This package uses BPF to create a fast path which improves bridging performance
by bypassing the bridge layer. It also supports creating tc offload rules for
hardware that supports it.
Hardware offload support can be used with MT7622 + MT7915 once it is merged
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Replace the tc-full dependency with tc + libnl-tiny
1cd5e12eecdc loader/interface: attach bpf program directly using netlink
Signed-off-by: Felix Fietkau <nbd@nbd.name>
MHI WWAN CTRL allows QCOM-based PCIe modems to expose different modem
control protocols/ports to userspace, including AT, MBIM, QMI, DIAG
and FIREHOSE. These protocols can be accessed directly from userspace
(e.g. AT commands) or via libraries/tools (e.g. libmbim, libqmi, libqcdm)
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This driver provides MHI PCI controller driver for devices
such as Qualcomm SDX55 based PCIe modems
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Previously commit openwrt/packages@3abb7cb ("lvm2: Added script and updated Makefile[...]")
couldn't actually work and allow rootfs_data to be stored on a LVM2 as
the necessary kernel modules had not been loaded at this point.
Fix this by loading device-mapper modules early at boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use the kernel's built-in formula for computing this value.
The value applied by OpenWRT's sysctl configuration file does not scale
with the available memory, under-using hardware capabilities.
Also, that formula also influences net.netfilter.nf_conntrack_buckets,
which should improve conntrack performance in average (fewer connections
per hashtable bucket).
Backport upstream commit for its effect on the number of connections per
hashtable bucket.
Apply a hack patch to set the RAM size divisor to a more reasonable value (2048,
down from 16384) for our use case, a typical router handling several thousands
of connections.
Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
A Python script containing an unreproducible path is copied by default.
Remove it before generating the package.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The first argument for snprintf is the buffer and the 2. one is the
size. Fix the order. This broke the lock application.
Fixes: 34567750db ("busybox: fix busybox lock applet pidstr buffer overflow")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fixes following issue:
Package kmod-drm-imx-ldb is missing dependencies for the following libraries:
drm_dp_aux_bus.ko
Introduced upstream in commit aeb33699fc2c ("drm: Introduce the DP AUX
bus") in kernel version 5.15.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes following issue:
Package kmod-drm is missing dependencies for the following libraries:
fb.ko
Introduced upstream in commit f611b1e7624c ("drm: Avoid circular
dependencies for CONFIG_FB") in 5.14.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.
Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com>
Fixes following build issues:
Package kmod-r8169 is missing dependencies for the following libraries:
mdio_devres.ko
Package kmod-ixgbe is missing dependencies for the following libraries:
mdio_devres.ko
Package kmod-amd-xgbe is missing dependencies for the following libraries:
mdio_devres.ko
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The RNG can't actually be seeded from a shell script, due to the
reliance on ioctls. For this reason, the seedrng project provides a
basic script meant to be copy and pasted into projects like OpenWRT
and tweaked as needed: <https://git.zx2c4.com/seedrng/about/>.
This commit imports it into the urandom-seed package and wires up the
init scripts to call it. This also is a significant improvement over the
current init script, which does not robustly handle cleaning up of seeds
and syncing to prevent reuse. Additionally, the existing script creates
a new seed immediately after writing an old one, which means that the
amount of entropy might actually regress, due to failing to credit the
old seed.
Closes: https://github.com/openwrt/openwrt/issues/9570
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [fixed missing INSTALL_DIR]
List of changes since previous release from 2018 is quite long:
* Fix crc32.c to compile local functions only if used.
* Check for cc masquerading as gcc or clang in configure.
* Remove destructive aspects of make distclean.
* Separate out address sanitizing from warnings in configure.
* Eliminate use of ULL constants.
* Add fallthrough comments for gcc.
* Clean up minizip to reduce warnings for testing.
* Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)
* minizip warning fix if MAXU32 already defined. (gvollant)
* Replace black/white with allow/block. (theresa-m)
* Fix indentation in minizip's zip.c.
* Improve portability of contrib/minizip.
* Correct typo in blast.c.
* Change macro name in inflate.c to avoid collision in VxWorks.
* Clarify gz* function interfaces, referring to parameter names.
* Fix error in comment on the polynomial representation of a byte.
* Fix memory leak on error in gzlog.c.
* Avoid adding empty gzip member after gzflush with Z_FINISH.
* Explicitly note that the 32-bit check values are 32 bits.
* Use ARM crc32 instructions if the ARM architecture has them.
* Add use of the ARMv8 crc32 instructions when requested.
* Correct comment in crc32.c.
* Don't bother computing check value after successful inflateSync().
* Use atomic test and set, if available, for dynamic CRC tables.
* Speed up software CRC-32 computation by a factor of 1.5 to 3.
* Add crc32_combine_gen() and crc32_combine_op() for fast combines.
* Add tables for crc32_combine(), to speed it up by a factor of 200.
* Fix the zran.c example to work on a multiple-member gzip file.
* Add gznorm.c example, which normalizes gzip files.
* Show all the codes for the maximum tables size in enough.c.
* Clarify that prefix codes are counted in enough.c.
* Use inline function instead of macro for index in enough.c.
* Clean up code style in enough.c, update version.
* Use a macro for the printf format of big_t in enough.c.
* Use a structure to make globals in enough.c evident.
* Assure that the number of bits for deflatePrime() is valid.
* Fix a bug that can crash deflate on some input when using Z_FIXED.
* Correct the initialization requirements for deflateInit2().
* Emphasize the need to continue decompressing gzip members.
* Add legal disclaimer to README.
* Fix deflateEnd() to not report an error at start of raw deflate.
* Remove old assembler code in which bugs have manifested.
* Make the names in functions declarations identical to definitions.
* Avoid an undefined behavior of memcpy() in _tr_stored_block().
* Avoid undefined behaviors of memcpy() in gz*printf().
* Avoid an undefined behavior of memcpy() in gzappend().
* Avoid the use of ptrdiff_t.
* Handle case where inflateSync used when header never processed.
* Don't compute check value for raw inflate if asked to validate.
* Add address checking in clang to -w option of configure.
* Return an error if the gzputs string length can't fit in an int.
* Small speedup to inflate [psumbera].
* Update use of errno for newer Windows CE versions.
* Avoid some conversion warnings in gzread.c and gzwrite.c.
* Have Makefile return non-zero error code on test failure.
* Avoid a conversion error in gzseek when off_t type too small.
* Fix CLEAR_HASH macro to be usable as a single statement.
* Fix bug when window full in deflate_stored().
* Limit hash table inserts after switch from stored deflate.
* Permit a deflateParams() parameter change as soon as possible.
* Cygwin does not have _wopen(), so do not create gzopen_w() there.
Removed 006-fix-compressor-crash-on-certain-inputs.patch which was
hotfix for CVE-2018-25032 and is now included in this release.
This release is not available on @SF (yet?) so the sources are now
pulled from GitHub.
Fixes: CVE-2018-25032
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The inclusion of the kmod-leds-uleds into the userspace
nu801 package causes a circular dependency inside the
buildsystem... which causes it to be picked regardless
of other DEPENDS values.
In case of the mx100, this could be solved by moving the
kmod-leds-uled dependency to the kmod-meraki-mx100.
Bonus: drop @!LINUX_5_4 from kmod-meraki-mx100
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Chen Minqiang reported that he has troubles downloading nu801.
His logs showed the followin TLS Handshake failure.
|Checking out files from the git repository...
|Cloning into 'nu801-d9942c0c'...
|fatal: unable to access 'https://github.com/chunkeey/nu801.git/':
| gnutls_handshake() failed: The TLS connection was non-properly terminated.
|Makefile:39: recipe for target '[...]/dl/nu801-d9942c0c.tar.xz' failed
This can be fixed by providing a PKG_MIRROR_HASH. The download
scripts will now be able to pull the source from OpenWrt's source
archive, which should be available through HTTP.
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
intl is not included in libc, disable it as is done with the target
package.
argp is also not included. Add build depends for argp-standalone.
fts is also not included. Add build depends for musl-fts.
Disable shared libraries to avoid having to manually add rpath.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Getting rid of shared libraries for hostpkg avoids having to use rpath
hacks to find the library. It also fixes compilation with host glib2
binaries.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Avoids having to add rpath to the various packages using it. Also add
PIC to fix compilation as static libraries do not use PIC by default.
Fixes: 1fb099341e ("musl-fts: add host build")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add new module require in 5.15
- Changes in block module
- Changes in netfilter module (log module unified)
- Changes in fs module (mainly new depends for cifs and new ntfs3 module)
- Changes in lib add shared lib now used by more than 1 kmod
- Changes in crypto, dropped one crypto algo added arm crypto accellerator
- Changes in other, add zram default compressor choice and missing lib
by tpm module
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Modified the radio frequency hardware part of e2600ac c1/c2,
need to cooperate with the modified board.bin file, the device
can work normally.
Signed-off-by: 张 鹏 <sd20@qxwlan.com>
This reverts commit 80b7a8a7f5.
Now that 5.10 is the default kernel for all platforms, we can
bring back the NU801 userspace driver for platforms that rely
on it. Currently it's used on the MX100 x86_64 target, but
other Meraki platforms use this controller.
Note that we also now change how we load nu801. The way we did
this previously with procd worked, but it meant it didn't load
until everything was up and working.
To fix this, let's call nu801 from boot and re-trigger the
preinit blink sequence. Since nu801 runs as a daemon this is
now something we can do.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
(removed empty line, currently only MX100 uses it so: @TARGET_x86)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
See firmware-utils.git commits [1], which implemented the cros-vbutil
verified-boot payload-packing tool, and extended ptgen for the CrOS
kernel partition type. With these, it's now possible to package kernel +
rootfs to make disk images that can boot a Chrome OS-based system (e.g.,
Chromebooks, or even a few AP models).
Regarding PARTUUID= changes: Chromium bootloaders work well with a
partition number offset (i.e., relative to the kernel partition), so
we'll be using a slightly different root UUID line.
NB: I've made this support specific to ip40xx for now, because I only
plan to support an IPQ4019-based AP that uses a Chromium-based
bootloader, but this image format can be used for essentially any
Chromebook, as well as the Google OnHub, a prior Chromium-based AP using
an IPQ8064 chipset.
[1]
ptgen: add Chromium OS kernel partition support
https://git.openwrt.org/?p=project/firmware-utils.git;a=commit;h=6c95945b5de973026dc6f52eb088d0943efa96bb
cros-vbutil: add Chrome OS vboot kernel-signing utility
https://git.openwrt.org/?p=project/firmware-utils.git;a=commit;h=8e7274e02fdc6f2cb61b415d6e5b2e1c7e977aa1
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
From a manufacturer's image (version R89-13729.57.27), with appopriate
',variant=' appended to the board names:
$ .../qca-swiss-army-knife/tools/scripts/ath10k/ath10k-bdencoder \
-i ./board-google_wifi.qca4019
FileSize: 48596
FileCRC32: 3966df5d
FileMD5: d54161b0fb9e93691c4272649c37535a
BoardNames[0]: 'bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=GO_GALE'
BoardLength[0]: 12064
BoardCRC32[0]: e117f336
BoardMD5[0]: ea35e78c88a8571201da8b75edc9b881
BoardNames[1]: 'bus=ahb,bmi-chip-id=0,bmi-board-id=21,variant=GO_GALE'
BoardLength[1]: 12064
BoardCRC32[1]: 6c751ec9
BoardMD5[1]: 44cbc4ca6cb7141ba4249615f7065582
BoardNames[2]: 'bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=GO_BREEZE'
BoardLength[2]: 12064
BoardCRC32[2]: 24fba117
BoardMD5[2]: b4ac055b3ab67d5a6f5607a96af39a1f
BoardNames[3]: 'bus=ahb,bmi-chip-id=0,bmi-board-id=21,variant=GO_BREEZE'
BoardLength[3]: 12064
BoardCRC32[3]: a3e16b2a
BoardMD5[3]: 8b26cb285032314247304114b8ac50e7
Naming follows existing Google projects included in upstream board-2.bin
-- GO(ogle) prefix, an underscore (_), and the project code name, all in
caps.
Note that I only tested the "gale" model; the "breeze" model is a later
revision (same marketing name) with very small hardware changes but
otherwise using the same firmware image.
Submitted upstream here:
ath10k-firmware: QCA4019: hw1.0: Add Google Wifi BDFs
http://lists.infradead.org/pipermail/ath10k/2022-March/013465.htmlhttps://lore.kernel.org/ath10k/YjaNGW252Ls%2FyDw8@localhost/
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Fixes compilation under musl based distros like Alpine Linux.
Also add pcre/host as a build dependency as it's needed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Some configure scripts look for msgfmt and gmsgfmt. As we don't install
the latter, configure might pick up one from staging_dir/hostpkg, and
the other from the host:
checking for msgfmt... /home/stijn/Development/OpenWrt/openwrt/staging_dir/hostpkg/bin/msgfmt
checking for gmsgfmt... /usr/bin/gmsgfmt
This could potentially lead to hard to debug undefined behaviour.
Install a symlink in the host install phase to avoid this.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Evaluating the return value of 'json_load' didn't work in the
intended way resulting in PIN status no longer being read on modems
where --get-pin-status doesn't fail.
Fix this by trying --get-pin-status first and checking if pin1_status
field exists in JSON, and if it doesn't try again with
--uim-get-sim-state.
Fixes: #9501
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.
Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.
Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
engine.mk is supposed to be included by engine packages, but it will not
be present in the SDK in the same place as in the main repository.
Move it to include/openssl-engine.mk to avoid this.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
860ca90 odhcpd: Support for Option NTP and SNTP
83e14f4 router: advertise removed addresses as invalid in 3 consecutive RAs
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Albeit a separate crypto module, lzo-rle uses the same kernel library as lzo.
Crypto API users (zram, for example) expect both lzo and lzo-rle to be
available, so let's include lzo-rle (about 5.5 kiB) in the lib-lzo package.
Based on e9hack's original patch: https://patchwork.ozlabs.org/project/openwrt/patch/541cbfbd-76f2-59b3-a867-47b6f0fc7da9@gmail.com/
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Store selected boot configuration in '/chosen' node in device tree, so
it can be accessed by Linux (and used for fine-tuning the FIT partition
parser).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Shuttle KD20 has NAND flash with 0x20000 (128KiB) erase blocks.
Correctly set that in uboot-envtools as well to allow writing to the
bootloader environment using fw_setenv.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
391a9fbd5ace dns: fix parsing vlan encapsulated protocol
6aeeddbc91ad interface: extend dns filters to cover vlan tagged traffic as well
1ab53d4ca601 bpf: return TC_ACT_UNSPEC to allow other filters to proceed
ca21e729af23 interface: switch to using clsact for filters
5d158f6b3c15 interface: run ingress bpf filter on main device ingress instead of ifb egress
bdfcb11847ce interface: fix duplicated dns filter line
b97405aa632a Revert "ubus: remove dnsmasq subscriber"
8fbaf39dbc95 interface: rework adding/removing filters, do not delete clsact
d7ba5804eae4 interface: replace open-coded ifb-dns string with QOSIFY_DNS_IFNAME
91cf440db9e2 loader: fix use of deprecated functions
Signed-off-by: Felix Fietkau <nbd@nbd.name>
v2022.01 has a regression that broke eMMC usage on most if not all Armada
SoC-s, thus breaking boards like uDPU which use eMMC for storage.
Fix it by backporting a recent upstream patch.
Fixes: 782d4c8306 ("uboot-mvebu: update to version 2022.01")
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Some users noticed repeated resyncs at random intervals, which go away
when the MEI driver is configured to use polling instead of interrupts.
Debugging shows that this seems to be caused by concurrent calls to
MEI_ReadMailbox (in the interrupt handler) and MEI_WriteMailbox. This
appears to be mostly triggered when there is an interrupt for vectoring
error reports.
In polling mode, calls to MEI_ReadMailbox are protected by the same
semaphore as is used in MEI_WriteMailbox. When interrupts are used,
MEI_WriteMailbox appears to rely on MEI_DisableDeviceInt and
MEI_EnableDeviceInt to provide mutual exclusion with the interrupt
handler. These functions mask/unmask interrupts, and there is an
additional check of the mask in the interrupt handler itself. However,
this is not sufficient on systems with SMP, as the interrupt handler
may be running in parallel, and could already be past the interrupt
mask check at this point.
This adds a lock to the interrupt handler, and also acquires this lock
in MEI_DisableDeviceInt. This should make sure that after a call to
MEI_DisableDeviceInt the interrupt is masked, and the interrupt handler
is either not running, has alread finished its work, or is still before
the interrupt mask check, and is thus going to detect the change.
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
This tells the modem about the WAN MAC address, which is used as source
address for vectoring error reports that are generated by the firmware.
It needs to be set early, as the MEI driver only actually writes the
value to the modem when is in reset state (i.e. the firmware has been
loaded, but connection has not started yet).
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
This re-enables the vectoring error sample callback and adds a
dependency to the corresponding driver.
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
In order to calculate the required pre-distortion for downstream
vectoring, the vectoring control entity (VCE) at the carrier office
needs error samples from the modem. On Lantiq VR9 modems, error reports
are generated by the firmware, but need to be multiplexed into the data
stream by the driver on the main processor when L2 encapsulation is
selected by the VCE.
This driver provides the necessary callback function, which is called by
the MEI driver after receiving an error report from the firmware.
Originally, it is part of the Lantiq PPA driver, but after a few changes
it also works with the PTM driver used in OpenWrt. The direct call to
ndo_start_xmit needs to be replaced, as the PTM driver relies on locks
from the kernel. Instead dev_queue_xmit is used, which is called from a
work queue, as it is not safe to call from an interrupt handler.
Additional changes include fixes to support recent kernel versions and
a change of the used interface from ptm0 to dsl0.
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Also known as the "Xiaomi Router AX3200" in western markets,
but only the AX6S is widely installation-capable at this time.
SoC: MediaTek MT7622B
RAM: DDR3 256 MiB (ESMT M15T2G16128A)
Flash: SPI-NAND 128 MiB (ESMT F50L1G41LB or Gigadevice GD5F1GQ5xExxG)
WLAN: 2.4/5 GHz 4T4R
2.4 GHz: MediaTek MT7622B
5 GHz: MediaTek MT7915E
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531B
LEDs/Keys: 2/2 (Internet + System LED, Mesh button + Reset pin)
UART: Marked J1 on board VCC RX GND TX, beginning from "1". 3.3v, 115200n8
Power: 12 VDC, 1.5 A
Notes:
U-Boot passes through the ethaddr from uboot-env partition,
but also has been known to reset it to a generic mac address
hardcoded in the bootloader.
However, bdata is also populated with the ethernet mac addresses,
but is also typically never written to. Thus this is used instead.
Installation:
1. Flash stock Xiaomi "closed beta" image labelled
'miwifi_rb03_firmware_stable_1.2.7_closedbeta.bin'.
(MD5: 5eedf1632ac97bb5a6bb072c08603ed7)
2. Calculate telnet password from serial number and login
3. Execute commands to prepare device
nvram set ssh_en=1
nvram set uart_en=1
nvram set boot_wait=on
nvram set flag_boot_success=1
nvram set flag_try_sys1_failed=0
nvram set flag_try_sys2_failed=0
nvram commit
4. Download and flash image
On computer:
python -m http.server
On router:
cd /tmp
wget http://<IP>:8000/factory.bin
mtd -r write factory.bin firmware
Device should reboot at this point.
Reverting to stock:
Stock Xiaomi recovery tftp that accepts their signed images,
with default ips of 192.168.31.1 + 192.168.31.100.
Stock image should be renamed to tftp server ip in hex (Eg. C0A81F64.img)
Triggered by holding reset pin on powerup.
A simple implementation of this would be via dnsmasq's
dhcp-boot option or using the vendor's (Windows only)
recovery tool available on their website.
Signed-off-by: Richard Huynh <voxlympha@gmail.com>
A service managed by procd does have a json object with usefull information.
This information could by dumped with the following command.
ubus call service list "{ 'verbose':true, 'name': '<service-name>)'". }"
This line is long and complicated to enter. This commit adds a wrapper
call to the procd service section tool to simplify the input and get the
output faster.
We could now enter the command /etc/initd/<service> info to get the info
faster.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The service command belongs to the procd and does not belong in the
shinit. In the course of the move, the script was also checked with
shellcheck and cleaned up.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Add a patch to add some missing init_extensions{a,b}() calls
Package lib{arp,eb}t_*.so
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This allows to install ip6tables-nft without iptables-nft
This prepare the addition of {arp,eb}tables-nft
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This prepare the introduction of ebtables-nft.
Add PROVIDES so dependencies are not broken,
use ALTERNATIVES.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This prepare the introduction of arptables-nft.
Add PROVIDES so dependencies are not broken,
use ALTERNATIVES.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
- Binary files were renamed to cyfmac from brcmfmac, but the files needs
to be on the router with the previous naming
[ 6.656165] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
[ 6.665182] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.bin failed with error -2
[ 6.674928] brcmfmac mmc1:0001:1: Falling back to sysfs fallback for: brcm/brcmfmac43455-sdio.bin
- Cypress were acquired by Infineon Technologies
Thus change the project URL and switch to download files from their
GitHub repository. This is much better than the previous solution, which
requires finding new threads on their community forum about new driver
updates, and it will be necessary to change the URL each time.
Unfortunately, it seems that there is not published changelog, but
according to this forum thread [1], be careful by opening the link from
solution since it contains ending bracket ), it brings fixes for various
security vulnerabilities, which were fixed in 7_45_234.
Fixes:
- FragAttacks
- Kr00k
Also add LICENSE file
Run tested on Seeedstudio router powered by Raspberry Pi 4 CM with
package cypress-firmware-43455-sdio.
Before:
root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6'
[ 6.895050] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Mar 23 2020 02:20:01 version 7.45.206 (r725000 CY) FWID 01-febaba43
After:
root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6'
[ 6.829805] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID 01-996384e2
[1] https://community.infineon.com/t5/Wi-Fi-Bluetooth-for-Linux/Outdated-brcmfmac-firmware-for-Raspberry-Pi-4-in-OpenWrt-21-02-1/m-p/331593#M2269
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
drop the use of LIB_SUFFIX
Fixes: 00cbf6f6ab ("bpftools: update to standalone bpftools + libbpf, use the latest version")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Rootfs overlays get created at a ROOTDEV_OVERLAY_ALIGN (64KiB)
alignment after the rootfs, but emmc_do_upgrade() is assuming
it comes at the very next 512-byte sector.
Suggested-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
(move spaces around, mention fstools' libtoolfs)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This is a bugfix release. Changelog:
*) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
forever for non-prime moduli. (CVE-2022-0778)
*) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
(RFC 5489) to the list of ciphersuites providing Perfect Forward
Secrecy as required by SECLEVEL >= 3.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
378b638c70c0 mt76: mt7915: fix unused variable with testmode disabled
4f4309542862 mt76: mt7915: only use u32_get_bits with constant value
de06d828a0bf mt76: mt7921: fix injected MPDU transmission to not use HW A-MSDU
c007ba3ec7a9 mt76: mt7915: simplify conditional
64c74dc93f68 mt76: fix dfs state issue with 160 MHz channels
d3471b0d92c1 mt76: mt7615: honor ret from mt7615_mcu_restart in mt7663u_mcu_init
f4c87b32e0e9 mt76: mt7663u: introduce mt7663u_mcu_power_on routine
82de5987af54 mt76: mt7921: fix up the monitor mode
c501df4086e1 mt76: mt7921: use mt76_hw instead of open coding it
594ee03d5a11 mt76: mt7915: fix DFS no radar detection event
d8d2b383a241 mt76: split single ldpc cap bit into bits
0f336fba20fe mt76: mt7921: make mt7921_init_tx_queues static
00a066ce9914 mt76: mt7921: fix xmit-queue dump for usb and sdio
d6d2479568b2 mt76: mt7921: fix mt7921_queues_acq implementation
d17b74420199 mt76: fix monitor mode crash with sdio driver
c374559eae6f mt76: mt7915: allow beaconing on all chains
b219af63b9ce mt76: connac: add 6 GHz support for wtbl and starec configuration
630384cb3246 mt76: mt7915: add 6 GHz support
28ff1bddc7e8 mt76: mt7915: fix eeprom fields of txpower init values
d4b226cc15e7 mt76: mt7915: add txpower init for 6GHz
31e820d4ce4b mt76: mt7921: get rid of mt7921_wait_for_mcu_init declaration
9fee1faf6028 mt76: mt7915: check for devm_pinctrl_get() failure
31a970940b97 mt76: connac: make read-only array ba_range static const
e49af7036bbc mt76: use le32/16_get_bits() whenever possible
0664d39039c2 mt76: fix invalid rssi report
f16fc9d96105 mt76: mt7915: set band1 TGID field in tx descriptor
67ce2708dcef mt76: mt7915: fix beamforming mib stats
6e899abec818 mt76: mt7915: fix phy cap in mt7915_set_stream_he_txbf_caps()
c6780c85cff2 mt76: mt7915: fix typos in comments
aa6eadc09a83 mt76: usb: add req_type to ___mt76u_rr signature
74a519ab8353 mt76: usb: add req_type to ___mt76u_wr signature
2651d2c66cbd mt76: usb: introduce __mt76u_init utility routine
c03e095eee27 mt76: mt7921: disable runtime pm for usb
41085cdcd7e3 mt76: mt7921: update mt7921_skb_add_usb_sdio_hdr to support usb
e700aba6bae3 mt76: mt7921: move mt7921_usb_sdio_tx_prepare_skb in common mac code
056b7f4ebcc6 mt76: mt7921: move mt7921_usb_sdio_tx_complete_skb in common mac code.
0abf682a3def mt76: mt7921: move mt7921_usb_sdio_tx_status_data in mac common code.
b0c60d5252de mt76: mt7921: add mt7921u driver
053668acdaf8 mt76: mt7921: move mt7921_init_hw in a dedicated work
Signed-off-by: Felix Fietkau <nbd@nbd.name>
LOCK_STATE_HELD define was omitted during backport of
lockdep_assert_not_held() which leads to build failures of kernels with
CONFIG_LOCKDEP=y:
backports-5.15.8-1/backport-include/linux/lockdep.h:16:47: error: 'LOCK_STATE_HELD' undeclared (first use in this function)
Fix it by adding missing LOCK_STATE_HELD define.
References: PR#9373
Reported-by: Oskari Rauta <oskari.rauta@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
FCC ID: 2AG6R-AN700APIAC
Araknis AN-700-AP-I-AC is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+
this board is a Senao device:
the hardware is equivalent to EnGenius EAP1750
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails
**Specification:**
- QCA9558 SOC MIPS 74kc, 2.4 GHz WMAC, 3x3
- QCA9880 WLAN PCI card, 5 GHz, 3x3, 26dBm
- AR8035-A PHY RGMII GbE with PoE+ IN
- 40 MHz clock
- 16 MB FLASH MX25L12845EMI-10G
- 2x 64 MB RAM NT5TU32M16
- UART console J10, populated, RX shorted to ground
- 4 antennas 5 dBi, internal omni-directional plates
- 4 LEDs power, 2G, 5G, wps
- 1 button reset
NOTE: all 4 gpio controlled LEDS are viewed through the same lightguide
therefore, the power LED is off for default state
**MAC addresses:**
MAC address labeled as ETH
Only one Vendor MAC address in flash at art 0x0
eth0 ETH *:xb art 0x0
phy1 2.4G *:xc ---
phy0 5GHz *:xd ---
**Serial Access:**
the RX line on the board for UART is shorted to ground by resistor R176
therefore it must be removed to use the console
but it is not necessary to remove to view boot log
optionally, R175 can be replaced with a solder bridge short
the resistors R175 and R176 are next to the UART RX pin at J10
**Installation:**
Method 1: Firmware upgrade page:
(if you cannot access the APs webpage)
factory reset with the reset button
connect ethernet to a computer
OEM webpage at 192.168.20.253
username and password 'araknis'
make a new password, login again...
Navigate to 'File Management' page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm
wait about 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt uboot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9fd70000`
wait a minute
connect to ethernet and navigate to
192.168.20.253
Select the factory.bin image and upload
wait about 3 minutes
**Return to OEM:**
Method 1: Serial to load Failsafe webpage (above)
Method 2: delete a checksum from uboot-env
this will make uboot load the failsafe image at next boot
because it will fail the checksum verification of the image
ssh into openwrt and run
`fw_setenv rootfs_checksum 0`
reboot, wait a minute
connect to ethernet and navigate to
192.168.20.253
select OEM firmware image and click upgrade
Method 3: backup mtd partitions before upgrade
**TFTP recovery:**
Requires serial console, reset button does nothing
rename initramfs-kernel.bin to '0101A8C0.img'
make available on TFTP server at 192.168.1.101
power board, interrupt boot with serial console
execute `tftpboot` and `bootm 0x81000000`
NOTE: TFTP may not be reliable due to bugged bootloader
set MTU to 600 and try many times
**Format of OEM firmware image:**
The OEM software is built using SDKs from Senao
which is based on a heavily modified version
of Openwrt Kamikaze or Altitude Adjustment.
One of the many modifications is sysupgrade being performed by a custom script.
Images are verified through successful unpackaging, correct filenames
and size requirements for both kernel and rootfs files, and that they
start with the correct magic numbers (first 2 bytes) for the respective headers.
Newer Senao software requires more checks but their script
includes a way to skip them.
The OEM upgrade script is at
/etc/fwupgrade.sh
OKLI kernel loader is required because the OEM software
expects the kernel to be less than 1536k
and the OEM upgrade procedure would otherwise
overwrite part of the kernel when writing rootfs.
Note on PLL-data cells:
The default PLL register values will not work
because of the external AR8035 switch between
the SOC and the ethernet port.
For QCA955x series, the PLL registers for eth0 and eth1
can be see in the DTSI as 0x28 and 0x48 respectively.
Therefore the PLL registers can be read from uboot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x18050028 1` and `md 0x18050048 1`.
The clock delay required for RGMII can be applied at the PHY side,
using the at803x driver `phy-mode` setting through the DTS.
Therefore, the Ethernet Configuration registers for GMAC0
do not need the bits for RGMII delay on the MAC side.
This is possible due to fixes in at803x driver
since Linux 5.1 and 5.3
Signed-off-by: Michael Pratt <mcpratt@pm.me>
FCC ID: 2AG6R-AN500APIAC
Araknis AN-500-AP-I-AC is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+
this board is a Senao device:
the hardware is equivalent to EnGenius EAP1200
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails
**Specification:**
- QCA9557 SOC MIPS 74kc, 2.4 GHz WMAC, 2x2
- QCA9882 WLAN PCI card 168c:003c, 5 GHz, 2x2, 26dBm
- AR8035-A PHY RGMII GbE with PoE+ IN
- 40 MHz clock
- 16 MB FLASH MX25L12845EMI-10G
- 2x 64 MB RAM NT5TU32M16
- UART console J10, populated, RX shorted to ground
- 4 antennas 5 dBi, internal omni-directional plates
- 4 LEDs power, 2G, 5G, wps
- 1 button reset
NOTE: all 4 gpio controlled LEDS are viewed through the same lightguide
therefore, the power LED is off for default state
**MAC addresses:**
MAC address labeled as ETH
Only one Vendor MAC address in flash at art 0x0
eth0 ETH *:e1 art 0x0
phy1 2.4G *:e2 ---
phy0 5GHz *:e3 ---
**Serial Access:**
the RX line on the board for UART is shorted to ground by resistor R176
therefore it must be removed to use the console
but it is not necessary to remove to view boot log
optionally, R175 can be replaced with a solder bridge short
the resistors R175 and R176 are next to the UART RX pin at J10
**Installation:**
Method 1: Firmware upgrade page:
(if you cannot access the APs webpage)
factory reset with the reset button
connect ethernet to a computer
OEM webpage at 192.168.20.253
username and password 'araknis'
make a new password, login again...
Navigate to 'File Management' page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm
wait about 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt uboot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9fd70000`
wait a minute
connect to ethernet and navigate to
192.168.20.253
Select the factory.bin image and upload
wait about 3 minutes
**Return to OEM:**
Method 1: Serial to load Failsafe webpage (above)
Method 2: delete a checksum from uboot-env
this will make uboot load the failsafe image at next boot
because it will fail the checksum verification of the image
ssh into openwrt and run
`fw_setenv rootfs_checksum 0`
reboot, wait a minute
connect to ethernet and navigate to
192.168.20.253
select OEM firmware image and click upgrade
Method 3: backup mtd partitions before upgrade
**TFTP recovery:**
Requires serial console, reset button does nothing
rename initramfs-kernel.bin to '0101A8C0.img'
make available on TFTP server at 192.168.1.101
power board, interrupt boot with serial console
execute `tftpboot` and `bootm 0x81000000`
NOTE: TFTP may not be reliable due to bugged bootloader
set MTU to 600 and try many times
**Format of OEM firmware image:**
The OEM software is built using SDKs from Senao
which is based on a heavily modified version
of Openwrt Kamikaze or Altitude Adjustment.
One of the many modifications is sysupgrade being performed by a custom script.
Images are verified through successful unpackaging, correct filenames
and size requirements for both kernel and rootfs files, and that they
start with the correct magic numbers (first 2 bytes) for the respective headers.
Newer Senao software requires more checks but their script
includes a way to skip them.
The OEM upgrade script is at
/etc/fwupgrade.sh
OKLI kernel loader is required because the OEM software
expects the kernel to be less than 1536k
and the OEM upgrade procedure would otherwise
overwrite part of the kernel when writing rootfs.
Note on PLL-data cells:
The default PLL register values will not work
because of the external AR8035 switch between
the SOC and the ethernet port.
For QCA955x series, the PLL registers for eth0 and eth1
can be see in the DTSI as 0x28 and 0x48 respectively.
Therefore the PLL registers can be read from uboot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x18050028 1` and `md 0x18050048 1`.
The clock delay required for RGMII can be applied at the PHY side,
using the at803x driver `phy-mode` setting through the DTS.
Therefore, the Ethernet Configuration registers for GMAC0
do not need the bits for RGMII delay on the MAC side.
This is possible due to fixes in at803x driver
since Linux 5.1 and 5.3
Signed-off-by: Michael Pratt <mcpratt@pm.me>
FCC ID: U2M-AN300APIN
Araknis AN-300-AP-I-N is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+
this board is a Senao device:
the hardware is equivalent to EnGenius EWS310AP
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails
**Specification:**
- AR9344 SOC MIPS 74kc, 2.4 GHz WMAC, 2x2
- AR9382 WLAN PCI on-board 168c:0030, 5 GHz, 2x2
- AR8035-A PHY RGMII GbE with PoE+ IN
- 40 MHz clock
- 16 MB FLASH MX25L12845EMI-10G
- 2x 64 MB RAM 1839ZFG V59C1512164QFJ25
- UART console J10, populated, RX shorted to ground
- 4 antennas 5 dBi, internal omni-directional plates
- 4 LEDs power, 2G, 5G, wps
- 1 button reset
NOTE: all 4 gpio controlled LEDS are viewed through the same lightguide
therefore, the power LED is off for default state
**MAC addresses:**
MAC address labeled as ETH
Only one Vendor MAC address in flash at art 0x0
eth0 ETH *:7d art 0x0
phy1 2.4G *:7e ---
phy0 5GHz *:7f ---
**Serial Access:**
the RX line on the board for UART is shorted to ground by resistor R176
therefore it must be removed to use the console
but it is not necessary to remove to view boot log
optionally, R175 can be replaced with a solder bridge short
the resistors R175 and R176 are next to the UART RX pin at J10
**Installation:**
Method 1: Firmware upgrade page:
(if you cannot access the APs webpage)
factory reset with the reset button
connect ethernet to a computer
OEM webpage at 192.168.20.253
username and password 'araknis'
make a new password, login again...
Navigate to 'File Management' page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm
wait about 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt uboot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9fd70000`
wait a minute
connect to ethernet and navigate to
192.168.20.253
Select the factory.bin image and upload
wait about 3 minutes
**Return to OEM:**
Method 1: Serial to load Failsafe webpage (above)
Method 2: delete a checksum from uboot-env
this will make uboot load the failsafe image at next boot
because it will fail the checksum verification of the image
ssh into openwrt and run
`fw_setenv rootfs_checksum 0`
reboot, wait a minute
connect to ethernet and navigate to
192.168.20.253
select OEM firmware image and click upgrade
Method 3: backup mtd partitions before upgrade
**TFTP recovery:**
Requires serial console, reset button does nothing
rename initramfs-kernel.bin to '0101A8C0.img'
make available on TFTP server at 192.168.1.101
power board, interrupt boot with serial console
execute `tftpboot` and `bootm 0x81000000`
NOTE: TFTP may not be reliable due to bugged bootloader
set MTU to 600 and try many times
**Format of OEM firmware image:**
The OEM software is built using SDKs from Senao
which is based on a heavily modified version
of Openwrt Kamikaze or Altitude Adjustment.
One of the many modifications is sysupgrade being performed by a custom script.
Images are verified through successful unpackaging, correct filenames
and size requirements for both kernel and rootfs files, and that they
start with the correct magic numbers (first 2 bytes) for the respective headers.
Newer Senao software requires more checks but their script
includes a way to skip them.
The OEM upgrade script is at
/etc/fwupgrade.sh
OKLI kernel loader is required because the OEM software
expects the kernel to be less than 1536k
and the OEM upgrade procedure would otherwise
overwrite part of the kernel when writing rootfs.
Note on PLL-data cells:
The default PLL register values will not work
because of the external AR8035 switch between
the SOC and the ethernet port.
For QCA955x series, the PLL registers for eth0 and eth1
can be see in the DTSI as 0x28 and 0x48 respectively.
Therefore the PLL registers can be read from uboot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x18050028 1` and `md 0x18050048 1`.
The clock delay required for RGMII can be applied at the PHY side,
using the at803x driver `phy-mode` setting through the DTS.
Therefore, the Ethernet Configuration registers for GMAC0
do not need the bits for RGMII delay on the MAC side.
This is possible due to fixes in at803x driver
since Linux 5.1 and 5.3
Signed-off-by: Michael Pratt <mcpratt@pm.me>
The ZyXEL GS1900-24 v1 is a 24 port switch with two SFP ports, similar to
the other GS1900 switches.
Specifications
--------------
* Device: ZyXEL GS1900-24 v1
* SoC: Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash: 16 MiB
* RAM: Winbond W9751G8KB-25 64 MiB DDR2 SDRAM
* Ethernet: 24x 10/100/1000 Mbps, 2x SFP 100/1000 Mbps
* LEDs:
* 1 PWR LED (green, not configurable)
* 1 SYS LED (green, configurable)
* 24 ethernet port link/activity LEDs (green, SoC controlled)
* 2 SFP status/activity LEDs (green, SoC controlled)
* Buttons:
* 1 "RESET" button on front panel (soft reset)
* 1 button ('SW1') behind right hex grate (hardwired power-off)
* Power: 120-240V AC C13
* UART: Internal populated 10-pin header ('J5') providing RS232;
connected to SoC UART through a SIPEX 3232EC for voltage
level shifting.
* 'J5' RS232 Pinout (dot as pin 1):
2) SoC RXD
3) GND
10) SoC TXD
Serial connection parameters: 115200 8N1.
Installation
------------
OEM upgrade method:
* Log in to OEM management web interface
* Navigate to Maintenance > Firmware > Management
* If "Active Image" has the first option selected, OpenWrt will need to be
flashed to the "Active" partition. If the second option is selected,
OpenWrt will need to be flashed to the "Backup" partition.
* Navigate to Maintenance > Firmware > Upload
* Upload the openwrt-realtek-rtl838x-zyxel_gs1900-24-v1-initramfs-kernel.bin
file by your preferred method to the previously determined partition.
When prompted, select to boot from the newly flashed image, and reboot
the switch.
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24-v1-squashfs-sysupgrade.bin
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs
image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
> Since the GS1900-24 v1 is a dual-partition device, you want to keep the
OEM firmware on the backup partition for the time being. OpenWrt can
only be installed in the first partition anyway (hardcoded in the
DTS). To ensure we are set to boot from the first partition, issue the
following commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x81f00000 192.168.1.10:openwrt-realtek-rtl838x-zyxel_gs1900-24-v1-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24-v1-squashfs-sysupgrade.bin
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
Add option to compile kmod-inet-diag, support for INET (TCP, DCCP, etc)
socket monitoring interface used by native Linux tools such as ss.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
When porting mwan3 from iptables to nftables I tried the new translation
tool for ipset ipset-translate. I noticed that no IPv6 ipset can be
created with the tool. I have reported the problem to the upstream
project and the following patch fixes the problem.
Until this upsream is included in a new release, this patch should be
used in Openwrt.
https://lore.kernel.org/netfilter-devel/20220228190217.2256371-1-pablo@netfilter.org/T/#m09cc3cb738f2e42024c7aecf5b7240d9f6bbc19c
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
OpenWrt uses a lot of (b)ash scripts for initial setup. This isn't the
best solution as they almost never consider syncing files / data. Still
this is what we have and we need to try living with it.
Without proper syncing OpenWrt can easily get into an inconsistent state
on power cut. It's because:
1. Actual (flash) inode and data writes are not synchronized
2. Data writeback can take up to 30 seconds (dirty_expire_centisecs)
3. ubifs adds extra 5 seconds (dirty_writeback_centisecs) "delay"
Some possible cases (examples) for new files:
1. Power cut during 5 seconds after write() can result in all data loss
2. Power cut happening between 5 and 35 seconds after write() can result
in empty file (inode flushed after 5 seconds, data flush queued)
Above affects e.g. uci-defaults. After executing some migration script
it may get deleted (whited out) without generated data getting actually
written. Power cut will result in missing data and deleted file.
There are three ways of dealing with that:
1. Rewriting all user-space init to proper C with syncs
2. Trying bash hacks (like creating tmp files & moving them)
3. Adding sync and hoping for no power cut during critical section
This change introduces the last solution that is the simplest. It
reduces time during which things may go wrong from ~35 seconds to
probably less than a second. Of course it applies only to IO operations
performed before /etc/init.d/boot . It's probably the stage when the
most new files get created.
All later changes are usually done using smarter C apps (e.g. busybox or
uci) that creates tmp files and uses rename() that is expected to be
atomic.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Modems used in ZTE mobile broadband routers require to query the data
session status using the same CID as one used to establish the session,
otherwise they will report the session as "disconnected" despite
reporting correct PDH in previous step. Without this change, IPv6
connection on these modems doesn't establish properly. In IPv4 this bug
is present as well, but for some reason querying of IPv4 status works
using temporary CID, this however seems noncompliant with QMI
specifications, so fix it as well.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Previously libxt_socket.so was included in iptables-mod-tproxy. It was
missed out when trying to make kmod-ipt-socket and kmod-ipt-tproxy
separate packages
Fixes: 4f443c88 ("netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This patch adds the device-specific configuration to u-boot-envtools for
I-O DATA BSH-G24MB switch.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
This switches the iwlwifi-firmware-ax200 file to API version 66, this is
the most recent version supported by our driver.
The following files used in OpenWrt changed:
amdgpu-firmware/lib/firmware/amdgpu/yellow_carp_dmcub.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_010a.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_010b.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_0303.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_gf.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_gf_010a.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_gf_010b.bin
ar3k-firmware/lib/firmware/qca/nvm_usb_00130201_gf_0303.bin
ar3k-firmware/lib/firmware/qca/rampatch_usb_00130200.bin
ar3k-firmware/lib/firmware/qca/rampatch_usb_00130201.bin
iwlwifi-firmware-ax200/lib/firmware/iwlwifi-cc-a0-66.ucode
iwlwifi-firmware-ax210/lib/firmware/iwlwifi-ty-a0-gf-a0-66.ucode
iwlwifi-firmware-ax210/lib/firmware/iwlwifi-ty-a0-gf-a0.pnvm
iwlwifi-firmware-iwl9000/lib/firmware/iwlwifi-9000-pu-b0-jf-b0-46.ucode
iwlwifi-firmware-iwl9260/lib/firmware/iwlwifi-9260-th-b0-jf-b0-46.ucode
rtl8822ce-firmware/lib/firmware/rtw88/rtw8822c_fw.bin
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3276aed81c73 move run_cmd() to main.c
558eabc13c64 map: move dns host based lookup code to a separate function
6ff06d66c36c dns: add code for snooping dns packets
a78bd43c4a54 ubus: remove dnsmasq subscriber
9773ffa70f1f map: process dns patterns in the order in which they were defined
f13b67c9a786 dns: allow limiting dns entry matching to cname name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This adds the new tc-bpf variant and removes libxtables dependency from
the tc-tiny variant. The tc-full variant stays like before and contains
everything.
This allows to use tc without libxtables.
The variants have the following sizes:
root@OpenWrt:/# ls -al /usr/libexec/tc-*
-rwxr-xr-x 1 root root 282453 Mar 1 21:55 /usr/libexec/tc-bpf
-rwxr-xr-x 1 root root 282533 Mar 1 21:55 /usr/libexec/tc-full
-rwxr-xr-x 1 root root 266037 Mar 1 21:55 /usr/libexec/tc-tiny
They are linking the following shared libraries:
root@OpenWrt:/# ldd /usr/libexec/tc-tiny
/lib/ld-musl-mips-sf.so.1 (0x77d6e000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d4a000)
libc.so => /lib/ld-musl-mips-sf.so.1 (0x77d6e000)
root@OpenWrt:/# ldd /usr/libexec/tc-bpf
/lib/ld-musl-mips-sf.so.1 (0x77da6000)
libbpf.so.0 => /usr/lib/libbpf.so.0 (0x77d60000)
libelf.so.1 => /usr/lib/libelf.so.1 (0x77d3e000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d1a000)
libc.so => /lib/ld-musl-mips-sf.so.1 (0x77da6000)
libz.so.1 => /usr/lib/libz.so.1 (0x77cf6000)
root@OpenWrt:/# ldd /usr/libexec/tc-full
/lib/ld-musl-mips-sf.so.1 (0x77de8000)
libbpf.so.0 => /usr/lib/libbpf.so.0 (0x77da2000)
libelf.so.1 => /usr/lib/libelf.so.1 (0x77d80000)
libxtables.so.12 => /usr/lib/libxtables.so.12 (0x77d66000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d42000)
libc.so => /lib/ld-musl-mips-sf.so.1 (0x77de8000)
libz.so.1 => /usr/lib/libz.so.1 (0x77d1e000)
This is based on a patch from Tiago Gaspar.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add U-Boot environment settings for Ruijie RG-EW3200GX PRO to allow
users to access the bootloader environment using fw_printenv/fw_setenv
while running OpenWrt.
Signed-off-by: Langhua Ye <y1248289414@outlook.com>
Steps to reproduce:
1. Insert NVMe disk with a reduction to Turris Omnia
2. Go to U-boot
3. Run these two commands:
a) ``nvme scan``
b) ``nvme detail``
4. Wait for crash
This is backported from U-boot upstream repository.
It should be included in the upcoming release - 2022.04 [1].
It was tested on Turris Omnia, mvebu, cortex-a9, OpenWrt master.
[1] https://patchwork.ozlabs.org/project/uboot/patch/20211209100639.21530-1-pali@kernel.org/
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[Export the patch from U-Boot git]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Without PKG_RELEASE, it's impossible to trigger package updates when
changing files included in the package that are not in the qosify git
repository.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Felix Fietkau <nbd@nbd.name>
The /tmp directory is mounted as tmpfs. The tmpfs filesystem is backed by
anonymous memory, which means it can be swapped out at any time, if there is
memory pressure [1]. For this reason, a zram swap device is a much better
choice than mounting /tmp on zram, since it's able to compress all anonymous
memory, and not just the memory assigned to /tmp. We already have the zram-swap
package for this specific purpose, which means procd's tmp-on-zram is both
redundant and more limited.
A follow-up patch will remove support for mounting /tmp in zram from procd
itself.
[1] https://www.kernel.org/doc/Documentation/filesystems/tmpfs.txt
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Update to the latest upstream version. In this version there is a new
tool with which you can convert ipsets into nftables sets. Since we are
now using nftables as default firewall, this could be a useful tool for
porting ipsets to nftables sets.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
iptables-nft doesn't depend on libip{4,6}tc, so move
libiptext* libs in their own packages to clean up dependencies
Rename libxtables-nft to libiptext-nft
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Using PROVIDES allows to have other packages continue to
depend on iptables and users to pick between legacy and nft
version.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
'iptables-mod-' can be used directly by firewall3, by
iptables and by iptables-nft. They are not linked to
iptables but to libxtables, so fix the dependencies to allow
to remove iptables(-legacy)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
libxtables doesn't depend on libnftnl, iptables-nft does,
so move the dependency to not pull libnftnl with firewall3/iptables-legacy
Also libxtables-nft depends on IPTABLES_NFTABLES
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>:
* upstream changelog: new upstream datafile 20220207
* Mitigates (*only* when loaded from UEFI firmware through the FIT)
CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through
debug port, on Pentium, Celeron and Atom processors with signatures
0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145
* Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint
may cause a system hang, on many processors.
* Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due
to improper sanitization of shared resources (fast-store forward
predictor), on many processors.
* Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some
Atom Processors may allow information disclosure or denial of service
via network access.
* Fixes critical errata (functional issues) on many processors
* Adds a MSR switch to enable RAPL filtering (default off, once enabled
it can only be disabled by poweroff or reboot). Useful to protect
SGX and other threads from side-channel info leak. Improves the
mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many
processors.
* Disables TSX in more processor models.
* Fixes issue with WBINDV on multi-socket (server) systems which could
cause resets and unpredictable system behavior.
* Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket
Lake) processors, to control a fix for (hopefully rare) unpredictable
processor behavior when HyperThreading is enabled. This MSR switch
is enabled by default on *server* processors. On other processors,
it needs to be explicitly enabled by an updated UEFI/BIOS (with added
configuration logic). An updated operating system kernel might also
be able to enable it. When enabled, this fix can impact performance.
* Updated Microcodes:
sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912
sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552
sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472
sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816
sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008
sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840
sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864
sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672
sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672
sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648
sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552
sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408
sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384
sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544
sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264
sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840
sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752
sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776
sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592
sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816
sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568
sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256
sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376
sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448
sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448
sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424
sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448
sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448
sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480
sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480
sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496
sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400
sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448
sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184
sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208
sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208
sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208
sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184
sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400
* Removed Microcodes:
sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
* update .gitignore and debian/.gitignore.
Add some missing items from .gitignore and debian/.gitignore.
* ucode-blacklist: do not late-load 0x406e3 and 0x506e3.
When the BIOS microcode is older than revision 0x7f (and perhaps in some
other cases as well), the latest microcode updates for 0x406e3 and
0x506e3 must be applied using the early update method. Otherwise, the
system might hang. Also: there must not be any other intermediate
microcode update attempts [other than the one done by the BIOS itself],
either. It must go from the BIOS microcode update directly to the
latest microcode update.
* source: update symlinks to reflect id of the latest release, 20220207
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
iucode-tool/host is used by intel-microcode to manipulate with
microcode.bin file. iucode-tool requires cpuid.h at compile time
for autodection feature, but non-x86 build hosts does not have
this header file (e.g. ubuntu 20.04 aarch64) or this header
generates compile time error (#error macro) (e.g. macos arm64).
This patch provides compat cpuid.h to build iucode-tool/host on
non-x86 linux hosts and macos. CPU autodectection is not required
for intel-microcode package build so compat cpuid.h is ok for
OpenWrt purposes.
glibc and argp lib are not present in macos so iucode-tool/host
build fails. This patch adds argp-standalone/host as build
dependency if host os is macos.
Generated ucode (intel-microcode package) is exactly the same on
Linux x86_64 (Ubuntu 20.04), Linux aarch64 (Ubuntu 20.04) and
Darwin arm64 (MacOS 11.6) build hosts.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
This patch adds host-compile ability to argp-standalone for build
hosts without glibc and argp lib, e.g. MacOS.
iucode-tool/host can not be built on MacOS due to lack of argp.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
<https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0>
"Mbed TLS 2.28 is a long-time support branch.
It will be supported with bug-fixes and security
fixes until end of 2024."
<https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md>
"Currently, the only supported LTS branch is: mbedtls-2.28.
For a short time we also have the previous LTS, which has
recently ended its support period, mbedtls-2.16.
This branch will move into the archive namespace around the
time of the next release."
this will also add support for uacme ualpn support.
size changes
221586 libmbedtls12_2.28.0-1_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(remark about 2.16's EOS, slightly reworded)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
ZTE MF286A and MF286R are indoor LTE category 6/7 CPE router with simultaneous
dual-band 802.11ac plus 802.11n Wi-Fi radios and quad-port gigabit
Ethernet switch, FXS and external USB 2.0 port.
Hardware highlights:
- CPU: QCA9563 SoC at 775MHz,
- RAM: 128MB DDR2,
- NOR Flash: MX25L1606E 2MB SPI Flash, for U-boot only,
- NAND Flash: W25N01GV 128MB SPI NAND-Flash, for all other data,
- Wi-Fi 5GHz: QCA9886 2x2 MIMO 802.11ac Wave2 radio,
- WI-Fi 2.4GHz: QCA9563 3x3 MIMO 802.11n radio,
- Switch: QCA8337v2 4-port gigabit Ethernet, with single SGMII CPU port,
- WWAN:
[MF286A] MDM9230-based category 6 internal LTE modem
[MF286R] PXA1826-based category 7 internal LTE modem
in extended mini-PCIE form factor, with 3 internal antennas and
2 external antenna connections, single mini-SIM slot.
- FXS: one external ATA port (handled entirely by modem part) with two
physical connections in parallel,
- USB: Single external USB 2.0 port,
- Switches: power switch, WPS, Wi-Fi and reset buttons,
- LEDs: Wi-Fi, Test (internal). Rest of LEDs (Phone, WWAN, Battery,
Signal state) handled entirely by modem. 4 link status LEDs handled by
the switch on the backside.
- Battery: 3Ah 1-cell Li-Ion replaceable battery, with charging and
monitoring handled by modem.
- Label MAC device: eth0
The device shares many components with previous model, MF286, differing
mostly by a Wave2 5GHz radio, flash layout and internal LED color.
In case of MF286A, the modem is the same as in MF286. MF286R uses a
different modem based on Marvell PXA1826 chip.
Internal modem of MF286A is supported via uqmi, MF286R modem isn't fully
supported, but it is expected to use comgt-ncm for connection, as it
uses standard 3GPP AT commands for connection establishment.
Console connection: connector X2 is the console port, with the following
pinout, starting from pin 1, which is the topmost pin when the board is
upright:
- VCC (3.3V). Do not use unless you need to source power for the
converer from it.
- TX
- RX
- GND
Default port configuration in U-boot as well as in stock firmware is
115200-8-N-1.
Installation:
Due to different flash layout from stock firmware, sysupgrade from
within stock firmware is impossible, despite it's based on QSDK which
itself is based on OpenWrt.
STEP 0: Stock firmware update:
As installing OpenWrt cuts you off from official firmware updates for
the modem part, it is recommended to update the stock firmware to latest
version before installation, to have built-in modem at the latest firmware
version.
STEP 1: gaining root shell:
Method 1:
This works if busybox has telnetd compiled in the binary.
If this does not work, try method 2.
Using well-known exploit to start telnetd on your router - works
only if Busybox on stock firmware has telnetd included:
- Open stock firmware web interface
- Navigate to "URL filtering" section by going to "Advanced settings",
then "Firewall" and finally "URL filter".
- Add an entry ending with "&&telnetd&&", for example
"http://hostname/&&telnetd&&".
- telnetd will immediately listen on port 4719.
- After connecting to telnetd use "admin/admin" as credentials.
Method 2:
This works if busybox does not have telnetd compiled in. Notably, this
is the case in DNA.fi firmware.
If this does not work, try method 3.
- Set IP of your computer to 192.168.0.22. (or appropriate subnet if
changed)
- Have a TFTP server running at that address
- Download MIPS build of busybox including telnetd, for example from:
https://busybox.net/downloads/binaries/1.21.1/busybox-mips
and put it in it's root directory. Rename it as "telnetd".
- As previously, login to router's web UI and navigate to "URL
filtering"
- Using "Inspect" feature, extend "maxlength" property of the input
field named "addURLFilter", so it looks like this:
<input type="text" name="addURLFilter" id="addURLFilter" maxlength="332"
class="required form-control">
- Stay on the page - do not navigate anywhere
- Enter "http://aa&zte_debug.sh 192.168.0.22 telnetd" as a filter.
- Save the settings. This will download the telnetd binary over tftp and
execute it. You should be able to log in at port 23, using
"admin/admin" as credentials.
Method 3:
If the above doesn't work, use the serial console - it exposes root shell
directly without need for login. Some stock firmwares, notably one from
finnish DNA operator lack telnetd in their builds.
STEP 2: Backing up original software:
As the stock firmware may be customized by the carrier and is not
officially available in the Internet, IT IS IMPERATIVE to back up the
stock firmware, if you ever plan to returning to stock firmware.
It is highly recommended to perform backup using both methods, to avoid
hassle of reassembling firmware images in future, if a restore is
needed.
Method 1: after booting OpenWrt initramfs image via TFTP:
PLEASE NOTE: YOU CANNOT DO THIS IF USING INTERMEDIATE FIRMWARE FOR INSTALLATION.
- Dump stock firmware located on stock kernel and ubi partitions:
ssh root@192.168.1.1: cat /dev/mtd4 > mtd4_kernel.bin
ssh root@192.168.1.1: cat /dev/mtd9 > mtd9_ubi.bin
And keep them in a safe place, should a restore be needed in future.
Method 2: using stock firmware:
- Connect an external USB drive formatted with FAT or ext4 to the USB
port.
- The drive will be auto-mounted to /var/usb_disk
- Check the flash layout of the device:
cat /proc/mtd
It should show the following:
mtd0: 000a0000 00010000 "u-boot"
mtd1: 00020000 00010000 "u-boot-env"
mtd2: 00140000 00010000 "reserved1"
mtd3: 000a0000 00020000 "fota-flag"
mtd4: 00080000 00020000 "art"
mtd5: 00080000 00020000 "mac"
mtd6: 000c0000 00020000 "reserved2"
mtd7: 00400000 00020000 "cfg-param"
mtd8: 00400000 00020000 "log"
mtd9: 000a0000 00020000 "oops"
mtd10: 00500000 00020000 "reserved3"
mtd11: 00800000 00020000 "web"
mtd12: 00300000 00020000 "kernel"
mtd13: 01a00000 00020000 "rootfs"
mtd14: 01900000 00020000 "data"
mtd15: 03200000 00020000 "fota"
mtd16: 01d00000 00020000 "firmware"
Differences might indicate that this is NOT a MF286A device but
one of other variants.
- Copy over all MTD partitions, for example by executing the following:
for i in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do cat /dev/mtd$i > \
/var/usb_disk/mtd$i; done
"Firmware" partition can be skipped, it is a concatenation
of "kernel" and "rootfs".
- If the count of MTD partitions is different, this might indicate that
this is not a MF286A device, but one of its other variants.
- (optionally) rename the files according to MTD partition names from
/proc/mtd
- Unmount the filesystem:
umount /var/usb_disk; sync
and then remove the drive.
- Store the files in safe place if you ever plan to return to stock
firmware. This is especially important, because stock firmware for
this device is not available officially, and is usually customized by
the mobile providers.
STEP 3: Booting initramfs image:
Method 1: using serial console (RECOMMENDED):
- Have TFTP server running, exposing the OpenWrt initramfs image, and
set your computer's IP address as 192.168.0.22. This is the default
expected by U-boot. You may wish to change that, and alter later
commands accordingly.
- Connect the serial console if you haven't done so already,
- Interrupt boot sequence by pressing any key in U-boot when prompted
- Use the following commands to boot OpenWrt initramfs through TFTP:
setenv serverip 192.168.0.22
setenv ipaddr 192.168.0.1
tftpboot 0x81000000 openwrt-ath79-nand-zte_mf286a-initramfs-kernel.bin
bootm 0x81000000
(Replace server IP and router IP as needed). There is no emergency
TFTP boot sequence triggered by buttons, contrary to MF283+.
- When OpenWrt initramfs finishes booting, proceed to actual
installation.
Method 2: using initramfs image as temporary boot kernel
This exploits the fact, that kernel and rootfs MTD devices are
consecutive on NAND flash, so from within stock image, an initramfs can
be written to this area and booted by U-boot on next reboot, because it
uses "nboot" command which isn't limited by kernel partition size.
- Download the initramfs-kernel.bin image
- After backing up the previous MTD contents, write the images to the
"firmware" MTD device, which conveniently concatenates "kernel" and
"rootfs" partitions that can fit the initramfs image:
nandwrite -p /dev/<firmware-mtd> \
/var/usb_disk/openwrt-ath79-zte_mf286a-initramfs-kernel.bin
- If write is OK, reboot the device, it will reboot to OpenWrt
initramfs:
reboot -f
- After rebooting, SSH into the device and use sysupgrade to perform
proper installation.
Method 3: using built-in TFTP recovery (LAST RESORT):
- With that method, ensure you have complete backup of system's NAND
flash first. It involves deliberately erasing the kernel.
- Download "-initramfs-kernel.bin" image for the device.
- Prepare the recovery image by prepending 8MB of zeroes to the image,
and name it root_uImage:
dd if=/dev/zero of=padding.bin bs=8M count=1
cat padding.bin openwrt-ath79-nand-zte_mf286a-initramfs-kernel.bin >
root_uImage
- Set up a TFTP server at 192.0.0.1/8. Router will use random address
from that range.
- Put the previously generated "root_uImage" into TFTP server root
directory.
- Deliberately erase "kernel" partition" using stock firmware after
taking backup. THIS IS POINT OF NO RETURN.
- Restart the device. U-boot will attempt flashing the recovery
initramfs image, which will let you perform actual installation using
sysupgrade. This might take a considerable time, sometimes the router
doesn't establish Ethernet link properly right after booting. Be
patient.
- After U-boot finishes flashing, the LEDs of switch ports will all
light up. At this moment, perform power-on reset, and wait for OpenWrt
initramfs to finish booting. Then proceed to actual installation.
STEP 4: Actual installation:
- Set your computer IP to 192.168.1.22/24
- scp the sysupgrade image to the device:
scp openwrt-ath79-nand-zte_mf286a-squashfs-sysupgrade.bin \
root@192.168.1.1:/tmp/
- ssh into the device and execute sysupgrade:
sysupgrade -n /tmp/openwrt-ath79-nand-zte_mf286a-squashfs-sysupgrade.bin
- Wait for router to reboot to full OpenWrt.
STEP 5: WAN connection establishment
Since the router is equipped with LTE modem as its main WAN interface, it
might be useful to connect to the Internet right away after
installation. To do so, please put the following entries in
/etc/config/network, replacing the specific configuration entries with
one needed for your ISP:
config interface 'wan'
option proto 'qmi'
option device '/dev/cdc-wdm0'
option auth '<auth>' # As required, usually 'none'
option pincode '<pin>' # If required by SIM
option apn '<apn>' # As required by ISP
option pdptype '<pdp>' # Typically 'ipv4', or 'ipv4v6' or 'ipv6'
For example, the following works for most polish ISPs
config interface 'wan'
option proto 'qmi'
option device '/dev/cdc-wdm0'
option auth 'none'
option apn 'internet'
option pdptype 'ipv4'
The required minimum is:
config interface 'wan'
option proto 'qmi'
option device '/dev/cdc-wdm0'
In this case, the modem will use last configured APN from stock
firmware - this should work out of the box, unless your SIM requires
PIN which can't be switched off.
If you have build with LuCI, installing luci-proto-qmi helps with this
task.
Restoring the stock firmware:
Preparation:
If you took your backup using stock firmware, you will need to
reassemble the partitions into images to be restored onto the flash. The
layout might differ from ISP to ISP, this example is based on generic stock
firmware
The only partitions you really care about are "web", "kernel", and
"rootfs". These are required to restore the stock firmware through
factory TFTP recovery.
Because kernel partition was enlarged, compared to stock
firmware, the kernel and rootfs MTDs don't align anymore, and you need
to carve out required data if you only have backup from stock FW:
- Prepare kernel image
cat mtd12_kernel.bin mtd13_rootfs.bin > owrt_kernel.bin
truncate -s 4M owrt_kernel_restore.bin
- Cut off first 1MB from rootfs
dd if=mtd13_rootfs.bin of=owrt_rootfs.bin bs=1M skip=1
- Prepare image to write to "ubi" meta-partition:
cat mtd6_reserved2.bi mtd7_cfg-param.bin mtd8_log.bin mtd9_oops.bin \
mtd10_reserved3.bin mtd11_web.bin owrt_rootfs.bin > \
owrt_ubi_ubi_restore.bin
You can skip the "fota" partition altogether,
it is used only for stock firmware update purposes and can be overwritten
safely anyway. The same is true for "data" partition which on my device
was found to be unused at all. Restoring mtd5_cfg-param.bin will restore
the stock firmware configuration you had before.
Method 1: Using initramfs:
This method is recmmended if you took your backup from within OpenWrt
initramfs, as the reassembly is not needed.
- Boot to initramfs as in step 3:
- Completely detach ubi0 partition using ubidetach /dev/ubi0_0
- Look up the kernel and ubi partitions in /proc/mtd
- Copy over the stock kernel image using scp to /tmp
- Erase kernel and restore stock kernel:
(scp mtd4_kernel.bin root@192.168.1.1:/tmp/)
mtd write <kernel_mtd> mtd4_kernel.bin
rm mtd4_kernel.bin
- Copy over the stock partition backups one-by-one using scp to /tmp, and
restore them individually. Otherwise you might run out of space in
tmpfs:
(scp mtd3_ubiconcat0.bin root@192.168.1.1:/tmp/)
mtd write <ubiconcat0_mtd> mtd3_ubiconcat0.bin
rm mtd3_ubiconcat0.bin
(scp mtd5_ubiconcat1.bin root@192.168.1.1:/tmp/)
mtd write <ubiconcat1_mtd> mtd5_ubiconcat1.bin
rm mtd5_ubiconcat1.bin
- If the write was correct, force a device reboot with
reboot -f
Method 2: Using live OpenWrt system (NOT RECOMMENDED):
- Prepare a USB flash drive contatining MTD backup files
- Ensure you have kmod-usb-storage and filesystem driver installed for
your drive
- Mount your flash drive
mkdir /tmp/usb
mount /dev/sda1 /tmp/usb
- Remount your UBI volume at /overlay to R/O
mount -o remount,ro /overlay
- Write back the kernel and ubi partitions from USB drive
cd /tmp/usb
mtd write mtd4_kernel.bin /dev/<kernel_mtd>
mtd write mtd9_ubi.bin /dev/<kernel_ubi>
- If everything went well, force a device reboot with
reboot -f
Last image may be truncated a bit due to lack of space in RAM, but this will happen over "fota"
MTD partition which may be safely erased after reboot anyway.
Method 3: using built-in TFTP recovery:
This method is recommended if you took backups using stock firmware.
- Assemble a recovery rootfs image from backup of stock partitions by
concatenating "web", "kernel", "rootfs" images dumped from the device,
as "root_uImage"
- Use it in place of "root_uImage" recovery initramfs image as in the
TFTP pre-installation method.
Quirks and known issuesa
- It was observed, that CH340-based USB-UART converters output garbage
during U-boot phase of system boot. At least CP2102 is known to work
properly.
- Kernel partition size is increased to 4MB compared to stock 3MB, to
accomodate future kernel updates - at this moment OpenWrt 5.10 kernel
image is at 2.5MB which is dangerously close to the limit. This has no
effect on booting the system - but keep that in mind when reassembling
an image to restore stock firmware.
- uqmi seems to be unable to change APN manually, so please use the one
you used before in stock firmware first. If you need to change it,
please use protocok '3g' to establish connection once, or use the
following command to change APN (and optionally IP type) manually:
echo -ne 'AT+CGDCONT=1,"IP","<apn>' > /dev/ttyUSB0
- The only usable LED as a "system LED" is the blue debug LED hidden
inside the case. All other LEDs are controlled by modem, on which the
router part has some influence only on Wi-Fi LED.
- Wi-Fi LED currently doesn't work while under OpenWrt, despite having
correct GPIO mapping. All other LEDs are controlled by modem,
including this one in stock firmware. GPIO19, mapped there only acts
as a gate, while the actual signal source seems to be 5GHz Wi-Fi
radio, however it seems it is not the LED exposed by ath10k as
ath10k-phy0.
- GPIO5 used for modem reset is a suicide switch, causing a hardware
reset of whole board, not only the modem. It is attached to
gpio-restart driver, to restart the modem on reboot as well, to ensure
QMI connectivity after reboot, which tends to fail otherwise.
- Modem, as in MF283+, exposes root shell over ADB - while not needed
for OpenWrt operation at all - have fun lurking around.
The same modem module is used as in older MF286.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Both struct net_device_path_ctx and struct net_device_path
are not available in 5.4. This causes an build error on the
bcm63xx target.
|mac80211/driver-ops.h: In function 'drv_net_fill_forward_path':
|driver-ops.h:1502:57: error: passing argument 4 of
|'local->ops->net_fill_forward_path' from incompatible pointer type
| [-Werror=incompatible-pointer-types]
| 1502 | ctx, path);
| | ^~~
| | |
| | struct net_device_path_ctx *
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Package the ability to log kernel crashes to 'ramoops' pstore
files into RAM in /sys/fs/pstore
Reference to the ramoops admin guide in upstream Linux:
https://www.kernel.org/doc/html/v5.10/admin-guide/ramoops.html
The files in RAM survive a warm reboot, but not a cold reboot.
Note: kmod-ramoops selects kmod-pstore and kmod-reed-solomon.
The feature can be used by selecting the kmod-ramoops and
adding a ramoops reserved-memory definition to the device DTS.
Example from R7800:
reserved-memory {
rsvd@5fe00000 {
reg = <0x5fe00000 0x200000>;
reusable;
};
ramoops@42100000 {
compatible = "ramoops";
reg = <0x42100000 0x40000>;
record-size = <0x4000>;
console-size = <0x4000>;
ftrace-size = <0x4000>;
pmsg-size = <0x4000>;
};
};
If no definition has been made in DTS, no crash log is stored
for the device.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(added CONFIG_EFI_VARS_PSTORE disable)
Previously, grub2 was hardcoded to always look on "hd0" for the
kernel.
This works well when the system only had a single disk.
But if there was a second disk/stick present, it may have look
on the wrong drive because of enumeration races.
This patch utilizes grub2 search function to look for a filesystem
with the label "kernel". This works thanks to existing setup in
scripts/gen_image_generic.sh. Which sets the "kernel" label on
both the fat and ext4 filesystem variants.
Signed-off-by: Jax Jiang <jax.jiang.007@gmail.com>
Suggested-by: Alberto Bursi <bobafetthotmail@gmail.com> (MX100 WA)
(word wrapped, slightly rewritten commit message, removed MX100 WA)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
AT91Bootstrap version 4 is available only for SAM9X60, SAMA5D2, SAMA5D3,
SAMA5D4, SAMA7G5. Thus use v4.0.1 for the above targets and v3.10.4 for
the rest of them. With the switch to v4 AT91Bootstrap binaries are now
on build/binaries. Take also this into account. Also, patches directory
is not needed anymore with the version update.
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
In the default shadow file, as visible in the failsafe mode, the user
root has value of `0` set in the 3rd field, the date of last password
change. This setting means that the password needs to be changed the
next time the user will log in the system. `dropbear` server is ignoring
this setting but `openssh-server` tries to enforce it and fails in the
failsafe mode because the rootfs is R/O.
Disable the password aging feature for user root by setting the 3rd
filed empty.
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
Enable both the hunting-and-pecking loop and hash-to-element mechanisms
by default in OpenWRT with SAE.
Commercial Wi-Fi solutions increasingly frequently now ship with both
hunting-and-pecking and hash-to-element (H2E) enabled by default as this
is more secure and more performant than offering hunting-and-pecking
alone for H2E capable clients.
The hunting and pecking loop mechanism is inherently fragile and prone to
timing-based side channels in its design and is more computationally
intensive to perform. Hash-to-element (H2E) is its long-term
replacement to address these concerns.
For clients that only support the hunting-and-pecking loop mechanism,
this is still available to use by default.
For clients that in addition support, or were to require, the
hash-to-element (H2E) mechanism, this is then available for use.
Signed-off-by: Nick Lowe <nick.lowe@gmail.com>
Backport fix for API breakage of SSL_get_verify_result() introduced in
v5.1.1-stable. In v4.8.1-stable SSL_get_verify_result() used to return
X509_V_OK when used on LE powered sites or other sites utilizing
relaxed/alternative cert chain validation feature. After an update to
v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA
error and thus rendered all such connection attempts imposible:
$ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org"
Downloading 'https://letsencrypt.org'
Connecting to 18.159.128.50:443
Connection error: Invalid SSL certificate
Fixes: #9283
References: https://github.com/wolfSSL/wolfssl/issues/4879
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Not all targets create /var/lock or touch /var/lock/fw_printenv.lock in
their platform.sh. This is problematic as fw_printenv then fails in
case /var/lock/fw_printenv.lock has not been created by previous calls
to fw_printenv/fw_setenv before sysupgrade is run.
Targets using fw_printenv/fw_setenv during sysupgrade:
* ath79/*
* ipq40xx/*
* ipq806x/*
* kirkwood/*
* layerscape/*
* mediatek/mt7622
* mvebu/*
* ramips/*
* realtek/*
Targets currently using additional steps in /lib/upgrade/platform.sh
to make sure /var/lock/fw_printenv.lock (or at least /var/lock)
actually exists:
* ath79/* (openmesh devices)
* ipq40xx/* (linksys devices)
* ipq806x/* (linksys devices)
* kirkwood/* (linksys devices)
* layerscape/*
* mvebu/cortexa9 (linksys devices)
Given that accessing the U-Boot environment during sysupgrade is not
uncommon and the situation across targets is currently quite diverse,
just make sure both tools as well fw_env.config are always copied to
the ramdisk used for sysupgrade. Also make sure /var/lock always
exists.
This now allows to remove copying of fw_printenv/fw_setenv as well as
fw_env.config, creation of /var/lock or even /var/lock/fw_printenv.lock
from lib/upgrade/platform.sh or files included there.
As the same applies also to 'fwtool' which is used by generic eMMC
sysupgrade, also always copy that to ramdisk.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This uses uci to configure engines, by generating a list of enabled
engines in /var/etc/ssl/engines.cnf from engines configured in
/etc/config/openssl:
config engine 'devcrypto'
option enabled '1'
Currently the only options implemented are 'enabled', which defaults to
true and enables the named engine, and the 'force' option, that enables
the engine even if the init script thinks the engine does not exist.
The existence test is to check for either a configuration file
/etc/ssl/engines.cnf.d/%ENGINE%.cnf, or a shared object file
/usr/lib/engines-1.1/%ENGINE%.so.
The engine list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped. It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This enables an engine during its package's installation, by adding it
to the engines list in /etc/ssl/engines.cnf.d/engines.cnf.
The engine build system was reworked, with the addition of an engine.mk
file that groups some of the engine packages' definitions, and could be
used by out of tree engines as well.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This changes the configuration of engines from the global openssl.cnf to
files in the /etc/ssl/engines.cnf.d directory. The engines.cnf file has
the list of enabled engines, while each engine has its own configuration
file installed under /etc/ssl/engines.cnf.d.
Patches were refreshed with --zero-commit.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
100-ddr-marvell-a38x-fix-BYTE_HOMOGENEOUS_SPLIT_OUT-deci.patch [1]:
SoC Marvell A38x is used in Turris Omnia, and we thought that with recent
fiddling around DDR training to fix it once for all, there were
reproduced the issue in the upcoming new revision Turris Omnia boards.
101-arm-mvebu-spl-Add-option-to-reset-the-board-on-DDR-t.patch [2]:
This is useful when some board may occasionally fail with DDR training,
and it adds the option to reset the board on the DDR training failure
102-arm-mvebu-turris_omnia-Reset-the-board-immediately-o.patch [3]:
This enables the option CONFIG_DDR_RESET_ON_TRAINING_FAILURE (added by
101 patch), so the Turris Omnia board is restarted immediately, and it
does not require to reset the board manually or wait 120s for MCU to
reset the board
[1] https://patchwork.ozlabs.org/project/uboot/patch/20220217000837.13003-1-kabel@kernel.org/
[2] https://patchwork.ozlabs.org/project/uboot/patch/20220217000849.13028-1-kabel@kernel.org/
[3] https://patchwork.ozlabs.org/project/uboot/patch/20220217000849.13028-2-kabel@kernel.org/
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This commit adds the following package compile options.
CONFIG_PACKAGE_RTW88_DEBGUG:
Compile the driver with additional debug logging output
CONFIG_PACKAGE_RTW88_DEBGUGFS:
Add the possibility to map information about the driver rtw88 into
debugfs.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Contains following changes:
136006b88826 cmake: fix usage of implicit library and include paths
bc0e84d689e2 netifd: interface-ip: don't set fib6 policies if ipv6 disabled
Signed-off-by: Petr Štetiar <ynezz@true.cz>
e061299 wireless-regdb: Raise DFS TX power limit to 250 mW (24 dBm) for the US
2ce78ed wireless-regdb: Update regulatory rules for Croatia (HR) on 6GHz
0d39f4c wireless-regdb: Update regulatory rules for South Korea (KR)
acad231 wireless-regdb: Update regulatory rules for France (FR) on 6 and 60 GHz
ea83a82 wireless-regdb: add support for US S1G channels
4408149 wireless-regdb: add 802.11ah bands to world regulatory domain
5f3cadc wireless-regdb: Update regulatory rules for Spain (ES) on 6GHz
e0ac69b Revert "wireless-regdb: Update regulatory rules for South Korea (KR)"
40e5e80 wireless-regdb: Update regulatory rules for South Korea (KR)
e427ff2 wireless-regdb: Update regulatory rules for China (CN)
0970116 wireless-regdb: Update regulatory rules for the Netherlands (NL) on 6GHz
4dac44b wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
package hwmon's lm70.ko. This module supports the
National Semiconductor/TI LM70,LM71,LM74 and
TI TMP121,TMP122,TMP123 and TMP124 chips (all SPI).
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
When Kernel 5.10 was enabled for mpc85xx, the kernel once again became too
large upon decompression (>7MB or so) to decompress itself on boot (see
FS#4110[1]).
There have been many attempts to fix booting from a compressed kernel on
the HiveAP-330:
- b683f1c36d ("mpc85xx: Use gzip compressed kernel on HiveAP-330")
- 98089bb8ba ("mpc85xx: Use uncompressed kernel on the HiveAP-330")
- 26cb167a5c ("mpc85xx: Fix Aerohive HiveAP-330 initramfs image")
We can no longer compress the kernel due to size, and the stock bootloader
does not support any other types of compression. Since an uncompressed
kernel no longer fits in the 8MiB kernel partition at 0x2840000, we need to
patch u-boot to autoboot by running variable which isn't set by the
bootloader on each autoboot.
This commit repartitions the HiveAP, requiring a new COMPAT_VERSION,
and uses the DEVICE_COMPAT_MESSAGE to guide the user to patch u-boot,
which changes the variable run on boot to be `owrt_boot`; the user can
then set the value of that variable appropriately.
The following has been documented in the device's OpenWrt wiki page:
<https://openwrt.org/toh/aerohive/hiveap-330>. Please look there
first/too for more information.
The from-stock and upgrade from a previous installation now becomes:
0) setup a network with a dhcp server and a tftp server at serverip
(192.168.1.101) with the initramfs image in the servers root directory.
1) Hook into UART (9600 baud) and enter U-Boot. You may need to enter
a password of administrator or AhNf?d@ta06 if prompted. If the password
doesn't work. Try reseting the device by pressing and holding the reset
button with the stock OS.
2) Once in U-Boot, set the new owrt_boot and tftp+boot the initramfs image:
Use copy and paste!
# fw_setenv owrt_boot 'setenv bootargs \"console=ttyS0,$baudrate\";bootm 0xEC040000 - 0xEC000000'
# save
# dhcp
# setenv bootargs console=ttyS0,$baudrate
# tftpboot 0x1000000 192.168.1.101:openwrt-mpc85xx-p1020-aerohive_hiveap-330-initramfs-kernel.bin
# bootm
3) Once openwrt booted:
carefully copy and paste this into the root shell. One step at a time
# 3.0 install kmod-mtd-rw from the internet and load it
opkg update; opkg install kmod-mtd-rw
insmod mtd-rw i_want_a_brick=y
# 3.1 create scripts that modifies uboot
cat <<- "EOF" > /tmp/uboot-update.sh
. /lib/functions/system.sh
cp "/dev/mtd$(find_mtd_index 'u-boot')" /tmp/uboot
cp /tmp/uboot /tmp/uboot_patched
ofs=$(strings -n80 -td < /tmp/uboot | grep '^ [0-9]* setenv bootargs.*cp\.l' | cut -f2 -d' ')
for off in $ofs; do
printf "run owrt_boot; " | dd of=/tmp/uboot_patched bs=1 seek=${off} conv=notrunc
done
md5sum /tmp/uboot*
EOF
# 3.2 run the script to do the modification
sh /tmp/uboot-update.sh
# verify that /tmp/uboot and /tmp/uboot_patched are good
#
# my uboot was: (is printed during boot)
# U-Boot 2009.11 (Jan 12 2017 - 00:27:25), Build: jenkins-HiveOS-Honolulu_AP350_Rel-245
#
# d84b45a2e8aca60d630fbd422efc6b39 /tmp/uboot
# 6dc420f24c2028b9cf7f0c62c0c7f692 /tmp/uboot_patched
# 98ebc7e7480ce9148cd2799357a844b0 /tmp/uboot-update.sh <-- just for reference
# 3.3 this produces the /tmp/u-boot_patched file.
mtd write /tmp/uboot_patched u-boot
3) scp over the sysupgrade file to /tmp/ and run sysupgrade to flash OpenWrt:
sysupgrade -n /tmp/openwrt-mpc85xx-p1020-aerohive_hiveap-330-squashfs-sysupgrade.bin
4) after the reboot, you are good to go.
Other notes:
- Note that after this sysupgrade, the AP will be unavailable for 7 minutes
to reformat flash. The tri-color LED does not blink in any way to
indicate this, though there is no risk in interrupting this process,
other than the jffs2 reformat being reset.
- Add a uci-default to fix the compat version. This will prevent updates
from previous versions without going through the installation process.
- Enable CONFIG_MTD_SPLIT_UIMAGE_FW and adjust partitioning to combine
the kernel and rootfs into a single dts partition to maximize storage
space, though in practice the kernel can grow no larger than 16MiB due
to constraints of the older mpc85xx u-boot platform.
- Because of that limit, KERNEL_SIZE has been raised to 16m.
- A .tar.gz of the u-boot source for the AP330 (a.k.a. Goldengate) can
be found here[2].
- The stock-jffs2 partition is also removed to make more space -- this
is possible only now that it is no longer split away from the rootfs.
- the console-override is gone. The device will now get the console
through the bootargs. This has the advantage that you can set a different
baudrate in uboot and the linux kernel will stick with it!
- due to the repartitioning, the partition layout and names got a makeover.
- the initramfs+fdt method is now combined into a MultiImage initramfs.
The separate fdt download is no longer needed.
- added uboot-envtools to the mpc85xx target. All targets have uboot and
this way its available in the initramfs.
[1]: https://bugs.openwrt.org/index.php?do=details&task_id=4110
[2]: magnet:?xt=urn:btih:e53b27006979afb632af5935fa0f2affaa822a59
Tested-by: Martin Kennedy <hurricos@gmail.com>
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
(rewrote parts of the commit message, Initramfs-MultiImage,
dropped bootargs-override, added wiki entry + link, uboot-envtools)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
