Instead of creating host-routes depending on fwmark as (accidentally)
pushed by commit
1e8bb50b93 ("wireguard: do not add host-dependencies if fwmark is set")
use a new config option 'nohostroute' to explicitely prevent creation
of the route to the endpoint.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The 'fwmark' option is used to define routing traffic to
wireguard endpoints to go through specific routing tables.
In that case it doesn't make sense to setup routes for
host-dependencies in the 'main' table, so skip setting host
dependencies if 'fwmark' is set.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The 4.14.108 bump introduced a missing dependency when building
specific netfilters.
Thsi was not seen as the error does not occur on all targets.
Thanks to Jo-Philipp Wich for providing the fix
Fixes: af6c86dbe5 ("kernel: bump 4.14 to 4.14.108")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The script always exits with value 0, even if some of the commands fail.
This can potentially create broken, unbootable images, e.g. when
make_ext4fs fails due to TARGET_KERNEL_PARTSIZE being too small for the
kernel. Avoid this by failing the script when any command fails.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This refreshes the current kernel configuration to remove unneeded
options, add some automatically added ones and reorders them. The normal
build did this automatically, so the builds already used this
configuration.
CONFIG_HW_RANDOM_OMAP is explicitly activated for the cortexa72
subtarget because it has an inside-secure,safexcel-eip76 IP core.
This was done with this command on the cortexa9 subtarget:
make kernel_oldconfig
and this one on the other subtargets:
make kernel_oldconfig CONFIG_TARGET=subtarget
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
- limit ECC support to ec*-sha2-nistp256:
* DROPBEAR_ECC now provides only basic support for ECC
- provide full ECC support as an option:
* DROPBEAR_ECC_FULL brings back support for ec{dh,dsa}-sha2-nistp{384,521}
- update feature costs in binary size
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* option "keyfile" is more generic than "rsakeyfile".
* option "rsakeyfile" is considered to be deprecated and should be removed
in future releases.
* warn user (in syslog) if option "rsakeyfile" is used
* better check options ("rsakeyfile" and "keyfile"): don't append
"-r keyfile" to command line if file is absent (doesn't exist or empty),
warn user (in syslog) about such files
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Felix Fietkau pointed out that bundled libtomcrypt/libtommath do funny stuff with CFLAGS.
fix this with checking environment variable OPENWRT_BUILD in both libs.
change in dropbear binary size is drastical: 221621 -> 164277.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
compiler complains about messed up CFLAGS in build log:
<command-line>: warning: "_FORTIFY_SOURCE" redefined
<command-line>: note: this is the location of the previous definition
and then linker fails:
mips-openwrt-linux-musl-gcc [...] -o dropbearmulti [...]
collect2: fatal error: ld terminated with signal 11 [Segmentation fault]
compilation terminated.
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans0.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans1.ltrans.o: relocation R_MIPS_HI16 against `ses' can not be used when making a shared object; recompile with -fPIC
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans2.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550
[...]
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550
make[3]: *** [Makefile:198: dropbearmulti] Error 1
make[3]: *** Deleting file 'dropbearmulti'
make[3]: Leaving directory '/build_dir/target-mips_24kc_musl/dropbear-2018.76'
make[2]: *** [Makefile:158: /build_dir/target-mips_24kc_musl/dropbear-2018.76/.built] Error 2
make[2]: Leaving directory '/package/network/services/dropbear'
This FTBFS issue was caused by hardening flags set up by dropbear's configure script.
By default, Dropbear offers hardening via CFLAGS and LDFLAGS,
but this may break or confuse OpenWrt settings.
Remove most Dropbear's hardening settings in favour of precise build,
but preserve Spectre v2 mitigations:
* -mfunction-return=thunk
* -mindirect-branch=thunk
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Release notes since last time:
Release notes for wave-1:
- 2019-03-12: Add btcoex feature flag for 2.4Ghz only adapters,
backported from upstream 10.2 firmware.
- 2019-03-12: Support offloading decrypt of PMF blockack frames
to the host. This lets us do blockack with PMF and
rx-sw-crypt. Normal hwcrypt scenarios would not need this.
Release notes for wave-2:
- 2019-03-12: Fix crash when tearing down VI TID when pending frames
exist. Could reproduce this while doing rmmod when VI
traffic was flowing and PMF was enabled but broken.
Bad luck could rarely cause it to happen in more normal
config too.
- 2019-03-12: Support offloading decrypt of PMF blockack frames to
the host. This lets us do blockack with PMF and
rx-sw-crypt. Normal hwcrypt scenarios would not need this.
- 2019-03-12: Re-work problematic patch that attempted to fix transmit
on non-QOS tids. It appears buggy in several ways,
hopefully improved now. This was introduced last fall.
See github bug 78.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This problem exposed when compiling glibc, but applicable across the
board. gcc compiles runtime libraries for all supported architectures,
unless otherwise specified, and later selects applicable library based
-m[arch,cpu,*] options, thus these options should not be passed to gcc
as they break the compilation process.
Signed-off-by: Boris Krasnovskiy <borkra@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[modified so it only touches ARM - I'm too chicken, changed authors email]
Set the toolchain's ARM CPU and FPU architectures by utilizing' gcc's
--with-cpu / --with-fpu configure options that: "Specify which cpu
variant the compiler should generate code for by default. cpu will
be used as the default value of the -mcpu= switch."
This will resolve the following kernel compilation failures under
gcc 8.x on ARM because the kernel wants to set (possibly conflicting)
optimization flags.
.../ccyVnmrs.s:204: Error: selected processor does not support `dmb ish' in ARM mode
.../ccyVnmrs.s:215: Error: architectural extension `mp' is not allowed for the current base architecture
.../ccyVnmrs.s:216: Error: selected processor does not support `pldw [r4]' in ARM mode
Because this is a big change, the .config and toolchain need to be
refreshed (as in removed and regenerated).
Reported-by: Ansuel Smith <ansuelsmth@gmail.com>
Reported-by: Daniel Engberg <daniel.engberg.lists@pyret.net> [#1203]
Signed-off-by: Boris Krasnovskiy <borkra@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [extended commit message,
removed now-deprecated CPU_CFLAGS, changed author to gmail address]
This patch adds a ChromiumOS 3.18 patch [0] that fixes memory
allocation issues under memory pressure by keeping track
of missed allocs and rectify the omission at a later date.
It also adds ethtool counters for memory allocation
failures accounting so this can be verified.
[0] <d4e1e4ce68>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Some broken ISPs (e.g. Comcast) send DHCPv6 packets with hop limit=0.
This trips up the TTL=0 check in the PPE if enabled.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
COMFAST CF-E5/E7 is a outdoor 4G LTE AP with PoE support, based on
Qualcomm/Atheros QCA9531.
Short specification:
2x 10/100 Mbps Ethernet, with 24v PoE support
64 MB of RAM (DDR2)
16 MB of FLASH (SPI)
2T2R 2.4 GHz, 802.11b/g/n
built-in 1x 3 dBi antennas
output power (max): 80 mW (19 dBm)
Qucetel EC20 LTE MODULE(1x external detachable antenna)
Flash instruction:
Original firmware is based on OpenWrt.
Use sysupgrade image directly in vendor GUI.
Signed-off-by: Ding Tengfei <dtf@comfast.cn>
[commit subject fix]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This commit adds support for TP-Link TL-WR710N v1 router.
CPU: Atheros AR9331 400MHz
RAM: 32MB
FLASH: 8MiB
PORTS: 1 Port 100/10 LAN (connected to a switch), 1 Port 100/10 WAN
WiFi: Atheros AR9331 1x2:1 bgn
USB: ChipIdea HDRC USB2.0
LED: SYS
BTN: Reset
Sysupgrade from `ar71xx` works without glitches.
Network interfaces assigned for LAN and WAN ports are `eth1` and `eth0`
respectively, what's consistent with `ar71xx` target. Wireless radio
path is automatically upgraded from `platform/ar933x_wmac` to
`platform/ahb/18100000.wmac`.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
This adds support for the Chinese version of TL-WR941N v7.
It uses QCA9558+AR8236 while the international version
uses TP9343 instead.
Specification:
- SoC: Qualcomm Atheros QCA9558
- Flash: 4 MB
- RAM: 64 MB
- Ethernet: Atheros AR8236 with 5 FE ports
Flash instruction:
Upload the generated factory firmware on web interface.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
This allows users to specify a shorter mib poll interval so that the
swconfig leds could behave normal with current get_port_stats()
implementation.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
This applies to ar8216 and ar8236. QCA's newer U-boot will enable
the switch mdio master for FE switches which makes phy inaccessible
from CPU mdio. (e.g. on TP-Link TL-WR941N v7 Chinese version which
uses QCA9558+AR8236.) For these devices PHY probing is broken and
mdio device probing is a must. We also need to disable switch mdio
master in driver for later PHY initialization.
Do a soft reset during hw_init so that mdio master can be disabled
and expose PHYs to CPU mdio for later PHY accessing.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
ar8xxx_mib_capture will update mib counters for all ports. Current
code only update one port at a time and the data for other ports
are lost.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Partially reverts commit eff3549c58.
AR7240 and AR9341 have buggy hardware switch LED trigger. The AR7240
one doesn't blink and the blinking of port0/port5 is reversed on
AR9341 if we swap PHY0 and PHY4. (Only blinking is reversed, which
means LED for PHY0 will lit when PHY0 is link up and will blink when
PHY4 has active link and vice versa.) On these two chips a software
swconfig LED trigger is required.
This commit adds swconfig port stats back but:
1. move checking of mib_t/rxb_id into ar8xxx_chip since we can't
distinguish ar7240sw and ar8216 using only chip id.
2. don't update mib counter in get_port_stat. This function is called
every 0.01s and this capturing procedure will take up a lot of CPU.
We already have a mib_work_func updating mib counters every 2s so
return the saved counter instead of fetching new data. The blinking
rate will be weird but it should solve the previously mentioned CPU
time problem.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
This builtin switch is a bugless ar8216 with different mib counters
and gigabit cpu port.
Atheros uses the same device ID and it's impossible to distinguish
the standalone one and the builtin one. So we add support to mdio
device probe only.
This switch doesn't have buggy vlan tag so it's not needed to enable
atheros header. This commit changed ar8216_setup_port so that it can
be reused for this switch.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Atheros FE switches have a builtin mdio master available for PHY
accessing and on ar724x/ar933x builtin switches this mdio master
is the only way of accessing PHYs.
After this patch if there is phy_read/phy_write method available
in ar8xxx_chip we register a separated mdio bus for accessing PHYs.
Still adds support for mdio device probing only since this isn't
needed for those switches registered using PHY probing.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
ar8229 is the builtin switch in ar934x and later chips. There is
also a standalone version available and their registers/functions
are the same.
This commit added support for the builtin ar8229. The only thing
missing for standalone ar8229 should be phy modes. Since I don't
have a router using that, this commit doesn't add support for
other phy modes.
Only add its support for mdio-device probing method because the
current PHY probing can't return 1G speed when it's a FE switch.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>