Because these capability advertisements default to on in lldpd, they
became absent at reload, and not restart, due to how the reload logic
works ( keep daemon running, send unconfigured and then the new config
via socket ), and it was not evident unless you happened to be looking
for it (e.g. via pcap or tcpdump). It was also not evident from the
manpage ( have now sent patches upstream ).
At reload time, the unconfigure logic disabled them unless they were
explicitly enabled (compare with other settings where 'unconfigure' just
resets them). Now they default to on/enabled at init time, and are
explicitly 'unconfigure'd at startup if the user disables them via:
lldp_mgmt_addr_advertisements=0
lldp_capability_advertisements=0
In other words: explicit is necessary to disable the advertisements.
The same applies to 'configure system capabilities enabled'. Technically
'unconfigure'd is the default but now it is explicit at reload.
Tested on: 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Building perf's intel-pt-decoder fails on both PPC32 and PPC64:
/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-13.2.0_musl/lib/gcc/powerpc64-openwrt-linux-musl/13.2.0/../../../../powerpc64-openwrt-linux-musl/bin/ld.bfd:
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-powerpc64_e5500_musl/linux-qoriq_generic/linux-6.1.86/tools/
perf-target-powerpc64_e5500_musl/perf-in.o: in function `insn_set_byte':
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-powerpc64_e5500_musl/linux-qoriq_generic/linux-6.1.86/tools/perf/util/intel-pt-decoder/../../../arch/x86/include/asm/insn.h:64:
undefined reference to `__le32_to_cpu'
Add NO_AUXTRACE=1 to MAKE_FLAGS for LINUX_KARCH powerpc, which disables
build of intel-pt-decoder on both PPC32 and PPC64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
fab9e29f6b92 ipq6018: update regdb in TPLink EAP610-Outdoor BDF
6d02b65fadf3 ipq8074: update RegDB in new submitted BDF
644ba9ea2e66 ipq6018: update RegDB in new submitted BDF
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
uboot-envtools is currently missing config for Edgerouter-X
and its not immediately obvious what settings to manually
apply.
Provide default configuration for envtools on Edgerouter-X.
Signed-off-by: Tim Lunn <tim@feathertop.org>
This adds a kernel module package for the Marvell
MV88E6XXX DSA switch and a separate module package for
the DSA tagger since it can in theory be used by multiple
DSA switches. Enable both DSA and EDSA tags in the
tagger.
We can't just compile this in because just a few devices
has this DSA, and it depends on e.g. the I2C and SFP
to be loaded as modules first.
We have no examples of DSA switches being packaged as
modules before, all seem to be compiled in, but it
actually works just fine to do this.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
This fixes multiple security problems:
* [High] CVE-2024-0901 Potential denial of service and out of bounds
read. Affects TLS 1.3 on the server side when accepting a connection
from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
it is recommended to update the version of wolfSSL used.
* [Med] CVE-2024-1545 Fault Injection vulnerability in
RsaPrivateDecryption function that potentially allows an attacker
that has access to the same system with a victims process to perform
a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
Zhang, Qingni Shen for the report (Peking University, The University
of Western Australia)."
* [Med] Fault injection attack with EdDSA signature operations. This
affects ed25519 sign operations where the system could be susceptible
to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
Qingni Shen for the report (Peking University, The University of
Western Australia).
Size increased a little:
wolfssl 5.6.6:
516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
wolfssl: 5.7.0:
519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This contains a fix for:
CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x
before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto
API mishandles shared memory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The Upstream Linux community has discontinued support for the target.
Maintaining support for it downstream would require too much effort.
Moreover, it seems that the supported hardware is no longer deemed worthy
of it.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add new functions for ath11k caldata:
- ath11k_patch_mac (from 0 to 5)
- ath11k_remove_regdomain
- ath11k_set_macflag (some pre-caldata have the nvMacFlag flag unset which is needed to change the MAC address)
Additionaly for ath10k caldata:
- ath10k_remove_regdomain
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
This update contains a minor fix to resolve "detected write beyond size
of field" warning during compilation:
* "replace [0] with []" (1d0d08c)
All patches still apply.
References:
* https://github.com/openwrt/openwrt/issues/15108
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
Spectrum SAX1V1K is a AX WIFI router with 3 1G and 1 2.5G ports.
The router is provided to Spectrum customers.
It is OEM of Askey RT5010W
https://forum.openwrt.org/t/spectrum-sax1v1k-askey-rt5010w-openwrt-support/149923
It continues the original work by @MeisterLone to get this device supported.
Specifications:
```
• CPU: Qualcomm IPQ8072A Quad core Cortex-A53 2.2GHz
• RAM: 2048MB of DDR3
• Storage: 1024MB eMMC
• Ethernet: 3x 1G RJ45 ports (QCA8075) + 1 2.5G Port (QCA8081)
• WLAN:
• 2.4GHz: Qualcomm QCN5024 4x4 802.11b/g/n/ax 1174 Mbps PHY rate
• 5GHz: Qualcomm QCN5054 4x4 802.11a/b/g/n/ac/ax 2402 PHY rate
• LED: 1 gpio-controlled dual color led (blue/red)
• Buttons: 1x reset
• Power: 12V DC jack
```
Notes:
```
• This commit adds only single partition support, that means
sysupgrade is upgrading the current rootfs partition.
• Installation can be done by serial connection only.
• A poulated serial header is onboard
https://forum.openwrt.org/t/spectrum-sax1v1k-askey-rt5010w-openwrt-support/149923/6
• RX/TX is working, u-boot bootwait is active, secure boot is enabled.
```
Installation Instructions:
**Most part of the installation is performed from an initramfs image.**
Boot initramfs : Using serial connection
1. Boot up the device and wait till it displays "VERIFY_IB: Success. verify IB ok"
2. Once that message appears,
login with username 'root'
password serial number of your router in uppercase.
3. Use vi to paste the 'open.sh' script from @MeisterLone github on your device
https://github.com/MeisterLone/Askey-RT5010W-D187-REV6/blob/master/Patch/open.sh
4. chmod 755 open.sh
5. ./open.sh
6. Set your ip to 192.168.0.1
7. Run a TFTP server and host the initramfs image on the TFTP server and name it "recovery.img"
8. Reboot device. On boot it will try TFTP.
Install OpenWrt from initramfs image:
1. Use SCP (or other way) to transfer OpenWrt factory image
2. Connect to device using SSH (on a LAN port)
3. Flash firmware: sysupgrade
# sysupgrade -n -v /tmp/openwrt_sysupgrade.bin
4. Set U-boot env variable: bootcmd
# fw_setenv bootcmd "run fix_uboot; run setup_and_boot"
5. Reboot the device
# reboot
6. Once device is booted, residue of previous firmware will prevent openwrt to work properly.
Factory Reset is MUST required
# Once serial console is displaying to login, hold reset button for 10 sec
7. Now everything should be operational.
Note: this PR adds only single partition support, that means sysupgrade is
upgrading the current rootfs partition
Signed-off-by: Connor Yoon <j_connor@taliaent.com>
ec8c620fd5f4 split bridge-local disable into rx and tx
40b1c5b6be4e flow: do not attempt to offload bridge-local flows
Signed-off-by: Felix Fietkau <nbd@nbd.name>
For interface type parameters, the man page documents patterns:
```
*,!eth*,!!eth1
uses all interfaces, except interfaces starting with "eth",
but including "eth1".
```
* Renamed `_ifname` to `_l2dev`.
* get the l2dev via network_get_physdev (and not l3dev)
* Glob pattern `*` is also valid - use noglob for this
The net result is that now interface 'names' including globs '*' and '!'
inversions are included in the generated lldpd configs.
Temporarily `set -o noglob` and then `set +o noglob` to disable & enable
globbing respectively, because when we pass `*` as an interface choice,
other file and pathnames get sucked in from where the init script runs,
and the `*` never makes it to lldpd.
Tested extensively on: 22.03.6, 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
[ squash with commit bumping release version ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Lets update to 2024.04 in order to drop all of the patches as they have
been merged upstream.
Tested on Methode eDPU.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
f9a28a9ce864 ustream-ssl: poll connection on incomplete reads
3c49e70c4622 ustream-ssl: increase number of read buffers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Reduce calls and pipes and read from urandom once directly with hexdump
for the necessary 5 bytes of random data to build the 48 bit ULA Prefix.
Fewer calls and forks; finish quicker; less memory used.
Tested on: 23.05.3
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
It seems that move to kernel 6.6 somehow fixed the remoteproc restart so
now it properly restarts and thus coldboot calibration works as well.
ipq60xx still seems to be broken in a different way so keep it disabled.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add patch fixing rmmod and insmod. Lots of flawed logic fixed that
permits the module to correctly rmmod and insmod later.
Just to quote some change, use phy_detach instead of phy_disconnect, fix
exclusive reset_control that could only be used once, fix kernel panic
on second edma_cleanup, stop traffic before module exit...
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This reverts commit a9e22ffa50.
After doing a clean rebuild, it turns out that this change is not necessary
Signed-off-by: Felix Fietkau <nbd@nbd.name>
3159bbe0a2eb improve isolation when selecting a fixed output port
c77a7a1ff74d nl: fix getting flow offload stats
a08e51e679dd add support for disabling bridge-local flows via config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The new script uses a different strategy compared to the previous one.
Instead of trying to split flows by hash and spread them to all CPUs,
use RPS to redirect packets to a single core only.
Try to spread NAPI thread and RPS target CPUs across available CPUs
and try to ensure that the NAPI thread is on a different CPU than the
RPS target. This significantly reduces cycles wasted on the scheduler.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Limiting allowed channels per device may be required and is commonly
supported on other drivers, so include a pending patch to add support for
the same.
Signed-off-by: Robert Marko <robimarko@gmail.com>
As commit 3ce1e4c3d3 ("d1: define subtarget specifically") added the
'generic' subtarget, without 'BUILD_SUBTARGET' the correspond U-Boot
package will be no longer selected automatically.
Fixes: 3ce1e4c3d3 ("d1: define subtarget specifically")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Update to the latest upstream release to include recent improvements and
bugfixes. Update copyright, fix typo in PKG_NAME, and remove unneeded use
of MAKE_VARS definition in Makefile. Drop 001-cflags.patch and simplify
002-includes.patch after refreshing. Also simplify LTO/DCE build flags.
Link: https://github.com/libbpf/bpftool/releases/tag/v7.4.0
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>