sqm)
adds ttyACM fc spec and various assorted loose ends
.gitattributes: do not export the github workflows
workflow use selinux 3.3
project moved back to https://git.defensec.nl/selinux-policy.git
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
After the switch to pre-calibration, ath10k would fail to initialize
the PCIE Wi-Fi on the GL-B200 as follows:
ath10k_pci 0000:01:00.0: enabling device (0140 -> 0142)
ath10k_pci 0000:01:00.0: qca9888 hw2.0 target 0x01000000 chip_id 0x00000000 sub 0000:0000
[...]
ath10k_pci 0000:01:00.0: failed to fetch board data for bus=pci,bmi-chip-id=0,bmi-board-id=16,variant=GL-B2200 from ath10k/QCA9888/hw2.0/board-2.bin
ath10k_pci 0000:01:00.0: failed to fetch board-2.bin or board.bin from ath10k/QCA9888/hw2.0
ath10k_pci 0000:01:00.0: failed to fetch board file: -12
ath10k_pci 0000:01:00.0: could not probe fw (-12)
Repackage the BDF file after renaming relevant fields and files to
allow for the Wi-Fi interface to start again.
Fixes: 80d34d9d59 ("ipq40xx: document pcie wifi chip on the GL.Inet GL-B2200")
CC: Christian Lamparter <chunkeey@gmail.com>
CC: Robert Marko <robimarko@gmail.com>
Reviewed-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
Update to overlooked v2 version of Dominick Grift's patch.
Fixes: 5109bd164c ("base-files: address sed in-place without SELinux awareness")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
sed(1) in busybox does not support this functionality:
https://git.savannah.gnu.org/cgit/sed.git/tree/sed/execute.c#n598
This causes /etc/group to become mislabeled when a package requests
that a uid/gid be added on OpenWrt with SELinux
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[move restorecon inside lock]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Commit ecbcc0b595 bricks devices on which the raw kernel and UBI mtd
partitions overlap.
This is the case of the ZyXEL NR7101 for example. Its OEM bootloader has
no UBI support. OpenWrt splits the stock kernel mtd partition into a raw
kernel part used by the bootloader and a UBI part used to store rootfs
and rootfs_data. Running mtd erase on the complete partition during
sysupgrade erases the UBI part and results in a soft brick.
Arguably the best solution would be to fix the partition layouts so that
kernel and UBI partitions do not overlap, also including a stock_kernel
partition to help reverting to stock firmware. This would have the added
benefit of protecting UBI from kernel images that are excessively large.
Fixes: ecbcc0b595 ("base-files: safer sysupgrade.tar for kernel-out-of-UBI")
Reported-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Refreshed patches:
- 100-cross_compile.patch
Manually refreshed patches:
- 200-reduce_size.patch
Removed patches:
- 101-mdadm.h-Undefine-dprintf-before-redefining.patch
- 102-Add-missing-include-file-sys-sysmacros.h.patch
Changes:
e30ca260 Release mdadm-4.2
8c80d305 Monitor: print message before quit for no array to monitor
ced5fa8b mdadm: block creation with long names
b71de056 Correct checking if file descriptors are valid
b2e4f084 Incremental: Close unclosed mdfd in IncrementalScan()
195d1d76 imsm: assert if there is migration but prev_map doesn't exist
75f3ba25 imsm: free allocated memory in imsm_fix_size_mismatch
bce0eab3 Release mdadm-4.2-rc3
4389ce73 imsm: introduce helpers to manage file descriptors
8e1a258e mdadm/Detail: Can't show container name correctly when unpluging disks
a35aa68f mdadm/lib: Define a new helper function is_dev_alived
1c66260d Fix 2 dc stream buffer
d64a37b9 Assemble: apply sysfs rules
5f6dedfb Fix potential overlap dest buffer
a0422106 disallow create or grow clustered bitmap with writemostly set
cf16a350 Fix buffer size warning for strcpy
60815698 Refactor parse_num and use it to parse optarg.
f7889e51 Fix error message when creating raid 4, 5 and 10
54604768 mdadm: fix coredump of mdadm --monitor -r
feeb2785 Utils: Change sprintf to snprintf
b8bbf264 Release mdadm-4.2-rc2
e6878148 Assemble: skip devices that don't match uuid instead of aborting the assembly.
0663137c Add monitor delay parameter to mdadm.conf
2b2c5668 tests: Avoid passing chunk size when creating RAID 1
7d374a18 Fix memory leak after "mdadm --detail"
92a647c8 Assemble: start dirty and degraded array.
1c275381 imsm: fix num_data_stripes after raid0 takeover
5b30a34a Add error handling for chunk size in RAID1
3a85bf0e imsm: Fix possible memory leaks and refactor freeing struct dl
ccd61ebf mdadm: Fix building errors
601ffa78 Don't associate spares with other arrays during RAID Examine
8d69bf14 Remove Spare drives line from details for external metadata
7d8935cb imsm: correct offset for 4k disks in --examine output
dca80fcd Use dev_open in validate geometry container
f421731c mdadm/super1: It needs to specify int32 for bitmap_offset
1f5d54a0 Manage: Call validate_geometry when adding drive to external container
8662f92d imsm: Limit support to the lowest namespace
fcebeb77 imsm: add devpath_to_char method
7c798f87 imsm: add generic method to resolve "device" links
0530e2e0 Prevent user from using --stop with ambiguous args
83b3de77 Fix some building errors
ff904202 imsm: change wrong size verification
c11b1c3c Release mdadm-4.2-rc1
aec01630 super-intel.c: Handle errors from calls to get_dev_sector_size()
78c93b00 mdadm: fix growing containers
af3396da Monitor: make libudev dependency optional
f94df5cf imsm: support for third Sata controller
d835518b imsm: nvme multipath support
4036e7ee imsm: extend curr_migr_unit to u64
bdbe7f81 Grow: Block reshape when external metadata and write-intent bitmap
848d71c9 Create: Block automatic enabling bitmap for external metadata
19ad203e imsm: Update-subarray for write-intent bitmap
dc95f821 Add "bitmap" to allowed command-line values
69d40de4 imsm: Adding a spare to an existing array with bitmap
fbc42556 imsm: Write-intent bitmap support
b554ab5c Enable bitmap support for external metadata
b090e910 Modify mdstat parsing for volumes with the bitmap
db537788 It should be FAILED when raid has not enough active disks
c7b8547c imsm: add verbose flag to compare_super
49b69533 mdmonitor: check if udev has finished events processing
0d583954 Document PPL in man md
2f86fda3 imsm: use saved fds during migration
f7a6246b super1.c: avoid useless sync when bitmap switches from clustered to none
e6561c4d super1: fix Floating point exception
8818d4e7 Grow: be careful of corrupt dev_roles list
4ae96c80 mdadm: fix reshape from RAID5 to RAID6 with backup file
1fe2e100 mdadm/bitmap: locate bitmap calcuate bitmap position wrongly
75562b57 Dump: get stat from a wrong metadata file when restoring metadata
69068584 Incremental: Remove redundant spare movement logic
a64f1263 udev: start grow service automatically
b4a5ad49 Make target to install binaries only
9c030dad mdadm/Detail: show correct state for clustered array
ff6bb131 mdadm: Unify forks behaviour
a8f3cfd5 imsm: limit support to first NVMe namespace
ca4b156b Monitor: don't use default modes when creating a file
b65c1f4a imsm: remove redundant calls to imsm_get_map
895ffd99 imsm: update num_data_stripes according to dev_size
ce559078 Create.c: close mdfd and generate uevent
c3129b39 Detail: fix segfault during IMSM raid creation
97b51a2c Super1: allow RAID0 layout setting to be removed.
7f3b2d1d Check if other Monitor instance running before fork.
cab9c67d mdmonitor: set small delay once
007087d0 Monitor: stop notifing about containers.
e2308733 Monitor: refresh mdstat fd after select
2ce09172 Don't create bitmap for raid5 with journal disk
64bf4dff Detail: show correct raid level when the array is inactive
5f418455 manual: update --examine-badblocks
5e592e1e mdadm/md.4: update path to in-kernel-tree documentation
138a9e9b Specify nodes number when updating cluster nodes
77b72fa8 mdadm/Grow: prevent md's fd from being occupied during delayed time
bcf40dbb Update link to Intel page for IMSM
8e41153c Use more secure HTTPS URLs
2cf04330 Detect too-small device: error rather than underflow/crash
7758ada9 Block overwriting existing links while manual assembly
d92cee7b restripe: fix ignoring return value of ‘read’ and lseek
7d90f760 Include count for \0 character when using strncpy to implement strdup.
f4c8a605 uuid.c: split uuid stuffs from util.c
03ab9763 Makefile: add EXTRAVERSION support
3b7aae92 mdcheck: Log when done
7b99edab Assemble.c: respect force flag.
ec7d7cee clean up meaning of small typo
5cfb79de Assemble: print error message if mdadm fails assembling with --uuid option
12724c01 Manage, imsm: Write metadata before add
1c294b5d Detail: adding sync status for cluster device
185ec439 Monitor: improve check_one_sharer() for checking duplicated process
e1b92ee0 udev: Ignore change event for imsm
ba1b3bc8 imsm: show Subarray and Volume ID in --examine output
e48aed3c imsm: support the Array Creation Time field in metadata
9e449405 Detail: show correct bitmap info for cluster raid device
06a6101c imsm: Correct minimal device size.
45c43276 imsm: Remove --dump/--restore implementation
3364781b imsm: pass subarray id to kill_subarray function
fd38b8ea Remove the legacy whitespace
2551061c mdadm.8: add note information for raid0 growing operation
1e93d0d1 imsm: fill working_disks according to metadata.
42e641ab Add support for Tebibytes
4431efeb imsm: Update grow manual.
e1512e7b mdcheck service can't start succesfully because of syntax error
1a874930 Change warning message
aced6fc9 Respect $(CROSS_COMPILE) when $(CC) is the default
027c099f Assemble: add support for RAID0 layouts.
329dfc28 Create: add support for RAID0 layouts.
6da53c0e imsm: Change the way of printing nvme drives in detail-platform.
b771faef imsm: return correct uuid for volume in detail
4b31846f Remove unused code
9cf361f8 Fix up a few formatting issues
02af3793 Remove last traces of HOT_ADD_DISK
1cc3965d Manage: Remove the legacy code for md driver prior to 0.90.03
761e3bd9 super-intel: don't mark structs 'packed' unnecessarily
85b83a79 SUSE-mdadm_env.sh: handle MDADM_CHECK_DURATION
4ca799c5 mdcheck: use ${} to pass variable to mdcheck
6636788a mdcheck: when mdcheck_start is enabled, enable mdcheck_continue too.
1a1ced1e imsm: allow to specify second volume size
b6180160 imsm: save current_vol number
7bd59e79 udev: allow for udev attribute reading bug.
61109314 Don't need to check recovery after re-add when no I/O writes to raid
8063fd0f Init devlist as an array
e53cb968 mdadm/md.4: add the descriptions for bitmap sysfs nodes
2c2d9c48 mdadm: force a uuid swap on big endian
43ebc910 mdadm: Introduce new array state 'broken' for raid0/linear
fd5b09c9 mdadm: check value returned by snprintf against errors
91c97c54 imsm: close removed drive fd.
1a52f1fc udev: add --no-devices option for calling 'mdadm --detail'
d11abe4b mdadm: add --no-devices to avoid component devices detail information
452dc4d1 mdadm.h: include sysmacros.h unconditionally
b0681598 mdadm: load default sysfs attributes after assemblation
486720e0 super-intel: Use put_unaligned in split_ull
7039d1f8 mdadm.h: Introduced unaligned {get,put}_unaligned{16,32}()
a4f7290c super-intel: Fix issue with abs() being irrelevant
4ec389e3 Enable probe_roms to scan more than 6 roms.
ae7d61e3 mdmon: fix wrong array state when disk fails during mdmon startup
3c9b46cf udev: Add udev rules to create by-partuuid for md device
22dc741f Create: Block rounding size to max
05501181 imsm: fix spare activation for old matrix arrays
227aeaa8 add missing units to --examine
2b57e4fe Assemble: Fix starting array with initial reshape checkpoint
d2e11da4 mdmon: wait for previous mdmon to exit during takeover
69d08478 mdmon: don't attempt to manage new arrays when terminating
76b906d2 mdadm/tests: add one test case for failfast of raid1
cab114c5 Fix reshape for decreasing data offset
e3615ecb Detail.c: do not skip first character when calling xstrdup in Detail()
ebf3be99 Fix spelling typos.
9f421827 imsm: fix reshape for >2TB drives
a4e96fd8 imsm: finish recovery when drive with rebuild fails
757e5543 policy.c: Fix for compiler error
467e6a1b policy.c: prevent NULL pointer referencing
76d505de Grow: report correct new chunk size.
085df422 Grow: avoid overflow in compute_backup_blocks()
563ac108 Assemble: mask FAILFAST and WRITEMOSTLY flags when finding the most recent device
d7a1fda2 imsm: update metadata correctly while raid10 double degradation
7cd7e91a Monitor: add system timer to run --oneshot periodically
4199d3c6 mdcheck: add systemd unit files to run mdcheck.
cd72f9d1 policy: support devices with multiple paths.
6b611284 Document PART-POLICY lines
0833f9c3 Assemble: keep MD_DISK_FAILFAST and MD_DISK_WRITEMOSTLY flag
Signed-off-by: Nick Hainke <vincent@systemli.org>
We don't need to make sure that we want to have enabled
CONFIG_CMD_SETEXPR by default, since this is already done in U-boot [1].
This was actually needed only for clearfog board [2], which was added in
commit: da0005a6d08ae33d958a6d8a6c0c12dc07b5b2b8 ("uboot-mvebu: add
patch to enable setexpr for clearfog boards) and send to U-boot to fix
it properly. After a while, there was added support for Turris Omnia,
which uses setexpr as well [3], but for this board, there are no fixes
needed in U-boot and that's why we can remove this option here.
It is helpful with shell scripting. If some downstream distributions are
using it, they should correct it in defconfig for related boards.
[1] e95afa5675/cmd/Kconfig (L1504)
[2] 852126680e/target/linux/mvebu/image/clearfog.bootscript (L7)
[3] 852126680e/target/linux/mvebu/image/turris-omnia.bootscript (L2)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Option CMD_SETEXPR is already default in U-boot [1], since this was
disabled since initial version for this board, there is send this
patch to U-boot mailing list to enable it.
It is required to use in OpenWrt bootscript for these boards [2].
[1] e95afa5675/cmd/Kconfig (L1504)
[2] 852126680e/target/linux/mvebu/image/clearfog.bootscript (L7)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
95ca1c3 nat46-core: ignore IPv4 options when translating packets
39778c2 add a module argument to ignore TOS translate for IPv4
9a36ee1 add a module argument to ignore TOS translate for IPv4
79190a8 add a module argument to ignore TOS translate for IPv4
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
If logfacility is a path to a file it needs to be r/w mounted in the
sandbox as well for dnsmasq to work.
Reported-by: @iointerrupt
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
There are two versions which are identical apart from the enclosure:
YunCore AX820: indoor ceiling mount AP with integrated antennas
YunCore HWAP-AX820: outdoor enclosure with external (N) connectors
Hardware specs:
SoC: MediaTek MT7621DAT
Flash: 16 MiB SPI NOR
RAM: 128MiB (DDR3, integrated)
WiFi: MT7905DAN+MT7975DN 2.4/5GHz 2T2R 802.11ax
Ethernet: 10/100/1000 Mbps x2 (WAN/PoE+LAN)
LED: Status (green)
Button: Reset
Power: 802.11af/at PoE; DC 12V,1A
Antennas: AX820(indoor): 4dBi internal; HWAP-AX820(outdoor): external
Flash instructions:
The "OpenWRT support" version of the AX820 comes with a LEDE-based
firmware with proprietary MTK drivers and a luci webinterface and
ssh accessible under 192.168.1.1 on LAN; user root, no password.
The sysupgrade.bin can be flashed using luci or sysupgrade via ssh,
you will have to force the upgrade due to a different factory name.
Remember: Do *not* preserve factory configuration!
MAC addresses as used by OEM firmware:
use address source
2g 44:D1:FA:*:0b Factory 0x0004 (label)
5g 46:D1:FA:*:0b LAA of 2g
lan 44:D1:FA:*:0c Factory 0xe000
wan 44:D1:FA:*:0d Factory 0xe000 + 1
The wan MAC can also be found in 0xe006 but is not used by OEM dtb.
Due to different MAC handling in mt76 the LAA derived from lan is used
for 2g to prevent duplicate MACs when creating multiple interfaces.
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
Replace pending patch with version accepted upstream.
Other than in the first suggested version, the new property is now
called 'u-boot,bootconf' instead of 'bootconf'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Remove '0x' prefix from pstore node in dts, just like it was done
for the device tree used by Linux on MT7622.
This change is done in preparation to update U-Boot to 2022.04.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Attempt to minimize the time during which an interrupted nand sysupgrade
can lead to a non-functional device by flushing caches before starting
the upgrade procedure.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Fix issues while retaining configuration during nand sysupgrade:
- abort configuration saving if data partition is not found
- generate diagnostics if saving fails (eg, because of lack of space)
- do not output "sysupgrade successful" in case of errors
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Remove redundant check from nand ubinized sysupgrade code. This check
has already been done in the only caller of the affected function:
nand_do_upgrade.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Prepares code for ubirename-based safe sysupgrade implementation.
Fixes several issues:
- the special CI_KERNPART value "none" is ignored if an MTD partition
named "none" exists
- misleading variable names (such as has_kernel to mean "tar has kernel
and it should not be written to an MTD partition but a UBI volume")
- inconsistent treatment of zero-length tar member files
- inconsistent meaning of "0" and "" variable values
- redundant operations (unneeded untaring, repeated untaring, unneeded
partition lookups)
- inconsistent variable quoting
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Ensure that the kernel CRC is invalidated while rootfs is being updated.
This allows the bootloader to detect an interrupted sysupgrade and fall
back to an alternate booting method, such as TFTP, instead of just going
ahead with normal boot and effectively bricking the device.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Ensure that the kernel CRC is invalidated while rootfs is being updated.
This allows the bootloader to detect an interrupted sysupgrade and fall
back to an alternate booting method, instead of just going ahead with
normal boot and effectively bricking the device.
Possible fallbacks include a recovery initramfs partition or UBI volume
and TFTP. See here for an example U-Boot configuration with fallbacks:
https://shorturl.at/befsA (https://github.com/Lanchon/openwrt-tr4400-v2/
blob/e7d707d6bd7839fbd0b8d0bd180fce451df77e47/install-recovery.sh#L52-L63)
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Emit diagnostics if nand sysupgrade is aborted because UBI partition
cannot be attached. Also avoid redudndant checks.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
This reverts commit f9ff282d17 as during
upstream patch review process nbd pointed out, that this patch needs
more work:
"The patch looks wrong to me. I'm pretty sure that AR_CH0_TOP2 is the
correct register, the definition has an explicit check for 9561 as well.
I believe this patch works by accident because it avoids writing a wrong
value to that register."
1. https://lore.kernel.org/all/91c58969-c60e-2f41-00ac-737786d435ae@nbd.name
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The ZyXEL GS1900-24HP v1 is a 24 port PoE switch with two SFP ports,
similar to the other GS1900 switches.
Specifications
--------------
* Device: ZyXEL GS1900-24HP v1
* SoC: Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash: 16 MiB
* RAM: Winbond W9751G8KB-25 64 MiB DDR2 SDRAM
* Ethernet: 24x 10/100/1000 Mbps, 2x SFP 100/1000 Mbps
* LEDs:
* 1 PWR LED (green, not configurable)
* 1 SYS LED (green, configurable)
* 24 ethernet port link/activity LEDs (green, SoC controlled)
* 24 ethernet port PoE status LEDs
* 2 SFP status/activity LEDs (green, SoC controlled)
* Buttons:
* 1 "RESET" button on front panel (soft reset)
* 1 button ('SW1') behind right hex grate (hardwired power-off)
* PoE:
* Management MCU: ST Micro ST32F100 Microcontroller
* 6 BCM59111 PSE chips
* 170W power budget
* Power: 120-240V AC C13
* UART: Internal populated 10-pin header ('J5') providing RS232;
connected to SoC UART through a TI or SIPEX 3232C for voltage
level shifting.
* 'J5' RS232 Pinout (dot as pin 1):
2) SoC RXD
3) GND
10) SoC TXD
Serial connection parameters: 115200 8N1.
Installation
------------
OEM upgrade method:
* Log in to OEM management web interface
* Navigate to Maintenance > Firmware > Management
* If "Active Image" has the first option selected, OpenWrt will need to be
flashed to the "Active" partition. If the second option is selected,
OpenWrt will need to be flashed to the "Backup" partition.
* Navigate to Maintenance > Firmware > Upload
* Upload the openwrt-realtek-rtl838x-zyxel_gs1900-24hp-v1-initramfs-kernel.bin
file by your preferred method to the previously determined partition.
When prompted, select to boot from the newly flashed image, and reboot
the switch.
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24hp-v1-squashfs-sysupgrade.bin
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs
image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
* Since the GS1900-24HP v1 is a dual-partition device, you want to keep the
OEM firmware on the backup partition for the time being. OpenWrt can
only be installed in the first partition anyway (hardcoded in the
DTS). To ensure we are set to boot from the first partition, issue the
following commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x81f00000 192.168.1.10:openwrt-realtek-rtl838x-zyxel_gs1900-24hp-v1-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24hp-v1-squashfs-sysupgrade.bin
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
[Add info on PoE hardware to commit message]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The Sophos AP100, AP100C, AP55, and AP55C are dual-band 802.11ac access
points based on the Qualcomm QCA9558 SoC. They share PCB designs with
several devices that already have partial or full support, most notably the
Devolo DVL1750i/e.
The AP100 and AP100C are hardware-identical to the AP55 and AP55C, however
the 55 models' ART does not contain calibration data for their third chain
despite it being present on the PCB.
Specifications common to all models:
- Qualcomm QCA9558 SoC @ 720 MHz (MIPS 74Kc Big-endian processor)
- 128 MB RAM
- 16 MB SPI flash
- 1x 10/100/1000 Mbps Ethernet port, 802.3af PoE-in
- Green and Red status LEDs sharing a single external light-pipe
- Reset button on PCB[1]
- Piezo beeper on PCB[2]
- Serial UART header on PCB
- Alternate power supply via 5.5x2.1mm DC jack @ 12 VDC
Unique to AP100 and AP100C:
- 3T3R 2.4GHz 802.11b/g/n via SoC WMAC
- 3T3R 5.8GHz 802.11a/n/ac via QCA9880 (PCI Express)
AP55 and AP55C:
- 2T2R 2.4GHz 802.11b/g/n via SoC WMAC
- 2T2R 5.8GHz 802.11a/n/ac via QCA9880 (PCI Express)
AP100 and AP55:
- External RJ45 serial console port[3]
- USB 2.0 Type A port, power controlled via GPIO 11
Flashing instructions:
This firmware can be flashed either via a compatible Sophos SG or XG
firewall appliance, which does not require disassembling the device, or via
the U-Boot console available on the internal UART header.
To flash via XG appliance:
- Register on Sophos' website for a no-cost Home Use XG firewall license
- Download and install the XG software on a compatible PC or virtual
machine, complete initial appliance setup, and enable SSH console access
- Connect the target AP device to the XG appliance's LAN interface
- Approve the AP from the XG Web UI and wait until it shows as Active
(this can take 3-5 minutes)
- Connect to the XG appliance over SSH and access the Advanced Console
(Menu option 5, then menu option 3)
- Run `sudo awetool` and select the menu option to connect to an AP via
SSH. When prompted to enable SSH on the target AP, select Yes.
- Wait 2-3 minutes, then select the AP from the awetool menu again. This
will connect you to a root shell on the target AP.
- Copy the firmware to /tmp/openwrt.bin on the target AP via SCP/TFTP/etc
- Run `mtd -r write /tmp/openwrt.bin astaro_image`
- When complete, the access point will reboot to OpenWRT.
To flash via U-Boot serial console:
- Configure a TFTP server on your PC, and set IP address 192.168.99.8 with
netmask 255.255.255.0
- Copy the firmware .bin to the TFTP server and rename to 'uImage_AP100C'
- Open the target AP's enclosure and locate the 4-pin 3.3V UART header [4]
- Connect the AP ethernet to your PC's ethernet port
- Connect a terminal to the UART at 115200 8/N/1 as usual
- Power on the AP and press a key to cancel autoboot when prompted
- Run the following commands at the U-Boot console:
- `tftpboot`
- `cp.b $fileaddr 0x9f070000 $filesize`
- `boot`
- The access point will boot to OpenWRT.
MAC addresses as verified by OEM firmware:
use address source
LAN label config 0x201a (label)
2g label + 1 art 0x1002 (also found at config 0x2004)
5g label + 9 art 0x5006
Increments confirmed across three AP55C, two AP55, and one AP100C.
These changes have been tested to function on both current master and
21.02.0 without any obvious issues.
[1] Button is present but does not alter state of any GPIO on SoC
[2] Buzzer and driver circuitry is present on PCB but is not connected to
any GPIO. Shorting an unpopulated resistor next to the driver circuitry
should connect the buzzer to GPIO 4, but this is unconfirmed.
[3] This external RJ45 serial port is disabled in the OEM firmware, but
works in OpenWRT without additional configuration, at least on my
three test units.
[4] On AP100/AP55 models the UART header is accessible after removing
the device's top cover. On AP100C/AP55C models, the PCB must be removed
for access; three screws secure it to the case.
Pin 1 is marked on the silkscreen. Pins from 1-4 are 3.3V, GND, TX, RX
Signed-off-by: Andrew Powers-Holmes <andrew@omnom.net>
This device is from now-defunct BOLT! ISP in Indonesia.
The original firmware is based on mediatek SDK running linux 2.6 or 3.x in later revision.
Specifications:
- SoC: MediaTek MT7621
- Flash: 32 MiB NOR SPI
- RAM: 128 MiB DDR3
- Ethernet: 2x 10/100/1000 Mbps (switched, LAN + WAN)
- WIFI0: MT7603E 2.4GHz 802.11b/g/n
- WIFI1: MT7612E 5GHz 802.11ac
- Antennas: 2x internal, non-detachable
- LEDs: Programmable LEDs: 5 blue LEDs (wlan, tel, sig1-3) and 2 red LEDs (wlan and sig1)
Non-programmable "Power" LED
- Buttons: Reset and WPS
Instalation:
Install from TFTP
Set your PC IP to 10.10.10.3 and gateway to 10.10.10.123
Press "1" when turning on the router, and type the initramfs file name
You also need to solder pin header or cable to J4 or neighboring test points (T19-T21)
Pinouts from top to bottom: GND, TX, RX, VCC (3.3v)
Baudrate: 57600n8
There's also an additional gigabit transformer and RTL8211FD managed by the LTE module on the backside of the PCB.
Signed-off-by: Abdul Aziz Amar <abdulaziz.amar@gmail.com>
Python seems to fail to link to libreadline properly because of this.
Not a fatal error but an error nontheless.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The modem is based on Marvell PXA1826 and uses ACM+RNDIS interface to
establish connection with custom commands specific to ZTE modems.
Two variants of modems were discovered, some identifying themselves
as "ZTE", and others as plain "Marvell", the chipset manufacturer.
The modem itself runs a fork of OpenWrt inside, which root shell can be
accessed via ADB interface.
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Some modems expose ttyACM as their control ports, which have the
"device" symlink pointing one level down in sysfs tree. Try to find
network interfaces for them as well, this is commonly used for modems
exposing ACM + RNDIS or ACM + ECM interface combinations.
Co-developed-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Some modems expose multiple network interfaces on the same USB device,
causing the connection setup script to fail, because glob matching in
the detection phase causes 'ls' to output more than one interface name
plus their base directories in sysfs. Avoid that by listing the
directories explicitly and then selecting first available interface.
This is the case for some variants of ZTE MF286R built-in modem, which
exposes both RNDIS and CDC-ECM network interfaces, causing the
connection setup to fail.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Add ifname property to UCI, which can be used to override the
autodetected interface name in case the detection fails due to having
none or more than one interface exposed by the modem, which is not
explicitly linked to TTY port. This is needed on certain variants of ZTE
MF286R built-in modem, which exposes both RNDIS and CDC-ECM interfaces
on the modem, on which the automatic detection may select the wrong
network interface.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Specification:
- QCA9533 (650 MHz), 64 or 128MB RAM, 16MB SPI NOR
- 2x 10/100 Mbps Ethernet, with 802.3at PoE support (WAN)
- 2T2R 802.11b/g/n 2.4GHz
Flash instructions:
If your device comes with generic QSDK based firmware, you can login
over telnet (login: root, empty password, default IP: 192.168.188.253),
issue first (important!) 'fw_setenv' command and then perform regular
upgrade, using 'sysupgrade -n -F ...' (you can use 'wget' to download
image to the device, SSH server is not available):
fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000"
sysupgrade -n -F openwrt-...-yuncore_...-squashfs-sysupgrade.bin
In case your device runs firmware with YunCore custom GUI, you can use
U-Boot recovery mode:
1. Set a static IP 192.168.0.141/24 on PC and start TFTP server with
'tftp' image renamed to 'upgrade.bin'
2. Power the device with reset button pressed and release it after 5-7
seconds, recovery mode should start downloading image from server
(unfortunately, there is no visible indication that recovery got
enabled - in case of problems check TFTP server logs)
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
ath9k is setting the TX PA DC bias level different on QCA9561 and QCA9565
although they have the same radio IP-core, which results in a very low
output power and very low throughput as devices are further away from
the AP (compared to other 2.4GHz APs.)
In real life testing, without this patch the 2.4GHz throughput on Yuncore
XD3200 is around 10Mbps sitting close to the AP, and close to theoretical
maximum with the patch applied.
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
[edit commit message]
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Specification:
- QCA9563 (775MHz), 128MB RAM, 16MB SPI NOR
- 2T2R 802.11b/g/n 2.4GHz
- 2T2R 802.11n/ac 5GHz
- 2x 10/100/1000 Mbps Ethernet, with 802.3at PoE support (WAN port)
LED for 5 GHz WLAN is currently not supported as it is connected directly
to the QCA9882 radio chip.
Flash instructions:
If your device comes with generic QSDK based firmware, you can login
over telnet (login: root, empty password, default IP: 192.168.188.253),
issue first (important!) 'fw_setenv' command and then perform regular
upgrade, using 'sysupgrade -n -F ...' (you can use 'wget' to download
image to the device, SSH server is not available):
fw_setenv bootcmd "bootm 0x9f050000 || bootm 0x9fe80000"
sysupgrade -n -F openwrt-...-yuncore_...-squashfs-sysupgrade.bin
In case your device runs firmware with YunCore custom GUI, you can use
U-Boot recovery mode:
1. Set a static IP 192.168.0.141/24 on PC and start TFTP server with
'tftp' image renamed to 'upgrade.bin'
2. Power the device with reset button pressed and release it after 5-7
seconds, recovery mode should start downloading image from server
(unfortunately, there is no visible indication that recovery got
enabled - in case of problems check TFTP server logs)
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Upstream in commit 34a1dee6bc44 ("net: usb: asix: ax88772: add generic
selftest support") in version 5.14 added dependency on generic selftest
functionality and armvirt/64 when compiled with ALL_KMODS=y reports following:
Package kmod-usb-net-asix is missing dependencies for the following libraries:
mdio_devres.ko
selftests.ko
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Upstream in commit 3e1e58d64c3d ("net: add generic selftest support") in
version 5.13 added generic selftests module and usb-net-asix already
depends on it, in version 5.18 via commit 1710b52d7c13 ("net: usb:
smsc95xx: add generic selftest support") it will be used by
usb-net-smsc95xx as well.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
armvirt/64 when compiled with ALL_KMODS=y reports following:
Package kmod-usb-net-smsc95xx is missing dependencies for the following libraries:
libphy.ko
Signed-off-by: Petr Štetiar <ynezz@true.cz>
armvirt/64 when compiled with ALL_KMODS=y reports following:
Package kmod-mdio-devres is missing dependencies for the following libraries:
of_mdio.ko
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Upstream in commit bc1bee3b87ee ("net: mdiobus: Introduce
fwnode_mdiobus_register_phy()") in version 5.14 introduced new
dependency:
Package kmod-of-mdio is missing dependencies for the following libraries:
fwnode_mdio.ko
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This reverts commit 2edc017a6e.
We shouldn't be using a shell script here, but the SeedRNG integration
into OpenWRT requires a bit more thought. Etienne raised some important
points immediately after this was merged and planned to send some follow
up commits, but became busy with other things. The points he raised are
important enough that we should actually back this out until it's ready
to go, and then merge it as a cohesive unit. So let's revert this for
now, and come back to it later on.
Cc: Etienne Champetier <champetier.etienne@gmail.com>
Cc: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Checking whether /sbin/udhcpc is a symbolic link breaks using the
DHCP proto handler inside procd-ujail where bind-mounts are used for
the resolved link. Check whether /sbin/udhcpc is executable instead
to allow using the proto handler for DHCP-provisioned containers.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Make sure sysupgrade on NAND also works in case of UBI volumes having
index >9. While at it, also make sure UBI device is detected and abort
in case it isn't. Use Shell built-in shorthand ':' instead of 'true'.
Fixes#9708
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
4cd7d4f Revert "firewall3: support table load on access on Linux 5.15+"
50979cc firewall3: remove unnecessary fw3_has_table
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Both legacy iptables and nftables require nf-log modules for rule logging,
so move them into a separate package both firewall implementations can
depend on.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fixes two high-severity vulnerabilities:
- CVE-2022-25640: A TLS v1.3 server who requires mutual authentication
can be bypassed. If a malicious client does not send the
certificate_verify message a client can connect without presenting a
certificate even if the server requires one.
- CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS
v1.3 server can have its certificate heck bypassed. If the sig_algo in
the certificate_verify message is different than the certificate
message checking may be bypassed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This updates mac80211 to version 5.15.33-1 which is based on kernel
5.15.33.
The removed patches were applied upstream.
This new release contains many fixes which were merged into the upstream
Linux kernel.
This also contains the following new drivers which are needed for ath11k:
* net/qrtr/
* drivers/bus/mhi/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
As anyway only the default is called now we can as well also just remove
the override for Build/Configure.
Fixes: e2cffbb805 ("arm-trusted-firmware-mediatek: update to 2021-03-10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fix compilation and usage under kernel 5.15 for the mwlwifi driver.
For detailed description of changes, check individual patches.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Changes:
Duncan Roe (5):
nlmsg: Fix a missing doxygen section trailer
build: doc: "make" builds & installs a full set of man pages
build: doc: get rid of the need for manual updating of Makefile
build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
src: doc: Fix messed-up Netlink message batch diagram
Fernando Fernandez Mancera (1):
src: fix doxygen function documentation
Florian Westphal (1):
libmnl: zero attribute padding
Guillaume Nault (1):
callback: mark cb_ctl_array 'const' in mnl_cb_run2()
Kylie McClain (1):
examples: nfct-daemon: Fix test building on musl libc
Laura Garcia Liebana (4):
examples: add arp cache dump example
examples: fix neigh max attributes
examples: fix print line format
examples: reduce LOCs during neigh attributes validation
Pablo Neira Ayuso (3):
doxygen: remove EXPORT_SYMBOL from the output
include: add MNL_SOCKET_DUMP_SIZE definition
build: libmnl 1.0.5 release
Petr Vorel (1):
examples: Add rtnl-addr-add.c
Stephen Hemminger (1):
examples: rtnl-addr-dump: fix typo
igo95862 (1):
doxygen: Fixed link to the git source tree on the website.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changes:
c63f193 bump version to 1.0.2
3cffa84 libnfnetlink: Check getsockname() return code
90ba679 include: Silence gcc warning in linux_list.h
bb4f6c8 Make it clear that this library is deprecated
e46569c Minimally resurrect doxygen documentation
5087de4 libnfnetlink: hide private symbols
62ca426 autogen: don't convert __u16 to u_int16_t
efa1d8e src: Use stdint types everywhere
7a1a07c include: Sync with kernel headers
7633f0c libnfnetlink: initialize attribute padding to resolve valgrind warnings
94b68f3 configure: uclinux is also linux
617fe82 src: get source code license header in sync with current licensing terms
97a3960 build: resolve automake-1.12 warnings
Removed the patch 100-missing_include.patch, libnfnetlink compiles fine
with musl without this patch.
Signed-off-by: Nick Hainke <vincent@systemli.org>
bh_event_add_var can be called by multiple threads concurrently,
so it shall not use a static char buffer
Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com>
92f5e18675bf interface: fix ifname present check in interface status
ef82defaae26 ubus: add active devices to bridger blacklist
Signed-off-by: Felix Fietkau <nbd@nbd.name>
33f1e0b treewide: move json-c compat shims into internal header file
e0e9431 vm: move unhandled exception reporting out of `uc_vm_execute_chunk()`
2b59140 vm: fix callframe double free on unhanded exceptions
7d7e950 main: abort when failing to load a preload library
1032a67 lib: let `json()` accept input objects implementing `read()` method
5ee68d5 fs: implement `fs.readfile()` and `fs.writefile()`
df6b861 ci: debian: change path before attempting to invoke Git operations
dfaf05a ci: debian: automatically update changelog from Git tag
34f3c45 ci: fix YAML syntax of Debian workflow
e956bcf fs: fix off-by-one in fs.dirname() function
6fc4b6c .gitignore: fix overmatching patterns, blacklist cram .venv
7c2e082 build: remove legacy json-c check
77942af build: add polyfills for older libjson-c versions
0b4aaa3 CI: build Debian package
f404285 debian: Add package definition
a37f654 types: fix escape sequence encoding of high byte values in JSON strings
aae5312 Update README.md
8134e25 build: fix symlink install target
87c7296 treewide: replace some leftover "utpl" occurrences, update .gitignore
7d27ad5 build: only stage ucc symlink if compile support is enabled
171402f lib: add date and time related functions
8b5dc60 lib: provide API function to obtain stdlib function implementations
eb0d2f1 main: turn ucode into multicall executable
28ee7e1 uloop: add support for tasks
753dea9 CI: build on macOS
668c5c0 lib: add argument position support (`%m$`) to `sprintf()` and `printf()`
ab46fdf treewide: remove legacy json-c include directives
b8f49b1 tests: 21_regex_literals: generalize syntax error test case
fd2e5e7 tests: 16_sort: fix logic flaw exposed on OS X
2c71bf2 tests: run_tests.sh: pass dummy value to `-T` flag
55c4a90 lib: disallow zero padding for %s formats
0d05cb5 tests: run_tests.sh: use greadlink if available
271e520 resolv: make OS X compatible
d13c320 fs: avoid Linux specific sys/sysmacros.h include on OS X
33397a3 uloop: use execvp() on OS X
bafdc8f lib: add naive sigtimedwait() stub for OS X
ada1585 build: consolidate CMakeLists.txt and cover OS X deviations
befbb69 include: add OS X compatible endian.h header
49838a8 include: rename include guards to avoid clashes with system headers
91f65de nl80211: add missing attributes and correct some attribute flags
b4a1fd5 lib: adjust require(), render() and include() raw mode semantics
4618807 main: rework CLI frontend
73dcd78 lib: fix potential integer underflow on empty render output
c402551 vm: fix crash on object literals with non-string computed properties
efe8a02 syntax: support add new operators
078d686 ubus: add event support
6c66c83 ubus: refactor error and argument handling
1cb04f9 ubus: add object publishing, notify and subscribe support
0e85974 uloop: clear errno before integer conversion attempts
05bd7ed types: treat resource type prototypes as GC roots
a2a26ca lib: introduce uloop binding
6b6d01f vm: release this context on exception in managed method call
1af23a9 tests: fix proto() testcase
4ce69a8 fs: implement access(), mkstemp(), file.flush() and proc.flush()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add a ubus method to request link-measurements from connected STAs.
In addition to the STAs address, the used and maximum transmit power can
be provided by the external process for the link-measurement. If they
are not provided, 0 is used as the default value.
Signed-off-by: David Bauer <mail@david-bauer.net>
5beb87716e70 mt76: dma: add wrapper macro for accessing queue registers
e0bc736d5617 mt76: add support for overriding the device used for DMA mapping
b8c842daa081 mt76: make number of tokens configurable dynamically
87a962e0608f mt76: mt7915: add Wireless Ethernet Dispatch support
2accb74e6be3 mt76: mt7915: fix using null pointer when wfsys on
e5227f2f3120 mt76: mt7921: Fix the error handling path of mt7921_pci_probe()
ec0e9f4da32f mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup
5a87be892ba7 mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector
fe441e5d3dcf mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set
f3ddfe886283 mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate
2a0d370cb5fe mt76: mt7915: use 0xff to initialize bitrate_mask in mt7915_init_bitrate_mask
506bb0605e3e mt76: mt7921: Add AP mode support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Two patches were removed because of the changes introduced in upstream:
1. 110-mx6cuboxi-mmc-fallback.patch
Looks like similar changes were introduced in 6c3fbf3e456c ("mx6cuboxi:
customize board_boot_order to access eMMC").
2. 111-mx6cuboxi_defconfig-force-mmc-boot.patch
The 'CONFIG_SPL_FORCE_MMC_BOOT' was removed in 15aec318ef03 ("Revert
"imx: Introduce CONFIG_SPL_FORCE_MMC_BOOT to force MMC boot on falcon
mode").
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
The host-build of libselinux requires libsepol/host.
Add the libsepol/host to HOST_BUILD_DEPENDS to allow build on hosts
which don't have libsepol installed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Problem exist when dnsmasq is exclusively bind to particular interface.
After reconfiguring or restarting this interface, its index changes, but
dnsmasq uses the old one. When this problem occurs, dnsmasq does not
listen on the correct interface so DHCP does not work, and clients do not
get an IP address. Procd netdev param can be added to restart dnsmasq when
the interface index is changed.
Signed-off-by: Valentyn Datsko <valikk.d@gmail.com>
[combined into a single &&-connected statement]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This package uses BPF to create a fast path which improves bridging performance
by bypassing the bridge layer. It also supports creating tc offload rules for
hardware that supports it.
Hardware offload support can be used with MT7622 + MT7915 once it is merged
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Replace the tc-full dependency with tc + libnl-tiny
1cd5e12eecdc loader/interface: attach bpf program directly using netlink
Signed-off-by: Felix Fietkau <nbd@nbd.name>
MHI WWAN CTRL allows QCOM-based PCIe modems to expose different modem
control protocols/ports to userspace, including AT, MBIM, QMI, DIAG
and FIREHOSE. These protocols can be accessed directly from userspace
(e.g. AT commands) or via libraries/tools (e.g. libmbim, libqmi, libqcdm)
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This driver provides MHI PCI controller driver for devices
such as Qualcomm SDX55 based PCIe modems
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Previously commit openwrt/packages@3abb7cb ("lvm2: Added script and updated Makefile[...]")
couldn't actually work and allow rootfs_data to be stored on a LVM2 as
the necessary kernel modules had not been loaded at this point.
Fix this by loading device-mapper modules early at boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use the kernel's built-in formula for computing this value.
The value applied by OpenWRT's sysctl configuration file does not scale
with the available memory, under-using hardware capabilities.
Also, that formula also influences net.netfilter.nf_conntrack_buckets,
which should improve conntrack performance in average (fewer connections
per hashtable bucket).
Backport upstream commit for its effect on the number of connections per
hashtable bucket.
Apply a hack patch to set the RAM size divisor to a more reasonable value (2048,
down from 16384) for our use case, a typical router handling several thousands
of connections.
Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
A Python script containing an unreproducible path is copied by default.
Remove it before generating the package.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The first argument for snprintf is the buffer and the 2. one is the
size. Fix the order. This broke the lock application.
Fixes: 34567750db ("busybox: fix busybox lock applet pidstr buffer overflow")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fixes following issue:
Package kmod-drm-imx-ldb is missing dependencies for the following libraries:
drm_dp_aux_bus.ko
Introduced upstream in commit aeb33699fc2c ("drm: Introduce the DP AUX
bus") in kernel version 5.15.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes following issue:
Package kmod-drm is missing dependencies for the following libraries:
fb.ko
Introduced upstream in commit f611b1e7624c ("drm: Avoid circular
dependencies for CONFIG_FB") in 5.14.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.
Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com>
Fixes following build issues:
Package kmod-r8169 is missing dependencies for the following libraries:
mdio_devres.ko
Package kmod-ixgbe is missing dependencies for the following libraries:
mdio_devres.ko
Package kmod-amd-xgbe is missing dependencies for the following libraries:
mdio_devres.ko
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The RNG can't actually be seeded from a shell script, due to the
reliance on ioctls. For this reason, the seedrng project provides a
basic script meant to be copy and pasted into projects like OpenWRT
and tweaked as needed: <https://git.zx2c4.com/seedrng/about/>.
This commit imports it into the urandom-seed package and wires up the
init scripts to call it. This also is a significant improvement over the
current init script, which does not robustly handle cleaning up of seeds
and syncing to prevent reuse. Additionally, the existing script creates
a new seed immediately after writing an old one, which means that the
amount of entropy might actually regress, due to failing to credit the
old seed.
Closes: https://github.com/openwrt/openwrt/issues/9570
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [fixed missing INSTALL_DIR]
List of changes since previous release from 2018 is quite long:
* Fix crc32.c to compile local functions only if used.
* Check for cc masquerading as gcc or clang in configure.
* Remove destructive aspects of make distclean.
* Separate out address sanitizing from warnings in configure.
* Eliminate use of ULL constants.
* Add fallthrough comments for gcc.
* Clean up minizip to reduce warnings for testing.
* Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)
* minizip warning fix if MAXU32 already defined. (gvollant)
* Replace black/white with allow/block. (theresa-m)
* Fix indentation in minizip's zip.c.
* Improve portability of contrib/minizip.
* Correct typo in blast.c.
* Change macro name in inflate.c to avoid collision in VxWorks.
* Clarify gz* function interfaces, referring to parameter names.
* Fix error in comment on the polynomial representation of a byte.
* Fix memory leak on error in gzlog.c.
* Avoid adding empty gzip member after gzflush with Z_FINISH.
* Explicitly note that the 32-bit check values are 32 bits.
* Use ARM crc32 instructions if the ARM architecture has them.
* Add use of the ARMv8 crc32 instructions when requested.
* Correct comment in crc32.c.
* Don't bother computing check value after successful inflateSync().
* Use atomic test and set, if available, for dynamic CRC tables.
* Speed up software CRC-32 computation by a factor of 1.5 to 3.
* Add crc32_combine_gen() and crc32_combine_op() for fast combines.
* Add tables for crc32_combine(), to speed it up by a factor of 200.
* Fix the zran.c example to work on a multiple-member gzip file.
* Add gznorm.c example, which normalizes gzip files.
* Show all the codes for the maximum tables size in enough.c.
* Clarify that prefix codes are counted in enough.c.
* Use inline function instead of macro for index in enough.c.
* Clean up code style in enough.c, update version.
* Use a macro for the printf format of big_t in enough.c.
* Use a structure to make globals in enough.c evident.
* Assure that the number of bits for deflatePrime() is valid.
* Fix a bug that can crash deflate on some input when using Z_FIXED.
* Correct the initialization requirements for deflateInit2().
* Emphasize the need to continue decompressing gzip members.
* Add legal disclaimer to README.
* Fix deflateEnd() to not report an error at start of raw deflate.
* Remove old assembler code in which bugs have manifested.
* Make the names in functions declarations identical to definitions.
* Avoid an undefined behavior of memcpy() in _tr_stored_block().
* Avoid undefined behaviors of memcpy() in gz*printf().
* Avoid an undefined behavior of memcpy() in gzappend().
* Avoid the use of ptrdiff_t.
* Handle case where inflateSync used when header never processed.
* Don't compute check value for raw inflate if asked to validate.
* Add address checking in clang to -w option of configure.
* Return an error if the gzputs string length can't fit in an int.
* Small speedup to inflate [psumbera].
* Update use of errno for newer Windows CE versions.
* Avoid some conversion warnings in gzread.c and gzwrite.c.
* Have Makefile return non-zero error code on test failure.
* Avoid a conversion error in gzseek when off_t type too small.
* Fix CLEAR_HASH macro to be usable as a single statement.
* Fix bug when window full in deflate_stored().
* Limit hash table inserts after switch from stored deflate.
* Permit a deflateParams() parameter change as soon as possible.
* Cygwin does not have _wopen(), so do not create gzopen_w() there.
Removed 006-fix-compressor-crash-on-certain-inputs.patch which was
hotfix for CVE-2018-25032 and is now included in this release.
This release is not available on @SF (yet?) so the sources are now
pulled from GitHub.
Fixes: CVE-2018-25032
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The inclusion of the kmod-leds-uleds into the userspace
nu801 package causes a circular dependency inside the
buildsystem... which causes it to be picked regardless
of other DEPENDS values.
In case of the mx100, this could be solved by moving the
kmod-leds-uled dependency to the kmod-meraki-mx100.
Bonus: drop @!LINUX_5_4 from kmod-meraki-mx100
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Chen Minqiang reported that he has troubles downloading nu801.
His logs showed the followin TLS Handshake failure.
|Checking out files from the git repository...
|Cloning into 'nu801-d9942c0c'...
|fatal: unable to access 'https://github.com/chunkeey/nu801.git/':
| gnutls_handshake() failed: The TLS connection was non-properly terminated.
|Makefile:39: recipe for target '[...]/dl/nu801-d9942c0c.tar.xz' failed
This can be fixed by providing a PKG_MIRROR_HASH. The download
scripts will now be able to pull the source from OpenWrt's source
archive, which should be available through HTTP.
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
intl is not included in libc, disable it as is done with the target
package.
argp is also not included. Add build depends for argp-standalone.
fts is also not included. Add build depends for musl-fts.
Disable shared libraries to avoid having to manually add rpath.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Getting rid of shared libraries for hostpkg avoids having to use rpath
hacks to find the library. It also fixes compilation with host glib2
binaries.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Avoids having to add rpath to the various packages using it. Also add
PIC to fix compilation as static libraries do not use PIC by default.
Fixes: 1fb099341e ("musl-fts: add host build")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add new module require in 5.15
- Changes in block module
- Changes in netfilter module (log module unified)
- Changes in fs module (mainly new depends for cifs and new ntfs3 module)
- Changes in lib add shared lib now used by more than 1 kmod
- Changes in crypto, dropped one crypto algo added arm crypto accellerator
- Changes in other, add zram default compressor choice and missing lib
by tpm module
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Modified the radio frequency hardware part of e2600ac c1/c2,
need to cooperate with the modified board.bin file, the device
can work normally.
Signed-off-by: 张 鹏 <sd20@qxwlan.com>
This reverts commit 80b7a8a7f5.
Now that 5.10 is the default kernel for all platforms, we can
bring back the NU801 userspace driver for platforms that rely
on it. Currently it's used on the MX100 x86_64 target, but
other Meraki platforms use this controller.
Note that we also now change how we load nu801. The way we did
this previously with procd worked, but it meant it didn't load
until everything was up and working.
To fix this, let's call nu801 from boot and re-trigger the
preinit blink sequence. Since nu801 runs as a daemon this is
now something we can do.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
(removed empty line, currently only MX100 uses it so: @TARGET_x86)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
See firmware-utils.git commits [1], which implemented the cros-vbutil
verified-boot payload-packing tool, and extended ptgen for the CrOS
kernel partition type. With these, it's now possible to package kernel +
rootfs to make disk images that can boot a Chrome OS-based system (e.g.,
Chromebooks, or even a few AP models).
Regarding PARTUUID= changes: Chromium bootloaders work well with a
partition number offset (i.e., relative to the kernel partition), so
we'll be using a slightly different root UUID line.
NB: I've made this support specific to ip40xx for now, because I only
plan to support an IPQ4019-based AP that uses a Chromium-based
bootloader, but this image format can be used for essentially any
Chromebook, as well as the Google OnHub, a prior Chromium-based AP using
an IPQ8064 chipset.
[1]
ptgen: add Chromium OS kernel partition support
https://git.openwrt.org/?p=project/firmware-utils.git;a=commit;h=6c95945b5de973026dc6f52eb088d0943efa96bb
cros-vbutil: add Chrome OS vboot kernel-signing utility
https://git.openwrt.org/?p=project/firmware-utils.git;a=commit;h=8e7274e02fdc6f2cb61b415d6e5b2e1c7e977aa1
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
From a manufacturer's image (version R89-13729.57.27), with appopriate
',variant=' appended to the board names:
$ .../qca-swiss-army-knife/tools/scripts/ath10k/ath10k-bdencoder \
-i ./board-google_wifi.qca4019
FileSize: 48596
FileCRC32: 3966df5d
FileMD5: d54161b0fb9e93691c4272649c37535a
BoardNames[0]: 'bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=GO_GALE'
BoardLength[0]: 12064
BoardCRC32[0]: e117f336
BoardMD5[0]: ea35e78c88a8571201da8b75edc9b881
BoardNames[1]: 'bus=ahb,bmi-chip-id=0,bmi-board-id=21,variant=GO_GALE'
BoardLength[1]: 12064
BoardCRC32[1]: 6c751ec9
BoardMD5[1]: 44cbc4ca6cb7141ba4249615f7065582
BoardNames[2]: 'bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=GO_BREEZE'
BoardLength[2]: 12064
BoardCRC32[2]: 24fba117
BoardMD5[2]: b4ac055b3ab67d5a6f5607a96af39a1f
BoardNames[3]: 'bus=ahb,bmi-chip-id=0,bmi-board-id=21,variant=GO_BREEZE'
BoardLength[3]: 12064
BoardCRC32[3]: a3e16b2a
BoardMD5[3]: 8b26cb285032314247304114b8ac50e7
Naming follows existing Google projects included in upstream board-2.bin
-- GO(ogle) prefix, an underscore (_), and the project code name, all in
caps.
Note that I only tested the "gale" model; the "breeze" model is a later
revision (same marketing name) with very small hardware changes but
otherwise using the same firmware image.
Submitted upstream here:
ath10k-firmware: QCA4019: hw1.0: Add Google Wifi BDFs
http://lists.infradead.org/pipermail/ath10k/2022-March/013465.htmlhttps://lore.kernel.org/ath10k/YjaNGW252Ls%2FyDw8@localhost/
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Fixes compilation under musl based distros like Alpine Linux.
Also add pcre/host as a build dependency as it's needed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Some configure scripts look for msgfmt and gmsgfmt. As we don't install
the latter, configure might pick up one from staging_dir/hostpkg, and
the other from the host:
checking for msgfmt... /home/stijn/Development/OpenWrt/openwrt/staging_dir/hostpkg/bin/msgfmt
checking for gmsgfmt... /usr/bin/gmsgfmt
This could potentially lead to hard to debug undefined behaviour.
Install a symlink in the host install phase to avoid this.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Evaluating the return value of 'json_load' didn't work in the
intended way resulting in PIN status no longer being read on modems
where --get-pin-status doesn't fail.
Fix this by trying --get-pin-status first and checking if pin1_status
field exists in JSON, and if it doesn't try again with
--uim-get-sim-state.
Fixes: #9501
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.
Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.
Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
engine.mk is supposed to be included by engine packages, but it will not
be present in the SDK in the same place as in the main repository.
Move it to include/openssl-engine.mk to avoid this.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
860ca90 odhcpd: Support for Option NTP and SNTP
83e14f4 router: advertise removed addresses as invalid in 3 consecutive RAs
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>