Commit Graph

41661 Commits

Author SHA1 Message Date
Bjørn Mork
5f23d0f3db include/feeds.mk: fix distfeeds.conf without per-feed repos
commit 514a4b3e1b ("include/feeds.mk: rework generation of opkg
distfeeds.conf") made the per-feed "base" repo unconditional, making
the default configuration fail when PER_FEED_REPO is disabled:

 root@wrt1900ac-1:~# cat /etc/opkg/distfeeds.conf
 src/gz openwrt_core http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages
 src/gz openwrt_base http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base
 root@wrt1900ac-1:~# opkg update
 Downloading http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages/Packages.gz
 Updated list of available packages in /var/opkg-lists/openwrt_core
 Downloading http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages/Packages.sig
 Signature check passed.
 Downloading http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz
 *** Failed to download the package list from http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz

 Collected errors:
  * opkg_download: Failed to download http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz, wget returned 8.

Cc: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: 514a4b3e1b ("include/feeds.mk: rework generation of opkg distfeeds.conf")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
[whitespace/indentation fix]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c72f3b5e2b)
2018-07-31 14:06:07 +02:00
Rafał Miłecki
5828113986 bcm53xx: backport BCM5301X/BCM53573 dts commits from 4.19+
This includes Linksys EA9500 support, BCM53573 timer fix and
upstream-ready partitions patch that replaces two downstream hacks.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a07730472c)
2018-07-31 10:14:48 +02:00
Rafał Miłecki
f7e647ca7b bcm53xx: switch USB 3.0 PHY DT description to use MDIO bus
USB 3.0 PHY is attached to the MDIO bus and should be supported
(accessed) as a MDIO device. This wasn't known initially which resulted
in writing driver that was working with MDIO bus (using some magic
values) without knowing it.

This commit updates DT to properly describe MDIO & USB 3.0 PHY and
enables required kernel drivers.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8a175ea219)
2018-07-31 10:14:47 +02:00
Rafał Miłecki
9c110b97c6 bcm53xx: backport DT fix for I2C controller interrupt
Specified interrupt type was incorrect.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 5c8b8a3fd4)
2018-07-31 10:14:47 +02:00
Rafał Miłecki
b5b5f5dfa6 kernel: backport mtd support for subpartitions in DT
This is a new & warm feature that allows nesting partiitons in DT and
mixing their types (e.g. static vs. dynamic). It's very useful for
boards that have most partitions static but some of them require extra
parsing (e.g. a "firmware" partition).

It's required to successfully backport support for new devices using
that new syntax in their DT files.

Since brcm63xx has a custom alternative patch the upstream one is being
reverted for it. The plan is to make brcm63xx use the upstream
implementation.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 2a598bbaa3)
2018-07-31 10:14:47 +02:00
Rafał Miłecki
f8e57f450d kernel: backport mtd patches with Broadcom of_match_table-s
Two tiny & trivial patches with no regression risk. One simplifies
bcm53xx downstream patch.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 6bcafea2c0)
2018-07-31 10:14:46 +02:00
Axel Neumann
f7668334a8 Re-enable arbitrary IPv6 addresses as outer ip4-in-ip6 tunnel source address
The 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch kernel patches
break the possibility for using an ip4ip6 tunnel interface as a fall
back interface accepting ip4-in-ip6 tunneled packets from any remote
address. This works out of the box with any normal (non-666-patched)
kernel and can be configured by setting up an 'ip -6 tunnel' with type
'any' or 'ip4ip6' and a remote address of '::'.

The misbehavior comes with line 290 the patch which discards all packets
that do not show the expected saddr, even if no single fmr rule was
defined and despite the validity of the saddr was already approved earlier.

Signed-off-by: Axel Neumann <neumann@cgws.de>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from 65c05301c2)
2018-07-31 06:32:15 +02:00
Daniel Golle
d700eb187b kernel: remove duplicate #define's in at803x Ethernet PHY driver
AT803X_REG_CHIP_CONFIG and AT803X_BT_BX_REG_SEL have been defined
upstream by commit f62265b53ef3 ("at803x: double check SGMII side autoneg")
An existing local patch then added those exact same defines again which
isn't necessary, so remove them.

Fixes: f791fb4af4 ("kernel: add linux 4.9 support")
Fixes: b3f95490b9 ("kernel: generic: Add kernel 4.14 support")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 67fcff6aaf)
2018-07-31 05:42:35 +02:00
Daniel Golle
20c64dabb6 kernel: re-add patch for AT8032 Ethernet PHY
The patch was wrongly removed by a kernel version bump to 4.9.106 in
the believe that it was merged upstream thow it wasn't. This lead to
unrecoverable link losses on devices which use those PHYs such as
many ubnt single-port CPEs.

Fixes: 6f8eb1b50f ("kernel: bump 4.9 to 4.9.106 for 18.06")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit a497e47762)
2018-07-31 05:39:49 +02:00
Christian Schoenebeck
93782d5e8e ca-certificates[18.06]]: remove myself as PKG_MAINTAINER
remove myself as PKG_MAINTAINER

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2018-07-31 00:01:56 +02:00
Jo-Philipp Wich
ce234299bc OpenWrt v18.06.0: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-30 18:30:59 +02:00
Jo-Philipp Wich
03b693064b OpenWrt v18.06.0: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-30 18:30:59 +02:00
Jo-Philipp Wich
b0b5c64c22 Revert "ar71xx: define switch for rb-952ui-5ac2nd"
This reverts commit 3442ec5d57.

The device behaviour is reportedly erratic so let's not take chances and
leave this out for now.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-30 18:25:17 +02:00
Thibaut VARÈNE
3442ec5d57 ar71xx: define switch for rb-952ui-5ac2nd
QCA9533 built-in switch can be configured

Tested-by: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit 0e43c31ebde996ca88f5857bb7e6c4cbf3f65756)
2018-07-30 18:14:17 +02:00
Paul Spooren
f4798d37f1 imagebuilder: add function to show manifest
Tested with 18.06.0-rc2/ar71xx/generic/tl-wdr4300-v1, image & list

This PR is based on the work of @fewckert[1] with slight improvements.

Add function `manifest` to show the manifest of the produced image,
before actually building it. The manifest contains an orderd list of
package name and version.

This is usefull to check package dependencies but also determine a
unique and reproducible image name before building the package. The
sysupgrade server[2] builds images on request with individual package
selection. To distignish between created images which contain differnt
packages, the EXTRA_IMAGE_NAME is set to a shortend hash of the
manifest's content. So far the image was renamed afterwards as the
manifests content was unknown, however this corrupts the signed
sha256sums. This patch allows a clean solution as to dtermine the
manifest in advance and set the EXTRA_IMAGE_NAME accordingly.

[1]: https://github.com/lede-project/source/pull/1591
[2]: https://github.com/aparcar/attendedsysupgrade-server

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry-picked from commit 869b0d11db)
2018-07-30 16:33:57 +02:00
张鹏
a3dd6c939d ar71xx:add support for E750G v8
Qxwlan E750G v8 is based on Qualcomm QCA9344.

Specification:

 - 560/450/225 MHz (CPU/DDR/AHB)
 - 128 MB of RAM (DDR2)
 - 8/16 MB of FLASH (SPI NOR)
 - 2T2R 2.4G GHz (AR9344)
 - 2x 10/100 Mbps Ethernet (PoE support)
 - 2x 10/100/1000 Mbps Ethernet
 - 7x LED (6 driven by GPIO)
 - 1x button (reset)
 - 1x DC jack for main power input (9-48 V)
 - UART (J23) and LEDs (J2) headers on PCB

Flash instruction (using U-Boot CLI and tftp server):

 - Configure PC with static IP 192.168.1.10 and tftp server.
 - Rename "sysupgrade" filename to "firmware.bin" and place it in tftp
   server directory.
 - Connect PC with one of RJ45 ports, power up the board and press
   "enter" key to access U-Boot CLI.
 - Use the following command to update the device to OpenWrt: "run lfw".

Flash instruction (using U-Boot web-based recovery):

 - Configure PC with static IP 192.168.1.xxx(2-254)/24.
 - Connect PC with one of RJ45 ports, press the reset button, power up
   the board and keep button pressed for around 6-7 seconds, until LEDs
   start flashing.
 - Open your browser and enter 192.168.1.1, select "sysupgrade" image
   and click the upgrade button.

Signed-off-by: 张鹏 <sd20@qxwlan.com>
(cherry picked from commit 53a4502013)
2018-07-30 14:02:41 +02:00
张鹏
11a5128b98 ar71xx:add support for E750A v4
Qxwlan E750A v4 is based on Qualcomm QCA9344.

Specification:

 - 560/450/225 MHz (CPU/DDR/AHB)
 - 128 MB of RAM (DDR2)
 - 8/16 MB of FLASH (SPI NOR)
 - 2T2R 5G GHz (AR9344)
 - 2x 10/100 Mbps Ethernet (one port with PoE support)
 - 1x miniPCIe slot (USB 2.0 bus only)
 - 7x LED (6 driven by GPIO)
 - 1x button (reset)
 - 1x DC jack for main power input (9-48 V)
 - UART (J23) and LEDs (J2) headers on PCB

Flash instruction (using U-Boot CLI and tftp server):

 - Configure PC with static IP 192.168.1.10 and tftp server.
 - Rename "sysupgrade" filename to "firmware.bin" and place it in tftp
   server directory.
 - Connect PC with one of RJ45 ports, power up the board and press
   "enter" key to access U-Boot CLI.
 - Use the following command to update the device to OpenWrt: "run lfw".

Flash instruction (using U-Boot web-based recovery):

 - Configure PC with static IP 192.168.1.xxx(2-254)/24.
 - Connect PC with one of RJ45 ports, press the reset button, power up
   the board and keep button pressed for around 6-7 seconds, until LEDs
   start flashing.
 - Open your browser and enter 192.168.1.1, select "sysupgrade" image
   and click the upgrade button.

Signed-off-by: 张鹏 <sd20@qxwlan.com>
(cherry picked from commit ac03d51a3f)
2018-07-30 14:02:40 +02:00
张鹏
21ad5fb1ea ar71xx:add support for E558 v2
Qxwlan E558 v2 is based on Qualcomm QCA9558 + AR8327.

Specification:

 - 720/600/200 MHz (CPU/DDR/AHB)
 - 128 MB of RAM (DDR2)
 - 8/16 MB of FLASH (SPI NOR)
 - 2T2R 2.4 GHz (QCA9558)
 - 3x 10/100/1000 Mbps Ethernet (one port with PoE support)
 - 4x miniPCIe slot (USB 2.0 bus only)
 - 1x microSIM slot
 - 5x LED (4 driven by GPIO)
 - 1x button (reset)
 - 1x 3-pos switch
 - 1x DC jack for main power input (9-48 V)
 - UART (JP5) and LEDs (J8) headers on PCB

Flash instruction (using U-Boot CLI and tftp server):

 - Configure PC with static IP 192.168.1.10 and tftp server.
 - Rename "sysupgrade" filename to "firmware.bin" and place it in tftp
   server directory.
 - Connect PC with one of RJ45 ports, power up the board and press
   "enter" key to access U-Boot CLI.
 - Use the following command to update the device to OpenWrt: "run lfw".

Flash instruction (using U-Boot web-based recovery):

 - Configure PC with static IP 192.168.1.xxx(2-254)/24.
 - Connect PC with one of RJ45 ports, press the reset button, power up
   the board and keep button pressed for around 6-7 seconds, until LEDs
   start flashing.
 - Open your browser and enter 192.168.1.1, select "sysupgrade" image
   and click the upgrade button.

Signed-off-by: 张鹏 <sd20@qxwlan.com>
(cherry picked from commit b74f63f81d)
2018-07-30 14:02:40 +02:00
Christian Lamparter
4dc0ff8183 brcm2708: split sdcard.img.gz into a sysupgrade and factory image
@vahid-dan reported a issue with extracting the rpi images with
Gnome's Archive Manager:
"Ubuntu Archive Manager cannot extract the file and it just
throws a general error message: "An error occurred while
extracting files".
<https://forum.lede-project.org/t/corrupted-pre-built-v18-06-0-rc2-image-for-rpi>

@blogic told me to split the single sdcard.img.gz for the RPi
into a sysupgrade and a factory image for all brcm2708 targets.
The factory images will have no metadata attached, this way
these utilities that can't deal with the attached metadata will
not fail for no reason.

Cc: John Crispin <john@phrozen.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7516a96011)
2018-07-30 14:00:59 +02:00
Jo-Philipp Wich
f24e012997 base-files: network.sh: gracefully handle missing network.interface ubus ns
When attempting to use any of the functions in network.sh while netifd is
not started yet, the ubus interface dump query will fail with "Not found",
yielding an empty response.

Subsequently, jsonfilter is invoked with an empty string instead of a valid
JSON document, causing it to emit a second "unexpected end of data" error.

This caused the dnsmasq init script to log the following errors during
early boot on some systems:

    procd: /etc/rc.d/S19dnsmasq: Command failed: Not found.
    procd: /etc/rc.d/S19dnsmasq: Failed to parse json data: unexpected end of data.

Fix the issue by allowing the ubus query to fail with "Not found" but still
logging other failures, and by passing an empty JSON object to jsonfilter
if the interface status cache is empty.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-30 13:19:19 +02:00
Nick Hainke
d4a4f06589 iwinfo: update to version 2018-07-24
Update to new iwinfo version.
Adds support for channel survey.
Adds ubus support.
Etc.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 296ae7ab89)
2018-07-30 11:21:25 +02:00
John Crispin
4a39d8cfd0 iwinfo: bump to latest git HEAD
e59f925 hardware: add device ids for QCA9984, 88W8887 and 88W8964 radios
2a82f87 nl80211: back out early when receiving FAIL-BUSY reply
77c32f0 nl80211: fix code calculating average signal and rate

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 20b76c0a5b)
2018-07-30 11:21:24 +02:00
Thibaut VARÈNE
cb73dd21a3 ar71xx: rbspi: fix RB wAP AC gpio conflict and LED
e15c63a375 introduced code that was trying
to register GPIO 1 as both an LED and a button. The OEM source makes it
clear that LED1 is not wired to the SoC GPIOs. GPIO 1 is the reset button.

Furthermore the (green) power led default state should also be defined,
(matching OEM source), and it should be used by diag.sh since it's
currently the only software-controllable LED.

This patch fixes these issues and renames the corresponding #defines for
clarity

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit e99f760235)
2018-07-30 11:12:41 +02:00
Thibaut VARÈNE
bb06f6d3ba ar71xx: add missing diag LED support for RB wAP 2nD
3b15eb06c3 did not include diag.sh
edit

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit 5c2419b6f8)
2018-07-30 11:12:41 +02:00
Jo-Philipp Wich
c8e8ff1c9f brcm47xx: rework model detection
On brcm47xx boards, the model ID is the combination of the "boardtype" nvram
variable and an optional supplemental "boardnum" variable while the human
readable model name is usually exposed in the "machine" field of the
/proc/cpuinfo file.

Move the extraction of the board nvram variables and model name string into
the 01_sysinfo file and rework the 01_detect board configuration script to
solely use the prepared sysinfo values without performing own detection
logic.

As a consequence, we can drop the ucidef_set_board_id() and
ucidef_set_model_name() invocations in favor to the generic behaviour
which copies the /tmp/sysinfo/{board_name,model} values into the board.json
"id" and "name" fields respectively.

Since "01_detect" only contains network configuration logic after this
change, move it to "01_network" and rename the contained "detect_by_xxx"
functions to "configure_by_xxx" instead, to avoid potential confusion.

Fixes FS#1576
Acked-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

(cherry picked from commit d7d10f2c1e)
2018-07-30 11:11:21 +02:00
Rafał Miłecki
ca0c649a38 bcm53xx: revert SPI controller commit breaking flash reads
That upstream commit caused instability in flash reads. It was reported
but there isn't any proper fix as for now.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 0417b08b06)
2018-07-29 11:10:03 +02:00
Kevin Darbyshire-Bryant
cf5a892430 dnsmasq: bump to dnsmasq v2.80test3
Refresh patches

Upstream commits since last bump:

3b6eb19 Log DNSSEC trust anchors at startup.
f3e5787 Trivial comment change.
c851c69 Log failure to confirm an address in DHCPv6.
a3bd7e7 Fix missing fatal errors when parsing some command-line/config options.
ab5ceaf Document the --help option in the french manual
1f2f69d Fix recurrent minor spelling mistake in french manual
f361b39 Fix some mistakes in french translation of the manual
eb1fe15 When replacing cache entries, preserve CNAMES which target them.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 1e93ef8498)
2018-07-28 11:23:58 +01:00
Hans Dedecker
bf1b0fad2b dnsmasq: don't use network functions at boottime (FS#1542)
As dnsmasq is started earlier than netifd usage of network.sh functions
at boottime will fail; therefore don't call at boottime the functions
which construct the dhcp pool/relay info.
As interface triggers are installed the dhcp pool/relay info will be
constructed when the interface gets reported as up by netifd.
At the same time also register interface triggers based on DHCP relay
config.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 2336b942b3)
2018-07-28 11:23:57 +01:00
Kevin Darbyshire-Bryant
cb9d5f0a7c dnsmasq: bump to latest patches on 2.80rc2
Refresh patches and backport upstream to current HEAD:

a997ca0 Fix sometimes missing DNSSEC RRs when DNSSEC validation not enabled.
51e4eee Fix address-dependent domains for IPv6.
05ff659 Fix stupid infinite loop introduced by preceding commit.
db0f488 Handle some corner cases in RA contructed interfaces with addresses changing interface.
7dcca6c Warn about the impact of cache-size on performance.
090856c Allow zone transfer in authoritative mode whenever auth-peer is specified.
cc5cc8f Sane error message when pcap file header is wrong.
c488b68 Handle standard and contructed dhcp-ranges on the same interface.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit fbf475403b)
2018-07-28 11:23:57 +01:00
Rafał Miłecki
962e86d9af brcm47xx: revert upstream commit breaking BCM4718A1
This fixes kernel hang when booting on BCM4718A1 (& probably BCM4717A1).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4c1aa64b4d)
2018-07-27 16:00:31 +02:00
Rafał Miłecki
29aab93ea2 mac80211: backport brcmfmac fixes & debugging helpers from 4.18
The most important is probably regression fix in handling platform
NVRAM. That bug stopped hardware from being properly calibrated breaking
e.g. 5 GHz for Netgear R8000.

Other than that it triggers memory dumps when experiencing firmware
problems which is important for debugging purposes.

Fixes: 2811c97803 ("mac80211: backport brcmfmac firmware & clm_blob loading rework")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b26214adb5)
2018-07-27 08:14:13 +02:00
Jo-Philipp Wich
4e7f4777b0 odhcpd: update to latest git HEAD
Changes:

  81a281e dhcpv6-ia: fix border assignment size setting
  a2ffc59 dhcpv6-ia: fix status code for not on link IAs
  5b087a6 dhcpv6-ia: improve error checking in assign_pd()
  c9114a1 config: fix wrong assignment
  bb8470f dhcpv4: delay forced renew transaction start
  62a1b09 dhcpv4: fix DHCP address space logic
  d5726ff dhcpv4: improve logging when sending DHCP messages
  9484351 odhcpd: call handle_error when socket error can be retrieved
  c45e2eb dhcpv6: fix out of bounds write in handle_nested_message()
  c2ff5af dhcpv6-ia: log renew messages as well
  676eb38 router: fix possible segfault in send_router_advert()
  392701f odhcpd: fix passing possible negative parameter
  029123b treewide: switch to C-code style comments
  6b79748 router: improve error checking
  12e21bc netlink: fix incorrect sizeof argument
  d7aa414 dhcpv6: improve error checking in dhcpv6_setup_interface()
  373495a ubus: fix invalid ipv6-prefix json
  79d5e6f ndp: improve error checking
  d834ae3 dhcpv4: fix error checking in dhcpv4_setup_interface()
  f2aa383 dhcpv4: fix out of bound access in dhcpv4_put
  4591b36 dhcpv4: improve error checking in dhcpv4_setup_interface()
  4983ee5 odhcpd: fix strncpy bounds
  c0f6390 odhcpd: Check if open the ioctl socket failed
  345bba0 dhcpv4: improve error checking in handle_dhcpv4()
  44cce31 ubus: avoid dumping interface state with NULL message

Cherry picked and squashed from commits:

  b7ef10cbf0 odhcpd: update to latest git HEAD
  98a6bee09a odhcpd: update to latest git HEAD
  88c88823d5 odhcpd: update to latest git HEAD

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-26 18:55:32 +02:00
Jo-Philipp Wich
da0dd6adc2 ubus: update to latest git HEAD
40e0931 libubus: pass an empty UBUS_ATTR_DATA block if msg is NULL on invoke

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 7316515891)
2018-07-26 18:37:18 +02:00
Hans Dedecker
3f0d44b8de firewall: update to latest git HEAD and build with LTO
Reduces .ipk size on MIPS from 41.6k to 41.1k

Changes:

  30463d0 zones: add interface/subnet bound LOG rules
  0e77bf2 options: treat time strings as UTC times
  d2bbeb7 firewall3: make reject types selectable by user
  aa8846b ubus: avoid dumping interface state with NULL message

Cherry picked and squashed from commits:

  a3f2451fba firewall: update to latest git HEAD
  433d71e73e fw3: update to latest git HEAD
  ef96d1e34a firewall: compile with LTO enabled
  1e83f775a3 firewall3: update to latest git HEAD
  3ee2c76ae0 firewall: update to latest git HEAD

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-26 08:49:52 +02:00
John Crispin
69021e9b89 ubus: update to latest git HEAD
884be45 libubus: check for non-NULL data before running callbacks

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit a5c3bbaf56)
2018-07-25 13:03:58 +02:00
John Crispin
6302f0161b libubox: update to latest git HEAD
c83a84a fix segfault when passed blobmsg attr is NULL

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 5dc32620c4)
2018-07-25 13:03:55 +02:00
Aleksandr V. Piskunov
f91a0f3b1a wireguard-tools: add wireguard_watchdog script
This watchdog script tries to re-resolve hostnames for inactive WireGuard peers.
Use it for peers with a frequently changing dynamic IP.
persistent_keepalive must be set, recommended value is 25 seconds.
Run this script from cron every minute:
echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root

Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
[bump the package release]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 20c4819c7b)
2018-07-25 11:23:35 +01:00
Jason A. Donenfeld
f1dbfa1937 wireguard: bump to 0.0.20180718
80b41cd version: bump snapshot
fe5f0f6 recieve: disable NAPI busy polling
e863f40 device: destroy workqueue before freeing queue
81a2e7e wg-quick: allow link local default gateway
95951af receive: use gro call instead of plain call
d9501f1 receive: account for zero or negative budget
e80799b tools: only error on wg show if all interfaces failk

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[Added commit log to commit description]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 57b808ec88)
2018-07-25 11:23:35 +01:00
Jason A. Donenfeld
ff91b32d26 wireguard: bump to 0.0.20180708
* device: print daddr not saddr in missing peer error
* receive: style

Debug messages now make sense again.

* wg-quick: android: support excluding applications

Android now supports excluding certain apps (uids) from the tunnel.

* selftest: ratelimiter: improve chance of success via retry
* qemu: bump default kernel version
* qemu: decide debug kernel based on KERNEL_VERSION

Some improvements to our testing infrastructure.

* receive: use NAPI on the receive path

This is a big change that should both improve preemption latency (by not
disabling it unconditionally) and vastly improve rx performance on most
systems by using NAPI. The main purpose of this snapshot is to test out this
technique.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 4630159294)
2018-07-25 11:23:34 +01:00
Jo-Philipp Wich
b84a1c56f3 build: do not alter global default package selection from profiles
This partly reverts ca32373c95 which lets
profiles that suppress packages to alter the package selection for all
devices of the target when building with CONFIG_TARGET_PER_DEVICE_ROOTFS.

In particular, this caused the brcm47xx Edimax PS-1208MFG profile to
disable mtd, dropbear, firewall and other essential packages for all
brcm47xx/generic builds.

To solve this problem, prevent profiles from mangling the global
DEFAULT_PACKAGES selection and restrict the supression of negated
packages to the local PACKAGE variable list only.

Fixes ca32373c95 ("target.mk: let profile remove from DEFAULT_PACKAGES")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

(cherry picked from commit 69ea512c62)
2018-07-21 20:53:43 +02:00
Tim Small
90b15b00a2 WDR4900v1 remove dt node for absent hw crypto.
The WDR4900v1 uses the P1040 SoC, so the device tree pulls in the
definition for the related P1010 SoC.  However, the P1040 lacks the
CAAM/SEC4 hardware crypto accelerator which the P1010 device tree
defines.  If left defined, this causes the CAAM drivers (if present) to
attempt to use the non-existent device, making various crypto-related
operations (e.g. macsec and ipsec) fail.

This commit overrides the incorrect dt node definition in the included
file.

See also:
 - https://bugs.openwrt.org/index.php?do=details&task_id=1262
 - https://community.nxp.com/thread/338432#comment-474107

Signed-off-by: Tim Small <tim@seoss.co.uk>
(cherry picked from commit e97aaf483c)
2018-07-21 18:38:18 +02:00
Kevin Darbyshire-Bryant
a80276235a iproute2: tc: backport canonical cake support
iproute2's tc was updated to support the recently upstreamed cake qdisc.
Backport this canonical support from upstream into iproute2 v4.16

There is no kernel kmod/userspace tc ABI change in this release from the
previous package bump, so everyone can breath a sigh of relief.

This is largely a code style change, the exception to prove the rule:
option 'autorate_ingress' has been changed to 'autorate-ingress' to fit
in with upstream option naming expectations.

No openwrt package (e.g. sqm-scripts) has knowledge of
'autorate_ingress' thus only users who made their own scripts or used
it within the 'dangerous configuration' options of sqm-scripts will be
affected.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-21 09:08:45 +01:00
Felix Fietkau
5b12057d7c build: fix compile error when a package includes itself in PROVIDES
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 7c306ae640)
2018-07-20 15:37:17 +02:00
Christian Lamparter
8a0ad2660a apm821xx: fix sata access freezes
The original vendor's driver programmed the dma controller's
AHB HPROT values to enable bufferable, privileged mode. This
along with the "same priorty for both channels" fixes the
freezes according to @takimata, @And.short, that have been
reported on the forum by @ticerex.

Furtheremore, @takimata reported that the patch also improved
the performance of the HDDs considerably:
|<https://forum.lede-project.org/t/wd-mybook-live-duo-two-disks/16195/55>
|It seems your patch unleashed the full power of the SATA port.
|Where I was previously hitting a really hard limit at around
|82 MB/s for reading and 27 MB/s for writing, I am now getting this:
|
|root@OpenWrt:/mnt# time dd if=/dev/zero of=tempfile bs=1M count=1024
|1024+0 records in
|1024+0 records out
|real    0m 13.65s
|user    0m 0.01s
|sys     0m 11.89s
|
|root@OpenWrt:/mnt# time dd if=tempfile of=/dev/null bs=1M count=1024
|1024+0 records in
|1024+0 records out
|real    0m 8.41s
|user    0m 0.01s
|sys     0m 4.70s
|
|This means: 121 MB/s reading and 75 MB/s writing!
|
|[...]
|
|The drive is a WD Green WD10EARX taken from an older MBL Single.
|I repeated the test a few times with even larger files to rule out
|any caching, I'm still seeing the same great performance. OpenWrt is
|now completely on par with the original MBL firmware's performance.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-07-19 18:54:40 +02:00
Luiz Angelo Daros de Luca
a297324a13 base-files: fix wrong sysctl parameter order
Restarting service sysctl echos multiple errors like:

  sysctl: -e: No such file or directory

After the first filename, all remaining arguments are treated
as files.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-07-18 19:20:07 +02:00
Kevin Darbyshire-Bryant
1e48546a6a igmpproxy: run in foreground for procd
procd needs processes to stay in foreground to remain under its gaze and
control.  Failure to do so means service stop commands fail to actually
stop the process (procd doesn't think it's running 'cos the process has
exited already as part of its forking routing)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 9d5a246930)
2018-07-18 18:06:15 +01:00
Jo-Philipp Wich
f8cc68670f mediatek: fix parallel build issues in image build code
Drop the parallel-unsafe custom Build/dtb macro and use the .dtb artifacts
produced by the generic image build code.

Also remove unused .dtb references in the mt7623 subtarget.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 8194f9ef4a)
2018-07-17 14:45:33 +02:00
Rafał Miłecki
1086408b17 mtd: improve check for TRX header being already fixed
First of all lengths should be compared after checking all blocks for
being good/bad. It's because requested length may differ from a final
one if there were some bad blocks.

Secondly it makes sense to also compare crc32 since we already have a
new one calculated.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 82498a7f7a)
2018-07-16 23:18:45 +02:00
Rafał Miłecki
5dca299fab mtd: support bad blocks within the mtd_fixtrx()
Reading MTD data with (p)read doesn't return any error when accessing
bad block. As the result, with current code, CRC32 covers "data" stored
in bad blocks.

That behavior doesn't match CFE's one (bootloader simply skips bad
blocks) and may result in:
1) Invalid CRC32
2) CFE refusing to boot firmware with a following error:
Boot program checksum is invalid

Fix that problem by checking every block before reading its content.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 0f54489f75)
2018-07-16 23:18:45 +02:00
Kevin Darbyshire-Bryant
5889cf70e9 kmod-sched-cake: bump to 20180716
Bump to the latest cake recipe.

This backports tc class support to kernel 4.9 and other than conditional
kernel compilation pre-processor macros represents the cake that has
gone upstream into kernel 4.19.  Loud cheer!

Fun may be had by changing cake tin classification for packets on
ingress. e.g.

tc filter add dev ifb4eth0 parent 800b: protocol ip u32 match \
ip dport 6981 0xffff action skbedit priority 800b:1

Where 800b: represents the filter handle for the ifb obtained by 'tc
qdisc' and the 1 from 800b:1 represents the cake tin number.  So the
above example puts all incoming packets destined for port 6981 into the
BULK (lowest priority) tin.

f39ab9a Obey tin_order for tc filter classifiers
1e2473f Clean up after latest backport.
82531d0 Reorder includes to fix out of tree compilation
52cbc00 Code style cleanup
6cdb496 Fix argument order for NL_SET_ERR_MSG_ATTR()
cab17b6 Remove duplicate call to qdisc_watchdog_init()
71c7991 Merge branch 'backport-classful'
32aa7fb Fix compilation on Linux 4.9
9f8fe7a Fix compilation on Linux 4.14
ceab7a3 Rework filter classification
aad5436 Fixed version of class stats
be1c549 Add cake-specific class stats
483399d Use tin_order for class dumps
80dc129 Add class dumping
0c8e6c1 Fix dropping when using filters
c220493 Add the minimum class ops
5ed54d2 Start implementing tc filter/class support

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit c729c43b39)
2018-07-16 13:57:31 +01:00