When using WPA3-SAE or WPA2/WPA3 Personal Mixed, we can not use
ft_psk_generate_local because it will break FT for SAE. Instead
use the r0kh and r1kh configuration approach.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
802.11r can not be used when selecting WPA. It needs at least WPA2.
This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.
Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
Changes:
67f3b2a libtracefs: version 1.8
8a1322f libtracefs utest: Add tests to use mapping if supported
0a65b79 libtracefs: Add tracefs_mapped_is_supported() API
805f650 libtracefs: Call mmap ioctl if a refresh happens
cf7e2a5 libtracefs: Fix tracefs_mmap() kbuf usage
3a26b26 libtracefs: Have nonblock tracefs_cpu reads set errno EAGAIN
2b5bb09 libtracefs: Have tracefs_mmap_read() include subbuf meta data
dee0448 libtracefs: Have mapping work with the other tracefs_cpu* functions
28eebc1 libtracefs: Have tracefs_cpu_flush(_buf)() use mapping
065d914 libtracefs: Use mmapping for iterating raw events
1124e0e libtracefs: Use tracefs_cpu_*_buf() calls for iterator
f43b293 libtracefs: Unmap mmap mapping on tracefs_cpu close
0d24516 libtracefs Documentation: Fix tracefs_cpu_snapshot_open() man pages
5ff31c0 libtracefs Documentation: Add tracefs_follow_events_clear() to main man page
0c7d9f7 libtracefs: Add man pages for tracefs_snapshot_*() functions
b2dc3e0 libtracefs sql: Rename TIMESTAMP_USECS_DELTA to TIMESTAMP_DELTA_USECS
585ec77 libtracefs: Force off trace mmapping
2ed14b5 libtracefs: Add ring buffer memory mapping APIs
173ffc0 libtracefs meson: Add option to disable samples
a55e2e8 libtracefs meson: Add option to disable documentation
93e20af libtracefs: Fix tracefs_instance_reset to clear synthetic events
a1ecbff libtracefs utest: Add more tests to test tracefs_sql()
975c37c libtracefs utest: Add matches to trace_sql() tests
0567e2d libtracefs synthetic: Handle hashed name variables
fcb3a83 libtracefs synthetic: Remove multiple adding of action in tracefs_synth_save()
a9dae65 libtracefs: Fix sqlhist used uninitialized error
fe7a467 libtracefs: Add updating and reading snapshot buffers
1ad57ab libtracefs: Add PID filtering API
d8726bf libtracefs: Also clear max_graph_depth on reset
eb4dd60 libtracefs: Add TIMESTAMP_USECS_DELTA to simplify SQL timestamp compares
8c57eb4 libtracefs: Add tracefs_instance_set/get_subbuf_size()
9bafb21 libtracefs: Add API to extract ring buffer statistics
141d25e libtracefs: Add tracefs_load_headers() API
ef3fae7 libtracefs: Add kerneldoc comments to tracefs_instance_set_buffer_size()
31acfe1 libtracefs utest: Add test to test tracefs_instance_set/get_buffer_percent()
3e6d975 libtracefs: Add tracefs_instance_clear() API
c4efaaf libtracefs: Add tracefs_instance_get/set_buffer_percent()
1e1cc54 libtracefs: Add API to read tracefs_cpu and return a kbuffer
7d395b1 libtracefs: Add tracefs_instance_file_write_number()
e34cbd8 libtracefs: Increase splice to use pipe max size
1f50965 libtracefs: Add API to remove followers from an instance or toplevel
576ee0b libtracefs: Reset tracing before and after unit tests
118b694 libtracefs: Free dynamic event list in utest
5159973 libtracefs: Free tracing_dir in case of remount
df563eb libtracefs: Free buf in clear_func_filter()
3cbac37 libtracefs: Free "missed_followers" of instance
0cbe56e libtracefs testing: Use one tep handle for most tests
adac30f libtracefs Documentation: Fix tracefs_event_file_exists() issues
07ab199 libtracefs: Pass enum value where expected instead of int
bb299b4 libtracefs: fix cscope makefile rule
420d677 libtracefs: Free "followers" when freeing instance
3f436fc libtracefs: Fix documentation of tracefs_trace_pipe_stream() flags
1fde9df libtracefs: Add explicit pthread dependency to meson
d1989ae tracefs-perf: Add missing headers for syscall() and SYS_* defines
Signed-off-by: Nick Hainke <vincent@systemli.org>
The safe max frame size for this ethernet switch is 1532 bytes,
excluding the DSA TAG and extra VLAN header, so the maximum
outgoing frame is 1542 bytes.
The available overhead is needed when using the DSA switch with
a cascaded Marvell DSA switch, which is something that exist in
real products, in this case the Inteno XG6846.
Use defines at the top of the size for max MTU so it is clear how
we think about this, add comments.
We need to adjust the RX buffer size to fit the new max frame size,
which is 1542 when the DSA tag (6 bytes) and VLAN header (4 extra
bytes) is added.
We also drop this default MTU:
#define ENETSW_TAG_SIZE (6 + VLAN_HLEN)
ndev->mtu = ETH_DATA_LEN + ENETSW_TAG_SIZE;
in favor of just:
ndev->mtu = ETH_DATA_LEN;
I don't know why the default MTU is trying to second guess the
overhead required by DSA and VLAN but the framework will also
try to bump the MTU for e.g. DSA tags, and the VLAN overhead is
not supposed to be included in the MTU, so this is clearly not
right.
Before this patch (on the lan1 DSA port in this case):
dsa_slave_change_mtu: master->max_mtu = 9724, dev->max_mtu = 10218, DSA overhead = 8
dsa_slave_change_mtu: master = extsw, dev = lan1
dsa_slave_change_mtu: master->max_mtu = 1510, dev->max_mtu = 9724, DSA overhead = 6
dsa_slave_change_mtu: master = eth0, dev = extsw
dsa_slave_change_mtu new_master_mtu 1514 > mtu_limit 1510
mdio_mux-0.1:00: nonfatal error -34 setting MTU to 1500 on port 0
My added debug prints before the nonfatal error: the first switch from the top
is the Marvell switch, the second in the bcm6368-enetsw with its 1510 limit.
After this patch the error is gone.
OpenWrt adds a VLAN to each port so we get VLAN tags on all frames. On this
setup we even have 4 more bytes left after the two DSA tags and VLAN so
we can go all the way up to 1532 as MTU.
Testing the new 1532 MTU:
eth0 ext1 enp7s0
.--------. .-----------. cable .------.
| enetsw | <-> | mv88e6152 | <-----> | host |
`--------´ `-----------´ `------´
On the router we set the max MTU for test:
ifconfig eth0 mtu 1520
ifconfig br-wan mtu 1520
ifconfig ext1 mtu 1506
An MTU of 1506 on ext1 is a logic consequence of the above setup:
this is the max bytes actually transferred. The framing added will be:
- 18 bytes standard ethernet header
- 4 bytes VLAN header
- 6 bytes DSA tag for enetsw
- 8 bytes DSA tag for mv88e6152
Sum: 1506 + 18 + 4 + 6 + 8 = 1542 which is out max frame size.
Test pinging from host:
ping -s 1478 -M do 192.168.1.220
PING 192.168.1.220 (192.168.1.220) 1478(1506) bytes of data.
1486 bytes from 192.168.1.220: icmp_seq=1 ttl=64 time=0.696 ms
1486 bytes from 192.168.1.220: icmp_seq=2 ttl=64 time=0.615 ms
Test pinging from router:
PING 192.168.1.2 (192.168.1.2): 1478 data bytes
1486 bytes from 192.168.1.2: seq=0 ttl=64 time=0.931 ms
1486 bytes from 192.168.1.2: seq=1 ttl=64 time=0.810 ms
The max IP packet without headers is 1478, the outgoing ICMP packet is
1506 bytes. Then the DSA, VLAN and ethernet overhead is added.
Let us verify the contents of the resulting ethernet frame of 1542 bytes.
Ping packet on router side as viewed with tcpdump:
00:54:51.900869 AF Unknown (1429722180), length 1538:
0x0000: 3d93 bcae c56b a83d 8874 0300 0004 8100 =....k.=.t......
0x0010: 0000 dada 0000 c020 0fff 0800 4500 05e2 ............E...
0x0020: 0000 4000 4001 b0ec c0a8 0102 c0a8 01dc ..@.@...........
0x0030: 0800 7628 00c3 0001 f5da 1d65 0000 0000 ..v(.......e....
0x0040: ce65 0a00 0000 0000 1011 1213 1415 1617 .e..............
0x0050: 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 .........!"#$%&'
0x0060: 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 ()*+,-./0123456
(...)
- 3d93 = First four bytes are the last two bytes of the destination
ethernet address I don't know why the first four are missing,
but it sure explains why the paket is 1538 bytes and not 1542
which is the actual max frame size.
- bcae c56b a83b = source ethernet address
- 8874 0300 0004 = Broadcom enetsw DSA tag
- 8100 0000 = VLAN 802.1Q header
- dada 0000 c020 0fff = EDSA tag for the Marvell (outer) switch,
- 0800 is the ethertype (part of the EDSA tag technically)
- Next follows the contents of the ping packet as it appears if
we dump it on the DSA interface such as tcpdump -i lan1
etc, there we get the stripped out packet, 1506 bytes.
- At the end 4 bytes of FCS.
This clearly illustrates that the DSA tag is included in the MTU
which we set up in Linux, but the VLAN tag and ethernet headers and
checksum is not.
Tested-by: Paul Donald <newtwen@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This reverts commit dcdcfc1511.
This is a firmware for third-party u-boot mod, which should not
be carried here by us.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
The current dts file of dgs-1210-10p doesn't support link states
for the sfp ports (they are always up).
This patch tries to give better support for this and was run tested
on dgs-1210-10p.
It was heavily inspired from Paul Fertser, RaylynnKnight
and the author of dgs-1210-10mp-f.dts
https://forum.openwrt.org/t/dlink-dgs-1210-10p-with-glc-t-co-sfp/170928
Signed-off-by: Michel Thill <jmthill@gmail.com>
Commit e816591e22 ("ath79: qca: convert to nvmem-layout") mistakenly
switched the source of the mac address from the 'info' to 'art'
partition.
This patch updates all devices that share same 'parent' device tree file
and was tested to fix the problem for eap225-outdoor-v3 - device that I
actually own.
Fixes: e816591e22 ("ath79: qca: convert to nvmem-layout")
Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>
[amend commit message]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Use a single jsonfilter expression to yield the list of logical wireguard
interface names in shell compatible notation.
Supersedes: #12344
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Enabling SMP on Danube[1] is incompatible with a patch that
adds support for interrupt handling on all cores on other
platforms[2]. This patch fixes the mentioned issue.
1. 084c20f6c5 ("lantiq: xway: kernel: enable SMP support ")
2. fbd33d6164 ("lantiq: enable interrupts on second VPEs")
Fixes: #13934Fixes: #14283
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
By default Linux will default to most IRQ-s being mapped to core 0 which
during high loads will completely swamp the core 0, so lets add the widely
used script that has been floating around forums for a long time to try and
optimize the IRQ mapping a bit.
Signed-off-by: Robert Marko <robimarko@gmail.com>
On some platforms, some firmware files might look like executables.
These need to be ignored in order to avoid messing them up.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Some of devices in this target have only 8 MiB space and are closing to
borders of usable space. Particularly, TP-Link RE305 v1 already suffers
from this issue[1], where with current partition layout, on release
images, there's not enough space for overlay. So activate small_flash
feature, which will remove some userspace hardening but will gain almost
1 MiB additional flash memory space. Here is small size comparison of
similar device (RE365 v1) with default config + LuCI:
kernel rootfs sysupgrade
current: 2305728 3635044 5964584
small_flash: 1713571 3320132 5047080
1. https://github.com/openwrt/openwrt/issues/14215
Suggested-by: Sander Vanheule <sander@svanheule.net>
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Renumber backport patches starting from 000 to tidy things up.
Also fix patch name format for the mmc backport patch.
Refresh patches affected by this renumber change.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Move stmmac backport fix patches from ipq806x to generic backport
directory as they got merged upstream and they fix wide performance
regression.
This will eventually cause performance increase on any user of the
stmmac driver.
Generic patch automatically refreshed with make target/linux/refresh.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add support for Ubiquiti LiteBeam M5 (XW).
The device was previously supported in ar71xx.
See commit: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=d0988235dd277b9a832bbc4b2a100ac6e821f577
Add ALTX_MODEL for Ubiquiti AirGrid M5 HP (XW), Ubiquiti PowerBeam M5 300 (XW) in generic-ubnt.mk
This models are identical (firmware-wise) to the already supported Ubiquiti Nanostation Loco M (XW)
Add also Ubiquiti NanoBeam M5 to ALTX_MODEL of Ubiquiti Nanostation Loco M (XW) since it's another clone.
Tested on:
- Ubiquiti LiteBeam M5 (XW)
- Ubiquiti PowerBeam M5 (XW)
This also modify target/ath79/dts/ar9342_ubnt_xw.dtsi to use nvmem for calibration data
Checked that the caldata size in the eeprom partition are actually 0x440 on:
- Ubiquiti PowerBeam M5 (XW)
- Ubiquiti Nanostation M5 (XW)
- Ubiquiti LiteBeam M5 (XW)
- Ubiquiti AirGrid M5 HP (XW)
Signed-off-by: Samuele Longhi <agave@dracaena.it>
Bump the U-Boot version used for BCM53xx to the 2024.01
version that includes all the needed patches upstream, so we
can get rid of those in the process.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
It appears `md5` is no longer state of the art. Let's switch it to
something slightly newer to increase security.
Suggested-by: abnoeh <abnoeh@mail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Booting from non-MMC devices on Rockchip targets without this
change results in a boot failure:
Model: FriendlyElec NanoPi R5S
Net: eth0: ethernet@fe2a0000
Hit any key to stop autoboot: 0
** Booting bootflow 'nvme#0.blk#1.bootdev.part_1' with script
** No partition table - mmc 0 **
** No partition table - mmc 0 **
Couldn't find partition mmc 0:1
Can't set block device
Wrong Image Type for bootm command
ERROR -91: Protocol wrong type for socket: can't get kernel image!
Boot failed (err=1)
This change fixes the default boot script for Rockchip targets to
support booting from non-MMC devices such as NVMe or USB drives.
Some targets with only a boot rom (e.g. NanoPi R5S) may require u-boot
to be installed on the eMMC or a MicroSD card in order to boot from
non-MMC devices.
Fixes: #14420
Reviewed-by: Tianling Shen <cnsztl@immortalwrt.org>
Signed-off-by: Justin Klaassen <justin@tidylabs.app>
The GCC option -fstack-protector-all is a security feature used to protect against stack-smashing attacks.
This option enhances the stack-smashing protection provided by -fstack-protector-strong.
-fstack-protector-all option applies stack protection to all functions, regardless of their characteristics.
While this offers the most comprehensive protection against stack-smashing attacks, it can significantly impact
the performance of the program because every function call includes additional checks for stack integrity.
This option can incur a performance penalty because of the extra checks added to every function call,
but it significantly enhances security, making it harder for attackers to exploit buffer overflows to execute arbitrary code.
It's particularly useful in scenarios where security is paramount and performance trade-offs are acceptable.
Signed-off-by: Cedric DOURLENT <cedric.dourlent@softathome.com>
The WLAN + WED reset sequence relies on being able to receive interrupts from
the card, in order to synchronize individual steps with the firmware.
When WED is stopped, leave interrupts running and rely on the driver turning
off unwanted ones.
WED DMA also needs to be disabled before resetting.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
[Upstream Backport]
The range for the 5 GHz channel 118 was encoded with an incorrect
channel number.
Fixes: ed8e13decc71 (ACS: Extract bw40/80/160 freqs out of acs_usable_bwXXX_chan())
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
The raspberypi/userland repository has been deprecated and the RPi tools have
been moved to the raspberrypi/utils repository.
96a7334ae9
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>