This file can be subsequently used to resolve symbolic user or group names
to their numeric IDs when packing ipk archives.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
With the introduction of `./tmp/userids` the `ipkg-build` script can now
resolve values of "PKG_FILE_MODES", allowing users to set names rather
than numeric values.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Multiple packages contain a USERID variable defining required user and
group for the package to run. With the recent addition of
"PKG_FILE_MODES" it is possible to define user and group of specific
files, replacing (possibly insecure) post-inst scripts. These modes are
set during build time and put directly into the packages.
To allow user and group names rather than the numeric values, a mapping
like `/etc/passwd` is required by the `ipkg-build` script, mapping names
defined in "PKG_FILE_MODES" to a numeric value, as the build system does
not create any users during build.
This commit adds a single line to the `prepare-tmpinfo` target, so that
everytime the feeds are updated the *passwd like* content of
`./tmp/userids` is updated.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This adds support for the RTL838x Architecture.
SoCs of this type are used in managed and un-managed Switches and Routers
with 8-28 ports. Drivers are provided for SoC initialization, GPIOs, Flash,
Ethernet including a DSA switch driver and internal and external PHYs used
with these switches.
Supported SoCs:
RTL8380M
RTL8381M
RTL8382M
The kernel will also boot on the following RTL839x SoCs, however driver
support apart from spi-nor is missing:
RTL8390
RTL8391
RTL8393
The following PHYs are supported:
RTL8214FC (Quad QSGMII multiplexing GMAC and SFP port)
RTL8218B internal: internal PHY of the RTL838x chips
RTL8318b external (QSGMII 8-port GMAC phy)
RTL8382M SerDes for 2 SFP ports
Initialization sequences for the PHYs are provided in the form of
firmware files.
Flash driver supports 3 / 4 byte access
DSA switch driver supports VLANs, port isolation, STP and port mirroring.
The ALLNET ALL-SG8208M is supported as Proof of Concept:
RTL8382M SoC
1 MIPS 4KEc core @ 500MHz
8 Internal PHYs (RTL8218B)
128MB DRAM (Nanya NT5TU128MB)
16MB NOR Flash (MXIC 25L128)
8 GBEthernet ports with one green status LED each (SoC controlled)
1 Power LED (not configurable)
1 SYS LED (configurable)
1 On-Off switch (not configurable)
1 Reset button at the right behind right air-vent (not configurable)
1 Reset button on front panel (configurable)
12V 1A barrel connector
1 serial header with populated standard pin connector and with markings
GND TX RX Vcc(3.3V), connection properties: 115200 8N1
To install, upload the sysupgrade image to the OEM webpage.
Signed-off-by: Birger Koblitz <git@birger-koblitz.de>
Add support for uimage headers from ALLNET and provide support for the
SG8208M and SG8310PM devices' magic bytes.
Signed-off-by: Birger Koblitz <git@birger-koblitz.de>
This target has not been updated to 5.4 yet, and the only person
trying it (Koen) decided to retreat based on the following reasons:
- The target is not DT-aware at all
- The huge amount of effort required
- The SoC itself reached EoL at Cavium for some time now
- Upstream removed some important parts as it's also slowly getting EoL
over there
- The commercial product that used this will fade out shortly
- The amount of download for this binary suggest that the target is not
that popular
Since nobody has picked up the work since then, and this is the last
remaining 4.19-only target, finally drop it now.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
On the Turris Omnia 2019, u-boot environment is located at 0xF0000, instead
of 0xC0000. The switch happened with u-boot-omnia package version 2019-04-2
(May 10, 2019).
Check the installed u-boot release, and set the default accordingly.
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
[bump PKG_RELEASE, use lower case for hex offset]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
this board has a pcie to sata bridge connected to pcie2 with a
separated pcie reset on gpio7.
add reset-gpios and corresponding pinctrl nodes into dts.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Backport upstream changes to initialize GDM settings and reset PPE
Allow GMAC to recognize the special tag to fix PPE packet parsing
Improve GRO performance by passing PPE L4 hash as skb hash
Signed-off-by: Felix Fietkau <nbd@nbd.name>
All modifications made by update_kernel.sh/no manual intervention needed
Build-tested: x86_64
Run-tested: ipq806x (R7800)
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
TP-Link EAP225-Wall v2 is an AC1200 (802.11ac Wave-2) wall plate access
point. UART access and debricking require fine soldering.
The device was kindly provided for porting by Stijn Segers.
Device specifications:
* SoC: QCA9561 @ 775MHz
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR (GD25Q127CSIG)
* Wireless 2.4GHz (SoC): b/g/n, 2x2
* Wireless 5Ghz (QCA9886): a/n/ac, 2x2 MU-MIMO
* Ethernet (SoC): 4× 100Mbps
* Eth0 (back): 802.3af/at PoE in
* Eth1, Eth2 (bottom)
* Eth3 (bottom): PoE out (can be toggled by GPIO)
* One status LED
* Two buttons (both work as failsafe)
* LED button, implemented as KEY_BRIGHTNESS_TOGGLE
* Reset button
Flashing instructions, requires recent firmware (tested on 1.20.0):
* ssh into target device and run `cliclientd stopcs`
* Upgrade with factory image via web interface
Debricking:
* Serial port can be soldered on PCB J4 (1: TXD, 2: RXD, 3: GND, 4: VCC)
* Bridge unpopulated resistors R162 (TXD) and R165 (RXD)
Do NOT bridge R164
* Use 3.3V, 115200 baud, 8n1
* Interrupt bootloader by holding CTRL+B during boot
* tftp initramfs to flash via sysupgrade or LuCI web interface
MAC addresses:
MAC address (as on device label) is stored in device info partition at
an offset of 8 bytes. ath9k device has same address as ethernet, ath10k
uses address incremented by 1.
From OEM ifconfig:
br0 Link encap:Ethernet HWaddr 50:...:04
eth0 Link encap:Ethernet HWaddr 50:...:04
wifi0 Link encap:UNSPEC HWaddr 50-...-04-...
wifi1 Link encap:UNSPEC HWaddr 50-...-05-...
Signed-off-by: Sander Vanheule <sander@svanheule.net>
[fix IMAGE_SIZE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
HooToo HT-TM05 and RAVPower RP-WD03 have almost identical hardware
(except for RAM size) and are from the same vendor (SunValley).
Create a common DTSI file for them.
Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The baud rate for the RAVPower RP-WD03 is 57600, not 115200.
Since this is the default from mt7620n.dtsi, the chosen node can
simply be removed from the device DTS.
Fixes: 5ef79af4f8 ("ramips: add support for Ravpower WD03")
Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
According to the User Manual, there is a "Wi-Fi LED" with blue and
green colors, doing the following by default:
Flashing Blue: System loading
Solid Blue: System loaded
Flashing Green: Connecting to the Internet
Solid Green: Connected to the Internet
According to this vendor behavior, we keep refer to the LED as "wifi"
but implement the according default behavior as in OEM firmware.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
MAC assignment based on vendor firmware:
2.4 GHz *:b4 (factory 0x04)
LAN/label *:b4 (factory 0x28)
WAN *:b5 (factory 0x2e)
The previously used location 0x4000 for ethernet is actually empty.
Therefore, fix the ethernet MAC address and set it as label-mac-address.
Fixes: 5ef79af4f8 ("ramips: add support for Ravpower WD03")
Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The RAVPower RP-WD03 is a battery powered router, with an Ethernet and
USB port. Due due a limitation in the vendor supplied U-Boot bootloader,
we cannot exceed a 1.5 MB kernel size, as is the case with recent builds
(i.e. post v19.07). This breaks both factory and sysupgrade images.
To address this, use the lzma loader (loader-okli) to work around this
limitation.
The improvements here also address the "misplaced" U-Boot environment
partition, which is located between the kernel and rootfs in the stock
image / implementation. This is addressed by making use of mtd-concat,
maximizing space available in the booted image.
This will make sysupgrade from earlier versions impossible.
Changes are based on the recently supported HooToo HT-TM05, as the
hardware is almost identical (except for RAM size) and is from the same
vendor (SunValley). While at it, also change the SPI frequency
accordingly.
Installation:
- Download the needed OpenWrt install files, place them in the root
of a clean TFTP server running on your computer. Rename the files as,
- openwrt-ramips-mt7620-ravpower_rp-wd03-squashfs-kernel.bin => kernel
- openwrt-ramips-mt7620-ravpower_rp-wd03-squashfs-rootfs.bin => rootfs
- Plug the router into your computer via Ethernet
- Set your computer to use 10.10.10.254 as its IP address
- With your router shut down, hold down the power button until the first
white LED lights up.
- Push and hold the reset button and release the power button. Continue
holding the reset button for 30 seconds or until it begins searching
for files on your TFTP server, whichever comes first.
- The router (10.10.10.128) will look for your computer at 10.10.10.254
and install the two files. Once it has finished installation, it will
automatically reboot and start up OpenWrt.
- Set your computer to use DHCP for its IP address
Notes:
- U-Boot environment can be modified, u-boot-env is preserved on initial
install or sysupgrade
- mtd-concat functionality is included, to leave a "hole" for u-boot-env,
combining the OEM kernel and rootfs partitions
Most of the changes in this commit are the work of Russell Morris (as
credited below), I only wrapped them up and added compat-version.
Thanks to @mpratt14 and @xabolcs for their help getting the lzma loader
to work!
Fixes: 5ef79af4f8 ("ramips: add support for Ravpower WD03")
Suggested-by: Russell Morris <rmorris@rkmorris.us>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Enable the VLAN tag offloading mechanism for RGMII single-port devices.
This allows those devices to use 802.1Q VLANs on the ethernet port.
Previously, RX frames were double tagged, as the RX TAG removal flag was
not enabled and an additional 802.1Q header was inserted elsewhere in
the code.
On the TX side, tagging was completely not present for single-port
devices. Enable tagging if an 802.1Q frame should be transmitted and
disable the default tagging mechanism for single-port devices.
Tested on Aruba AP-303
Signed-off-by: David Bauer <mail@david-bauer.net>
Add support for per-BSS airtime weight configuration. This allows to set
a airtime weight per BSS as well as a ratio limit based on the weight.
Support for this feature is only enabled in the full flavors of hostapd.
Consult the hostapd.conf documentation (Airtime policy configuration)
for more information on the inner workings of the exposed settings.
Signed-off-by: David Bauer <mail@david-bauer.net>
Set the default state for LEDs to off. When a trigger is set, the
trigger will turn the LED automatically on.
Currently LEDs might stay on, e.g. when the LED trigger is set to a
netdev trigger and the interface is never activated or the 'none'
trigger is selected without setting the 'default' option to 0 and it's
set for the LED indicating the system running state.
Using off as a default value is also consistent with the documentation
in the OpenWrt wiki.
Signed-off-by: David Bauer <mail@david-bauer.net>
TITLE is "NFS4 filesystem client support" (Line 428)
but the description is "Kernel module for NFS v4 support" (Line 438).
Use "Kernel module for NFS v4 client support" on line 438.
Signed-off-by: Bob Cai <1119283622@qq.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
vconfig is no more installed by default to a firmware image. So, replace
vconfig calls for VLAN subinterface configuration by coresponding
ip-link commands.
Also drop few useless comments from the preinit hook script, while we
are at it.
I have no chance to test this fix since I have no board with a subject
switch IC, but this is still better then call an utility that is
unavailable in the firmware for years.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
[use documented syntax for ip link add]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Since the introduction of fakeroot support, wrapped SDK executables might
be invoked from a shell that has libfakeroot.so preloaded.
Since we're using preloading as well in order to mangle argv[0] when
invoking the shipped ELF interpreter directly, we must take care of
preloading the already preloaded libraries as well, to avoid invoked
programs losing their fakeroot capabilities.
Extend the bundle-libraries.sh script to take any existing $LD_PRELOAD
into account when invoking the target ELF executable with a preloaded
runas.so library.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The config symbol was introduced in drivers, but not added to
generic kernel config files. This will halt build asking for the
value.
Fix it by adding the value (setting it to disabled).
Fixes: 3f7047db7a ("kernel: mtdsplit: support ELF loader splitting")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ipc: split into separate files per-platform
This is in preparation for FreeBSD support, which I had hoped to have this
release, but we're still waiting on some tooling fixes, so hopefully next
wg(8) will support that. Either way, the code base is now a lot more amenable
to adding more kernel platform support.
* man: wg-quick: use syncconf instead of addconf for strip example
Simple documentation fix.
* pubkey: isblank is a subset of isspace
* ctype: use non-locale-specific ctype.h
In addition to ensuring that isalpha() and such isn't locale-specific, we also
make these constant time, even though we're never distinguishing between bits
of a secret using them. From that perspective, though, this is markedly better
than the locale-specific table lookups in glibc, even though base64 characters
span two cache lines and valid private keys must hit both. This may be useful
for other projects too: https://git.zx2c4.com/wireguard-tools/tree/src/ctype.h
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
TP-Link EAP245 v3 is an AC1750 (802.11ac Wave-2) ceiling mount access
point. UART access (for debricking) requires non-trivial soldering.
Specifications:
* SoC: QCA9563 (CPU/DDR/AHB @ 775/650/258 MHz)
* RAM: 128MiB
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n 3x3
* Wireless 5GHz (QCA9982): a/n/ac 3x3 with MU-MIMO
* Ethernet (QCA8337N switch): 2× 1GbE, ETH1 (802.3at PoE) and ETH2
* Green and amber status LEDs
* Reset switch (GPIO, available for failsafe)
Flashing instructions:
All recent firmware versions (latest is 2.20.0), can disable firmware
signature verification and use a padded firmware file to flash OpenWrt:
* ssh into target device and run `cliclientd stopcs`
* upload factory image via web interface
The stopcs-method is supported from firmware version 2.3.0. Earlier
versions need to be upgraded to a newer stock version before flashing
OpenWrt.
Factory images for these devices are RSA signed by TP-Link. While the
signature verification can be disabled, the factory image still needs to
have a (fake) 1024 bit signature added to pass file checks.
Debricking instructions:
You can recover using u-boot via the serial port:
* Serial port is available from J3 (1:TX, 2:RX, 3:GND, 4:3.3V)
* Bridge R237 to connect RX, located next to J3
* Bridge R225 to connect TX, located inside can on back-side of board
* Serial port is 115200 baud, 8n1, interrupt u-boot by holding ctrl+B
* Upload initramfs with tftp and upgrade via OpenWrt
Device mac addresses:
Stock firmware has the same mac address for 2.4GHz wireless and
ethernet, 5GHz is incremented by one. The base mac address is stored in
the 'default-mac' partition (offset 0x90000) at an offset of 8 bytes.
ART blobs contain no mac addresses.
From OEM ifconfig:
ath0 Link encap:Ethernet HWaddr 74:..:E2
ath10 Link encap:Ethernet HWaddr 74:..:E3
br0 Link encap:Ethernet HWaddr 74:..:E2
eth0 Link encap:Ethernet HWaddr 74:..:E2
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
TP-Link has introduced a compatibility level to prevent certain
downgrades. This information is stored in the soft-version partition,
changing the data length from 0xc to 0x10.
The compatibility level doesn't change frequently. For example, it has
the following values for the EAP245v3 (released 2018-Q4):
* FW v2.2.0 (2019-05-30): compat_level=0
* FW v2.3.0 (2019-07-31): compat_level=0
* FW v2.3.1 (2019-10-29): compat_level=1
* FW v2.20.0 (2020-04-23): compat_level=1
Empty flash values (0xffffffff) are interpreted as compat_level=0.
If a firmware upgrade file has a soft-version block without
compatibility level (data length < 0x10), this is also interpreted as
compat_level=0.
By including a high enough compatibility level in factory images, stock
firmware can be convinced to accept the image. A compatibility level
aware firmware will keep the original value.
Example upgrade log of TP-Link EAP245v3 FWv2.3.0 to FWv2.20.0:
[NM_Debug](nm_fwup_verifyFwupFile) 02073: curSoftVer:2.3.0 Build
20190731 Rel. 51932,newSoftVer:2.20.0 Build 20200423 Rel. 36779
...
AddiHardwareVer check: NEW(0x1) >= CUR(0x0), Success.
...
[NM_NOTICE](updateDataToNvram) 00575: Restore old additionalHardVer:
0x0.(new 0x1)
[NM_NOTICE](updateDataToNvram) 00607: PTN 07: name = soft-version,
base = 0x00092000, size = 0x00000100 Bytes, upDataType = 1,
upDataStart = 7690604b, upDataLen = 00000018
[NM_Debug](updateDataToNvram) 00738: PTN 07: write bytes = 000002eb
Other firmware upgrades have been observed to modify the compabitility
stored level (e.g. TP-Link EAP225-Outdoor FWv1.4.1 to FWv1.7.0).
Therefore, it seems to be the safest option to set the OpenWrt
compatibility level to the highest known value instead of the highest
possible value (0xfffffffe), to ensure users do not get unexpectedly
refused firmware upgrades when using a device reverted back to stock.
To remain compatible with existing devices and not produce different
images, the image builder doesn't store a compatibility level if it is
zero.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The soft-version partition actually contains a header and trailing data:
* header: {data length, [zero]}
* data: {version, bcd encoded date, revision}
The data length is currently treated as a magic number, but should
contain the length of the partition data.
This header is also present the following partitions (non-exhaustive):
* string-based soft-version
* support-list
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Enabled the ELF firmware partition splitter 4.19 and 5.4 in preparation
for the TP-Link EAP245v3 device support.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
To parse the ELF kernel loader, a small ELF parser is used that can
handle both ELF32 or ELF64 class loaders. The splitter assumes that the
kernel is always located before the rootfs, whether it is embedded in
the loader or not. If the kernel is located after the rootfs on the
firmware partition, then the rootfs splitter will include it in the
dynamically created rootfs_data partition and the kernel will be
corrupted.
The kernel image is preferably embedded inside the ELF loader, so the
end of the loader equals the end of the kernel partition. This is due to
the way mtd_find_rootfs_from searches for the the rootfs:
- if the kernel image is embedded in the loader, the appended rootfs may
follow the loader immediately, within the same erase block.
- if the kernel image is not embedded in the loader, but placed at some
offset behind the loader (OKLI-style loader), the rootfs must be
aligned to an erase-block after the loader and kernel image.
In case section header table is empty, determine the elf loader size by
finding the end of the last segment, as defined by the program header
table.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Currently the global variable PKG_FILE_MODES is used for all ipkg
creations. This works for Makefiles which output a single package, or
variants of a single package.
But if a Makefile outputs multiple packages that each contain different
files, setting PKG_FILE_MODES causes build failure when any of the files
in the variable do not exist in the folder that is currently being
packaged.
Example:
/openwrt/staging_dir/host/bin/fakeroot -l /openwrt/staging_dir/host/lib/libfakeroot.so -f /openwrt/staging_dir/host/bin/faked /openwrt/scripts/ipkg-build -m "/usr/lib/mariadb/plugin/auth_pam_tool_dir:root:376:0750" /openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks /openwrt/bin/packages/mips_24kc/packages
+chown: cannot access '/openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks//usr/lib/mariadb/plugin/auth_pam_tool_dir': No such file or directory
This commit changes the file mode handling a bit. The file mode can now
be set either globally via PKG_FILE_MODES (no behavior change) or on a
per-package basis via FILE_MODES. This way specific file modes can be
used for any particular package.
This behavior is already used for other OpenWrt variables, hence it is
familiar:
PKG_MAINTAINER vs MAINTAINER
PKG_SOURCE_SUBDIR vs SUBDIR
PKG_LICENSE vs LICENSE
...
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Don't use bash syntax, because /bin/sh is used here.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Some environments, e.g. first gen WSL, do not support SysV IPC.
Enforce the use of TCP transport instead which should be universally
available.
Fixes: FS#3317
Ref: https://github.com/microsoft/WSL/issues/4067
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Minor cleanup and code reorganization, along with a change to not disable
offload anymore when a tkip or sw crypto key is added
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* compat: backport kfree_sensitive and switch to it
* netlink: consistently use NLA_POLICY_EXACT_LEN()
* netlink: consistently use NLA_POLICY_MIN_LEN()
* compat: backport NLA policy macros
Backports from upstream changes.
* peerlookup: take lock before checking hash in replace operation
A fix for a race condition caught by syzkaller.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3d9bd73 utils: fix check_pid_path to work with deleted file as well
330f403 vlan: initialize device ifname earlier at creation time
c057e71 device: do not check state from within device_init
cb0c07b system-dummy: fix resolving ifindex
ccd9ddc bridge: add support for turning on vlan_filtering
82bcb64 bridge: add support for adding vlans to a bridge
0e8cea0 bridge: add support for VLAN filtering
6086b63 config: enable bridge vlan filtering by default for bridges that define VLANs
ac0710b device: look up full device name before traversing vlan chain
e32e21e bridge: flush vlan list on bridge free
645ceed interface-ip: clear host bits of the device prefix
d7b614a netifd-wireless: parse 'osen' encryption
Signed-off-by: Daniel Golle <daniel@makrotopia.org>