Allow selecting either SATA or PCIE functionality using uImage.FIT
configurations and device-tree overlays.
By default, PCIE1 is selected (as it has been before this change).
To select SATA instead, you can do this now:
fw_setenv bootconf config-mt7622-bananapi-bpi-r64-sata
and reboot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Commit b5b0796a13 added an uint32_t to mtd.h without including stdint, which
results in a compilation error for those files not including stdint.h.
In file included from imagetag.c:36:
mtd.h:15:8: error: unknown type name 'uint32_t'
extern uint32_t opt_trxmagic;
^~~~~~~~
imagetag.c: In function 'trx_fixup':
imagetag.c:180:10: warning: unused variable 'res' [-Wunused-variable]
ssize_t res;
^~~
imagetag.c:177:14: warning: unused variable 'scan' [-Wunused-variable]
void *ptr, *scan;
^~~~
imagetag.c: In function 'trx_check':
imagetag.c:246:27: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
struct bcm_tag *tag = (const struct bcm_tag *) buf;
^
make[3]: *** [<builtin>: imagetag.o] Error 1
Fixes: b5b0796a13 ("mtd: add option for TRX magic to fixtrx")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Security fixes:
* Fix a buffer overflow in mbedtls_mpi_sub_abs()
* Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem()
* Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout()
* Guard against strong local side channel attack against base64 tables
by making access aceess to them use constant flow code
Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
This adds support for the Buffalo WSR-2533DHP2.
The device uses the Broadcom TRX image format with a special magic. To
be able to boot the images or load them they have to be wrapped with
different headers depending how it is loaded.
There are multiple ways to install OpenWrt on this device.
Boot ramdisk from U-Boot
----------------------------
This will load the image and not write it into the flash.
1. Stop boot menu with "space" key
2. Select "System Load Linux to SDRAM via TFTP."
3. Load this image:
openwrt-mediatek-mt7622-buffalo_wsr-2533dhp2-initramfs-kernel.bin
4. The system boots the image
Write to flash from U-Boot
-----------------------------
This will load the image over tftp and directly write it into the flash.
1. Stop boot menu with "space" key
2. Select "System Load Linux Kernel then write to Flash via TFTP."
3. Load this image:
openwrt-mediatek-mt7622-buffalo_wsr-2533dhp2-squashfs-factory-uboot.bin
4. The system writes this image into the flash and boots into it.
Write to flash from Web UI
-----------------------------
This will load the image over over the Web UI and write it into the flash
1. Open the Web UI
2. Go to "管理" -> "ファームウェア更新"
3. Select "ローカルファイル指定" and click "更新実行"
4. Load this image:
openwrt-mediatek-mt7622-buffalo_wsr-2533dhp2-squashfs-factory.bin
5. The system writes this image into the flash and boots into it.
Specifications
-------------------
* SoC: MT7622 (4x4 2.4 GHz Wifi)
* Wifi: MT7615 (4x4 5 GHz Wifi)
* Flash: Winbond W29N01HZ 128MB SLC NAND
* RAM 256MB
* Ethernet: Realtek RTL8367S (5 x 1GBit/s, SoC via 2.5GBit/s)
Co-Developed-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Buffalo uses the TRX header with a different magic and even changes this
magic with different devices. This change allows to specify the header
to use as a command line argument.
This is needed for the Buffalo WSR-2533DHP2 based on mt7622.
Co-Developed-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Make installation to eMMC more convenient on the BPi-R64 by also
copying the production image (if valid) from SD Card to eMMC.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Instead of building all U-Boot variants by default, build only those
needed by the selected board(s).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add kmod-mdio-devres package and kernel config symbol, and update related
kmod-r8169 and kmod-ixgbe package dependencies.
Build tested module dependencies on x86/64 with CONFIG_ALL_KMODS=y.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The ZyXEL GS1900-8 is a 8 port switch without any PoE functionality or
SFP ports, but otherwise similar to the other GS1900 switches.
Specifications
--------------
* Device: ZyXEL GS1900-8 v1.2
* SoC: Realtek RTL8380M 500 MHz MIPS 4KEc
* Flash: Macronix MX25L12835F 16 MiB
* RAM: Nanya NT5TU128M8GE-AC 128 MiB DDR2 SDRAM
* Ethernet: 8x 10/100/1000 Mbit
* LEDs: 1 PWR LED (green, not configurable)
1 SYS LED (green, configurable)
8 ethernet port status LEDs (green, SoC controlled)
* Buttons: 1 on-off glide switch at the back (not configurable)
1 reset button at the right side, behind the air-vent
(not configurable)
1 reset button on front panel (configurable)
* Power 12V 1A barrel connector
* UART: 1 serial header (JP2) with populated standard pin connector on
the left side of the PCB, towards the back. Pins are labelled:
+ VCC (3.3V)
+ TX (really RX)
+ RX (really TX)
+ GND
the labelling is done from the usb2serial connector's point of
view, so RX/ TX are mixed up.
Serial connection parameters for both devices: 115200 8N1.
Installation
------------
Instructions are identical to those for the GS1900-10HP and GS1900-8HP.
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs
image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
* Since the GS1900-10HP is a dual-partition device, you want to keep the
OEM firmware on the backup partition for the time being. OpenWrt can
only boot off the first partition anyway (hardcoded in the DTS). To
make sure we are manipulating the first partition, issue the following
commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-8-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade /tmp/openwrt-realtek-generic-zyxel_gs1900-8-squashfs-sysupgrade.bin
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3d7da7a igmpproxy tidy some loose ends
c84ba0f rcigmpproxy: add entries to /etc when creating /etc/igmpproxy.conf
5a18967 adds igmpproxy skeleton
7e6a218 logread: support resolving dns names
e39ca8b netifd: add support for /etc/udhcpc.user
7952bd0 odhcp6c: support /etc/odhcp6c.user
ba0eb4e swconfig, fwenv, agent
4556b8a pppd cosmetic
9324d9d pppd: sends AT commands to model using /dev/ttyUSBN
417b14a ttydev: add some more ttyUSB
ed739dc example: dont depend on policycoreutils
97613f9 dropbear: using dropbear as scp: dns name resolving
12c193b dropbear tcp connect ssh ports for scp
c050077 rcdnsmasq: remove redundant rule and make rcsysntpd optional
8c5de35 this is a bug
8d5c463 uhttpd rcboot rcdnsmasq
094266e hostapd and wpa_supplicant
aef0bd7 mountroot: maintains /tmp/sysupgrade.tar
24f0406 dropbear: allow it to read tmp.fs files
2901433 firstboot mkfsf2fs rcboot
2c4afb7 blockmount mmc
465ca98 adds industrial i/o (iio) nodedev
82f686e mtd stordev: back that ubiblock0_4p1 up with a filecon
7df78bd ubus: "support" older ubusd versions that run as root
4458bce swconfig: allow using terminal (to print output)
e8d606d sslcert: openssl linked: this shaves off 200 bytes
93afffb jshn ntpdhotplug
0b847f0 wpad: reads /etc/ssl/openssl.cnf
f14ee34 indent fix
a0c7cad mtd, uhttpd, ubus and ntpdhotplug
d74f98f adds a not about checkreqprot requirement in some scenarios
affacce example: add policycoreutils-setfiles for make check
4f944dc kmodloader and fwenv:
efe36a3 netifd: adds a comment/reminder
581b087 more fw_printenv loose ends
30177a4 fw_setenv: needs mtd write access to set and delete env
da28f4c fw_printenv: some minor clean ups
a062053 fw_printenv missing rules
244ba5f blockmount: extroot and /rwm
0745a6a squid: allow squid to run sslcrtd with domain transition
b851df6 squid fix
8c55acd squid: adds certfile and allow connect http but...
b7c1f6d Makefile: exclude tinyproxy from mintesttgt (using squid)
5ff39bd squid: forgot about luci
5366c97 squid/rcsquid some basic fill in
8743da6 squid skeleton
687a43b adds squid 3128 port to httpproxy port
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Commit f4da28c301 ("elfutils: Add host build") supplied a libelf host
library to fix a glib2 host build error, but this need was later removed
by b6212c8769 ("glib2: don't use libelf during host build").
More importantly, there are already two sources for libelf host libraries:
OpenWRT build prerequisites [1] and tools/libelf. A third is not needed.
Ref [1]: https://openwrt.org/docs/guide-developer/build-system/install-buildsystem#prerequisites
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Import patch form Frank Wunderlich <frank-w@public-files.de> to fix
build of MediaTek AHCI SATA driver.
Enable that driver on Bananapi BPi-R64.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[ -d /sys/module/xfrm_interface ] is enough to check if
CONFIG_XFRM_INTERFACE support was enabled in kernel.
Signed-off-by: Alin Nastac <alin.nastac@technicolor.com>
Copy patch added to uboot-sunxi by commit 3cc57ba462
("uboot-sunxi: add missing type __u64") also to uboot-mediatek.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* make sure USB 2.0 works (useful for UEFI-booting eg. memtest86)
* include more useful U-Boot config options on BPi-R64.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
MediaTek published their current U-Boot patchset on github:
https://github.com/mtk-openwrt/u-boot/commits/mtksoc
Import the platform patches from there (`00-mtk-*.patch`), arrange,
them nicely, drop no longer needed local patches and rebase on top of
U-Boot 2021.04-rc3.
Tested and works well on Linksys E8450 (snand-1ddr) as well as
Bananapi BPi-R64 (sdmmc-2ddr, emmc-2ddr).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Most prominently this adds changes which allow replacing the binary-
only 'bromimage' tool by U-Boot's 'mkimage' (see previous commit).
This fixes build on non-Linux and/or non-x86 platforms.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add patches for mkimage to allow using it instead of the binary-only
'bromimage' tool to generate bl2 for MT7622.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
d3f2041 uci: manually clear uci_ptr flags after uci_delete() operations
ccb7517 sys: packagelist: drop ABI version from package name
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Document the existence of this feature. This allows the user to execute a script
at each DHCPv4 event. This is useful, for example, as an ad-hoc way to update a
DDNS entry when (and only when) required.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Document the existence of this feature. This allows the user to execute a script
at each DHCPv6 event. This is useful, for example, as an ad-hoc way to update a
DDNS entry when (and only when) required.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
d464187c policycoreutils: sestatus belongs to bin not sbin
d59932a7 policycoreutils: Resolve path in restorecon_xattr
5682c0d5 policycoreutils/fixfiles.8: add missing file systems and merge check and verify
57dd1f65 policycoreutils/setfiles: Drop unused nerr variable
be7f54cb setfiles: drop ABORT_ON_ERRORS and related code
9207823c setfiles: Do not abort on labeling error
c064d214 selinux_config(5): add a note that runtime disable is deprecated
8bc865e1 newrole: support cross-compilation with PAM and audit
ba2d6c10 fixfiles: correctly restore context of mountpoints
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
142826a3 libselinux: fix segfault in add_xattr_entry()
398d2cee libselinux: rename gettid() to something which never conflicts with the libc
8f0f0a28 selinux(8,5): Describe fcontext regular expressions
9cc6b5cf libselinux/getconlist: report failures
156dd0de libselinux: update getseuser
e2dca5df libselinux: accept const fromcon in get_context API
da4829d0 libselinux: Always close status page fd
45b15c22 selinux(8): explain that runtime disable is deprecated
3c16aaef selinux(8): mark up SELINUX values
c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable
db0f2f38 libselinux: Add build option to disable X11 backend
4a142ac4 libsepol: Bump libsepol.so version
d23342a9 libselinux: convert matchpathcon to selabel_lookup()
7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format.
f5d644c7 libselinux: Add additional log callback details in man page for auditing.
075f9cfe libselinux: Fix selabel_lookup() for the root dir.
a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices.
a63f93d8 libselinux: initialize last_policyload in selinux_status_open()
ef902db9 libselinux: safely access shared memory in selinux_status_updated()
9e4480b9 libselinux: Remove trailing slash on selabel_file lookups.
21fb5f20 libselinux: use full argument specifiers for security_check_context in man page
e7abd802 libselinux: fix build order
05bdc031 libselinux: use kernel status page by default
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails
6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr
b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf
0861c659 libsepol: Validate policydb values when reading binary policy
8f5409cf libsepol: Create function ebitmap_highest_set_bit()
0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete
32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast
4662bdc1 libsepol/cil: be more robust when encountering <src_info>
6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument
0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks
1b36ace2 libsepol: include header files in source files when matching declarations
1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check
72a88d75 libsepol: remove unused files
eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit
1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block
b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep
f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values()
5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums
34bd9a9d libsepol: destroy filename_trans list properly
bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer
b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails
228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit
a25d9104 libsepol/cil: constify some strings
e2d01842 libsepol/cil: propagate failure of cil_fill_list()
6c8fca10 libsepol/cil: do not add a stack variable to a list
38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias
3c357285 libsepol/cil: remove useless print statement
90809674 libsepol/cil: always destroy the lexer state
d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible
2aac859a libsepol/cil: Use the macro NODE() whenever possible
d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases()
9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve
e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node()
ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_*
89dab467 libsepol: free memory when realloc() fails
2d353bd5 libsepol/cil: Give error for more than one true or false block
4a142ac4 libsepol: Bump libsepol.so version
506c7b95 libsepol: Drop deprecated functions
ae58e84b libsepol: Get rid of the old and duplicated symbols
c97d63c6 libsepol: silence potential NULL pointer dereference warning
64387cb3 libsepol: drop confusing BUG_ON macro
521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
a152653b libsepol/cil: Fix neverallow checking involving classmaps
734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy
685f577a libsepol/cil: Validate constraint expressions before adding to binary policy
8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS
42ae834a libsepol,checkpolicy: optimize storage of filename transitions
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
945d0d7 utils: fix C style in header file
2cfc26f inittab: detect active console from kernel if no console= specified
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fix: bpftools 5.11.2 does not compile on macOS, because the -m option
was placed between src and dst. Corrected by moving -m 644 before src.
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
The pkgconfig file hardcodes a host library directory which cannot be
overridden by OpenWrt during builds. Use SED to fix this and potential
include directory problems, as is done with several other packages.
This fixes a strange issue intermittently seen building iproute2 on the
oxnas target:
iptables modules directory: /usr/lib/iptables
libc has setns: yes
SELinux support: no
libbpf support: no
libbpf version 0.3.0 is too low, please update it to at least 0.1.0
LIBBPF_FORCE=on set, but couldn't find a usable libbpf
Fixes: 2f0d672088 ("bpftools: add utility and library packages
supporting eBPF usage")
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Make packages depending on usb-serial selective, so we do not have
to add kmod-usb-serial manually for every device.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
So far, board.d files were having execute bit set and contained a
shebang. However, they are just sourced in board_detect, with an
apparantly unnecessary check for execute permission beforehand.
Replace this check by one for existance and make the board.d files
"normal" files, as would be expected in /etc anyway.
Note:
This removes an apparantly unused '#!/bin/sh /etc/rc.common' in
target/linux/bcm47xx/base-files/etc/board.d/01_network
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Partially restore the wild-card matching for kmod-usb3 modules to fix
build on platforms without PCI which otherwise file, as seen on
buildbot:
ERROR: module '[...]/linux-5.4.102/drivers/usb/host/xhci-pci.ko' is missing.
modules/usb.mk:1675: recipe for target '[...]/kmod-usb3_5.4.102-1_mips_mips32.ipk' failed
Fixes: 7bda2e9aba ("kernel: fix kmod-usb3 dependencies")
Fixes: be23f9818a ("apm821xx: add support for kernel 5.10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Remove unneeded delcarations form package Makefile now that everything
comes from github.com/mtk-openwrt upstream.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Adding CONFIG_USB_XHCI_PCI_RENESAS to KCONFIG made it so it was set
for all targets that included kmod-usb3, not just the intended
apm821xx/nand. xhci-pci has a dependency on xhci-pci-renesas if
CONFIG_USB_XHCI_PCI_RENESAS is set, breaking kmod-usb3 builds on
Linux 5.10 on all other targets.
Rework the dependencies by breaking out xhci-hcd, xhci-mtk, and
xhci-pci-renesas into new hidden kernel modules and setting kmod-usb3
dependencies properly.
Tested by building mt7621 and apm821xx/nand with kmod-usb3 on Linux 5.10
Fixes: be23f981 ("apm821xx: add support for kernel 5.10")
Cc: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
DDR3_FLYBY has accidentally been set also for the 1-chip variant which
lead to broken, unbootable images. Fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This patch copies over refreshed patches from 5.4.
- dropped crypto patches (they got upstreamed)
- dropped renesas USB 3 firmware loader (they got upstreamed)
- NAND now needs extra device-properties for ECC settings.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* allow MAC address from U-Boot env to be inhertied
* allow eMMC installation to succeed also without recovery present
on the SD Card.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
All necessary blobs are now contained in the upstream repository, no
more wild replacing of blobs needed.
This new version also contains new storage drivers for (SPI-)NAND which
already comes with support for FM35Q1GA, so that patch can be dropped
as well.
Tested on:
* Bananapi BPi-R64
- sdmmc-2ddr
- emmc-2ddr
* Linksys E8450
- snand-1ddr
All works fine (booting Bananapi BPi-R64 from SD Card does NOT require
a signed image, so patch arm-trusted-firmware-mediatek to allow doing
that).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This will use the new application led trigger backend. For now this is
the only package that uses leds trigger in user space to configure the
kernel led triggers.
The callback script only emmits a message for now, so that this LED is now
managed by the rssileds service. Until now a generic warning was emitted that
this LED trigger is not supported. But that is not true.
-> Skipping trigger 'rssileds' for led '<name>' due to missing kernel module
I think this callback should be changed in the future to restart the
service.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
For now we have only kernel LED trigger support. With this change it is now
possible to use application triggers.
If we configure a LED with a non kernel trigger, then we check on every
restart and boot of the LED service if we have this trigger as an application
in "/usr/libexec/led-trigger". If this file with the name is found, then we
execute this to init the LED.
Possible use cases are:
- Start/Stop/Restart an application led trigger service for this led
- Init a LED that is configured by a hotplug script (VPN tunnel established)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
stropts.h is unavailable under glibc (and unneeded when building
against glibc). Include it only if not building against glibc.
Reported-by: @DazzyWalkman
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Don't try to install files which no longer exist
Since {e,sd}mmc are now produced by ptgen they have been removed.
Fixes: 5a3562cd1d ("arm-trusted-firmware-mediatek: remove {e,sd}mmc headers")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Turned out those are simply MBR with active boot partition. And not
needed at all on emmc. Remove them as ptgen can now generate hybrid
MBR sufficient to boot MT7622 from SD Card.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Write everything needed for eMMC install into the gaps between
partitions on SD card. In that way, installation to eMMC only needs
the SD card, no additional files need to be loaded via TFTP any more.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.
Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.
This fixes the following security vulnerabilities/bugs:
- CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c
in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
discovery requests. It could result in denial of service or other
impact (potentially execution of arbitrary code), for an attacker
within radio range.
Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Changes:
- Remove custom Build/Compile because it's no longer needed
- Remove std=gnu99 which is added automaticaly by igmpproxy if needed
- Remove -Dlog from CFLAGS because igmpproxy doesn't have log function
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
libunwind dependency check does not allow for MIPS64 arch. Add MIPS64 awareness.
libunwind seems to support MIPS64 without issues, it was limited by the dep arch
check in the Makefile.
Used to compile Suricata6/Rust locally without issue.
Signed-off-by: Donald Hoskins <grommish@gmail.com>
Non Linux systems e.g. macOS lack the __u64 type and produce build errors:
In file included from tools/aisimage.c:9:
In file included from include/image.h:19:
In file included from ./arch/arm/include/asm/byteorder.h:29:
In file included from include/linux/byteorder/little_endian.h:13:
include/linux/types.h:146:9: error: unknown type name '__u64'; did you mean '__s64'?
typedef __u64 __bitwise __le64;
Resolved by declaring __u64 in include/linux/types.h
Build tested on macOS and Ubuntu.
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
Compile and run-tested on malta/mip32be, using bpftool directly and also
libbpf (linked with tc) to inspect and load simple eBPF programs.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The latest iproute2 version brings various improvements and fixes:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?qt=range&q=v5.10.0..v5.11.0
In particular, ip and tc now use libbpf as the standard way to load BPF
programs, rather than the old, limited custom loader. This allows more
consistent and featureful BPF program handling e.g. support for global
initialized variables.
Also fix a longstanding problem with iproute2 builds where unneeded DSO
dependencies are added to most utilities, bloating their installation
footprint. From research and testing, explicitly using a "--as-needed"
linker flag avoids the issue. Update accordingly and drop extra package
dependencies from Makefile.
Additional build and packaging updates include:
- install missing development header to iproute2/bpf_elf.h
- propagate OpenWrt verbose flag during build
- update and refresh patches
Compile and run tested: QEMU/malta-mips32be on kernels 5.4 & 5.10.
All iproute2 packages were built and installed to the test image. Some
regression testing using ip-full and tc was successfully performed to
exercise several kmods, tc modules, and simple BPF programs.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Simplify cmake option handling by putting everything in blocks.
Add openssl patch as there's no easy way to disable.
Rebase the skip manpages patch.
Remove the monitor mode patch as it no longer applies.
Remove flex patch as normal Makefile is no longer used.
Remove USB path patch. While it is deprecated, the codepath is never
taken. /sys/bus/usb/devices is checked before hand. If it exists, the
function does stuff and returns. Additionally, this path is used
elsewhere in the code.
Refresh other patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
NTPD in busybox has option -I to bind server to IFACE.
However, capabilities of the busybox are limited, the -I option cannot be
repeated and only one interface can be effectively specified in it.
This option is currently not configurable via UCI.
The patch adds an interface option to the system config, ntp section.
Also sort options for uci_load_validate alphabetically.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
with u-boot v2020.07 some variables have been renamed so this patch needs to be adjusted
otherwise at least with macOS as build system there are build errors
Signed-off-by: Ronny Kotzschmar <ro.ok@me.com>
The QOS feature depends on KPI2UDP which was removed from the tree with
commit a95775e4b2 ("drop unmaintained packages") in 2012.
Since QOS was the last user of the KPI, the feature can be disabled by
default.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The following warnings are shown during build:
/usr/include/vdsl/cmv_message_format.h:33:6: warning: "MEI_SUPPORT_DEBUG_STREAMS" is not defined, evaluates to 0 [-Wundef]
#if (MEI_SUPPORT_DEBUG_STREAMS == 1)
^~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/vdsl/drv_mei_cpe_interface.h:2256:6: warning: "MEI_SUPPORT_OPTIMIZED_FW_DL" is not defined, evaluates to 0 [-Wundef]
#if (MEI_SUPPORT_OPTIMIZED_FW_DL == 1)
^~~~~~~~~~~~~~~~~~~~~~~~~~~
The headers are provided by the MEI driver, but the defines are never
set by the vdsl app. While the struct with the
MEI_SUPPORT_OPTIMIZED_FW_DL conditional isn't used by the vdsl app,
however CMV_USED_PAYLOAD_8BIT_SIZE which value depends on
MEI_SUPPORT_DEBUG_STREAMS is.
Since the MEI driver doesn't provide an autogenerated header with
compile flags, the flags are hardcoded for the vdsl app.
Set them for the MEI driver as well, to indicate a relation to the
values used for the vdsl app and to be not surprised by a changed
default in case the MEI driver gets updated. Use the current default
values defined in the MEI driver.
Signed-off-by: Mathias Kresin <dev@kresin.me>
a857b45 resolv/locale: eventually this should be more efficient
11ed281 some more optimization
764a475 add redundant calls to file.search_conffile_dirs()
7d4558e fs: treat devtmpfs that same as tmpfs
81b677e adds irqbalance skeleton
5506244 irqbalance rules
cc96cd8 adds usbutil and gtpfdisk skels
01e2a55 some fsck, gptfdisk, mkfs and usbutil rules
d6d1e7d usbutil: output to terminal
da576fa fsck, gptfdisk and usbutil rules
09b39e9 unbound
241a029 hotplugcall: allow dac_read_search (is a subset of dac_override)
af0fe90 adds label for tcsh
160f79e adds tcpdump
6d02b96 adds coreutil execfile for busybox alternatives
ac54884 coreutilexecfile: these are known to require privileges, so exclude
8cb3b66 adds chrootexecfile
6d329d3 this saves 9KiB and its a bit more robust
88e2425 move addpart/delpart/partx to gptfdisk.cil
261012d ntphotplug: reads ubox data files
0473ace various
740e820 work through to genfs_seclabel_symlinks loose ends (Linux 5.10)
bef21f5 TODO adds a note about how I dont need to upgrade to polver 33 from 31
cb2e5a3 ubus uses ntpdhotplug fd, and some genfs_seclabel_symlink changes
07df9b9 luci, rpcd and wpad (mainly genfs_selabel related but not all)
8d86cab genfs_seclabel loose ends for blockmount, hotplugcall, irqbalance, zram-swap
b8156cd adds a note about how i forgot to target blockd
6e82ab8 adds blockd and related
254ff43 Makefile: exclude blockd from mintesttgt
4dc6bc2 pppd update related and unbound-odhcp rules
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Provide U-Boot variants for SD-card as well as eMMC boot, so we can
generate whole-disk images for the device.
While at it, rename 'mt7622' to 'mt7622-rfb1' to make it less confusing
now that more boards are being added.
Thanks to Frank Wunderlich (@frank-w) for making that nice SVG image
explaining the MMC boot process[1] and for providing the necessary
binary header blobs.
[1]: https://github.com/frank-w/BPI-R64-ATF
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add U-Boot environment configuration for the Linksys E8450 (UBI) to
allow access to the bootloader environment from OpenWrt via
'fw_printenv' and 'fw_setenv'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Build U-Boot for the Linksys E8450 in order to have support for UBI.
The loader has a default environment with scripts handling the reset
button as well as fall-back to recovery firmware. If the loader comes
up without a valid environment found in UBI, it will automatically
make sure UBI is formatted and create a new environment and proceed
to load recovery firmware (either from UBI or via TFTP if recovery is
corrupted or unavailable).
If the button is held down during power-on, the yellow status LED
turns on and the bootloader environment is reset to factory defaults.
If the button is released at this point, the recovery firmware (if
existing) is loaded from UBI and booted.
If the button is continously held down even beyond the point that
the yellow LED turned on, the loader will try to load the recovery
firmware via TFTP from server 192.168.1.254, write it to UBI and
boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The Linksys E8450 aka. Belkin RT3200 comes with a rather fresh brand
of SPI NAND storage. Add support for it to the nandx driver in
arm-trusted-firmware-mediatek, so we can boot from that chip.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Instead of only relying in /sysupgrade.tgz being present in rootfs to
restore configuration, also grab /tmp/sysupgrade.tar which may have
magically gotten there during preinit...
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
CHACHA_MIPS depends on CPU_MIPS32_R2. Therefore,
kmod-crypto-lib-chacha20 should not contain chacha-mips.ko on MIPS32 R1
targets. Enforce that in the target-specific definition.
Fixes bcm47xx, bcm63xx, lantiq/ase, ath25 builds.
Fixes: 06351f1 ("kernel: migrate wireguard into the kernel tree")
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
To the vast majority of the users, wireguard-tools are not useful
without the underlying kernel module. The cornercase of only generating
keys and not using the secure tunnel is something that won't be done on
an embedded OpenWrt system often. On the other hand, maintaining a
separate meta-package only for this use case introduces extra
complexity. WireGuard changes for Linux 5.10 remove the meta-package.
So let's make wireguard-tools depend on kmod-wireguard
to make WireGuard easier to use without having to install multiple
packages.
Fixes: ea980fb9 ("wireguard: bump to 20191226")
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Use NETWORK_SUPPORT_MENU like all other modules in netsupport.mk. Drop
SECTION and CATEGORY fields as they are set by default and to match
other packages in netsupport.mk. Use better TITLE for kmod-wireguard
(taken from upstream drivers/net/Kconfig).
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
On Linux 5.4, build WireGuard from backports. Linux 5.10 contains
wireguard in-tree.
Add in-kernel crypto libraries required by WireGuard along with
arch-specific optimizations.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
ZTE MF283+ is a dual-antenna LTE category 4 router, based on Ralink
RT3352 SoC, and built-in ZTE P685M PCIe MiniCard LTE modem.
Hardware highlighs:
- CPU: MIPS24KEc at 400MHz,
- RAM: 64MB DDR2,
- Flash: 16MB SPI,
- Ethernet: 4 10/100M port switch with VLAN support,
- Wireless: Dual-stream 802.11n (RT2860), with two internal antennas,
- WWAN: Built-in ZTE P685M modem, with two internal antennas and two
switching SMA connectors for external antennas,
- FXS: Single ATA, with two connectors marked PHONE1 and PHONE2,
internally wired in parallel by 0-Ohm resistors, handled entirely by
internal WWAN modem.
- USB: internal miniPCIe slot for modem,
unpopulated USB A connector on PCB.
- SIM slot for the WWAN modem.
- UART connector for the console (unpopulated) at 3.3V,
pinout: 1: VCC, 2: TXD, 3: RXD, 4: GND,
settings: 57600-8-N-1.
- LEDs: Power (fixed), WLAN, WWAN (RGB),
phone (bicolor, controlled by modem), Signal,
4 link/act LEDs for LAN1-4.
- Buttons: WPS, reset.
Installation:
As the modem is, for most of the time, provided by carriers, there is no
possibility to flash through web interface, only built-in FOTA update
and TFTP recovery are supported.
There are two installation methods:
(1) Using serial console and initramfs-kernel - recommended, as it
allows you to back up original firmware, or
(2) Using TFTP recovery - does not require disassembly.
(1) Using serial console:
To install OpenWrt, one needs to disassemble the
router and flash it via TFTP by using serial console:
- Locate unpopulated 4-pin header on the top of the board, near buttons.
- Connect UART adapter to the connector. Use 3.3V voltage level only,
omit VCC connection. Pin 1 (VCC) is marked by square pad.
- Put your initramfs-kernel image in TFTP server directory.
- Power-up the device.
- Press "1" to load initramfs image to RAM.
- Enter IP address chosen for the device (defaults to 192.168.0.1).
- Enter TFTP server IP address (defaults to 192.168.0.22).
- Enter image filename as put inside TFTP server - something short,
like firmware.bin is recommended.
- Hit enter to load the image. U-boot will store above values in
persistent environment for next installation.
- If you ever might want to return to vendor firmware,
BACK UP CONTENTS OF YOUR FLASH NOW.
For this router, commonly used by mobile networks,
plain vendor images are not officially available.
To do so, copy contents of each /dev/mtd[0-3], "firmware" - mtd3 being the
most important, and copy them over network to your PC. But in case
anything goes wrong, PLEASE do back up ALL OF THEM.
- From under OpenWrt just booted, load the sysupgrade image to tmpfs,
and execute sysupgrade.
(2) Using TFTP recovery
- Set your host IP to 192.168.0.22 - for example using:
sudo ip addr add 192.168.0.22/24 dev <interface>
- Set up a TFTP server on your machine
- Put the sysupgrade image in TFTP server root named as 'root_uImage'
(no quotes), for example using tftpd:
cp openwrt-ramips-rt305x-zte_mf283plus-squashfs-sysupgrade.bin /srv/tftp/root_uImage
- Power on the router holding BOTH Reset and WPS buttons held for around
5 seconds, until after WWAN and Signal LEDs blink.
- Wait for OpenWrt to start booting up, this should take around a
minute.
Return to original firmware:
Here, again there are two possibilities are possible, just like for
installation:
(1) Using initramfs-kernel image and serial console
(2) Using TFTP recovery
(1) Using initramfs-kernel image and serial console
- Boot OpenWrt initramfs-kernel image via TFTP the same as for
installation.
- Copy over the backed up "firmware.bin" image of "mtd3" to /tmp/
- Use "mtd write /tmp/firmware.bin /dev/mtd3", where firmware.bin is
your backup taken before OpenWrt installation, and /dev/mtd3 is the
"firmware" partition.
(2) Using TFTP recovery
- Follow the same steps as for installation, but replacing 'root_uImage'
with firmware backup you took during installation, or by vendor
firmware obtained elsewhere.
A few quirks of the device, noted from my instance:
- Wired and wireless MAC addresses written in flash are the same,
despite being in separate locations.
- Power LED is hardwired to 3.3V, so there is no status LED per se, and
WLAN LED is controlled by WLAN driver, so I had to hijack 3G/4G LED
for status - original firmware also does this in bootup.
- FXS subsystem and its LED is controlled by the
modem, so it work independently of OpenWrt.
Tested to work even before OpenWrt booted.
I managed to open up modem's shell via ADB,
and found from its kernel logs, that FXS and its LED is indeed controlled
by modem.
- While finding LEDs, I had no GPL source drop from ZTE, so I had to probe for
each and every one of them manually, so this might not be complete -
it looks like bicolor LED is used for FXS, possibly to support
dual-ported variant in other device sharing the PCB.
- Flash performance is very low, despite enabling 50MHz clock and fast
read command, due to using 4k sectors throughout the target. I decided
to keep it at the moment, to avoid breaking existing devices - I
identified one potentially affected, should this be limited to under
4MB of Flash. The difference between sysupgrade durations is whopping
3min vs 8min, so this is worth pursuing.
In vendor firmware, WWAN LED behaviour is as follows, citing the manual:
- red - no registration,
- green - 3G,
- blue - 4G.
Blinking indicates activity, so netdev trigger mapped from wwan0 to blue:wwan
looks reasonable at the moment, for full replacement, a script similar to
"rssileds" would need to be developed.
Behaviour of "Signal LED" in vendor firmware is as follows:
- Off - no signal,
- Blinking - poor coverage
- Solid - good coverage.
A few more details on the built-in LTE modem:
Modem is not fully supported upstream in Linux - only two CDC ports
(DIAG and one for QMI) probe. I sent patches upstream to add required device
IDs for full support.
The mapping of USB functions is as follows:
- CDC (QCDM) - dedicated to comunicating with proprietary Qualcomm tools.
- CDC (PCUI) - not supported by upstream 'option' driver yet. Patch
submitted upstream.
- CDC (Modem) - Exactly the same as above
- QMI - A patch is sent upstream to add device ID, with that in place,
uqmi did connect successfully, once I selected correct PDP context
type for my SIM (IPv4-only, not default IPv4v6).
- ADB - self-explanatory, one can access the ADB shell with a device ID
added to 51-android.rules like so:
SUBSYSTEM!="usb", GOTO="android_usb_rules_end"
LABEL="android_usb_rules_begin"
SUBSYSTEM=="usb", ATTR{idVendor}=="19d2", ATTR{idProduct}=="1275", ENV{adb_user}="yes"
ENV{adb_user}=="yes", MODE="0660", GROUP="plugdev", TAG+="uaccess"
LABEL="android_usb_rules_end"
While not really needed in OpenWrt, it might come useful if one decides to
move the modem to their PC to hack it further, insides seem to be pretty
interesting. ADB also works well from within OpenWrt without that. O
course it isn't needed for normal operation, so I left it out of
DEVICE_PACKAGES.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
[remove kmod-usb-ledtrig-usbport, take merged upstream patches]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
As PKG_LICENSE is originally set by include/trusted-firmware-a.mk it
can only be appended after that. Hence move that line below the
include to actually make sense.
(cosmetical change, already slipped into openwrt-21.02 branch)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This package had two patches (with two headers etc.) in one file,
which would have quilt merging them during a refresh.
Separate these patches into two files, as the original intent seems
to be having them separate.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
When using Shell arithmetric evaluation via $((..)) the variables in
the expression do not need to be prefixed by the '$' sign.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Check if firmware environment variable 'rootfs_data_max' exists and is
set to a numerical value greater than 0. If so, limit rootfs_data
volume to that size instead of using the maximum available size.
This is useful on devices with lots of flash where users may want to
have eg. a volume for persistent logs and statistics or for external
applications/containers. Persistence on rootfs overlay is limited by
the size of memory available during the sysugprade process as that
data needs to be copied to RAM while the volume is being recreated
during sysupgrade. Hence it is unsuitable for keeping larger amounts
of data accross upgrade which makes additional volume(s) for
application data desirable.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Allow for single (external-data) FIT image to hold kernel, dtb and
squashfs. In that way, the bootloader verifies the system integrity
including the rootfs, because what's the point of checking that the
hash of the kernel is correct if it won't boot in case of squashfs
being corrupted? Better allow bootloader to check everything needed
to make it at least up to failsafe mode. As a positive side effect
this change also makes the sysupgrade process on nand potentially
much easier as it is now.
In short: mkimage has a parameter '-E' which allows generating FIT
images with 'external' data rather than embedding the data into the
device-tree blob itself. In this way, the FIT structure itself remains
small and can be parsed easily (rather than having to page around
megabytes of image content). This patch makes use of that and adds
support for adding sub-images of type 'filesystem' which are used to
store the squashfs. Now U-Boot can verify the whole OS and the new
partition parsers added in the Linux kernel can detect the filesystem
sub-images, create partitions for them, and select the active rootfs
volume based on the configuration in FIT (passing configuration via
device tree could be implemented easily at a later stage).
This new FIT partition parser works for NOR flash (on top of mtdblock),
NAND flash (on top of ubiblock) as well as classic block devices
(ie. eMMC, SDcard, SATA, NVME, ...).
It could even be used to mount such FIT images via `losetup -P` on a
user PC if this patch gets included in Linux upstream one day ;)
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Upstream integrated multiple patches from Distributions and did other
changes:
* rp-pppoe.so was renamed to pppoe.so
* Converted to ANSI C
The following patches were applied upstream:
* 100-debian_ip-ip_option.patch
* 101-debian_close_dev_ppp.patch
* 103-debian_fix_link_pidfile.patch
* 106-debian_stripMSdomain.patch
* 107-debian_pppoatm_wildcard.patch
* 110-debian_defaultroute.patch
* 202-no_strip.patch
Compilation with musl libc was fixed upstream so
140-pppoe_compile_fix.patch is not needed any more
Parts of the 203-opt_flags.patch patch were applied in a different way
upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The packages feed has a proposed package for a GOST engine, which needs
support from the main openssl library. It is a default option in
OpenSSL. All that needs to be done here is to not disable it.
Package increases by a net 1-byte, so it is not really really worth
keeping this optional.
This commit also includes a commented-out example engine configuration
in openssl.cnf, as it is done for other available engines.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This adds the necessary nuts and bolts for the uboot settings for both the ZyXEL GS1900-8HP v1 and v2.
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Biggest fix for this version is CVE-2021-3336, which has already been
applied here. There are a couple of low severity security bug fixes as
well.
Three patches are no longer needed, and were removed; the one remaining
was refreshed.
This tool shows no ABI changes:
https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
There are efforts underway to bring wireguard in-tree for Linux 5.4 and
to have a common build infrastructure for both 5.4 and 5.10 for
kmod-wireguard[0]. Until then, restrict kmod-wireguard to build only on
Linux 5.4, because the wireguard-compat package will not build on Linux
5.10.
[0]: https://github.com/openwrt/openwrt/pull/3885
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Modify existing modules to reflect their new location in Linux 5.10. Add
missing dependenices.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
[enable CRYPTO_USER_API_ENABLE_OBSOLETE; add kmod-crypto-hash dependency
to usb-net-rtl8152]
Signed-off-by: David Bauer <mail@david-bauer.net>
Now that mirrors have picked it up, switch to using the @OPENWRT
mirror instead of hosting those files on Github.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2be57ed cosmetics: provide compatible system info on Aarch64
37eed13 system: expose if system was booted from initramfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Prerequisite patch:
Correct a typo in the Changelog and clean up a stray file
Fix changes in libusb which introduced a regression:
Commit e2be556bd2 ("linux_usbfs: Parse config descriptors during device
initialization") introduced a regression for devices with multiple
configurations. The logic that verifies the reported length of the
configuration descriptors failed to count the length of the
configuration descriptor itself and would truncate the actual length by
9 bytes, leading to a parsing error for subsequent descriptors.
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
The ls-ddr-phy package needs fiptool options that are not
available via the version from arm-trusted-firmware-tools.
This breaks build for layerscape with the recently added LX2160a:
create: unrecognized option '--ddr-immem-udimm-1d'
Use the tfa-layerscape variant again for now, but rename it to
fiptool-layerscape to indicate that it's a specific variant.
This reverts 84bc7d31e0 ("tfa-layerscape: don't build fiptool").
Fixes: f59d7aab2a ("layerscape: add ddr-phy package")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This driver adds the LED support for the PC Engines APU1.
This integrates the Linux kernel driver and includes a patch to support
newer firmware versions. Also the default LED configuration is updated
to use the correct devices.
Signed-off-by: Andreas Eberlein <foodeas@aeberlein.de>
This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore
4addr mode enabling error if it was already enabled") which fixes same
issue as in the current fix contained in '130-wpa_supplicant-multi_ap_roam.patch',
but in a different way:
nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
an interface that is in a bridge and has 4addr mode already enabled.
This operation would not have been necessary in the first place and this
failure results in disconnecting, e.g., when roaming from one backhaul
BSS to another BSS with Multi AP.
Avoid this issue by ignoring the nl80211 command failure in the case
where 4addr mode is being enabled while it has already been enabled.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[bump PKG_RELEASE, more verbose commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
OpenSSL downloads itself are distributed using Akamai CDN, so use these
sources as the highest priority.
Remove a stale mirror which seems to be offline for a longer time
already.
Add fallbacks to the old release path also for the mirrors.
Signed-off-by: David Bauer <mail@david-bauer.net>
The QorIQ LX2160A reference design board provides a comprehensive platform
that enables design and evaluation of the LX2160A processor.
- Enables network intelligence with the next generation Datapath (DPPA2)
which provides differentiated offload and a rich set of IO, including
10GE, 25GE, 40GE, and PCIe Gen4
- Delivers unprecedented efficiency and new virtualized networks
- Supports designs in 5G packet processing, network function
virtualization, storage controller, white box switching, network
interface cards, and mobile edge computing
- Supports all three LX2 family members (16-core LX2160A; 12-core LX2120A;
and 8-core LX2080A)
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[use AUTORELEASE, add dtb to firmware part]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Add ddr-phy package for layerscape. Currently only LX2160ARDB
requires the package.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[use AUTORELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The LS1046A Freeway board (FRWY) is a high-performance computing,
evaluation, and development platform that supports the QorIQ
LS1046A architecture processor capable of support more than 32,000
CoreMark performance. The FRWY-LS1046A board supports the QorIQ
LS1046A processor, onboard DDR4 memory, multiple Gigabit Ethernet,
USB3.0 and M2_Type_E interfaces for Wi-Fi.
The FRWY-LS1046A-TP includes the Coral Tensor Flow Processing Unit
that offloads AI/ML inferencing from the CPU to provide significant
boost for AI/ML applications. The FRWY-LS1046A-TP includes one M.2
TPU module and more modules can easily be added including USB
versions of the module to scale the AI/ML performance.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[rebase, use AUTORELEASE, fix sorting, add dtb to firmware part]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
If an external module uses exported symbols from another external
module, Kbuild needs to have full knowledge of all symbols to
avoid spitting out warnings about undefined symbols.
Use PKG_EXTMOD_SUBDIRS to point to the build directory which contains
the Module.symvers.
Pass KERNEL_MAKE_FLAGS to the external module build, to inject
KBUILD_EXTRA_SYMBOLS. KBUILD_EXTRA_SYMBOLS holds a space separated list
of Module.symvers, which list all exported symbols.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This fixes 4 security vulnerabilities/bugs:
- CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support
SSLv2, but the affected functions still exist. Considered just a bug.
- CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and
EVP_DecryptUpdate may overflow the output length argument in some
cases where the input length is close to the maximum permissable
length for an integer on the platform. In such cases the return value
from the function call will be 1 (indicating success), but the output
length value will be negative.
- CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to
create a unique hash value based on the issuer and serial number data
contained within an X509 certificate. However it was failing to
correctly handle any errors that may occur while parsing the issuer
field (which might occur if the issuer field is maliciously
constructed). This may subsequently result in a NULL pointer deref and
a crash leading to a potential denial of service attack.
- Fixed SRP_Calc_client_key so that it runs in constant time. This could
be exploited in a side channel attack to recover the password.
The 3 CVEs above are currently awaiting analysis.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Add m4 patch to avoid conflict with tools/autoconf-archive.
Add build parallel as it seems to work now.
Remove a bunch of uClibc-ng hacks as it is not in the tree anymore.
Format security patch was fixed upstream.
Refreshed other patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
After the ABI version rework, packages need to be declared in the order of
their dependencies, so that dependent packages will use the right ABI version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Let's switch to 5.10 now that mac80211 has been updated.
Runtime-tested on ipq806x (Netgear R7800).
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
After the ABI version rework, packages need to be declared in the order of
their dependencies, so that dependent packages will use the right ABI version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Automatically setup dhcpv4 server just like it's done for dhcpv6.
To select whether odhcpd or dnsmasq are serving DHCPv4 requests there
still is the 'maindhcp' option. To make things less confusing, make
sure things really work out-of-the-box in case dnsmasq is not even
installed at the time the uci-defaults script is being run.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This fixes the build on MIPS BE like ath25 and ath79 target.
We get this error message when linking libwolfssl:
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so when searching for -lwolfssl
mips-openwrt-linux-musl/bin/ld: cannot find -lwolfssl
collect2: error: ld returned 1 exit status
This reverts commit 2591c83b34.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the build on MIPS BE like ath25 and ath79 target.
We get this error message when linking libubox:
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so when searching for -lubox
This reverts commit f421fefa8a.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This reverts commit 50a5a8993d as the bump
to 2021.01 unveiled issue with missing swig host tool needed for
mx6cuboxi's SPL.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
When transmitting to a receiver in dynamic SMPS mode, all transmissions that
use multiple spatial streams need to be sent using CTS-to-self or RTS/CTS to
give the receiver's extra chains some time to wake up.
This fixes the tx rate getting stuck at <= MCS7 for some clients, especially
Intel ones, which make aggressive use of SMPS.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
On hardware that supports this, this will improve performance by passing
802.3 frames from the hardware to the stack
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fix license information.
Fix wrong ABI version. The library is versioned as libnftnl.so.11.4.0
Add PKG_BUILD_PARALLEL for faster compilation.
Remove autoreconf as nothing is being patched.
Minor cleanups for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The first two are useless as /bin/sh can execute those scripts just
fine. Shellcheck reports no problems.
Telnetd patch is useless as telnet is no longer used in OpenWrt.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Remove stime backport.
Remove static libgcc patch as upstream fixed it with
BUSYBOX_DEFAULT_STATIC_LIBGCC which defauls to off.
Remove date -k patch as it no longer applies. It's also pointless as
busybox' hwclock utility can do the same thing.
Remove ntpd patch as that seems to have been applied upstream.
Add smalll patch fixing compilation with SELinux. Upstream commit
2496616b0a8d1c80cd1416b73a4847b59b9f969a renamed the variable without
renaming it in the SELinux path.
Refresh config and patches.
Config refresh:
Refresh commands, run after busybox is first built once:
cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-mips_24kc_musl/busybox-default/busybox-1.33.0
cd ..
./convert_defaults.pl < ../../../build_dir/target-mips_24kc_musl/busybox-default/busybox-1.33.0/.config > Config-defaults.in
Manual edits needed afterward:
* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
BUSYBOX_DEFAULT_FEATURE_IPV6
* Config-defaults.in: OpenWrt configTARGET_bcm53xx logic applied to
BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)
* editors/Config.in: Add USE_GLIBC dependency to
BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)
* shell/Config.in : change at "Options common to all shells" the symbol
SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
(discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
Apparently our script does not see the hidden option while
prepending config options with "BUSYBOX_CONFIG_" which leads to a
missed dependency when the options are later evaluated.)
* Edit Config.in files by adding quotes to sourced items in
config/Config.in, networking/Config.in and util-linux/Config.in (commit 1da014f)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[Added comments from Hannu Nyman to commit message]
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The date -k patch is non standard and will be removed in the next
commit.
Tested behavior to be identical with a simple C program:
#define _GNU_SOURCE
#include <unistd.h>
#include <stdio.h>
#include <sys/time.h>
#include <sys/syscall.h>
int main()
{
struct timezone tt;
struct timezone tz;
int a = syscall(SYS_gettimeofday, NULL, &tt);
int b = gettimeofday(NULL, &tz);
printf("%d - %d, %d\n", a, tt.tz_minuteswest, tt.tz_dsttime);
printf("%d - %d, %d\n", b, tz.tz_minuteswest, tz.tz_dsttime);
}
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The removed patches were applied upstream.
This adapts ath10k-ct and mt76 to changed APIs.
nl80211.h in iw is updated to match the version from backports.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The removed patches were applied upstream.
Remove the 300-mac80211-optimize-skb-resizing.patch.
This patch was not applied upstream, but it conflicts with upstream
changes and needs bigger changes. It was applied with Felix to remove
this patch for now. It should be reworked and then send upstream later.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Refreshed all patches, removed 110-mx6cuboxi-mmc-fallback.patch as it
seems, that upstream has probably added similar funcionality in commit
6c3fbf3e456c ("mx6cuboxi: customize board_boot_order to access eMMC")
and it needs to be re-verified by device owner.
Run tested on apalis.
Cc: Felix Fietkau <nbd@nbd.name>
Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
5a2dd18 iwinfo: add hardware description for MediaTek MT7622
4a32b33 iwinfo: add PCI ID for MediaTek MT7613BE
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This patch is required to be able to roam from one backhaul AP to
another one in the same ESS.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(daniel@makrotopia.org: PKG_REVISION bump and refreshed patches)
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
This patch allows other applications to get events management
frames (for example: association requests).
This is useful in Multi-AP context to be able to save association
requests from stations.
It has been sent to upstream hostapd in this series:
https://patchwork.ozlabs.org/project/hostap/list/?series=217500
'700-wifi-reload.patch' is updated due to the introduction of
'110-notify-mgmt-frames.patch'.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
After looking at various vendor GPL source code dumps I discovered that some
of them contain updated versions of ltq-ptm driver when compared to what
openwrt has.
The driver update is mostly cursory (simple changes to comments, whitespace,
formatting etc.) or adds debug features not used by openwrt.
However the updated driver also contains a later version of PTM firmware which
is extracted and included in this commit along with bits to correctly identify
its version when driver loads.
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
The 'bromimage' tool which is used to wrap bl2 with a MediaTek-specific
header is distributed in binary form only and unfortunately tries to
dynamically link against libopenssl, which fails on the buildbots.
Wait for MTK to provide a at least static executable instead, in the
meantime, mark the package as broken.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
HOST_CFLAGS were ignored as they were passed on incorrectly which lead
to build failure if OpenSSL wasn't present on the build host.
Fix that by properly passing HOST_CFLAGS when building each tool.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This should fix CVE-2021-3336:
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not
cease processing for certain anomalous peer behavior (sending an
ED22519, ED448, ECC, or RSA signature without the corresponding
certificate).
The patch is backported from the upstream wolfssl development branch.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
luci now uses ubus directly, so remove 'lucistat'.
For manual usage just print the ubus output, use luci for a pretty
version.
Signed-off-by: Andre Heider <a.heider@gmail.com>
luci now uses ubus directly, so remove 'lucistat'.
For manual usage just print the ubus output, use luci for a pretty
version.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
procd sends sigterm to stop daemons, hook it up.
This speeds up the shutdown sequence and gets rid of the following message:
daemon.info procd: Instance dsl_control::instance1 pid 15408 not stopped on SIGTERM, sending SIGKILL instead
Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
dnsmasq v2.84rc2 has been promoted to release.
No functional difference between v2.83test3 and v2.84/v2.84rc2
Backport 2 patches to fix the version reporting
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Use new ubus-based hotplug call in dhcp-script.sh
As sysntpd now makes use of the new ubus-based hotplug calls, dnsmasq
no longer needs to ship ACL to cover ntpd-hotplug.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
erley.org no longer exists; attempting to connect to it during package
download results in lengthy timeouts. Use the new OpenWrt CDN alias to
download from reliable OpenWrt mirrors.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Multiple sources are hosted on OpenWrts source server only. The source
URLs to point to the server vary based on different epochs in OpenWrts
history.
Replace all by @OPENWRT which is an "empty" mirror, therefore using the
fallback servers sources.cdn.openwrt.org and sources.openwrt.org.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Commit 7c8c4f1be6 ("hostapd: fix P2P group information processing
vulnerability") was missing the actual patch for the vulnerability.
Fixes: 7c8c4f1be6 ("hostapd: fix P2P group information processing vulnerability")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Package ARM Trusted Firmware host tools separately.
(instead of building tfa-fiptool as part of tfa-layerscape)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ATF bl2 comes in 4 variants for MT7622 depending on the boot media:
* nor
* snand
* emmc
* sdmmc
Additional binary headers needed for emmc and sdmmc are downloaded as
well and provided along with bl2*.bin and bl31.bin to allow building
images including ATF for MT7622.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
If the driver uses .sta_add, station entries are only uploaded after the sta
is in assoc state. Fix early station rate table updates by deferring them
until the sta has been uploaded
Signed-off-by: Felix Fietkau <nbd@nbd.name>
With upstream commit f81f9f0ebac5 ("rockchip: rockpro64: initialize USB in
preboot") CONFIG_USE_PREBOOT was enabled on the RockPro64, which is causing
boot issues when a eMMC is used, as a workaround will temporarily disable
this option.
Signed-off-by: Marty Jones <mj8263788@gmail.com>
[Improve patch description]
Signed-off-by: David Bauer <mail@david-bauer.net>
Enable support for the Ubiquiti UniFi Outdoor+ RF filter via
device-tree. The old way of using platform data is not required anymore,
as it was only used on the now removed ar71xx target.
Signed-off-by: David Bauer <mail@david-bauer.net>
Replace with sed as done elsewhere.
Fixes error with at least btrfs-progs:
Package '@LIBSELINUX@', required by 'mount', not found
Package '@LIBCRYPTSETUP@', required by 'mount', not foun
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The two required tools fail to identify their version when not compiling
from a git clone, patch that in and pass on the used commit hashes.
Upon boot it now prints "WTMI-devel-18.12.1-5598e150".
Signed-off-by: Andre Heider <a.heider@gmail.com>
The cpufreq issue has been identified and a fix is in the process of beeing
upstreamed [0].
Bump the boards to the default 1000MHz so they can run at that frequency
once the fix is merged. Until then the boards are stuck at 800MHz (just
claiming to run 1000Hz, which is a lie).
[0] https://lore.kernel.org/linux-arm-kernel/20210114124032.12765-1-pali@kernel.org/
Signed-off-by: Andre Heider <a.heider@gmail.com>
v5.10 has been released for strace. As such, let's go ahead bring in the
latest version of this package.
See here for the changelog:
https://github.com/strace/strace/releases/tag/v5.10
Signed-off-by: Geordan Neukum <gneukum1@gmail.com>
Pstore (persistent store) can be used to stash debug information (kernel
console, panics, ftrace) across reboots or crashes. If the filesystem is
present, mount it.
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Changelog:
- ath10k-ct: Pull in some upstream patches.
Runtime-tested on ipq806x (Netgear R7800).
Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
/lib/functions.sh was executable for no obvious reason and its
execute property was even checked in package-ipkg.mk just to
source it afterwards.
Remove the execute bit and shebang as this is clearly a library.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
This drops the shebang from another bunch of files in various /lib
folders, as these are sourced and the shebang is useless.
Fix execute bit in one case, too.
This should cover almost all trivial cases now, i.e. where /lib is
actually used for library files.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
65abbcd9f6fb mt76: usb: process URBs with status EPROTO properly
3199ef5fa35e mt76: mt7615: set mcu country code in mt7615_mcu_set_channel_domain()
5c86d5bb079b mt76: mt7915: Remove unneeded semicolon
3f546330b59d mt76: mt7915: support TxBF for DBDC
032ad7e02545 mt76: mt7615: unify init work
cc3f23d1e654 mt76: mt7915: bring up the WA event rx queue for band1
fa3d334a0e22 mt76: fix crash on tearing down ext phy
c4c9c402d14a mt76: mt7915: fix vif sta index for DBDC
eca2f0ec0d4c mt76: mt7915: fix command id for txbf action
c828124ef9a5 mt76: mt7915: add support for using a secondary PCIe link for gen1
dbaf0f4679f3 mt76: mt7915: make vif index per adapter instead of per band
fb3e5ce1eb00 mt76: move vif_mask back from mt76_phy to mt76_dev
be2bea66d6e3 mt76: mt7915: detect wrong nss eeprom parameter on dbdc cards
8dc5d4a0da7c Revert "mt76: mt7915: fix vif sta index for DBDC"
8c796a33781c mt76: mt7915: only set int1 when using the second hif
4eb5caaf6cc1 mt76: reduce q->lock hold time
0714890bf0fd mt76: mt7615: reduce VHT maximum MPDU length
2f85aa5cbc62 mt76: mt7915: avoid writes to MT_PCIE_RECOG_ID when not using gen1 devices
8696919d9aae mt76: dma: fix a possible memory leak in mt76_add_fragment()
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is only added to keep the PKG_RELEASE correct after fixing
the $(COMMITCOUNT) logic in the previous commit.
This way the PKG_RELEASE stays the same while the compiled packages
content isn't changed.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Certificate signature algorithm was being set after call to
`wc_MakeCert`, resulting in a mismatch between specified signature in
certificate and the actual signature type.
Signed-off-by: Jeffrey Elms <jeff@wolfssl.com>
[fix commit subject, use COMMITCOUNT]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Use the latest stable kernel since the previous 5.8.x series is EOL.
Also drop the following patches recently accepted upstream:
* 001-libbpf-ensure-no-local-symbols-counted-in-ABI-check.patch
* 002-libbpf-fix-build-failure-from-uninitialized-variable.patch
* 003-bpftool-allow-passing-BPFTOOL_VERSION-to-make.patch
* 004-v5.9-bpftool-use-only-ftw-for-file-tree-parsing.patch
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
dnsmasq v2.83 has a bug in handling duplicate queries which means it may
try to reply using the incorrect network socket. This is especially
noticeable in dual stack environments where replies may be mis-directed to
IPv4 addresses on an IPv6 socket or IPv6 addresses on an IPv4 socket.
This results in system log spam such as:
dnsmasq[16020]: failed to send packet: Network unreachable
dnsmasq[16020]: failed to send packet: Address family not supported by protocol
dnsmasq v2.84test3 resolves these issues.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
FCC ID: A8J-EAP1200H
Engenius EAP1200H is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+
**Specification:**
- QCA9557 SOC
- QCA9882 WLAN PCI card, 5 GHz, 2x2, 26dBm
- AR8035-A PHY RGMII GbE with PoE+ IN
- 40 MHz clock
- 16 MB FLASH MX25L12845EMI-10G
- 2x 64 MB RAM NT5TU32M16FG
- UART at J10 populated
- 4 internal antenna plates (5 dbi, omni-directional)
- 5 LEDs, 1 button (power, eth0, 2G, 5G, WPS) (reset)
**MAC addresses:**
MAC addresses are labeled as ETH, 2.4G, and 5GHz
Only one Vendor MAC address in flash
eth0 ETH *:a2 art 0x0
phy1 2.4G *:a3 ---
phy0 5GHz *:a4 ---
**Serial Access:**
the RX line on the board for UART is shorted to ground by resistor R176
therefore it must be removed to use the console
but it is not necessary to remove to view boot log
optionally, R175 can be replaced with a solder bridge short
the resistors R175 and R176 are next to the UART RX pin at J10
**Installation:**
2 ways to flash factory.bin from OEM:
Method 1: Firmware upgrade page:
OEM webpage at 192.168.1.1
username and password "admin"
Navigate to "Firmware Upgrade" page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm and wait 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt uboot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9fd70000`
wait a minute
connect to ethernet and navigate to
"192.168.1.1/index.htm"
Select the factory.bin image and upload
wait about 3 minutes
**Return to OEM:**
If you have a serial cable, see Serial Failsafe instructions
otherwise, uboot-env can be used to make uboot load the failsafe image
*DISCLAIMER*
The Failsafe image is unique to Engenius boards.
If the failsafe image is missing or damaged this will brick the device
DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt
ssh into openwrt and run
`fw_setenv rootfs_checksum 0`
reboot, wait 3 minutes
connect to ethernet and navigate to 192.168.1.1/index.htm
select OEM firmware image from Engenius and click upgrade
**TFTP recovery:**
Requires serial console, reset button does nothing
rename initramfs to 'vmlinux-art-ramdisk'
make available on TFTP server at 192.168.1.101
power board, interrupt boot
execute tftpboot and bootm 0x81000000
NOTE: TFTP is not reliable due to bugged bootloader
set MTU to 600 and try many times
**Format of OEM firmware image:**
The OEM software of EAP1200H is a heavily modified version
of Openwrt Kamikaze. One of the many modifications
is to the sysupgrade program. Image verification is performed
simply by the successful ungzip and untar of the supplied file
and name check and header verification of the resulting contents.
To form a factory.bin that is accepted by OEM Openwrt build,
the kernel and rootfs must have specific names...
openwrt-ar71xx-generic-eap1200h-uImage-lzma.bin
openwrt-ar71xx-generic-eap1200h-root.squashfs
and begin with the respective headers (uImage, squashfs).
Then the files must be tarballed and gzipped.
The resulting binary is actually a tar.gz file in disguise.
This can be verified by using binwalk on the OEM firmware images,
ungzipping then untaring.
Newer EnGenius software requires more checks but their script
includes a way to skip them, otherwise the tar must include
a text file with the version and md5sums in a deprecated format.
The OEM upgrade script is at /etc/fwupgrade.sh.
OKLI kernel loader is required because the OEM software
expects the kernel to be no greater than 1536k
and the factory.bin upgrade procedure would otherwise
overwrite part of the kernel when writing rootfs.
Note on PLL-data cells:
The default PLL register values will not work
because of the external AR8035 switch between
the SOC and the ethernet port.
For QCA955x series, the PLL registers for eth0 and eth1
can be see in the DTSI as 0x28 and 0x48 respectively.
Therefore the PLL registers can be read from uboot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x18050028 1` and `md 0x18050048 1`.
The clock delay required for RGMII can be applied
at the PHY side, using the at803x driver `phy-mode`.
Therefore the PLL registers for GMAC0
do not need the bits for delay on the MAC side.
This is possible due to fixes in at803x driver
since Linux 5.1 and 5.3
Signed-off-by: Michael Pratt <mcpratt@pm.me>
This is a helpful utility, but it does not have any dependencies
in this repository. Move it to packages feed.
The package does not seem to have a maintainer.
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Nick Hainke <vincent@systemli.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This is a helpful utility, but it does not have any dependencies
in this repository. Move it to packages feed.
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Nick Hainke <vincent@systemli.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The newly added `$(COMMITCOUNT)` varialbe allows automatic versioning
based on the number of Git commits of a package. Replace *tedious to
bump* and *merge conflict causing* `PKG_RELEASE` and replace it with
`$(COMMITCOUNT)`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Xiaomi Mi Router 4 is the same as Xiaomi Mi Router 3G, except for
the RAM (256Mib→128Mib), LEDs and gpio (MiNet button).
Specifications:
Power: 12 VDC, 1 A
Connector type: barrel
CPU1: MediaTek MT7621A (880 MHz, 4 cores)
FLA1: 128 MiB (ESMT F59L1G81MA)
RAM1: 128 MiB (ESMT M15T1G1664A)
WI1 chip1: MediaTek MT7603EN
WI1 802dot11 protocols: bgn
WI1 MIMO config: 2x2:2
WI1 antenna connector: U.FL
WI2 chip1: MediaTek MT7612EN
WI2 802dot11 protocols: an+ac
WI2 MIMO config: 2x2:2
WI2 antenna connector: U.FL
ETH chip1: MediaTek MT7621A
Switch: MediaTek MT7621A
UART Serial
[o] TX
[o] GND
[o] RX
[ ] VCC - Do not connect it
MAC addresses as verified by OEM firmware:
use address source
LAN *:c2 factory 0xe000 (label)
WAN *:c3 factory 0xe006
2g *:c4 factory 0x0000
5g *:c5 factory 0x8000
Flashing instructions:
1.Create a simple http server (nginx etc)
2.set uart enable
To enable writing to the console, you must reset to factory settings
Then you see uboot boot, press the keyboard 4 button (enter uboot command line)
If it is not successful, repeat the above operation of restoring the factory settings.
After entering the uboot command line, type:
setenv uart_en 1
saveenv
boot
3.use shell in uart
cd /tmp
wget http://"your_computer_ip:80"/openwrt-ramips-mt7621-xiaomi_mir4-squashfs-kernel1.bin
wget http://"your_computer_ip:80"/openwrt-ramips-mt7621-xiaomi_mir4-squashfs-rootfs0.bin
mtd write openwrt-ramips-mt7621-xiaomi_mir4-squashfs-kernel1.bin kernel1
mtd write openwrt-ramips-mt7621-xiaomi_mir4-squashfs-rootfs0.bin rootfs0
nvram set flag_try_sys1_failed=1
nvram commit
reboot
4.login to the router http://192.168.1.1/
Installation via Software exploit
Find the instructions in the https://github.com/acecilia/OpenWRTInvasion
Signed-off-by: Dmytro Oz <sequentiality@gmail.com>
[commit message facelift, rebase onto shared DTSI/common device
definition, bump uboot-envtools]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Device specifications:
======================
* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi (11n)
* 3T3R 5 GHz Wi-Fi (11ac)
* 6x GPIO-LEDs (2x wifi, 2x status, 1x lan, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
- AR8035 ethernet PHY (RGMII)
- 10/100/1000 Mbps Ethernet
- 802.3af POE
- used as LAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Device specifications:
======================
* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi (11n)
* 3T3R 5 GHz Wi-Fi (11ac)
* 6x GPIO-LEDs (2x wifi, 2x status, 1x lan, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
- AR8035 ethernet PHY (RGMII)
- 10/100/1000 Mbps Ethernet
- 802.3af POE
- used as LAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, apply shared DTSI/device node, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Device specifications:
======================
* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi
* 3T3R 5 GHz Wi-Fi
* 6x GPIO-LEDs (2x wifi, 2x status, 1x lan, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
- AR8035 ethernet PHY (RGMII)
- 10/100/1000 Mbps Ethernet
- 802.3af POE
- used as LAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Device specifications:
======================
* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi
* 3T3R 5 GHz Wi-Fi
* 6x GPIO-LEDs (2x wifi, 2x status, 1x lan, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
- AR8035 ethernet PHY (RGMII)
- 10/100/1000 Mbps Ethernet
- 802.3af POE
- used as LAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Device specifications:
======================
* Qualcomm/Atheros AR9344 rev 2
* 560/450/225 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi
* 2T2R 5 GHz Wi-Fi
* 8x GPIO-LEDs (6x wifi, 1x wps, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
- AR8035 ethernet PHY (RGMII)
- 10/100/1000 Mbps Ethernet
- 802.3af POE
- used as LAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Device specifications:
======================
* Qualcomm/Atheros AR9344 rev 2
* 560/450/225 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi
* 2T2R 5 GHz Wi-Fi
* 4x GPIO-LEDs (2x wifi, 1x wps, 1x power)
* 1x GPIO-button (reset)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
- AR8035 ethernet PHY (RGMII)
- 10/100/1000 Mbps Ethernet
- 802.3af POE
- used as LAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, make WLAN LEDs consistent, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The "cidr_contains6" functions clones the given cidr. The contains4
does not clone the cidr. Both functions do not behave the same.
I see no reason to push the cidr. I think that we get only a negligible
performance gain, but it makes ipv4 and ipv6 equal again.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
overflow in sort_rrset() when DNSSEC is used. This can allow a remote
attacker to write arbitrary data into target device's memory that can
lead to memory corruption and other unexpected behaviors on the target
device.
* CVE-2020-25682:
Dnsmasq versions before 2.83 is susceptible to buffer overflow in
extract_name() function due to missing length check, when DNSSEC is
enabled. This can allow a remote attacker to cause memory corruption
on the target device.
* CVE-2020-25683:
Dnsmasq version before 2.83 is susceptible to a heap-based buffer
overflow when DNSSEC is enabled. A remote attacker, who can create
valid DNS replies, could use this flaw to cause an overflow in a heap-
allocated memory. This flaw is caused by the lack of length checks in
rtc1035.c:extract_name(), which could be abused to make the code
execute memcpy() with a negative size in get_rdata() and cause a crash
in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
A lack of proper address/port check implemented in Dnsmasq version <
2.83 reply_query function makes forging replies easier to an off-path
attacker.
* CVE-2020-25685:
A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
versions before 2.83 reply_query function allows remote attackers to
spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
Multiple DNS query requests for the same resource name (RRNAME) by
Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
traffic, using a birthday attack (RFC 5452), that can lead to DNS
cache poisoning.
* CVE-2020-25687:
Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
remote attacker, who can create valid DNS replies, could use this flaw
to cause an overflow in a heap-allocated memory. This flaw is caused
by the lack of length checks in rtc1035.c:extract_name(), which could
be abused to make the code execute memcpy() with a negative size in
sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
Service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.
I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.
I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
53f07e9 ra: fix routing loop on point to point links
2b6959d ra: align ifindex resolving
Tested-by: Karl Vogel <karl.vogel@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Reordered for consistency between packages.
Fixed license information.
Change PKG_BUILD_PARALLEL to 1. This is no longer a problem.1
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The following four led triggers are enabled in generic config.
* kmod-ledtrig-default-on
* kmod-ledtrig-heartbeat
* kmod-ledtrig-netdev
* kmod-ledtrig-timer
Drop the packages and remove them from DEVICE_PACKAGES.
There's no other package depending on them in this repo.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
With encryption disabled, it was intended to set wpa_state=1 (enabled,
not configured) through the 'wps_not_configured' flag.
The flag is set appropriately but the condition using it is broken.
Instead, 'wps_configured' is checked and wpa_state is always 2 (enabled,
configured). Fix it by using the correct variable name.
Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")
Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit title/message improvements]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
CONFIG_THERMAL option was changed to boolean in upstream linux commit
554b3529fe01 ("thermal/drivers/core: Remove the module Kconfig's option").
Switch it to 'y' and remove FILES and AUTOLOAD for non-existant module file.
And update the descripton text for the package as in upstream linux commit
eb8504620381 ("thermal: Rephrase the Kconfig text for thermal").
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
The cidr_parse6 function parses a string to an ipv6-address.
The cidr struct contains a union called buf for the ipv4 and ipv6
address. Since it is a char pointer and the struct is initialized with
the maximum size (so ipv6 string) it does not make any difference.
However, we should access the buffer using the v6 name, since it could
be confusing otherwise.
Signed-off-by: Nick Hainke <vincent@systemli.org>
a46f9a9160e9 mt76: mt7915: add vif check in mt7915_update_vif_beacon()
27ad12352ac9 mt76: mt7615: add vif check in mt7615_update_vif_beacon()
0a449cef024e mt76: mt7915: fix MT_CIPHER_BIP_CMAC_128 setkey
eacd2d493c61 mt76: mt7915: reset token when mac_reset happens
e4b23301e6c9 mt76: mt7615: reset token when mac_reset happens
6e22bbfe0360 mt76: mt7615: convert comma to semicolon
37865118ae2d mt76: mt7915: convert comma to semicolon
742c36b2e527 mt76: mt7915: run mt7915_configure_filter holding mt76 mutex
a515727e8423 mt76: mt7915: add support for flash mode
b6f7b3da5216 mt76: mt7915: fix endianness warning in mt7915_mcu_set_radar_th
062f3f4f06a2 mt76: mt7915: simplify mt7915_mcu_send_message routine
dbba9b993300 mt76: mt7915: drop zero-length packet to avoid Tx hang
36a745d0f71c mt76: Fix queue ID variable types after mcu queue split
a4539760b0b1 mt7915: update the testmode support to the latest upstream patch
64bd6f87e4c2 mt7915: fix crash on failure in pci_set_dma_mask
c202ace409e0 mt76: remove unused variable q
d1b827781f84 mt76: mt7915: add partial add_bss_info command on testmode init
a897a69769f5 mt76: testmode: introduce dbdc support
b44472e99822 mt76: testmode: move mtd part to mt76_dev
45e27e6cdc12 mt76: mt7915: move testmode data from dev to phy
b6673b005770 mt76: mt7615: move testmode data from dev to phy
abdd471e9f2d mt76: mt7915: fix ht mcs in mt7915_mcu_get_rx_rate()
d679b56b9585 mt76: move mac_work in mt76_core module
36cd48ab4454 mt76: move chainmask in mt76_phy
89a6781ed045 mt76: mt7915: force ldpc for bw larger than 20MHz in testmode
3d0834e78005 mt76: testmode: add support to set user-defined spe index
cc05f4679667 mt76: testmode: add attributes for ipg related parameters
77b18b16fe16 mt76: testmode: make tx queued limit adjustable
6365a58573cb mt76: mt7915: split edca update function
e56282bf67f6 mt76: mt7915: add support for ipg in testmode
6fa642903e4e mt76: mt7915: calculate new packet length when tx_time is set in testmode
729ec5daeba5 mt76: mt7915: clean hw queue before starting new testmode tx
981443da5cf7 mt76: testmode: add a new state for continuous tx
4793fc9b3d48 mt76: mt7915: rework set state part in testmode
11a1e86e5946 mt76: mt7915: add support for continuous tx in testmode
364affef82fc mt76: mt7615: mt7915: disable txpower sku when testmode enabled
9fc19db51293 mt76: mt7915: simplify peer's TxBF capability check
6377b7f330be mt76: mt7915: add implicit Tx beamforming support
983091a40633 mt76: mt7915: fix MESH ifdef block
bbb7a9e77751 mt76: mt76u: fix NULL pointer dereference in mt76u_status_worker
a28a8dd2f7de mt76: usb: fix crash on device removal
9c312f2ce2c5 mt76: mt7915: rework mcu API
e6fe82acb111 mt76: mt7915: disable RED support in the WA firmware
25d7429bdc41 mt76: mt7915: fix eeprom parsing for DBDC
7a93026dd3dc mt76: mt7915: fix eeprom DBDC band selection
4c8a09cc45d0 tools: Set mode for new file /tmp/mt76-test-%s
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The key_mgmt variable was mistyped when checking against "WPS", so
the if clause was never entered.
Fixes: f5753aae23 ("hostapd: add support for WPS pushbutton station")
Signed-off-by: Leon M. George <leon@georgemail.eu>
[add commit message, bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
'base' was never used.
Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")
Signed-off-by: Leon M. George <leon@georgemail.eu>
'enc_str' was never used.
Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")
Signed-off-by: Leon M. George <leon@georgemail.eu>
Granting capabilities CAP_NET_ADMIN and CAP_NET_RAW allows running
hostapd and wpa_supplicant without root priviledges.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This allows configuration of multicast_to_unicast and per_sta_vif options.
- multicast_to_unicast requests multicast-to-unicast conversion.
- per_sta_vif assigns each station its own AP_VLAN interface.
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
This adds a config option to allow compiling with HKDF algorithm support
to support applications that require this feature.
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
This allows libnetfilter_queue to access connection tracking information
by requesting NFQA_CFG_F_CONNTRACK. Connection tracking information is
provided in the NFQA_CT attribute.
CONFIG_NETFILTER_NETLINK_GLUE_CT enables the interaction between
nf_queue and nf_conntrack_netlink. Without this option, trying to access
connection tracking information results in "Operation not supported".
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
Both devices use u-boot env variables to boot OpenWrt from its flash
partition. Using u-boot envtools, it is possible to change the bootcmd
back to the stock firmware partition directly from OpenWrt without
attaching a serial cable or even physically accessing the device.
Signed-off-by: Jan Alexander <jan@nalx.net>
Hardware
--------
SoC: Qualcomm IPQ8064
RAM: 512MB DDR3
Flash: 256MB NAND (Micron MT29F2G08ABBEAH4)
32MB SPI-NOR (Macronix MX25U25635F)
WLAN: Qualcomm Atheros QCA9994 4T4R b/g/n
Qualcomm Atheros QCA9994 4T4R a/n/ac
ETH: eth0 - SECONDARY (Atheros AR8033)
eth1 - MAIN (Atheros AR8033)
USB: USB-C
LED: Dome (white / blue)
BTN: Reset
Installation
------------
Copy the OpenWrt sysupgrade image to the /tmp directory of the device
using scp. Default IP address is 192.168.1.20 and default username and
password are "ubnt".
SSH to the device and write the bootselect flag to ensure it is booting
from the mtd partition the OpenWrt image will be written to. Verify the
output device below matches mtd partition "bootselect" using /proc/mtd.
> dd if=/dev/zero bs=1 count=1 seek=7 conv=notrunc of=/dev/mtd11
Write the OpenWrt sysupgrade image to the mtd partition labeled
"kernel0". Also verify the used partition device using /proc/mtd.
> dd if=/tmp/sysupgrade.bin of=/dev/mtdblock12
Reboot the device.
Back to stock
-------------
Use the TFTP recovery procedure with the Ubiquiti firmware image to
restore the vendor firmware.
Signed-off-by: Jan Alexander <jan@nalx.net>
Update the U-Boot to version v2021.01.
Run-tested: FriendlyARM NanoPi R2S
Radxa Rock Pi 4
Pine64 RockPro64
Signed-off-by: Marty Jones <mj8263788@gmail.com>
[format commit message]
Signed-off-by: David Bauer <mail@david-bauer.net>
Currently PHY information obtained from "iw phy" lacks information about
a PHYs HE capabilities when using the by default installed iw-tiny.
As there are already 802.11ax supported devices, enabled printing this
information for the by-default installed iw variant.
Signed-off-by: David Bauer <mail@david-bauer.net>
To simplify the way netifd acquires the PIDs of wpa_supplicant and
hostapd let the config_add method of both of them return the PID of the
called process. Use the returned PID instead of querying procd when
adding wpa_supplicant configuration.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This patch adds kernel module for Silicon Labs CP2112 HID USB to SMBus
Master Bridge. This is a HID device driver which registers as an i2c
adapter and gpiochip to expose these functions of the CP2112.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
While the speed improvement might be negligible, there is still no
reason to read individual bytes.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
For glibc, lua needs an explicit link to libdl as glibc has it separate
Fixes the following error in at least collectd:
ld: usr/lib/liblua.so: undefined reference to `dlopen'
ld: usr/lib/liblua.so: undefined reference to `dlclose'
ld: usr/lib/liblua.so: undefined reference to `dlerror'
ld: usr/lib/liblua.so: undefined reference to `dlsym'
Signed-off-by: Rosen Penev <rosenp@gmail.com>
fd017ba iwinfo: add ht and vht operation info to wifi scan
4c66b31 iwinfo: export center channel for info ubus call
e28d4a5 iwinfo: add support for 802.11ad and GCMP
5c15f57 iwinfo: return hwmode 'ad' on 802.11ad-only hardware
ea7f471 iwinfo: include ht_operation data only if available
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
- Encode ABI version in compiled shared object file
- Only ship versioned shared library
a17f561 iwinfo: detect QCA IPQ4019 WiSoC from FDT
ea28dfb iwinfo: export ht and vht operation in scan results
4e22953 iwinfo: export center_chan info for local wifi
74d13fb cli: account for additional digit for frequencies above 10GHz
8bfd8d8 iwinfo: add support for GCMP cipher
618c1e8 iwinfo: add hardware description for QCA MIPS WiSoCs
0702f32 iwinfo: improve center channel handling
51c1336 iwinfo: set center chan unsupported for not-nl80211 driver
23d2722 build: add ability to specify shared object version
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This reverts commit f1620630e9.
This update introduces potentially remote exploitable buffer overreads
in IE parsing logic.
It also breaks the ABI without introdcing SOVERSION library versioning.
Furthermore, HT information is incorrectly added for non-HT BSSes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This reverts commit 190e793963.
This update introduces a potential null-pointer deref with subsequent rpcd
crash when querying wireless info for non-nl80211 wdevs.
Additionally it wrongly includes ht frequency information for non-ht BSSes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
fd017ba iwinfo: add ht and vht operation info to wifi scan
4c66b31 iwinfo: export center channel for info ubus call
e28d4a5 iwinfo: add support for 802.11ad and GCMP
5c15f57 iwinfo: return hwmode 'ad' on 802.11ad-only hardware
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
a17f561 iwinfo: detect QCA IPQ4019 WiSoC from FDT
ea28dfb iwinfo: export ht and vht operation in scan results
4e22953 iwinfo: export center_chan info for local wifi
74d13fb cli: account for additional digit for frequencies above 10GHz
8bfd8d8 iwinfo: add support for GCMP cipher
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This patch adds wil6210 driver for Wilocity/QCA based 802.11ad
PCI cards.
Driver uses cfg80211 and nl80211 but not mac80211.
Integration for UCI and LuCI will come in other patches.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This patch adds wil6210 firmware and board files.
Firmware version is not up to date but is only freely redistributable one I found.
Board file is a generic one so most devices and especially those for long distance
PtP links will require so in a ipq-wifi like way.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This patch enables hostapd.sh to properly configure wpa_supplicant
for when GCMP is used as cipher in station mode.
Without this wpa_supplicant will be unable to connect to AP.
This is needed for wil6210 as it does not support CCMP.
Signed-off-by: Robert Marko <robimarko@gmail.com>
The usual OpenWrt-way of writing the JFFS2-marker in order to have
a filesystem erased at the next boot fails on UBIFS volumes due to
UBI being a different beast when it comes to writing.
As truncating a UBIFS volume only takes a few milliseconds and has the
desired effect of wiping-out all content of that volume, just do that
instead.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Adds a new function get_magic_fat32() in base-files to read FAT32 magic.
Now FAT32 EFI system partition can be handled in the same way as FAT12/FAT16.
Signed-off-by: Kagurazaka Kotori <kagurazakakotori@gmail.com>
[replace '-o' with '] || [' to satisfy shellsheck]
Signed-off-by: Paul Spooren <mail@aparcar.org>
This package is not needed in base. It will be imported in the packages
feed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Paul Spooren <mail@aparcar.org>
The package `usbutils` already offers an USB reset function, this
package is therefore not really required standalone.
CC: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Paul Spooren <mail@aparcar.org>
This adds an option "hostapd_bss_options" that does the same as
"hostapd_options" but on a per-BSS level, instead of a per-device level.
This can be used, for example, to configure different per-devce sae_passwords
per BSS or to augment some of the existing per-BSS options.
Signed-off-by: Florian Beverborg <flo@beverb.org>
[remove whitespace errors, bump release]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Legacy minstrel is essentially unmaintained and was showing poor performance
Replace it with minstrel_ht and improve rate selection and sampling behavior
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes the following build problem in hostapd:
mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_add':
<artificial>:(.text.crypto_ec_point_add+0x170): undefined reference to `ecc_projective_add_point'
mipsel-openwrt-linux-musl/bin/ld: <artificial>:(.text.crypto_ec_point_add+0x18c): undefined reference to `ecc_map'
mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_to_bin':
<artificial>:(.text.crypto_ec_point_to_bin+0x40): undefined reference to `ecc_map'
Fixes: ba40da9045 ("wolfssl: Update to v4.6.0-stable")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The symbol determines if the libevent2-pthreads libraries get built or not.
If we want to select libevent2-pthreads, and these haven't been built, an
error will occur mentioning that there are no 'libevent_pthreads-2.1.so'
files.
Adding CONFIG_PACKAGE_libevent2-pthreads to PKG_CONFIG_DEPEND will make
sure that the libraries get re-built in case libevent2-pthreads is
selected.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The `functions.sh` script has `config_get_bool()` function, which is
usable when using UCI config direct access API, but there is no
equivalent for the callback API. Introduce `get_bool()` function to
allow reusing it from init scripts.
Example:
```sh
option_cb() {
local option="$1"
local value="$(get_bool "$2")"
...
}
```
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
Since we're now able to select CONFIG_NET_UDP_TUNNEL at will, drop the fake
dependencies.
This is a partial revert of commit d7e040f8bc
"kernel: add fake users for udptunnel and iptunnel modules".
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
This patch bumps cryptodev-linux to the latest stable release (1.11) and fixes
compilation against the next LTS (and likely OpenWrt) kernel 5.10.
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Fixed license information.
Adjusted Makefile to new install paths.
Backported upstream patch to fix compilation with musl. Replaces local
and incomplete patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This patch was already applied upstream and not needed here.
Fixes: 06403981e1 ("ppp: update to version 2.4.7.git-2019-05-06")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This version fixes a large number of bugs, although no security
vulnerabilities are listed.
Full changelog at:
https://www.wolfssl.com/docs/wolfssl-changelog/
or, as part of the version's README.md:
https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md
Due a number of API additions, size increases from 374.7K to 408.8K for
arm_cortex_a9_vfpv3-d16. The ABI does not change from previous version.
Backported patches were removed; remaining patch was refreshed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
By setting 'auto', the zero address or the empty string as source
address (option ipaddr, option ip6addr), vxlan will choose one
dynamically. This helps in setups where a wan ip or prefix changes.
This corresponse to setting up an vxlan tunnel with:
proto vxlan6:
# ip link add vx0 type vxlan id ID local :: ...
proto vxlan:
# ip link add vx0 type vxlan id ID local 0.0.0.0 ...
While it is possible to not specify a source ip at all, the kernel will
default to setting up a ipv4 tunnel. The kernel will take any hint from
source and peer ips to figure out, what tunnel type to use. To make sure
we setup an ipv6 tunnel for proto vxlan6, this workaround is needed.
This will not change the behaviour of currently working configurations.
However this will allow former broken configurations, namely those not
specifying both a source address and tunnel interface, to setup a
tunnel interface. Previously those configurations weren't reporting an
error and were stueck in a setup loop like in Bug FS#3426.
This change lifts the currently very strict behaviour and should fix the
following bug:
Fixes: FS#3426
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3426
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Device specifications:
======================
* Qualcomm/Atheros AR9344 rev 2
* 560/450/225 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 5 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
- eth0
+ builtin switch port 1
+ used as LAN interface
- eth1
+ 18-24V passive POE (mode B)
+ used as WAN interface
* 12-24V 1A DC
* internal antennas
WAN/LAN LEDs appear to be wrong in ar71xx and have been swapped here.
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[add LED swap comment]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Device specifications:
======================
* Qualcomm/Atheros AR9330 rev 1
* 400/400/200 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 1T1R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
- eth0
+ builtin switch port 1
+ used as LAN interface
- eth1
+ 18-24V passive POE (mode B)
+ used as WAN interface
* 12-24V 1A DC
* external antenna
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to
the device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Device specifications:
======================
* Qualcomm/Atheros AR9330 rev 1
* 400/400/200 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 1T1R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
- eth0
+ builtin switch port 1
+ used as LAN interface
- eth1
+ 18-24V passive POE (mode B)
+ used as WAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to
the device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The find command to retrieve files from /etc/sysupgrade.conf and
/lib/upgrade/keep.d/* is used twice in almost the same way.
Move it into a function to consolidate, enhance readability and make
future adjustments easier.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Paul Spooren <mail@aparcar.org>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
Device specifications:
======================
* Qualcomm/Atheros AR9341 rev 1
* 535/400/200 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
- eth0
+ 802.3af POE
+ builtin switch port 1
+ used as LAN interface
- eth1
+ 18-24V passive POE (mode B)
+ used as WAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to
the device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Device specifications:
======================
* Qualcomm/Atheros AR9341 rev 1
* 535/400/200 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
- eth0
+ 802.3af POE
+ builtin switch port 1
+ used as LAN interface
- eth1
+ 18-24V passive POE (mode B)
+ used as WAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to
the device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Device specifications:
======================
* Qualcomm/Atheros AR9341 rev 1
* 535/400/200 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
- eth0
+ 802.3af POE
+ builtin switch port 1
+ used as LAN interface
- eth1
+ 18-24V passive POE (mode B)
+ used as WAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to
the device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[drop redundant status from eth1]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Device specifications:
======================
* Qualcomm/Atheros QCA9533 v2
* 650/600/217 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
- eth0
+ 24V passive POE (mode B)
+ used as WAN interface
- eth1
+ 802.3af POE
+ builtin switch port 1
+ used as LAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to
the device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Device specifications:
======================
* Qualcomm/Atheros QCA9533 v2
* 650/600/217 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 1T1R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
- eth0
+ Label: Ethernet 1
+ 24V passive POE (mode B)
- eth1
+ Label: Ethernet 2
+ 802.3af POE
+ builtin switch port 1
* 12-24V 1A DC
* external antenna
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to
the device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[wrap two very long lines, fix typo in comment]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Since generic has the option set to y and other targets now inherit that
choice, there is no behaviour change
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Specifications:
SOC: Qualcomm IPQ4018 (DAKOTA) ARM Quad-Core
RAM: 256 MiB
FLASH1: 4 MiB NOR
FLASH2: 128 MiB NAND
ETH: Qualcomm QCA8075
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11b/g/n 2x2
WLAN2: Qualcomm Atheros QCA4018 5GHz 802.11n/ac W2 2x2
INPUT: Reset
LED: Power, Internet
UART1: On board pin header near to LED (3.3V, TX, RX, GND), 3.3V without pin - 115200 8N1
OTHER: On board with BLE module - by cp210x USB serial chip
On board hareware watchdog with GPIO0 high to turn on, and GPIO4 for watchdog feed
Install via uboot tftp or uboot web failsafe.
By uboot tftp:
(IPQ40xx) # tftpboot 0x84000000 openwrt-ipq40xx-generic-glinet_gl-ap1300-squashfs-nand-factory.ubi
(IPQ40xx) # run lf
By uboot web failsafe:
Push the reset button for 10 seconds util the power led flash faster,
then use broswer to access http://192.168.1.1
Afterwards upgrade can use sysupgrade image.
Signed-off-by: Dongming Han <handongming@gl-inet.com>
The Makefile is rejecting all files with for a given prefix (here
"board-plasmacloud_pa2200") when it didn't match a known suffix. Instead it
stops the build with an error like:
Makefile:135: *** Unrecognized board-file suffix '.ipq4019' for 'board-plasmacloud_pa2200.ipq4019'. Stop.
The correct suffix for the QCA4019/hw1.0 is qca4019 and not ipq4019.
Fixes: 4871fd2616 ("ipq40xx: add support for Plasma Cloud PA2200")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The Makefile is rejecting all files with for a given prefix (here
"board-plasmacloud_pa1200") when it didn't match a known suffix. Instead it
stops the build with an error like:
Makefile:135: *** Unrecognized board-file suffix '.ipq4019' for 'board-plasmacloud_pa1200.ipq4019'. Stop.
The correct suffix for the QCA4019/hw1.0 is qca4019 and not ipq4019.
Fixes: ea5bb6bbfe ("ipq40xx: add support for Plasma Cloud PA1200")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
FCC ID: U2M-EAP350
Engenius EAP350 is a wireless access point with 1 gigabit PoE ethernet port,
2.4 GHz wireless, external ethernet switch, and 2 internal antennas.
Specification:
- AR7242 SOC
- AR9283 WLAN (2.4 GHz, 2x2, PCIe on-board)
- AR8035-A switch (GbE with 802.3af PoE)
- 40 MHz reference clock
- 8 MB FLASH MX25L6406E
- 32 MB RAM EM6AA160TSA-5G
- UART at J2 (populated)
- 3 LEDs, 1 button (power, eth, 2.4 GHz) (reset)
- 2 internal antennas
MAC addresses:
MAC address is labeled as "MAC"
Only 1 address on label and in flash
The OEM software reports these MACs for the ifconfig
eth0 MAC *:0c art 0x0
phy0 --- *:0d ---
Installation:
2 ways to flash factory.bin from OEM:
- if you get Failsafe Mode from failed flash:
only use it to flash Original firmware from Engenius
or risk kernel loop or halt which requires serial cable
Method 1: Firmware upgrade page:
OEM webpage at 192.168.10.1
username and password "admin"
Navigate to "Upgrade Firmware" page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm and wait 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt uboot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9f670000`
wait a minute
connect to ethernet and navigate to
"192.168.1.1/index.htm"
Select the factory.bin image and upload
wait about 3 minutes
Return to OEM:
If you have a serial cable, see Serial Failsafe instructions
otherwise, uboot-env can be used to make uboot load the failsafe image
*DISCLAIMER*
The Failsafe image is unique to Engenius boards.
If the failsafe image is missing or damaged this will not work
DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt
ssh into openwrt and run
`fw_setenv rootfs_checksum 0`
reboot, wait 3 minutes
connect to ethernet and navigate to 192.168.1.1/index.htm
select OEM firmware image from Engenius and click upgrade
Format of OEM firmware image:
The OEM software of EAP350 is a heavily modified version
of Openwrt Kamikaze. One of the many modifications
is to the sysupgrade program. Image verification is performed
simply by the successful ungzip and untar of the supplied file
and name check and header verification of the resulting contents.
To form a factory.bin that is accepted by OEM Openwrt build,
the kernel and rootfs must have specific names...
openwrt-senao-eap350-uImage-lzma.bin
openwrt-senao-eap350-root.squashfs
and begin with the respective headers (uImage, squashfs).
Then the files must be tarballed and gzipped.
The resulting binary is actually a tar.gz file in disguise.
This can be verified by using binwalk on the OEM firmware images,
ungzipping then untaring.
The OEM upgrade script is at /etc/fwupgrade.sh
Later models in the EAP series likely have a different platform
and the upgrade and image verification process differs.
OKLI kernel loader is required because the OEM software
expects the kernel to be no greater than 1024k
and the factory.bin upgrade procedure would
overwrite part of the kernel when writing rootfs.
Note on PLL-data cells:
The default PLL register values will not work
because of the external AR8035-A switch between
the SOC and the ethernet PHY chips.
For AR724x series, the PLL register for GMAC0
can be seen in the DTSI as 0x2c.
Therefore the PLL register can be read from uboot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x1805002c 1`.
uboot did not have a good value for 1 GBps
so it was taken from other similar DTS file.
Tested from master, all link speeds functional
Signed-off-by: Michael Pratt <mcpratt@pm.me>
FCC ID: A8J-EAP600
Engenius EAP600 is a wireless access point with 1 gigabit ethernet port,
dual-band wireless, external ethernet switch, 4 internal antennas
and 802.3af PoE.
Specification:
- AR9344 SOC (5 GHz, 2x2, WMAC)
- AR9382 WLAN (2.4 GHz, 2x2, PCIe on-board)
- AR8035-A switch (GbE with 802.3af PoE)
- 40 MHz reference clock
- 16 MB FLASH MX25L12845EMI-10G
- 2x 64 MB RAM NT5TU32M16DG
- UART at H1 (populated)
- 5 LEDs, 1 button (power, eth, 2.4 GHz, 5 GHz, wps) (reset)
- 4 internal antennas
MAC addresses:
MAC addresses are labeled MAC1 and MAC2
The MAC address in flash is not on the label
The OEM software reports these MACs for the ifconfig
eth0 MAC 1 *:5e ---
phy1 MAC 2 *:5f --- (2.4 GHz)
phy0 ----- *:60 art 0x0 (5 GHz)
Installation:
2 ways to flash factory.bin from OEM:
- if you get Failsafe Mode from failed flash:
only use it to flash Original firmware from Engenius
or risk kernel loop or halt which requires serial cable
Method 1: Firmware upgrade page:
OEM webpage at 192.168.1.1
username and password "admin"
Navigate to "Upgrade Firmware" page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm and wait 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt uboot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9fdf0000`
wait a minute
connect to ethernet and navigate to
"192.168.1.1/index.htm"
Select the factory.bin image and upload
wait about 3 minutes
Return to OEM:
If you have a serial cable, see Serial Failsafe instructions
otherwise, uboot-env can be used to make uboot load the failsafe image
*DISCLAIMER*
The Failsafe image is unique to Engenius boards.
If the failsafe image is missing or damaged this will not work
DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt
ssh into openwrt and run
`fw_setenv rootfs_checksum 0`
reboot, wait 3 minutes
connect to ethernet and navigate to 192.168.1.1/index.htm
select OEM firmware image from Engenius and click upgrade
Format of OEM firmware image:
The OEM software of EAP600 is a heavily modified version
of Openwrt Kamikaze. One of the many modifications
is to the sysupgrade program. Image verification is performed
simply by the successful ungzip and untar of the supplied file
and name check and header verification of the resulting contents.
To form a factory.bin that is accepted by OEM Openwrt build,
the kernel and rootfs must have specific names...
openwrt-senao-eap600-uImage-lzma.bin
openwrt-senao-eap600-root.squashfs
and begin with the respective headers (uImage, squashfs).
Then the files must be tarballed and gzipped.
The resulting binary is actually a tar.gz file in disguise.
This can be verified by using binwalk on the OEM firmware images,
ungzipping then untaring.
The OEM upgrade script is at /etc/fwupgrade.sh
Later models in the EAP series likely have a different platform
and the upgrade and image verification process differs.
OKLI kernel loader is required because the OEM software
expects the kernel to be no greater than 1536k
and the factory.bin upgrade procedure would
overwrite part of the kernel when writing rootfs.
Note on PLL-data cells:
The default PLL register values will not work
because of the external AR8035-A switch between
the SOC and the ethernet PHY chips.
For AR934x series, the PLL register for GMAC0
can be seen in the DTSI as 0x2c.
Therefore the PLL register can be read from uboot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x1805002c 1`.
Unfortunately uboot did not have the best values
so they were taken from other similar DTS files.
Tested from master, all link speeds functional
Signed-off-by: Michael Pratt <mcpratt@pm.me>
FCC ID: A8J-ECB600
Engenius ECB600 is a wireless access point with 1 gigabit PoE ethernet port,
dual-band wireless, external ethernet switch, and 4 external antennas.
Specification:
- AR9344 SOC (5 GHz, 2x2, WMAC)
- AR9382 WLAN (2.4 GHz, 2x2, PCIe on-board)
- AR8035-A switch (GbE with 802.3af PoE)
- 40 MHz reference clock
- 16 MB FLASH MX25L12845EMI-10G
- 2x 64 MB RAM NT5TU32M16DG
- UART at H1 (populated)
- 4 LEDs, 1 button (power, eth, 2.4 GHz, 5 GHz) (reset)
- 4 external antennas
MAC addresses:
MAC addresses are labeled MAC1 and MAC2
The MAC address in flash is not on the label
The OEM software reports these MACs for the ifconfig
phy1 MAC 1 *:52 --- (2.4 GHz)
phy0 MAC 2 *:53 --- (5 GHz)
eth0 ----- *:54 art 0x0
Installation:
2 ways to flash factory.bin from OEM:
- if you get Failsafe Mode from failed flash:
only use it to flash Original firmware from Engenius
or risk kernel loop or halt which requires serial cable
Method 1: Firmware upgrade page:
OEM webpage at 192.168.1.1
username and password "admin"
Navigate to "Upgrade Firmware" page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm and wait 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt uboot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9fdf0000`
wait a minute
connect to ethernet and navigate to
"192.168.1.1/index.htm"
Select the factory.bin image and upload
wait about 3 minutes
Return to OEM:
If you have a serial cable, see Serial Failsafe instructions
otherwise, uboot-env can be used to make uboot load the failsafe image
*DISCLAIMER*
The Failsafe image is unique to Engenius boards.
If the failsafe image is missing or damaged this will not work
DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt
ssh into openwrt and run
`fw_setenv rootfs_checksum 0`
reboot, wait 3 minutes
connect to ethernet and navigate to 192.168.1.1/index.htm
select OEM firmware image from Engenius and click upgrade
Format of OEM firmware image:
The OEM software of ECB600 is a heavily modified version
of Openwrt Kamikaze. One of the many modifications
is to the sysupgrade program. Image verification is performed
simply by the successful ungzip and untar of the supplied file
and name check and header verification of the resulting contents.
To form a factory.bin that is accepted by OEM Openwrt build,
the kernel and rootfs must have specific names...
openwrt-senao-ecb600-uImage-lzma.bin
openwrt-senao-ecb600-root.squashfs
and begin with the respective headers (uImage, squashfs).
Then the files must be tarballed and gzipped.
The resulting binary is actually a tar.gz file in disguise.
This can be verified by using binwalk on the OEM firmware images,
ungzipping then untaring.
The OEM upgrade script is at /etc/fwupgrade.sh
Later models in the ECB series likely have a different platform
and the upgrade and image verification process differs.
OKLI kernel loader is required because the OEM software
expects the kernel to be no greater than 1536k
and the factory.bin upgrade procedure would
overwrite part of the kernel when writing rootfs.
Note on PLL-data cells:
The default PLL register values will not work
because of the external AR8035-A switch between
the SOC and the ethernet PHY chips.
For AR934x series, the PLL register for GMAC0
can be seen in the DTSI as 0x2c.
Therefore the PLL register can be read from uboot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x1805002c 1`.
Unfortunately uboot did not have the best values
so they were taken from other similar DTS files.
Tested from master, all link speeds functional
Signed-off-by: Michael Pratt <mcpratt@pm.me>
b75bcad dhcpv6-ia: remove assignment equal to 0 checks
d1ae052 dhcpv6-ia: fix logic to include IA_PD prefix with lifetimes set to 0
9d5e379 dhcpv6-ia: fix prefix delegation behavior
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
As of hostapd upstream commit 7d2ed8ba "Remove CONFIG_IEEE80211W build parameter"
https://w1.fi/cgit/hostap/commit?id=7d2ed8bae86a31dd2df45c24b3f7281d55315482
802.11w feature is always enabled in the build time.
It doesn't make sense to opt-in 802.11w per driver as hostapd will always
be compiled with this feature enabled.
As suggested by Hauke Mehrtens, for now keep 11w enabled in build_features.h
for compatibility reasons. This option will be dropped when LuCI is adjusted.
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
SOC: IPQ4018 / QCA Dakota
CPU: Quad-Core ARMv7 Processor rev 5 (v71) Cortex-A7
DRAM: 256 MiB
NOR: 32 MiB
ETH: Qualcomm Atheros QCA8075 (2 ports)
PLC: MaxLinear G.hn 88LX5152
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2: Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT: RESET, WiFi, PLC Button
LEDS: red/white home, white WiFi
To modify a retail device to run OpenWRT firmware:
1) Setup a TFTP server on IP address 192.168.0.100 and copy the OpenWRT
initramfs (initramfs-fit-uImage.itb) to the TFTP root as 'uploadfile'.
2) Power on the device while pressing the recessed reset button next to
the Ethernet ports. This causes the bootloader to retrieve and start
the initramfs.
3) Once the initramfs is booted, the device will come up with IP
192.168.1.1. You can then connect through SSH (allow some time for
the first connection).
4) On the device shell, run 'fw_printenv' to show the U-boot environment.
Backup this information since it contains device unique factory data.
5) Change the boot command to support booting OpenWRT:
# fw_setenv bootcmd 'sf probe && sf read 0x84000000 0x180000 0x400000 && bootm'
6) Change directory to /tmp, download the sysupgrade (e.g. through wget)
and install it with sysupgrade. The device will reboot into OpenWRT.
Notice that there is currently no support for booting the G.hn chip.
This requires userland software we lack the rights to share right now.
Signed-off-by: Stefan Schake <stefan.schake@devolo.de>
When hostapd gets restarted to often/quickly will cause procd to not restart it
anymore. it will think that hapd is in a crash loop.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [adjust respawn time]
The Seagate BlackArmor NAS220 is a consumer NAS
with two internal drive bays. The stock OS runs
RAID 1 over the disks via mdadm.
Device specification:
- SoC: Marvell 88F6192 800 MHz
- RAM: 128 MB
- Flash: 32 MB
- 2 x internal SATA II drives
- Ethernet: 10/100/1000 Mbps (single port, no switch)
- WLAN: None
- LED: Power, Status, Sata Activity
- Key: Power, Reset
- Serial: 10 pin header, (115200,8,N,1), 3.3V TTL
9|x - x|10
7|x - x|8
5|x - GND|6
3|x - RX|4
1|TX - x|2
front of case
- USB ports: 2 x USB 2.0
Flash instruction:
NOTE: this process uses a serial connection. It will upgrade the
bootloader and reset the bootloader environment variables
TFTP server setup
- Setup PC with TFTP server set the PC IP to 10.4.50.5 as TFTP server
- Copy these files to TFTP server location
- u-boot.kwb
- seagate_blackarmor-nas220-initramfs-uImage
- seagate_blackarmor-nas220-squashfs-sysupgrade.bin
- seagate_blackarmor-nas220-squashfs-factory.bin
Seagate NAS setup
- Connect LAN cable between PC and seagate device
- Connect to serial to seagate device
Install u-boot
- Boot seagate device and stop in bootloader by pressing any key
- run 'printenv' from u-boot and save the values
- tftpboot 0x2000000 u-boot.kwb
- nand erase.part uboot
- nand write 0x2000000 0x0 ${filesize}
- reset
Update MAC address in u-boot env
- Stop in u-boot by pressing any key
- Get your MAC address from your saved printenv. Is also on chassis
- setenv ethaddr <your MAC>
- saveenv
Option 1 (recommended) - Install OpenWrt via initramfs and sysupgrade
- tftpboot 0x2000000 seagate_blackarmor-nas220-initramfs-uImage
- bootm 0x2000000
- *OpenWrt should be running now, however it is not written to flash yet*
- From the running instance of OpenWrt use Luci's "flash image" feature
from the web site or use sysupgrade from the console to write
seagate_blackarmor-nas220-squashfs-sysupgrade.bin to flash
Option 2 - Install OpenWrt by flashing factory image from u-boot
- nand erase.part ubi
- tftpboot 0x2000000 seagate_blackarmor-nas220-squashfs-factory.bin
- nand write 0x2000000 ubi ${filesize}
- reset
Signed-off-by: Kip Porterfield <kip.porterfield@gmail.com>
FCC ID: A8J-ENSTAC
Engenius EnStationAC v1 is an outdoor wireless access point/bridge with
2 gigabit ethernet ports on 2 external ethernet switches,
5 GHz only wireless, internal antenna plates, and proprietery PoE.
Specification:
- QCA9557 SOC
- QCA9882 WLAN (PCI card, 5 GHz, 2x2, 26dBm)
- AR8035-A switch (RGMII GbE with PoE+ IN)
- AR8031 switch (SGMII GbE with PoE OUT)
- 40 MHz reference clock
- 16 MB FLASH MX25L12845EMI-10G
- 2x 64 MB RAM NT5TU32M16FG
- UART at J10 (unpopulated)
- internal antenna plates (19 dbi, directional)
- 7 LEDs, 1 button (power, eth, wlan, RSSI) (reset)
MAC addresses:
MAC addresses are labeled as ETH and 5GHz
Vendor MAC addresses in flash are duplicate
eth0 ETH *:d3 art 0x0/0x6
eth1 ---- *:d4 ---
phy0 5GHz *:d5 ---
Installation:
2 ways to flash factory.bin from OEM:
- if you get Failsafe Mode from failed flash:
only use it to flash Original firmware from Engenius
or risk kernel loop or halt which requires serial cable
Method 1: Firmware upgrade page:
OEM webpage at 192.168.1.1
username and password "admin"
Navigate to "Firmware" page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm and wait 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt uboot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9fd70000`
wait a minute
connect to ethernet and navigate to
"192.168.1.1/index.htm"
Select the factory.bin image and upload
wait about 3 minutes
Return to OEM:
If you have a serial cable, see Serial Failsafe instructions
otherwise, uboot-env can be used to make uboot load the failsafe image
*DISCLAIMER*
The Failsafe image is unique to Engenius boards.
If the failsafe image is missing or damaged this will not work
DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt
ssh into openwrt and run
`fw_setenv rootfs_checksum 0`
reboot, wait 3 minutes
connect to ethernet and navigate to 192.168.1.1/index.htm
select OEM firmware image from Engenius and click upgrade
TFTP recovery:
rename initramfs to 'vmlinux-art-ramdisk'
make available on TFTP server at 192.168.1.101
power board
hold or press reset button repeatedly
NOTE: for some Engenius boards TFTP is not reliable
try setting MTU to 600 and try many times
Format of OEM firmware image:
The OEM software of EnStationAC is a heavily modified version
of Openwrt Altitude Adjustment 12.09. One of the many modifications
is to the sysupgrade program. Image verification is performed
simply by the successful ungzip and untar of the supplied file
and name check and header verification of the resulting contents.
To form a factory.bin that is accepted by OEM Openwrt build,
the kernel and rootfs must have specific names...
openwrt-ar71xx-enstationac-uImage-lzma.bin
openwrt-ar71xx-enstationac-root.squashfs
and begin with the respective headers (uImage, squashfs).
Then the files must be tarballed and gzipped.
The resulting binary is actually a tar.gz file in disguise.
This can be verified by using binwalk on the OEM firmware images,
ungzipping then untaring.
Newer EnGenius software requires more checks but their script
includes a way to skip them, otherwise the tar must include
a text file with the version and md5sums in a deprecated format.
The OEM upgrade script is at /etc/fwupgrade.sh.
OKLI kernel loader is required because the OEM software
expects the kernel to be no greater than 1536k
and the factory.bin upgrade procedure would otherwise
overwrite part of the kernel when writing rootfs.
Note on PLL-data cells:
The default PLL register values will not work
because of the external AR8033 switch between
the SOC and the ethernet PHY chips.
For QCA955x series, the PLL registers for eth0 and eth1
can be see in the DTSI as 0x28 and 0x48 respectively.
Therefore the PLL registers can be read from uboot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x18050028 1` and `md 0x18050048 1`.
For eth0 at 1000 speed, the value returned was
ae000000 but that didn't work, so following
the logical pattern from the rest of the values,
the guessed value of a3000000 works better.
later discovered that delay can be placed on the PHY end only
with phy-mode as 'rgmii-id' and set register to 0x82...
Tested from master, all link speeds functional
Signed-off-by: Michael Pratt <mcpratt@pm.me>
[fixed SoB to match From:]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Device specifications:
* QCA IPQ4019
* 256 MB of RAM
* 32 MB of SPI NOR flash (w25q256)
- 2x 15 MB available; but one of the 15 MB regions is the recovery image
* 2T2R 2.4 GHz
- QCA4019 hw1.0 (SoC)
- requires special BDF in QCA4019/hw1.0/board-2.bin with
bus=ahb,bmi-chip-id=0,bmi-board-id=20,variant=PlasmaCloud-PA2200
* 2T2R 5 GHz (channel 36-64)
- QCA9888 hw2.0 (PCI)
- requires special BDF in QCA9888/hw2.0/board-2.bin
bus=pci,bmi-chip-id=0,bmi-board-id=16,variant=PlasmaCloud-PA2200
* 2T2R 5 GHz (channel 100-165)
- QCA4019 hw1.0 (SoC)
- requires special BDF in QCA4019/hw1.0/board-2.bin with
bus=ahb,bmi-chip-id=0,bmi-board-id=21,variant=PlasmaCloud-PA2200
* GPIO-LEDs for 2.4GHz, 5GHz-SoC and 5GHz-PCIE
* GPIO-LEDs for power (orange) and status (blue)
* 1x GPIO-button (reset)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x gigabit ethernet
- phy@mdio3:
+ Label: Ethernet 1
+ gmac0 (ethaddr) in original firmware
+ used as LAN interface
- phy@mdio4:
+ Label: Ethernet 2
+ gmac1 (eth1addr) in original firmware
+ 802.3at POE+
+ used as WAN interface
* 12V 2A DC
Flashing instructions:
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.
Signed-off-by: Marek Lindner <marek.lindner@kaiwoo.ai>
[sven@narfation.org: prepare commit message, rebase, use all LEDs, switch
to dualboot_datachk upgrade script, use eth1 as designated WAN interface]
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Device specifications:
* QCA IPQ4018
* 256 MB of RAM
* 32 MB of SPI NOR flash (w25q256)
- 2x 15 MB available; but one of the 15 MB regions is the recovery image
* 2T2R 2.4 GHz
- QCA4019 hw1.0 (SoC)
- requires special BDF in QCA4019/hw1.0/board-2.bin with
bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=PlasmaCloud-PA1200
* 2T2R 5 GHz
- QCA4019 hw1.0 (SoC)
- requires special BDF in QCA4019/hw1.0/board-2.bin with
bus=ahb,bmi-chip-id=0,bmi-board-id=17,variant=PlasmaCloud-PA1200
* 3x GPIO-LEDs for status (cyan, purple, yellow)
* 1x GPIO-button (reset)
* 1x USB (xHCI)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x gigabit ethernet
- phy@mdio4:
+ Label: Ethernet 1
+ gmac0 (ethaddr) in original firmware
+ used as LAN interface
- phy@mdio3:
+ Label: Ethernet 2
+ gmac1 (eth1addr) in original firmware
+ 802.3af/at POE(+)
+ used as WAN interface
* 12V/24V 1A DC
Flashing instructions:
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.
Signed-off-by: Marek Lindner <marek.lindner@kaiwoo.ai>
[sven@narfation.org: prepare commit message, rebase, use all LEDs, switch
to dualboot_datachk upgrade script, use eth1 as designated WAN interface]
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Device specifications:
* Qualcomm/Atheros QCA9533 v2
* 650/600/217 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash (mx25l12805d)
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
- eth0
+ Label: Ethernet 1
+ 24V passive POE (mode B)
+ used as WAN interface
- eth1
+ Label: Ethernet 2
+ 802.3af POE
+ builtin switch port 2
+ used as LAN interface
* 12-24V 1A DC
* external antennas
Flashing instructions:
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Device specifications:
* Qualcomm/Atheros QCA9533 v2
* 650/600/217 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash (mx25l12805d)
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4 GHz Wi-Fi
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
- eth0
+ Label: Ethernet 1
+ 24V passive POE (mode B)
+ used as WAN interface
- eth1
+ Label: Ethernet 2
+ 802.3af POE
+ builtin switch port 2
+ used as LAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
FCC ID: A8J-ECB350
Engenius ECB350 v1 is an indoor wireless access point with a gigabit ethernet port,
2.4 GHz wireless, external antennas, and PoE.
**Specification:**
- AR7242 SOC
- AR9283 WLAN 2.4 GHz (2x2), PCIe on-board
- AR8035-A switch RGMII, GbE with 802.3af PoE
- 40 MHz reference clock
- 8 MB FLASH 25L6406EM2I-12G
- 32 MB RAM
- UART at J2 (populated)
- 2 external antennas
- 3 LEDs, 1 button (power, lan, wlan) (reset)
**MAC addresses:**
MACs are labeled as WLAN and WAN
vendor MAC addresses in flash are duplicate
phy0 WLAN *:b8 ---
eth0 WAN *:b9 art 0x0/0x6
**Installation:**
- if you get Failsafe Mode from failed flash:
only use it to flash Original firmware from Engenius
or risk kernel loop or halt which requires serial cable
Method 1: Firmware upgrade page:
OEM webpage at 192.168.1.1
username and password "admin"
Navigate to "Firmware" page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm and wait 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt uboot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9f670000`
wait a minute
connect to ethernet and navigate to
"192.168.1.1/index.htm"
Select the factory.bin image and upload
wait about 3 minutes
**Return to OEM:**
If you have a serial cable, see Serial Failsafe instructions
otherwise, uboot-env can be used to make uboot load the failsafe image
*DISCLAIMER*
The Failsafe image is unique to Engenius boards.
If the failsafe image is missing or damaged this will not work
DO NOT downgrade to ar71xx this way, it can cause kernel loop or halt
ssh into openwrt and run
`fw_setenv rootfs_checksum 0`
reboot, wait 3 minutes
connect to ethernet and navigate to 192.168.1.1/index.htm
select OEM firmware image from Engenius and click upgrade
**TFTP recovery** (unstable / not reliable):
rename initramfs to 'vmlinux-art-ramdisk'
make available on TFTP server at 192.168.1.101
power board while holding or pressing reset button repeatedly
NOTE: for some Engenius boards TFTP is not reliable
try setting MTU to 600 and try many times
**Format of OEM firmware image:**
The OEM software of ECB350 v1 is a heavily modified version
of Openwrt Kamikaze. One of the many modifications
is to the sysupgrade program. Image verification is performed
by the successful ungzip and untar of the supplied file
and name check and header verification of the resulting contents.
To form a factory.bin that is accepted by OEM Openwrt build,
the kernel and rootfs must have specific names
and begin with the respective headers (uImage, squashfs).
Then the files must be tarballed and gzipped.
The resulting binary is actually a tar.gz file in disguise.
This can be verified by using binwalk on the OEM firmware images,
ungzipping then untaring.
The OEM upgrade script is at /etc/fwupgrade.sh.
OKLI kernel loader is required because the OEM software
expects the kernel size to be no greater than 1536k
and otherwise the factory.bin upgrade procedure would
overwrite part of the kernel when writing rootfs.
The factory upgrade script follows the original mtd partitions.
**Note on PLL-data cells:**
The default PLL register values will not work
because of the AR8035 switch between
the SOC and the ethernet port.
For AR724x series, the PLL register for GMAC0
can be seen in the DTSI as 0x2c.
Therefore the PLL register can be read from u-boot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x1805002c 1`
However the registers that u-boot sets are not ideal and sometimes wrong...
the at803x driver supports setting the RGMII clock/data delay on the PHY side.
This way the pll-data register only needs to handle invert and phase.
for this board no extra adjustements are needed on the MAC side
all link speeds functional
Signed-off-by: Michael Pratt <mcpratt@pm.me>
FCC ID: A8J-ECB1200
Engenius ECB1200 is an indoor wireless access point with a GbE port,
2.4 GHz and 5 GHz wireless, external antennas, and 802.3af PoE.
**Specification:**
- QCA9557 SOC MIPS, 2.4 GHz (2x2)
- QCA9882 WLAN PCIe card, 5 GHz (2x2)
- AR8035-A switch RGMII, GbE with 802.3af PoE, 25 MHz clock
- 40 MHz reference clock
- 16 MB FLASH 25L12845EMI-10G
- 2x 64 MB RAM 1538ZFZ V59C1512164QEJ25
- UART at JP1 (unpopulated, RX shorted to ground)
- 4 external antennas
- 4 LEDs, 1 button (power, eth, wifi2g, wifi5g) (reset)
**MAC addresses:**
MAC Addresses are labeled as ETH and 5GHZ
U-boot environment has the vendor MAC addresses
MAC addresses in ART do not match vendor
eth0 ETH *:5c u-boot-env ethaddr
phy0 5GHZ *:5d u-boot-env athaddr
---- ---- ???? art 0x0/0x6
**Installation:**
Method 1: Firmware upgrade page:
OEM webpage at 192.168.1.1
username and password "admin"
Navigate to "Firmware" page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm and wait 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt uboot with any key pressed rapidly
(see TFTP recovery)
perform a sysupgrade
**Serial Access:**
the RX line on the board for UART is shorted to ground by resistor R176
therefore it must be removed to use the console
but it is not necessary to remove to view boot log
optionally, R175 can be replaced with a solder bridge short
the resistors R175 and R176 are next to the UART pinout at JP1
**Return to OEM:**
If you have a serial cable, see Serial Failsafe instructions
Unlike most Engenius boards, this does not have a 'failsafe' image
the only way to return to OEM is TFTP or serial access to u-boot
**TFTP recovery:**
Unlike most Engenius boards, TFTP is reliable here
rename initramfs-kernel.bin to 'ap.bin'
make the file available on a TFTP server at 192.168.1.10
power board while holding or pressing reset button repeatedly
or with serial access:
run `tftpboot` or `run factory_boot` with initramfs-kernel.bin
then `bootm` with the load address
**Format of OEM firmware image:**
The OEM software of ECB1200 is a heavily modified version
of Openwrt Altitude Adjustment 12.09.
This Engenius board, like ECB1750, uses a proprietary header
with a unique Product ID. The header for factory.bin is
generated by the mksenaofw program included in openwrt.
**Note on PLL-data cells:**
The default PLL register values will not work
because of the AR8035 switch between
the SOC and the ethernet port.
For QCA955x series, the PLL registers for eth0 and eth1
can be see in the DTSI as 0x28 and 0x48 respectively.
Therefore the PLL registers can be read from uboot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x18050028 1` and `md 0x18050048 1`.
However the registers that u-boot sets are not ideal and sometimes wrong...
the at803x driver supports setting the RGMII clock/data delay on the PHY side.
This way the pll-data register only needs to handle invert and phase.
for this board clock invert is needed on the MAC side
all link speeds functional
Signed-off-by: Michael Pratt <mcpratt@pm.me>
FCC ID: A8J-ESR750H
Engenius ESR600H is an indoor wireless router with a gigabit switch,
2.4 GHz and 5 GHz wireless, internal and external antennas, and a USB port.
**Specification:**
- RT3662F MIPS SOC, 5 GHz WMAC (2x2)
- RT5392L PCI on-board, 2.4 GHz (2x2)
- AR8327 RGMII, 7-port GbE, 25 MHz clock
- 40 MHz reference clock
- 8 MB FLASH 25L6406EM2I-12G
- 64 MB RAM
- UART at J12 (unpopulated)
- 2 internal antennas (5 GHz)
- 2 external antennas (2.4 GHz)
- 9 LEDs, 1 button (power, wps, wifi2g, wifi5g, 5 LAN/WAN)
- USB 2 port (GPIO controlled power)
**MAC addresses:**
MAC Addresses are labeled as WAN and WLAN
U-boot environment has the the vendor MAC address for ethernet
MAC addresses in "factory" are part of wifi calibration data
eth0.2 WAN *:13:e7 u-boot-env wanaddr
eth0.1 ---- *:13:e8 u-boot-env wanaddr + 1
phy0 WLAN *:14:b8 factory 0x8004
phy1 ---- *:14:bc factory 0x4
**Installation:**
Method 1: Firmware upgrade page
OEM webpage at 192.168.0.1
username and password "admin"
Navigate to Network Setting --> Tools --> Firmware
Click Browse and select the factory.dlf image
Click Continue to confirm and wait 6 minutes or more...
Method 2: Serial console to load TFTP image:
(see TFTP recovery)
**Return to OEM:**
Unlike most Engenius boards, this does not have a 'failsafe' image
the only way to return to OEM is serial access to uboot
Unlike most Engenius boards, public images are not available...
so the only way to return to OEM is to have a copy
of the MTD partition "firmware" BEFORE flashing openwrt.
**TFTP recovery:**
Unlike most Engenius boards, TFTP is reliable here
however it requires serial console access
(soldering pins to the UART pinouts)
build your own image...
with 'ramdisk' selected under 'Target Images'
rename initramfs-kernel.bin to 'uImageESR-600H'
make the file available on a TFTP server at 192.168.99.8
interrupt boot by holding or pressing '4' in serial console
as soon as board is powered on
`tftpboot 0x81000000`
`bootm 0x81000000`
perform a sysupgrade
**Format of OEM firmware image:**
This Engenius board uses the Senao proprietary header
with a unique Product ID. The header for factory.bin is
generated by the mksenaofw program included in openwrt.
.dlf file extension is also required for OEM software to accept it
**Note on using OKLI:**
the kernel is now too large for the bootloader to handle
so OKLI is used via the `kernel-loader` image command
recently in master several other ramips boards have the same problem
'Kernel panic - not syncing: Failed to find ralink,rt3883-sysc node'
see commit ad19751edc
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Currently, EAPOLv2 (802.1X-2004) is used by default for legacy clients that
are not WPA2 (RSN) capable. These legacy clients are often intolerant to this
EAPOL version and fail to connect.
hostapd.conf upstream documents for eapol_version the following and that this
is a known compatibility issue with version 2:
// IEEE 802.1X/EAPOL version
// hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
// version 2. However, there are many client implementations that do not handle
// the new version number correctly (they seem to drop the frames completely).
// In order to make hostapd interoperate with these clients, the version number
// can be set to the older version (1) with this configuration value.
// Note: When using MACsec, eapol_version shall be set to 3, which is
// defined in IEEE Std 802.1X-2010.
//eapol_version=2
For the wpa parameter, hostapd.conf upstream documents that this is a bitfield,
configured as follows:
// Enable WPA. Setting this variable configures the AP to require WPA (either
// WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
// wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
// Instead of wpa_psk / wpa_passphrase, wpa_psk_radius might suffice.
// For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
// RADIUS authentication server must be configured, and WPA-EAP must be included
// in wpa_key_mgmt.
// This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
// and/or WPA2 (full IEEE 802.11i/RSN):
// bit0 = WPA
// bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
// Note that WPA3 is also configured with bit1 since it uses RSN just like WPA2.
// In other words, for WPA3, wpa=2 is used the configuration (and
// wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK).
//wpa=2
For client compatibility therefore:
EAPOLv1 (802.1X-2001) should be used by default where WPA is enabled.
EAPOLv2 (802.1X-2004) should be used by default where WPA is disabled.
To fix this, we can therefore change in the script:
set_default eapol_version 0
To the following:
set_default eapol_version $((wpa & 1))
This therefore:
1) Sets eapol_version to 1 where WPA has been enabled via wpa bit0 being set.
2) Sets eapol_version to 0 where WPA has been disabled via wpa bit0 being unset.
For usual configurations that only have WPA2 enabled, EAPOLv2 is then used.
Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
Testing with hwsim reveals two problems:
1. phyX/addresses has two addresses and mac80211_get_addr keeps
returning the last one when asked for more;
2. The base address has the local bit set and the operation unsets it.
Fix both.
Fixes: 866790fd82
Reported-by: Zero_Chaos
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Flush kernel memory caches during sysupgrade in order
to mitigate the impact from memory consumption spikes
in low-RAM devices.
This may help to prevent sysupgrade causing a reboot
before the actual flashing starts.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This fixes error when host GCC >= 10.
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
The patch removes a libpcap check to avoid a problem with libpcap. Fix
libpcap instead.
Modernize Makefile:
Use a normal autoconf bool instead of checking for CONFIG_IPV6.
Remove old configure and MAKE_FLAGS hacks. Removing them results in
compilation continuing to work without a problem.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
pcap-config as installed is using OS paths instead of OpenWrt ones.
Take fix from libpng and adjust as needed.
This problem seems to occur on Arch Linux and not on Debian/Fedora
based distros. No idea why.
Remove CMAKE_INSTALL as there is now an InstallDev section.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
0fdfef9aa7ee68ddd508aef7c98630cfc054f8d6 upstream removed CIFS_SMB311.
Kernels 4.19 and above do not have it. Currently only kernels 4.19 and
5.4 are in the tree.
The Kconfig file in the kernel has more selection that what is in here.
Add the rest and reorder based on upstream ordering.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The paths are pointing to OS paths, not OpenWrt ones. Use SED line from
libpng to fix and adjust accordingly.
This may allow certain packages that use the config file to pick up pcre.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Updated ABI_VERSION.
Switched PKG_BUILD_PARALLEL on as there seems to be no issue anymore.
I can't find any information about why it was turned off.
Fixed license information.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
hostapd.sh does not parse skip_inactivity_poll boolean from
/etc/config/wireless despite being mentioned in the documentation [1].
This change fixes this, and by default sets its value to 0 [1].
[1] https://openwrt.org/docs/guide-user/network/wifi/basic
Signed-off-by: Nadim Atiya <nadim.atiya@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[fix and reformat commit message, make patch apply]
Commit "initramfs: switch to tmpfs to fix ujail" switched initramfs to
now use tmpfs, it causes $(rootfs_type) to now return tmpfs when
running initramfs image instead of being empty.
This broke initramfs detection which prevents config files from
being saved as it does not work from initramfs.
So, lets test for $(rootfs_type) returning "tmpfs" instead.
Fixes: 7fd3c68 ("initramfs: switch to tmpfs to fix ujail)
Signed-off-by: Robert Marko <robimarko@gmail.com>
So we can ship px5g-wolfssl by default in the release image, but still
make the HTTPS for LuCI optional. This small change with addition of
`CONFIG_PACKAGE_px5g-wolfssl=y` into the buildbot's seed config for the
next release should provide optional HTTPS in the next release.
Disabling the current default automatic uhttpd's redirect to HTTPS
should make the HTTPS optional. That's it, user would either need to
switch to HTTPS by manually switching to https:// protocol in the URL or
by issuing the following commands to make the HTTPS automatic redirect
permanent:
$ uci set uhttpd.main.redirect_https=1
$ uci commit uhttpd
$ service uhttpd reload
Signed-off-by: Petr Štetiar <ynezz@true.cz>
MIPS 32 bit support for sanitizer was added with GCC 9, MIPS 64 bit and
ARC are still not supported in GCC 10.
Deactivate them for now and change this when we change the default
compiler to GCC 9 or later.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7f53d68b1af9 mt76: mt7615: add debugfs knob for setting extended local mac addresses
1a2547b27dfc mt76: do not set NEEDS_UNIQUE_STA_ADDR for 7615 and 7915
2741fd071bb7 mt76: mt7915: support 32 station interfaces
709f2cd77810 mt76: mt7915: fix processing txfree events
434940e08233 mt76: mt7915: measure channel noise and report it via survey
236326896589 mt76: mt7615: retry if mt7615_mcu_init returns -EAGAIN
b5c593b63f4c mt76: mt7663s: move tx/rx processing in the same txrx workqueue
75157b59ae4e mt76: mt7663s: convert txrx_work to mt76_worker
6dc67b058e2a mt76: mt7663s: disable interrupt during txrx_worker processing
b381729626bb mt76: sdio: convert {status/net}_work to mt76_worker
9cb12f7042cc mt76: mt7915: fix DRR sta bss group index
75977a85e844 mt76: mt7915: disable OFDMA/MU-MIMO UL
6cdebe805862 mt76: rename __mt76_mcu_send_msg to mt76_mcu_send_msg
eb9afae96b65 mt76: rename __mt76_mcu_skb_send_msg to mt76_mcu_skb_send_msg
8c73f3b15ada mt76: implement .mcu_parse_response in struct mt76_mcu_ops
fcfbb046c2f3 mt76: move mcu timeout handling to .mcu_parse_response
477caa196ffe mt76: move waiting and locking out of mcu_ops->mcu_skb_send_msg
a4d71501bad6 mt76: make mcu_ops->mcu_send_msg optional
80c310c59ad1 mt76: mt7603: switch to .mcu_skb_send_msg
082b26181013 mt76: implement functions to get the response skb for MCU calls
ee40800df2e4 mt76: mt7915: move eeprom parsing out of mt7915_mcu_parse_response
d33943baac47 mt76: mt7915: query station rx rate from firmware
b8874e8756d9 mt76: add back the SUPPORTS_REORDERING_BUFFER flag
633ae5961db6 mt76: mt7615: enable beacon filtering by default for offload fw
9a203fea3540 mt76: mt7615: introduce quota debugfs node for mt7663s
f9ae638af7e2 mt76: mt7663s: get rid of mt7663s_sta_add
1a5758d894d0 mt76: mt7663s: fix a possible ple quota underflow
dea10c03316f mt76: sdio: get rid of sched.lock
eb4c09957938 mt76: mt7915: set fops_sta_stats.owner to THIS_MODULE
594890b11155 mt76: mt7915: update ppe threshold
8884a5def518 mt76: mt7915: rename mt7915_mcu_get_rate_info to mt7915_mcu_get_tx_rate
33b89f4a1bf4 mt76: set fops_tx_stats.owner to THIS_MODULE
4d019c9672ec sync with upstream changes
35e3cd1db479 mt76: mt7603: fix ED/CCA monitoring with single-stream devices
4f9f79b085b1 wireless: mt76: convert tasklets to use new tasklet_setup() API
20e8cf935ed0 mt76: dma: fix possible deadlock running mt76_dma_cleanup
36089a655f58 mt76: mt7915: fix sparse warning cast from restricted __le16
68c4eedafd61 mt76: fix memory leak if device probing fails
9a1a0a4dec71 mt76: mt7603: add additional EEPROM chip ID
01b943295719 mt76: move mt76_mcu_send_firmware in common module
0aee4999902a mt76: mt7663s: introduce WoW support via GPIO
79ebad117325 mt76: switch to wep sw crypto for mt7615/mt7915
af139725193a mt76: fix tkip configuration for mt7615/7663 devices
664e66b35c0b mt76: mt7615: run key configuration in mt7615_set_key for usb/sdio devices
f675358267d6 mt76: mt76u: rely on woker APIs for rx work
b9f9c16cb1bd mt76: mt76u: use dedicated thread for status work
cdeb1b29cd15 mt76: testmode: switch ib and wb rssi to array type for per-antenna report
0a898c0549b6 mt76: testmode: add snr attribute in rx statistics
3ea9a0433bcc mt76: testmode: add tx_rate_stbc parameter
73427ebbbd27 mt76: testmode: add support for LTF and GI combinations for HE mode
88ebccfe8a39 mt76: mt7915: fix tx rate related fields in tx descriptor
9909c0551e4c mt76: testmode: add support for HE rate modes
03ed0909f922 mt76: mt7915: implement testmode tx support
0aa696834a9c mt76: mt7915: implement testmode rx support
5ed3a34b46ce mt76: mt7915: add support to set txpower in testmode
f86361654e94 mt76: mt7915: add support to set tx frequency offset in testmode
64a765be750a mt76: mt7915: make mt7915_eeprom_read static
9b48c13b52f7 mt76: mt7915: use BIT_ULL for omac_idx
27227fd57ea7 mt76: mt7915: remove unused mt7915_mcu_bss_sync_tlv()
cd795267612d mt76: mt7615: support 16 interfaces
82da525ad0c8 mt76: mt7615: refactor usb/sdio rate code
b9a50da503ad mt76: mt7915: rely on eeprom definitions
c79d18723df0 mt76: move mt76_init_tx_queue in common code
b0b221e91445 mt76: sdio: introduce mt76s_alloc_tx_queue
caba5a99e5ae mt76: sdio: rely on mt76_queue in mt76s_process_tx_queue signature
3ed4aad81ce9 mt76: mt7663s: rely on mt76_queue in mt7663s_tx_run_queue signature
216cf8b28579 mt76: dma: rely on mt76_queue in mt76_dma_tx_cleanup signature
0f9350bef1b5 mt76: rely on mt76_queue in tx_queue_skb signature
8932975be066 mt76: introduce mt76_init_mcu_queue utility routine
b0eb7edcc624 mt76: rely on mt76_queue in tx_queue_skb_raw signature
ccd62467d0f3 mt76: move mcu queues to mt76_dev q_mcu array
2e217fb9e962 mt76: move tx hw data queues in mt76_phy
576647f2ec6a mt76: mt7915: fix endian issues
e881fd67c718 mt76: move band capabilities in mt76_phy
c728cecd7b77 mt76: rely on mt76_phy in mt76_init_sband_2g and mt76_init_sband_5g
231ef27697f9 mt76: move band allocation in mt76_register_phy
8aa24c91b13b mt76: move hw mac_addr in mt76_phy
b436da4d9d92 mt76: mt7915: introduce dbdc support
1e34a02c2dcb mt76: mt7915: get rid of dbdc debugfs knob
d8e681bd3268 mt76: mt7615: fix rdd mcu cmd endianness
19c9e277eff6 mt76: mt7915: fix memory leak in mt7915_mcu_get_rx_rate()
e361b6a71e4b mt76: improve tx queue stop/wake
fb24e5f2305b mt76: mt7915: stop queues when running out of tx tokens
066cc441eb8f mt76: attempt to free up more room when filling the tx queue
93c806a34ec2 mt7915: fix minor issues in the token queue blocking change
c017e329a326 mt76: mt7915: ensure that init work completes before starting the device
9e9da427b8a6 mt76: mt7915: fix polling firmware-own status
5cd805ddfb25 mt76: add more conditions for stopping tx scheduling
aa893c73bf85 mt76: mt7915; increase txq memory limit for non-DBDC 7915 cards to 32 MiB
e44b7c91070e mt76: skip queue stop/wake, rely entirely on txq scheduling
6c6a5c59c101 mt76: mt7915: do not set DRR group for stations
510cb5be1bf7 mt76: usb: remove wake logic in mt76u_status_worker
34f318a25421 mt76: sdio: remove wake logic in mt76s_process_tx_queue
4a90fdf6105e mt76: mt76s: fix NULL pointer dereference in mt76s_process_tx_queue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The PKG_MIRROR_HASH was not updated when updating the package.
Fixes: f75c70aeca ("nat46: update to latest git HEAD")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Cleanup Makefile for consistency with other ones.
Remove PKG_SSP. It can be fixed with -lssp_nonshared.
Add PKG_BUILD_PARALLEL for faster compilation.
Add zlib dependency. 1.5.0 requires it now.
Refresh patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2c843b2bc04c Add initial GitLab CI support
073f89f567c0 uclient-fetch: wolfSSL: fix certificate validation
086c292160ac uclient-fetch: init_ca_cert: fix memory leak
a3c1a88b031a cmake: enable extra compiler checks
32ff717ed316 uclient-http: fix extra compiler warnings on mips_24kc and cortex-a9+neon
86a2ac6ac46f uclient-fetch: fix potential memory leaks
158dd9dd289c uclient: fix initialized but never read variable
66b4420856a7 uclient-fetch: fix statement may fallt hrough
436f9b3af2ad uclient-http: fix freeing of stack allocated memory
e6b5b8a98ce2 Fix extra compiler warnings
12df67e45bb0 Add basic cram based unit tests
b6e34845124f cmake: fix building out of the tree
Signed-off-by: Petr Štetiar <ynezz@true.cz>
68d09243b6fd Add initial GitLab CI support
8280140db9d1 wolfssl: remove now deprecated compatibility code
cee6791b362a ustream-mbedtls: fix certificate verification
55c3fd89d508 ustream-mbedtls: implement set_require_validation
c6b4c48689a3 ustream-openssl: wolfSSL: fix certificate validation
3bc05402bfab cmake: enable extra compiler checks
cd2c3d12db43 ustream-mbedtls: fix comparison of integers of different signs
5896991e46a3 ustream-openssl: fix BIO_method memory leak
2c342ae57c5b ustream-openssl: fix wolfSSL includes
fa8ecd6ed140 cmake: fix linking when mbed TLS not in default paths
63656f81045f cmake: fix linking when wolfSSL not in default paths
c26f71e844df cmake: fix building out of the tree
Signed-off-by: Petr Štetiar <ynezz@true.cz>
gcc 10 defaults to -fno-common, which causes an error
when linking.
Back-port the following Linux kernel commit to fix it:
e33a814e772c (scripts/dtc: Remove redundant YYLOC global declaration)
Tested on an Arch Linux host with gcc 10.1.0
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
0c6fb90 jffs2-reset: allow doing a factory reset and passing a sysupgrade.tgz
4862530 mount: restorecon: guard against execl() errors
f415323 block: replace local mkdir_p implementation
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add new utility function mkdir_p(char *path, mode_t mode) to replace
the partially buggy implementations found accross fstools and procd.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
You shouldn't need the overhead of GRE just to add multicast
capability on a point-to-point interface (for instance, you might
want to run mDNS over IPsec transport connections, and Avahi
requires IFF_MULTICAST be set on interfaces, even point-to-point
ones).
Borrowed heavily from:
b3c9321b9e gre: Support multicast configurable gre interfaces
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Fixes: CVE-2020-1971, defined as high severity, summarized as:
NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS
attack.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This add support for USB-to-Ethernet Aquantia AQtion
5/2.5GbE adapters based on the AQC111U controllers.
Run-tested: x86
Adapter-tested: Sabrent NT-SS5G
Signed-off-by: Marty Jones <mj8263788@gmail.com>
Bump package version after previous changes.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
binary size cost is much less than 1k.
tested on ath79/generic:
bin: 215128 -> 215132 (+4b)
ipk: 111183 -> 111494 (+311b)
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
this commit removes manual recipes for options and introduces mapping lists:
- DB_OPT_COMMON holds option mappings which are common for all builds;
- DB_OPT_CONFIG holds option mappings which are depend on config settings.
DB_OPT_COMMON is space-separated list of 'words', each of them is in format:
'header_option|value'
'header_option' is added with value 'value' to 'localoptions.h'.
if 'header_option' is preceded by two exclamation marks ('!!')
then option is not added to 'localoptions.h' but replaced in 'sysoptions.h'.
in short:
option|value - add option to localoptions.h
!!option|value - replace option in sysoptions.h
DB_OPT_CONFIG is space-separated list of 'words', each of them is in format:
'header_option|config_variable|value_enabled|value_disabled'
'header_option' is handled likewise in DB_OPT_COMMON.
if 'config_variable' is enabled (technically: not disabled)
then 'header_option' is set to 'value_enabled' and 'value_disabled' otherwise.
in short:
option|config|enabled|disabled = add option to localoptions.h
!!option|config|enabled|disabled = replace option in sysoptions.h
option := (config) ? enabled : disabled
If you're not sure that option's value doesn't have '|' within - add your recipe
manually right after '$(Build/Configure/dropbear_headers)' and write some words
about your decision.
PS about two exclamation marks:
early idea was to use one exclamation mark to denote such header options
but then i thought single exclamation mark may be overlooked by mistake.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- add two helper functions to avoid mistakes with
choice of correct header file to work with
- update rules accordingly
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
put static options at first place, then place configurable options.
also put DROPBEAR_ECC right before DROPBEAR_ECC_FULL to ease maintainance.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
this option was disabled in 2011 and these long nine years showed us that change was definitely wrong.
binary size cost is much less than 1k.
tested on ath79/generic:
bin: 215128 -> 215128 (no change)
ipk: 111108 -> 111183 (+75b)
Fixes: 3c801b3dc0 ("tune some more options by default to decrease size")
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
This dd flag ensures that the requested size
is retrieved from pipes or special filesystems (if available).
Without this flag, on multi-core systems,
Piped or special filesystem data can be truncated
when a size greater than PIPE_BUF is requested.
Fixes: FS#3494
Fixes: 7557e7f ("package/base-files: caldata: work around dd's
limitation")
Cc: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>