TP-Link EAP245 v3 is an AC1750 (802.11ac Wave-2) ceiling mount access
point. UART access (for debricking) requires non-trivial soldering.
Specifications:
* SoC: QCA9563 (CPU/DDR/AHB @ 775/650/258 MHz)
* RAM: 128MiB
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n 3x3
* Wireless 5GHz (QCA9982): a/n/ac 3x3 with MU-MIMO
* Ethernet (QCA8337N switch): 2× 1GbE, ETH1 (802.3at PoE) and ETH2
* Green and amber status LEDs
* Reset switch (GPIO, available for failsafe)
Flashing instructions:
All recent firmware versions (latest is 2.20.0), can disable firmware
signature verification and use a padded firmware file to flash OpenWrt:
* ssh into target device and run `cliclientd stopcs`
* upload factory image via web interface
The stopcs-method is supported from firmware version 2.3.0. Earlier
versions need to be upgraded to a newer stock version before flashing
OpenWrt.
Factory images for these devices are RSA signed by TP-Link. While the
signature verification can be disabled, the factory image still needs to
have a (fake) 1024 bit signature added to pass file checks.
Debricking instructions:
You can recover using u-boot via the serial port:
* Serial port is available from J3 (1:TX, 2:RX, 3:GND, 4:3.3V)
* Bridge R237 to connect RX, located next to J3
* Bridge R225 to connect TX, located inside can on back-side of board
* Serial port is 115200 baud, 8n1, interrupt u-boot by holding ctrl+B
* Upload initramfs with tftp and upgrade via OpenWrt
Device mac addresses:
Stock firmware has the same mac address for 2.4GHz wireless and
ethernet, 5GHz is incremented by one. The base mac address is stored in
the 'default-mac' partition (offset 0x90000) at an offset of 8 bytes.
ART blobs contain no mac addresses.
From OEM ifconfig:
ath0 Link encap:Ethernet HWaddr 74:..:E2
ath10 Link encap:Ethernet HWaddr 74:..:E3
br0 Link encap:Ethernet HWaddr 74:..:E2
eth0 Link encap:Ethernet HWaddr 74:..:E2
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
TP-Link has introduced a compatibility level to prevent certain
downgrades. This information is stored in the soft-version partition,
changing the data length from 0xc to 0x10.
The compatibility level doesn't change frequently. For example, it has
the following values for the EAP245v3 (released 2018-Q4):
* FW v2.2.0 (2019-05-30): compat_level=0
* FW v2.3.0 (2019-07-31): compat_level=0
* FW v2.3.1 (2019-10-29): compat_level=1
* FW v2.20.0 (2020-04-23): compat_level=1
Empty flash values (0xffffffff) are interpreted as compat_level=0.
If a firmware upgrade file has a soft-version block without
compatibility level (data length < 0x10), this is also interpreted as
compat_level=0.
By including a high enough compatibility level in factory images, stock
firmware can be convinced to accept the image. A compatibility level
aware firmware will keep the original value.
Example upgrade log of TP-Link EAP245v3 FWv2.3.0 to FWv2.20.0:
[NM_Debug](nm_fwup_verifyFwupFile) 02073: curSoftVer:2.3.0 Build
20190731 Rel. 51932,newSoftVer:2.20.0 Build 20200423 Rel. 36779
...
AddiHardwareVer check: NEW(0x1) >= CUR(0x0), Success.
...
[NM_NOTICE](updateDataToNvram) 00575: Restore old additionalHardVer:
0x0.(new 0x1)
[NM_NOTICE](updateDataToNvram) 00607: PTN 07: name = soft-version,
base = 0x00092000, size = 0x00000100 Bytes, upDataType = 1,
upDataStart = 7690604b, upDataLen = 00000018
[NM_Debug](updateDataToNvram) 00738: PTN 07: write bytes = 000002eb
Other firmware upgrades have been observed to modify the compabitility
stored level (e.g. TP-Link EAP225-Outdoor FWv1.4.1 to FWv1.7.0).
Therefore, it seems to be the safest option to set the OpenWrt
compatibility level to the highest known value instead of the highest
possible value (0xfffffffe), to ensure users do not get unexpectedly
refused firmware upgrades when using a device reverted back to stock.
To remain compatible with existing devices and not produce different
images, the image builder doesn't store a compatibility level if it is
zero.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The soft-version partition actually contains a header and trailing data:
* header: {data length, [zero]}
* data: {version, bcd encoded date, revision}
The data length is currently treated as a magic number, but should
contain the length of the partition data.
This header is also present the following partitions (non-exhaustive):
* string-based soft-version
* support-list
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Enabled the ELF firmware partition splitter 4.19 and 5.4 in preparation
for the TP-Link EAP245v3 device support.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
To parse the ELF kernel loader, a small ELF parser is used that can
handle both ELF32 or ELF64 class loaders. The splitter assumes that the
kernel is always located before the rootfs, whether it is embedded in
the loader or not. If the kernel is located after the rootfs on the
firmware partition, then the rootfs splitter will include it in the
dynamically created rootfs_data partition and the kernel will be
corrupted.
The kernel image is preferably embedded inside the ELF loader, so the
end of the loader equals the end of the kernel partition. This is due to
the way mtd_find_rootfs_from searches for the the rootfs:
- if the kernel image is embedded in the loader, the appended rootfs may
follow the loader immediately, within the same erase block.
- if the kernel image is not embedded in the loader, but placed at some
offset behind the loader (OKLI-style loader), the rootfs must be
aligned to an erase-block after the loader and kernel image.
In case section header table is empty, determine the elf loader size by
finding the end of the last segment, as defined by the program header
table.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Currently the global variable PKG_FILE_MODES is used for all ipkg
creations. This works for Makefiles which output a single package, or
variants of a single package.
But if a Makefile outputs multiple packages that each contain different
files, setting PKG_FILE_MODES causes build failure when any of the files
in the variable do not exist in the folder that is currently being
packaged.
Example:
/openwrt/staging_dir/host/bin/fakeroot -l /openwrt/staging_dir/host/lib/libfakeroot.so -f /openwrt/staging_dir/host/bin/faked /openwrt/scripts/ipkg-build -m "/usr/lib/mariadb/plugin/auth_pam_tool_dir:root:376:0750" /openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks /openwrt/bin/packages/mips_24kc/packages
+chown: cannot access '/openwrt/build_dir/target-mips_24kc_musl/mariadb-10.4.13/ipkg-mips_24kc/mariadb-server-plugin-disks//usr/lib/mariadb/plugin/auth_pam_tool_dir': No such file or directory
This commit changes the file mode handling a bit. The file mode can now
be set either globally via PKG_FILE_MODES (no behavior change) or on a
per-package basis via FILE_MODES. This way specific file modes can be
used for any particular package.
This behavior is already used for other OpenWrt variables, hence it is
familiar:
PKG_MAINTAINER vs MAINTAINER
PKG_SOURCE_SUBDIR vs SUBDIR
PKG_LICENSE vs LICENSE
...
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Don't use bash syntax, because /bin/sh is used here.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Some environments, e.g. first gen WSL, do not support SysV IPC.
Enforce the use of TCP transport instead which should be universally
available.
Fixes: FS#3317
Ref: https://github.com/microsoft/WSL/issues/4067
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Minor cleanup and code reorganization, along with a change to not disable
offload anymore when a tkip or sw crypto key is added
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* compat: backport kfree_sensitive and switch to it
* netlink: consistently use NLA_POLICY_EXACT_LEN()
* netlink: consistently use NLA_POLICY_MIN_LEN()
* compat: backport NLA policy macros
Backports from upstream changes.
* peerlookup: take lock before checking hash in replace operation
A fix for a race condition caught by syzkaller.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
3d9bd73 utils: fix check_pid_path to work with deleted file as well
330f403 vlan: initialize device ifname earlier at creation time
c057e71 device: do not check state from within device_init
cb0c07b system-dummy: fix resolving ifindex
ccd9ddc bridge: add support for turning on vlan_filtering
82bcb64 bridge: add support for adding vlans to a bridge
0e8cea0 bridge: add support for VLAN filtering
6086b63 config: enable bridge vlan filtering by default for bridges that define VLANs
ac0710b device: look up full device name before traversing vlan chain
e32e21e bridge: flush vlan list on bridge free
645ceed interface-ip: clear host bits of the device prefix
d7b614a netifd-wireless: parse 'osen' encryption
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The uci-default mechanism to update the compat-version was only
meant for early DSA-adopters, which should have updated by now.
Remove this workaround again in order to prevent the intended
experiences for all the other people.
This reverts:
a9703db720 ("mvebu: fix sysupgrade experience for early DSA-adopters")
86c89bf5e8 ("kirkwood: fix sysupgrade experience for early DSA-adopters")
Partially reverted:
1eac573b53 ("ramips: mt7621: implement compatibility version for DSA migration")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This reverts commit e81e625ca3.
This was meant just for early DSA-adopters. Those should have
updated by now, remove it so future updaters get the intended
experience.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The Ed25519 key pairs are much shorter than RSA pairs and are supported
by default in OpenSSH. Looking at websites explaining how to create new
SSH keys, many suggest using Ed25519 rather than RSA, however consider
the former as not yet widely established. OpenWrt likely has a positive
influence on that development.
As enabling Ed25519 is a compile time option, it is currently not
possible to install the feature via `opkg` nor select that option in an
ImageBuilder.
Due to the size impact of **12kB** the option should only be enabled for
devices with `!SMALL_FLASH`.
This approach seems cleaner than splitting `dropbear` into two packages
like `dropbear` and `dropbear-ed25519`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
When the libmagic from the file package in the packages feed was also
compiled and provided its libmagic.so file, util-linux tried to link
against it. Avoid this by explicitly disable libmagic support.
This fixes the following build error:
Package more is missing dependencies for the following libraries:
libmagic.so.1
Fixes: 36d9ed360a ("util-linux: update to 2.36")
Acked-by: Sebastian Kemper <sebastian_ml@gmx.net>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[Add commit description]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This also sets the ABI_VERSION as this is a versioned shared library.
The ipk sizes for mips_24Kc change like this:
old:
jansson_2.12-1_mips_24kc.ipk 18.692
new:
jansson4_2.13.1-1_mips_24kc.ipk 19.171
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Manually merged:
hack-5.4
230-openwrt_lzma_options.patch
bcm27xx
950-0283-hid-usb-Add-device-quirks-for-Freeway-Airmouse-T3-an.patch
x86
011-tune_lzma_options.patch
Remove upstreamed patches in collaboration with Ansuel Smith:
ipq806x
093-1-v5.8-ipq806x-PCI-qcom-Add-missing-ipq806x-clocks-in-PCIe-driver.patch
093-2-v5.8-ipq806x-PCI-qcom-Change-duplicate-PCI-reset-to-phy-reset.patch
093-3-v5.8-ipq806x-PCI-qcom-Add-missing-reset-for-ipq806x.patch
All other modifications made by update_kernel.sh
Build-tested: bcm27xx/bcm2708, ipq806x, x86/64
Run-tested: ipq806x (R7800), x86/64
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
[update commit message/tested]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Devices with 4M flash are not built be default for 20.xx anymore.
Building them with buildbot settings does not work anymore anyway.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This applies the vendor_model scheme for this target as well, so
naming is consistent throughout supported targets.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
AR2315 Ethernet driver pass NULL instead of a real device pointer to DMA
(un-)map calls. With kernel version 5.4 such behaviour causes a kernel
panic. Fix this issue by preserving device pointer during the probe
procedure and pass it to each skb data DMA (un-)map call.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Rework ethernet supported link modes to linkmode bitmask.
This is needed to suppress compilation errors:
drivers/net/ethernet/atheros/ar231x/ar231x.c:1153:20: ...
error: assignment to expression with array type
phydev->supported &= (SUPPORTED_10baseT_Half
^~
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
[cut out of bigger patch, adjust commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Kernel commit e7bfb3fdbde3 ("mtd: Stop updating erase_info->state
and calling mtd_erase_callback()") removed erase_info->state
updates and calls of mtd_erase_callback().
Drop these erase callback invocations from AR2315 MTD driver as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Discussion on the mailing list reveals that this target has active
users. As we are finally able to upgrade this target to kernel 5.4,
add it back to master.
This reverts commit 7d29a55714 ("ath25: drop target") and
immediately moves the relevant files to 5.4, without touching
the content.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This is the same as loader-kernel since the KERNEL_CMDLINE
parameter has been removed in [1] and not used at all anyway.
Remove it.
[1] f77db1a590 ("ath79: cleanup image build code")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Paul Spooren <mail@aparcar.org>
This patch adds support for D-Link DIR-2660 A1.
Specifications:
* Board: AP-MTKH7-0002
* SoC: MediaTek MT7621AT
* RAM: 256 MB (DDR3)
* Flash: 128 MB (NAND)
* WiFi: MediaTek MT7615N (x2)
* Switch: 1 WAN, 4 LAN (Gigabit)
* Ports: 1 USB 2.0, 1 USB 3.0
* Buttons: Reset, WPS
* LEDs: Power (white/orange), Internet (white/orange), WiFi 2.4G (white),
WiFi 5G (white), USB 3.0 (white), USB 2.0 (white)
Notes:
* WiFi 2.4G and WiFi 5G LEDs are wired directly to the wireless chips
Installation:
* D-Link Recovery GUI: power down the router, press and hold the reset
button, then re-plug it. Keep the reset button pressed until the power
LED starts flashing orange, manually assign a static IP address under
the 192.168.0.xxx subnet (e.g. 192.168.0.2) and go to http://192.168.0.1
* Some modern browsers may have problems flashing via the Recovery GUI,
if that occurs consider uploading the firmware through cURL:
curl -v -i -F "firmware=@file.bin" 192.168.0.1
MAC addresses:
lan factory 0xe000 *:a7 (label)
wan factory 0xe006 *:aa
2.4 factory 0xe000 +1 *:a8
5.0 factory 0xe000 +2 *:a9
Seems like vendor didn't replace the dummy entries in the calibration data.
Signed-off-by: Josh Bendavid <joshbendavid@gmail.com>
[rebase onto already merged DIR-1960 A1, add MAC addresses to commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Devices with PCIe-Switches like the WNDR4700, MR24 and WNDAP660
need to have the interrupts property specified in the device-tree
for the legacy pci interrupt signaling method to work.
If the proper interrupt value is not specified, the default INTA
IRQ 12 is taken for all devices. This is especially bad, if the
device is setup to use INTC, because these interrupts will not
be serviced.
Russell Senior reported his experience on the MR24:
"The symptom is client devices can't see the beacons.
Wifi ifaces appear, can scan and hear other networks,
but clients can't see the MR24's SSIDs."
(The interrupts-property on the WNDAP620 was optional since it
uses INTA by default. Likewise the MX60W is in the same category)
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The LED's "label" property has been deprecated in upstream by:
|commit c5d18dd6b64e09dd6984bda9bdd55160af537a8c
|Author: Jacek Anaszewski <jacek.anaszewski@gmail.com>
|Date: Sun Jun 9 20:19:04 2019 +0200
|
| dt-bindings: leds: Add properties for LED name construction
|
| Introduce dedicated properties for conveying information about
| LED function and color. Mark old "label" property as deprecated.
|
| Additionally function-enumerator property is being provided
| for the cases when neither function nor color can be used
| for LED differentiation.
in order to be somewhat prepared, this patch adds a fallback
as a last resort to make the current led code work by falling
back to the node-name as the "label".
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
af30be0 Fix setting prefix for IPv6 link-local addresss
0314df4 Disable asking password again when prompt program returns 128
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Adding inline shell invocations in per-target variables causes them to be
executed over and over again, which causes a significant slowdown.
Fix this by evaluating it only once per package directory
Signed-off-by: Felix Fietkau <nbd@nbd.name>