Commit Graph

19737 Commits

Author SHA1 Message Date
Olliver Schinagl
211f4302e4
base-files: Actually set default name
The currently used shell expansion doesn't seem to exist [0] and also
does not work. This surely was not intended, so lets allow default
naming to actually work.

[0]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html

Fixes: be09c5a3cd ("base-files: add board.d support for bridge device")
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2022-09-22 21:37:45 +02:00
Felix Fietkau
c787962e1d iwinfo: update to the latest version
46f04f3808e8 devices: add MediaTek MT7986 WiSoC
b3e08c8b5a8f ops: make support for wireless extensions optional
1f695d9c7f82 nl80211: allow phy names that don't start with 'phy'
b7f9f06e1594 nl80211: fix phy/netdev index lookup
4a43b0d40ba5 nl80211: look up the phy name instead of assuming name == phy<idx>

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-22 15:26:58 +02:00
Felix Fietkau
8cb995445a hostapd: add ubus notification on sta authorized
Also include the station auth_type in the ubus and log message in order
to detect, if clients used FT or FILS to associate

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-22 15:26:58 +02:00
Felix Fietkau
f613c1368b mac80211: disable drivers that rely on wireless extensions
They are unmaintained and don't work properly with current wifi scripts

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-22 15:26:58 +02:00
Felix Fietkau
6eeb5d4564 kernel: disable wireless extensions only when needed
They are only needed by a few very old drivers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-22 15:26:58 +02:00
Nicola Corna
f089f7373e kernel: add VFIO kernel packages
Add kmod-vfio and kmod-vfio-pci packages.

Signed-off-by: Nicola Corna <nicola@corna.info>
2022-09-21 13:06:10 +02:00
Tomasz Maciej Nowak
100536bd37 arm-trusted-firmware-mvebu: stop cluttering Image Builder
All contents of staging_dir/image are included in Image Builder (IB) in
case some binary needs to be included in final image. But in case of
this package, all sources are stored there and those clutter the final
tarball of IB for no reason. Those sources are not used during image
creation and are just dead weight. To put it in perspective, the IB for
21.02.0 is 158 MiB, 22.03.0-rc6 is 366 MiB and snapshot is over 620 MiB!
To fix it, put them in package build directory, so they won't end up
included in IB tarball.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Reviewed-by: Andre Heider <a.heider@gmail.com>
2022-09-21 13:06:10 +02:00
Daniel Golle
3cee396bf8 xdp-tools: update to version 1.2.8
82628d8 libxdp: Fix resource leaks
 7fb0af0 libxdp: always clone program fd before taking ownership of it
 d8cd007 headers: Update kernel btf.h header file
 2265125 (tag: v1.2.7) xdp-filter: Update examples in documentation
 2b65008 libxdp: Fix libxdp compilation error
 2387514 xsk: remove unused variable outstanding_tx
 00b5a95 Fix section names in xsk programs
 d4ff1f9 (tag: v1.2.8) Bump TOOLS_VERSION to 1.2.8

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-20 04:33:12 +01:00
David Bauer
94037ab6b0 hostapd: update to 2022-07-29
b704dc72e tests: sigma_dut and updated ConfResult value for Configurator failures
89de431f2 DPP: Add config response status value to DPP-CONF-SENT
10104915a tests: sigma_dut and DPP PB session overlap
80d5e264c Enhance QCA vendor roam event to indicate MLO links after reassociation
662249306 Update copyright notices for the QCA vendor definitions
8adcdd659 tests: Temporary workaround for dpp_chirp_ap_5g
ddcd15c2d tests: Fix fuzzing/sae build
7fa67861a tests: Fix p2p_channel_avoid3
ee3567d65 tests: Add more time for scan/connection
1d08b238c nl80211: Allow more time for the initial scan with 6 GHz
ac9e6a2ab tests: Allow 6 GHz opclasses in MBO checks
faf9c04cb Remove a host of unnecessary OPENSSL_IS_BORINGSSL ifdefs
b9cd5a82f Always process pending QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH data
ef4cd8e33 QoS: Use common classifier_mask for ipv4/ipv6
93be02592 Add fixed FDD mode to qca_btc_chain_mode QCA vendor attribute
e7cbfa1c1 tests: sigma_dut and DPP Enrollee unsupported curves
5565fbee2 DPP: Check Enrollee supported curves when building Config Response
ceae05cec tests: sigma_dut and DPP MUDURL setting for hostapd
4cfb484e9 DPP: Allow dpp_controller_start without arguments in CLIs
c97000933 Fix ifdef condition for imsi_privacy_cert
2a9a61d6c tests: SAE with extended key AKM
e35f6ed1d tests: More detailed report on SAE PMKSA caching error case
f70db167a SAE: Derive a variable length PMK with the new AKM suites
91010e6f6 SAE: Indicate AKM suite selector in commit for new AKM suites
e81ec0962 SAE: Use H2E unconditionally with the new AKM suites
f8eed2e8b SAE: Store PMK length and AKM in SAE data
9dc4e9d13 SAE: EAPOL-Key and key/MIC length information for the new AKM suites
a32ef3cfb SAE: Driver capability flags for the new SAE AKM suites
91df8c9c6 SAE: Internal WPA_KEY_MGMT_* defines for extended key AKMs
5c8a714b1 SAE: Use wpa_key_mgmt_sae() helper
5456b0f26 Define new RSN AKM suite selector values
def33101c DPP: Clear push button announcement state on wpa_supplicant FLUSH
35587fa8f tests: DPP Controller/Relay with need to discover Controller
d22dfe918 DPP: Event message for indicating when Relay would need a Controller
ca7892e98 tests: DPP Relay and adding/removing connection to a Controller
bfe3cfc38 DPP: Allow Relay connections to Controllers to be added and removed
808834b18 Add a comparison function for hostapd_ip_addr
f7763880b DPP: Advertise Configurator connectivity on Relay automatically
ff7cc1d49 tests: DPP Relay and dynamic Controller addition
ca682f80a DPP: Dynamic Controller initiated connection on Relay
d2388bcca DPP: Strict validation of PKEX peer bootstrapping key during auth
a7b8cef8b DPP3: Fix push button boostrapping key passing through PKEX
69d7c8e6b DPP: Add peer=id entry for PKEX-over-TCP case
b607d2723 tests: sigma_dut and DPP PB Configurator in wpa_supplicant
1ff9251a8 DPP3: Push button Configurator in wpa_supplicant
b94e46bc7 tests: PB Configurator in wpa_supplicant
ca4e82cbf tests: sigma_dut DPP/PKEX initiator as Configurator over TCP and Wi-Fi
e9137950f DPP: Recognize own PKEX Exchange Request if it ends up being received
692956446 DPP: Note PKEX code/identifier deletion in debug log
dfa9183b1 tests: DPP reconfig after Controller-initiated operation through Relay
ae4a3a6f6 DPP: Add DPP-CONF-REQ-RX event for Controller
17216b524 tests: sigma_dut DPP/PKEX initiator as Configurator (TCP) through Relay
fb2937b85 DPP: Allow Controller to initiate PKEX through Relay
15af83cf1 DPP: Delete PKEX code and identifier on success completion of PKEX
d86ed5b72 tests: Allow DPP_PKEX_REMOVE success in dpp_pkex_hostapd_errors
0a4f391b1 tests: sigma_dut and DPP Connector Privacy
479e412a6 DPP3: Default value for dpp_connector_privacy
7d12871ba test: DPP Private Peer Introduction protocol
148de3e0d DPP3: Private Peer Introduction protocol
786ea402b HPKE base mode with single-shot API
f0273bc81 OpenSSL: Remove a forgotten debug print
f2bb0839f test: DPP 3rd party config information
68209ddbe DPP: Allow 3rd party information to be added into config object
0e2217c95 DPP: Allow 3rd party information to be added into config request obj
3d82fbe05 Add QCA vendor subcommand and attributes for SCS rule configuration
16b62ddfa QCA vendor attribute for DBAM configuration
004b1ff47 tests: DPP Controller initiating through Relay
451ede2c3 DPP: Allow AP/Relay to be configured to listed for new TCP connections
248654d36 tests: sigma_dut DPP PB test cases
697b7d7ec tests: DPP push button
7bbe85987 DPP3: Allow external configuration to be specified on AP for PB
8db786a43 DPP3: Testing functionality for push button announcements
37bccfcab DPP3: Push button bootstrap mechanism
a0054fe7c Add AP and STA specific P802.11az security capabilities (vendor command)
159e63613 QCA vendor command for CoAP offload processing
3b7bb17f6 Add QCA vendor attribute for TIM beacon statistics
09a281e52 Add QCA vendor interface for PASN offload to userspace
809fb96fa Add a vendor attribute to configure concurrency policy for AP interface
a5754f531 Rename QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY
085a3fc76 EHT: Add 320 channel width support
bafe35df0 Move CHANWIDTH_* definitions from ieee80211_defs.h to defs.h
92f549901 tests: Remove the 80+80 vs. 160 part from wpa2_ocv_ap_vht160_mismatch
c580c2aec tests: Make OCV negative test error cases more robust
3c2ba98ad Add QCA vendor event to indicate driver recovery after internal failures
6b461f68c Set current_ssid before changing state to ASSOCIATING
8dd826741 QCA vendor attribute to configure direct data path for audio traffic
504be2f9d QCA vendor command support to get WLAN radio combinations
d5905dbc8 OCV: Check the Frequency Segment 1 Channel Number only on 80+80 MHz

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-09-20 01:15:36 +02:00
Daniel Golle
412fcf3d44 mac80211: rt2x00: replace patches with v3 of pending series
See also patchwork for submission progress:
https://patchwork.kernel.org/project/linux-wireless/cover/cover.1663445157.git.daniel@makrotopia.org/

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-18 20:05:18 +01:00
Felix Fietkau
00094efec3 build: fix including modules.mk for targets pulled in from feeds
Fixes: ebc36ebb23 ("scripts/feeds: install targets to target/linux/feeds and support overriding")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-18 06:27:53 +02:00
David Bauer
5110cf7ebd hostapd: don't select indoor channel on outdoor operation
Don't select channels designated for exclusive-indoor use when the
country3 element is set on outdoor operation.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-09-18 03:58:54 +02:00
Nick Hainke
1d2d69c810 wireless-regdb: update to 2022-08-12
Changes:
9dc9c89 wireless-regdb: update regulatory database based on preceding changes
442bc25 wireless-regdb: update 5 GHz rules for PK and add 60 GHz rule
daee7f3 wireless-regdb: add 5 GHz rules for GY

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-17 23:16:43 +02:00
Nick Hainke
181dc64a82 linux-firmware: update to 20220913
Changes:
f09bebf amdgpu: update yellow carp DMCUB firmware
db6db36 amdgpu: add firmware for VCN 3.1.2 IP block
3647da5 amdgpu: add firmware for SDMA 5.2.6 IP block
639b5c1 amdgpu: add firmware for PSP 13.0.5 IP block
7658946 amdgpu: add firmware for GC 10.3.6 IP block
427ca6c amdgpu: add firmware for DCN 3.1.5 IP block
edf9a2b qcom: rename Lenovo ThinkPad X13s firmware paths
9ebd5a5 rtw89: 8852c: update fw to v0.27.42.0
7546432 rtw89: 8852c: update fw to v0.27.36.0
2f2f018 Mellanox: Add new mlxsw_spectrum firmware xx.2010.3146
706a462 amdgpu: update beige goby VCN firmware
09ec438 amdgpu: update dimgrey cavefish VCN firmware
647021b amdgpu: update navy flounder VCN firmware
3c1662d amdgpu: update sienna cichlid VCN firmware
d3c9228 rtl_bt: Update RTL8852C BT USB firmware to 0xDFB8_5A33
a1c4b15 mediatek: reference the LICENCE file for MediaTek firmwares

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-17 23:16:43 +02:00
Nick Hainke
58271ed057 linux-firmware: update to 20220815
Changes:
12ca075 mediatek: Add new mt8186 SOF firmware
aed71f2 ice: Update package to 1.3.30.0
1ee415b QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00438
c58f001 brcm: Add nvram for Lenovo Yoga Tablet 2 830F/L and 1050F/L tablets
d4a4224 brcm: Add nvram for the Xiaomi Mi Pad 2 tablet
7220731 brcm: Add nvram for the Asus TF103C tablet
89ec619 Add amd-ucode README file
4f8f67e qca: Update firmware files for BT chip WCN6750.
        This commit will update required firmware files for WCN6750.
e6857b6 amdgpu: Update Yellow Carp VCN firmware
e6185d5 linux-firmware: Update firmware file for Intel Bluetooth 9462
140beaf linux-firmware: Update firmware file for Intel Bluetooth 9462
045847e linux-firmware: Update firmware file for Intel Bluetooth 9560
f7f3d1f linux-firmware: Update firmware file for Intel Bluetooth 9560
45c5e53 linux-firmware: Update firmware file for Intel Bluetooth AX201
1068c45 linux-firmware: Update firmware file for Intel Bluetooth AX201
b93bf2c linux-firmware: Update firmware file for Intel Bluetooth AX211
31d24ca linux-firmware: Update firmware file for Intel Bluetooth AX211
447ca4a linux-firmware: Update firmware file for Intel Bluetooth AX210
87d07fd linux-firmware: Update firmware file for Intel Bluetooth AX200
63a87d2 linux-firmware: Update firmware file for Intel Bluetooth AX201
a45053c Mellanox: Add new mlxsw_spectrum firmware xx.2010.3020
4ae4ae8 qcom: Add firmware for Lenovo ThinkPad X13s
feda199 linux-firmware: Add firmware for Cirrus CS35L41
a4235e0 i915: Add GuC v70.4.1 for DG2
3ab394a i915: Add DMC v2.07 for DG2
150864a amdgpu partially revert "amdgpu: update beige goby to release 22.20"
56cf646 mediatek: Update mt8183/mt8192/mt8195 SCP firmware
4421586 amdgpu: update renoir to release 22.20
06cead1 amdgpu: update beige goby to release 22.20
d3e37b7 amdgpu: update yellow carp to release 22.20
9149732 amdgpu: update dimgrey cavefish to release 22.20
c2f5699 amdgpu: update vega20 to release 22.20
c3afe6a amdgpu: update vega12 to release 22.20
e840fe5 amdgpu: update raven to release 22.20
efe98d4 amdgpu: update navy flounder to release 22.20
5f13921 amdgpu: update vega10 to release 22.20
8da4640 amdgpu: update sienna cichlid to release 22.20
3fbfd89 amdgpu: update navi14 to release 22.20
8fe4b42 amdgpu: update green sardine to release 22.20
ca36bb9 amdgpu: update vangogh to release 22.20
21ba56c amdgpu: update navi12 to release 22.20
e9918d2 amdgpu: update navi10 to release 22.20
f379030 amdgpu: update picasso to release 22.20
1826c07 amdgpu: update aldebaran to release 22.20
1cbf1c6 amdgpu: update psp 13.0.8 TA firmware
35bb3bd WHENCE: Fix the dangling symlinks fix
84661a3 amdgpu: update DMCUB firmware for DCN 3.1.6
dfa2931 WHENCE: Correct dangling symlinks

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-17 23:16:43 +02:00
Sungbo Eo
d826c91704 mac80211: rt2x00: fix typo
Add missing semicolon and refresh patches.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-09-18 03:09:19 +09:00
Andre Heider
1afd0fefd2 ltq-[a|v]dsl-app: provide ltq-dsl-app
This makes it easier for packages to depend on any
lantiq/intel/maxlinear compatible dsl daemon.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-09-17 17:39:23 +02:00
Andre Heider
33e2115fe4 ltq-vdsl-app: rename to ltq-vdsl-vr9-app
This matches the scheme used by other target packages and will avoid
confusion with any future version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-09-17 17:39:23 +02:00
Andre Heider
07536cff51 lantiq: rename ltq-vdsl folder to ltq-vdsl-vr9
Now PKG_NAME matches the folder name, and this will avoid confusion with
any future version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-09-17 17:39:23 +02:00
Andre Heider
5d53b8e9f9 lantiq: rename ltq-vdsl-mei folder to ltq-vdsl-vr9-mei
Now PKG_NAME matches the folder name, and this will avoid confusion with
any future version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2022-09-17 17:39:23 +02:00
Daniel Golle
e785ca05e9 mac80211: clean and submit a bunch of rt2x00 patches
Clean and submit patches, mostly related to MT7620 to linux-wireless
mailing list:
https://patchwork.kernel.org/project/linux-wireless/list/?series=677770

Replace local patches with now submitted versions.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-17 00:44:08 +01:00
Daniel Golle
1c785d2567 packages: libusb: add package 'fxload' (from libusb examples)
The 'fxload' tool contained in the examples provided with libusb is
actually useful and turns out to be the only way to load firmware into
some rather ancient EZ-USB microcontrollers made by Cypress (formerly
Anchor Chips).
The original 'fxload' tool from hotplug-linux has been abandonned long
ago and requires usbfs to be mounted in /proc/bus/usb/ (like it was in
Linux 2.4...).
Hence the best option is to package the modern 'fxload' from the libusb
examples which (unsurprisingly) uses libusb and works on modern
systems.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-17 00:44:08 +01:00
Felix Fietkau
2b1e651178 unetd: add missing init script
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-16 22:02:28 +02:00
Felix Fietkau
51c727e268 unetd: update to the latest version
e065a7627a46 pex: update last query sent timestamp
6c888f897862 unet-cli: add stun server list editing support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-16 21:58:07 +02:00
Felix Fietkau
40874f0934 unetd: update to the latest version
21360a1b1ce6 cli: fix typo
abfebece0af1 wg-linux: ship a copy of linux/wireguard.h
1cbb1a543cb3 pex: reduce unnecessary ping traffic
0c2f39e52d5d pex: remove pex event debug spam
dcf1362c2104 pex: add support for sending/receiving global PEX messages via unix socket
df5f70b8858c ubus: notify on network updates
e58a56697131 add DHT discovery service
be175767bc67 pex: keep active pex hosts after the specified timeout
543e4a3d2ed7 pex: move rx header check to callback function
395659b9c415 pex: move raw ip send code to sendto_rawudp() in utils.c
dda15ea8b3b2 pex: add utility function to get the sockets based on type / address family
e88f2cd4d3f0 utils: add support for passings address family to network_get_endpoint()
639cdcdf6eda pex: add support for figuring out the external data port via STUN servers
9144339ebe1f pex: improve handling of a longer list of PEX hosts
38212218ecdd unet-cli: add DHT support
0d37ca75434d pex: automatically create host entries from incoming endpoint port notifications
035fcc56ef60 host: keep multiple endpoint candidates, one for each type
a089e8ae7504 pex: avoid sending a query to a host more than once every 15 seconds

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-16 21:11:32 +02:00
Felix Fietkau
f8e3d7a4e3 unetd: select unetd from unet-cli instead of depending on it
Some people may explicitly want to select unet-cli for admin purposes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-16 21:11:32 +02:00
Eneas U de Queiroz
c3e7d86d2b
wolfssl: add libwolfssl-cpu-crypto package
libwolfssl-cpu-crypto is a variant of libwolfssl with support for
cryptographic CPU instructions on x86_64 and aarch64.

On aarch64, wolfSSL does not perform run-time detection, so the library
will crash when the AES functions are called.  A preinst script attempts
to check for support by querying /proc/cpuinfo, if installed in a
running system.  When building an image, the script will check the
DISTRIB_TARGET value in /etc/openwrt_release, and will abort
installation if target is bcm27xx.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-09-16 08:30:26 +02:00
Jo-Philipp Wich
94129cbefb rpcd: update to latest Git HEAD
e80d0b2 ucode: pass-through `ubus_rpc_session` argument
0d02243 ucode: initialize module search path early

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-09-16 15:15:20 +02:00
Jo-Philipp Wich
639754e36d ucode: update to latest Git HEAD
cc4eb79 ubus: support obtaining numeric error code
01c412c ubus: add toplevel constants for ubus status codes
8e240fa ubus: allow object method call handlers to return a numeric status code
5cdddd3 lib: add limit support to split() and replace()
0ba9c3e fs: add optional third permission argument to fs.open()
c1f7b3b lib: remove fixed capture group limit in match() and regex replace()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-09-16 15:15:20 +02:00
Koen Vandeputte
aa9be386d4 mac80211: merge upstream fixes
fetched from upstream kernel v5.15.67

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2022-09-16 09:17:17 +02:00
Felix Fietkau
8b06e06832 mac80211: merge pending fixes for tx queueing issues
Fixes a potential deadlock and a tx queue hang on STA assoc

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-15 16:43:04 +02:00
Felix Fietkau
b36de68da6 mt76: update to the latest version
94eb0bc1374d wifi: mt76: testmode: use random payload for tx packets
f8ece810002b wifi: mt76: add rx_check callback for usb devices
67fbdb7bed90 wifi: mt76: mt7921e: fix race issue between reset and suspend/resume
a9b09dd2715f wifi: mt76: mt7921s: fix race issue between reset and suspend/resume
ee3eb0d6d52e wifi: mt76: mt7921u: fix race issue between reset and suspend/resume
9706ccef5447 wifi: mt76: mt7921u: remove unnecessary MT76_STATE_SUSPEND
74a29eb4f714 wifi: mt76: mt7921: move mt7921_rx_check and mt7921_queue_rx_skb in mac.c
f49e06c4cfce wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work
322656141fa4 wifi: mt76: sdio: poll sta stat when device transmits data
dee0a3cbfb03 wifi: mt76: mt7915: fix an uninitialized variable bug
9dd7be2c5164 wifi: mt76: mt7921: fix use after free in mt7921_acpi_read()
0ad02c9a4512 wifi: mt76: sdio: add rx_check callback for sdio devices
fe85e5ccbaca wifi: mt76: sdio: fix transmitting packet hangs
206c7ebd7464 wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload
bf79f5d73e4f wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup
c4132ab0bea2 wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv
52eec74986cf wifi: mt76: mt7663s: add rx_check callback
019ef069e754 wifi: mt76: mt76_usb.mt76u_mcu.burst is always false remove related code
0a392ca03db8 wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_[start, stop]_ap
fbb3554b6236 wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload
b55a4eb2ee21 wifi: mt76: mt7921: fix the firmware version report
2d72c9a74011 wifi: mt76: move move mt76_sta_stats to mt76_wcid
873365b06c5c wifi: mt76: add PPDU based TxS support for WED device
0c64a80a61c2 wifi: mt76: connac: fix in comment
d11f971a452e wifi: mt76: mt7921: get rid of the false positive reset
2ac22300c7ac wifi: mt76: mt7915: fix mcs value in ht mode
5e45533e4ba2 wifi: mt76: fix uninitialized pointer in mt7921_mac_fill_rx
e06376af21dd wifi: mt76: mt7915: do not check state before configuring implicit beamform
0c0bda4aea05 wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value
cddc4b43ea93 wifi: mt76: mt7921e: fix rmmod crash in driver reload test
ebbd68842ee0 wifi: mt76: mt7921: introduce Country Location Control support
763a1d90133b wifi: mt76: mt7921e: fix random fw download fail

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-15 13:36:09 +02:00
Daniel Golle
8010d3da03 mediatek: build USB XHCI support as module
Instead of always including the XHCI driver in the kernel on all
MediaTek boards, selectively include the kernel module only on boards
which actually make use of USB functionality.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-14 20:26:58 +01:00
Ilya Katsnelson
e8135247c1
libcap: use more compatible shebang
Patch a script to use a shebang that works on systems that don't have
a /bin/bash, e.g. NixOS or GuixSD.

Signed-off-by: Ilya Katsnelson <me@0upti.me>
2022-09-14 00:06:18 +02:00
Kabuli Chana
c3e4a0d99b
kernel: netsupport: Add FQ-PIE as an optional sched kmod and extract PIE
add Flow Queuing with Proportional Integral controller Enhanced (FQ-PIE) as an
optional kmod in network support and extract sched-pie from kmod-sched to
allow dependency on just kmod-sched-pie (PIE).

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2022-09-13 22:25:41 +02:00
Alexandru Gagniuc
01e2184c49 realtek: add support for TP-Link SG2210P
Add support for the TP-Link SG2210P switch. This is an RTL8380 based
switch with eight RJ-45 ports with 802.3af PoE, and two SFP ports.

This device shares the same board with the SG2008P and SG2008. To
model this, declare all the capabilities in the sg2xxx dtsi, and
disable unpopulated on the lower end models.

Specifications:
---------------
 - SoC:       Realtek RTL8380M
 - Flash:     32 MiB SPI flash (Vendor varies)
 - RAM:	      256 MiB (Vendor varies)
 - Ethernet:  8x 10/100/1000 Mbps with PoE (all ports)
              2x SFP ports
 - Buttons:   1x "Reset" button on front panel
 - Power:     53.5V DC barrel jack
 - UART:      1x serial header, unpopulated
 - PoE:       2x TI TPS23861 I2C PoE controller

Works:
------
  - (8) RJ-45 ethernet ports
  - (2) SFP ports (with caveats)
  - Switch functions
  - System LED

Not yet enabled:
----------------
  - Power-over-Ethernet (driver works, but doesn't enable "auto" mode)
  - PoE LEDs

Enabling SFP ports:
-------------------

The SFP port control lines are hardwired, except for tx-disable. These
lines are controller by the RTL8231 in shift register mode. There is
no driver support for this yet.

However, to enable the lasers on SFP1 and SFP2 respectively:

    echo 0x0510ff00 > /sys/kernel/debug/rtl838x/led/led_p_en_ctrl
    echo      0x140 > /sys/kernel/debug/rtl838x/led/led_sw_p_ctrl.26
    echo      0x140 > /sys/kernel/debug/rtl838x/led/led_sw_p_ctrl.24

Install via serial console/tftp:
--------------------------------

The footprints R27 (0201) and R28 (0402) are not populated. To enable
serial console, 50 ohm resistors should be soldered -- any value from
0 ohm to 50 ohm will work. R27 can be replaced by a solder bridge.

The u-boot firmware drops to a TP-Link specific "BOOTUTIL" shell at
38400 baud. There is no known way to exit out of this shell, and no
way to do anything useful.

Ideally, one would trick the bootloader into flashing the sysupgrade
image first. However, if the image exceeds 6MiB in size, it will not
work. The sysupgrade image can also be flashed. To install OpenWrt:

Prepare a tftp server with:
 1. server address: 192.168.0.146
 2. the image as: "uImage.img"

Power on device, and stop boot by pressing any key.
Once the shell is active:
 1. Ground out the CLK (pin 16) of the ROM (U7)
 2. Select option "3. Start"
 3. Bootloader notes that "The kernel has been damaged!"
 4. Release CLK as sson as bootloader thinks image is corrupted.
 5. Bootloader enters automatic recovery -- details printed on console
 6. Watch as the bootloader flashes and boots OpenWrt.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[OpenWrt capitalisation in commit message]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-09-13 09:22:26 +02:00
Petr Štetiar
a575788b8f uboot-mediatek: fix extraneous right parens
Fixes following warning:

 Makefile:310: extraneous text after 'ifeq' directive

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-13 09:14:09 +02:00
Daniel Golle
31a6605de0 mac80211: rt2x00: experimental improvements for MT7620 wifi
Serge Vasilugin reports:

To improve mt7620 built-in wifi performance some changes:
1. Correct BW20/BW40 switching (see comments with mark (1))
2. Correct TX_SW_CFG1 MAC reg from v3 of vendor driver see
	https://gitlab.com/dm38/padavan-ng/-/blob/master/trunk/proprietary/rt_wifi/rtpci/3.0.X.X/mt76x2/chips/rt6352.c#L531
3. Set bbp66 for all chains.
4. US_CYC_CNT init based on Programming guide, default value was 33 (pci),
   set chipset bus clock with fallback to cpu clock/3.
5. Don't overwrite default values for mt7620.
6. Correct some typos.
7. Add support for external LNA:
    a) RF and BBP regs never be corrected for this mode
    b) eLNA is driven the same way as ePA with mt7620's pin PA
	but vendor driver explicitly pin PA to gpio mode (for forrect calibration?)
	so I'm not sure that request for pa_pin in dts-file will be enough

First 5 changes (really 2) improve performance for boards w/o eLNA/ePA.
Changes 7 add support for eLNA

Configuration w/o eLAN/ePA and with eLNA show results
tx/rx (from router point of view) for each stream:
 35-40/30-35 Mbps for HT20
 65-70/60-65 Mbps for HT40

Yes. Max results for 2T2R client is 140-145/135-140
with peaks 160/150, It correspond to mediatek driver results.
Boards with ePA untested.

Reported-by: Serge Vasilugin <vasilugin@yandex.ru>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-12 21:37:08 +01:00
Daniel Golle
d4feb66048 mac80211: add patch descriptions to rt2x00 patches
Prepare patches for sending upstream by adding patch descriptions
generated from the original OpenWrt commits adding each patch.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-12 21:36:58 +01:00
Felix Fietkau
55aa11d121 unetd: only depend on bpf-headers if BPF toolchain support is available
If BPF is unavailable, unetd can be built without it (by disabling VXLAN support).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-12 21:31:27 +02:00
Yoonji Park
c27279dc26 mediatek: add support for ipTIME A6004MX Add basic support for ipTIME A6004MX.
Hardware:
SoC: MediaTek MT7629 Cortex-A7 (ARMv7 1.25GHz, Dual-Core)
RAM: DDR3 128MB
Flash: Macronix MX35LF1GE4AB (SPI-NAND 128MB)
WiFi: MediaTek MT7761N (2.4GHz) / MediaTek MT7762N (5GHz) - no driver
Ethernet: SoC (WAN) / MediaTek MT7531 (LAN x4)
UART: [GND, RX, TX, 3.3V] (115200)

Installation:
- Flash recovery image with TFTP recovery

Revert to stock firmware:
- Flash stock firmware with TFTP recovery

TFTP Recovery method:
1. Unplug the router
2. Hold the reset button and plug in
3. Release when the power LED stops flashing and go off
4. Set your computer IP address manually to 192.168.0.x / 255.255.255.0
5. Flash image with TFTP client to 192.168.0.1

Signed-off-by: Yoonji Park <koreapyj@dcmys.kr>
2022-09-12 01:43:49 +01:00
Daniel Golle
f5d6ed3007 xdp-tools: don't rely on host bpf headers
xdp-tools build currently breaks on build hosts which do not have
libbpf headers installed because the build system wrongly tries to
use the host's include path.
Properly pass path to libbpf headers to xdp-tools build system to
fix build e.g. on the buildbots.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-12 01:43:49 +01:00
Nick French
20581ee8b5 ath79: add support for TP-Link Deco S4
Add support for TP-Link Deco S4 wifi router

The label refers to the device as S4R and the TP-Link firmware
site calls it the Deco S4 v2. (There does not appear to be a v1)

Hardware (and FCC id) are identical to the Deco M4R v2 but the
flash layout is ordered differently and the OEM firmware encrypts
some config parameters (including the label mac address) in flash

In order to set the encrypted mac address, the wlan's caldata
node is removed from the DTS so the mac can be decrypted with
the help of the uencrypt tool and patched into the wlan fw
via hotplug

Specifications:
SoC: QCA9563-AL3A
RAM: Zentel A3R1GE40JBF
Wireless 2.4GHz: QCA9563-AL3A (main SoC)
Wireless 5GHz: QCA9886
Ethernet Switch: QCA8337N-AL3C
Flash: 16 MB SPI NOR

UART serial access (115200N1) on board via solder pads:
RX = TP1 pad
TX = TP2 pad
GND = C201 (pad nearest board edge)

The device's bootloader and web gui will only accept images that
were signed using TP-Link's RSA key, however a memory safety bug
in the bootloader can be leveraged to install openwrt without
accessing the serial console. See developer forum S4 support page
for link to a "firmware" file that starts a tftp client, or you
may generate one on your own like this:
```
python - > deco_s4_faux_fw_tftp.bin <<EOF
import sys
from struct import pack

b = pack('>I', 0x00008000) + b'X'*16 + b"fw-type:" \
  + b'x'*256 + b"S000S001S002" + pack('>I', 0x80060200) \

b += b"\x00"*(0x200-len(b)) \
  + pack(">33I", *[0x3c0887fc, 0x35083ddc, 0xad000000, 0x24050000,
                   0x3c048006, 0x348402a0, 0x3c1987f9, 0x373947f4,
                   0x0320f809, 0x00000000, 0x24050000, 0x3c048006,
                   0x348402d0, 0x3c1987f9, 0x373947f4, 0x0320f809,
                   0x00000000, 0x24050000, 0x3c048006, 0x34840300,
                   0x3c1987f9, 0x373947f4, 0x0320f809, 0x00000000,
                   0x24050000, 0x3c048006, 0x34840400, 0x3c1987f9,
                   0x373947f4, 0x0320f809, 0x00000000, 0x1000fff1,
                   0x00000000])

b += b"\xff"*(0x2A0-len(b)) + b"setenv serverip 192.168.0.2\x00"
b += b"\xff"*(0x2D0-len(b)) + b"setenv ipaddr 192.168.0.1\x00"
b += b"\xff"*(0x300-len(b)) + b"tftpboot 0x81000000 initramfs-kernel.bin\x00"
b += b"\xff"*(0x400-len(b)) + b"bootm 0x81000000\x00"
b += b"\xff"*(0x8000-len(b))

sys.stdout.buffer.write(b)
EOF
```

Installation:
1. Run tftp server on pc with static ip 192.168.0.2
2. Place openwrt "initramfs-kernel.bin" image in tftp root dir
3. Connect pc to router ethernet port1
4. While holding in reset button on bottom of router, power on router
5. From pc access router webgui at http://192.168.0.1
6. Upload deco_s4_faux_fw_tftp.bin
7. Router will load and execture in-memory openwrt
8. Switch pc back to dhcp or static 192.168.1.x
9. Flash openwrt sysupgrade image via luci/ssh at 192.168.1.1

Revert to stock:
Press and hold reset button while powering device to start the
bootloader's recovery mode, where stock firmware can be uploaded
via web gui at 192.168.0.1

Please note that one additional non-github commits is also needed:
firmware-utils: add tplink-safeloader support for Deco S4

Signed-off-by: Nick French <nickfrench@gmail.com>
2022-09-11 21:54:00 +02:00
Michael Pratt
5df1b33298 ath79: add support for Senao Watchguard AP100
FCC ID: U2M-CAP2100AG

WatchGuard AP100 is an indoor wireless access point with
1 Gb ethernet port, dual-band but single-radio wireless,
internal antenna plates, and 802.3at PoE+

this board is a Senao device:
the hardware is equivalent to EnGenius EAP300 v2
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails

**Specification:**

  - AR9344 SOC          MIPS 74kc, 2.4 GHz AND 5 GHz WMAC, 2x2
  - AR8035-A EPHY       RGMII GbE with PoE+ IN
  - 25 MHz clock
  - 16 MB FLASH         mx25l12805d
  - 2x 64 MB RAM
  - UART console        J11, populated
  - GPIO watchdog       GPIO 16, 20 sec toggle
  - 2 antennas          5 dBi, internal omni-directional plates
  - 5 LEDs              power, eth0 link/data, 2G, 5G
  - 1 button            reset

**MAC addresses:**

  Label has no MAC
  Only one Vendor MAC address in flash at art 0x0

  eth0 ---- *:e5 art 0x0 -2
  phy0 ---- *:e5 art 0x0 -2

**Installation:**

  Method 1: OEM webpage

    use OEM webpage for firmware upgrade to upload factory.bin

  Method 2: root shell

    It may be necessary to use a Watchguard router to flash the image to the AP
    and / or to downgrade the software on the AP to access SSH
    For some Watchguard devices, serial console over UART is disabled.

  NOTE: DHCP is not enabled by default after flashing

**TFTP recovery:**

  reset button has no function at boot time
  only possible with modified uboot environment,
  (see commit message for Watchguard AP300)

**Return to OEM:**

  user should make backup of MTD partitions
  and write the backups back to mtd devices
  in order to revert to OEM reliably

  It may be possible to use sysupgrade
  with an OEM image as well...
  (not tested)

**OEM upgrade info:**

  The OEM upgrade script is at /etc/fwupgrade.sh

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

**Note on eth0 PLL-data:**

  The default Ethernet Configuration register values will not work
  because of the external AR8035 switch between
  the SOC and the ethernet port.

  For AR934x series, the PLL registers for eth0
  can be see in the DTSI as 0x2c.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x1805002c 1`.

  The clock delay required for RGMII can be applied
  at the PHY side, using the at803x driver `phy-mode`.
  Therefore the PLL registers for GMAC0
  do not need the bits for delay on the MAC side.
  This is possible due to fixes in at803x driver
  since Linux 5.1 and 5.3

**Note on WatchGuard Magic string:**

  The OEM upgrade script is a modified version of
  the generic Senao sysupgrade script
  which is used on EnGenius devices.

  On WatchGuard boards produced by Senao,
  images are verified using a md5sum checksum of
  the upgrade image concatenated with a magic string.
  this checksum is then appended to the end of the final image.

  This variable does not apply to all the senao devices
  so set to null string as default

Tested-by: Steve Wheeler <stephenw10@gmail.com>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-09-11 21:54:00 +02:00
Michael Pratt
9f6e247854 ath79: add support for Senao WatchGuard AP200
FCC ID: U2M-CAP4200AG

WatchGuard AP200 is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+

this board is a Senao device:
the hardware is equivalent to EnGenius EAP600
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails

**Specification:**

  - AR9344 SOC		MIPS 74kc, 2.4 GHz WMAC, 2x2
  - AR9382 WLAN		PCI card 168c:0030, 5 GHz, 2x2, 26dBm
  - AR8035-A EPHY	RGMII GbE with PoE+ IN
  - 25 MHz clock
  - 16 MB FLASH		mx25l12805d
  - 2x 64 MB RAM
  - UART console        J11, populated
  - GPIO watchdog       GPIO 16, 20 sec toggle
  - 4 antennas          5 dBi, internal omni-directional plates
  - 5 LEDs              power, eth0 link/data, 2G, 5G
  - 1 button            reset

**MAC addresses:**

  Label has no MAC
  Only one Vendor MAC address in flash at art 0x0

  eth0 ---- *:be art 0x0 -2
  phy1 ---- *:bf art 0x0 -1
  phy0 ---- *:be art 0x0 -2

**Installation:**

  Method 1: OEM webpage

    use OEM webpage for firmware upgrade to upload factory.bin

  Method 2: root shell

    It may be necessary to use a Watchguard router to flash the image to the AP
    and / or to downgrade the software on the AP to access SSH
    For some Watchguard devices, serial console over UART is disabled.

  NOTE: DHCP is not enabled by default after flashing

**TFTP recovery:**

  reset button has no function at boot time
  only possible with modified uboot environment,
  (see commit message for Watchguard AP300)

**Return to OEM:**

  user should make backup of MTD partitions
  and write the backups back to mtd devices
  in order to revert to OEM reliably

  It may be possible to use sysupgrade
  with an OEM image as well...
  (not tested)

**OEM upgrade info:**

  The OEM upgrade script is at /etc/fwupgrade.sh

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

**Note on eth0 PLL-data:**

  The default Ethernet Configuration register values will not work
  because of the external AR8035 switch between
  the SOC and the ethernet port.

  For AR934x series, the PLL registers for eth0
  can be see in the DTSI as 0x2c.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x1805002c 1`.

  The clock delay required for RGMII can be applied
  at the PHY side, using the at803x driver `phy-mode`.
  Therefore the PLL registers for GMAC0
  do not need the bits for delay on the MAC side.
  This is possible due to fixes in at803x driver
  since Linux 5.1 and 5.3

**Note on WatchGuard Magic string:**

  The OEM upgrade script is a modified version of
  the generic Senao sysupgrade script
  which is used on EnGenius devices.

  On WatchGuard boards produced by Senao,
  images are verified using a md5sum checksum of
  the upgrade image concatenated with a magic string.
  this checksum is then appended to the end of the final image.

  This variable does not apply to all the senao devices
  so set to null string as default

Tested-by: Steve Wheeler <stephenw10@gmail.com>
Tested-by: John Delaney <johnd@ankco.net>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-09-11 21:54:00 +02:00
Michael Pratt
146aaeafb7 ath79: add support for Senao WatchGuard AP300
FCC ID: Q6G-AP300

WatchGuard AP300 is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+

this board is a Senao device:
the hardware is equivalent to EnGenius EAP1750
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails

**Specification:**

  - QCA9558 SOC		MIPS 74kc, 2.4 GHz WMAC, 3x3
  - QCA9880 WLAN	PCI card 168c:003c, 5 GHz, 3x3, 26dBm
  - AR8035-A PHY	RGMII GbE with PoE+ IN
  - 40 MHz clock
  - 32 MB FLASH		S25FL512S
  - 2x 64 MB RAM	NT5TU32M16
  - UART console	J10, populated
  - GPIO watchdog	GPIO 16, 20 sec toggle
  - 6 antennas		5 dBi, internal omni-directional plates
  - 5 LEDs		power, eth0 link/data, 2G, 5G
  - 1 button		reset

**MAC addresses:**

  MAC address labeled as ETH
  Only one Vendor MAC address in flash at art 0x0

  eth0 ETH  *:3c art 0x0
  phy1 ---- *:3d ---
  phy0 ---- *:3e ---

**Serial console access:**

  For this board, its not certain whether UART is possible
  it is likely that software is blocking console access

  the RX line on the board for UART is shorted to ground by resistor R176
  the resistors R175 and R176 are next to the UART RX pin at J10

  however console output is garbage even after this fix

**Installation:**

  Method 1: OEM webpage

    use OEM webpage for firmware upgrade to upload factory.bin

  Method 2: root shell access

    downgrade XTM firewall to v2.0.0.1
    downgrade AP300 firmware: v1.0.1
    remove / unpair AP from controller
    perform factory reset with reset button
    connect ethernet to a computer
    login to OEM webpage with default address / pass: wgwap
    enable SSHD in OEM webpage settings
    access root shell with SSH as user 'root'
    modify uboot environment to automatically try TFTP at boot time
    (see command below)

    rename initramfs-kernel.bin to test.bin
    load test.bin over TFTP (see TFTP recovery)
    (optionally backup all mtdblocks to have flash backup)
    perform a sysupgrade with sysupgrade.bin

  NOTE: DHCP is not enabled by default after flashing

**TFTP recovery:**

  server ip: 192.168.1.101

  reset button seems to do nothing at boot time...
  only possible with modified uboot environment,
  running this command in the root shell:

  fw_setenv bootcmd 'if ping 192.168.1.101; then tftp 0x82000000 test.bin && bootm 0x82000000; else bootm 0x9f0a0000; fi'

  and verify that it is correct with

  fw_printenv

  then, before boot, the device will attempt TFTP from 192.168.1.101
  looking for file 'test.bin'

  to return uboot environment to normal:

  fw_setenv bootcmd 'bootm 0x9f0a0000'

**Return to OEM:**

  user should make backup of MTD partitions
  and write the backups back to mtd devices
  in order to revert to OEM
  (see installation method 2)

  It may be possible to use sysupgrade
  with an OEM image as well...
  (not tested)

**OEM upgrade info:**

  The OEM upgrade script is at /etc/fwupgrade.sh

  OKLI kernel loader is required because the OEM software
  expects the kernel to be no greater than 1536k
  and the factory.bin upgrade procedure would otherwise
  overwrite part of the kernel when writing rootfs.

**Note on eth0 PLL-data:**

  The default Ethernet Configuration register values will not work
  because of the external AR8035 switch between
  the SOC and the ethernet port.

  For QCA955x series, the PLL registers for eth0 and eth1
  can be see in the DTSI as 0x28 and 0x48 respectively.
  Therefore the PLL registers can be read from uboot
  for each link speed after attempting tftpboot
  or another network action using that link speed
  with `md 0x18050028 1` and `md 0x18050048 1`.

  The clock delay required for RGMII can be applied
  at the PHY side, using the at803x driver `phy-mode`.
  Therefore the PLL registers for GMAC0
  do not need the bits for delay on the MAC side.
  This is possible due to fixes in at803x driver
  since Linux 5.1 and 5.3

**Note on WatchGuard Magic string:**

  The OEM upgrade script is a modified version of
  the generic Senao sysupgrade script
  which is used on EnGenius devices.

  On WatchGuard boards produced by Senao,
  images are verified using a md5sum checksum of
  the upgrade image concatenated with a magic string.
  this checksum is then appended to the end of the final image.

  This variable does not apply to all the senao devices
  so set to null string as default

Tested-by: Alessandro Kornowski <ak@wski.org>
Tested-by: John Wagner <john@wagner.us.org>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
2022-09-11 21:54:00 +02:00
Daniel Golle
4133102898 kernel: modules: package kmod-crypto-essiv
Package kernel module providing ESSIV support for block encryption.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-11 19:04:44 +01:00
Lech Perczak
f1d112ee5a ath79: support Ruckus ZoneFlex 7321
Ruckus ZoneFlex 7321 is a dual-band, single radio 802.11n 2x2 MIMO enterprise
access point. It is very similar to its bigger brother, ZoneFlex 7372.

Hardware highligts:
- CPU: Atheros AR9342 SoC at 533 MHz
- RAM: 64MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi: AR9342 built-in dual-band 2x2 MIMO radio
- Ethernet: single Gigabit Ethernet port through AR8035 gigabit PHY
- PoE: input through Gigabit port
- Standalone 12V/1A power input
- USB: optional single USB 2.0 host port on the 7321-U variant.

Serial console: 115200-8-N-1 on internal H1 header.
Pinout:

H1 ----------
   |1|x3|4|5|
   ----------

Pin 1 is near the "H1" marking.
1 - RX
x - no pin
3 - VCC (3.3V)
4 - GND
5 - TX

JTAG: Connector H5, unpopulated, similar to MIPS eJTAG, standard,
but without the key in pin 12 and not every pin routed:

------- H5
|1 |2 |
-------
|3 |4 |
-------
|5 |6 |
-------
|7 |8 |
-------
|9 |10|
-------
|11|12|
-------
|13|14|
-------

3 - TDI
5 - TDO
7 - TMS
9 - TCK
2,4,6,8,10 - GND
14 - Vref
1,11,12,13 - Not connected

Installation:
There are two methods of installation:
- Using serial console [1] - requires some disassembly, 3.3V USB-Serial
  adapter, TFTP server,  and removing a single T10 screw,
  but with much less manual steps, and is generally recommended, being
  safer.
- Using stock firmware root shell exploit, SSH and TFTP [2]. Does not
  work on some rare versions of stock firmware. A more involved, and
  requires installing `mkenvimage` from u-boot-tools package if you
  choose to rebuild your own environment, but can be used without
  disassembly or removal from installation point, if you have the
  credentials.
  If for some reason, size of your sysupgrade image exceeds 13312kB,
  proceed with method [1]. For official images this is not likely to
  happen ever.

[1] Using serial console:
0. Connect serial console to H1 header. Ensure the serial converter
   does not back-power the board, otherwise it will fail to boot.

1. Power-on the board. Then quickly connect serial converter to PC and
   hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
   you'll enter U-boot shell. Then skip to point 3.
   Connection parameters are 115200-8-N-1.

2. Allow the board to boot.  Press the reset button, so the board
   reboots into U-boot again and go back to point 1.

3. Set the "bootcmd" variable to disable the dual-boot feature of the
   system and ensure that uImage is loaded. This is critical step, and
   needs to be done only on initial installation.

   > setenv bootcmd "bootm 0x9f040000"
   > saveenv

4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed:

   > setenv serverip 192.168.1.2
   > setenv ipaddr 192.168.1.1
   > tftpboot 0x81000000 openwrt-ath79-generic-ruckus_zf7321-initramfs-kernel.bin
   > bootm 0x81000000

5. Optional, but highly recommended: back up contents of "firmware" partition:

   $ ssh root@192.168.1.1 cat /dev/mtd1 > ruckus_zf7321_fw1_backup.bin
   $ ssh root@192.168.1.1 cat /dev/mtd5 > ruckus_zf7321_fw2_backup.bin

6. Copy over sysupgrade image, and perform actual installation. OpenWrt
   shall boot from flash afterwards:

   $ ssh root@192.168.1.1
   # sysupgrade -n openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin

[2] Using stock root shell:
0. Reset the device to factory defaullts. Power-on the device and after
   it boots, hold the reset button near Ethernet connectors for 5
   seconds.

1. Connect the device to the network. It will acquire address over DHCP,
   so either find its address using list of DHCP leases by looking for
   label MAC address, or try finding it by scanning for SSH port:

   $ nmap 10.42.0.0/24 -p22

   From now on, we assume your computer has address 10.42.0.1 and the device
   has address 10.42.0.254.

2. Set up a TFTP server on your computer. We assume that TFTP server
   root is at /srv/tftp.

3. Obtain root shell. Connect to the device over SSH. The SSHD ond the
   frmware is pretty ancient and requires enabling HMAC-MD5.

   $ ssh 10.42.0.254 \
   -o UserKnownHostsFile=/dev/null \
   -o StrictHostKeyCheking=no \
   -o MACs=hmac-md5

   Login. User is "super", password is "sp-admin".
   Now execute a hidden command:

   Ruckus

   It is case-sensitive. Copy and paste the following string,
   including quotes. There will be no output on the console for that.

   ";/bin/sh;"

   Hit "enter". The AP will respond with:

   grrrr
   OK

   Now execute another hidden command:

   !v54!

   At "What's your chow?" prompt just hit "enter".
   Congratulations, you should now be dropped to Busybox shell with root
   permissions.

4. Optional, but highly recommended: backup the flash contents before
   installation. At your PC ensure the device can write the firmware
   over TFTP:

   $ sudo touch /srv/tftp/ruckus_zf7321_firmware{1,2}.bin
   $ sudo chmod 666 /srv/tftp/ruckus_zf7321_firmware{1,2}.bin

   Locate partitions for primary and secondary firmware image.
   NEVER blindly copy over MTD nodes, because MTD indices change
   depending on the currently active firmware, and all partitions are
   writable!

   # grep rcks_wlan /proc/mtd

   Copy over both images using TFTP, this will be useful in case you'd
   like to return to stock FW in future. Make sure to backup both, as
   OpenWrt uses bot firmwre partitions for storage!

   # tftp -l /dev/<rcks_wlan.main_mtd> -r ruckus_zf7321_firmware1.bin -p 10.42.0.1
   # tftp -l /dev/<rcks_wlan.bkup_mtd> -r ruckus_zf7321_firmware2.bin -p 10.42.0.1

   When the command finishes, copy over the dump to a safe place for
   storage.

   $ cp /srv/tftp/ruckus_zf7321_firmware{1,2}.bin ~/

5. Ensure the system is running from the BACKUP image, i.e. from
   rcks_wlan.bkup partition or "image 2". Otherwise the installation
   WILL fail, and you will need to access mtd0 device to write image
   which risks overwriting the bootloader, and so is not covered here
   and not supported.

   Switching to backup firmware can be achieved by executing a few
   consecutive reboots of the device, or by updating the stock firmware. The
   system will boot from the image it was not running from previously.
   Stock firmware available to update was conveniently dumped in point 4 :-)

6. Prepare U-boot environment image.
   Install u-boot-tools package. Alternatively, if you build your own
   images, OpenWrt provides mkenvimage in host staging directory as well.
   It is recommended to extract environment from the device, and modify
   it, rather then relying on defaults:

   $ sudo touch /srv/tftp/u-boot-env.bin
   $ sudo chmod 666 /srv/tftp/u-boot-env.bin

   On the device, find the MTD partition on which environment resides.
   Beware, it may change depending on currently active firmware image!

   # grep u-boot-env /proc/mtd

   Now, copy over the partition

   # tftp -l /dev/mtd<N> -r u-boot-env.bin -p 10.42.0.1

   Store the stock environment in a safe place:

   $ cp /srv/tftp/u-boot-env.bin ~/

   Extract the values from the dump:

   $ strings u-boot-env.bin | tee u-boot-env.txt

   Now clean up the debris at the end of output, you should end up with
   each variable defined once. After that, set the bootcmd variable like
   this:

   bootcmd=bootm 0x9f040000

   You should end up with something like this:

bootcmd=bootm 0x9f040000
bootargs=console=ttyS0,115200 rootfstype=squashfs init=/sbin/init
baudrate=115200
ethaddr=0x00:0xaa:0xbb:0xcc:0xdd:0xee
mtdparts=mtdparts=ar7100-nor0:256k(u-boot),13312k(rcks_wlan.main),2048k(datafs),256k(u-boot-env),512k(Board Data),13312k(rcks_wlan.bkup)
mtdids=nor0=ar7100-nor0
bootdelay=2
ethact=eth0
filesize=78a000
fileaddr=81000000
partition=nor0,0
mtddevnum=0
mtddevname=u-boot
ipaddr=10.0.0.1
serverip=10.0.0.5
stdin=serial
stdout=serial
stderr=serial

   These are the defaults, you can use most likely just this as input to
   mkenvimage.

   Now, create environment image and copy it over to TFTP root:

   $ mkenvimage -s 0x40000 -b -o u-boot-env.bin u-boot-env.txt
   $ sudo cp u-boot-env.bin /srv/tftp

   This is the same image, gzipped and base64-encoded:

H4sIAAAAAAAAA+3QQW7TQBQAUF8EKRtQI6XtJDS0VJoN4gYcAE3iCbWS2MF2Sss1ORDYqVq6YMEB3rP0
Z/7Yf+aP3/56827VNP16X8Zx3E/Cw8dNuAqDYlxI7bcurpu6a3Y59v3jlzCbz5eLECbt8HbT9Y+HHLvv
x9TdbbpJVVd9vOxWVX05TotVOpZt6nN8qilyf5fKso3hIYTb8JDSEFarIazXQyjLIeRc7PvykNq+iy+T
1F7PQzivmzbcLpYftmfH87G56Wz+/v18sT1r19vu649dqi/2qaqns0W4utmelalPm27I/lac5/p+OluO
NZ+a1JaTz8M3/9hmtT0epmMjVdnF8djXLZx+TJl36TEuTlda93EYQrGpdrmrfuZ4fZPGHzjmp/vezMNJ
MV6n6qumPm06C+MRZb6vj/v4Mk/7HJ+6LarDqXweLsZnXnS5vc9tdXheWRbd0GIdh/Uq7cakOfavsty2
z1nxGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAD+1x9eTkHLAAAEAA==

7. Perform actual installation. Copy over OpenWrt sysupgrade image to
   TFTP root:

   $ sudo cp openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin /srv/tftp

   Now load both to the device over TFTP:

   # tftp -l /tmp/u-boot-env.bin -r u-boot-env.bin -g 10.42.0.1
   # tftp -l /tmp/openwrt.bin -r openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin -g 10.42.0.1

   Vverify checksums of both images to ensure the transfer over TFTP
   was completed:

   # sha256sum /tmp/u-boot-env.bin /tmp/openwrt.bin

   And compare it against source images:

   $ sha256sum /srv/tftp/u-boot-env.bin /srv/tftp/openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin

   Locate MTD partition of the primary image:

   # grep rcks_wlan.main /proc/mtd

   Now, write the images in place. Write U-boot environment last, so
   unit still can boot from backup image, should power failure occur during
   this. Replace MTD placeholders with real MTD nodes:

   # flashcp /tmp/openwrt.bin /dev/<rcks_wlan.main_mtd>
   # flashcp /tmp/u-boot-env.bin /dev/<u-boot-env_mtd>

   Finally, reboot the device. The device should directly boot into
   OpenWrt. Look for the characteristic power LED blinking pattern.

   # reboot -f

   After unit boots, it should be available at the usual 192.168.1.1/24.

Return to factory firmware:

1. Boot into OpenWrt initramfs as for initial installation. To do that
   without disassembly, you can write an initramfs image to the device
   using 'sysupgrade -F' first.
2. Unset the "bootcmd" variable:
   fw_setenv bootcmd ""
3. Write factory images downloaded from manufacturer website into
   fwconcat0 and fwconcat1 MTD partitions, or restore backup you took
   before installation:
   mtd write ruckus_zf7321_fw1_backup.bin /dev/mtd1
   mtd write ruckus_zf7321_fw2_backup.bin /dev/mtd5
4. Reboot the system, it should load into factory firmware again.

Quirks and known issues:
- Flash layout is changed from the factory, to use both firmware image
  partitions for storage using mtd-concat, and uImage format is used to
  actually boot the system, which rules out the dual-boot capability.
- The 5GHz radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
  OpenWrt by choice.
  It is controlled by data in the top 64kB of RAM which is unmapped,
  to avoid   the interference in the boot process and accidental
  switch to the inactive image, although boot script presence in
  form of "bootcmd" variable should prevent this entirely.
- U-boot disables JTAG when starting. To re-enable it, you need to
  execute the following command before booting:
  mw.l 1804006c 40
  And also you need to disable the reset button in device tree if you
  intend to debug Linux, because reset button on GPIO0 shares the TCK
  pin.
- On some versions of stock firmware, it is possible to obtain root shell,
  however not much is available in terms of debugging facitilies.
  1. Login to the rkscli
  2. Execute hidden command "Ruckus"
  3. Copy and paste ";/bin/sh;" including quotes. This is required only
     once, the payload will be stored in writable filesystem.
  4. Execute hidden command "!v54!". Press Enter leaving empty reply for
     "What's your chow?" prompt.
  5. Busybox shell shall open.
  Source: https://alephsecurity.com/vulns/aleph-2019014

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-09-11 01:36:25 +02:00
Lech Perczak
59cb4dc91d ath79: support Ruckus ZoneFlex 7372
Ruckus ZoneFlex 7372 is a dual-band, dual-radio 802.11n 2x2 MIMO enterprise
access point.

Ruckus ZoneFlex 7352 is also supported, lacking the 5GHz radio part.

Hardware highligts:
- CPU: Atheros AR9344 SoC at 560 MHz
- RAM: 128MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi 2.4GHz: AR9344 built-in 2x2 MIMO radio
- Wi-Fi 5Ghz: AR9582 2x2 MIMO radio (Only in ZF7372)
- Antennas:
  - Separate internal active antennas with beamforming support on both
    bands with 7 elements per band, each controlled by 74LV164 GPIO
    expanders, attached to GPIOs of each radio.
  - Two dual-band external RP-SMA antenna connections on "7372-E"
    variant.
- Ethernet 1: single Gigabit Ethernet port through AR8035 gigabit PHY
- Ethernet 2: single Fast Ethernet port through AR9344 built-in switch
- PoE: input through Gigabit port
- Standalone 12V/1A power input
- USB: optional single USB 2.0 host port on "-U" variants.

The same image should support:
- ZoneFlex 7372E (variant with external antennas, without beamforming
  capability)
- ZoneFlex 7352 (single-band, 2.4GHz-only variant).

which are based on same baseboard (codename St. Bernard),
with different populated components.

Serial console: 115200-8-N-1 on internal H1 header.
Pinout:

H1
---
|5|
---
|4|
---
|3|
---
|x|
---
|1|
---

Pin 5 is near the "H1" marking.
1 - RX
x - no pin
3 - VCC (3.3V)
4 - GND
5 - TX

JTAG: Connector H2, similar to MIPS eJTAG, standard,
but without the key in pin 12 and not every pin routed:

------- H2
|1 |2 |
-------
|3 |4 |
-------
|5 |6 |
-------
|7 |8 |
-------
|9 |10|
-------
|11|12|
-------
|13|14|
-------

3 - TDI
5 - TDO
7 - TMS
9 - TCK
2,4,6,8,10 - GND
14 - Vref
1,11,12,13 - Not connected

Installation:
There are two methods of installation:
- Using serial console [1] - requires some disassembly, 3.3V USB-Serial
  adapter, TFTP server,  and removing a single T10 screw,
  but with much less manual steps, and is generally recommended, being
  safer.
- Using stock firmware root shell exploit, SSH and TFTP [2]. Does not
  work on some rare versions of stock firmware. A more involved, and
  requires installing `mkenvimage` from u-boot-tools package if you
  choose to rebuild your own environment, but can be used without
  disassembly or removal from installation point, if you have the
  credentials.
  If for some reason, size of your sysupgrade image exceeds 13312kB,
  proceed with method [1]. For official images this is not likely to
  happen ever.

[1] Using serial console:
0. Connect serial console to H1 header. Ensure the serial converter
   does not back-power the board, otherwise it will fail to boot.

1. Power-on the board. Then quickly connect serial converter to PC and
   hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
   you'll enter U-boot shell. Then skip to point 3.
   Connection parameters are 115200-8-N-1.

2. Allow the board to boot.  Press the reset button, so the board
   reboots into U-boot again and go back to point 1.

3. Set the "bootcmd" variable to disable the dual-boot feature of the
   system and ensure that uImage is loaded. This is critical step, and
   needs to be done only on initial installation.

   > setenv bootcmd "bootm 0x9f040000"
   > saveenv

4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed:

   > setenv serverip 192.168.1.2
   > setenv ipaddr 192.168.1.1
   > tftpboot 0x81000000 openwrt-ath79-generic-ruckus_zf7372-initramfs-kernel.bin
   > bootm 0x81000000

5. Optional, but highly recommended: back up contents of "firmware" partition:

   $ ssh root@192.168.1.1 cat /dev/mtd1 > ruckus_zf7372_fw1_backup.bin
   $ ssh root@192.168.1.1 cat /dev/mtd5 > ruckus_zf7372_fw2_backup.bin

6. Copy over sysupgrade image, and perform actual installation. OpenWrt
   shall boot from flash afterwards:

   $ ssh root@192.168.1.1
   # sysupgrade -n openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin

[2] Using stock root shell:
0. Reset the device to factory defaullts. Power-on the device and after
   it boots, hold the reset button near Ethernet connectors for 5
   seconds.

1. Connect the device to the network. It will acquire address over DHCP,
   so either find its address using list of DHCP leases by looking for
   label MAC address, or try finding it by scanning for SSH port:

   $ nmap 10.42.0.0/24 -p22

   From now on, we assume your computer has address 10.42.0.1 and the device
   has address 10.42.0.254.

2. Set up a TFTP server on your computer. We assume that TFTP server
   root is at /srv/tftp.

3. Obtain root shell. Connect to the device over SSH. The SSHD ond the
   frmware is pretty ancient and requires enabling HMAC-MD5.

   $ ssh 10.42.0.254 \
   -o UserKnownHostsFile=/dev/null \
   -o StrictHostKeyCheking=no \
   -o MACs=hmac-md5

   Login. User is "super", password is "sp-admin".
   Now execute a hidden command:

   Ruckus

   It is case-sensitive. Copy and paste the following string,
   including quotes. There will be no output on the console for that.

   ";/bin/sh;"

   Hit "enter". The AP will respond with:

   grrrr
   OK

   Now execute another hidden command:

   !v54!

   At "What's your chow?" prompt just hit "enter".
   Congratulations, you should now be dropped to Busybox shell with root
   permissions.

4. Optional, but highly recommended: backup the flash contents before
   installation. At your PC ensure the device can write the firmware
   over TFTP:

   $ sudo touch /srv/tftp/ruckus_zf7372_firmware{1,2}.bin
   $ sudo chmod 666 /srv/tftp/ruckus_zf7372_firmware{1,2}.bin

   Locate partitions for primary and secondary firmware image.
   NEVER blindly copy over MTD nodes, because MTD indices change
   depending on the currently active firmware, and all partitions are
   writable!

   # grep rcks_wlan /proc/mtd

   Copy over both images using TFTP, this will be useful in case you'd
   like to return to stock FW in future. Make sure to backup both, as
   OpenWrt uses bot firmwre partitions for storage!

   # tftp -l /dev/<rcks_wlan.main_mtd> -r ruckus_zf7372_firmware1.bin -p 10.42.0.1
   # tftp -l /dev/<rcks_wlan.bkup_mtd> -r ruckus_zf7372_firmware2.bin -p 10.42.0.1

   When the command finishes, copy over the dump to a safe place for
   storage.

   $ cp /srv/tftp/ruckus_zf7372_firmware{1,2}.bin ~/

5. Ensure the system is running from the BACKUP image, i.e. from
   rcks_wlan.bkup partition or "image 2". Otherwise the installation
   WILL fail, and you will need to access mtd0 device to write image
   which risks overwriting the bootloader, and so is not covered here
   and not supported.

   Switching to backup firmware can be achieved by executing a few
   consecutive reboots of the device, or by updating the stock firmware. The
   system will boot from the image it was not running from previously.
   Stock firmware available to update was conveniently dumped in point 4 :-)

6. Prepare U-boot environment image.
   Install u-boot-tools package. Alternatively, if you build your own
   images, OpenWrt provides mkenvimage in host staging directory as well.
   It is recommended to extract environment from the device, and modify
   it, rather then relying on defaults:

   $ sudo touch /srv/tftp/u-boot-env.bin
   $ sudo chmod 666 /srv/tftp/u-boot-env.bin

   On the device, find the MTD partition on which environment resides.
   Beware, it may change depending on currently active firmware image!

   # grep u-boot-env /proc/mtd

   Now, copy over the partition

   # tftp -l /dev/mtd<N> -r u-boot-env.bin -p 10.42.0.1

   Store the stock environment in a safe place:

   $ cp /srv/tftp/u-boot-env.bin ~/

   Extract the values from the dump:

   $ strings u-boot-env.bin | tee u-boot-env.txt

   Now clean up the debris at the end of output, you should end up with
   each variable defined once. After that, set the bootcmd variable like
   this:

   bootcmd=bootm 0x9f040000

   You should end up with something like this:

bootcmd=bootm 0x9f040000
bootargs=console=ttyS0,115200 rootfstype=squashfs init=/sbin/init
baudrate=115200
ethaddr=0x00:0xaa:0xbb:0xcc:0xdd:0xee
bootdelay=2
mtdids=nor0=ar7100-nor0
mtdparts=mtdparts=ar7100-nor0:256k(u-boot),13312k(rcks_wlan.main),2048k(datafs),256k(u-boot-env),512k(Board Data),13312k(rcks_wlan.bkup)
ethact=eth0
filesize=1000000
fileaddr=81000000
ipaddr=192.168.0.7
serverip=192.168.0.51
partition=nor0,0
mtddevnum=0
mtddevname=u-boot
stdin=serial
stdout=serial
stderr=serial

   These are the defaults, you can use most likely just this as input to
   mkenvimage.

   Now, create environment image and copy it over to TFTP root:

   $ mkenvimage -s 0x40000 -b -o u-boot-env.bin u-boot-env.txt
   $ sudo cp u-boot-env.bin /srv/tftp

   This is the same image, gzipped and base64-encoded:

H4sIAAAAAAAAA+3QTW7TQBQAYB+AQ2TZSGk6Tpv+SbNBrNhyADSJHWolsYPtlJaDcAWOCXaqQhdIXOD7
Fm/ee+MZ+/nHu58fV03Tr/dFHNf9JDzdbcJVGGRjI7Vfurhu6q7ZlbHvnz+FWZ4vFyFM2mF30/XPhzJ2
X4+pe9h0k6qu+njRrar6YkyzVToWberL+HImK/uHVBRtDE8h3IenlIawWg1hvR5CUQyhLE/vLcpdeo6L
bN8XVdHFumlDTO1NHsL5mI/9Q2r7Lv5J3uzeL5bX27Pj+XjRdJZfXuaL7Vm73nafv+1SPd+nqp7OFuHq
dntWpD5tuqH6e+K8rB+ns+V45n2T2mLyYXjmH9estsfD9DTSuo/DErJNtSu76vswbjg5NU4D3752qsOp
zu8W8/z6dh7mN1lXto9lWx3eNJd5Ng5V9VVTn2afnSYuysf6uI9/8rQv48s3Z93wn+o4XFWl3Vg0x/5N
Vbbta5X9AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAID/+Q2Z/B7cAAAEAA==

7. Perform actual installation. Copy over OpenWrt sysupgrade image to
   TFTP root:

   $ sudo cp openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin /srv/tftp

   Now load both to the device over TFTP:

   # tftp -l /tmp/u-boot-env.bin -r u-boot-env.bin -g 10.42.0.1
   # tftp -l /tmp/openwrt.bin -r openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin -g 10.42.0.1

   Verify checksums of both images to ensure the transfer over TFTP
   was completed:

   # sha256sum /tmp/u-boot-env.bin /tmp/openwrt.bin

   And compare it against source images:

   $ sha256sum /srv/tftp/u-boot-env.bin /srv/tftp/openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin

   Locate MTD partition of the primary image:

   # grep rcks_wlan.main /proc/mtd

   Now, write the images in place. Write U-boot environment last, so
   unit still can boot from backup image, should power failure occur during
   this. Replace MTD placeholders with real MTD nodes:

   # flashcp /tmp/openwrt.bin /dev/<rcks_wlan.main_mtd>
   # flashcp /tmp/u-boot-env.bin /dev/<u-boot-env_mtd>

   Finally, reboot the device. The device should directly boot into
   OpenWrt. Look for the characteristic power LED blinking pattern.

   # reboot -f

   After unit boots, it should be available at the usual 192.168.1.1/24.

Return to factory firmware:

1. Boot into OpenWrt initramfs as for initial installation. To do that
   without disassembly, you can write an initramfs image to the device
   using 'sysupgrade -F' first.
2. Unset the "bootcmd" variable:
   fw_setenv bootcmd ""
3. Write factory images downloaded from manufacturer website into
   fwconcat0 and fwconcat1 MTD partitions, or restore backup you took
   before installation:
   mtd write ruckus_zf7372_fw1_backup.bin /dev/mtd1
   mtd write ruckus_zf7372_fw2_backup.bin /dev/mtd5
4. Reboot the system, it should load into factory firmware again.

Quirks and known issues:
- This is first device in ath79 target to support link state reporting
  on FE port attached trough the built-in switch.
- Flash layout is changed from the factory, to use both firmware image
  partitions for storage using mtd-concat, and uImage format is used to
  actually boot the system, which rules out the dual-boot capability.
  The 5GHz radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
  OpenWrt by choice.
  It is controlled by data in the top 64kB of RAM which is unmapped,
  to avoid   the interference in the boot process and accidental
  switch to the inactive image, although boot script presence in
  form of "bootcmd" variable should prevent this entirely.
- U-boot disables JTAG when starting. To re-enable it, you need to
  execute the following command before booting:
  mw.l 1804006c 40
  And also you need to disable the reset button in device tree if you
  intend to debug Linux, because reset button on GPIO0 shares the TCK
  pin.
- On some versions of stock firmware, it is possible to obtain root shell,
  however not much is available in terms of debugging facitilies.
  1. Login to the rkscli
  2. Execute hidden command "Ruckus"
  3. Copy and paste ";/bin/sh;" including quotes. This is required only
     once, the payload will be stored in writable filesystem.
  4. Execute hidden command "!v54!". Press Enter leaving empty reply for
     "What's your chow?" prompt.
  5. Busybox shell shall open.
  Source: https://alephsecurity.com/vulns/aleph-2019014
- Stock firmware has beamforming functionality, known as BeamFlex,
  using active multi-segment antennas on both bands - controlled by
  RF analog switches, driven by a pair of 74LV164 shift registers.
  Shift registers used for each radio are connected to GPIO14 (clock)
  and GPIO15 of the respective chip.
  They are mapped as generic GPIOs in OpenWrt - in stock firmware,
  they were most likely handled directly by radio firmware,
  given the real-time nature of their control.
  Lack of this support in OpenWrt causes the antennas to behave as
  ordinary omnidirectional antennas, and does not affect throughput in
  normal conditions, but GPIOs are available to tinker with nonetheless.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2022-09-11 01:36:25 +02:00
Rosen Penev
f4eef5f2a1 ramips: add support for Linksys E7350
Linksys E7350 is an 802.11ax (Wi-Fi 6) router, based on MediaTek
MT7621A.

Specifications:
- SoC: MT7621 (880MHz, 2 Cores)
- RAM: 256 MB
- Flash: 128 MB NAND
- Wi-Fi:
  - MT7915D: 2.4/5 GHz (DBDC)
- Ethernet: 5x 1GiE MT7530
- USB: 1x USB 3.0
- UART: J4 (57600 baud)
  - Pinout: [3V3] (TXD) (RXD) (blank) (GND)

Notes:
* This device has a dual-boot partition scheme, but this firmware works
  only on boot partition 1.

Installation:

Upload the generated factory.bin image via the stock web firmware
updater.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-11 01:30:11 +02:00
Rosen Penev
26a6a6a60b ramips: add support for Belkin RT1800
Belkin RT1800 is an 802.11ax (Wi-Fi 6) router, based on MediaTek
MT7621A.

Specifications:
- SoC: MT7621 (880MHz, 2 Cores)
- RAM: 256 MB
- Flash: 128 MB NAND
- Wi-Fi:
  - MT7915D: 2.4/5 GHz (DBDC)
- Ethernet: 5x 1GiE MT7530
- USB: 1x USB 3.0
- UART: J4 (57600 baud)
  - Pinout: [3V3] (TXD) (RXD) (blank) (GND)

Notes:
* This device has a dual-boot partition scheme, but this firmware works
  only on boot partition 1.

Installation:

Upload the generated factory.bin image via the stock web firmware
updater.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-11 01:30:11 +02:00
Andrey Butirsky
5806914794 ramips: add support for Kroks Rt-Cse SIM Injector DS
Aka Kroks Rt-Cse5 UW DRSIM (KNdRt31R16), ID 1958:
https://kroks.ru/search/?text=1958
See Kroks OpenWrt fork for support of other models:
https://github.com/kroks-free/openwrt

Device specs:
- CPU: MediaTek MT7628AN
- Flash: 16MB SPI NOR
- RAM: 64MB
- Bootloader: U-Boot
- Ethernet: 5x 10/100 Mbps
- 2.4 GHz: b/g/n SoC
- USB: 1x
- SIM-reader: 2x (driven by a dedicated chip with it's own firmware)
- Buttons: reset
- LEDs: 1x Power, 1x Wi-Fi, 12x others (SIM status, Internet, etc.)

Flashing:
- sysupgrade image via stock firmware WEB interface, IP: 192.168.1.254
- U-Boot launches a WEB server if Reset button is held during power up,
  IP: 192.168.1.1

MAC addresses as verified by OEM firmware:
vendor   OpenWrt   source
LAN      eth0      factory 0x4 (label)
2g       wlan0     label

Signed-off-by: Andrey Butirsky <butirsky@gmail.com>
2022-09-11 01:30:11 +02:00
Andrey Butirsky
0a79c77a4e ramips: add support for Kroks Rt-Pot mXw DS RSIM router
Aka "Kroks KNdRt31R19".
Ported from v19.07.8 of OpenWrt fork:
see https://github.com/kroks-free/openwrt
for support of other models.

Device specs:
- CPU: MediaTek MT7628AN
- Flash: 16MB SPI NOR
- RAM: 64MB
- Bootloader: U-Boot
- Ethernet: 1x 10/100 Mbps
- 2.4 GHz: b/g/n SoC
- mPCIe: 1x (usually equipped with an LTE modem by vendor)
- Buttons: reset
- LEDs: 1x Modem, 1x Injector, 1x Wi-Fi, 1x Status

Flashing:
- sysupgrade image via stock firmware WEB interface.
- U-Boot launches a WEB server if Reset button is held during power up.
Server IP: 192.168.1.1

SIM card switching:
The device supports up to 4 SIM cards - 2 locally on board and 2 on
remote SIM-injector.
By default, 1-st local SIM is active.
To switch to e.g. 1-st remote SIM:
echo 0 > /sys/class/gpio/modem1power/value
echo 0 > /sys/class/gpio/modem1sim1/value
echo 1 > /sys/class/gpio/modem1rsim1/value
echo 1 > /sys/class/gpio/modem1power/value

MAC addresses as verified by OEM firmware:
vendor   OpenWrt   source
LAN      eth0      factory 0x4 (label)
2g       wlan0     label

Signed-off-by: Kroks <dev@kroks.ru>
[butirsky@gmail.com: port to master; drop dts-v1]
Signed-off-by: Andrey Butirsky <butirsky@gmail.com>
2022-09-11 01:30:11 +02:00
Nick Hainke
5a80226e96 lldpd: update to 1.0.15
Release Notes:
https://github.com/lldpd/lldpd/releases/tag/1.0.15

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-11 01:30:11 +02:00
Nick Hainke
f42e24f19d libbsd: update to 0.11.6
Update to latest version. Needs libmd.

Old size:
37615	libbsd0_0.10.0-1_aarch64_cortex-a53.ipk
new size (libmd linked static):
38514	libbsd0_0.11.6-1_aarch64_cortex-a53.ipk

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-11 01:30:11 +02:00
Nick Hainke
89a3987607 libmd: add library providing message digest functions
This library is needed by >= libbsd-0.11.3.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-11 01:30:11 +02:00
Kien Truong
fa468d4bcd iproute2: add missing libbpf dependency
This patch adds libbpf to the dependencies of tc-mod-iptables.

The package tc-mod-iptables is missing libbpf as a dependency,
which leads to the build failure described in bug #9491

    LIBBPF_FORCE=on set, but couldn't find a usable libbpf

The build dependency is already automatically added because some other
packages from iproute2 depend on libbpf, but bpftools has multiple build
variants. With multiple build variants none gets build by default and
the build system will not build bpftools before iproute2.

Fixes: #9491
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-09-11 01:30:11 +02:00
Jian Huang
7b1740e208 px5g-wolfssl: replace unnecessary strncmp()
Replace some of the calls to strncmp() with strcmp().

Signed-off-by: Jian Huang <JyanHw@outlook.com>
2022-09-11 01:30:11 +02:00
Andreas Böhler
5f8c86e654 realtek: add support for TP-Link SG2452P v4 aka T1600G-52PS v4
This is an RTL8393-based switch with 802.3af on all 48 ports.

Specifications:
---------------
 * SoC:       Realtek RTL8393M
 * Flash:     32 MiB SPI flash
 * RAM:       256 MiB
 * Ethernet:  48x 10/100/1000 Mbps with PoE+
 * Buttons:   1x "Reset" button, 1x "Speed" button
 * UART:      1x serial header, unpopulated
 * PoE:       12x TI TPS23861 I2C PoE controller, 384W PoE budget
 * SFP:       4 SFP ports

Works:
------
  - (48) RJ-45 ethernet ports
  - Switch functions
  - Buttons
  - All LEDs on front panel except port LEDs
  - Fan monitoring and basic control

Not yet enabled:
----------------
  - PoE - ICs are not in AUTO mode, so the kernel driver is not usable
  - Port LEDs
  - SFP cages

Install via web interface:
-------------------------

Not supported at this time.

Install via serial console/tftp:
--------------------------------

The U-Boot firmware drops to a TP-Link specific "BOOTUTIL" shell at
38400 baud. There is no known way to exit out of this shell, and no
way to do anything useful.

Ideally, one would trick the bootloader into flashing the sysupgrade
image first. However, if the image exceeds 6MiB in size, it will not
work. To install OpenWRT:

Prepare a tftp server with:
 1. server address: 192.168.0.146
 2. the image as: "uImage.img"

Power on device, and stop boot by pressing any key.
Once the shell is active:
 1. Ground out the CLK (pin 16) of the ROM (U6)
 2. Select option "3. Start"
 3. Bootloader notes that "The kernel has been damaged!"
 4. Release CLK as soon as bootloader thinks image is corrupted.
 5. Bootloader enters automatic recovery -- details printed on console
 6. Watch as the bootloader flashes and boots OpenWRT.

Blind install via tftp:
-----------------------

This method works when it's not feasible to install a serial header.

Prepare a tftp server with:
 1. server address: 192.168.0.146
 2. the image as: "uImage.img"
 3. Watch network traffic (tcpdump or wireshark works)
 4. Power on the device.
 5. Wait 1-2 seconds then ground out the CLK (pin 16) of the ROM (U6)
 6. When 192.168.0.30 makes tftp requests, release pin 16
 7. Wait 2-3 minutes for device to auto-flash and boot OpenWRT

Signed-off-by: Andreas Böhler <dev@aboehler.at>
2022-09-10 22:13:52 +02:00
Martin Kennedy
b688bf83f9 base-files: rename ethernet devs on known boards
Some platforms lack an established way to name netdevs; for example,
on x86, PCIe-based ethernet interfaces will be named starting from
eth0 in the order they are probed. This is a problem for many devices
supported explicitly by OpenWrt which have hard-wired, standalone or
on-CPU NICs not supported by DSA (which is usually used to rename the
ports based on their ostensible function).

To fix this, add a mapping between ethernet device name and sysfs
device path to board.json; this allows us to configure ethernet device
names we know about for a given board so that they correspond to
external labeling.

Signed-off-by: Martin Kennedy <hurricos@gmail.com>
2022-09-10 21:16:20 +02:00
Daniel Golle
f7dbdcfa54 mediatek: filogic: use WPS button instead of RST on BPi-R3
The GPIO used for the RST button is also used for PCIe-CLKREQ signal.
Hence it cannot be used as button signal if PCIe is also used.
Wire up WPS button to serve as KEY_RESTART in Linux and "reset" button
in U-Boot.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-10 19:20:26 +01:00
Daniel Golle
964b822180 kernel: fix Aquantia AQtion Atlantic module dependencies
The buildbot revealed that
Package kmod-atlantic is missing dependencies for the following libraries:
hwmon.ko
macsec.ko
make[2]: *** [modules/netdevices.mk:1474: /builder/shared-workdir/build/bin/targets/mediatek/mt7629/packages/kmod-atlantic_5.15.67-1_arm_cortex-a7.ipk] Error 1
make[2]: Leaving directory '/builder/shared-workdir/build/package/kernel/linux'
time: package/kernel/linux/compile#43.51#17.03#415.37
    ERROR: package/kernel/linux failed to build.
make[1]: *** [package/Makefile:116: package/kernel/linux/compile] Error 1
make[1]: *** Waiting for unfinished jobs....

Add those missing dependencies to fix the build.

Fixes: d02e887d7c ("kernel: add Aquantia AQtion Atlantic 10Gbps Ethernet")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-10 18:23:14 +01:00
Rafał Miłecki
7f443d2d9a base-files: support "metric" in board.json
It allows prepopulating /etc/config/network interface-s with predefined
metric. It may be useful for devices with multiple WAN ports.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-09-10 16:58:01 +02:00
Mehdi Ahmadi
d02e887d7c
kernel: add Aquantia AQtion Atlantic 10Gbps Ethernet
Driver support for Aquantia AQtion Atlantic 10Gbps Ethernet NIC
with the AQC107, AQC108 and others chipsets found on:

 - TP-Link: TX401
 - Asus: XG-C100C, ROG Areion 10G NIC
 - & more ...

Successfully tested using a build with 22.03.0-rc6
(x86_64/EFI image) and the following outputs:

```
[    3.092053] pci 0000:06:00.0: [1d6a:07b1] type 00 class 0x020000
[    3.094983] pci 0000:06:00.0: reg 0x10: [mem 0x50800000-0x5080ffff 64bit]
[    3.098880] pci 0000:06:00.0: reg 0x18: [mem 0x50810000-0x50810fff 64bit]
[    3.108868] pci 0000:06:00.0: reg 0x20: [mem 0x50400000-0x507fffff 64bit]
[    3.108883] pci 0000:06:00.0: enabling Extended Tags
[    3.118874] pci 0000:06:00.0: supports D1 D2
[    3.118874] pci 0000:06:00.0: PME# supported from D0 D1 D2 D3hot D3cold
[    3.128891] pci 0000:06:00.0: 7.876 Gb/s available PCIe bandwidth, limited by 8.0 GT/s PCIe x1 link at 0000:00:1d.0 (capable of 31.504 Gb/s with 8.0 GT/s PCIe x4 link)
[   10.312793] atlantic 0000:06:00.0: enabling device (0000 -> 0002)
[   23.223813] atlantic 0000:06:00.0 eth0: atlantic: link change old 0 new 10000

lsmod && uname -ar ;
  # atlantic              147456  0
  # # // ...
  # Linux version 5.10.138 (vagrant@make-host) (x86_64-openwrt-linux-musl-gcc (OpenWrt GCC 11.3.0 r20430-18a2b29aa1) 11.3.0, GNU ld (GNU Binutils) 2.37) #0 SMP Mon Aug 29 09:54:00 2022
```

Signed-off-by: Mehdi Ahmadi <aphorise@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
[ fix wrong commit author as requested by author itself ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-10 15:36:16 +02:00
Daniel Golle
2510a587a6 linux-firmware: package MediaTek MT792[12] Bluetooth firmware
btusb fails to start on MT792[12] hardware without the appropriate
firmware being loaded first:
[    9.750285] bluetooth hci0: Direct firmware load for mediatek/BT_RAM_CODE_MT7961_1_2_hdr.bin failed with error -2
[    9.765723] bluetooth hci0: Falling back to sysfs fallback for: mediatek/BT_RAM_CODE_MT7961_1_2_hdr.bin

Package firmware for MediaTek MT792[12] Bluetooth from linux-firmware.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-09 21:08:37 +01:00
Daniel Golle
6d1a398c5b kernel: modules: bluetooth: include support for MediaTek USB
Enable MediaTek protocol in btusb module to support e.g. the Bluetooth
part of the MT7921K NGFF/M.2 module.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-09 21:08:37 +01:00
Tomasz Maciej Nowak
47306d47ef ipq-wifi: add Pakedge WR-1 support
Calibration variants:
Pakedge-WR-1		ETSI, FCC and IC-2.4GHz
Pakedge-WR-1-ACMA	ACMA
Pakedge-WR-1-IC		IC-5GHz
Pakedge-WR-1-SRRC	SRRC

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
2022-09-07 21:21:38 +02:00
Tomasz Maciej Nowak
80baffd2aa ipq40xx: add support for Pakedge WR-1
Pakedge WR-1 is a dual-band wireless router.

Specification
SoC: Qualcomm Atheros IPQ4018
RAM: 256 MB DDR3
Flash: 32 MB SPI NOR
WIFI: 2.4 GHz 2T2R integrated
      5 GHz 2T2R integrated
Ethernet: 5x 10/100/1000 Mbps QCA8075
USB: 1x 2.0
LEDS: 8x (3 GPIO controlled, 5 connected to switch)
Buttons: 1x GPIO controlled
UART: pin header J5
      1. 3.3V, 2. GND, 3. TX, 4. RX
      baud: 115200, parity: none, flow control: none

Installation
1. Rename initramfs image to:
   openwrt-ipq806x-qcom-ipq40xx-ap.dk01.1-c1-fit-uImage-initramfs.itb
   and copy it to USB flash drive with FAT32 file system.
2. Connect USB flash drive to the router and apply power while pressing
   reset button. Hold the button, on the lates bootloader version, when
   Power and WiFi-5 LEDs will start blinking release it. For the older
   bootloader holding it for 15 seconds should suffice.
3. Now the router boots the initramfs image, at some point (close to one
   minute) the Power LED will start blinking, when stops, router is fully
   booted.
4. Connect to one of LAN ports and use SSH to open the shell at
   192.168.1.1.
5. ATTENTION! now backup the mtd8 and mtd9 partitions, it's necessary if,
   at some point, You want to go back to original firmware. The firmware
   provided by manufacturer on its site is encrypted and U-Boot accepts
   only decrypted factory images, so there's no way to restore original
   firmware.
6. If the backup is prepared, transfer the sysupgrade image to the router
   and use 'sysupgrade' command to flash it.
7. After successful flashing router will reboot. At some point the Power
   LED will start blinking, wait till it stops, then router is ready for
   configuration.

Additional information
U-Boot command line is password protected. Password is unknown.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
2022-09-07 21:21:38 +02:00
Tomasz Maciej Nowak
3b7948474f kernel: load loop driver before creating overlay
Creating overlay will fail if there's no loop device.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
2022-09-07 21:21:38 +02:00
Tomasz Maciej Nowak
6c4cd85785 kernel: load FAT filesystem drivers before mount_root
Devices using GPT usually have FAT filesystem on boot partition and
that's where the intermediary backup of system configuration is stored
on sysupgrade. Automatic restoring of OpenWrt configuration after
sysupgrade will be inhibited if the driver is not loaded and file system
type is not specified in mount command.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
2022-09-07 21:21:38 +02:00
Daniel Golle
292146fda6 arm-trusted-firmware-tools: update to v2.7
Update host build of fiptool and use the new python sptool.py instead
of the previous sptool executable.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-07 04:22:40 +01:00
Nick Hainke
7cae914939 libunwind: update to 1.6.2
Remove upstreamed:
- 001-Don-t-force-exec_prefix-lib64-libdir-on-ppc64.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-07 04:22:40 +01:00
Nick Hainke
fed8550df7 xdp-tools: update to v1.2.6
Release Notes:
https://github.com/xdp-project/xdp-tools/releases/tag/v1.2.6

The update contains important fixes for cross-compilation.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-07 04:22:39 +01:00
Felix Fietkau
33c11442b2 mt76: update to the latest version
d70546462b7b mt76: fix 5 GHz connection regression on mt76x0/mt76x2

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-06 22:45:24 +02:00
Nick Hainke
d40948b35d libsepol: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:48 +01:00
Nick Hainke
17dd8c7305 libselinux: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:48 +01:00
Nick Hainke
45990ff76e mtd-utils: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:46 +01:00
Nick Hainke
79f3e6e2c1 libnfnetlink: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:45 +01:00
Nick Hainke
7ea924d74f libmnl: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:44 +01:00
Nick Hainke
91e65314a7 f2fs-tools: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:42 +01:00
Nick Hainke
5bc8e5a5a9 libnl: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:41 +01:00
Nick Hainke
f93795cd90 jansson: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:40 +01:00
Nick Hainke
2091a76d34 libusb: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:38 +01:00
Nick Hainke
8eca549bdc lldpd: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:37 +01:00
Nick Hainke
55c015ae4d strace: replace PKG_CPE_ID
Searching for strace in nvd.nist.gov/products/cpe/search [0] will result
in "cpe:/a:strace_project:strace". Replace the current PKG_CPE_ID with
it.

[0] - https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.2&keyword=strace

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:36 +01:00
Nick Hainke
5c238a44e9 ethtool: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:35 +01:00
Nick Hainke
f9a502c721 libcap: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:34:52 +01:00
Nick Hainke
e7661c64c3 nettle: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:34:26 +01:00
Felix Fietkau
09ea1db93b hostapd: rename hostapd multicast_to_unicast option to multicast_to_unicast_all
There are two feature currently altered by the multicast_to_unicast option.
1. bridge level multicast_to_unicast via IGMP snooping
2. hostapd/mac80211 config multicast_to_unicast setting

The hostapd/mac80211 setting has the side effect of converting *all* multicast
or broadcast traffic into per-station duplicated unicast traffic, which can
in some cases break expectations of various protocols.
It also has been observed to cause ARP lookup failure between stations
connected to the same interface.

The bridge level feature is much more useful, since it only covers actual
multicast traffic managed by IGMP, and it implicitly defaults to 1 already.

Renaming the hostapd/mac80211 option to multicast_to_unicast_all should avoid
unintentionally enabling this feature

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-06 12:15:48 +02:00
David Bauer
02f81494bb ipq-wifi: add Extreme Networks WS-AP3915i
Signed-off-by: David Bauer <mail@david-bauer.net>
2022-09-06 02:54:30 +02:00
Nick Hainke
f1b5ed3143 uboot-envtools: update to 2022.07
Update to latest version.

Remove upstreamed patches:
- 100-fw_env-make-flash_io-take-buffer-as-an-argument.patch
- 101-fw_env-simplify-logic-code-paths-in-the-fw_env_open.patch
- 102-fw_env-add-fallback-to-Linux-s-NVMEM-based-access.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-02 23:13:53 +02:00
Josef Schlehofer
3a702f8733 kernel: build crypto md5/sha1/sha256 modules for powerpc
This builds and enables kernel optimized modules for mpc85xx target:
- CONFIG_CRYPTO_MD5_PPC [1]
- CONFIG_CRYPTO_SHA1_PPC_SPE [2]
- CONFIG_CRYPTO_SHA256_PPC_SPE [3]

Where it was possible, then use Signal Processing Engine, because
CONFIG_SPE is already enabled in mpc85xx config.

[1] https://cateee.net/lkddb/web-lkddb/CRYPTO_MD5_PPC.html
[2] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA1_PPC.html
[3] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA256_PPC_SPE.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-09-02 23:13:53 +02:00
Nick Hainke
392febc6f6 gdb: update to 12.1
Release Notes:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob_plain;f=gdb/NEWS;hb=gdb-12.1-release

Refresh patches:
- 110-shared_libgcc.patch
- 130-gdb-ctrl-c.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-02 23:13:53 +02:00
Ivan Pavlov
3d88f26d74 wolfssl: bump to 5.5.0
Remove upstreamed: 101-update-sp_rand_prime-s-preprocessor-gating-to-match.patch

Some low severity vulnerabilities fixed
OpenVPN compatibility fixed (broken in 5.4.0)
Other fixes && improvements

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
2022-09-02 21:56:25 +02:00
Claudiu Beznea
e9f12931e6 at91bootstrap: use sdmmc0 as booting media for sama5d27_som1_ek
Commit 0b7c66c ("at91bootstrap: add sama5d27_som1_eksd1_uboot as
default defconfig") changed default booting media for sama5d27_som1_ek
board w/o any reason. Changed it back to sdmmc0 as it is for all the
other Microchip supported distributions for this board (Buildroot,
Yocto Project). The initial commit cannot be cleanly reverted.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2022-09-02 20:43:51 +02:00
Claudiu Beznea
9a49788008 uboot-at91: use sdmmc0 as booting media for sama5d27_som1_ek
Commit adc69fe (""uboot-at91: changed som1 ek default defconfigs")
changed the booting media to sdmmc1 as default booting w/o any reason.
The Microchip releases for the rest of supported distributions (Buildroot,
Yocto Project) uses sdmmc0 as default booting media for this board.
Thus change it back to sdmmc0. With this remove references to sdmmc1
config. The initial commit cannot be cleanly reverted.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2022-09-02 20:43:51 +02:00
Felix Fietkau
90f55f5bf1 unetd: update to the latest version
f5d02c32f811 pex: add support for sending endpoint notification from the wg port via raw socket
c3b1127236a0 ubus: add support for querying active networks
8ad119715168 ubus: add support for adding auth_connect hosts at runtime
26dc52789d41 network: add support for configuring extra peers via a separate json file
d7fb9e5b065b ubus: add reload command

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-01 20:42:08 +02:00
Felix Fietkau
23a7188ab4 unetd: fix handling of connect/tunnel list
change the type to array, so that uci lists can be used

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-01 20:42:08 +02:00
Jo-Philipp Wich
ab31ffc425 firewall4: update to latest Git HEAD
f5fcdcf cli: introduce test mode and refuse firewall restart on errors
a540f6d fw4: fix cosmetic issue with per-ruleset and per-table include paths
695e821 doc: fix swapped include positions in nftables.d README

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-09-01 12:39:05 +02:00
Nick Hainke
bae87942bc nettle: update to 3.8.1
Release Notes:
https://lists.gnu.org/archive/html/info-gnu/2022-07/msg00010.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-31 23:25:39 +02:00
Nick Hainke
f15137c455 readline: update to 8.1.2
Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-31 23:25:39 +02:00
Josef Schlehofer
f8f9d6901c kernel: fix typo for tegra crypto-sha1 module
Fixes: e889489bed ("kernel: build
arm/neon-optimized sha1/512 modules")

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-08-31 23:25:39 +02:00
Daniel Golle
11a6021866 arm-trusted-firmware-mediatek: update to sources of 2022-08-31
Drop downstream patches which have been replaced with equivalent
upstream changes.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-31 21:10:39 +01:00
Daniel Golle
0ea329fec4 uboot-mediatek: replace patches with updated versions
Weijie Gao has submitted an updated version of the patchset adding
support for MT7986 and MT7981 to U-Boot. Use that v2 patchset.

Changes of v2:
- Add cpu driver for print_cpuinfo()
- Fix NULL pointer dereference in mtk_image
  (was already fixed in OpenWrt)
- Fix coding style
- Minor changes

https://patchwork.ozlabs.org/project/uboot/list/?series=316148

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-31 14:02:45 +01:00
Daniel Golle
38f7e932a5 uboot-envtools: add support for Bananapi BPi-R3
Create new mediatek_filogic file and add entries for environment on
MMC, UBI and NOR for the Bananapi BPi-R3.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-30 13:36:28 +01:00
Daniel Golle
c2bc1bd99a uboot-mediatek: add support for Bananapi BPi-R3
The Bananapi BPi-R3 board can boot from eMMC, SD card, SPI-NAND and
SPI-NOR, depending on the position of switches controlling the BOOTSEL
bootstrap pins as we as hard-wired chip-select lines. The position of the
chip-select switch SW6 decides whether either SD card or eMMC can be
accessed, SW5 selects either SPI-NAND or SPI-NOR.

Generate U-Boot for all 4 boot options. The SD card version allows
installation to SPI-NAND and SPI-NOR (eMMC cannot be accessed
simultanously with the SD card), the SPI-NAND version allows installation
to eMMC.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-30 13:36:28 +01:00
Felix Fietkau
2984a04206 mac80211: disable ft-over-ds by default
Testing has shown it to be very unreliable in variety of configurations.
It is not mandatory, so let's disable it by default until we have a better
solution.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-08-30 10:58:20 +02:00
Jo-Philipp Wich
c6d6306827 update: update to latest Git HEAD
344fa9e lib: extend render() to support function values
89452b2 lib: improve getenv() and split() implementations

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-08-30 00:06:50 +02:00
Felix Fietkau
f39d9ea0c2 unetd: update to the latest version, makes VXLAN/eBPF optional
b75791a6db25 scripts/update-cmd.pl: reorder add/remove calls to better deal with dynamic changes
c29e1ad045d0 scripts/update-cmd.pl: set device up before adding routes/addresses
5ad35ce4beea scripts/update-cmd.pl: run update two times
5d79b88f00c1 add support for overriding peer-exchange-port for individual hosts
0041fcacb624 add support for disabling VXLAN/eBPF support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-08-29 20:55:49 +02:00
Felix Fietkau
314cad2cba unetd: update to the latest version
5cbd55f60346 unet-cli: fix formatting of help text
59b97448b636 build.sh: force use of -fPIC on static libraries to fix build error
74a14c00abb0 pex-msg: fix siphash key initializer

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-08-28 22:31:18 +02:00
Hauke Mehrtens
05df135cac wolfssl: Rebuild when libwolfssl-benchmark gets changes
This forces a rebuild of the wolfssl package when the
libwolfssl-benchmark OpenWrt package gets activated or deactivated.
Without this change the wolfssl build will fail when it compiled without
libwolfssl-benchmark before and it gets activated for the next build.

Fixes: 18fd12edb8 ("wolfssl: add benchmark utility")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-28 21:42:26 +02:00
Daniel Golle
06c4fc6d5e kernel: enable inside secure driver for MediaTek platforms
Older MT7623 ARMv7 SoC as well as new Filogic platforms come with
inside-secure,safexcel-eip97 units. Enable them in DTS and select the
driver kernel module by default on those platforms.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-28 20:33:15 +01:00
Felix Fietkau
a1c5ca82ff mt76: add mt7986 wmac support
Add firmware package for MT7986 and enable WMAC support in the driver

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-08-28 20:33:15 +01:00
Daniel Golle
0a18456ffc uboot-mediatek: no compression means IH_COMP_NONE
Treat missing compression node in FIT image as IH_COMP_NONE.
This is implicentely already happening in most places, but for now
was still triggering an annoying warning about initramfs compression
being obsolete despite compression note being absent.
Fix this.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-28 20:33:15 +01:00
Daniel Golle
20eee0d6cb uboot-mediatek: mt7986: add generic reset button support
Allow resetting environment to default values when defined button
exists in device tree.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-28 20:33:15 +01:00
Daniel Golle
85581cc89a uboot-mediatek: mt7986: support PSTORE/ramoops
Assign reserved memory for PSTORE/ramoops for the MT7986 SoC.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-28 20:33:15 +01:00
Daniel Golle
d3a337a592 uboot-mediatek: additions from MTK SDK
* updated SNAND/SNFI driver brings support for MT7981
 * add support for MediaTek NAND Memory bad Block Management (NMBM)
   (not used for any boards atm, but could be useful in future)
 * wire up NMBM support for MT7622, MT7629, MT7981 and MT7986
 * replace some local patches with updated version from SDK
 * bring some legacy precompiler symbols which haven't been converted
   into Kconfig symbols in U-Boot 2022.07, remove when bumbping to
   U-Boot 2022.10:
   100-28-include-configs-mt7986-h-from-SDK.patch

Source: https://github.com/mtk-openwrt/u-boot
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-28 20:33:15 +01:00
Daniel Golle
c09eb08dad uboot-mediatek: add support for MT798x platforms
Import pending patches to support the upcoming Filogic platforms.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-28 20:33:15 +01:00
Daniel Golle
a4933cdd12 uboot-mediatek: add support for compressed BL3/FIP image
MediaTek's ARM Trusted Firmware v2.7+ allows the images inside a FIP
structure to be compressed. Make use of that for boards with NOR flash.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-28 20:33:15 +01:00
Daniel Golle
d118cbdfec uboot-mediatek: fix factory reset on UBI
Truncating a UBI volume using `ubi write 0x0 volname 0x0` results in
segfault on newer U-Boot. Write 1MB of 0s instead.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-28 20:33:15 +01:00
Daniel Golle
a1b263698c arm-trusted-firmware-mediatek: update to v2.7+ from MediaTek
The updated sources bring support for the MT798x Filogic SoC family.

Add builds for MT7986 with most supported storage types, each for DDR3
and DDR4 configurations.

A better solution for skipping bad blocks on SPI-NAND connected via the
SNFI interface has been implemented upstream, so drop local patch.
Add pending patches [1] and [2] to fix boot on existing MT7622 boards.

Tested on BananaPi BPi-R64 (SDMMC, eMMC, SPI-NAND), Linksys E8450 and
Ubiquiti UniFi 6 LR as well as upcoming Bananapi BPi-R3 board for which
support will be added in future patches.

[1]: https://github.com/mtk-openwrt/arm-trusted-firmware/pulls/#3
[2]: https://github.com/mtk-openwrt/arm-trusted-firmware/pulls/#4

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-28 19:05:58 +01:00
Daniel Golle
14ce999924 trusted-firmware-a.mk: pass DTC path similar to u-boot.mk
Instead of relying on dtc being provided by the build host use the
dtc from $(LINUX_DIR) similar to how it's done also in u-boot.mk.
For this to work kernel.mk now needs to be included before
trusted-firmware-a.mk, add this include to all affected packages.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-28 19:01:55 +01:00
Nick Hainke
85c0cef461 popt: update to 1.18
Changes from popt 1.16:
- fix an ugly and ancient security issue with popt failing to drop privileges on alias exec from a SUID/SGID program
- perform rudimentary sanity checks when reading in popt config files
- collect accumulated misc fixes (memleaks etc) from distros
- convert translations to utf-8 encoding
- convert old postscript documentation to pdf
- dust off ten years worth of autotools sediment
- reorganize and clean up the source tree for clarity
- remove the obnoxious splint annotations from the sources

Switch to new mirror:
http://ftp.rpm.org/popt/releases/

Switch URL to:
https://github.com/rpm-software-management/popt

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-28 18:29:10 +02:00
Nick Hainke
36bec544d7 nftables: update to 1.0.5
Remove upstreamed patch:
- 0001-meta-don-t-use-non-POSIX-formats-in-strptime.patch

Changes:
13248670 build: Bump version to 1.0.5
3432eebd tests/py: disable arp family for queue statement
180ce4d7 meta: don't use non-POSIX formats in strptime()
c1c223f1 src: allow anon set concatenation with ether and vlan
87c3041b evaluate: search stacked header list for matching payload dep
b1e3ed03 netlink_delinearize: also postprocess OP_AND in set element context
f680055c tests: add a test case for ether and vlan listing
dbd5f348 debug: dump the l2 protocol stack
0d9daa04 proto: track full stack of seen l2 protocols, not just cumulative offset
89688c94 netlink_delinearize: postprocess binary ands in concatenations
0542a431 netlink_delinearize: allow postprocessing on concatenated elements
8efab552 parser_json: fix device parsing in netdev family
76fae8f5 src: proto: support DF, LE PHB, VA for DSCP
446e76db doc: Document limitations of ipsec expression with xfrm_interface
a2ddb38f cache: report an error message if cache initialization fails
649b8ce3 cache: validate handle string length
64c74ba5 cache: prepare nft_cache_evaluate() to return error
46980cdd rule: crash when uncollapsing command with unexisting table or set
8a6cdfaf cache: release pending rules when chain binding lookup fails
e17337df evaluate: report missing interval flag when using prefix/range in concatenation
45c097c6 scanner: allow prefix in ip6 scope
6c23bfa5 segtree: fix map listing with interface wildcard
8623772a scanner: don't pop active flex scanner scope
994bf500 parser: add missing synproxy scope closure
ed2426bc tests/py: Add a test for failing ipsec after counter
27107b49 evaluate: fix segfault when adding elements to invalid set
0f82b07f mnl: store netlink error location for set elements
15b3be2e src: remove NFT_NLATTR_LOC_MAX limit for netlink location error reporting
f56e901a parser_bison: fix error location for set elements
6d1ee926 intervals: check for EXPR_F_REMOVE in case of element mismatch
5357cb7b intervals: fix crash when trying to remove element in empty set
d54510f8 netlink_delinearize: memleak when parsing concatenation data
12a223ce libnftables: release top level scope
b91bbf88 optimize: limit statement is not supported yet
45a61a75 optimize: assume verdict is same when rules have no verdict
fa409176 optimize: only merge OP_IMPLICIT and OP_EQ relational
29e62111 tests: shell: run -c -o on ruleset
887405df optimize: add unsupported statement
8f61a69e optimize: add hash expression support
ca8fd77a optimize: add numgen expression support
721efd64 optimize: add binop expression support
f7e901a2 optimize: add fib expression support
54b1e49f optimize: add xfrm expression support
0beaea37 optimize: add osf expression support
d07fe8e8 optimize: fix verdict map merging
38d48fe5 optimize: fix reject statement
f9939f89 optimize: remove comment after merging
8f10f33a optimize: do not print stateful information
3ac932e9 optimize: do not merge rules with set reference in rhs
64ebb03a optimize: do not compare relational expression rhs when collecting statements
59e3a592 intervals: Do not sort cached set elements over and over again
d434de8b intervals: do not empty cache for maps
87ba510f intervals: do not report exact overlaps for new elements
498a5f0c rule: collapse set element commands
8fafe4e6 tests: shell: runtime set element automerge
638af0ce Revert "scanner: flags: move to own scope"

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-28 18:29:10 +02:00
Nick Hainke
ce28f303e8 libnftnl: update to 1.2.3
Changes:
817c8b6 build: libnftnl 1.2.3 release
84d12cf build: fix clang+glibc snprintf substitution error

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-28 18:29:10 +02:00
Nick Hainke
9011f987d5 iproute2: replace musl-compilation-fix with upstream fix
Instead of defining the MIN version it is enough to include "#include
<sys/param.h>".

Delete patch:
- 105-ipstats-Define-MIN-function-to-fix-undefined-referen.patch

Add patch:
- 010-ipstats-Add-param.h-for-musl.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-28 18:29:10 +02:00
Nick Hainke
e74b79ed56 wireguard-tools: update to v1.0.20210914
Update to latest version.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-28 18:29:10 +02:00
Nick Hainke
8171aad4f1 ethtool: update to 5.19
Release Notes:
https://lore.kernel.org/netdev/20220821234539.f7nslwyd53bsftsy@lion.mk-sys.cz/T/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-28 18:29:10 +02:00
Nick Hainke
781a2e2008 strace: update to 5.19
Release Notes:
https://strace.io/files/5.19/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-08-28 18:29:10 +02:00
Daniel Golle
f0adf253fd uboot-envtools: mt7622: use 4k sectors for UniFi 6 LR (ubootmod)
Use 4k sectors when accessing the U-Boot environment on the 64MiB
SPI-NOR flash chip found in the UniFi 6 LR. The speeds up environment
write access as only 4kB instead of 64kB have to be written.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-28 16:11:09 +01:00
Daniel Golle
0bc8889e7b uboot-mediatek: fix Ubiquiti UniFi 6 LR U-Boot mod
Image names as well as the calculation of the padded image size did
not work as intended. Fix that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-28 16:11:09 +01:00
Hauke Mehrtens
f3870546a5 mbedtls: update to version 2.28.1
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.

The build problem was reported upstream:
https://github.com/Mbed-TLS/mbedtls/issues/6243

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-28 12:37:54 +02:00
Etienne Champetier
0c8d7e34ab iptables: default to ip(6)tables-nft when using buildroot
35fec487e3 fixed opkg usage,
but when using buildroot we were still defaulting to
ip(6)tables-legacy

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-08-27 22:39:32 +02:00
Felix Fietkau
104de8abe4 unetd: add WireGuard based VPN connection manager for OpenWrt
This package simplifies setting up wireguard networks on OpenWrt by a wireguard
network as a JSON file, which can be shared across all participating nodes.
It can be signed with an authentication key and automatically kept in sync.
unetd also supports deterministically generating ipv6 addresses for each host
based on the public key and storing those in a hosts file that can be used with
dnsmasq. It also supports automatically creating VXLAN tunnels between multiple
endpoints.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-08-27 15:24:58 +02:00
Daniel Golle
1f84d45e18 ltq-vdsl-fw: fix firmware installer
The downloaded filename was wrong in multiple places. Fix that.

Fixes: 2f95dd8ff0 ("ltq-vdsl-fw: update w921v firmware download URL")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-08-26 22:32:47 +01:00
Felix Fietkau
ec7d32f376 mt76: update to the latest version
9485e3b47066 mt76: remove q->qid
e5674c4aa402 mt76: mt7921: enable HW beacon filter not depending on PM flag
7fd299e3c921 mt76: mt7921: enable HW beacon filter in the initialization stage
d5459efaaf14 mt76: mt7921: make mt7921_pci_driver static
b8304b456e23 mt76: connac: move tx initialization/cleanup in mt76_connac module
6e0d7077486c mt76: mt7921: reduce log severity levels for informative messages
cb80da974fe6 mt76: mt7921: reduce the mutex lock scope during reset
a2d61f4f4063 mt76: mt7915 add ht mpdu density
08ea730c1130 mt76: add len parameter to __mt76_mcu_msg_alloc signature
60ef85fa352c mt76: introduce MT_RXQ_BAND2 and MT_RXQ_BAND2_WA in mt76_rxq_id
8ccbb38ca6e6 mt76: add phy_idx in mt76_rx_status
eb19ac83c07e mt76: introduce phys array in mt76_dev structure
30887591e3ab mt76: add phy_idx to mt76_wcid
4bf8c20a9524 mt76: convert MT_TX_HW_QUEUE_EXT_PHY to MT_TX_HW_QUEUE_PHY
e6c6bf8cee09 mt76: get rid of mt76_wcid_hw routine
120f73ad992a mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
111e92cf8c22 mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node()
13bedd62ff4a mt76: connac: introduce mt76_connac_reg_map structure
5ec78e1ec43d wifi: mt76: fix reading current per-tid starting sequence number for aggregation

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-08-26 19:49:16 +02:00
Felix Fietkau
31648c4b59 netifd: update to the latest version
76d2d41b7355 interface: fix use-after-free bug when rewriting resolv.conf

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-08-25 21:16:26 +02:00
Petr Štetiar
34ddd2e545 rpcd: bump version to 2022-08-24
gcc 10 with -O2 reports following:

 In function ‘strncpy’,
     inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:244:4:
 /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation]
   106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
       |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 In function ‘strncpy’,
     inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:227:4:
 /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation]
   106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
       |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Since it is not possible to avoid truncation by strncpy, it is necessary
to make sure the result of strncpy is properly NUL-terminated and the
NUL must be inserted explicitly, after strncpy has returned.

References: #10442
Reported-by: Alexey Smirnov <s.alexey@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-08-25 06:59:41 +02:00
Jo-Philipp Wich
fe86b2ffaa firewall4: update to latest Git HEAD
a4484d4 fw4: support automatic includes
ca7e3a1 fw4: honour enabled option of include sections
5a02f74 tests: add missing fs.stat) mock data for `nf_conntrack_dummy`
111a7f7 fw4: don't inherit zone family from ct helpers

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-08-24 23:25:11 +02:00
Jo-Philipp Wich
66a360206e rpcd: update to latest Git HEAD
ae5afea ucode: parse ucode plugin scripts in raw mode, init search path

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-08-24 23:25:11 +02:00
Jo-Philipp Wich
4ee77cfcfa uhttpd: update to latest Git HEAD
e3395cd ucode: initialize search path before VM init
8cb3f85 ucode: initialize default library search path
188dea2 utils: accept '?' as path terminator in uh_path_match()
c5eac5d file: support using dynamic script handlers as error pages
290ff88 relay: trigger close if in header read state with pending data
f9db538 ucode: ignore exit exceptions
8ba0b64 cmake: use variables and find_library for dependency

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-08-24 23:25:11 +02:00
Jo-Philipp Wich
3446d32616 ucode: update to latest Git HEAD
bcdd2cb examples: add module search path initialization and freeing
ee1946f ubus: fix GCC strncpy() truncation warning
131d99c lib: introduce three new functions call(), loadstring() and loadfile()
8e8dae0 lib: introduce helper function for indenting error messages
476f02b lib: simplify include_path()
d84b53a source: avoid null pointer access in uc_source_runpath_set()
c43a54f types: gracefully handle unpatched upvalues in ucv_free()
e2fb11a README.md: document gc() function
b41cb2d main: introduce -g flag to allow enabling periodic gc from cli
85d7885 lib: implement gc()
47528f0 vm: support automatic periodic GC runs
381cc75 types: treat vm->exports as GC roots
fcc49e6 compiler: add import statement support for dynamic extensions
c9442f1 vm: introduce new I_DYNLOAD opcode
b6fd8a2 lib: internally expose new uc_require_library() helper
a486adc vm: don't treat offset 0 special for exceptions
41ccd19 compiler: don't treat offset 0 special at syntax errors
b4a3f68 compiler: improve formatting of nested syntax error messages
5d5dadc program: remove now unused uc_program_export_lookup()
304995b compiler: rework export index allocation
506cc37 compiler: fix deriving module path from source runpath
54b7fac compiler: enforce stricter module compilation rules
d62e372 vm: don't initialize upvalues for module functions
b856602 program: add serialization and deserialization for module function flag
d7d1bde compiler: add a flag denoting module functions
156d584 treewide: unexport libucode internal functions
10e056d compiler: add support for import/export statements
862e49d compiler: resolve predeclared upvalues
78dfb08 compiler: require a name in function declarations
afd78c1 compiler: fix reported source position in inc/dec operator error
e1c3db0 tests: run_tests.sh: substitute dynamic test directory path in output
3c168b5 vm, cli: move search path into global configuration structure
d85bc71 vm: introduce import and export opcodes
365782e vm: honor constant flag of objects and arrays
6becc64 vm: transparently resolve upvalue references
3418967 vm: gracefully handle unresolved upvalues
50cf572 program: add function to globally lookup exported name
c441f65 program: add infrastructure to handle multiple sources per program
2322468 program: fix reporting source position of first instruction
9c9a9ec program: fix en/decoding debuginfo upvalue slots in precompiled bytecode
41114a0 source: add tracking of exported symbols
70ae304 lib: honor constant flag of arrays
3c104f5 types: resolve upvalue references on stringification
3a6f9cb types: add ability to mark array and object values as constant
b738f3a lexer: recognize module related keywords
03c8e4b lexer: rewrite token scanner
fd433aa lexer: fix parsing with disabled block left stripping
557577a rtnl: fix parsing/creation of IFLA_AF_SPEC RTA for the AF_BRIDGE family
35c6b73 compiler: fix stack mismatch on continue statements nested in switches
f673096 uloop: end uloop on exceptions in managed code
2e5426c ubus: end uloop on exceptions in managed code
c024270 rtnl: expose IFLA_STATS64 contents
d3c58c0 rtnl: expose ifinfomsg.ifi_change member
c4dde50 rtnl: update NETLINK_GET_STRICT_CHK socket flag with every request
7ef0d02 nl80211: fix NL80211_SURVEY_INFO_NOISE datatype
9a2e592 compiler: fix stack mismatch on nonmatching switch statements with locals
03c8ca5 nl80211: recognize further NL80211_STA_INFO_* NLAs
a1ed566 struct: add optional offset argument to `unpack()`
230e595 rtnl: fix segmentation fault on parsing linkinfo RTA without data
523566d rtnl: zero request message headers
56be30d rtnl: fix premature netlink reply receive abort
1347440 rtnl: avoid stray "netlink: %d bytes leftover after parsing attributes."
44b0a3b struct: fix packing `*` format after other repeated formats

Also package uloop binding module which has been introduced by a previous
ucode update and introduce a host build with the basic set of modules.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-08-24 23:25:11 +02:00
Joerg Werner
9fbb76c047 hostapd: fix WPA3 enterprise keys and ciphers
WPA3 enterprise requires group_mgmt_cipher=BIP-GMAC-256 and if 802.11r is
active also wpa_key_mgmt FT-EAP-SHA384. This commit also requires
corresponding changes in netifd.

Signed-off-by: Joerg Werner <schreibubi@gmail.com>
2022-08-20 22:56:12 +02:00
Hauke Mehrtens
8008816a2c netifd: update to git HEAD
87fbefd interface: support "zone" config option
bfa039c netifd: fix WPA3 enterprise ciphers

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-20 22:56:12 +02:00
Hauke Mehrtens
cc6a323e23 iwinfo: update to latest HEAD
0dad3e6 Add support for CCMP-256 and GCMP-256 ciphers

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-20 22:56:12 +02:00
Sultan Alsawaf
f338f76a66 mac80211: parse the correct set of HE capabilities for AP mode
It is common for 802.11ax NICs to support more than just AP mode, which
results in there being a distinct set of HE capabilities for each mode. As
(bad) luck would have it, iw prints out info for each HE mode in sequential
order according to `enum nl80211_iftype`, and AP mode isn't always first.

As a result, the wrong set of HE capabilities can be parsed if an AP NIC
supports station (managed) mode or any other mode preceding AP mode, since
only the first set of HE capabilities printed by iw is parsed from awk's
output.

This has a noticeable impact on beamforming for example, since managed mode
usually doesn't have beamformer capabilities enabled, while AP mode does.
Hostapd won't be set up with the configs to enable beamformer capabilities
in this scenario, causing hostapd to disable beamforming to HE stations
even when it's supported by the AP.

Always parse the correct set of HE capabilities for AP mode to fix this.
This is achieved by trimming all of iw's output prior to the AP mode
capabilities, which ensures that the first set of HE capabilities are
always for AP mode.

Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
2022-08-20 12:33:50 +02:00
Daniel Groth
8c04a5c456 realtek: d-link: add support for dgs-1210-10mp
General hardware info:
-------------------------------------------------------------------------------

D-Link DGS-1210-10MP is a switch with 8 ethernet ports and 2 SFP ports, all
ports Gbit capable. It is based on a RTL8380 SoC @ 500MHz, DRAM 128MB and
32MB flash. All ethernet ports are 802.3af/at PoE capable
with a total PoE power budget of 130W.

File info:
-------------------------------------------------------------------------------
The dgs-1210-10mp is very similar to dgs-1210-10p so I used that as a start.

rtl838x.mk:
 - Removed lua-rs232 package since it was a leftover from the old rtl83xx-poe
   package.
 - Updated the soc to 8380.
 - Specified device variant: F.
 - Installed the new realtek-poe package.

rtl8380_d-link_dgs-1210-10mp.dts:
 - Moved dgs-1210 family common parts and non PoE related ports on rtl8231
   to the new device tree dtsi files.

Serial connection:
-------------------------------------------------------------------------------
The UART for the SoC (115200 8N1) is available close to the front panel next
to the LED/key card connector via unpopulated standard 0.1" pin header
marked j4. Pin1 is marked with arrow and square.

Pin 1: Vcc 3,3V
Pin 2: Tx
Pin 3: Rx
Pin 4: Gnd

Installation with TFTP from u-boot
-------------------------------------------------------------------------------
I originally used the install procedure:
'OpenWrt installation using the TFTP method and serial console access' found
in the device wiki for the dgs-1210-16.
< https://openwrt.org/toh/d-link/dgs-1210-16_g1#openwrt_installation_using
_the_tftp_method_and_serial_console_access >

About the realtek-poe package
-------------------------------------------------------------------------------
The realtek-poe package is installed but there isn't any automatic PoE config
setting at this time so for now the PoE config must be edited manually.

Original OEM hardware/firmware data at first installation
-------------------------------------------------------------------------------
It has been installed, developed, and tested on a device with these OEM
hardware and firmware versions.

- U-boot: 2011.12.(2.1.5.67086)-Candidate1 (Jun 22 2020 - 15:03:58)
- Boot version: 1.01.001
- Firmware version: 6.20.007
- Hardware version: F1

Things to be done when support are developed
-------------------------------------------------------------------------------
 - realtek-poe has been included in OpenWrt but the automatic config handling
   has not been solved yet so in the future there will probably be some minor
   updates for this device to handle the poe config.
 - LED link_act and poe are per function supposed to be connected to the PoE
   system.
   But some software development is also needed to make this LED work and
   shift the LED array between act and poe indication and to shift the mode
   lights with mode key.
 - LED poe_max should probably be used as straight forward error output from
   the realtek-poe package error handling. But no code has been written for
   this.
 - SFP is currently not hot pluggable. Development is under progress to get
   working I2C communication with SFP and have them hot pluggable.
   When any device in the dgs-1210 family gets this working, I expect it
   should be possible to implement the same solution in this device.

Signed-off-by: Daniel Groth <flygarn12@gmail.com>
[Capitalisation of abbreviations, DEVICE_VARIANT and update filenames,
device compatibles on single line]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-08-20 09:02:44 +02:00
Nick French
764600648f
uencrypt: support all available ciphers
Modify uencrypt to support any cipher provided by ssl library.

Original tool supported only AES-128-CBC to decrypt the config
mtd of Arcadyan WG430223/WG443223.

TP-Link Deco S4 has mtd configuration encrypted with DES-ECB,
so make the cipher generic to support both routers.

Signed-off-by: Nick French <nickfrench@gmail.com>
Reviewed-by: Eneas U de Queiroz >cotequeiroz@gmail.com>
2022-08-19 22:20:00 +02:00
Mikhail Zhilkin
12c971bc26
base-files: add mtd_get_mac_encrypted_arcadyan function
Some Arcadyan devices (e.g. MTS WG430223) keep their config in encrypted
mtd. This adds mtd_get_mac_encrypted_arcadyan() function to get the MAC
address from the encrypted partition. Function uses uencrypt utility for
decryption (and openssl if the uencrypt wasn't found).

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2022-08-19 14:41:14 +02:00
Hauke Mehrtens
60738feded iproute2: Fix KERNEL_INCLUDE in SDK
In the SDK the folder $(LINUX_DIR)/user_headers/include does not exist,
but it more or less contains the same content as
$(LINUX_DIR)/include/uapi which also exists in the SDK.

Since iproute2 commit 1d819dcc741e ("configure: fix parsing issue on
include_dir option") it checks if this folder exists and aborts the
build if it does not exists.
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1d819dcc741e25958190e31f8186c940713fa0a8

With this commit the KERNEL_INCLUDE variable points to a valid folder
with the kernel include headers. I am not sure if they are actually
needed because the build worked before even with an invalid path.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-08-18 00:07:32 +02:00