If authentication fails repeatedly e.g. because of a weak signal, the link
can end up in blocked state. If one of the nodes tries to establish a link
again before it is unblocked on the other side, it will block the link to
that other side. The same happens on the other side when it unblocks the
link. In that scenario, the link never recovers on its own.
To fix this, allow restarting authentication even if the link is in blocked
state, but don't initiate the attempt until the blocked period is over.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit f84053af5c)
Some drivers that do their own sequence number allocation (e.g. ath9k, mwlwifi) rely
on being able to modify params->ssn on starting tx ampdu sessions.
This was broken by a change that modified it to use sta->tid_seq[tid] instead.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit ddd977fcc5)
When a ubus event handler denies a association with a non-zero return
value, the code jumps to preceeding code, creating an endless loop until
the event handler accepts the assc request.
Move the ubus handler further up the code to avoid creating such a loop.
Signed-off-by: David Bauer <mail@david-bauer.net>
They can be added as hex digit strings via the 'vendor_elements' option
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 1818b038d7)
This makes it possible to avoid using a RADIUS server for WPA enterprise authentication
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from 98621c9782)
This allows WPA enterprise roaming in the same mobility domain without any
manual key configuration (aside from radius credentials)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 704ab6a002)
Using a pointer one lifter after it freed is not the best idea.
Let's not do that.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry-picked from commit 63c01ad025)
This implements the mapping recommendations from RFC8325, with an
update from RFC8622. This ensures that DSCP marked packets are properly
sorted into WMM classes.
The map can be disabled by setting iw_qos_map_set to something invalid
like 'none'
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit a5e3def182)
This feature is useful on its own even without full interworking support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit efff3520f4)
Both hostapd and netifd attempt to add a VLAN device to a bridge.
Depending on which one wins the race, bridge vlan settings might be incomplete,
or hostapd might run into an error and refuse to service the client.
Fix this by preventing hostapd from adding interfaces to the bridge and
instead rely entirely on netifd handling this properly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit da4be02fcd)
(cherry-picked from commit 63c01ad025)
When using htmode 'HE20' with a radio mode that uses wpa-supplicant
(like mesh or sta), it will default to 40 MHz bw if disable_ht40 is not
set. This commit fixes this behaviour.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
(cherry-picked from commit af83e3ce0f)
Use the VLAN interface instead of the bridge, to ensure that hostapd receives
untagged DHCP packets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 7b46377a0c)
(cherry-picked from commit f1b98fa4fa)
In setups using VLAN bridge filtering, hostapd may need to communicate using
a VLAN interface on top of the bridge, instead of using the bridge directly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 305c1b8d74)
- add functionality to configure RADIUS NAS-Id and Operator-Name
- add functionality to configure RADIUS accounting interval
- enable RADIUS "Chargeable User Identity"
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 3bd6c8c728)
Airtime policy configuration is extremely useful in multiple BSS scenarios.
Since nowadays most people configure both private and guest networks (at
least), it makes sense to enable it by default, except for the most limited
of the variants.
Size of the hostapd-basic-openssl binary (mipsel 24Kc -O2):
543944 bytes (airtime policy disabled)
548040 bytes (airtime policy enabled)
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Acked-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit d38f456582)
netifd is responsible for handling that, except if the vlan bridge
was provided by the config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit cf45caeff1)
No functional changes, just some renames to make it easier to keep mt76 in
sync with upstream
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit e62c550470)
(cherry-picked from commit a889dcd3f2)
Required for an upcoming mt76 update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 978e822db3)
(cherry-picked from commit af9d31aacc)
This is needed for an upcoming mt76 update
also sync iw nl80211 with kernel backports
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 2bfac61483)
(cherry-picked from commit 36019ed589)
Improves airtime fairness, especially for devices with larger firmware buffers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit a5888ad6b3)
On systems using brmcfmac (e.g. Raspberry Pi Zero W) without this fix,
the final setup-call:
iw dev wlan0 ibss join ...
fails with returncode 161 and message:
"command failed: Not supported (-95)"
So this patch calls an explicit:
iw dev wlan0 set type ibss
just prior to the 'ibss join' command.
I have tested several ath9k and mt76xx devices
with different revisions: this patch does not harm.
please also apply to stable branch.
Signed-off-by: Bastian Bittorf <bb@npl.de>
(cherry-picked from commit ea5fce3f46)
In some cases, spurious failures might be cleared by teardown and retry
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 42dda0ed3e)
The channel offset used for VHT segment calculation was missing for HT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit a0d81ba0d5)
Some drivers advertise it, but it's not supported at the moment
Reported-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 42a99b18ff)
The colon does not directly follow the "VHT Capabilities" string
Reported-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 3518b793a2)
Emit the new band option instead of hwmode
Support 6 GHz band and HE options
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 8504212f65)
Use it to look up frequencies only in the configured band to better deal
with channel number overlap
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 8b8c1cb09b)
This increases the size of the iw_5.9-8fab0c9e-3_mips_24kc.ipk from
41166 to 41942 bytes by 776 bytes.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
(cherry-picked from commit 9df7eadcfd)
At least since gcc 7.3.0 (OpenWrt 18.06) lwr/lwl are used in the
assembly of LzmaProps_Decode. While the decission made by the compiler
looks perfect fine, it triggers some obscure hang on lantiq danube-s
v1.5 with MX29LV640EB NOR flash chips.
Only if the offset 1 is used, the hang can be observed. Using any other
offset works fine:
lwl s0,0(a1) - s0 == 0x6d000080
lwl s0,1(a1) - hangs
lwl s0,2(a1) - s0 == 0x0080xxxx
lwl s0,3(a1) - s0 == 0x80xxxxxx
It isn't clear whether it is a limitation of the flash chip, the EBU or
something else.
Force 8bit reads to prevent gcc optimizing the read with lwr/lwl
instructions.
Signed-off-by: Mathias Kresin <dev@kresin.me>
e983a25 Update regulatory rules for Ecuador (EC)
a0bcb88 wireless-regdb: Update regulatory rules for Norway (NO) on 6 and 60 GHz
cdf854d wireless-regdb: Update regulatory rules for Germany (DE) on 6GHz
86cba52 wireless-regdb: reduce bandwidth for 5730-5850 and 5850-5895 MHz in US
6fa2384 wireless-regdb: remove PTMP-ONLY from 5850-5895 MHz for US
9839e1e wireless-regdb: recent FCC report and order allows 5850-5895 immediately
42dfaf4 wireless-regdb: update 5725-5850 MHz rule for GB
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit dbb4c47798)
Per FHS 3.0, /var/lock is the location for lock files [1].
However its current permissions (755) are too restrictive
for use by unprivileged processes.
Debian and Ubuntu set them to 1777, and now so do we.
[1] <https://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html#varlockLockFiles>
Signed-off-by: Deomid Ryabkov <rojer@rojer.me>
[fixed typo in commit message, had to remove "rojer" due to git hooks]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 430f691943)
This enables building of rpcapd and adds it as a package.
It is a daemon that allows remote packet capturing from another machine.
E.g. Wireshark can talk to it using the Remote Capture Protocol (RPCAP).
https://www.tcpdump.org/manpages/rpcapd.8.html
Compile and run tested:
OpenWrt 21.02.0-rc4 r16256-2d5ee43dc6 on x86/64 and mvebu/cortexa9
Signed-off-by: Stephan Schmidtmer <hurz@gmx.org>
(cherry picked from commit 891c8676a1)
OpenWrt's special gpio-button-hotplug driver is still using
exclusively the legacy GPIO Subsystem gpio_ API.
While it still does work fine for most devices, upstream
linux is starting to convert platform support like that of
the APU2/3/4 to the new GPIOD LOOKUP tables that are not
supported by it.
Hence, this patch replaces the gpio_ calls present in
gpio-button-hotplug with gpiod_ equivalent wherever
it's possible. This allows the driver to use the
gpiod lookup tables and still have a fallback for
legacy platform data code that just sets button->gpio
set to the real button/switch GPIO.
As a bonus: the active_low logic is now being handled
by the linux's gpio subsystem too. Another issue that
was address is the of_handle leak in the dt parser
error path.
Tested with legacy platform data: x86_64: APU2, MX-100
Tested on OF: ATH79; MR18, APM821xx: Netgear WNDR4700,
RAMIPS: WL-330N3G
LANTIQ: AVM FritzBox 7360v1
Reported-by: Chris Blake <chrisrblake93@gmail.com>
Tested-by: Chris Blake <chrisrblake93@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 2b0378cf9f)
When doing parallel build on a fast machine with bottleneck in i/o,
m_xt.so may start linking faster than dynsyms.list gets populated,
resulting in error:
ld:dynsyms.list:0: syntax error in dynamic list
Fix this by adding dynsyms.list as make dependency to m_xt.so
Described also here:
https://bugs.openwrt.org/index.php?do=details&task_id=3353
Change from v1:
- add dynsysms.list dependancy only when shared libs are enabled
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Fixes: FS#3353
(cherry-picked from commit edd53df168)
fixing linking error when --enable-devcrypto=yes
fixes: 7d92bb0509 wolfssl: update to 4.8.1-stable
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit be3e260f92)
It's the default anyway and this just looks confusing, as if it wasn't.
Switch to AUTORELEASE while at it.
The binary size is unchanged.
Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 7cb5af30f4)
This gates out anything that might introduce semantically frivolous jitter,
maximizing chance of identical object files.
The binary size shrinks by 8kb:
1244352 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit c76300707e)
Changes from 4.7.0:
Fix one high (OCSP verification issue) and two low vulnerabilities
Improve compatibility layer
Other improvements and fixes
For detailed changes refer to https://github.com/wolfSSL/wolfssl/releases
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 7d92bb0509)
[Added patch to allow compilation with libtool 2.4]
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Backport upstream patch to fix build with GCC 10 on 32 x86 targets.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 718a4f4780)
They're preferred terminal descriptions for tmux, with additional support to
some special characters and italic fonts. More info can be found at:
https://github.com/tmux/tmux/wiki/FAQ
Fixes: FS#3404
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
(cherry picked from commit 917126ff4c)
The terminfo is required by the popular terminal multiplexer screen and
tmux, offer it by default as the size impact is minimal with 885 Bytes.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 6a6b5a677e)
The terminfo files were all in one row which is terrible to read.
Split them over multiple lines to improve readability.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 75ea474b90)
Add in a fix for 160Mhz dfs on 5.10 and higher.
Add support for 5.13 and 5.15 kernels.
Add of_get_mac_address support for 5.15 driver.
Signed-off-by: Andrew Robbins <andrew@robbinsa.me>
(cherry picked from commit 1d2bc94f78)
"Alternate certification chains, as oppossed to requiring full chain
validataion. Certificate validation behavior is relaxed, similar to
openssl and browsers. Only the peer certificate must validate to a trusted
certificate. Without this, all certificates sent by a peer must be
used in the trust chain or the connection will be rejected."
This fixes e.g. uclient-fetch and curl connecting to servers using a Let's
Encrypt certificate which are cross-signed by the now expired
DST Root CA X3, see [0].
This is the recommended solution from upstream [1].
The binary size increases by ~12.3kb:
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1248704 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
[0] https://github.com/openwrt/packages/issues/16674
[1] https://github.com/wolfSSL/wolfssl/issues/4443#issuecomment-934926793
Signed-off-by: Andre Heider <a.heider@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 28d8e6a871)
Make the organization (O=) of the cert configurable via uci. If not
configured, use a combination of "OpenWrt" and an unique id like it was
done before.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit 2c6c1501af)
The official Plasma Cloud firmware adjusted the BDFs to contain new
conformance test limits and target power values. These should be imported
to avoid emissions outside the allowed limits.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit e0721608f9)
In hostapd_ubus_add_bss(), ubus objects are not registered for mesh
interfaces. This provokes a segfault when accessing the ubus object in
mesh deinit.
This commit adds the same condition to hostapd_ubus_free_bss() for
discarding those mesh interfaces.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
(cherry picked from commit 5269c47e8d)
This version fixes two vulnerabilities:
- SM2 Decryption Buffer Overflow (CVE-2021-3711)
Severity: High
- Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
Severity: Medium
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7119fd32d3)
Backport a patch from upstream U-Boot to fix the compile with host GCC 10.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8d143784cb)
Backport a patch from upstream U-Boot to fix the compile with host GCC 10.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a1034afba8)
Installing headers and static libraries to the target system seems
to be not required for most use cases, so let's factor them
out into a dedicated -dev package.
This cuts down to disk usage to around 50% of the original
package to ~ 2MB - not that disk space is an issue normally,
but when using inside an initramfs only project, it counts.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
When having two keys that start with the same characters and the second
key just has one character more nand_tffs_read and tffs_read return the
wrong value for the longer key. This is due to the usage of strncmp in
combination with the length of the shorter key which is usually first in
the list before the longer key and when strncmp matches, the search is
stopped. The problem only occurs when the length of the two keys is
different, not if just the last character is different. The fix is to
use strcmp and as such it will only return the value if the key (name)
and the key to look for (namefilter) have the same value and length. A
sample case returning wrong values is when keys macwlan and macwlan2 are
defined and querying macwlan2 returns the value for macwlan.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
(cherry picked from commit 12564c5b86)
EXTRA_MOUNT variable should be reset in dnsmasq_start() rather than
just once at the beginning of the script.
Fixes: ac4e8aa2f8 ("dnsmasq: fix more dnsmasq jail issues")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ddc8d085f3)
* remove superflus mounts of /dev/null and /dev/urandom
* reset EXTRA_MOUNTS at the beginning of the script
* add mount according to ignore_hosts_dir
* don't add mount for file which is inside a directory already in the
EXTRA_MOUNTS list
Fixes: 59c63224e1 ("dnsmasq: rework jail mounts")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ac4e8aa2f8)
* split into multiple lines to improve readability
* use EXTRA_MOUNT for addnhosts instead of blindly adding /tmp/hosts
* remove no longer needed mount for /sbin/hotplug-call
* add dhcp-script.sh dependencies (jshn, ubus)
Fixes: 3a94c2ca5c ("dnsmasq: add /tmp/hosts/ to jail_mount")
Fixes: aed95c4cb8 ("dnsmasq: switch to ubus-based hotplug call")
Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 59c63224e1)
'--local' is a synonym for '--server' so let's use '--local' in the
resultant config file for uci's 'local' instead of uci's local
parameter being turned into '--server'. Slightly less confusion all
round.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit e4cfefa9fc)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When running multiple instances of dnsmasq, for example one being for the lan
and another for a guest network, it might not be desirable to have the same dns names
configured in both networks
Signed-off-by: João Henriques <joaoh88@gmail.com>
(cherry picked from commit e8a5670122)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
85f01c44a950 bridge: check bridge port vlan membership on link-up events
17e453bd68b4 wireless: add back regular virtual interfaces on hotplug-add events as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 2801fe6132)
Currently, when using multiple dnsmasq instances they are all assigned
to the same Ubus instance name. This does not work, as only a single
instance can register with Ubus at a time. In the log, this leads to
`Cannot add object to UBus: Invalid argument` error messages.
Furthermore, upstream 3c93e8eb41952a9c91699386132d6fe83050e9be changes
behaviour so that instead of the log, dnsmasq exits at start instead.
With this patch, all dnsmasq instances are assigned unique names so that
they can register with Ubus concurrently. One of the enabled instances
is always assigned the previous default name "dnsmasq" to avoid breaking
backwards compatibility with other software relying on that default.
Previously, a random instance got assigned that name (while the others
produced error logs). Now, the first unnamed dnsmasq config section is
assigned the default name. If there are no unnamed dnsmasq sections the
first encountered named dnsmasq config section is assigned instead.
A similar issue exists for Dbus and was similarly addressed.
Signed-off-by: Etan Kissling <etan.kissling@gmail.com>
[tweaked commit message] dnsmasq was not crashing it is exiting
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit ba5bd8e556)
Programs like the olsr-name-plugin write hostname files to "/tmp/hosts/".
If you don't add this to the jail_mount, dnsmasq can't read it anymore.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 3a94c2ca5c)
61a71e5e49c3 bridge: dynamically create vlans for hotplug members
cb6ee9608e10 bridge: fix dynamic delete of hotplug vlans
7f199050f395 wireless: pass the real network ifname to the setup script
50381d0a2998 bridge: allow adding/removing VLANs to configured member ports via hotplug
f12b073c0cc3 wireless: add some comments to functions
b0d090688302 bridge: fix setting pvid for updated vlans
ff3764ce28e0 device: move hotplug handling logic from system-linux.c to device.c
16bff892f415 ubus: add a dummy mode ubus call to simulate hotplug events
7f30b02013f2 examples: make dummy wireless vif names shorter
013a1171e9b0 device: do not treat devices with non-digit characters after . as vlan devices
f037b082923a wireless: handle WDS per-sta devices
db0fa24e1c17 bridge: fix enabling hotplug-added VLANs on the bridge port
4e92ea74273f bridge: bring up pre-existing vlans on hotplug as well
1f283c654aeb bridge: fix hotplug vlan overwrite on big-endian systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 1236cbe30c)
Backport upstream patch a0a0e02 ("iwinfo: rename hardware.txt to devices.txt")
and split devices.txt (former hardware.txt) into a common libiwinfo-data
package to allow different libiwinfo versions to coexist without file
clashes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit c13d7c82aa)
In the aftermath of the KRACK attacks, hostapd gained an AP-side workaround
against WNM-Sleep Mode GTK/IGTK reinstallation attacks. WNM Sleep Mode is not
enabled by default on OpenWrt, but it is configurable through the option
wnm_sleep_mode. Thus, make the AP-side workaround configurable as well by
exposing the option wnm_sleep_mode_no_keys. If you use the option
wpa_disable_eapol_key_retries and have wnm_sleep_mode enabled, you might
consider using this workaround.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[bump PKG_RELEASE]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit bf98faaac8)
The country3 option in hostapd.conf allows the third octet of the country
string to be set. It can be used e.g. to indicate indoor or outdoor use (see
hostapd.conf for further details). Make this option configurable but optional
in OpenWrt.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[bump PKG_RELEASE, rebase]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 9f09c1936a)
Signed-off-by: Paul Spooren <mail@aparcar.org>
Drop support for building the obsolete broadcom-wl backend and always
forcibly enable the nl82011 support. This allows us to make the package
shared again since no target specific compilation is happening anymore.
This will solve various repository coherency issues related to unavailable
libiwinfo versions in the long run.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 5a1065758b)
This partially reverts changes done in commit 72cc44958e ("treewide:
mark selected packages nonshared") as it removes the nonshared flag, but
keeps the PKG_RELEASE as the PKG_RELEASE bump while adding nonshared
flag was incorrect.
Unmark uci, ubus, libubox, lua, libnl-tiny and libjson-c as nonshared
packages as this fix attempt didn't worked out. Currently the
imagebuilder is broken again:
openwrt-imagebuilder-21.02.0-rc3-ipq40xx-generic.Linux-x86_64$ make image PROFILE=avm_fritzbox-7530 PACKAGES=luci-ssl-openssl
...
Collected errors:
* pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for luci-mod-status
* pkg_hash_fetch_best_installation_candidate: Packages for luci-mod-status found, but incompatible with the architectures configured
* pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for rpcd-mod-iwinfo
* pkg_hash_fetch_best_installation_candidate: Packages for rpcd-mod-iwinfo found, but incompatible with the architectures configured
* satisfy_dependencies_for: Cannot satisfy the following dependencies for luci-ssl-openssl:
* libiwinfo20210430
* opkg_install_cmd: Cannot install package luci-ssl-openssl.
Everything because iwinfo's ABI was changed two times since rc3 release:
+IWINFO_ABI_VERSION:=20210430
+IWINFO_ABI_VERSION:=20210420
Since iwinfo is marked as nonshared, it wasn't built by phase2 builders, but
luci-mod-status was already updated 2 times since rc3 and was thus rebuilt by
phase2 builders:
d1d452ed2fb3 luci-mod-status: don't set '-' hostname when creating static lease
95b3633055c1 luci-mod-status: switch to html table for wlan channel analysis
So now luci-mod-status depends on libiwinfo20210430 but only
libiwinfo20210106 can be downloaded. This is first part of the fix, in
the upcoming commit Jo is going to remove nonshared flag from iwinfo
package as well.
References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035736.html
References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035741.html
Acked-by: Jo-Philipp Wich <jo@mein.io>
Reported-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8307da3dbd)
As the name suggests, act_gact has the generic actions such as dropping
and accepting packets, so move it into kmod-sched-core.
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
(cherry-picked from commit 10aacb9a6c)
This script was expecting only add/remove events which has not been the
case since Kernel 4.12 (which added bind/unbind). Bind events were getting
treated as remove events which would cause hotplugged 3g modems to not
work.
More info:
https://lkml.org/lkml/2018/12/23/128https://github.com/systemd/systemd/issues/8221
Signed-off-by: Arjun AK <arjunak234@gmail.com>
(cherry picked from commit 89ef883b92)
commit 5edbd390d321532d9a697d6895a1a7c71c40bd5d rearranged the
"wifi up" code.
This commit tidies up the "wifi reconf" code so as to
keep it aligned with the "wifi up" code.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit e8b5429609)
"/sbin/wifi up" makes three ubus calls:
1. ubus call network reload
2. ubus call network.wireless down
3. ubus call network.wireless up
The first and third ubus calls call drv_mac80211_setup,
while the second ubus call triggers wireless_device_setup_cancel,
so the call sequence becomes,
1. drv_mac80211_setup
2. wireless_device_setup_cancel
3. drv_mac80211_setup
This commit swaps the order of the first two ubus calls,
1. ubus call network.wireless down
2. ubus call network reload
3. ubus call network.wireless up
Consequently drv_mac80211_setup is only called once,
and two related bugs (#FS3784 and #FS3902) are no longer triggered
by /sbin/wifi.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit b82cc80713)
drv_mac80211_teardown fails silently if the device to be torn down is
not defined. This commit prints an error message.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit 3933e29d1b)
When wifi is turned off, drv_mac80211_teardown sometimes fails (silently)
because the device to be torn down is not defined.
This situation arises if drv_mac80211_setup was called twice when
wifi was turned on.
This commit ensures that the device to be torn down is always defined
in drv_mac80211_teardown.
Steps to reproduce:
1) Use /sbin/wifi to turn on wifi.
uci set wireless.@wifi-iface[0].disabled=0
uci set wireless.@wifi-device[0].disabled=0
uci commit
wifi
2) Use /sbin/wifi to turn off wifi.
uci set wireless.@wifi-device[0].disabled=1
uci commit
wifi
3) Observe that wifi is still up.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit d515f6b6cd)
If drv_mac80211_setup is called twice with the same wifi configuration,
then the second call returns early with error HOSTAPD_START_FAILED.
(wifi works nevertheless, despite the fact that setup is incomplete. But
"ubus call network.wireless status" erroneously reports that radio0 is down.)
The relevant part of drv_mac80211_setup is,
if [ "$no_reload" != "0" ]; then
add_ap=1
ubus wait_for hostapd
local hostapd_res="$(ubus call hostapd config_add "{\"iface\":\"$primary_ap\", \"config\":\"${hostapd_conf_file}\"}")"
ret="$?"
[ "$ret" != 0 -o -z "$hostapd_res" ] && {
wireless_setup_failed HOSTAPD_START_FAILED
return
}
wireless_add_process "$(jsonfilter -s "$hostapd_res" -l 1 -e @.pid)" "/usr/sbin/hostapd" 1 1
fi
This commit sets no_reload = 0 during the second call of drv_mac80211_setup.
It is perhaps worth providing a way to reproduce the situation
where drv_mac80211_setup is called twice.
When /sbin/wifi is used to turn on wifi,
uci set wireless.@wifi-iface[0].disabled=0
uci set wireless.@wifi-device[0].disabled=0
uci commit
wifi
/sbin/wifi makes the following ubus calls,
ubus call network reload
ubus call network.wireless down
ubus call network.wireless up
The first and third ubus calls both call drv_mac80211_setup,
while the second ubus call triggers wireless_device_setup_cancel.
So the call sequence becomes,
drv_mac80211_setup
wireless_device_setup_cancel
drv_mac80211_setup
In contrast, when LuCI is used to turn on wifi only a single call
is made to drv_mac80211_setup.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit a29ab3b79a)
Call rate control handler after intermediate queueuing
Includes follow-up fixes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
cherry-picked from commits:
- 7dd8829ef9
- a603e82dd3
- 8bb4437c01
sysntpd server becomes unavailable if the index of the bound
interface changes. So let's add an interface trigger to reload sysntpd.
This patch also adds the ability for the sysntpd script to handle
uci interface name from configuration.
Fixes: 4da60500ebd2 ("busybox: sysntpd: option to bind server to iface")
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 88114f617a)
NTPD in busybox has option -I to bind server to IFACE.
However, capabilities of the busybox are limited, the -I option cannot be
repeated and only one interface can be effectively specified in it.
This option is currently not configurable via UCI.
The patch adds an interface option to the system config, ntp section.
Also sort options for uci_load_validate alphabetically.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
(cherry picked from commit e12fcf0fe5)
Prerequisite patch:
Correct a typo in the Changelog and clean up a stray file
Fix changes in libusb which introduced a regression:
Commit e2be556bd2 ("linux_usbfs: Parse config descriptors during device
initialization") introduced a regression for devices with multiple
configurations. The logic that verifies the reported length of the
configuration descriptors failed to count the length of the
configuration descriptor itself and would truncate the actual length by
9 bytes, leading to a parsing error for subsequent descriptors.
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
(cherry picked from commit 4b37e3bc2b)
The zoneinfo packages are not installed per default so neither
/tmp/localtime nor /tmp/TZ is generated.
This patch mostly reverts the previous fix and instead incooperates a
solution suggested by Jo.
Fixes "base-files: fix zoneinfo support " 8af62ed
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 56bdb6bb97)
The system init script currently sets /tmp/localinfo when zoneinfo is
populated. However, zoneinfo has spaces in it whereas the actual files
have _ instead of spaces. This made the if condition never return true.
Example failure when removing the if condition:
/tmp/localtime -> /usr/share/zoneinfo/America/Los Angeles
This file does not exist. America/Los_Angeles does.
Ran through shfmt -w -ci -bn -sr -s
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 8af62ede18)
Major changes are:
Avoid page allocation failure from upcase table allocation.
Add support for FITRIM.
Improve write perofmrance on dirsync mount.
Improve lookup perofmrance.
Fix a bug on discard mount.
Switch to AUTORELEASE to avoid having to bump it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Some interfaces have a VLAN modifier like :t in lan1:t, this modifier
should be removed from the interface before calling preinit_ip_config().
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 790561d510)
Adapt the preinit_config_board() to the board.json network changes. It
now looks for the device and the ports variables to configure the LAN
network.
This works with swconfig configurations.
Fixes: FS#3866
Fixes: d42640e389 ("base-files: use "ports" array in board.json network for bridges")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 467cd378db)
Commit 0a7657c ("hostapd: add channel utilization as config option") added the
two new uci options bss_load_update_period and chan_util_avg_period. However,
the corresponding "config_add_int" calls for these options weren't added, so
attempting to actually use these options and change their values is bound to
fail - they always stay at their defaults. Add the missing code to actually
make these options work.
Fixes: 0a7657c ("hostapd: add channel utilization as config option")
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(cherry picked from commit 85ce590705)
Fixes: 125deb4d78 ("base-files: set MAC for bridge ports (devices) instead of bridge itself")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 946019637e)
This restores the original config_generate behaviour. With MAC set for
bridged devices the bridge automatically gets its MAC adjusted (it picks
the lowest MAC of bridged devices).
This fixes confusing interfaces setup (bridge ports not having custom
MAC assigned).
Reported-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Fixes: c2139eef27 ("base-files: simplify setting device MAC")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c8d8eb9d13)
Since upstream commit 6467de5a8840 ("Randomize z ordinates in
scalar mult when timing resistant") WolfSSL requires a RNG for
the EC key when built hardened which is the default.
Set the RNG for the EC key to fix connections for OWE clients.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit ddcb970274)
Since commit 6467de5a8840 ("Randomize z ordinates in scalar
mult when timing resistant") wolfssl requires a RNG for an EC
key when the hardened built option is selected.
wc_ecc_set_rng is only available when built hardened, so there
is no safe way to install the RNG to the key regardless whether
or not wolfssl is compiled hardened.
Always export wc_ecc_set_rng so tools such as hostapd can install
RNG regardless of the built settings for wolfssl.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit ef9b103107)
commit 50413e1ec8 replaced ifconfig
with ip. In order to set a link state to up, the interface needs
to be added first.
Fixes: FS#3754
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
[Add Fixes tag]
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 23c3bab920)
We need to skip sampling if the next sample time is after jiffies, not before.
This patch fixes an issue where in some cases only very little sampling (or none
at all) is performed, leading to really bad data rates
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes `iw dev wlan0-mesh station dump`.
8fab0c9 iw: fix ftm_request missing arguments segfault
e816fbc iw: fix mgmt dump missing arguments segfault
5d9d1b8 iw: Fix timestamp output on 32-bit architectures
4b25ae3 iw: fix pointer arithmetic in __print_he_capa
c3df363 iw: add option to print human readable event time
cd64525 iw: print ctrl port tx status event
0ba98b9 iw: use correct type in policy check for mesh
9e38dee iw: scan: fixup HE caps whitespace
17e8564 iw: scan: parse HE capabilities
5735e58 iw: util: factor out HE capability parser
6d8d507 iw: scan: add extension tag parsing
b4e1ec4 man: update wikipage URL, reformat SEE ALSO section
c56036a iw: enable 80MHz support for 6GHz band 11s mesh
fa72728 iw: handle positive error codes gracefully
7ba9093 iw: scan: add flag for scanning colocated ap
5ec60ed iw: Add 'coloc' and 'flush' options to sched_scan
f8ade75 iw: update wikipage URL
b6f2dac iw: Add support for specifying the 160MHz bandwidth when setting the channel/frequency
Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry-picked from commit b5420dd710)
bddc1db76d0f mt76: mt7915: drop the use of repeater entries for station interfaces
3c90f35dddac mt76: mt7915: add thermal sensor device support
afab0e8202ff mt76: mt7915: add thermal cooling device support
41cf02184699 mt76: mt7615: add thermal sensor device support
2ac6b8762565 mt76: connac: update BA win size in Rx direction
ddb301127291 mt76: mt7921: fix reset under the deep sleep is enabled
e4cbefd1d69a mt76: mt7921: avoid unnecessary consecutive WiFi resets
393eea2034d7 mt76: mt7921: fix invalid register access in wake_work
a15d46407ffa mt76: mt7921: fix OMAC idx usage
e4d267d8e900 mt76: mt7921: enable runtime pm by default
50fd8ce2412a mt76: connac: add bss color support for sta mode
e29058c3c860 mt76: mt7921: return proper error value in mt7921_mac_init
c89c8c347b1e mt76: mt7921: do not schedule hw reset if the device is not running
9f7bb428e587 mt76: mt7921: reset wfsys during hw probe
22ea365913b5 mt76: mt7915: add .offset_tsf callback
ad91f8e8e494 mt76: mt7615: add .offset_tsf callback
6f871f35e3c1 mt76: mt7915: use mt7915_mcu_get_txpower_sku() to get per-rate txpower
597b68b7daa3 mt76: mt7615: remove useless if condition in mt7615_add_interface()
3945264468eb mt76: testmode: fix memory leak in mt76_testmode_alloc_skb
bdcc57a11606 mt76: testmode: remove unnecessary function calls in mt76_testmode_free_skb
a9763452601d mt76: testmode: remove undefined behaviour in mt76_testmode_alloc_skb
4aef2a2be464 mt76: mt7615: fix potential overflow on large shift
d9dd7635b055 mt76: mt7915: use mt7915_mcu_get_mib_info() to get survey data
d740e921758a mt76: mt7921: introduce mac tx done handling
259ddfc7cb73 mt76: mt7921: update statistic in active mode only
757b93f4b179 mt76: mt7921: remove leftover 80+80 HE capability
1fcff599b2e1 mt76: allow hw driver code to overwrite wiphy interface_modes
c55c22e39b7d mt7915: update firmware to 2020110522
10548aef1f45 mt76: mt7915: improve error recovery reliability
ed6b0c79820c mt76: mt7921: set MT76_RESET during mac reset
321443258bea mt76: move mt76_rates in mt76 module
d1652e8af9e1 Revert "mt76: connac: do not schedule wake_work if the runtime-pm is disabled"
4f4cab39ed9f mt76: mt7915: read all eeprom fields from fw in efuse mode
71450535f164 mt76: mt7921: enable hw offloading for wep keys
833d577e430c mt76: mt7921: remove mt7921_get_wtbl_info routine
67b7a22d2b99 mt76: mt7921: enable random mac address during sched_scan
cf1ff7bf4f1b mt76: mt7915: setup drr group for peers
ef2f7aa8745f mt76: mt7615: update radar parameters
b9f09f530223 mt76: mt7915: fix MT_EE_CAL_GROUP_SIZE
22b690334c0f mt76: mt7915: do not fail if the cooling device could not be registered
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 3c46ba053d)
Don't bail out from init script in case the GPS device is missing.
Some modems take time to come up, and some people may use things like
'kplex' to feed ugpsd. Hence it is better to always start ugpsd
unconditionally and let procd's respawn take care of retrying.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3d026d2425)
86ee86e nmea: parse $GPZDA sentences for date/time
8e12414 nmea: parse $GPGLL sentences for position
5e88403 ubus: display only available information
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3a8b75b569)
Mark uci, ubus, libubox, lua, libnl-tiny and libjson-c
as nonshared packages. This helps to keep coherent dependencies
if these ABI versioned packages are later updated.
Before this commit it is possible to get missing dependencies
in target-specific nonshared packages (like iwinfo) that depend
on these shared ABI versioned packages. If these are later updated
and rebuilt, only the new ABI version will be available for download,
while the target-specific packages in releases continue to depend on
the old ABI version.
After this commit the packages are built along the other nonshared
packages by the phase1 images buildbot and will be available at the
target/ download directories instead of packages/base dir. That will
help to keep a coherent set available.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 72cc44958e)
Specifications:
- SoC: MT7621AT
- RAM: 256MB
- Flash: 128MB NAND
- Ethernet: 5 Gigabit ports
- WiFi: 2.4G/5G MT7615N
- USB: 1 USB 3.0, 1 USB 2.0
This device is very similar to the EA7300 v1/v2 and EA7500 v2.
Installation:
Upload the generated factory image through the factory web interface.
(following part taken from EA7300 v2 commit message:)
This might fail due to the A/B nature of this device. When flashing, OEM
firmware writes over the non-booted partition. If booted from 'A',
flashing over 'B' won't work. To get around this, you should flash the
OEM image over itself. This will then boot the router from 'B' and
allow you to flash OpenWRT without problems.
Reverting to factory firmware:
Hard-reset the router three times to force it to boot from 'B.' This is
where the stock firmware resides. To remove any traces of OpenWRT from
your router simply flash the OEM image at this point.
With thanks to Leon Poon (@LeonPoon) for the initial bringup.
Signed-off-by: Tee Hao Wei <angelsl@in04.sg>
[add missing entry in 10_fix_wifi_mac]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit b232680f84)
Amped Wireless ALLY is a whole-home WiFi kit, with a router (model
ALLY-R1900K) and an Extender (model ALLY-00X19K). Both are devices are
11ac and based on MediaTek MT7621AT and MT7615N chips. The units are
nearly identical, except the Extender lacks a USB port and has a single
Ethernet port.
Specification:
- SoC: MediaTek MT7621AT (2C/4T) @ 880MHz
- RAM: 128MB DDR3 (Nanya NT5CC64M16GP-DI)
- FLASH: 128MB NAND (Winbond W29N01GVSIAA)
- WiFi: 2.4/5 GHz 4T4R
- 2.4GHz MediaTek MT7615N bgn
- 5GHz MediaTek MT7615N nac
- Switch: SoC integrated Gigabit Switch
- USB: 1x USB3 (Router only)
- BTN: Reset, WPS
- LED: single RGB
- UART: through-hole on PCB.
J1: pin1 (square pad, towards rear)=3.3V, pin2=RX,
pin3=GND, pin4=TX. Settings: 57600/8N1.
Note regarding dual system partitions
-------------------------------------
The vendor firmware and boot loader use a dual partition scheme. The boot
partition is decided by the bootImage U-boot environment variable: 0 for
the 1st partition, 1 for the 2nd.
OpenWrt does not support this scheme and will always use the first OS
partition. It will set bootImage to 0 during installation, making sure
the first partition is selected by the boot loader.
Also, because we can't be sure which partition is active to begin with, a
2-step flash process is used. We first flash an initramfs image, then
follow with a regular sysupgrade.
Installation:
Router (ALLY-R1900K)
1) Install the flashable initramfs image via the OEM web-interface.
(Alternatively, you can use the TFTP recovery method below.)
You can use WiFi or Ethernet.
The direct URL is: http://192.168.3.1/07_06_00_firmware.html
a. No login is needed, and you'll be in their setup wizard.
b. You might get a warning about not being connected to the Internet.
c. Towards the bottom of the page will be a section entitled "Or
Manually Upgrade Firmware from a File:" where you can manually choose
and upload a firmware file.
d: Click "Choose File", select the OpenWRT "initramfs" image and click
"Upload."
2) The Router will flash the OpenWrt initramfs image and reboot. After
booting, LuCI will be available on 192.168.1.1.
3) Log into LuCI as root; there is no password.
4) Optional (but recommended) is to backup the OEM firmware before
continuing; see process below.
5) Complete the Installation by flashing a full OpenWRT image. Note:
you may use the sysupgrade command line tool in lieu of the UI if
you prefer.
a. Choose System -> Backup/Flash Firmware.
b. Click "Flash Image..." under "Flash new firmware image"
c. Click "Browse..." and then select the sysupgrade file.
d. Click Upload to upload the sysupgrade file.
e. Important: uncheck "Keep settings and retain the current
configuration" for this initial installation.
f. Click "Continue" to flash the firmware.
g. The device will reboot and OpenWRT is installed.
Extender (ALLY-00X19K)
1) This device requires a TFTP recovery procedure to do an initial load
of OpenWRT. Start by configuring a computer as a TFTP client:
a. Install a TFTP client (server not necessary)
b. Configure an Ethernet interface to 192.168.1.x/24; don't use .1 or .6
c. Connect the Ethernet to the sole Ethernet port on the X19K.
2) Put the ALLY Extender in TFTP recovery mode.
a. Do this by pressing and holding the reset button on the bottom while
connecting the power.
b. As soon as the LED lights up green (roughly 2-3 seconds), release
the button.
3) Start the TFTP transfer of the Initramfs image from your setup machine.
For example, from Linux:
tftp -v -m binary 192.168.1.6 69 -c put initramfs.bin
4) The Extender will flash the OpenWrt initramfs image and reboot. After
booting, LuCI will be available on 192.168.1.1.
5) Log into LuCI as root; there is no password.
6) Optional (but recommended) is to backup the OEM firmware before
continuing; see process below.
7) Complete the Installation by flashing a full OpenWRT image. Note: you
may use the sysupgrade command line tool in lieu of the UI if you prefer.
a. Choose System -> Backup/Flash Firmware.
b. Click "Flash Image..." under "Flash new firmware image"
c. Click "Browse..." and then select the sysupgrade file.
d. Click Upload to upload the sysupgrade file.
e. Important: uncheck "Keep settings and retain the current
configuration" for this initial installation.
f. Click "Continue" to flash the firmware.
g. The device will reboot and OpenWRT is installed.
Backup the OEM Firmware:
-----------------------
There isn't any downloadable firmware for the ALLY devices on the Amped
Wireless web site. Reverting back to the OEM firmware is not possible
unless we have a backup of the original OEM firmware.
The OEM firmware may be stored on either /dev/mtd3 ("firmware") or
/dev/mtd6 ("oem"). We can't be sure which was overwritten with the
initramfs image, so backup both partitions to be safe.
1) Once logged into LuCI, navigate to System -> Backup/Flash Firmware.
2) Under "Save mtdblock contents," first select "firmware" and click
"Save mtdblock" to download the image.
3) Repeat the process, but select "oem" from the pull-down menu.
Revert to the OEM Firmware:
--------------------------
* U-boot TFTP:
Follow the TFTP recovery steps for the Extender, and use the
backup image.
* OpenWrt "Flash Firmware" interface:
Upload the backup image and select "Force update"
before continuing.
Signed-off-by: Jonathan Sturges <jsturges@redhat.com>
(cherry picked from commit 6d23e474ad)
The ZyXEL NR7101 is an 802.3at PoE powered 5G outdoor (IP68) CPE
with integrated directional 5G/LTE antennas.
Specifications:
- SoC: MediaTek MT7621AT
- RAM: 256 MB
- Flash: 128 MB MB NAND (MX30LF1G18AC)
- WiFi: MediaTek MT7603E
- Switch: 1 LAN port (Gigabiti)
- 5G/LTE: Quectel RG502Q-EA connected by USB3 to SoC
- SIM: 2 micro-SIM slots under transparent cover
- Buttons: Reset, WLAN under same cover
- LEDs: Multicolour green/red/yellow under same cover (visible)
- Power: 802.3at PoE via LAN port
The device is built as an outdoor ethernet to 5G/LTE bridge or
router. The Wifi interface is intended for installation and/or
temporary management purposes only.
UART Serial:
57600N1
Located on populated 5 pin header J5:
[o] GND
[ ] key - no pin
[o] RX
[o] TX
[o] 3.3V Vcc
Remove the SIM/button/LED cover, the WLAN button and 12 screws
holding the back plate and antenna cover together. The GPS antenna
is fixed to the cover, so be careful with the cable. Remove 4
screws fixing the antenna board to the main board, again being
careful with the cables.
A bluetooth TTL adapter is recommended for permanent console
access, to keep the router water and dustproof. The 3.3V pin is
able to power such an adapter.
MAC addresses:
OpenWrt OEM Address Found as
lan eth2 08:26:97:*:*:BC Factory 0xe000 (hex), label
wlan0 ra0 08:26:97:*:*:BD Factory 0x4 (hex)
wwan0 usb0 random
WARNING!!
ISP managed firmware might at any time update itself to a version
where all known workarounds have been disabled. Never boot an ISP
managed firmware with a SIM in any of the slots if you intend to use
the router with OpenWrt. The bootloader lock can only be disabled with
root access to running firmware. The flash chip is physically
inaccessible without soldering.
Installation from OEM web GUI:
- Log in as "supervisor" on https://172.17.1.1/
- Upload OpenWrt initramfs-recovery.bin image on the
Maintenance -> Firmware page
- Wait for OpenWrt to boot and ssh to root@192.168.1.1
- (optional) Copy OpenWrt to the recovery partition. See below
- Sysupgrade to the OpenWrt sysupgrade image and reboot
Installation from OEM ssh:
- Log in as "root" on 172.17.1.1 port 22022
- scp OpenWrt initramfs-recovery.bin image to 172.17.1.1:/tmp
- Prepare bootloader config by running:
nvram setro uboot DebugFlag 0x1
nvram setro uboot CheckBypass 0
nvram commit
- Run "mtd_write -w write initramfs-recovery.bin Kernel" and reboot
- Wait for OpenWrt to boot and ssh to root@192.168.1.1
- (optional) Copy OpenWrt to the recovery partition. See below
- Sysupgrade to the OpenWrt sysupgrade image and reboot
Copying OpenWrt to the recovery partition:
- Verify that you are running a working OpenWrt recovery image
from flash
- ssh to root@192.168.1.1 and run:
fw_setenv CheckBypass 0
mtd -r erase Kernel2
- Wait while the bootloader mirrors Image1 to Image2
NOTE: This should only be done after successfully booting the OpenWrt
recovery image from the primary partition during installation. Do
not do this after having sysupgraded OpenWrt! Reinstalling the
recovery image on normal upgrades is not required or recommended.
Installation from Z-Loader:
- Halt boot by pressing Escape on console
- Set up a tftp server to serve the OpenWrt initramfs-recovery.bin
image at 10.10.10.3
- Type "ATNR 1,initramfs-recovery.bin" at the "ZLB>" prompt
- Wait for OpenWrt to boot and ssh to root@192.168.1.1
- Sysupgrade to the OpenWrt sysupgrade image
NOTE: ATNR will write the recovery image to both primary and recovery
partitions in one go.
Booting from RAM:
- Halt boot by pressing Escape on console
- Type "ATGU" at the "ZLB>" prompt to enter the U-Boot menu
- Press "4" to select "4: Entr boot command line interface."
- Set up a tftp server to serve the OpenWrt initramfs-recovery.bin
image at 10.10.10.3
- Load it using "tftpboot 0x88000000 initramfs-recovery.bin"
- Boot with "bootm 0x8800017C" to skip the 380 (0x17C) bytes ZyXEL
header
This method can also be used to RAM boot OEM firmware. The warning
regarding OEM applies! Never boot an unknown OEM firmware, or any OEM
firmware with a SIM in any slot.
NOTE: U-Boot configuration is incomplete (on some devices?). You may
have to configure a working mac address before running tftp using
"setenv eth0addr <mac>"
Unlocking the bootloader:
If you are unebale to halt boot, then the bootloader is locked.
The OEM firmware locks the bootloader on every boot by setting
DebugFlag to 0. Setting it to 1 is therefore only temporary
when OEM firmware is installed.
- Run "nvram setro uboot DebugFlag 0x1; nvram commit" in OEM firmware
- Run "fw_setenv DebugFlag 0x1" in OpenWrt
NOTE:
OpenWrt does this automatically on first boot if necessary
NOTE2:
Setting the flag to 0x1 avoids the reset to 0 in known OEM
versions, but this might change.
WARNING:
Writing anything to flash while the bootloader is locked is
considered extremely risky. Errors might cause a permanent
brick!
Enabling management access from LAN:
Temporary workaround to allow installing OpenWrt if OEM firmware
has disabled LAN management:
- Connect to console
- Log in as "root"
- Run "iptables -I INPUT -i br0 -j ACCEPT"
Notes on the OEM/bootloader dual partition scheme
The dual partition scheme on this device uses Image2 as a recovery
image only. The device will always boot from Image1, but the
bootloader might copy Image2 to Image1 under specific conditions. This
scheme prevents repurposing of the space occupied by Image2 in any
useful way.
Validation of primary and recovery images is controlled by the
variables CheckBypass, Image1Stable, and Image1Try.
The bootloader sets CheckBypass to 0 and reboots if Image1 fails
validation.
If CheckBypass is 0 and Image1 is invalid then Image2 is copied to
Image1.
If CheckBypass is 0 and Image2 is invalid, then Image1 is copied to
Image2.
If CheckBypass is 1 then all tests are skipped and Image1 is booted
unconditionally. CheckBypass is set to 1 after each successful
validation of Image1.
Image1Try is incremented if Image1Stable is 0, and Image2 is copied to
Image1 if Image1Try is 3 or larger. But the bootloader only tests
Image1Try if CheckBypass is 0, which is impossible unless the booted
image sets it to 0 before failing.
The system is therefore not resilient against runtime errors like
failure to mount the rootfs, unless the kernel image sets CheckBypass
to 0 before failing. This is not yet implemented in OpenWrt.
Setting Image1Stable to 1 prevents the bootloader from updating
Image1Try on every boot, saving unnecessary writes to the environment
partition.
Keeping an OpenWrt initramfs recovery as Image2 is recommended
primarily to avoid unwanted OEM firmware boots on failure. Ref the
warning above. It enables console-less recovery in case of some
failures to boot from Image1.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Tested-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit 2449a63208)
Make packages depending on usb-serial selective, so we do not have
to add kmod-usb-serial manually for every device.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 9397b22df1)
The variable name appears to be mistyped.
Suggested-by: Howard Chu <hyc@symas.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6bc4c0ae3e)
The removed patches were integrated upstream.
The brcmf_driver_work workqueue was removed in brcmfmac with kernel
5.10.42, the asynchronous call was covered to a synchronous call. There
is no need to wait any more.
This part was removed manually from this patch:
brcm/860-brcmfmac-register-wiphy-s-during-module_init.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 04a260911c)
ZTE MF283+ is a dual-antenna LTE category 4 router, based on Ralink
RT3352 SoC, and built-in ZTE P685M PCIe MiniCard LTE modem.
Hardware highlighs:
- CPU: MIPS24KEc at 400MHz,
- RAM: 64MB DDR2,
- Flash: 16MB SPI,
- Ethernet: 4 10/100M port switch with VLAN support,
- Wireless: Dual-stream 802.11n (RT2860), with two internal antennas,
- WWAN: Built-in ZTE P685M modem, with two internal antennas and two
switching SMA connectors for external antennas,
- FXS: Single ATA, with two connectors marked PHONE1 and PHONE2,
internally wired in parallel by 0-Ohm resistors, handled entirely by
internal WWAN modem.
- USB: internal miniPCIe slot for modem,
unpopulated USB A connector on PCB.
- SIM slot for the WWAN modem.
- UART connector for the console (unpopulated) at 3.3V,
pinout: 1: VCC, 2: TXD, 3: RXD, 4: GND,
settings: 57600-8-N-1.
- LEDs: Power (fixed), WLAN, WWAN (RGB),
phone (bicolor, controlled by modem), Signal,
4 link/act LEDs for LAN1-4.
- Buttons: WPS, reset.
Installation:
As the modem is, for most of the time, provided by carriers, there is no
possibility to flash through web interface, only built-in FOTA update
and TFTP recovery are supported.
There are two installation methods:
(1) Using serial console and initramfs-kernel - recommended, as it
allows you to back up original firmware, or
(2) Using TFTP recovery - does not require disassembly.
(1) Using serial console:
To install OpenWrt, one needs to disassemble the
router and flash it via TFTP by using serial console:
- Locate unpopulated 4-pin header on the top of the board, near buttons.
- Connect UART adapter to the connector. Use 3.3V voltage level only,
omit VCC connection. Pin 1 (VCC) is marked by square pad.
- Put your initramfs-kernel image in TFTP server directory.
- Power-up the device.
- Press "1" to load initramfs image to RAM.
- Enter IP address chosen for the device (defaults to 192.168.0.1).
- Enter TFTP server IP address (defaults to 192.168.0.22).
- Enter image filename as put inside TFTP server - something short,
like firmware.bin is recommended.
- Hit enter to load the image. U-boot will store above values in
persistent environment for next installation.
- If you ever might want to return to vendor firmware,
BACK UP CONTENTS OF YOUR FLASH NOW.
For this router, commonly used by mobile networks,
plain vendor images are not officially available.
To do so, copy contents of each /dev/mtd[0-3], "firmware" - mtd3 being the
most important, and copy them over network to your PC. But in case
anything goes wrong, PLEASE do back up ALL OF THEM.
- From under OpenWrt just booted, load the sysupgrade image to tmpfs,
and execute sysupgrade.
(2) Using TFTP recovery
- Set your host IP to 192.168.0.22 - for example using:
sudo ip addr add 192.168.0.22/24 dev <interface>
- Set up a TFTP server on your machine
- Put the sysupgrade image in TFTP server root named as 'root_uImage'
(no quotes), for example using tftpd:
cp openwrt-ramips-rt305x-zte_mf283plus-squashfs-sysupgrade.bin /srv/tftp/root_uImage
- Power on the router holding BOTH Reset and WPS buttons held for around
5 seconds, until after WWAN and Signal LEDs blink.
- Wait for OpenWrt to start booting up, this should take around a
minute.
Return to original firmware:
Here, again there are two possibilities are possible, just like for
installation:
(1) Using initramfs-kernel image and serial console
(2) Using TFTP recovery
(1) Using initramfs-kernel image and serial console
- Boot OpenWrt initramfs-kernel image via TFTP the same as for
installation.
- Copy over the backed up "firmware.bin" image of "mtd3" to /tmp/
- Use "mtd write /tmp/firmware.bin /dev/mtd3", where firmware.bin is
your backup taken before OpenWrt installation, and /dev/mtd3 is the
"firmware" partition.
(2) Using TFTP recovery
- Follow the same steps as for installation, but replacing 'root_uImage'
with firmware backup you took during installation, or by vendor
firmware obtained elsewhere.
A few quirks of the device, noted from my instance:
- Wired and wireless MAC addresses written in flash are the same,
despite being in separate locations.
- Power LED is hardwired to 3.3V, so there is no status LED per se, and
WLAN LED is controlled by WLAN driver, so I had to hijack 3G/4G LED
for status - original firmware also does this in bootup.
- FXS subsystem and its LED is controlled by the
modem, so it work independently of OpenWrt.
Tested to work even before OpenWrt booted.
I managed to open up modem's shell via ADB,
and found from its kernel logs, that FXS and its LED is indeed controlled
by modem.
- While finding LEDs, I had no GPL source drop from ZTE, so I had to probe for
each and every one of them manually, so this might not be complete -
it looks like bicolor LED is used for FXS, possibly to support
dual-ported variant in other device sharing the PCB.
- Flash performance is very low, despite enabling 50MHz clock and fast
read command, due to using 4k sectors throughout the target. I decided
to keep it at the moment, to avoid breaking existing devices - I
identified one potentially affected, should this be limited to under
4MB of Flash. The difference between sysupgrade durations is whopping
3min vs 8min, so this is worth pursuing.
In vendor firmware, WWAN LED behaviour is as follows, citing the manual:
- red - no registration,
- green - 3G,
- blue - 4G.
Blinking indicates activity, so netdev trigger mapped from wwan0 to blue:wwan
looks reasonable at the moment, for full replacement, a script similar to
"rssileds" would need to be developed.
Behaviour of "Signal LED" in vendor firmware is as follows:
- Off - no signal,
- Blinking - poor coverage
- Solid - good coverage.
A few more details on the built-in LTE modem:
Modem is not fully supported upstream in Linux - only two CDC ports
(DIAG and one for QMI) probe. I sent patches upstream to add required device
IDs for full support.
The mapping of USB functions is as follows:
- CDC (QCDM) - dedicated to comunicating with proprietary Qualcomm tools.
- CDC (PCUI) - not supported by upstream 'option' driver yet. Patch
submitted upstream.
- CDC (Modem) - Exactly the same as above
- QMI - A patch is sent upstream to add device ID, with that in place,
uqmi did connect successfully, once I selected correct PDP context
type for my SIM (IPv4-only, not default IPv4v6).
- ADB - self-explanatory, one can access the ADB shell with a device ID
added to 51-android.rules like so:
SUBSYSTEM!="usb", GOTO="android_usb_rules_end"
LABEL="android_usb_rules_begin"
SUBSYSTEM=="usb", ATTR{idVendor}=="19d2", ATTR{idProduct}=="1275", ENV{adb_user}="yes"
ENV{adb_user}=="yes", MODE="0660", GROUP="plugdev", TAG+="uaccess"
LABEL="android_usb_rules_end"
While not really needed in OpenWrt, it might come useful if one decides to
move the modem to their PC to hack it further, insides seem to be pretty
interesting. ADB also works well from within OpenWrt without that. O
course it isn't needed for normal operation, so I left it out of
DEVICE_PACKAGES.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
[remove kmod-usb-ledtrig-usbport, take merged upstream patches]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 59d065c9f8)
[Manually remove no longer needed patches for modem]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
1. Move code above interface generation
It results in more logical order. Device gets its config section
above interface section.
2. Drop the loop
We have separated code handling bridges now so $device should be
guaranteed to contain a single device name.
3. Drop section name
It's not required by netifd or LuCI & it's not needed by this script
as $device contains a single device name now.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit e002179a6d)
The underlying logread process uses usock() to handle remote connections
which is able to handle both hostnames and IP addresses.
Ref: https://github.com/openwrt/luci/issues/5077
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit ec83fb9ced)
Replace "ifname" with "device" as netifd has been recently patches to
used the later one. It's more clear and accurate.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4b9a67362d)
After the commit 43fc720657
("base-files: generate "device UCI type section for bridge"), the wrong
network configuration is generated for the devices that already have the
bridge device section for VLAN, such as the devices in realtek target.
As a result, the bridge device by additional "device" section is
specified to the "ports" option in the "bridge-vlan" section and netifd
shuts down the switch and the ethernet when the network service started.
Fixes: 43fc720657 ("base-files: generate "device" UCI type section for bridge")
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
[rmilecki: use $ports for generate_bridge_vlan argument]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8cc4e87a2f)
Missing br- prefix could result in name conflict between DSA port
interface and bridge interface. Some devices with just one LAN port use
"lan" interface name for DSA port. Trying to create bridge with the same
"lan" name was failing.
Reported-by: David Bauer <mail@david-bauer.net>
Fixes: 43fc720657 ("base-files: generate "device" UCI type section for bridge")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 0e459668c5)
This switches from the old way of defining bridges in an "interface" UCI
section type (that should be used for layer 3 only). From now a defualt
board switch will have its own "device" UCI section type. It's a new &
preferred way of defining L2 devices.
Before:
config interface 'lan'
option type 'bridge'
option ifname 'lan1 lan2 lan3 lan4'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
After:
config device
option name 'lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option ifname 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 43fc720657)
On login busybox shows a timestamp per default contianing the build
date. Since the build date isn't reproducible per default this behaviour
was disabled by default via 34df4d40 "busybox: disable timestamp in
version".
This commit modifies busybox so that the printed timestamp reproducible
using SOURCE_DATE_EPOCH and therefore shouldn't be disabled anymore.
Before:
BusyBox v1.33.1 () built-in shell (ash)
After:
BusyBox v1.33.1 (2021-05-13 09:34:34 UTC) built-in shell (ash)
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit a725382978)
use AUTORELEASE since BusyBox is often updaten and PKG_RELEASE is not
consistently bumped. Also use SPDX license headers to be machine
readable and bump the copyright year to 2021.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 25fdb42249)
899c2a4 interface: support "device" attribute and deprecate "ifname"
62e3cb5 scripts/netifd-wireless.sh: add support for specifying the operating band
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 5fe549836f)
02dd2f2df7cb fix unannotated fall-through warnings
3052f2f67686 extdev: remove unused function
2a97fd006c3b device: add support for configuring devices with external auth handler
87e469be0c08 wireless: fix memory corruption bug when using vlans/station entries in the config
7277764bf817 bridge: rename "ifname" attribute to "ports"
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 829b5c2ba3)
Placeholder DHCP user scripts were added recently.
These files make package-based installations of such scripts more difficult.
Pull user callbacks from directories instead to allow packages and users to
install co-existing scripts more easily.
References:
130118f7a netifd: add a udhcpc.user placeholder script
Signed-off-by: Leon M. George <leon@georgemail.eu>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit 467c32600c)
f8899b9 netifd: bridge: set default value for igmp_snoop
327da98 netifd: add possibility to switch off route config
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b974293efa)
Document the existence of this feature. This allows the user to execute a script
at each DHCPv4 event. This is useful, for example, as an ad-hoc way to update a
DDNS entry when (and only when) required.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 130118f7aa)
2e52c7e libubox: fix BLOBMSG_CAST_INT64 (do not override BLOBMSG_TYPE_DOUBLE)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c82cc4407a)
Bridge aggregates multiple ports so use a more accurate name ("ports")
and format (array) for storing them in board.json.
Example:
"network": {
"lan": {
"ports": [
"lan1",
"lan2",
"lan3",
"lan4"
],
"protocol": "static"
},
"wan": {
"ifname": "wan",
"protocol": "dhcp"
}
}
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d42640e389)
This marks all packages which depend on a target with @TARGET nonshared.
If they are not marked nonshared they would be build by the SDK build
and if this happens with a different SDK, then the SDK from the target
the package depends on, the package would not be added to the index.
This should fix the image builder for some of these packages.
This should fix the image builder at least for bcm27xx/bcm2710 and
bcm4908/generic.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1903233f2b)
6a6011d uclient-http: set eof mark when content-length is 0
19571e4 tests: fix help usage test for uclient built with sanitizer
c5fc04b tests: fix help usage test
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 1ec6fc4dcb)
PREFER_IPV4_ADDRESS is broken on IPv6-only hosts, as it causes busybox
utilities (ping, traceroute, ntpd) to forcibly use the A record instead of
the AAAA record when resolving a DNS name. This obviously fails when
there is no IPv4 connectivity. Since IPv6-only hosts or routers will only
become more common over time, disable PREFER_IPV4_ADDRESS to support this
use-case.
As a side-effect, disabling PREFER_IPV4_ADDRESS changes the default
resolution behaviour of busybox utilities on dual-stack hosts. Busybox
utilities now simply use the order given by getaddrinfo(), so they will
now prefer IPv6 addresses when resolving a name with both A and AAAA
records if there is IPv6 connectivity. This is in line with RFC 6724.
PREFER_IPV4_ADDRESS was likely intended to work around naive
implementations of getaddrinfo() that could return AAAA records first,
even on an IPv4-only host. But both musl (since 1.1.3) and glibc
correctly implement RFC 6724 for getaddrinfo() and check connectivity to
determine the correct order in which to return records. On IPv4-only
hosts, getaddrinfo() will return A records first, so there is no need for
the PREFER_IPV4_ADDRESS hack.
See also: https://bugs.busybox.net/show_bug.cgi?id=12381
Fixes: FS#84
Fixes: FS#2608
References: https://github.com/openwrt/openwrt/pull/4167
Signed-off-by: Alexander Traud <pabstraud@compuserve.com>
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 7fea9d9f5d)
Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the OpenWrt 21.02 feeds.
If one of the other keys would be compromised this would not affect
users of 21.02 release builds.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2be57ed cosmetics: provide compatible system info on Aarch64
37eed13 system: expose if system was booted from initramfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit 5f1bd95278)
Includes fix for CVE-2020-24588
186af01047b2 mt76: mt7921: introduce MCU_EVENT_LP_INFO event parsing
93b5c28c97d5 mt76: mt7921: add rcu section in mt7921_mcu_tx_rate_report
a8e89c5a1d1f mt76: testmode: add support to send larger packet
a0cc9a9e3877 mt76: mt7915: rework mt7915_tm_set_tx_len()
c8b96630324e mt76: mt7915: fix rate setting of tx descriptor in testmode
22fd2958c42a mt76: mt7615: fix memleak when mt7615_unregister_device()
7401e0db3143 mt76: mt7915: fix memleak when mt7915_unregister_device()
c3656268b3f6 mt76: mt7915: only free skbs after mt7915_dma_reset() when reset happens
0ce955b04ba8 mt76: mt7615: only free skbs after mt7615_dma_reset() when reset happens
b03d1e62acf7 mt76: mt7615: use ieee80211_free_txskb() in mt7615_tx_token_put()
5ac02e22fb03 mt76: flush tx status queue on DMA reset
c71f609b398a mt76: sync with upstream changes
23ecadd4af77 mt76: mt7615: fix hardware error recovery for mt7663
57a899ee3c3c mt76: mt7615: fix entering driver-own state on mt7663
42a2dddb706b mt76: mt7615: load ROM patch before checking patch semaphore status
cf0e406af84a mt76: mt7915: add support for applying pre-calibration data
459940ccbc58 mt76: mt7921: move hw configuration in mt7921_register_device
0a094b11f3c0 mt76: improve mcu error logging
bf536832e37d mt76: mt7921: run mt7921_mcu_fw_log_2_host holding mt76 mutex
7616f4f78163 mt76: mt7921: add wifisys reset support in debugfs
e620bd881ef5 mt76: mt7921: abort uncompleted scan by wifi reset
e8dacf59ab1c mt76: mt7915: rework the flow of txpower setting
c8c78e577236 mt76: mt7915: directly read per-rate tx power from registers
1622bf4f8705 mt76: mt7921: add mt7921_dma_cleanup in mt7921_unregister_device
ef96fafad8a9 mt76: Convert to DEFINE_SHOW_ATTRIBUTE
90e4bfea2948 mt76: mt7921: do not use 0 as NULL pointer
0a139d7f5966 mt76: connac: move mcu_update_arp_filter in mt76_connac module
de26c73ce3c2 mt76: mt7921: remove leftover function declaration
1c0b6cb4f942 mt76: mt7921: fix a race between mt7921_mcu_drv_pmctrl and mt7921_mcu_fw_pmctrl
2923e3e2b8e4 mt76: mt7663: fix a race between mt7615_mcu_drv_pmctrl and mt7615_mcu_fw_pmctrl
74d0fdaa7a99 mt76: connac: introduce wake counter for fw_pmctrl synchronization
28c87e09a5ea mt76: mt7921: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx path
36f664edc7db mt76: mt7663: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx path
51b3d1a9a2b7 mt76: dma: add the capability to define a custom rx napi poll routine
4f1339c9fb72 mt76: mt7921: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx/rx napi
1bc5e67a60be mt76: mt7663: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx/rx napi
325f7b451c03 mt76: connac: unschedule ps_work in mt76_connac_pm_wake
12115052a02f mt76: connac: check wake refcount in mcu_fw_pmctrl
e5d28e3cef66 mt76: connac: remove MT76_STATE_PM in mac_tx_free
475112a3cdcc mt76: mt7921: get rid of useless MT76_STATE_PM in mt7921_mac_work
112998f32d85 mt76: connac: alaways wake the device before scanning
4334f3e2fc43 mt76: mt7615: rely on pm refcounting in mt7615_led_set_config
0562380659ad mt76: connac: do not run mt76_txq_schedule_all directly
acfa78df5708 mt76: connac: use waitqueue for runtime-pm
ca74a4cd0722 mt76: remove MT76_STATE_PM in tx path
0c2d3e74852e mt76: mt7921: add awake and doze time accounting
45e0eefffe9f mt76: mt7921: enable sw interrupts
fd2ff641166f mt76: mt7615: Fix a dereference of pointer sta before it is null checked
7e2521468767 mt76: mt7921: move mt7921_dma_reset in dma.c
c9dd6b1fa171 mt76: mt7921: introduce mt7921_wpdma_reset utility routine
2ac7c7e9c568 mt76: mt7921: introduce mt7921_dma_{enable,disable} utilities
662a89f2b9d1 mt76: mt7921: introduce mt7921_wpdma_reinit_cond utility routine
614efe9e9180 mt76: connac: introduce mt76_connac_mcu_set_deep_sleep utility
0dbb16ef39d8 mt76: mt7921: enable deep sleep when the device suspends
3c19f569cc70 mt76: mt7921: fix possible invalid register access
ade1f5aad4c6 mt76: move token_lock, token and token_count in mt76_dev
8d5c456be1ff mt76: move token utilities in mt76 common module
fb04d9df5e52 mt76: mt7915: do not read rf value from efuse in flash mode
2126b2176336 mt76: mt7921: get rid of mcu_reset function pointer
d325b7eff1b1 mt76: mt7921: improve doze opportunity
2ae25c7e547e mt76: mt7663: add awake and doze time accounting
349bbb9d6f13 mt76: connac: unschedule mac_work before going to sleep
98a235004dea mt76: mt7921: mt7921_stop should put device in fw_own state
63d80b9ab251 mt76: mt7921: introduce mt7921_mcu_sta_add routine
3c5bf837fdbd mt76: mt7615: fix a precision vs width bug in printk
ded14da5eacc mt76: mt7915: fix a precision vs width bug in printk
aaf0d254f9ea mt76: mt7921: fix a precision vs width bug in printk
757af5c67d32 mt76: move mt76_token_init in mt76_alloc_device
ed41ed73a495 mt76: mt7921: reinit wpdma during drv_own if necessary
92fb81e085c6 mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
53d915a23bc9 mt76: connac: do not schedule wake_work if the runtime-pm is disabled
23fe1bdcf15a mt76: connac: do not schedule mac_work if the device is not running
e5b19336c58e mt76: mt7615: do not set MT76_STATE_PM at bootstrap
0fc2136a61dd mt76_connac_mcu: move mt76_connac_mcu_update_arp_filter outside of CONFIG_PM
e693f3e23e06 mt76: mt7915: add MSI support
5231e7300fa4 mt7915: disable ASPM
554b50dabf54 mt76: connac: fix uninitialized HT A-MPDU setting field in STA_REC_PHY
43b9c0a838bb mt76: mt7921: fix max aggregation subframes setting
5a387a0a3004 mt76: mt7921: enable rx hw de-amsdu
c8cbcb87be07 mt76: connac: add missing configuration in mt76_connac_mcu_wtbl_hdr_trans_tlv
55921e57b380 mt76: mt7921: enable rx header traslation offload
01441f67d8b2 mt76: mt7921: enable rx csum offload
c9ab76dd93a0 mt76: mt7915: move mt7915_queue_rx_skb to mac.c
caedb4c4ee41 mt76: mt7615: fix fixed-rate tx status reporting
c6ae95d43e6d mt76: improve tx status codepath
27d468d094e6 mt76: mt7915: rework tx rate reporting
3b4ca5b09e2c mt76: mt7615: avoid use of ieee80211_tx_info_clear_status
e1f07d7f1cb9 mt76: mt7603: avoid use of ieee80211_tx_info_clear_status
18513ba5fbc2 mt76: mt7915: add support for tx status reporting
35f189cf81b2 mt76: mt7915: fix uninitialized variable in MSI error handling
9e928ac1ea9b mt76: dma: use ieee80211_tx_status_ext to free packets when tx fails
628eee9c386c mt76: fill queue entry wcid for all skbs with a station
a9bc4d94b7a1 mt76: intialize tx queue entry wcid to 0xffff by default
998ca8af7d17 mt76: mt7915: fix tssi indication field of DBDC NICs
7dd24b3cfacf mt76: mt7915: fix a signedness bug in mt7915_mcu_apply_tx_dpd()
535025d65d8d mt76: mt7915: cleanup mt7915_mcu_sta_rate_ctrl_tlv()
ff8bbe22dd87 mt76: mt7915: add .set_bitrate_mask() callback
c7dd54a22e30 mt76: connac: skip wtbl reset on sta disconnect
3511fd430356 mt76: validate rx A-MSDU subframes
aedc3145de6e mt76: fix possible NULL pointer dereference in mt76_tx
5c2baab92cd0 mt76: mt7615: fix NULL pointer dereference in tx_prepare_skb()
af21659ee834 mt76: mt76x0: use dev_debug instead of dev_err for hw_rf_ctrl
e423c16f16f7 mt76: mt7615: free irq if mt7615_mmio_probe fails
f2d0da8da9b7 mt76: mt7663: enable hw rx header translation
d2713a5d9de9 mt76: mt7921: fix mt7921_wfsys_reset sequence
ce5f32d84f33 mt76: mt7921: Don't alter Rx path classifier
8ab8c7747197 mt76: connac: fw_own rely on all packet memory all being free
a747b0bb4956 mt76: mt7921: enable deep sleep at runtime
2e6e999509b1 mt76: mt7921: add deep sleep control to runtime-pm knob
30bcb2338ce2 mt76: connac: fix WoW with disconnetion and bitmap pattern
56518f4a126e mt76: mt7921: consider the invalid value for to_rssi
e969ab10a034 mt76: mt7921: add back connection monitor support
28b162366d09 mt76: fix calling mt76_get_of_eeprom with an offset for pre-cal data
9d736545bb5a mt76: mt7915: disable pre-calibration support for now
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit f62aa9e781)
From the patch series description:
Several security issues in the 802.11 implementations were found by
Mathy Vanhoef (New York University Abu Dhabi), who has published all
the details at
https://papers.mathyvanhoef.com/usenix2021.pdf
Specifically, the following CVEs were assigned:
* CVE-2020-24586 - Fragmentation cache not cleared on reconnection
* CVE-2020-24587 - Reassembling fragments encrypted under different
keys
* CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to
payload being parsed as an L2 frame under an
A-MSDU bit toggling attack
* CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender
* CVE-2020-26140 - Accepting plaintext data frames in protected
networks
* CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames
* CVE-2020-26142 - Processing fragmented frames as full frames
* CVE-2020-26143 - Accepting fragmented plaintext frames in
protected networks
* CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that
start with RFC1042 header with EAPOL ethertype
* CVE-2020-26145 - Accepting plaintext broadcast fragments as full
frames
* CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive
packet numbers
* CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments
In general, the scope of these attacks is that they may allow an
attacker to
* inject L2 frames that they can more or less control (depending on the
vulnerability and attack method) into an otherwise protected network;
* exfiltrate (some) network data under certain conditions, this is
specific to the fragmentation issues.
A subset of these issues is known to apply to the Linux IEEE 802.11
implementation (mac80211). Where it is affected, the attached patches
fix the issues, even if not all of them reference the exact CVE IDs.
In addition, driver and/or firmware updates may be necessary, as well
as potentially more fixes to mac80211, depending on how drivers are
using it.
Specifically, for Intel devices, firmware needs to be updated to the
most recently released versions (which was done without any reference
to the security issues) to address some of the vulnerabilities.
To have a single set of patches, I'm also including patches for the
ath10k and ath11k drivers here.
We currently don't have information about how other drivers are, if
at all, affected.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add support for querying and parsing SRV DNS records to nslookup_lede.c
This patch is based on http://lists.busybox.net/pipermail/busybox/2019-June/087359.html
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
[reword subject, bump PKG_RELEASE]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 3a359398f0)
With some debug in qmi.sh using following patch, some errors are visible
in the registration step
@@ -29,6 +29,7 @@ proto_qmi_init_config() {
}
proto_qmi_setup() {
+ set -x
local interface="$1"
local dataformat connstat plmn_mode mcc mnc
local device apn auth username password pincode delay modes pdptype
@@ -224,6 +225,8 @@ proto_qmi_setup() {
fi
done
+ registration=$(uqmi -s -d "$device" --get-serving-system)
+
[ -n "$modes" ] && uqmi -s -d "$device" --set-network-modes "$modes" > /dev/null 2>&1
echo "Starting network $interface"
During the boot of the system, modem could not start automatically its
network registration.
netifd: wan (9235): + echo 'Waiting for network registration'
netifd: wan (9235): Waiting for network registration
netifd: wan (9235): + local 'registration_timeout=0'
netifd: wan (9235): + uqmi -s -d /dev/cdc-wdm1 --get-serving-system
netifd: wan (9235): + grep '"searching"'
netifd: wan (9235): + uqmi -s -d /dev/cdc-wdm1 --get-serving-system
netifd: wan (9235): + registration='{"registration":"not_registered","plmn_mcc":208,"plmn_mnc":20,"plmn_description":"","roaming":true}'
netifd: wan (9235): + '[' -n ]
netifd: wan (9235): + echo 'Starting network wan'
As the while loop checks only "searching" pattern, uqmi.sh script quits
searching loop and continues whereas the modem is not registered
Other issue, after X seconds modem stops searching.
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + grep '"searching"'
netifd: wan (9213): + '[' -e /dev/cdc-wdm0 ]
netifd: wan (9213): + '[' 3 -lt 0 -o 0 '=' 0 ]
netifd: wan (9213): + let registration_timeout++
netifd: wan (9213): + sleep 1
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + grep '"searching"'
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + registration='{"registration":"not_registered"}'
netifd: wan (9213): + '[' -n ]
netifd: wan (9213): + echo 'Starting network wan'
netifd: wan (9213): Starting network wan
If registration_timeout is not expired, registration can be restarted
Signed-off-by: Thomas Richard <thomas.richard@kontron.com>
Tested-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 2eda042d55)
Fixes issue with merged DNS requests in 2.83/2.84 not being
retried on the firsts failed request causing lookup failures.
Also fixes the following security problem in dnsmasq:
* CVE-2021-3448:
If specifiying the source address or interface to be used
when contacting upstream name servers such as:
server=8.8.8.8@1.2.3.4, server=8.8.8.8@1.2.3.4#66 and
server=8.8.8.8@eth0 then all would use the same socket
bound to the explicitly configured port. Now only
server=8.8.8.8@1.2.3.4#66 will use the explicitly
configured port and the others random source ports.
Remove upstreamed patches and update remaining patch.
Signed-off-by: Alan Swanson <reiver@improbability.net>
[refreshed old runtime support patch]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 3980daffa4)
This package depends on the lantiq target and is only build for that
target. A normal package would be build by the SDK builder probably
under a different target and then this package will not be selected.
Mark it as nonshared to build it when the lantiq target gets build.
Fixes: FS#3773, FS#3774
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 454d514f46)
The removed patches were applied upstream and are not needed anymore.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 17ac9849d3)
This backports a fix for the low priority CVE-2021-28831:
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit
on the huft_build result pointer, with a resultant invalid free or
segmentation fault, via malformed gzip data.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 13397b2b95)
This commit adds support for the MikroTik SXTsq 5 ac (RBSXTsqG-5acD),
an outdoor 802.11ac wireless CPE with one 10/100/1000 Mbps Ethernet
port.
Specifications:
- SoC: Qualcomm Atheros IPQ4018
- RAM: 256 MB
- Storage: 16 MB NOR
- Wireless: IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 16 dBi antennae
- Ethernet: IPQ4018 (SoC) 1x 10/100/1000 port, 10-28 Vdc PoE in
- 1x Ethernet LED (green)
- 7x user-controllable LEDs
· 1x power (blue)
· 1x user (green)
· 5x rssi (green)
Note:
Serial UART is probably available on the board, but it has not been
tested.
Flashing:
Boot via TFTP the initramfs image. Then, upload a sysupgrade image
via SSH and flash it normally. More info at the "Common procedures
for MikroTik products" page https://openwrt.org/toh/mikrotik/common.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
(cherry picked from commit d1f1e5269e)
[Compile and Run Tested]
Signed-off-by: Nick Hainke <vincent@systemli.org>
This adds support for the MikroTik RouterBOARD RBD52G-5HacD2HnD-TC
(hAP ac²), a indoor dual band, dual-radio 802.11ac
wireless AP with integrated omnidirectional antennae, USB port and five
10/100/1000 Mbps Ethernet ports.
See https://mikrotik.com/product/hap_ac2 for more info.
Specifications:
- SoC: Qualcomm Atheros IPQ4018
- RAM: 128 MB
- Storage: 16 MB NOR
- Wireless:
· Built-in IPQ4018 (SoC) 802.11b/g/n 2x2:2, 2.5 dBi antennae
· Built-in IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 2.5 dBi antennae
- Ethernet: Built-in IPQ4018 (SoC, QCA8075) , 5x 1000/100/10 port,
passive PoE in
- 1x USB Type A port
Installation:
Boot the initramfs image via TFTP and then flash the sysupgrade
image using "sysupgrade -n"
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit faea7becaf)
[Compile Tested]
Signed-off-by: Nick Hainke <vincent@systemli.org>
Missing braces in a macro were leading to badly working rates sometimes
getting a success probabilty of 1.0
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 12cb52bd06)
With the old ubus dsl API, the numbers for the individual line_states and
power_states were also returned. These were not ported to the new DSL
C-API. This commit adds the missing information.
For this the internal values are mapped to numbers.
* additional JSON output for state_num:
"state_num": <map_state_number>
Since not all values are meaningful only the following values are
implemented, this can be extended if the future.
* LSTATE_MAP_NOT_INITIALIZED
* LSTATE_MAP_EXCEPTION
* LSTATE_MAP_IDLE
* LSTATE_MAP_SILENT
* LSTATE_MAP_HANDSHAKE
* LSTATE_MAP_FULL_INIT
* LSTATE_MAP_SHOWTIME_NO_SYNC
* LSTATE_MAP_SHOWTIME_TC_SYNC
* LSTATE_MAP_RESYNC
* additinal JSON output for power_level:
"power_state_num": <map_power_satte_number>,
Since there are not so many here, all are mapped.
* PSTATE_MAP_NA,
* PSTATE_MAP_L0,
* PSTATE_MAP_L1,
* PSTATE_MAP_L2,
* PSTATE_MAP_L3,
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
v6:
Add state LSTATE_MAP_NOT_INITILIZED at the beginning of the list
Start the list LSTATE_MAP with -1
Reviewed-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 4407d45d96)
Switch to Actual Net Data Rate (ACTNDR) for speed reporting on lantiq VDSL modems
Refer to ITU-T G.997.1 chapter 7.5.2.8
Independent whether retransmission is used or not in a given transmit direction:
- In L0 state, this parameter reports the Net Data Rate (as specified in G.992.3, G.992.5 or G.993.2) at which the bearer channel is operating.
- In L2 state, the parameter contains the Net Data Rate (as specified in G.992.3, G.992.5 or G.993.2) in the previous L0 state.
Signed-off-by: Jeroen Peelaerts <jeroen.peelaerts@gmail.com>
Reviewed-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 4f27ea7c33)
