Provide uci-firewall via PROVIDES in both firewall and firewall4. This
will allow us to change the dependency of luci-app-firewall to
uci-firewall, making it possible to use it with either implementation.
Move CONFLICTS from firewall4 to firewall, to solve this recursive
dependency problem:
tmp/.config-package.in:307:error: recursive dependency detected!
tmp/.config-package.in:307: symbol PACKAGE_firewall is selected by PACKAGE_firewall4
tmp/.config-package.in:328: symbol PACKAGE_firewall4 depends on PACKAGE_firewall
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
4ead2a6 treewide: move executables to /sbin
9ebc2f4 fw4.uc: filter duplicates in fw4.set
85b74f3 treewide: support flow offloading
be3b4e6 treewide: support hardware flow offloading
38889b7 treewide: support set timeout
31c7550 fw4.uc: do not skip defaults with invalid option
334a127 fw4.uc: introduce DEPRECATED flag
7a0d38f fw4.uc: add _name as deprecated option
5e7ad3b fw4.uc: don't fail on unknown options
be5f4e3 fw4.uc: allow use of cidr in ipsets
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
The limitation of not being able to use iptables and nft nat at the same
time exists only in kernels before 4.18.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
ARC4 was used for WEP, which is not secure anymore. Therefor it is
disabled in the driver, but the code is not removed for now.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
The lantiq AES hardware does not support the gcm algorithm. But it
can be implemented in the driver as a combination of the aes_ctr
algorithm and the xor plus gfmul operations for the hashing.
Due to the wrapping of the several algorithms and the inefficient
16 byte block by 16 byte block invokation in the kernel
implementations, this driver is about 3 times faster for the larger
block sizes.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
After adding xts and cbcmac the aes algorithm source had three sections
for setting the aes key to the hardware which are identical.
Method aes_set_key_hw was created which is now called from within the
spinlock secured control sections in methods ifx_deu_aes, ifx_deu_aes_xts
and aes_cbcmac_final_impl and reduces the size of ifxmips_aes.c.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Since commit 53b6783 hostapd is using the kernel api which includes the
cbcmac-aes shash algorithm. The kernels implementation is a wrapper around
the aes encryption algorithm, which encrypts block (16 bytes) by block.
When the ltq-deu driver is present, it uses hardware aes, but every 16 byte
encrypt requires setting the key. This is very inefficient and is a huge
overhead. Since the cbcmac-aes is simply a hash that uses the cbc aes
algorithm starting with an iv set to x'00' with an optional ecb aes
encryption of a possible last incomplete block that is padded with the
positional bytes of the last cbc encrypted block, this algorithm is now
added to the driver. Most of the code is derived from md5-hmac and
tailored for aes. Tested with the kernels crypto testmgr including extra
tests against the kernels generic ccm module implementation.
This patch also fixes the overallocation in the aes_ctx that is caused
by using u32 instead of u8 for the aes keys.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Remove the dependency on kernel 5.4 from the Makefile to allow the
driver to compile with kernel 5.10 or kernel versions higher than
5.4.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
The lantiq AES hardware does not support the xts algorithm. Apart
from the cipher text stealing (XTS), the AES XTS implementation is
just an XOR with the IV, followed by AES ECB, followed by another
XOR with the IV and as such can be also implemented by using the
lantiq hardware's CBC AES implemention plus one additional XOR with
the IV in the driver. The output IV by CBC AES is also not usable
and the gfmul operation not supported by lantiq hardware. Both need
to be done in the driver too in addition to the IV treatment which is
the initial encryption by the other half of the input key and to
set the IV to the IV registers for every block.
In the generic kernel implementation, the block size for XTS is set
to 16 bytes, although the algorithm is designed to process any size
of input larger than 16 bytes. But since there is no way to
indicate a minimum input length, the block size is used. This leads
to certain issues when the skcipher walk functions are used, e.g.
processing less than block size bytes is not supported by calling
skcipher_walk_done.
The walksize is 2 AES blocks because otherwise for splitted input
or output data, less than blocksize is to be returned in some cases,
which cannot be processed. Another issue was that depending on
possible split of input/output data, just 16 bytes are returned while
less than 16 bytes were remaining, while cipher text stealing
requires 17 bytes or more for processing.
For example, if the input is 60 bytes and the walk is 48, then
processing 48 bytes leads to a return code of -EINVAL for
skcipher_walk_done. Therefor the processed counter is used to
figure out, when the actual cipher text stealing for the remaining
bytes less than blocksize needs to be applied.
Measured with cryptsetup benchmark, this XTS AES implementation is
about 19% faster than the kernels XTS implementation that uses the
hardware ECB AES (ca. 18.6 MiB/s vs. 15.8 MiB/s decryption 256b key).
The implementation was tested with the kernels crypto testmgr against
the kernels generic XTS AES implementation including extended tests.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
The processing in the hmac algorithms depends on the status fields:
count, dbn and started. Not all were initialised in the init method
and after finishing the final method. Added missing fields to init
method and call init method after finishing final.
The memsets have the wrong size in the original driver and did not
clear everything and are not necessary. Since no memset is done in
the kernels generic implementation, memsets were removed.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Removing hash pointer in _hmac_setkey since its not needed and causes
a compiler warning.
Make the spinlock control sections shorter and move initializations
out of the control sections to free the spinlock faster for allowing
other threads to use the hash engine.
Minor improvements for indentation and removal of blanks and blank
lines in some areas.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Exceeding the temp array size was not checked and instead storage not
allocated by the driver was used/overwritten which in most cases
resulted in reboots. This patch implements processing the input to the
hash algorithm in tempsize chunks.
The _hmac_final methods were changed to _hmac_final_impl adding a
parameter that indicates intermediate or final processing. The started
variable was added to the context to indicate, if there is an
intermediate result in the context. For sha1_hmac the variable to store
the intermediate hash was added to the context too.
In order to avoid md5_hmac_final_impl being recursively called if the
padding of the input and the resulting last transform during the hmac
algorighms final processing causes the temp array to overflow and to
make sure that there is at least one block in the temp array when the
_hmac_final for final processing is called, the check for exceeding
the temp array in _hmac_transform was moved before copying the block
and incrementing dbn. dbn needs to be at least 1 at final processing
time to let the hash engine apply the opad operation.
To make the hash engine not apply the hmac algorithms final opad
operation, for intermediate processing the dbn in the control register
is set to a higher value than number of dbns are actually processed.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
The hmac algorithms state, that keys larger than the key size should be
hashed with the underlying hash algorithms and then those hashes are to
be used as keys. This patch implements this. In order to avoid allocating
a descriptor during setkey, a shash_desc pointer is added to the context.
Another issue for multithreaded callers is the shared temp array.
The temp array is static and as such would be shared among multithreaded
callers, which obviously would neither work nor produce correct results.
The temp array (4k size) is moved to the context and since the size of
the context is limited, it can only be defined as pointer otherwise the
initialisation of the hash algorithm fails.
The allocations and freeing of both the temp and the desc pointer in the
context are done by implementing cra_init and cra_exit functions for
the hmac algorithms.
Also improved indentation in some areas.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Error ifxdeu-ctr-rfc3686(aes) (16) doesn't match generic impl (20) occurs
when running the cryptomgr extra tests that compare against the linux
kernels generic implementation.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
The algorithms sha1, sha1_hmac and md5_hmac all use ENDI=1. The md5
algorithm uses ENDI=0 and the endian_swap methods to reverse the
endianess switch by using user CPU time, which is unnecessary overhead.
Danube and AR9 devices do not set endianess for SHA1, so is done for
MD5.
Furthermore the patch replaces endian_swap with le32_to_cpu for md5 and
md5 hmac algorithms and removes endian_swap for them.
The init functions initialize the algorithm in the hardware. The lock is
not used to write to the control register. If another thread calls
another hash algo before update or final, the result will be wrong.
Therefore move the algorithm init to the lock protected sections in the
transform or final methods.
Setting the hw key for the hmac algorithms is now done from within the
lock protected sections in their final methods. The lock protecting is
removed from the _hmac_setkey_hw functions.
In final for md5 and sha1 the lock section is removed, because all the
work was already done in transform (which is called from final). As such
only copying the hash to the output is required.
MD5 and MD5_HMAC produce 16 byte hashes (4 DWORDS) only, therefor
writing register D5R to the hash output is removed for MD5_HMAC.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
All hash algorithms use the same base IFX_HASH_CON to access the hash unit.
Parallel threads should not be able to call different hash algorithms and
therefor a global lock is required.
Fixed linker warning, that md5_hmac_init, md5_hmac_update and
md5_hmac_final are static export symbols. The export symbols are not
required, because the functions are exposed using shash_alg structure.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
The functions ifx_deu_aes_cfg and ifx_deu_aes_ofb have been part of the
driver ever since. But the functions and definitions to make the
algorithms actually usable were missing.
This patch adds the neccessary code for aes_ofb and aes_cfb algorithms.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
When running cryptomgr tests against the driver, there are several
occurences of different errors for even and uneven splitted data in the
underlying scatterlists for the ctr and ctr_rfc3686 algorithms which are
now fixed.
Fixed error in ctr_rfc3686_aes_decrypt function which was introduced with
the previous commit by using CRYPTO_DIR_ENCRYPT in the decrypt function.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
When running cryptomgr tests against the driver, there are several
occurences of different errors for setkey of des and des3-ede
algorithms.
Those key checks are already implemented in the kernels des
implementation, so this is added as dependency and the kernel methods
are called. It also required adding the kernels des/des3 context
definitions to the des_ctx internal structure to be able to call the
kernel methods.
Fixed ifxdeu-des... setkey unexpectedly succeeded on test vector x;
expected_error=-22.
Fixed ifxdeu-des... setkey failed on test vector x; expected_error=0,
actual_error=-22.
Renamed des_ctx internal structure and des_encrypt/des_decrypt methods
because they are already defined in the kernel module.
Fixed wrong DES_xxx constant definitions in crypto_alg definition for
ifxdeu_des3_ede_alg.
Fixed method comment errors.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
The <linux/cryptohash.h> was removed with Linux 5.8, because it only
contained the library implementation of SHA1, which was folded
into <crypto/sha.h>.
So switch this driver away from using <linux/cryptohash.h>.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Convert blkcipher to skcipher for the synchronous versions of AES,
DES and ARC4.
The Block Cipher API was depracated for a while and was removed with
Linux 5.5. So switch this driver to the skcipher API.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Some devices initialize AES during boot and AES works out of the box
and the correct endianess is set.
NDC means (No Danube Compatibility Mode) and the endianess setting has
no effect if its set to 0.
NDC 0: OFF ENDI bit cannot be written as in Danube
To make it work for other devices, the NDC control register needs to
be set to 1.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
OpenSSL with cryptdev support uses the data encryption unit (DEU) driver
for hard accelerated processing of ciphers/digests, if the flag
CRYPTO_ALG_KERN_DRIVER_ONLY is set.
Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Even if the minimum blocksize is set to 16 (AES_BLOCK_SIZE), the crypto
manager tests pass 499 bytes of data to the aes-ctr encryption, from
which only 496 bytes are actually encrypted.
Reading the comment regarding the minimum blocksize, it only states that
it's the "smallest possible unit which can be transformed with this
algorithm". Which doesn't necessarily mean, the data have to be a
multiple of the minimal blocksize.
All kernel hardware crypto driver enforce a minimum blocksize of 1,
which perfect fine works for the lantiq data encryption unit as well.
Lower the blocksize limit to 1, to process not padded data as well.
In AES for processing the remaining bytes, uninitialized pointers
were used.
This patch fixes using uninitialized pointers and wrong offsets.
Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
When handling non-aligned remaining data (not padded to 16 byte
[AES_BLOCK_SIZE]), a full 16 byte block is read from the input buffer
and written to the output buffer after en-/decryption.
While code already assumes that an input buffer could have less than 16
byte remaining, as it can be seen by the code zeroing the remaining
bytes till AES_BLOCK_SIZE, the full AES_BLOCK_SIZE is read.
An output buffer size of a multiple of AES_BLOCK_SIZE is expected but
never validated.
To get rid of the read/write behind buffer, use a temporary buffer when
dealing with not padded data and only write as much bytes to the output
as we read.
Do not memcpy directly to the register, to make used of the endian swap
macro and to trigger the crypto start operator via the ID0R to trigger
the register. Since we might need an endian swap for the output in
future, use a temporary buffer for the output as well.
The issue could not be observed so far, since all caller of ifx_deu_aes
will ignore the padded (remaining) data. Considering that the minimum
blocksize for the algorithm is set to AES_BLOCK_SIZE, the behaviour
could be called expected.
Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
The crypto algorithms are registered and available to the system before
the chip is actually powered on and the generic parameter for the DEU
behaviour set.
The issue can mainly be observed if the crypto manager tests are enabled
in the kernel config. The crypto manager test run directly after an
algorithm is registered.
Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Compiling without fPIC causes linking issues for packages using liblua.
Add $(HOST_FPIC) to host builds for both lua and lua5.3.
Suggested-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Arch Linux users have encountered problems with packages that have a dependency on binutils. This error happens when libtool is doing:
libtool: relink: ...
So change PKG_FIXUP to "patch-libtool".
Fixes error in the form of:
libtool: install: error: relink `libctf.la' with the above command
before installing it
Upstream Bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=28545
OpenWrt Bug:
https://bugs.openwrt.org/index.php?do=details&task_id=4149
Acked-by: John Audia <graysky@archlinux.us>
Signed-off-by: Nick Hainke <vincent@systemli.org>
This is a bugfix release. Changelog:
*) Avoid loading of a dynamic engine twice.
*) Fixed building on Debian with kfreebsd kernels
*) Prioritise DANE TLSA issuer certs over peer certs
*) Fixed random API for MacOS prior to 10.12
Patches were refreshed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Recently the hostapd has undergone many changes. The patches were not refreshed.
Refreshed with
make package/hostapd/{clean,refresh}
Refreshed:
- 380-disable_ctrl_iface_mib.patch
- 600-ubus_support.patch
- 700-wifi-reload.patch
- 720-iface_max_num_sta.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
This is required to be able to use flow offloading on devices with
ifnames that start with a digit, like 6in4-wan6.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Chromium based web-browsers (version >58) checks x509v3 extended attributes.
If this check fails then chromium does not allow to click "Proceed to ...
(unsafe)" link. This patch add three x509v3 extended attributes to self-signed
certificate:
1. SAN (Subject Alternative Name) (DNS Name) = CN (common name)
2. Key Usage = Digital Signature, Non Repudiation, Key Encipherment
3. Extended Key Usage = TLS Web Server Authentication
SAN will be added only if CONFIG_WOLFSSL_ALT_NAMES=y
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
x509v3 SAN extension is required to generate a certificate compatible with
chromium-based web browsers (version >58)
It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
NETGEAR ReadyNAS Duo v2 is a NAS based on Marvell kirkwood SoC.
Specification:
- Processor Marvell 88F6282 (1.6 GHz)
- 256MB RAM
- 128MB NAND
- 1x GBE LAN port (PHY: Marvell 88E1318)
- 1x USB 2.0
- 2x USB 3.0
- 2x SATA
- 3x button
- 5x leds
- serial on J5 connector accessible from rear panel
(115200 8N1) (VCC,TX,RX,GND) (3V3 LOGIC!)
Installation by USB + serial:
- Copy initramfs image to fat32 usb drive
- Connect pendrive to USB 2.0 front socket
- Connect serial console
- Stop booting in u-boot
- Do:
usb reset
setenv bootargs 'console=ttyS0,115200n8 earlyprintk'
setenv bootcmd 'nand read.e 0x1200000 0x200000 0x600000;bootm 0x1200000'
saveenv
fatload usb 0:1 0x1200000 openwrt-kirkwood-netgear_readynas-duo-v2-initramfs-uImage
bootm 0x1200000
- copy sysupgrade image via ssh.
- run sysupgrade
Installation by TFTP + serial:
- Setup TFTP server and copy initramfs image
- Connect serial console
- Stop booting in u-boot
- Do:
setenv bootargs 'console=ttyS0,115200n8 earlyprintk'
setenv bootcmd 'nand read.e 0x1200000 0x200000 0x600000;bootm 0x1200000'
saveenv
setenv serverip 192.168.1.1
setenv ipaddr 192.168.1.2
tftpboot 0x1200000 openwrt-kirkwood-netgear_readynas-duo-v2-initramfs-uImage
bootm 0x1200000
- copy sysupgrade image via ssh.
- run sysupgrade
Known issues:
- Power button and PHY INTn pin are connected to the same GPIO. It
causes that every network restart button is pressed in system.
As workaround, button is used as regular BTN_1.
For more info please look at file:
RND_5.3.13_WW.src/u-boot/board/mv_feroceon/mv_hal/usibootup/usibootup.c
from Netgear GPL sources.
Tested-by: Raylynn Knight <rayknight@me.com>
Tested-by: Lech Perczak <lech.perczak@gmail.com>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
This patch adds kernel module for Global Mixed-mode Technology Inc
G762 and G763 fan speed PWM controller chips.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
The build fails when the openssl/sha.h header file is not installed on
the host system. Fix this by setting the HOSTCCFLAGS variable to the
OpenWrt HOST_CFLAGS variable, without setting this the include paths and
other modifications in the host flags done by OpenWrt will be ignored by
the build.
This fixes the following build problem:
gcc -c -D_GNU_SOURCE -D_XOPEN_SOURCE=700 -Wall -Werror -pedantic -std=c99 -O2 -I../../include/tools_share fiptool.c -o fiptool.o
In file included from fiptool.h:16,
from fiptool.c:19:
fiptool_platform.h:19:11: fatal error: openssl/sha.h: No such file or directory
19 | # include <openssl/sha.h>
| ^~~~~~~~~~~~~~~
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The build of the manpages needs the pandoc tool, this is not in the
minimal requirements of OpenWrt, just remove the build of the restool
manpage. This fixes the build on systems without pandoc like the OpenWrt build bots.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Up to now the WPS script triggered WPS on the stations only if it
could not trigger it successfully on any hostapd instance.
In a Multi-AP context, there can be a need (to establish a new
wireless backhaul link) to trigger WPS on the stations, regardless of
whether there is already a hostapd instance configured or not. The
current script makes it impossible, as if hostapd is running and
configured, WPS would always be triggered on hostapd only.
To allow both possibilities, the following changes are made:
- Change the "pressed" action to "release", so that we can make use of
the "$SEEN" variables (to know for how long the button was pressed).
- If the button is pressed for less than 3 seconds, keep the original
behavior.
- If the button is pressed for 3 seconds or more, trigger WPS on the
stations, regardless of the status of any running hostapd instance.
- Add comments explaining both behaviors.
- While at it, replace the usage of '-a' with a '[] && []'
construct (see [1]).
This gives users a "fallback" mechanism to onboard a device to a
Multi-AP network, even if the device already has a configured hostapd
instance running.
[1]: https://github.com/koalaman/shellcheck/wiki/SC2166
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
this patch consolidates the amd64-microcode
(moved to linux-firmware.git, previously this was an extra
debian source package download), amdgpu and radeon firmwares
into a shared "amd" makefile.
With the upcoming 20211216 linux-firmware bump,
this will include a microcode update for ZEN 3 CPUs.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Otherwise, connection setup may fail due to JSON parse error in netifd.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Updated commit description]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
PIN2 is used only to restrict changing of fixed dialling feature,
does not affect network registration. Therefore explicitly check for
PIN1 state during connection setup, which is required for network
registration.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Updated commit description]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
This is needed to properly close the control channel.
Otherwise, on the next try the caps call may fail.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
We were missing (not using) the last sector of each partition,
compared with the output of gparted.
Signed-off-by: Javier Marcet <javier@marcet.info>
[moved the dot]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The http://www.us.tcpdump.org mirror will go offline soon, only use the
normal download URL.
Reported-by: Denis Ovsienko <denis@ovsienko.info>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The rtl8723bs firmware was removed and a symlink to the rtl8723bu
firmware was created like it is done in upstream linux-firmware.
The following OpenWrt packages are changing:
* amdgpu-firmware: Multiple updates and new files
* ar3k-firmware: Multiple updates and new files
* ath10k-firmware-qca6174: Updated ath10k/QCA6174/hw3.0/board-2.bin
* bnx2x-firmware: Added bnx2x-e1-7.13.21.0.fw, bnx2x-e1h-7.13.21.0.fw and bnx2x-e2-7.13.21.0.fw
* iwlwifi-firmware-iwl8260c: Updated iwlwifi-8000C-36.ucode
* iwlwifi-firmware-iwl8265: Updated iwlwifi-8265-36.ucode
* iwlwifi-firmware-iwl9000: Updated iwlwifi-9000-pu-b0-jf-b0-46.ucode
* iwlwifi-firmware-iwl9260: Updated iwlwifi-9260-th-b0-jf-b0-46.ucode
* r8169-firmware: Updated rtl8153c-1.fw
* rtl8723bs-firmware: removed
* rtl8723bu-firmware: Added rtlwifi/rtl8723bs_nic.bin symlink
* rtl8822ce-firmware: Updated rtw8822c_fw.bin
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Based on: 1ac627024d ("kernel: ath10k-ct: provide a build variant for
small RAM devices")
Like described in the ath10k-ct-smallbuffers version, oom-killer gets
triggered frequently by devices with small RAM.
That change is necessary for many community mesh networks which use
ath10k based devices with too little RAM. The -ct driver has been
proven unstable if used with 11s meshing and only wave2 chipsets are
supporting 11s. Freifunk Berlin is nowadays assembling its
firmware-based completely of vanilla OpenWRT with some package additions
which are made through the imagebuilder. Therefore we cannot take the
approach other freifunk communities have taken to maintain that patch
downstream [1]. Other communities consider these devices as broken and
that change would pretty much give those devices a second life [2].
[1] - 450b306e54
[2] - https://github.com/freifunk-gluon/gluon/issues/1988#issuecomment-619532909
Signed-off-by: Simon Polack <spolack+git@mailbox.org>
Signed-off-by: Nick Hainke <vincent@systemli.org>
The auto-ht option already kept HT and VHT support, but wasn't updated
to support HE (11ax).
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This device is based on NXP's QorIQ T2081QDS board, with a quad-core
dual-threaded 1.5 GHz ppc64 CPU and 4GB ECC RAM. The board has 5
ethernet interfaces, of which 3 are connected to the ethernet ports on
the front panel. The other 2 are internally connected to a Marvell
88E6171 switch; the other 5 ports of this switch are also connected to
the ethernet ports on the front panel.
Installation: write the sdcard image to an SD card. Stock U-Boot will
not boot, wait for it to fail then run these commands:
setenv OpenWrt_fdt image-watchguard-firebox-m300.dtb
setenv OpenWrt_kernel watchguard_firebox-m300-kernel.bin
setenv wgBootSysA 'setenv bootargs root=/dev/mmcblk0p2 rw rootdelay=2 console=$consoledev,$baudrate fsl_dpaa_fman.fsl_fm_max_frm=1530; ext2load mmc 0:1 $fdtaddr $OpenWrt_fdt; ext2load mmc 0:1 $loadaddr $OpenWrt_kernel; bootm $loadaddr - $fdtaddr'
saveenv
reset
The default U-Boot boot entry will now boot OpenWrt from the SD card.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
Add a new target named "qoriq", that will support boards using PowerPC
processors from NXP's QorIQ brand.
This doesn't actually add support for any board yet, so that
installation instructions can go in the commit message of the commit
that adds actual support for a board.
Using CONFIG_E6500_CPU here due to the kernel using -mcpu=powerpc64
rather than -mcpu=e5500 when selecting CONFIG_E5500_CPU. The only
difference between e5500 and e6500 is AltiVec support, and the kernel
checks for it at runtime. Musl will only check at runtime if AltiVec
support is disabled at compile-time, so we need to use e5500 in CPU_TYPE
to avoid SIGILL.
Math emulation (CONFIG_MATH_EMULATION_HW_UNIMPLEMENTED) is required, as
neither e5500 nor e6500 implement fsqrt nor fsqrts, and musl hardcodes
sqrt and sqrtf to use these ASM instructions on PowerPC64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Rui Salvaterra <rsalvaterra@gmail.com>
Backport an upstream patch to make libunwind build on ppc64, and add
powerpc64 to the dependencies.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
As of version 3.7, Nettle added PowerPC64 assembly for several
algorithms. Unfortunately, they cause build to fail due to ABI mismatch:
gcm-hash.o: ABI version 1 is not compatible with ABI version 2 output
Disable assembler when ppc64 and musl are used for now.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
Backport an upstream patch that adds support for ELFv2 ABI on big endian
ppc64. As musl only supports ELFv2 ABI on ppc64 regardless of
endianness, this is required to be able to build OpenSSL for ppc64be.
Modify our targets patch to add linux-powerpc64-openwrt, which will use
the linux64v2 perlasm scheme. This will probably break the combination
ppc64 with glibc, but as we really only want to support musl, this
shouldn't be a problem.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
Provide incoming BSS transition queries to ubus subscribers.
This allows external steering daemons to provide clients with
an optimal list of transition candidates.
This commit has no functional state in case no ubus subscriber is
present or it does not handle this ubus message.
To prevent hostapd from sending out a generic response by itself, a
subscribing daemon has to return a non-zero response code to hostapd.
Signed-off-by: David Bauer <mail@david-bauer.net>
Backport a patch to allow extending the ubus BSS-transition method
for specifying individual dialog tokens for BSS transition
management requests.
This is required for handling BSS transition queries in the future.
Signed-off-by: David Bauer <mail@david-bauer.net>
39b584b Revert "dhcpv6: add a minimum valid lifetime for IA_PD updates"
c9578e1 dhcpv6: add support for null IA_PD valid lifetime
ca43ea3 dhcpv6: add a minimum valid lifetime for IA_PD updates
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5ca5e0b netifd: allow disabling rule/rule6 config sections
8875960 interface-ip: add support for IPv6 prefix invalidation
e589c05 interface-ip: use metric when looking for a route
b54ffde main: fix hotplug script usage message
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This adds a new struct for storing statistics not (yet) tracked by
hostapd regarding RRM and WNM activity.
These statistics can be read using the get_status hostapd interface ubus
method.
Signed-off-by: David Bauer <mail@david-bauer.net>
Revert a commit to allow providing CFLAGS and LIBS from OpenWrt package
Makefile.
This downgrades the nl80211.h to kernel 5.15 and removes FILS_CRYPTO_OFFLOAD.
This is needed to make it compatible with our patched mac80211 from
kernel 5.15
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The following patches were backported from upstream before and are not
needed any more:
package/kernel/mac80211/patches/ath10k/081-ath10k-fix-module-load-regression-with-iram-recovery-feature.patch
package/kernel/mac80211/patches/ath10k/980-ath10k-fix-max-antenna-gain-unit.patch
package/kernel/mac80211/patches/build/010-headers-Add-devm_platform_get_and_ioremap_resource.patch
package/kernel/mac80211/patches/subsys/300-mac80211-drop-check-for-DONT_REORDER-in-__ieee80211_.patch
package/kernel/mac80211/patches/subsys/307-mac80211-do-not-access-the-IV-when-it-was-stripped.patch
package/kernel/mac80211/patches/subsys/308-mac80211-fix-radiotap-header-generation.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Just update PKG_VERSION/PKG_MIRROR_HASH since fman-ucode
of LSDK-21.08 had no changes.
Switched to AUTORELEASE for simplicity.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Update layerscape u-boot package to LSDK-21.08 and drop patches which
are no longer needed.
The new env variable 'fsl_bootcmd_mcinitcmd_set' is needed to protect
the configured bootcmd and mc_init values. See [1] for more
informations.
[1] b62c174e86
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
fdt* utils are needed by targets that use U-Boot FIT images for
sysupgrade. It includes all recent BCM4908 SoC routers as Broadcom
switched from CFE to U-Boot.
fdtget is required for extracting images (bootfs & rootfs) from
Broadcom's ITB. Extracted images can be then flashed to UBI volumes.
sysupgrade is core functionality so it needs dtc as part of base code
base.
Cc: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
update rtl8812au-ct driver to be ready for 5.15 Linux.
Signed-off-by: Janpieter Sollie <janpieter.sollie@edpnet.be>
[added commit message from PR with changes, added tag to subject]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The 'fils_dhcp' option can be set to '*' in order to autodetect the DHCP server
For proto=dhcp networks, the discovered dhcp server will be used
For all other networks, udhcpc is called to discover the address
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Among other things, this can be used to auto-configure the DHCP server
address for wireless APs using FILS, if the bridged interface is
configured to DHCP
Signed-off-by: Felix Fietkau <nbd@nbd.name>
By default CONFIG_BTRFS_FS_POSIX_ACL is disabled, it should be enabled
only when you enable CONFIG_FS_POSIX_ACL.
Right now, when you enable CONFIG_FS_POSIX_ACL it will enable
CONFIG_BTRFS_FS_POSIX_ACL, but it will be disabled once you install
kmod-btrfs. This should prevent it.
Btrfs has enabled by default ACL for mount option.
More details:
https://cateee.net/lkddb/web-lkddb/BTRFS_FS_POSIX_ACL.htmlhttps://btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5)
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
The following command checks if a instance of a service is running.
/etc/init.d/<service> running <instance>
In the variable `$@`, which is passed to the function
`service_running`, the first argument is always the `instance` which
should be checked. Because all other variables where removed from `$@`
with `shift`.
Before this change the first argument of `$@` was set to the `$service`
Variable. So the function does not work as expected. The `$service`
variable was always the instance which should be checked. This is not
what we want.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
71e08471ab56 mt76: eeprom: fix return code on corrected bit-flips
9a8fc6636d83 mt76: move sar_capa configuration in common code
7cdbea1dc82a mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr
678071ef7029 mt76: mt7615: clear mcu error interrupt status on mt7663
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This patch adds supports for the GL-B2200 router.
Specifications:
- SOC: Qualcomm IPQ4019 ARM Quad-Core
- RAM: 512 MiB
- Flash: 16 MiB NOR - SPI0
- EMMC: 8GB EMMC
- ETH: Qualcomm QCA8075
- WLAN1: Qualcomm Atheros QCA4019 2.4GHz 802.11b/g/n 2x2
- WLAN2: Qualcomm Atheros QCA4019 5GHz 802.11n/ac W2 2x2
- WLAN3: Qualcomm Atheros QCA9886 5GHz 802.11n/ac W2 2x2
- INPUT: Reset, WPS
- LED: Power, Internet
- UART1: On board pin header near to LED (3.3V, TX, RX, GND), 3.3V without pin - 115200 8N1
- UART2: On board with BLE module
- SPI1: On board socket for Zigbee module
Update firmware instructions:
Please update the firmware via U-Boot web UI (by default at 192.168.1.1, following instructions found at
https://docs.gl-inet.com/en/3/troubleshooting/debrick/).
Normal sysupgrade, either via CLI or LuCI, is not possible from stock firmware.
Please do use the *gl-b2200-squashfs-emmc.img file, gunzipping the produced *gl-b2200-squashfs-emmc.img.gz one first.
What's working:
- WiFi 2G, 5G
- WPA2/WPA3
Not tested:
- Bluetooth LE/Zigbee
Credits goes to the original authors of this patch.
V1->V2:
- updates *arm-boot-add-dts-files.patch correctly (sorry, my mistake)
- add uboot-envtools support
V2->V3:
- Li Zhang updated official patch to fix wrong MAC address on wlan0 (PCI) interface
V3->V4:
- wire up sysupgrade
Signed-off-by: Li Zhang <li.zhang@gl-inet.com>
[fix tab and trailing space, document what's working and what's not]
Signed-off-by: TruongSinh Tran-Nguyen <i@truongsinh.pro>
[rebase on top of master, address remaining comments]
Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
[remove redundant check in platform.sh]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
