Drop the flow-hash of the skb when forwarding to the L2TP netdev.
This avoids the L2TP qdisc from using the flow-hash from the outer
packet, which is identical for every flow within the tunnel.
This does not affect every platform but is specific for the ethernet
driver. It depends on the platform including L4 information in the
flow-hash.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 35a5e62da7)
WPS button activation method is wrong . It should be active low
Signed-off-by: Robert Senderek <robert.senderek@10g.pl>
(cherry picked from commit 611a9894b2)
Synchronize the ath11k backports with upstream linux.
Most of them are changes in kernel 6.5, the rest are
fixes for the ath11k_pci. The most important one is
"Revert 'wifi: ath11k: Enable threaded NAPI'", which
fixes the problem that QCN9074 cannot be used after
restarting on the x86 platform.
[ 23.462718] ath11k_pci 0000:02:00.0: failed to vdev 0 create peer for AP: -110
[ 28.503020] ath11k_pci 0000:02:00.0: Timeout in receiving vdev delete response
Changes to ipq8074 coldboot part pick from commit
b33bfcf ("mac80211: ath11k: sync with ath-next").
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5df7a78e82)
When `log.showSignature` is set, it causes the `SOURCE_DATE_EPOCH` to
include a textual signature description on OpenPGP-signed commits,
because Git prints the description into stdout. This then causes some
scripts to fail because they cannot parse the date from the variable.
Adding an explicit `--no-show-signature` prevents the signatures from
being displayed even when one has Git configured to show them by
default, fixing the scripts.
Signed-off-by: Oto Šťáva <oto.stava@gmail.com>
(cherry picked from commit 1e93208bd2)
Recent OEM firmware versions test the version number embedded in the uimage
"name" header field. The exact restricton is unknown, but "7.0.8.4" seems
to be the lowest number accepted on a GS110TPPv1 which already has that
version or higher.
A "9.9.9.9" version is accepted as valid by the GS110TPPv1 OEM firmware,
and considered both unique enough to identify an OpenWrt image and
moderately future proof against OEM version bumps.
This change is also boot tested on a GS108Tv3 with
"BOOT Loader Version 1.0.0.2 (2018-08-31 17:05:26 UTC)"
to verify that it doesn't break boot on older hardware.
Link: https://forum.openwrt.org/t/72510/58
Signed-off-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit 6da308f4de)
Fix netifd hostapd.sh selection of FILS-SHA384 algorithm with eap-192.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 472312f83f)
Backport merged upstream patch that adds support for firmware loader
from NVMEM or attached filesystem for Aquantia PHYs.
Refresh all kernel patches affected by this change.
Also update the path for aquantia .ko that got moved to dedicated
directory upstream.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
[rmilecki: port to 5.15]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1b3259eb5c)
The NWA50AX Pro only has a eth0 interface for its only ethernet port.
Use this port for preinit.
Fixes non-working network in failsafe mode.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit b589434a0b)
Add dtb makefile target to targets list to permit correct working of
make target/linux/dtb
Fixes: c47532b1ea ("kernel-buildOnmk: add support for compiling only DTS")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit c4910e9cb3)
Add support for compiling DTS for the selected target. This can be
useful for testing if the DTS correctly compile and doesn't produce any
error.
This adds a new make target. To compile only DTS use:
make target/linux/dtb
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit c47532b1ea)
Checking for AP_VLAN misdetects ath10k-ath12k as fullmac, because of software
crypto limitations. Check for monitor mode support instead, which is more
reliable.
Fixes: https://github.com/openwrt/openwrt/issues/14575
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 2b4941a6f1)
The maintainer and repository of wireless-regdb has changed.
https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/
Changes:
37dcea0 wireless-regdb: Update keys and maintainer information
9e0aee6 wireless-regdb: Makefile: Reproducible signatures
8c784a1 wireless-regdb: Update regulatory rules for China (CN)
149c709 wireless-regdb: Update regulatory rules for Japan (JP) for December 2023
bd69898 wireless-regdb: Update regulatory rules for Singapore (SG) for September 2023
d695bf2 wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)
4541300 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit b463737826)
Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024]
* Fixed PKCS12 Decoding crashes
([CVE-2024-0727])
* Fixed Excessive time spent checking invalid RSA public keys
([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
CPUs which support PowerISA 2.07
([CVE-2023-6129])
* Fix excessive time spent in DH check / generation with large Q parameter
value ([CVE-2023-5678])
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 44cd90c49a)
Commit daefc646e6 ("realtek: fix ZyXEL initramfs image generation")
fixed a shell expansion issue with zyxel-vers usage. Commit 045baca10b
("realtek: deduplicate GS1900 recipes") took care of this for the
rtl838x and rtl839x subtargets, but the single device officially
supported in rtl930x - the XGS1250-12 - was overlooked. This commit
updates the XGS1250-12 build recipe as well.
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
(cherry picked from commit 557db5106c)
Only bcm2708 and bcm2709 use "kernel.img" file name.
bcm2710 and bcm2711 use "kernel8.img" and bcm2712 uses "kernel_2712.img".
(cherry picked from commit 1a5e51ab00)
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Automatically detect boot partition instead of forcing /dev/mmcblk0p1.
This way users can still get /boot mounted when booting from USB.
(cherry picked from commit a391760102)
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Will be used for conversions in later commits and is a requirement for
PHY backports.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rmilecki: update commit message for 23.05]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 511c7ff032)
Ubiquiti Rocket M XW is a single-band, 2x2:2 external Wi-Fi AP, with optional
GPS receiver, with two external RP-SMA antenna connections, based on
AR9342 SoC. Two band variants exists, for 2.4GHz and 5GHz band, usable
with the same image.
Specs:
- CPU: Atheros AR9342 MIPS SoC at 535MHz
- RAM: 64MB DDR400
- ROM: 8MB SPI-NOR in SO16W package, MX25L6408E
- Wi-Fi Atheros AR9342 built-in 2x2:2 radio
- Ethernet: Atheros AR8035 PHY, limited to 100Mbps speeds due to
magnetics
- Power: 24V passive PoE input.
Installation: please refer to Ubiquiti Bullet M2HP for documentation.
The device runs with exactly same image as the Bullet, and after fixes
in preceding commit, is fully functional again. Add the alternative name
to the build system.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 54387fddea)
Since commit 6f2e1b7485 ("ath79: disable delays on AT803X config init")
Ubiquiti XW boards equipped with AR8035 PHY suffered from lack of
outbound traffic on the Ethernet port. This was caused by the fact, the
U-boot has set this during boot and it wasn't reset by the PHY driver,
and the corresponding setting in device tree was wrong.
Set the 'phy-mode = "rgmii-txid"' at the ð0, and drop this property
from PHY node, as it is not parsed there. This causes the device to
connect using Ethernet once again.
Fixes: db4b6535f8 ("ath79: Add support for Ubiquity Bullet M (XW)")
Fixes: 6f2e1b7485 ("ath79: disable delays on AT803X config init")
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit a9b2ba4d7b)
Onboard AR8035 PHY supports 1000Base-T operation, but onboard
Ethernet magnetics do not. Reduce advertised link speeds to 100Mbps and
lower.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit d406777fb1)
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:
* Timing side channel in private key RSA operations (CVE-2024-23170)
Mbed TLS is vulnerable to a timing side channel in private key RSA
operations. This side channel could be sufficient for an attacker to
recover the plaintext. A local attacker or a remote attacker who is
close to the victim on the network might have precise enough timing
measurements to exploit this. It requires the attacker to send a large
number of messages for decryption.
* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)
When writing x509 extensions we failed to validate inputs passed in to
mbedtls_x509_set_extension(), which could result in an integer overflow,
causing a zero-length buffer to be allocated to hold the extension. The
extension would then be copied into the buffer, causing a heap buffer
overflow.
Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
(cherry picked from commit 920414ca88)
While flashing sysupgrade image from U-Boot, then the rootfs_data
overlay filesystem formatting is left for the fstools during firstboot,
but that wont work as mkfs.f2fs is missing in the sysupgrade image:
mount_root: overlay filesystem in /dev/loop0 has not been formatted yet
mount_root: no usable overlay filesystem found, using tmpfs overlay
sh: mkfs.f2fs: not found
Filesystem Size Used Available Use% Mounted on
/dev/loop0 139.6M 46.9M 92.6M 34% /overlay
Number Start (sector) End (sector) Size Code Name
20 98850 406349 150.1 MiB FFFF rootfs
So lets fix it by adding f2fs support to the sysupgrade image.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ba415af570)
Use postinst script to reload service instead of uci-defaults hack. It's
possible thanks to recent base-files change that executes postinst after
uci-defaults.
This fixes support for uhttpd customizations. It's possible (again) to
adjust uhttpd config with custom uci-defaults before it gets started.
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Fixes: d25d281fd6 ("uhttpd: Reload config after uhttpd-mod-ubus was added")
Ref: b799dd3c70 ("base-files: execute package's "postinst" after executing uci-defaults")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1f11a4e283)
Allow "postinst" scripts to perform extra actions after applying all
kind of fixups implemented using uci-defaults.
This is needed e.g. by uhttpd-mod-ubus which after installation in a
running systems needs to:
1. Update uhttpd config using its uci-defaults script
2. Reload uhttpd
While this approach makes sense there is a risk it'll blow up some
corner case postinst usages. There is only 1 way to find out.
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b799dd3c70)
raspberrypi/firmware is about 40G, so getting the full history log isn't an
option.
There have been multiple improvements and also support for the RPi 5 has been
added.
(cherry picked from commit e8f5581701)
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This is the last update for bcm27xx-userland as it has been
deprecated but funcional up to raspberry pi 5.
96a7334 README: Update to make it clear that most code in this repo is deprecated
3c97f76 userland: dtoverlay: /boot/firmware is a valid path
153a235 Assorted clang static analysis fixes
eca070c bcm_host: Update kms/fkms check for pi5
06a7618 dtoverlay: Support bcm2712 as a platform
0489c07 dtoverlay: Add dtoverlay_first/next_subnode
a1c7f81 dtoverlay: Support literal assignments of path strings
44a3953 raspivid: Also flush PTS file if flush is enabled
cc1ca18 userland: dtoverlay: Use os_prefix if set
9d5250f libfdt: Add null-ptr check for prop-data to resolve clang --analyzer warning
50527c6 mmal: Only include Videocore components if not running on Videocore
df245ea tvservice: Update unsupported message to recommend kmsprint
de0cfe8 dtoverlay: Fix clang warnings
0182f05 dtoverlay: Fix various compiler warnings
2a6306b dtoverlay: Fix path rebasing and exports
d1e92d7 dtoverlay: Add support for string escape sequences
b1ee39e gencmd: Add a fallback to mailbox interface if vchiq is not available
54fd97a hello_pi: Fix some build issues
Signed-off-by: Marty Jones <mj8263788@gmail.com>
(cherry picked from commit 3df664101a)
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The original configuration might be copied from bcm2710 which uses
cortex A53 rather than A72 in BCM2711, without errata might be harmful
to system stability and security.
Signed-off-by: Yangyu Chen <cyy@cyyself.name>
(cherry picked from commit d549809c05)
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The documentation links have changed and are no longer valid.
(cherry picked from commit 189838517e)
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Kernel 5.15 introduced a significant change to spi-nor subsystem [1],
which would the SPI-NOR core to no longer unprotect the Flash chips if
their protection bits are non-volatile, which is the case for MX25L6405D
and MX25L12805D, used in Ubiquiti XW and WA lines of devices [2].
However, their bootloader forcibly enables this protection before
continuing to boot, making the kernel not unprotect the flash upon boot,
causing JFFS2 to be unable write to the filesystem. Because sysupgrade
seems to unlock the flash explicitly, the upgrade will work, but the
system will be unable to save configrationm showing the following symptom
in the kernel log:
[ 86.168016] jffs2_scan_eraseblock(): End of filesystem marker found at 0x0
[ 86.192344] jffs2_build_filesystem(): unlocking the mtd device...
[ 86.192443] done.
[ 86.200669] jffs2_build_filesystem(): erasing all blocks after the end marker...
[ 86.220646] jffs2: Newly-erased block contained word 0x19852003 at offset 0x001e0000
[ 86.292388] jffs2: Newly-erased block contained word 0x19852003 at offset 0x001d0000
[ 86.324867] jffs2: Newly-erased block contained word 0x19852003 at offset 0x001c0000
[ 86.355316] jffs2: Newly-erased block contained word 0x19852003 at offset 0x001b0000
[ 86.402855] jffs2: Newly-erased block contained word 0x19852003 at offset 0x001a0000
Disable the write protection unconditionally for ath79/generic subtarget,
so the XW and WA devices can function again. However, this is only a
stopgap solution - it probably should be investigated if there is a way
to selectively unlock the area used by rootfs_data - but given the lock
granularity, this seems unlikely.
With this patch in place, rootfs_data partition on my Nanostation Loco
M5 XW is writable again.
Fixes: #12882Fixes: #13750
Fixes: 579703f38c ("ath79: switch to 5.15 as default kernel")
Link: http://www.infradead.org/pipermail/linux-mtd/2020-October/082805.html
Link: https://forum.openwrt.org/t/powerbeam-m5-xw-configuration-loss-after-reboot/141925
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit f024f4b1b0)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
The current dts file of dgs-1210-10p doesn't support link states
for the sfp ports (they are always up).
This patch tries to give better support for this and was run tested
on dgs-1210-10p.
It was already commited to the main branch.
Signed-off-by: Michel Thill <jmthill@gmail.com>
(cherry picked from commit 135e107620)
(based on support for ASUS RT-AX59U by liushiyou006)
SOC: MediaTek MT7986
RAM: 512MB DDR4
FLASH: 128MB SPI-NAND (Winbond W25N01GV)
WIFI: Mediatek MT7986 DBDC 802.11ax 2.4/5 GHz
ETH: MediaTek MT7531 Switch
UART: 3V3 115200 8N1 (Pinout silkscreened / Do not connect VCC)
Upgrade from AsusWRT to OpenWRT using UART
Download the OpenWrt initramfs image.
Copy the image to a TFTP server reachable at 192.168.1.70/24. Rename the image to rtax59u.bin.
Connect the PC with TFTP server to the RT-AX59U.
Set a static ip on the ethernet interface of your PC.
(ip address: 192.168.1.70, subnet mask:255.255.255.0)
Conect to the serial console, interrupt the autoboot process by pressing '4' when prompted.
Download & Boot the OpenWrt initramfs image.
$ setenv ipaddr 192.168.1.1
$ setenv serverip 192.168.1.70
$ tftpboot 0x46000000 rtax59u.bin
$ bootm 0x46000000
Wait for OpenWrt to boot. Transfer the sysupgrade image to the device using scp and install using sysupgrade.
$ sysupgrade -n <path-to-sysupgrade.bin>
Upgrade from AsusWRT to OpenWRT using WebUI
Download transit TRX file from https://drive.google.com/drive/folders/1A20QdjK7Udagu31FSszpWAk8-cGlCwsq
Upgrade firmware from WebUI (192.168.50.1) using downloaded TRX file
Wait for OpenWRT to boot (192.168.1.1).
Upgrade system with sysupgrade image using luci or uploading it through scp and executing sysupgrade command
MAC Address for WLAN 5g is not following the same algorithm as in AsusWRT.
We have increased by one the WLAN 5g to avoid collisions with other networks from WLAN 2g
when bit 28 is already set.
: Stock : OpenWrt
WLAN 2g (1) : C8:xx:xx:0D:xx:D4 : C8:xx:xx:0D:xx:D4
WLAN 2g (2) : : CA:xx:xx:0D:xx:D4
WLAN 2g (3) : : CE:xx:xx:0D:xx:D4
WLAN 5g (1) : CA:xx:xx:1D:xx:D4 : CA:xx:xx:1D:xx:D5
WLAN 5g (2) : : CE:xx:xx:1D:xx:D5
WLAN 5g (3) : : C2:xx:xx:1D:xx:D5
WLAN 2g (1) : 08:xx:xx:76:xx:BE : 08:xx:xx:76:xx:BE
WLAN 2g (2) : : 0A:xx:xx:76:xx:BE
WLAN 2g (3) : : 0E:xx:xx:76:xx:BE
WLAN 5g (1) : 0A:xx:xx:76:xx:BE : 0A:xx:xx:76:xx:BF
WLAN 5g (2) : : 0E:xx:xx:76:xx:BF
WLAN 5g (3) : : 02:xx:xx:76:xx:BF
Signed-off-by: Xavier Franquet <xavier@franquet.es>
(cherry picked from commit 782eb05008)
[Upstream Backport]
The range for the 5 GHz channel 118 was encoded with an incorrect
channel number.
Fixes: ed8e13decc71 (ACS: Extract bw40/80/160 freqs out of acs_usable_bwXXX_chan())
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 56d7887917)
Enabling SMP on the xway target results in two issues:
* some danube chipset-based devices fail on boot,
* on devices based on the arx100 chipset, enabling smp
results in a degradation of NAT performance.
After these two issues are fixed, SMP can be re-enabled.
This reverts commit 084c20f6c5.
Fixes: #13934Fixes: #14283
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Fine tuning PR: openwrt/openwrt#14355 Ref: 5a82bb909b
("mediatek: GL-MT6000: Add missing LED state definitions")
As the only LED is using white in the stock firmware when the device is
running and blue for the bootloader I suggest following changes:
- Using blue for the BL and preinit+failsafe
- White for normal operation (like the original FW) and sysupgrade
With this changes it's clear by looking to the LED in which operation
mode the device is and a possible BL stuck can be seen easily.
Tested with [GL-MT6000](https://openwrt.org/toh/gl.inet/gl-mt6000).
Signed-off-by: Thomas Schröder <tschroeder_github@outlook.com>
Tested-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 4d7bac1dca)
Read back the reset register in order to flush the cache. This fixes
spurious reboot hangs on TP-Link TL-WDR3600 and TL-WDR4300 with Zentel
DRAM chips.
This issue was fixed in the past, but switching to the reset-driver
specific implementation removed the cache barrier which was previously
implicitly added by reading back the register in question.
Link: https://github.com/freifunk-gluon/gluon/issues/2904
Link: https://github.com/openwrt/openwrt/issues/13043
Link: https://dev.archive.openwrt.org/ticket/17839
Link: f8a7bfe1cb2c ("MIPS: ath79: fix system restart")
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 2fe8ecd880)
Hardware
--------
CPU: Qualcomm Atheros QCA9563
RAM: 128M DDR2
FLASH: 16MB SPI-NOR
WiFi: Qualcomm Atheros QCA9563 2x2:2 802.11n 2.4GHz
Qualcomm Atheros QCA9880 2x2:2 802.11ac 5GHz
Antennas
--------
The device features internal antennas as well as external antenna
connectors. By default, the internal antennas are used.
Two GPIOs are exported by name, which can be used to control the
antenna-path mux. Writing a logical 0 enables the external antenna
connectors.
Installation
------------
1. Download the OpenWrt sysupgrade image to the device. You can use scp
for this task. The default username and password are "ubnt" and the
device is reachable at 192.168.1.20.
$ scp -O openwrt-sysupgrade.bin ubnt@192.168.1.20:/tmp/firmware.bin
2. Connect to the device using SSH.
$ ssh ubnt@192.168.1.20
3. Disable the write-protect
$ echo "5edfacbf" > /proc/ubnthal/.uf
4. Verify kernel0 and kernel1 match mtd2 and mtd3
$ cat /proc/mtd
5. Write the sysupgrade image to kernel0 and kernel1
$ dd if=/tmp/firmware.bin of=/dev/mtdblock2
$ dd if=/tmp/firmware.bin of=/dev/mtdblock3
6. Write the bootselect flag to boot from kernel0
$ dd if=/dev/zero bs=1 count=1 of=/dev/mtd4
7. Reboot the device
$ reboot
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit bf94e0a383)