This change adds the configuration option to build and include
the nft_queue kernel module, which allows traffic to be queued up
to userspace from an nftables rule
Tested-by: Sébastien Delafond sdelafond@gmail.com
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
this patch fixes/improves follows:
- PATTERN_LEN is defined as a macro but unused
- redundant logic in count-up for "ptn"
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
The source date epoch is the only reproducible date close to the actual
build date. It can be used for tooling like the firmware wizard to show
the image age.
Signed-off-by: Paul Spooren <mail@aparcar.org>
On some systems I see the issue that crond dies after a few days.
Simply letting procd respawn the process is a simple safety-net.
Signed-off-by: Bruno Randolf <br1@einfach.org>
5c36293f06 resolv: Serialize processing in resolv/tst-resolv-txnid-collision
2dfa659a66 resolv: Handle transaction ID collisions in parallel queries (bug 26600)
05c025abca support: Provide a way to clear the RA bit in DNS server responses
f688bcd83d support: Provide a way to reorder responses within the DNS test server
eba0ce6058 Remove __warndecl
5337b2af4b Remove __warn_memset_zero_len [BZ #25399]
c6e794640c aarch64: Add unwind information to _start (bug 26853)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Add support for the following devices:
- Xiaomi Mi Wi-Fi Router 3G v2
- Xiaomi Mi Router 4A Gigabit Edition
Signed-off-by: Antonis Kanouras <antonis@metadosis.eu>
[add explicit case for 4A, bump PKG_RELEASE,
improve commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This device has previously been supported by the image
for Xiaomi Mi Router 3G v2. Since this is not obvious, the
4A is marketed as a new major revision and it also seems to
have a different bootloader, this will be both more tidy and
more helpful for the users.
Apart from that, note that there also is a 100M version of
the device that uses mt7628 platform, so a specifically named
image will also prevent confusion in this area.
Specifications:
- SoC: MediaTek MT7621
- Flash: 16 MiB NOR SPI
- RAM: 128 MiB DDR3
- Ethernet: 3x 10/100/1000 Mbps (switched, 2xLAN + WAN)
- WIFI0: MT7603E 2.4GHz 802.11b/g/n
- WIFI1: MT7612E 5GHz 802.11ac
- Antennas: 4x external (2 per radio), non-detachable
- LEDs: Programmable "power" LED (two-coloured, yellow/blue)
Non-programmable "internet" LED (shows WAN activity)
- Buttons: Reset
Installation:
Bootloader won't accept any serial input unless "boot_wait" u-boot
environment variable is changed to "on".
Vendor firmware won't accept any serial input until "uart_en" is
set to "1".
Using the https://github.com/acecilia/OpenWRTInvasion exploit you
can gain access to shell to enable these options:
To enable uart keyboard actions - 'nvram set uart_en=1'
To make uboot delay boot work - 'nvram set boot_wait=on'
Set boot delay to 5 - 'nvram set bootdelay=5'
Then run 'nvram commit' to make the changes permanent.
Once in the shell (following the OpenWRTInvasion instructions) you
can then run the following to flash OpenWrt and then reboot:
'cd /tmp; curl https://downloads.openwrt.org/...-sysupgrade.bin
--output firmware.bin; mtd -e OS1 -r write firmware.bin OS1'
Suggested-by: David Bentham <db260179@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
E600G v2 based on Qualcomm/Atheros QCA9531
Specification:
- 650/600/200 MHz (CPU/DDR/AHB)
- 128/64 MB of RAM (DDR2)
- 8/16 MB of FLASH (SPI NOR)
- 2T2R 2.4 GHz
- 2 x 10/100 Mbps Ethernet(RJ45)
- 1 x MiniPCI-e
- 1 x SIM (3G/4G)
- 5 x LED , 1 x Button(SW2-Reset Buttun), 1 x power input
- UART(J100) header on PCB(115200 8N1)
E600GAC v2 based on Qualcomm/Atheros QCA9531 + QCA9887
Specification:
- 650/600/200 MHz (CPU/DDR/AHB)
- 128/64 MB of RAM (DDR2)
- 8/16 MB of FLASH (SPI NOR)
- 2T2R 2.4 GHz
- 1T1R 5 GHz
- 2 x 10/100 Mbps Ethernet(RJ45)
- 6 x LED (one three-color led), 2 x Button(SW2-Reset Buttun),1 x power input
- UART (J100)header on PCB(115200 8N1)
Flash instruction:
1.Using tftp mode with UART connection and original OpenWrt image
- Configure PC with static IP 192.168.1.10 and tftp server.
- Rename "openwrt-ath79-generic-xxx-squashfs-sysupgrade.bin"
to "firmware.bin" and place it in tftp server directory.
- Connect PC with one of LAN ports, power up the router and press
key "Enter" to access U-Boot CLI.
- Use the following commands to update the device to OpenWrt:
run lfw
- After that the device will reboot and boot to OpenWrt.
- Wait until all LEDs stops flashing and use the router.
2.Using httpd mode with Web UI connection and original OpenWrt image
- Configure PC with static IP 192.168.1.xxx(2-255) and tftp server.
- Connect PC with one of LAN ports,press the reset button, power up
the router and keep button pressed for around 6-7 seconds, until
leds flashing.
- Open your browser and enter 192.168.1.1,You will see the upgrade
interface, select "openwrt-ath79-generic-xxx-squashfs-
sysupgrade.bin" and click the upgrade button.
- After that the device will reboot and boot to OpenWrt.
- Wait until all LEDs stops flashing and use the router.
Signed-off-by: 张鹏 <sd20@qxwlan.com>
[rearrange in generic.mk, fix one case in 04_led_migration, update
commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The file lacks executable permissions, which makes it not being applied
during the first boot.
While at it, drop unneeded include.
Signed-off-by: Piotr Jurkiewicz <piotr.jerzy.jurkiewicz@gmail.com>
[do not touch board name handling, update commit message/title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* noise: take lock when removing handshake entry from table
This is a defense in depth patch backported from upstream to account for any
future issues with list node lifecycles.
* netns: check that route_me_harder packets use the right sk
A test for an issue that goes back to before Linux's git history began. I've
fixed this upstream, but it doesn't look possible to put it into the compat
layer, as it's a core networking problem. But we still test for it in the
netns test and warn on broken kernels.
* qemu: drop build support for rhel 8.2
We now test 8.3+.
* compat: SYM_FUNC_{START,END} were backported to 5.4
* qemu: bump default testing version
The real motivation for this version bump: 5.4.76 made a change that broke our
compat layer.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Remove deferred sampling code which does not work well with rate tables +
probing.
Fix tx status handling if the first invalid rate idx is not set to -1
Signed-off-by: Felix Fietkau <nbd@nbd.name>
3023b0cc7352 bridge: add support for defining port member vlans via hotplug ops
a3016c451248 vlan: add pass-through hotplug ops that pass the VLAN info to the bridge
d59f3ddcbaf0 vlandev: add pass-through hotplug ops that pass the VLAN info to the bridge
dd5e61153636 bridge: show vlans in device status
a56e14afa612 bridge: preserve hotplug ports on vlan update if config is unchanged
d1e8884f8911 bridge: fix use-after-free bug on bridge member free
3a2b21001c3c system-dummy: set present state only for simple devices
ed11f0c0ffe4 bridge: only overwrite implicit vlan assignment if vlans are configured
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Allow configuring ipsets with dedicated config sections:
config ipset
list name 'ss_rules_dst_forward'
list name 'ss_rules6_dst_forward'
list domain 't.me'
list domain 'telegram.org'
instead of current, rather inconvenient syntax:
config dnsmasq
...
list ipset '/t.me/telegram.org/ss_rules_dst_forward,ss_rules6_dst_forward'
Current syntax will still continue to work though.
With this change, a LuCI GUI for DNS ipsets should be easy to implement.
Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
This patch adds support for D-Link DIR-2640 A1.
Specifications:
* Board: AP-MTKH7-0002
* SoC: MediaTek MT7621AT
* RAM: 256 MB (DDR3)
* Flash: 128 MB (NAND)
* WiFi: MediaTek MT7615N (x2)
* Switch: 1 WAN, 4 LAN (Gigabit)
* Ports: 1 USB 2.0, 1 USB 3.0
* Buttons: Reset, WPS
* LEDs: Power (blue/orange), Internet (blue/orange), WiFi 2.4G (blue),
WiFi 5G (blue), USB 3.0 (blue), USB 2.0 (blue)
Notes:
* WiFi 2.4G and WiFi 5G LEDs are wired directly to the wireless chips
Installation:
* D-Link Recovery GUI: power down the router, press and hold the reset
button, then re-plug it. Keep the reset button pressed until the power
LED starts flashing orange, manually assign a static IP address under
the 192.168.0.xxx subnet (e.g. 192.168.0.2) and go to http://192.168.0.1
* Some modern browsers may have problems flashing via the Recovery GUI,
if that occurs consider uploading the firmware through cURL:
curl -v -i -F "firmware=@file.bin" 192.168.0.1
MAC addresses:
lan factory 0xe000 *:a7 (label)
wan factory 0xe006 *:aa
2.4 factory 0xe000 +1 *:a8
5.0 factory 0xe000 +2 *:a9
Seems like vendor didn't replace the dummy entries in the calibration data.
Signed-off-by: James McGuire <jamesm51@gmail.com>
[fix device definition title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The comment content can be useful for readers of both the log and code
Previously when dd command "records in/out" messages are not filtered
like now with get_image_dd, it's not clear that these messages are for
extracting boot sectors. E.g.
Before
== upgrade: Reading partition table from bootdisk...
37+26 records in
37+26 records out
== upgrade: Reading partition table from image...
After
== upgrade: Reading partition table from bootdisk...
== upgrade: Extract boot sector from the image
37+26 records in
37+26 records out
== upgrade: Reading partition table from image...
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The intent is to make it sound more like info level message, not some
error like "404 not found". x86 target at the moment makes image with
only signature but no metadata (ref commit f8141216 "x86: append
metadata to combined images").
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Reviewed-By: Philip Prindeville <philipp@redfish-solutions.com>
This will have at least the following effects
- Log lines will have common prefix
- They will be output to stderr instead of stdout
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This is mainly to handle stderr message "Broken pipe", "F+P records
in/out" by common pattern "xcat | dd .."
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3140
Reported-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Reviewed-By: Philip Prindeville <philipp@redfish-solutions.com>
Manually rebased patches:
bcm27xx:
patches-5.4/950-0267-xhci-add-quirk-for-host-controllers-that-don-t-updat.patch
bcm53xx:
patches-5.4/180-usb-xhci-add-support-for-performing-fake-doorbell.patch
layerscape:
patches-5.4/802-can-0025-can-flexcan-add-LPSR-mode-support-for-i.MX7D.patch
patches-5.4/808-i2c-0002-MLK-10893-i2c-imx-add-irqf_no_suspend.patch
patches-5.4/820-usb-0016-MLK-16735-usb-host-add-XHCI_CDNS_HOST-flag.patch
Removed since could be reverse-applied by quilt:
mediatek:
patches-5.4/0700-arm-dts-mt7623-add-missing-pause-for-switchport.patch
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711, x86_64
Run-tested: ipq806x/R7800, x86_64
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86_64]
Rebase of 802-can-0025-can-flexcan-add-LPSR-mode-support-for-i.MX7D.patch
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Due to the use of LD_LIBRARY_PATH, the programs running in the fakeroot
environment may end up loading bundled SDK libraries using the system
ld.so.
Rework the relocatability patch to avoid meddling with LD_LIBRARY_PATH
and construct the paths to faked and libfakeroot.so directly.
Fixes: f93cb5c2c8 ("fakeroot: make fakeroot script relocatable")
Reviewed-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Althought most of the switches aren't routers, they can be used as such,
so let's add some of the packages from the router's DEVICE_TYPE. While
at it, remove swconfig package which is not needed on DSA targets.
Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Without an absolute path to staging_dir/host/bin/sstrip the Makefile
tries to run a host installed version of sstrip, which is likely not
available.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The uhttpd package takes care of creating self-signed certificates if
px5g is installed. This improves the security of router management as it
encrypts the LuCI connection.
The EC P-256 curve is faster than RSA which which improves the user
experience on embedded devices. EC P-256 is support for as old devices
as Android 4.4.
Signed-off-by: Paul Spooren <mail@aparcar.org>
mkhash currently returns the hash of an empty input when trying to hash
a folder. This can be missleading in caseswhere e.g. an env variable is
undefined which should contain a filename. `mkhash ./path/to/$FILE`
would exit with code 0 and return a legit looking checksum.
A better behaviour would be to fail with exit code 1, which imitates the
behaviour of `md5sum` and `sha256sum`.
To avoid hashing of folders the `stat()` is checked.
Hashing empty inputs result in the following checksums:
md5: d41d8cd98f00b204e9800998ecf8427e
sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Signed-off-by: Paul Spooren <mail@aparcar.org>
If hashing a file fails mkhash shouldn't just silently fail. Now check
after each call of `hash_file()` the return and exit early in case of
errors. The return value which was previously ignored and would always
return 0.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The -n option prints the filename of hashed files next to the calculated
checksum. Reflect that in the usage message.
user@dawn:~/src/openwrt/openwrt$ ./a.out md5 -n .config
eb06db36e7b6751cb18801945e46bf5d .config
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fixes following dtc warning:
../dts/rtl838x.dtsi:38.3-145.3: Warning (reg_format): /: Root node has a "reg" property
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Hardware specification
----------------------
* RTL8382M SoC, 1 MIPS 4KEc core @ 500MHz
* 128MB DRAM
* 32MB NOR Flash (MX25L25635E)
* 24 x 10/100/1000BASE-T ports
- Internal PHY with 8 ports (RTL8218B)
- Two external PHYs with 8 ports each (RTL8218B)
* 4 x Gigabit RJ45/SFP Combo ports
- External PHY with 4 SFP ports (RTL8214FC)
* Power LED
* Reset button on front panel
* UART (115200 8N1) via unpopulated standard 0.1" pin header marked J6
UART pinout
-----------
[oooo]J3 [o]ooo|J6
| ^ ||`------ GND
| | |`------- RX
| | `-------- TX
| `---------- Vcc (3V3)
|
`------------------ J3 is power input connector nearby J6 UART
Boot initramfs image from U-Boot
--------------------------------
1. Press Escape key during `Hit Esc key to stop autoboot` prompt
2. Press CTRL+C keys to get into real U-Boot prompt
3. Init network with `rtk network on` command
4. Load image with `tftpboot 0x8f000000 openwrt-rtl838x-generic-d-link_dgs-1210-28-initramfs-kernel.bin` command
5. Boot the image with `bootm` command
To install, upload the sysupgrade image to the OEM webpage or sysupgrade
from the system running from initramfs image.
It has been developed and tested on device with F1 revision.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
So the common bits can be easily shared with other boards in the family
and while at it add missing SPDX license identifiers into the DTS files
and fixed alphabetic sorting of the devices in the images.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
If only AP mode is needed, this is currently the most space-efficient way to
provide support for WPA{2,3}-PSK, 802.11w and 802.11r.
openwrt-ath79-generic-ubnt_nanostation-loco-m-squashfs-sysupgrade.bin sizes:
4719426 bytes (with wpad-basic-wolfssl)
4457282 bytes (with hostapd-basic-wolfssl)
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>