Existing conntracks will continue to be SNATed to 192.0.0.1 even after
464xlat interface gets teared down. To prevent this, matching
conntracks must be killed.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
ClearFog GT 8K is device sold by SolidRun. It is marketed as a
development board, not a consumer product. The device tree file for this board
is upstream in kernel.org.
Signed-off-by: Logan Blyth <mrbojangles3@gmail.com>
As per the series:
<https://www.spinics.net/lists/devicetree/msg508906.html>
"Enforce specific naming pattern for children (keys) to narrow the
pattern thus do not match other properties. This will require all
children to be properly prefixed or suffixed (button, event, switch
or key)."
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
On x86, when both CONFIG_GRUB_CONSOLE and CONFIG_GRUB_SERIAL are set (as
they are by default), the kernel command line will have two console=
entries, such as
console=tty0 console=ttyS0,115200n8
Failsafe was only running a shell on the first defined console, the VGA
console. This is a problem for devices like apu2, where there is only a
serial console and it appears on ttyS0.
Moreover, the console prompt to enter failsafe during boot was delivered
to, and its input read from, the last console= on the kernel command
line. So while the failsafe shell was on the first defined console, only
the last defined console could be used to enter failsafe during boot.
In contrast, the x86 bootloader (GRUB) operates on both the serial
console and the VGA console by virtue of "terminal_{input,output}
console serial". GRUB also provided an alternate means to enter failsafe
from either console. The presence of two console= kernel command line
parameters causes kernel messages to be delivered to both. Under normal
operation (not failsafe), procd runs login in accordance with inittab,
which on x86 specifies ttyS0, hvc0, and tty1, allowing login through any
of serial, hypervisor, or VGA console. Thus, serial access was
consistently available on x86 devices with serial consoles under normal
operation, except for shell access in failsafe mode (without editing the
kernel command line).
By presenting the failsafe prompt, reading failsafe prompt input, and
running failsafe shells on all consoles listed in /proc/cmdline,
failsafe mode will work correctly on devices with a serial console (like
apu2), and the same image without any need for reconfiguration can be
shared by devices with the more traditional (for x86) VGA console. This
improvement should benefit any system with multiple console= arguments,
including x86 and bcm27xx (Raspberry Pi).
Signed-off-by: Mark Mentovai <mark at moxienet.com>
adds `libusb-1.0.so` link on the target root again.
Fixes: 43539a6aab ("libusb: make InstallDev explicit")
Signed-off-by: Leo Soares <leo@hyper.ag>
(added fixed tag, reworded commit)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The PCI controller has it's reset line wired up to bit 13 of RCU.
Describe this in our .dtsi files.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
This backports encap offload support from upstream.
On some ath10k devices there can be about 10% improvement on tx throughput.
Users can turn it on by setting frame_mode=2.
Signed-off-by: Zhijun You <hujy652@gmail.com>
This adds support for the Netgear PGZNG1, also known as the ADT Pulse
Gateway.
Hardware:
CPU: Atheros AR9344
Memory: 256MB
Storage: 256MB NAND Hynix H27U2G8F2CTR-BC
USB: 1x USB 2.0
Ethernet: 2x 100Mb/s
WiFi: Atheros AR9340 2.4GHz 2T2R
Leds: 8 LEDs
Button: 1x Reset Button
UART:
Header marked JPE1. Pinout is VCC, TX, RX, GND. The marked pin, closest
to the JPE1 marking, is VCC. Note VCC isn't required to be connected
for UART to work.
Enable Stock Firmware Shell Access:
1. Interrupt u-boot and run the following commands
setenv console_mode 1
saveenv
reset
This will enable a UART shell in the firmware. You can then login using
the root password of `icontrol`. If that doesn't work, the device is
running a firmware based on OpenWRT where you can drop into failsafe to
mount the FS and then modify /etc/passwd.
Installation Instructions:
1. Interupt u-boot and run the following commands
setenv active_image 0
setenv stock_bootcmd nboot 0x81000000 0 \${kernel_offset}
setenv openwrt_bootcmd nboot 0x82000000 0 \${kernel_offset}
setenv bootcmd run openwrt_bootcmd
saveenv
2. boot initramfs image via TFTP u-boot
tftpboot 0x82000000 openwrt-ath79-nand-netgear_pgzng1-initramfs-kernel.bin; bootm 0x82000000
3. Once booted, use LuCI sysupgrade to
flash openwrt-ath79-nand-netgear_pgzng1-squashfs-sysupgrade.bin
MAC Table:
WAN (eth0): xx:xa - caldata 0x0
LAN (eth1): xx:xb - caldata 0x6
WLAN (phy0): xx:xc - burned into ath9k caldata
Not Working:
Z-Wave
RS422
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
(added more hw-info, fixed file permissions)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch adds support for the mainline kernel module for the PCA955x
LED driver. Note this requires i2c and GPIO support. Also worth calling
out this driver also enables GPIO support, depending on device tree
configuration.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
These patches are to support the pca955x led with OpenWRT correctly via
device tree on linux 5.10. Without these, the new LED function/color/reg
features can not be used.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
This row is no longer necessary as it was replaced by LOCALVERSION in
uboot.mk, which explicitly sets OpenWrt version to all U-boot packages accross
OpenWrt. [1]
[1] d6aa9d9e07
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt
```
It includes the following security fix:
* A malicious certificate can cause an infinite loop.
Reported by and fix from Tavis Ormandy and David Benjamin, Google.
```
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
If the RTC module is compiled as a module, the hctosys fails to
initialize because ds1307 is loaded later.
Fixes:
[ 2.004145] hctosys: unable to open rtc device (rtc0)
[ 11.957997] rtc-ds1307 0-006f: registered as rtc0
This is similar to commit 5481ce9a11,
which was done for imx6 target.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
The Meraki MR74 is part of the "Insect" series. This device is
essentially an outdoor variant of the MR33 with identical hardware, but
requiring a config@3 DTS option to be set to allow booting with the
stock u-boot.
The install procedure is replicated from the MR33, with the exception
being that the MR74 sysupgrade image must be used.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
The MBL has a 512KiB Microchip SST39VF040 chip for uboot and
not much else.
Thanks to Ewald who figured out that the "jedec-probe" vs.
"jedec-flash" was the wrong binding. With this information
and the jedec-probe support enabled => the chip works.
| physmap-flash 4fff80000.nor_flash: physmap platform flash device: [mem 0x4fff80000-0x4ffffffff]
| Found: SST 39LF040
| 4fff80000.nor_flash: Found 1 x8 devices at 0x0 in 8-bit bank
Suggested-by: Ewald Comhaire <e.comhaire@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
In subtarget p2020, there wasn't enabled nand support, and because of
that there weren't available tools from mtd-utils package, which has
utilities for NAND flash memory even though reference board, which
is the only currently supported device in p2020 subtarget has NAND [1].
All subtargets in mpc85xx has already enabled nand support, let's do it
globally.
[1] https://www.nxp.com/design/qoriq-developer-resources/p2020-reference-design-board:P2020RDB
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Keeping the pvid at 0 when VLAN-unaware makes it possible to drop the
hack introduced in commit 920eaab1d8 ("kernel: DSA roaming fix for
Marvell mv88e6xxx"). Dropping the hack makes it possible to use VLAN
interfaces with VID 1 on DSA ports without problems with FDB.
Signed-off-by: Marek Behún <kabel@kernel.org>
(cherry picked from commit 9caa6f0aa7)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[drop kernel patch hack from Linux version 5.15, drop paragraph about
backport patch, which is not necessary as it is included in kernel 5.15]
with the switch to DSA setup, the switch gets correctly
programmed via the device-tree now. This hack is no
longer necessary.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Linux' upstream MTD-Maintainer Miquèl Raynal noted:
|Reverting seems the safest option here, not knowing how many devices
|have these damaged/counterfeit chips. If it is just a couple and only on
|Fritzboxes, as suggested in the Github issue this patch could be
|carried through OpenWrt and that would seem more future proof IMHO.
This patch follows up with the first patch. It actually
moves the patches out of target/linux/generic/pending into
the ipq40xx's patch heap and adds a little note what happend.
For more information, discussions or reports about bad TC58NVG0S3Hs,
please visit the OpenWrt's Github Issue #9962:
<https://github.com/openwrt/openwrt/issues/9962>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The Netgear GS108Tv3 is already supported by OpenWrt, but is missing LED
support. After OpenWrt installation, all LEDs are off which makes the
installation quite confusing.
This enables support for the green/amber power LED to give feedback
about the current status.
This is basically just a verbatim copy of commit c4927747d2 ("realtek:
add support for power LED on Netgear GS308Tv1").
Please note that both LEDs are wired up in an anti-parallel fashion,
which means that only one of both LEDs/colors can be switched on at the
same time. If both LEDs/colors are switched on simultanously, the LED
goes dark.
Tested-by: Pascal Ernster <git@hardfalcon.net>
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
[add title to commit reference]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Hardware specification
----------------------
* RTL8382M SoC, 1 MIPS 4KEc core @ 500MHz
* 128MB DRAM
* 32MB NOR Flash
* 16 x 10/100/1000BASE-T ports
- Internal PHY with 8 ports (RTL8218B)
- External PHY with 8 ports (RTL8218B)
* 4 x Gigabit RJ45/SFP Combo ports
- External PHY with 4 SFP ports (RTL8214FC)
* Power LED
* Reset button on front panel
* UART (115200 8N1) via unpopulated standard 0.1" pin header marked J6
UART pinout
-----------
[o]ooo|J6
| ||`------ GND
| |`------- RX
| `-------- TX
`---------- Vcc (3V3)
Boot initramfs image from U-Boot
--------------------------------
1. Press Escape key during `Hit Esc key to stop autoboot` prompt
2. Press CTRL+C keys to get into real U-Boot prompt
3. Init network with `rtk network on` command
4. Load image with `tftpboot 0x8f000000 openwrt-realtek-rtl838x-d-link_dgs-1210-20-initramfs-kernel.bin` command
5. Boot the image with `bootm` command
To install, upload the sysupgrade image to the OEM webpage or sysupgrade
from the system running from initramfs image.
It has been developed and tested on device with F1 revision.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
[correct initramfs image name]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Both buttons on the RT-AC57U are active-low. Fix the GPIO flag for the
WPS cutton to fix button behavior.
Signed-off-by: David Bauer <mail@david-bauer.net>
4383528e0 P2P: Use weighted preferred channel list for channel selection
f2c5c8d38 QCA vendor attribute to configure RX link speed threshold for roaming
94bc94b20 Add QCA vendor attribute for DO_ACS to allow using existing scan entries
b9e2826b9 P2P: Filter 6 GHz channels if peer doesn't support them
d5a9944b8 Reserve QCA vendor sub command id 206..212
ed63c286f Remove space before tab in QCA vendor commands
e4015440a ProxyARP: Clear bridge parameters on deinit only if hostapd set them
02047e9c8 hs20-osu-client: Explicit checks for snprintf() result
cd92f7f98 FIPS PRF: Avoid duplicate SHA1Init() functionality
5c87fcc15 OpenSSL: Use internal FIPS 186-2 PRF with OpenSSL 3.0
9e305878c SAE-PK: Fix build without AES-SIV
c41004d86 OpenSSL: Convert more crypto_ec_key routines to new EVP API
667a2959c OpenSSL: crypto_ec_key_get_public_key() using new EVP_PKEY API
5b97395b3 OpenSSL: crypto_ec_key_get_private_key() using new EVP_PKEY API
177ebfe10 crypto: Convert crypto_ec_key_get_public_key() to return new ec_point
26780d92f crypto: Convert crypto_ec_key_get_private_key() to return new bignum
c9c2c2d9c OpenSSL: Fix a memory leak on crypto_hash_init() error path
6d19dccf9 OpenSSL: Free OSSL_DECODER_CTX in tls_global_dh()
4f4479ef9 OpenSSL: crypto_ec_key_parse_{priv,pub}() without EC_KEY API
b092d8ee6 tests: imsi_privacy_attr
563699174 EAP-SIM/AKA peer: IMSI privacy attribute
1004fb7ee tests: Testing functionality to discard DPP Public Action frames
355069616 tests: Add forgotten files for expired IMSI privacy cert tests
b9a222cdd tests: sigma_dut and DPP curve-from-URI special functionality
fa36e7ee4 tests: sigma_dut controlled STA and EAP-AKA parameters
99165cc4b Rename wpa_supplicant imsi_privacy_key configuration parameter
dde7f90a4 tests: Update VM setup example to use Ubuntu 22.04 and UML
426932f06 tests: EAP-AKA and expired imsi_privacy_key
35eda6e70 EAP-SIM peer: Free imsi_privacy_key on an error path
1328cdeb1 Do not try to use network profile with invalid imsi_privacy_key
d1652dc7c OpenSSL: Refuse to accept expired RSA certificate
866e7b745 OpenSSL: Include rsa.h for OpenSSL 3.0
bc99366f9 OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using TLS 1.0/1.1
39e662308 tests: Work around reentrant logging issues due to __del__ misuse
72641f924 tests: Clean up failed test list in parallel-vm.py
e36a7c794 tests: Support pycryptodome
a44744d3b tests: Set ECB mode for AES explicitly to work with cryptodome
e90ea900a tests: sigma_dut DPP TCP Configurator as initiator with addr from URI
ed325ff0f DPP: Allow TCP destination (address/port) to be used from peer URI
e58dabbcf tests: DPP URI with host info
37bb4178b DPP: Host information in bootstrapping URI
1142b6e41 EHT: Do not check HE PHY capability info reserved fields
7173992b9 tests: Flush scan table in ap_wps_priority to make it more robust
b9313e17e tests: Update ap_wpa2_psk_ext_delayed_ptk_rekey to match implementation
bc3699179 Use Secure=1 in PTK rekeying EAPOL-Key msg 1/4 and 2/4
d2ce1b4d6 tests: Wait for request before responding in dscp_response
Compile-tested: all versions / ath79-generic, ramips-mt7621
Run-tested: hostapd-wolfssl / ath79-generic, ramips-mt7621
Signed-off-by: David Bauer <mail@david-bauer.net>
Downstream projects might re-generate device-specific configuration
based on OpenWrt's defaults on each upgrade, thus being unaffected by
forward- as well as backwards-breaking configuration.
Add a new sysupgrade parameter, which allows sysupgrades between minor
compat-versions. Upgrades will still fail upon mismatching major compat
versions.
Signed-off-by: David Bauer <mail@david-bauer.net>
ath10k Wave-2 hardware requires an nvmem-cell called "pre-calibration"
to load the device specific caldata, not "calibration". Rename the nvmem
cell node and label to match the updated cell name.
Fixes: eca0d73011 ("ath79: TP-Link EAP225 v3: convert ath10k to nvmem-cells")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
ath10k Wave-2 hardware requires an nvmem-cell called "pre-calibration"
to load the device specific caldata, not "calibration". Rename the nvmem
cell node and label to match the updated cell name.
Fixes: 48625a0445 ("ath79: TP-Link EAP225-Wall v1: convert radios to nvmem-cells")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Fixes errors in the form of:
ath10k_pci 0000:00:00.0: failed to fetch board data for bus=pci,
vendor=168c,device=0056,subsystem-vendor=0000,subsystem-device
=0000 from ath10k/QCA9888/hw2.0/board-2.bin
ath10k_pci 0000:00:00.0: failed to fetch board-2.bin or board.bin
from ath10k/QCA9888/hw2.0
ath10k_pci 0000:00:00.0: failed to fetch board file: -12
ath10k_pci 0000:00:00.0: could not probe fw (-12)
As described already in 2d3321619b ("ath79: TP-Link EAP245 v3: use
pre-calibration nvmem-cell"):
Ath10k Wave-2 hardware requires an nvmem-cell called "pre-calibration"
to load the device specific caldata, not "calibration".
Further rename the nvmem cell node and label to match the updated cell name.
Fixes: 23b9040745 ("ath79: TP-Link EAP225-Outdoor v1: convert ath10k to nvmem-cells")
Suggested-by: Sander Vanheule <sander@svanheule.net>
Signed-off-by: Nick Hainke <vincent@systemli.org>
There is not RTC battery connected to the SoC of the UniFi 6 LR board.
Disable the RTC to prevent the system coming up with time set to
2000-01-01 00:00:00 after each reboot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Convert the calibration data reference for the ath9k radio to an
nvmem-cell, replacing the downstream mtd-cal-data property.
Since the 'art' label is no longer used, it can be dropped.
Cc: Sebastian Schaper <openwrt@sebastianschaper.net>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The art partition containing the radio calibration data is in the same
location for all supported devices. Move the definition to the base file
so the reference from the wmac node can reference the same file.
Cc: Sebastian Schaper <openwrt@sebastianschaper.net>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Add the PCIe node for the ath10k radio to the devicetree, and refer to
the art partition for the calibration data using nvmem-cells.
MAC address assignment is moved to '10_fix_wifi_mac', so the device can
then be removed from the caldata extraction script '11-ath10k-caldata'.
Cc: Sebastian Schaper <openwrt@sebastianschaper.net>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Add the PCIe node for the ath10k radio to the devicetree, and refer to
the art partition for the calibration data using nvmem-cells.
MAC address assignment is moved to '10_fix_wifi_mac', so the device can
then be removed from the caldata extraction script '11-ath10k-caldata'.
Cc: Sebastian Schaper <openwrt@sebastianschaper.net>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Add the PCIe node for the ath10k radio to the devicetree, and refer to
the art partition for the calibration data using nvmem-cells.
MAC address assignment is moved to '10_fix_wifi_mac', so the device can
then be removed from the caldata extraction script '11-ath10k-caldata'.
Cc: Sebastian Schaper <openwrt@sebastianschaper.net>
Tested-by: Sebastian Schaper <openwrt@sebastianschaper.net>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Add the PCIe node for the ath10k radio to the devicetree, and refer to
the art partition for the pre-calibration data using nvmem-cells.
MAC address assignment is moved to '10_fix_wifi_mac', so the device can
then be removed from the caldata extraction script '11-ath10k-caldata'.
Cc: Sebastian Schaper <openwrt@sebastianschaper.net>
Tested-by: Sebastian Schaper <openwrt@sebastianschaper.net>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Convert the calibration data reference for the ath9k radio to an
nvmem-cell, replacing the downstream mtd-cal-data property.
Cc: Sebastian Schaper <openwrt@sebastianschaper.net>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The art partition containing the radio calibration data is in the same
location for all supported devices. Move the definition to the base file
so the reference from the wmac node can refer to the same file.
Cc: Sebastian Schaper <openwrt@sebastianschaper.net>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
ath10k Wave-2 hardware requires an nvmem-cell called "pre-calibration"
to load the device specific caldata, not "calibration".
Update the nvmem-cell name to make the 5GHz radio work again.
Fixes: d4b3b23942 ("ath79: TP-Link EAP245 v3: convert radios to nvmem-cells")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The Netgear GS308Tv1 is already supported by OpenWrt, but is missing LED
support. After OpenWrt installation, all LEDs are off which makes the
installation quite confusing.
This enables support for the green/amber power LED to give feedback
about the current status.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
11f5c7b fw4.uc: fix zone helper assignment
b9d35ff fw4.uc: don't skip zone for unavailable helper
e35e26b tests: add test for zone helpers
a063317 ruleset: fix conntrack helpers
e1cb763 ruleset: reuse zone-jump.uc template for notrack and helper chain jumps
11410b8 ruleset: reorder declarations & output tweaks
880dd31 fw4: fix skipping invalid IPv6 ipset entries
5994466 fw4: simplify `is_loopback_dev()`
53886e5 fw4: fix crash in parse_cthelper() if no helpers are present
11256ff fw4: add support for configurable includes
3b5a033 tests: add test coverage for firewall includes
d79911c fw4: support sets with timeout capability but without default expiry
15c3831 fw4: add support for `option log` in rule and redirect sections
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Move the ethernet phy definition from the eap2x5-1port include to the
device-specific DTS files. This is to prepare for new devices that have
a different ethernet phy, at another MDIO address.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Replace the mtd-cal-data phandle by an nvmem-cell reference to the art
partition for the 2.4GHz ath9k radio.
Add the PCIe node for the ath10k radio to the devicetree, and refer to
the art partition for the calibration data using nvmem-cells.
Use mac-address-increment to ensure the MAC address is set correctly,
and remove the device from the caldata extraction and patching script.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Replace the mtd-cal-data phandle by an nvmem-cell reference from the art
partition for the 2.4GHz ath9k radio.
Add the PCIe node for the ath10k radio to the devicetree, and refer to
the art partition for the calibration data using an nvmem-cell.
Use mac-address-increment to ensure the MAC address is set correctly,
and remove the device from the caldata extraction and patching script.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Add the PCIe node for the ath10k radio to the devicetree, and refer to
the art partition for the calibration data using nvmem-cells.
Use mac-address-increment to ensure the MAC address is set correctly,
and remove the device from the caldata extraction and patching script.
Signed-off-by: Sander Vanheule <sander@svanheule.net>