The 'nandbiterrs' tool is useful to find out of bit error correction of
NAND is working as expected by deliberately introducing bit errors and
telling up to which number they can be corrected.
Enable build of the testing tools and package the 'nandbiterrs' tool as
part of the nand-utils package.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
With the switch from the uImage.FIT partition parser to fitblk the
cmdline needs to be adjusted as well. Do this now as it has been
forgotten when the switch was done.
Fixes: 6368ed1ae5 ("mediatek: mt7623: phase out uImage.FIT partition parser")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
99dd990690bc treewide: refactor pref(erred) to preferred_lt (lifetime)
4c2b51eab368 treewide: refactor valid to valid_lt (lifetime)
3b4e06055900 router: inherit user-assigned preferred_lifetime
e164414aa184 router: limit prefix preferred_lt to valid_lt in accordance with RFC4861
a2176af7bdeb treewide: spell-fixes and new comments for extra clarification
4590efd3a2b3 treewide: normalize spaces to tabs
2edc60cb7c7a router: rename minvalid to lowest_found_lifetime
7ee72ee17bfa router: disambiguate and clarify 'no route' messages
a29882318a4c config: set RFC defaults for preferred lifetime
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
There is a new branch 12.5.r2 for kernel 6.6, so refresh
and update patches.
Delete patch 0010-nss-dp-include-net-netdev_rx_queue.h.patch
Changes:
2024-04-04 -5bf8b91 [qca-nss-dp] Adding support for port ID 3 & 4 in MHT switch
2024-03-28 -ce1e4cf [qca-nss-dp] Use skb_queue_head_init instead of __skb_queue_head_init.
2024-03-11 -0d26366 [qca-nss-dp] Read MHT LAN port status for ErP phase2
2024-03-22 -8382f14 [qca-nss-dp] Fix compilation issues seen on ginger branch for Miami profile
2023-05-02 -09b0983 [qca-nss-dp] vp list processing for capwap
2024-02-22 -bc09a01 [qca-nss-dp] EDMA ring reset for PPE-DS
2024-03-12 -2fcb586 [qca-nss-dp] Fix the EDMA clock frequency for the mitigation timer configuration
2024-02-23 -44ba1be [qca-nss-dp] Add API to retrieve ethernet netdevs for ErP
2024-02-09 -a5979b7 [qca-nss-dp] send napi and ip checksum for VP handler
2024-01-12 -1b9cb5d qca-nss-dp: User netdev_alloc_skb_fast instead of dev_alloc_skb
2024-01-08 -a859b48 [qca-nss-dp] NAPI Budget and EDMA Rx size change for KPI improvement.
2024-01-06 -8935523 [qca-nss-dp] Offload L3, L4 checksum to hardware for ppe-vp.
2023-12-07 -bbd9547 [qca-nss-dp] Fix Compilation issues on kernel6.6
2023-10-12 -bc55f75 [qca-nss-dp]: Enable legacy SCS for PPE-VP.
2023-09-08 -6bd771f [qca-nss-dp] Invalidate secondary descriptor before use.
2023-12-19 -b143df8 [qca-nss-dp] Fixed nss_dp_hal_hw_reset functionality for ipq53xx.
2023-12-16 -7cfde1d [qca-nss-dp] Added nss_dp_hal_hw_reset functionality for ipq53xx.
2023-11-02 -70af6c2 [qca-nss-dp] Implement EDMA hang recovery support
2023-11-27 -2202b29 [qca-nss-dp] Add support for adding the link speed for the Miami's port connected to the internal Switch.
2023-12-06 -bef68a8 [qca-nss-dp] Resolve ring utilization reporting issue in EDMA driver
2023-12-06 -eaa7627 [qca-nss-dp] Add/Delete static fdb entries only for physical ports
2023-10-16 -4551d0f [qca-nss-dp]: Support HLOST_TID_override from PPE_VP path.
2023-11-09 -42ad3f3 [qca-nss-dp] Correct the NAPI poll implementation for DS Rx fill handling
2023-10-16 -dfeb7d3 [qca-nss-dp] Check for disabled ethernet port in ErP functions
2023-11-09 -42ad3f3 [qca-nss-dp] Correct the NAPI poll implementation for DS Rx fill handling
2023-10-16 -dfeb7d3 [qca-nss-dp] Check for disabled ethernet port in ErP functions
2023-09-22 -03f83d6 [qca-nss-dp] Correct the mht device flag
2023-08-18 -5efd7f4 [qca-nss-dp] Add EDMA Tx rings for MHT ports
2023-09-11 -7808ba2 [qca-nss-dp] Move DP standby code to new file and use new SSDK API
2023-09-28 -22ade1e [qca-nss-dp] : enable PPE-DS support in 6.x kernel
2023-08-28 -1943922 [qca-nss-dp] Support for bitmap based CPU selection.
2023-08-16 -dcb82a7 qca-nss-dp: 512M profile changes for Miami+Pebble
2023-09-01 -18e51f3 [qca-nss-dp] Fix tx descriptor completion error.
2023-08-28 -0bfde2d [qca-nss-dp] Changes to enable ErP mode
2023-09-05 -f1d635a [qca-nss-dp] Enable fast recycled changes in dp for kernel 6.1
2023-06-15 -55d35bd [qca-nss-dp] Tracking the full utilization of EDMA rings
2023-08-25 -89b9c19 [qca-nss-dp] Restricting the MTU as 9216 for all interfaces in DP
2023-01-03 -5098a4f [qca-nss-dp] Requeue Tx packet in case of Tx-failure.
2023-04-06 -3576dbb [qca-nss-dp] Adding tx napi with four queue per interface.
2023-08-10 -d2b6921 [qca-nss-dp] : changes to support ppe-qdisc for linux 6.x
2023-08-08 -a1941fb [qca-nss-dp] moving SET_NETDEV_DEV for all netdev to set.
2023-07-18 -74d3178 [qca-nss-dp] Reordering the CPU code and ACL index processing.
2023-06-30 -ab03139 [qca-nss-dp] Configure port level PPE offload flag in PPE
2023-06-06 -e9bb8c5 [qca-nss-dp] Rate limit the debug logs.
2023-07-18 -43afb9b [qca-nss-dp] Support Core selection for PPE mirrored packets.
2023-07-11 -92edcfd [qca-nss-dp] Add sysctl to invalidate RX secondary descriptor.
Tested and working on WAX620.
Signed-off-by: Kristian Skramstad <kristian+github@83.no>
Link: https://github.com/openwrt/openwrt/pull/15383
Signed-off-by: Robert Marko <robimarko@gmail.com>
Qualcomm recently committed a new branch (12.5.r2) targeting kernel
6.6. This lets us clean up a few patches particularly the one for
"C22/C45" mdio.
A quick way to see what changed for IPQ807x/6018 was to list the files produced
during build (**/*.o), replace the extension with ".c", and doing a
`git log`.
Filtering from those commits, ones of particular interest are listed
below:
```
2024-04-16 - 0d8f30aa - fix compile issue on hk with linux style build
2024-01-29 - 636464f7 - update the check for port link notify
2024-01-24 - 30c10e7f - enable and disable loopback for xgmac to fix qm stuck issue
2024-01-15 - b6ea10aa - update the the APIs to access switch
2024-01-08 - a1687502 - Disable Tx bridge mac before power off the PHY
2024-01-07 - 3eafb613 - support led configure for malibu phy
2024-01-07 - 5c1af60d - remove phy type check from mac reset when mode switch
2023-12-17 - 79d0b1e8 - remove the PHY access APIs in ssdk_plat.c
2023-12-16 - b2953740 - Update mii read/write functions
2023-12-11 - 37f2eac3 - add port id check for fdb entry
2023-12-11 - d040ca4d - support mdio clause45 on kernel6.6
2023-12-07 - 11494fbc - use barrier mw() during access fdb entry table
2023-12-03 - 8e40a284 - fix build warnings on kernel6.6
2023-11-10 - 10aa0a02 - change speed value when call ssdk_port_link_notify
2023-11-06 - ee4c4a60 - Update mac bitmap value of L3 table on MAC delete
2023-11-03 - 7cd27d39 - support 10G phy common feature
2023-10-30 - 383cc0d2 - fix mactype and mux select issue
2023-10-24 - decf534a - support autoneg status query on force port
2023-10-11 - 111d574e - move ssdk_led_init to regi_init
2023-10-08 - 6b14c142 - the combo port also need to parse SFP pins
2023-10-03 - fb2e0401 - fix port5 interface mode switch issue in erp case
```
Verified with users on QNAP 301W, NBG7815, and myself on Dynalink
DL-WRX36 that everything is functional, including LEDS.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/15379
Signed-off-by: Robert Marko <robimarko@gmail.com>
Enable building multiple test programs and related kernel modules, with
initial support for the bpf_testmod.ko module required since kernel 6.4.
Explicitly disable LTO and clean up makefile variables and formatting.
Fix a musl-related build failure by adding a kernel 6.6 patch:
360-selftests-bpf-portability-of-unprivileged-tests.patch
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
This has been tested on two of my Unifi 6 LR v2s:
```bash
$ fw_printenv # before
Cannot parse config file '/etc/fw_env.config': No such file or directory
$ cat /etc/fw_env.config
/dev/mtd3 0x0000 0x1000 0x1000 1
$ fw_printenv
arch=arm
baudrate=115200
board=mt7622_evb
board_name=mt7622_evb
bootcmd=bootubnt
bootdelay=3
bootfile=uImage
cpu=armv7
device_model=U6-LR
ethact=mtk_eth
ethaddr=<redacted>
ethcard=AQR112C
ipaddr=<redacted>
is_default=true
loadaddr=0x5007FF28
macaddr=<redacted>
serverip=<redacted>
soc=mt7622
stderr=serial
stdin=serial
stdout=serial
vendor=mediatek
is_ble_stp=true
```
I had to reverse-engineer the working settings above to the UCI script.
Signed-off-by: Joel Low <joel@joelsplace.sg>
Link: https://github.com/openwrt/openwrt/pull/13897
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The DropBear's dropbearkey supports limited set of arguments of
OpenSSH ssh-keygen: -t, -q -N -Y
After the change you can generate a key with the same command.
Still many features of the original OpenSSH ssh-keygen are absent in
the dropbearkey.
If it's needed then users should install openssh-keygen package that
will replace the /usr/bin/ssh-keygen with the full version.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14174
[ wrap commit description to 80 columns ]
Link: https://github.com/openwrt/openwrt/pull/14174
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This adds support for the bpi-r4 variant with internal 2.5G PHY and
additional ethernet port instead of second sfp.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
This adds support for the bpi-r4 variant with internal 2.5G PHY and
additional ethernet port instead of second sfp.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Hardware:
=========
SOC: Qualcomm IPQ4019
WiFi 1: QCA4019 IEEE 802.11b/g/n
WiFi 2: QCA4019 IEEE 802.11a/n/ac
WiFi 3: QCA9886 IEEE 802.11a/n/ac
Bluetooth: Qualcomm CSR8510 (A10)
Zigbee: Silicon Labs EM3581 NCP + Skyworks SE2432L
Ethernet: Qualcomm Atheros QCA8072 (2-port)
Flash: Samsung KLM4G1FEPD (4GB eMMC)
RAM (NAND): 512MB
LED Controller: NXP PCA9633 (I2C)
Buttons: Single reset button (GPIO).
Ethernet:
=========
The device has 2 ethernet ports, configured as follows by default:
- left port: WAN
- right port: LAN
Wifi:
=====
The Wifi radios are turned off by default. To configure the router,
you will need to connect your computer to the LAN port of the device.
Bluetooth and Zigbee:
=====================
Configuration included but not tested.
Storage:
========
For compatibility with stock firmware, all of OpenWrt runs in a 136 MiB
eMMC partition (of which there are two copies, see below). You can also
use partition /dev/mmcblk0p19 "syscfg" (3.4 GiB) any way you see fit.
During very limited tests, stock firmware did not mount this partition.
However, backing up its stock content before use is recommended anyway.
Firmware:
=========
The device uses a dual firmware mechanism: it automatically reverts to
the previous firmware after 3 failed boot attempts.
You can switch to the inactive firmware copy by changing the "boot_part"
U-Boot environment variable. You can also do it by turning on the device
for a couple of seconds and then back off, 3 times in a row.
Installation:
=============
OpenWrt's "factory" image can be installed via the stock web UI:
1. Login to the UI. (The default password is printed on the label.)
2. Enter support mode by clicking on the "CA" link at the bottom.
3. Click "Connectivity", "Choose file", "Start", and ignore warnings.
This port is based on work done by flipy (https://github.com/flipy).
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15345
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add "linux64-loongarch64-openwrt" into openssl configurations to enable
building on loongarch64 machines.
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
* Allow kmod-acpi-video to be built for loongarch64:
The x86-specific CONFIG_ACPI_WMI will be split from default
kmod-acpi-video as a board-specific addition.
* Allow kmod-drm-amdgpu to be built for loongarch64:
Also add loongarch64-specific configs and modules.
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
To enable verbose log for xdp-tools compilation, we check for "c" in
the OPENWRT_VERBOSE, but verbose.mk supports only "w" and "s" for V=1
and V=99.
Fix the wrong matching and correctly enable verbose output matching for
"s".
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Upgrade the OpenSBI firmware used by RISC-V CPUs to 1.4.
Runtime-tested:
- d1 (Lichee RV)
- sifiveu (SiFive Unleashed)
Updates since last release:
1.4:
Synopsys DesignWare APB GPIO driver
Zicntr and Zihpm support
Console print improvements
Smepmp support
Simple FDT based syscon regmap driver
Syscon based reboot and poweroff driver
Non-contiguous hpm counters
Smcntrpmf support
Full sparse hartid support
IPI improvements
RFENCE improvements
Zkr support
Andes custom PMU support
1.3.1:
ACLINT driver fix for disabled CPUs
SBI PMU fix for out-of-bound access
Designware GPIO driver
1.3:
Allow platform to influence cold boot HART selection
Starfive JH7110 platform support
Split RX and RW firmware regions
Advertise non-retentive suspend for allwinner D1 platform
Byteorder/endianness conversion macros
SBI debug console extension (Experimental)
Configure the PMA regions for RZ/Five platform
SBI system suspend extension (Experimental)
SBI PMU platform firmware events (Experimental)
SBI CPPC extension (Experimental)
Optimized remote TLB flushes
Simple heap for boot time memory allocations
Bring back no-map DT property for reserved memory nodes
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
This is needed to boot the BCM6238-based Inteno XG6846.
Currently this is restricted to the XG6846 board.
Reviewed-by: Paul Donald <newtwen+github@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Currently it's needed to have gcc-multilib on the host to correctly
compile xdp-tools. This is wrong and means that we are using host header
to compile a tool.
By some searching in how the makefile works it was discovered that
BPF_CFLAGS were not used and required to be appended to config.mk
Only one single header was added but we should include each BPF_CFLAGS
from bpf.mk. To make this some patching to bpf-header were required and
some patches to xdp-tools were required.
Also it's needed to pass the correct target to BPF_CFLAGS.
With the following changes xdp-tools can correctly compile with each
header from bpf-headers and should not use any host header.
Co-Developed-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Andre Heider <a.heider@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/11825
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
netlink.h header have NL_SET_ERR_MSG_MOD that is tied to kmods. We don't
need kmods on bpf tools and this cause compilation error if the header
is included. Fix it by dropping NL_SET_ERR_MSG_MOD.
Link: https://github.com/openwrt/openwrt/pull/11825
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
mDNS broadcast can't accept empty TXT record and would fail
registration.
Current procd_add_mdns_service checks only if the first passed arg is
empty but don't make any verification on the other args permittins
insertion of empty values in TXT record.
Example:
procd_add_mdns "blah" \
"tcp" "50" \
"1" \
"" \
"3"
Produce:
{ "blah_50": { "service": "_blah._tcp.local", "port": 50, "txt": [ "1", "", "3" ] } }
The middle empty TXT record should never be included as it's empty.
This can happen with scripts that make fragile parsing and include
variables even if they are empty.
Prevent this and make the TXT record more solid by checking every
provided TXT record and include only the non-empty ones.
The fixed JSON is the following:
{ "blah_50": { "service": "_blah._tcp.local", "port": 50, "txt": [ "1", "3" ] } }
Fixes: b0d9dcf84d ("procd: update to latest git HEAD")
Reported-by: Paul Donald <newtwen@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15331
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Well, it seems that cryptopp hash was never refreshed since calling
make package/boot/arm-trusted-firmware-mvebu/check FIXUP=1 V=s does not
actually refresh the download calls hashes so refresh it manually.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Since ("download: don't overwrite VERSION variable") trying to download the
required sources for mvebu ATF will fail with:
Makefile:247: *** Download/mox-boot-builder is missing the SOURCE_VERSION field.. Stop.
This also broke the buildbot mvebu/cortex-a53 builds.
So, fix it by switching to SOURCE_VERSION instead.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
APK (Alpine Package Keeper) is the package manager of Alpine Linux and
has multiple advantages over OPKG. While Alpine uses APK version 2, this
commit adds version 3 with a heavily optimised database structure and
additional feature making it suitable for OpenWrt.
This commit will be followed by many more to add APK build capabilities
to the OpenWrt build system, firstly enabling side by side builds of APK
and OPKG packages, later replacing OPKG entirely.
Signed-off-by: Paul Spooren <mail@aparcar.org>
These options are not available in mbedtls 3.6.0 and selecting them
causes an error.
MBEDTLS_CERTS_C was removed in:
1aec64642c
MBEDTLS_XTEA_C was removed in:
10e8cf5fef
MBEDTLS_SSL_TRUNCATED_HMAC was removed in:
4a7010d1aa
Fixes: 0e06642643 ("mbedtls: Update to version 3.6.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes:
- new URL for sources (old address is dead)
- daemon and utils from packages feed are merged in here
- only build once
- no need to update at the same time in both places
- update to v3.1.4
- removed unneeded patches
- added audisp-syslog
- removed audispd (no longer exists)
- rename and move to package/utils/audit
- update new path in one dependent package
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
With "ebfe8b4 CMakeLists: set no-dangling-pointer" the compilation
option is set in uqmi, and can therefore be removed from no-error.
Signed-off-by: Jean Thomas <jean.thomas@wifirst.fr>
e7207be uqmi: print radio interfaces in serving system command
6ef41d6 uqmi: create function to print radio interface string
e25d042 uqmi: Add basic 5G NR support
3e782be uqmi: sync data from libqmi project
368d46c uqmi: support C reserved keywords in upstream JSON files
02e42c0 reorganize source code in common and uqmi specific parts
4591f0a .gitignore build/ directories
2b57ee1 uqmi: commands-uim: fix uninitialized use of card_application_state
7c77e77 data/code-gen: add support for indications
ddbf864 qmi-struct.h: add missing includes
5320c1d move qmi_get_error_str to into utils.c
1503bc7 dev.c: add missing import strings.h
bae945f commands-nas: add missing includes
9ffd0e2 commands: make `struct blob_buf status` public
a4fbdcc commands-nas: fix gcc warning
8ff632a dev.c: add comment to qmi_request_wait()
a043a74 CMakeLists: refactor SOURCES variable to allow later adding uqmid
ebfe8b4 CMakeLists: set no-dangling-pointer
c47125d CMakeLists: improve generated files
0f64b69 CMakeLists: update cmake minimum version to 3.5
As the built uqmi binary is now moved to a dedicated directory,
update the Makefile accordingly.
Signed-off-by: Jean Thomas <jean.thomas@wifirst.fr>
This adds support for mbedtls 3.6.0.
The 3.6 version is the next LTS version of mbedtls.
This version supports TLS 1.3.
This switches to download using git. The codeload tar file misses some
git submodules.
Add some extra options added in mbedtls 3.6.0.
The size of the compressed ipkg increases:
230933 bin/packages/mips_24kc/base/libmbedtls13_2.28.7-r2_mips_24kc.ipk
300154 bin/packages/mips_24kc/base/libmbedtls14_3.6.0-r1_mips_24kc.ipk
The removed patch was integrated upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
It seems that somehow a wrong hash has been used for ipq-wifi, so refresh
it.
Fixes: f10d55df9e ("ipq-wifi: update to Git HEAD (2024-04-26)")
Signed-off-by: Robert Marko <robimarko@gmail.com>
Because these capability advertisements default to on in lldpd, they
became absent at reload, and not restart, due to how the reload logic
works ( keep daemon running, send unconfigured and then the new config
via socket ), and it was not evident unless you happened to be looking
for it (e.g. via pcap or tcpdump). It was also not evident from the
manpage ( have now sent patches upstream ).
At reload time, the unconfigure logic disabled them unless they were
explicitly enabled (compare with other settings where 'unconfigure' just
resets them). Now they default to on/enabled at init time, and are
explicitly 'unconfigure'd at startup if the user disables them via:
lldp_mgmt_addr_advertisements=0
lldp_capability_advertisements=0
In other words: explicit is necessary to disable the advertisements.
The same applies to 'configure system capabilities enabled'. Technically
'unconfigure'd is the default but now it is explicit at reload.
Tested on: 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Building perf's intel-pt-decoder fails on both PPC32 and PPC64:
/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-13.2.0_musl/lib/gcc/powerpc64-openwrt-linux-musl/13.2.0/../../../../powerpc64-openwrt-linux-musl/bin/ld.bfd:
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-powerpc64_e5500_musl/linux-qoriq_generic/linux-6.1.86/tools/
perf-target-powerpc64_e5500_musl/perf-in.o: in function `insn_set_byte':
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-powerpc64_e5500_musl/linux-qoriq_generic/linux-6.1.86/tools/perf/util/intel-pt-decoder/../../../arch/x86/include/asm/insn.h:64:
undefined reference to `__le32_to_cpu'
Add NO_AUXTRACE=1 to MAKE_FLAGS for LINUX_KARCH powerpc, which disables
build of intel-pt-decoder on both PPC32 and PPC64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
fab9e29f6b92 ipq6018: update regdb in TPLink EAP610-Outdoor BDF
6d02b65fadf3 ipq8074: update RegDB in new submitted BDF
644ba9ea2e66 ipq6018: update RegDB in new submitted BDF
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
uboot-envtools is currently missing config for Edgerouter-X
and its not immediately obvious what settings to manually
apply.
Provide default configuration for envtools on Edgerouter-X.
Signed-off-by: Tim Lunn <tim@feathertop.org>
This adds a kernel module package for the Marvell
MV88E6XXX DSA switch and a separate module package for
the DSA tagger since it can in theory be used by multiple
DSA switches. Enable both DSA and EDSA tags in the
tagger.
We can't just compile this in because just a few devices
has this DSA, and it depends on e.g. the I2C and SFP
to be loaded as modules first.
We have no examples of DSA switches being packaged as
modules before, all seem to be compiled in, but it
actually works just fine to do this.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
This fixes multiple security problems:
* [High] CVE-2024-0901 Potential denial of service and out of bounds
read. Affects TLS 1.3 on the server side when accepting a connection
from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
it is recommended to update the version of wolfSSL used.
* [Med] CVE-2024-1545 Fault Injection vulnerability in
RsaPrivateDecryption function that potentially allows an attacker
that has access to the same system with a victims process to perform
a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
Zhang, Qingni Shen for the report (Peking University, The University
of Western Australia)."
* [Med] Fault injection attack with EdDSA signature operations. This
affects ed25519 sign operations where the system could be susceptible
to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
Qingni Shen for the report (Peking University, The University of
Western Australia).
Size increased a little:
wolfssl 5.6.6:
516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
wolfssl: 5.7.0:
519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This contains a fix for:
CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x
before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto
API mishandles shared memory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The Upstream Linux community has discontinued support for the target.
Maintaining support for it downstream would require too much effort.
Moreover, it seems that the supported hardware is no longer deemed worthy
of it.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add new functions for ath11k caldata:
- ath11k_patch_mac (from 0 to 5)
- ath11k_remove_regdomain
- ath11k_set_macflag (some pre-caldata have the nvMacFlag flag unset which is needed to change the MAC address)
Additionaly for ath10k caldata:
- ath10k_remove_regdomain
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
This update contains a minor fix to resolve "detected write beyond size
of field" warning during compilation:
* "replace [0] with []" (1d0d08c)
All patches still apply.
References:
* https://github.com/openwrt/openwrt/issues/15108
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
Spectrum SAX1V1K is a AX WIFI router with 3 1G and 1 2.5G ports.
The router is provided to Spectrum customers.
It is OEM of Askey RT5010W
https://forum.openwrt.org/t/spectrum-sax1v1k-askey-rt5010w-openwrt-support/149923
It continues the original work by @MeisterLone to get this device supported.
Specifications:
```
• CPU: Qualcomm IPQ8072A Quad core Cortex-A53 2.2GHz
• RAM: 2048MB of DDR3
• Storage: 1024MB eMMC
• Ethernet: 3x 1G RJ45 ports (QCA8075) + 1 2.5G Port (QCA8081)
• WLAN:
• 2.4GHz: Qualcomm QCN5024 4x4 802.11b/g/n/ax 1174 Mbps PHY rate
• 5GHz: Qualcomm QCN5054 4x4 802.11a/b/g/n/ac/ax 2402 PHY rate
• LED: 1 gpio-controlled dual color led (blue/red)
• Buttons: 1x reset
• Power: 12V DC jack
```
Notes:
```
• This commit adds only single partition support, that means
sysupgrade is upgrading the current rootfs partition.
• Installation can be done by serial connection only.
• A poulated serial header is onboard
https://forum.openwrt.org/t/spectrum-sax1v1k-askey-rt5010w-openwrt-support/149923/6
• RX/TX is working, u-boot bootwait is active, secure boot is enabled.
```
Installation Instructions:
**Most part of the installation is performed from an initramfs image.**
Boot initramfs : Using serial connection
1. Boot up the device and wait till it displays "VERIFY_IB: Success. verify IB ok"
2. Once that message appears,
login with username 'root'
password serial number of your router in uppercase.
3. Use vi to paste the 'open.sh' script from @MeisterLone github on your device
https://github.com/MeisterLone/Askey-RT5010W-D187-REV6/blob/master/Patch/open.sh
4. chmod 755 open.sh
5. ./open.sh
6. Set your ip to 192.168.0.1
7. Run a TFTP server and host the initramfs image on the TFTP server and name it "recovery.img"
8. Reboot device. On boot it will try TFTP.
Install OpenWrt from initramfs image:
1. Use SCP (or other way) to transfer OpenWrt factory image
2. Connect to device using SSH (on a LAN port)
3. Flash firmware: sysupgrade
# sysupgrade -n -v /tmp/openwrt_sysupgrade.bin
4. Set U-boot env variable: bootcmd
# fw_setenv bootcmd "run fix_uboot; run setup_and_boot"
5. Reboot the device
# reboot
6. Once device is booted, residue of previous firmware will prevent openwrt to work properly.
Factory Reset is MUST required
# Once serial console is displaying to login, hold reset button for 10 sec
7. Now everything should be operational.
Note: this PR adds only single partition support, that means sysupgrade is
upgrading the current rootfs partition
Signed-off-by: Connor Yoon <j_connor@taliaent.com>
ec8c620fd5f4 split bridge-local disable into rx and tx
40b1c5b6be4e flow: do not attempt to offload bridge-local flows
Signed-off-by: Felix Fietkau <nbd@nbd.name>
For interface type parameters, the man page documents patterns:
```
*,!eth*,!!eth1
uses all interfaces, except interfaces starting with "eth",
but including "eth1".
```
* Renamed `_ifname` to `_l2dev`.
* get the l2dev via network_get_physdev (and not l3dev)
* Glob pattern `*` is also valid - use noglob for this
The net result is that now interface 'names' including globs '*' and '!'
inversions are included in the generated lldpd configs.
Temporarily `set -o noglob` and then `set +o noglob` to disable & enable
globbing respectively, because when we pass `*` as an interface choice,
other file and pathnames get sucked in from where the init script runs,
and the `*` never makes it to lldpd.
Tested extensively on: 22.03.6, 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
[ squash with commit bumping release version ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Lets update to 2024.04 in order to drop all of the patches as they have
been merged upstream.
Tested on Methode eDPU.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
f9a28a9ce864 ustream-ssl: poll connection on incomplete reads
3c49e70c4622 ustream-ssl: increase number of read buffers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Reduce calls and pipes and read from urandom once directly with hexdump
for the necessary 5 bytes of random data to build the 48 bit ULA Prefix.
Fewer calls and forks; finish quicker; less memory used.
Tested on: 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
It seems that move to kernel 6.6 somehow fixed the remoteproc restart so
now it properly restarts and thus coldboot calibration works as well.
ipq60xx still seems to be broken in a different way so keep it disabled.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add patch fixing rmmod and insmod. Lots of flawed logic fixed that
permits the module to correctly rmmod and insmod later.
Just to quote some change, use phy_detach instead of phy_disconnect, fix
exclusive reset_control that could only be used once, fix kernel panic
on second edma_cleanup, stop traffic before module exit...
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This reverts commit a9e22ffa50.
After doing a clean rebuild, it turns out that this change is not necessary
Signed-off-by: Felix Fietkau <nbd@nbd.name>
3159bbe0a2eb improve isolation when selecting a fixed output port
c77a7a1ff74d nl: fix getting flow offload stats
a08e51e679dd add support for disabling bridge-local flows via config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The new script uses a different strategy compared to the previous one.
Instead of trying to split flows by hash and spread them to all CPUs,
use RPS to redirect packets to a single core only.
Try to spread NAPI thread and RPS target CPUs across available CPUs
and try to ensure that the NAPI thread is on a different CPU than the
RPS target. This significantly reduces cycles wasted on the scheduler.
Signed-off-by: Felix Fietkau <nbd@nbd.name>