Commit Graph

53313 Commits

Author SHA1 Message Date
Jo-Philipp Wich
edb41fea66 firewall4: update to latest Git HEAD
16a1070 fw4.uc: handle zone masq6 option
5f61dbf ruleset: fix chain selection for mark and dscp targets
0bc844b ruleset: properly deal with wildcards in zone device selectors
101988d fw4: fix family comparisons
127dbc0 ruleset: emit AF specific rules for DSCP matches
d63cb89 fw4: fix parsing inverted numeric DSCP values
8c8a867 fw4: fix wrong `parse_network()` return value on `parse_subnet()` failure
f85bb2d ruleset: consolidate zone matches for raw_prerouting and raw_output chains
5669bc7 fw4: consolidate device grouping logic
94f03e0 ruleset: properly render redirect targets without port
fff9779 fw4: fix family selection logic for redirect rules
ca88fcd tests: update interface dump mock data
e60bb4b ruleset: support non-contiguous address masks
8fec51a fw4: fix potential crashes when parsing invalid redirect sections
c08eb44 fw4: fix redirect destination zone resolving
0df6ba0 fw4: fix address selection logic for DNAT reflection rules
60a2518 tests: add test coverage for redirect rules
e479eff fw4: add RFC-8622 'Least Effort' (LE) DSCP mark
ac8a737 ruleset: remove redundant syn check
bd5dc4b tests: run testcases in strict mode
3ee6a5c ruleset: fix undeclared variable access uncovered by strict mode

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-28 19:13:37 +01:00
Jo-Philipp Wich
0a29133b1f ucode: update to latest Git HEAD
c6dae42 LICENSE: add ISC license file
402f603 lib: introduce struct library
dcb6ffd struct: fix PowerPC specific compiler pragma name
a0512ea treewide: fix typo in exported function names and types
eaaaf88 nl80211: fix wiphy dump reply merge logic
e6efadb fs: add utility functions
54ef6c0 nl80211: fix premature netlink reply receive abort
07802f3 syntax: disallow keywords in object property shorthand notation
3489b75 vm: support object property access on resource value types
dc8027c types: consider resource prototypes when marking reachable objects
5680fab treewide: fix upvalue reference type name
0d29b25 treewide: fix "resource" misspellings
99fdafd vm: introduce value registry
66f7c00 ubus: add support for async requests
5c77dd5 fs: implement fdopen(), file.fileno() and proc.fileno()
b605dbf treewide: rework numeric value handling
599d233 vallist: store double values in a platform neutral manner
5bb9ab7 struct: reuse double packing routines from core
2fd7ab5 vm: optimize string concatenation
eafa321 lib: implement uniq() function
6b2e79a types: add initial infrastructure for function serialization
725bb75 compiler, vm: use a program wide constant list
6c2caf9 source: refactor source file handling
371ba45 program: implement support for precompiling source files
3578afe build: support building without compile capabilities
61d0a34 lib: replace usages of vasprintf() with xvasprintf()
03b6a8e syntax: drop legacy syntax support
01132db lib: fix %J string formats with precision specifier
3f44c42 lib: rework format string handling
a1b3c5d struct: implement `*` format, fix invalid memory accesses
34a04a2 run_tests.sh: fix exitcode evaluation
abe38e7 run_tests.sh: add ability to define environment variables for testcases
04fa2ba tests: reorganize testcase files
6a55d10 lib: fix exists() error return value
aa860a3 vm: fix `null` loose equality/inequality checks
3f6d199 vallist: uc_number_parse(): parse empty strings as `0`, not `NaN`
ddc5aa7 vm: fix NaN strict equality tests

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-28 19:13:37 +01:00
Stijn Tintel
a47f152943 ramips: enable I2C_CHARDEV in mt7621/config-5.10
I2C_CHARDEV used to be enabled in mt7621/config-5.4. Enable it in the
5.10 config, as it's required for PoE control on Unifi Switch Flex.

Fixes: b4aad29a1d ("ramips: add support for kernel 5.10")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-01-28 19:03:52 +02:00
Chuanhong Guo
c06482489d kernel: 5.10: drop broken-flash-reset patch
Flash accessing instruction templates are determined during probe since
v5.6 for spimem-dirmap support in spi-nor driver in upstream commit:
df5c21002cf4 ("mtd: spi-nor: use spi-mem dirmap API")
As a result, changing bus_width on the fly doesn't work anymore and this
patch will cause executing spi-mem ops with 3-byte address on 16-32M
flash area.
We can't easily revert that behavioral change upstream so drop the patch
to prevent u-boot and eeprom from being erased.

Fixes: b10d604459("kernel: add linux 5.10 support")
Reported-by: Frank Di Matteo <dimatto@foxmail.com>
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2022-01-28 21:03:10 +08:00
Daniel Golle
ebeb003470
firmware-utils: update to git HEAD of 2022-01-28
6c95945 ptgen: add Chromium OS kernel partition support
 8e7274e cros-vbutil: add Chrome OS vboot kernel-signing utility

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-28 13:00:25 +00:00
Florian Fainelli
17135ae091 perf: Depend on libbfd and libopcodes when enabled
bpftool will enabled libbfd and libopcodes which gets picked up by perf
as libraries to link against. Add those missing dependencies when either
of these packages are enabled.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2022-01-27 20:16:57 -08:00
Felix Fietkau
3869ccbcc8 tools: build bash on macOS and use it for ipkg-build
On macOS, system binaries silently drop the environment variables for injecting
extra shared libraries (used by fakeroot). This is done for security reasons.
Work around this by building bash from source, so that it gets an ad-hoc signature
and does not have these restrictions

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-01-27 13:38:48 +01:00
Felix Fietkau
1d4750fd50 tools/coreutils: build chown
On ARM macOS, injecting extra shared libraries does not work for system
binaries. This causes fakeroot to fail for chown calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-01-27 13:38:48 +01:00
Felix Fietkau
53ebacacf9 tools/fakeroot: fix unresolved symbols on arm64 macOS
The $INODE64 symbol variants are not present, since the base system
always uses 64-bit file offsets

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-01-27 13:38:48 +01:00
Felix Fietkau
0ac0840088 sdk: ship llvm toolchain
This allows ebpf packages like qosify to be built with it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-01-27 11:32:56 +01:00
Tiago Gaspar
ef4c97576b netfilter: correct some dependencies
nf-nathelper-extra and nf-conntrack-netlink had iptables related
dependencies, yet, when looking for the respective kernel symbols and
checking it's dependencies it was confirmed that iptables wasn't
required and that these were either it's own moodule or tool independent
(nftables or iptables).

Correct these and make sure no unneeded extras are pulled in.

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
2022-01-27 09:56:40 +01:00
David Bauer
2b583ab8a7 rockchip: disable UHS modes for NanoPi R4S
The NanoPi R4S leaves the SD card in 1.8V signalling when rebooting
while U-Boot requires the card to be in 3.3V mode.

Remove UHS support from the SD controller so the card remains in 3.3V
mode. This reduces transfer speeds but ensures a reboot whether from
userspace or following a kernel panic is always working.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-01-27 01:44:28 +01:00
Paul Spooren
d8c5406a93 meta: create FUNDING.yml
By adding this file a badge should appear in the GitHub web interface to
motivate people donate money to the OpenWrt project.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-01-26 10:34:02 +01:00
Daniel Golle
f5865452ac
mediatek: mt7623: include regular AHCI PCI driver
The legacy image for the UniElec U7623-02 until now included
kmod-ata-ahci-mtk. The MT7623 chip doesn't have that IP and that
board uses a PCIe-connected AHCI controller for the SATA port and
mSATA-pins of the mPCIe socket. Hence include kmod-ata-ahci instead.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-25 00:38:28 +00:00
Felix Fietkau
ebc36ebb23 scripts/feeds: install targets to target/linux/feeds and support overriding
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-01-24 13:29:05 +01:00
Felix Fietkau
0bdf8d1206 scripts/feeds: fix installing targets without explicitly specifying the feed
Add similar code to what is done on packages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-01-24 13:29:05 +01:00
Felix Fietkau
1404b3c3e6 build: increase scan depth for finding targets
This allows targets to be put into target/linux/feeds

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-01-24 13:29:05 +01:00
Felix Fietkau
f8bc8fa377 build: change PYTHON to python3
On recent macOS, /usr/bin/python3 is a wrapper that finds the right python executable
It checks argv[0] to determine if python2 or python3 should be called. Always execute
it as python3 to ensure it calls the right version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-01-24 13:29:05 +01:00
Robert Marko
b8ef54f5da ipq40xx: drop 5.4 kernel
Since 5.10 is now default, no point in keeping
5.4 around.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2022-01-24 12:07:42 +01:00
Daniel Golle
145d896e0e
uboot-mediatek: update to version 2022.01
Tested on BananaPi R2 (SD, eMMC), BananaPi R64 (SD, eMMC, SPI-NAND) and
UniElec U7623-02 (eMMC).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 20:20:53 +00:00
Daniel Golle
f5278bf820
mediatek: store random MAC address in U-Boot env on first boot
For devboards without a MAC address assigned from factory, store
the random MAC in U-Boot env on first boot to make it persistent.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 20:20:47 +00:00
Daniel Golle
31872a38be
uboot-envtools: add configuration for UniElec U7623 board
Add U-Boot env settings to allow accessing the environment using
fw_printenv and fw_setenv tools on the UniElec U7623 board.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 20:20:42 +00:00
Daniel Golle
1ee75dd290
mediatek: mt7623: rework images for U7623-02 board
Users of older OpenWrt versions need sysupgrade using the *emmc.img.gz
file once which will upgrade U-Boot and switch to the new image layout.
Users of the vendor firmware need to first flash the legacy image to
then sunsequently carry out a full-flash upgrade.

Alternatively the board can also be flashed using MediaTek's
proprietary SP Flash Tool.

Configuration as well as persistent MAC address will be lost once at
this point and you will have to redo (or restore) all configuration
manually. To restore the previous persistent MAC address users may set
it manually using

fw_setenv ethaddr 00:11:22:33:44:55

For future upgrades once running OpenWrt past this commit, the usual
*sysupgrade.itb file can be used.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 20:20:37 +00:00
Daniel Golle
213b406ae3
uboot-mediatek: update build for the U7623-02 board
Brings bootmenu and production/recovery dual-boot scheme like on
the BPi-R2, BPi-R64, E8450 and UniFi 6 LR.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 19:48:42 +00:00
Daniel Golle
4356e2b58a
mediatek: add common DTS aliases for UniElec U7623 board
* Use serial0 instead of serial2 for the only serial port
 * Add LED aliases
 * Add ethernet0 alias to inherit ethaddr from U-Boot env

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 19:48:36 +00:00
Daniel Golle
8a324fb759
uml: make use of 'rootfs-part' feature
Use 'rootfs-part' feature instead of referencing the TARGET_uml in
Config-images.in.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 19:48:31 +00:00
Daniel Golle
d05ac928f6
sunxi: make use of 'rootfs-part' feature
Use 'rootfs-part' feature instead of referencing the TARGET_sunxi in
Config-images.in.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 19:48:25 +00:00
Daniel Golle
3a69b4bbb9
omap: make use of 'rootfs-part' feature
Use 'rootfs-part' feature instead of referencing the TARGET_omap in
Config-images.in.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 19:48:20 +00:00
Daniel Golle
a40b4d335a
mediatek: use CONFIG_TARGET_ROOTFS_PARTSIZE
Enable 'rootfs-part' feature to make the size of the partition of the
production image configurable instead of hard-coding it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-01-23 19:48:07 +00:00
Hans Dedecker
7edd10f9df netifd: update to git HEAD
ed71876 iprule: add support for uidrange

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2022-01-23 18:54:16 +01:00
Jo-Philipp Wich
3d3d03479d ucode: add temporary fix for integer formatting on 32bit systems
The ucode VM always passes 64bit integer values to sprintf implementation
while the `%d` format expects 32bit integers on 32bit platforms, leading
to incorrect formatting results.

Temporarily solve the issue by casting the numeric argument to int until
a more thorough fix arrives with the next update.

Fixes: FS#4234
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-01-23 00:57:58 +01:00
Victorien Molle
af8a059bb4 ath79: add support for GL.iNet GL-XE300
The GL.iNet GL-XE300 is a 4G LTE Wireless router, based on QCA9531 SoC.

Specifications:

 - SoC: QCA9531 (650MHz)
 - RAM: DDR2 128M
 - Flash: SPI NOR 16M + SPI NAND 128M
 - WiFi: 2.4GHz with 2 antennas
 - Ethernet:
   - 1x LAN (10/100M)
   - 1x WAN (10/100M)
 - LTE:
 - USB: 1x USB 2.0 port
 - UART:
   - 3.3V, TX, RX, GND / 115200 8N1

MAC addresses as verified by OEM firmware:

 use    address   source
 LAN    *:c5      art 0x0 (label)
 WAN    *:c6      label + 1
 WLAN   *:c7      art 0x1002

Installation via U-Boot rescue:

1. Press and hold reset and power buttons simultaneously
2. Wait for the LAN led to blink 5 times
3. Release reset and power buttons
4. The rescue page is accessible via http://192.168.1.1
5. Select the OpenWrt factory image and start upgrade
6. Wait for the router to flash new firmware and reboot

Revert to stock firmware:

 i. Download the stock firmware from GL.Inet website
 ii. Use the same method explained above to flash the stock firmware

Signed-off-by: Victorien Molle <victorien.molle@wifirst.fr>
[update commit message]
Signed-off-by: David Bauer <mail@david-bauer.net>
2022-01-22 01:17:16 +01:00
Rodrigo Araujo
7c8ade1765 ramips: correct vendor name for COMFAST/Joowin
When Joowin WR758AC V1 and V2 devices were added, they should have been
added with the primary manufacturer name which is COMFAST, since Joowin
is just an alternate vendor name on some coutries or stores.

Fix this by changing the the vendor name on the respective files and set
Joowin as ALT0 variants while ensuring compatibility for early users.
Also adjust the model names to better follow the naming rules.

As a side effect, fix mt76x8 network script which was left incorrectly
unsorted on the case block conditions.

Fixes: 766733e172 ("ramips: add support for Joowin WR758AC V1 and V2")
Signed-off-by: Rodrigo Araujo <araujo.rm@gmail.com>
2022-01-22 01:17:04 +01:00
David Bauer
ef5f3eb700 ramips: read Tenbay T-MB5EU address from single location
Currently the WAN MAC address is read from a different offset contrary
to all other addresses.

There's conflicting information whether offset 0x28 on the factory
partition contains the valid WAN mac for all devices while 0x4 seems to
be uniform.

Read the WAN mac from this location and calculate it.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-01-22 01:16:56 +01:00
David Bauer
b0c04a37e4 ramips: update Tenbay T-MB5EU wireless MAC address
The current MAC address assignment is still incorrect.

Use the same MAC address as seen on the stock firmware
for both wireless interfaces.

The 5GHz MAC address OUI is +2 in the first EUI octet. We currently
don't do this in OpenWrt. Ignore this offset for now. With the current
assignment, recurring MAC addresses between radios is already taken care
of.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-01-22 01:16:49 +01:00
Hauke Mehrtens
6ae657e459 util-linux: Add taskset
This adds the taskset application from util Linux.
It is already built, but not packaged yet.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
2022-01-21 23:53:00 +01:00
Hauke Mehrtens
71bdff9139 ltq-vdsl-mei: Remove static linking
This removes -static compile option. The -static option tells GCC to
link this statically with the libc, which we do not want in OpenWrt. We
want to link everything dynamically to the libc. This fixes a compile
problem with glibc.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-01-21 23:09:24 +01:00
David Woodhouse
408b6558e4 ipq806x: Netgear D7800: Fix RAM and enable PCIe #2
This board has 512MiB of RAM like the R7800, and the VDSL modem is
attached to the second PCIe port.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2022-01-21 17:18:35 +00:00
Matthew Hagan
46ce629fe0 ipip: add 'nohostroute' option
Add the nohostroute option as available for gre and wg tunnels to
allow the user to prevent explicit creation of a route to the peer
address.

Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
2022-01-19 20:57:59 +01:00
Denis Kalashnikov
ec85e48a11 ath79: add support for reset key on MikroTik RB912UAG-2HPnD
On MikroTik RB91x board series a reset key shares SoC gpio
line #15 with NAND ALE and NAND IO7. So we need a custom
gpio driver to manage this non-trivial connection schema.
Also rb91x-nand needs to have an ability to disable a polling
of the key while it works with NAND.

While we've been integrating rb91x-key into a firmware, we've
figured out that:
* In the gpio-latch driver we need to add a "cansleep" suffix to
several gpiolib calls,
* When gpio-latch and rb91x-nand fail to get a gpio and an error
is -EPROBE_DEFER, they shouldn't report about this, since this
actually is not an error and occurs when the gpio-latch probe
function is called before the rb91x-key probe.
We fix these related things here too.

Signed-off-by: Denis Kalashnikov <denis281089@gmail.com>
Reviewed-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2022-01-19 16:40:12 +01:00
Paul Spooren
522e414dcb layerscape: switch to 5.10 Kernel
Tested by multiple users and since all targets need to be on Kernel 5.10
to be part of the next release, add changes.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-01-19 09:44:26 +01:00
Paul Spooren
08d9f6e302 build: switch to firewall4 by default
This commit replaces firewall aka firewall3 with its nftables based
successor firewall4.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-01-19 09:20:22 +01:00
Klaus Kudielka
431f379e9d mvebu: cortexa9: Fix board.d/01_leds
Fix syntax error in the case statement

Fixes: 9149ed4f05 ("mvebu: cortexa9: Add support for Ctera C200-V2")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
2022-01-18 20:13:14 +01:00
Sungbo Eo
266b5c83c3 ipq40xx: rename RT-AC42U WLAN/LAN LEDs
Assign LED numbers properly by adding function-enumerator property in DTS.

While at it, remove default trigger of LAN LEDs as it will be handled in
01_leds anyway.

Fixes: 51b9aef553 ("ipq40xx: add support for ASUS RT-ACRH17/RT-AC42U")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-01-17 20:38:43 +09:00
Sungbo Eo
e257405c1b ipq40xx: image: remove unused DTB_SIZE variable
It is not included in DEVICE_VARS anyways.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-01-17 20:38:43 +09:00
Ansuel Smith
88204bfa82 treewide: drop use of which
Ubuntu started to flag which as deprecated and it
seems which is not really standard and may vary
across Distro.
Drop the use of which and use the standard 'command -v'
for this simple task.
Which is still present in the prereq if some package/script
still use which.
A utility script called command_all.sh is implemented that
will just mimic the output of which -a.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2022-01-17 09:14:26 +01:00
Sergey V. Lobanov
87d489f67a build: add HOST_CXXFLAGS for host build
Added HOST_CXXFLAGS to specify CXXFLAGS during host-compile
(e.g. to specify c++ standard: HOST_CXXFLAGS += -std=c++11)

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-01-16 22:13:46 +01:00
Hauke Mehrtens
f1d4c77766 firmware-utils: update to latest master
d885b49 tplink-safeloader: support Archer C6v3.0 (BR)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-01-16 21:56:51 +01:00
Hauke Mehrtens
e74529552c ustream-ssl: update to Git version 2022-01-16
868fd88 ustream-openssl: wolfSSL: Add compatibility for wolfssl >= 5.0

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-01-16 21:51:21 +01:00
Alexey Smirnov
e23ca355b0 omap: add support for the TRNG Hardware Accelerator
According to TI docs (Processor SDK Linux Getting Started Guide)
the Random Number Generator hardware is found on
OMAP16xx, OMAP2/3/4/5, AM33xx/AM43xx boards. It already
defined in device tree files. Let's enable it.

Some tests:

root@RTS1_OI:~# rngtest -c 1000 </dev/hwrng
rngtest 6.10
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 999
rngtest: FIPS 140-2 failures: 1
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 1
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=198.710; avg=1265.501; max=2976.417)Kibits/s
rngtest: FIPS tests speed: (min=1.780; avg=37.085; max=39.736)Mibits/s
rngtest: Program run time: 15961329 microseconds

Signed-off-by: Alexey Smirnov <s.alexey@gmail.com>
2022-01-16 21:42:19 +01:00