This fixes passing a bogus non-null pointer to the ubus handler in case
the transition request is rejected.
Signed-off-by: David Bauer <mail@david-bauer.net>
Both hostapd and netifd attempt to add a VLAN device to a bridge.
Depending on which one wins the race, bridge vlan settings might be incomplete,
or hostapd might run into an error and refuse to service the client.
Fix this by preventing hostapd from adding interfaces to the bridge and
instead rely entirely on netifd handling this properly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
c61a1d432b34 wireless: fix creating AP mode WDS station interfaces
f78bdec2ed5f wireless: fix handling vif attributes on reload with mode change
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Refactor so that the outer function opens and closes the mei fd and
passes it around, just as with the main fd.
That also allows us to use the IOCTL macro in get_vector_status() and
clean up accordingly.
Switch to AUTORELEASE while at it.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Add in a fix for 160Mhz dfs on 5.10 and higher.
Add support for 5.13 and 5.15 kernels.
Add of_get_mac_address support for 5.15 driver.
Signed-off-by: Andrew Robbins <andrew@robbinsa.me>
The nl80211 was out of sync with the version used in our backports. This
broke the configuration of the antenna gain.
Fixes: 2bfac61483 ("mac80211: backport support for BSS color changes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
They're preferred terminal descriptions for tmux, with additional support to
some special characters and italic fonts. More info can be found at:
https://github.com/tmux/tmux/wiki/FAQ
Fixes: FS#3404
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
When a ubus event handler denies a association with a non-zero return
value, the code jumps to preceeding code, creating an endless loop until
the event handler accepts the assc request.
Move the ubus handler further up the code to avoid creating such a loop.
Signed-off-by: David Bauer <mail@david-bauer.net>
Right now when I want to temporarily disable wg peer I need to delete
the entire peer section. This is not such a good solution because I
loose the previous configuration of the peer.
This patch adds `disabled` option to peer config which causes that
the config section is ignored.
Signed-off-by: Stepan Henek <stepan.henek@nic.cz>
[use $(AUTORELEASE)]
Signed-off-by: Paul Spooren <mail@aparcar.org>
This introduces support for hardware flow offloading, which was added in
in nftables 0.9.9.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
It's the default anyway and this just looks confusing, as if it wasn't.
Switch to AUTORELEASE while at it.
The binary size is unchanged.
Signed-off-by: Andre Heider <a.heider@gmail.com>
This gates out anything that might introduce semantically frivolous jitter,
maximizing chance of identical object files.
The binary size shrinks by 8kb:
1244352 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
Signed-off-by: Andre Heider <a.heider@gmail.com>
"Alternate certification chains, as oppossed to requiring full chain
validataion. Certificate validation behavior is relaxed, similar to
openssl and browsers. Only the peer certificate must validate to a trusted
certificate. Without this, all certificates sent by a peer must be
used in the trust chain or the connection will be rejected."
This fixes e.g. uclient-fetch and curl connecting to servers using a Let's
Encrypt certificate which are cross-signed by the now expired
DST Root CA X3, see [0].
This is the recommended solution from upstream [1].
The binary size increases by ~12.3kb:
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1248704 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
[0] https://github.com/openwrt/packages/issues/16674
[1] https://github.com/wolfSSL/wolfssl/issues/4443#issuecomment-934926793
Signed-off-by: Andre Heider <a.heider@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: David Bauer <mail@david-bauer.net>
Until now, this feature was switched on via the kernel configuration
option KERNEL_SECCOMP.
The follwing change a7f794cd2a now requires that
the package procd-seccomp must also enabled for buildinmg.
However, this is not the case we have no dependency and the imagebuilder
cannot build the image, because of the implicit package selection.
This change adds a new configuration option CONFIG_SECCOMP.
The new option has the same behaviour as the configuration
option CONFIG_SELINUX.
If the CONFIG_SECCOMP is selected then the package procd-seccomp and
KERNEL_SECCOMP is enabled for this build.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The existing wnm_disassoc_imminent ubus method only supports issuing a
bss transition request with the disassoc imminent flag set.
For use-cases, where the client is requested to roam to another BSS
without a pending disassoc, this existing method is not suitable.
Add a new bss_transition_request ubus method, which provides a more
universal way to dispatch a transition request. It takes the following
arguments:
Required:
addr: String - MAC-address of the STA to send the request to (colon-seperated)
Optional:
abridged - Bool - Indicates if the abridged flag is set
disassociation_imminent: Bool - Whether or not the disassoc_imminent
flag is set
disassociation_timer: I32 - number of TBTTs after which the client will
be disassociated
validity_period: I32 - number of TBTTs after which the beacon
candidate list (if included) will be invalid
neighbors: blob-array - Array of strings containing neighbor reports as
hex-string
Signed-off-by: David Bauer <mail@david-bauer.net>
To allow steering daemons to be aware of the STA-decided transition
target, publish WNM transition responses to ubus. This way, steerings
daemons can learn about STA-chosen targets and send a better selection
of transition candidates.
Signed-off-by: David Bauer <mail@david-bauer.net>
97bcdcf uxc: fix segfault caused by use-after-free
6398e05 uxc: don't free the stack
324ebd0 jail: fs: add support for asymmetric mount bind
c44ab7f jail: netifd: generate netifd uci config and mount it
82dd390 jail: make use of per-container netifd via ubus
The new per-jail netifd is now configured by filtering the host
network configuration. As libuci is used for that, procd-ujail now
depends on libuci.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This reverts commit f536f5ebdd.
As Hauke commented, this causes builder failures on 5.4 kernels.
This revert includes changes to the mx100 kernel modules
dependency as well as the uci led definitions.
Tested-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This adds a userspace interpretation of the nu801 driver used by Meraki
hardware. Previously this was a driver that was added per target, but as
multiple targets now have this driver, we should move to something that
can be shared by all targets since no driver exists upstream.
Co-developed-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Kernel has added the different variants of the Rock Pi 4 in commit
b5edb0467370 ("arm64: dts: rockchip: Mark rock-pi-4 as rock-pi-4a
dts"). The former Rock Pi 4 is now Rock Pi 4A.
For compatibility with kernel 5.4, this rename has been held back
so far. Having switched to kernel 5.10 now, we can finally apply
it in our tree as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The GPIO_DEVICE symbol belonged to a custom driver that was removed from
OpenWrt in 2012. The symbol never existed in the upstream kernel.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Update busybox to version 1.34.1, which is a minor
maintenance release. It contains just the two post-1.34.0
upstream patches that we earlier backported plus a few fixes
to awk.
* Remove the two backported upstream patches that are
now unnecessary.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
U-Boot 2021.10 has been released.
Rebase mediatek patches on top of new release and remove some patches
which have been merged upstream.
Tested on Bananapi BPi-R2 (mt7623), Bananapi BPi-R64 (mt7622) and
Linksys E8450 (mt7622).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Bring the usage in line with the dnsmasq man page and the other options
where set: is mandatory.
No functional change.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Nobody ever updates PKG_RELEASE when changing devices or setup in
the various uboot-* packages. Use $(AUTORELEASE) so we still have
proper versioning there.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This simplifies some operations as it doesn't have to be caculated over
and over. It will also allow adding support for more vendor formats.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Globalscale MOCHAbin is a Armada 7040 based development board.
Specifications:
* Armada 7040 Quad core ARMv8 Cortex A-72 @ 1.4GHz
* 2 / 4 / 8 GB of DDR4 DRAM
* 16 GB eMMC
* 4MB SPI-NOR (Bootloader)
* 1x M.2-2280 B-key socket (for SSD expansion, SATA3 only)
* 1x M.2-2250 B-key socket (for modems, USB2.0 and I2C only)
* 1x Mini-PCIe 3.0 (x1, USB2.0 and I2C)
* 1x SATA 7+15 socket (SATA3)
* 1x 16-pin (2×8) MikroBus Connector
* 1x SIM card slot (Connected to the mini-PCIe and both M.2 slots)
* 2x USB3.0 Type-A ports via SMSC USB5434B hub
* Cortex 2x5 JTAG
* microUSB port for UART (PL2303GL/PL2303SA onboard)
* 1x 10G SFP+
* 1x 1G SFP (Connected to 88E1512 PHY)
* 1x 1G RJ45 with PoE PD (Connected to 88E1512 PHY)
* 4x 1G RJ45 ports via Topaz 88E6141 switch
* RTC with battery holder (SoC provided, requires CR2032 battery)
* 1x 12V DC IN
* 1x Power switch
* 1x 12V fan header (3-pin, power only)
* 1x mini-PCIe LED header (2x0.1" pins)
* 1x M.2-2280 LED header (2x0.1" pins)
* 6x Bootstrap jumpers
* 1x Power LED (Green)
* 3x Tri-color RGB LEDs (Controllable)
* 1x Microchip ATECC608B secure element
Note that 1G SFP and 1G WAN cannot be used at the same time as they are in
parallel connected to the same PHY.
Installation:
Copy dtb from build_dir to bin/ and run tftpserver there:
$ cp ./build_dir/target-aarch64_cortex-a72_musl/linux-mvebu_cortexa72/image-armada-7040-mochabin.dtb bin/targets/mvebu/cortexa72/
$ in.tftpd -L -s bin/targets/mvebu/cortexa72/
Connect to the device UART via microUSB port and power on the device.
Power on the device and hit any key to stop the autoboot.
Set serverip (host IP) and ipaddr (any free IP address on the same subnet), e.g:
$ setenv serverip 192.168.1.10 # Host
$ setenv ipaddr 192.168.1.15 # Device
Set the ethernet device (Example for the 1G WAN):
$ setenv ethact mvpp2-2
Ping server to confirm network is working:
$ ping $serverip
Using mvpp2-2 device
host 192.168.1.15 is alive
Tftpboot the firmware:
$ tftpboot $kernel_addr_r openwrt-mvebu-cortexa72-globalscale_mochabin-initramfs-kernel.bin
$ tftpboot $fdt_addr_r image-armada-7040-mochabin.dtb
Boot the image:
$ booti $kernel_addr_r - $fdt_addr_r
Once the initramfs is booted, transfer openwrt-mvebu-cortexa72-globalscale_mochabin-squashfs-sdcard.img.gz
to /tmp dir on the device.
Gunzip and dd the image:
$ gunzip /tmp/openwrt-mvebu-cortexa72-globalscale_mochabin-squashfs-sdcard.img.gz
$ dd if=/tmp/openwrt-mvebu-cortexa72-globalscale_mochabin-squashfs-sdcard.img of=/dev/mmcblk0 && sync
Reboot the device.
Hit any key to stop the autoboot.
Reset U-boot env and set the bootcmd:
$ env default -a
$ setenv bootcmd 'load mmc 0 ${loadaddr} boot.scr && source ${loadaddr}'
Optionally I would advise to edit the console env variable to remove earlycon as that
causes the kernel to never use the driver for the serial console.
Earlycon should be used only for debugging before the kernel can configure the console
and will otherwise cause various issues with the console.
$ setenv console 'console=ttyS0,115200'
Save and reset
$ saveenv
$ reset
OpenWrt should boot from eMMC now.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Fix BPi-R2 GPIO LEDs to indicate boot into production or recovery
firmware in DTS and define them in default environment.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
186f6eaeba70 wireless: display log messages for setup/teardown/retry
fac471c4934a wireless: process and close script file descriptor when rerunning setup
62e2bb56f48e main: poll process log stream even if processes are killed
0e311d3f2d1a wireless: reset number of retries on config change
e467e0ff44c0 wireless: reset retry counter when setup succeeds
448ffc154fe7 wireless: fix index for stations
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Even though TRACEPOINTS is not enabled in my kernel config, my build
fails due to KVM_MMU_AUDIT being missing. Add this symbol to kmod-kvm to
fix this.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
In hostapd_ubus_add_bss(), ubus objects are not registered for mesh
interfaces. This provokes a segfault when accessing the ubus object in
mesh deinit.
This commit adds the same condition to hostapd_ubus_free_bss() for
discarding those mesh interfaces.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
The `mkdir` commands supports passing multiple arguments to batch create
multiple folders, instead of calling the tool every single time.
If the creation of one of the folders fails, all other folder are still
created and therefore doesn't change the error handling.
Also stop creating `/etc/` explicitly after subfolders of `/etc/` were
already created.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The `sed`-script shouldn't be called multiple times, especially not with
the same files.
This commit merges all files together in a single `sed`-script call.
Signed-off-by: Paul Spooren <mail@aparcar.org>
For some reason, the build system chops off the last number from the version,
which is not correct. Add it back.
Update hash.
Fixes: 96c7164acd ("restool: update to LSDK-20.12")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[add Fixes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The official Plasma Cloud firmware adjusted the BDFs to contain new
conformance test limits and target power values. These should be imported
to avoid emissions outside the allowed limits.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Currently, the fstab service starts after the log service which breaks
the ability to write a persistent log file to a filesystem mounted by
the fstab service. Thus, change the start order of the fstab service so
it starts right before the log service.
Fixes: b131853 ("ubox: update to latest git revision")
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[set to 11 to be explicitly before log, not only alphabetically, SPDX]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fixes compilation with GCC11.
Kept PKG_VERSION as there's some bug that chops off the 12 at the end.
Refreshed other patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fixes compilation with both GCC 10 and 11.
Switched to AUTORELEASE for simplicity.
Removed PKG_VERSION as it's derived from PKG_SOURCE_VERSION.
Removed all patches as they are upstream backports.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Delete tunnel on 6rd interface teardown.
Should solve problem related to tunnel stuck on restart loop
with "Unknown Command" on tunnel restart due to wan connection drop.
This patch is similar to the one written by Ansuel on Aug 2, 2021
but the 6rd teardown produces the same symptoms when the network
service is restarted.
Signed-off-by: David Lam <david@thedavid.net>
GCC 10 defaults to `-fno-common` and complains about multiple definition
of `mc_status` in restool.
Backport a patch from upstream to fix compilation with host GCC 10.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
c62d85cf7a0d bridge: check port bpdu filter status and apply it to the config
25555611be91 libnetlink: turn rtnetlink error answers into debug msgs
462b3a491347 build: use pthread cflags/ldflags
Signed-off-by: Felix Fietkau <nbd@nbd.name>
d590fbd255ce wireless: always enable bpdu filter for AP interfaces and VLANs
f8ff6d820283 system-linux: remove copy&paste from /proc and /sys path names
300b1220fab3 wireless: improve reliability of proxyarp support
5ba9744aac6d device: add support for configuring bonding devices
6fa9b042ff4d wireless: only apply wireless device attributes to the base vif interface
06d11bbf1f2b wireless: only enable proxyarp/isolate for AP vifs
08e954e137ff bonding: claim the port device before creating the bonding device
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This adds the hash also for the aarch64 toolchain in addition to the
x86_64 toolchain. This gets the build on a Linux aarch64 host one step
further.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update iproute2 to latest stable 5.14; for the changes see https://lwn.net/Articles/867940/
Refresh patches
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
8a60e7e trace: don't leak file descriptor in error path
68df9ac procd: fix container deletion
f16abe0 uxc: add JSON output option for 'list' command
a23c888 jail: prepare for adding process to existing namespace
50da8a4 instance: allow jailed service to join namespace(s)
482d1ab Revert "jail: do not hack /etc/resolv.conf on container rootfs"
1eb4371 jail: start ubus and netifd instances for container with netns
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
bump version and remove patches that have been applied
176d701 wtmi: Wait 1s after putting PHYs INTn pin low
2eeccfe wtmi: Change comment describing reset workaround
e8c94a5 wtmi: Count RAM size from both CS0 and CS1
995979e wtmi: Rename macro
e29eb29 wtmi: soc: Fix start_ap_workaround() for TF-A with debug
81245ed wtmi: Use constant name PLAT_MARVELL_MAILBOX_BASE
18ccb83 wtmi: Do a proper UART reset with clock change as described in spec
15ff106 avs: Validate VDD value from OTP
3f33626 fix: clock: a3700: change pwm clock for 600/600 and 1200/750 preset
fb5e436 wtmi: uart: fix UART baudrate divisor calculation
Signed-off-by: sean lee <ilf@live.com>
Summary of upstream CHANGELOG:
* Handle DHCPREBIND requests in the DHCPv6 server code.
* Fix bug which caused dnsmasq to lose track of processes forked.
* Major rewrite of the DNS server and domain handling code.
* Revise resource handling for number of concurrent DNS queries.
* Improve efficiency of DNSSEC.
* Connection track mark based DNS query filtering.
* Allow smaller than 64 prefix lengths in synth-domain.
* Make domains generated by --synth-domain appear in replies
when in authoritative mode.
* Ensure CAP_NET_ADMIN capability is available when
conntrack is configured.
* When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are
given a directory as argument, define the order in which
files within that directory are read.
* Support some wildcard matching of input tags to --tag-if.
Signed-off-by: Etan Kissling <etan.kissling@gmail.com>
Changes from 4.7.0:
Fix one high (OCSP verification issue) and two low vulnerabilities
Improve compatibility layer
Other improvements and fixes
For detailed changes refer to https://github.com/wolfSSL/wolfssl/releases
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
The ZyXEL GS1900-24HPv2 is a 24 port PoE switch with two SFP ports, similar to the other GS1900 switches.
Specifications
--------------
* Device: ZyXEL GS1900-24HPv2
* SoC: Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash: 16 MiB
* RAM: W631GG8MB-12 128 MiB DDR3 SDRAM
(stock firmware is configured to use only 64 MiB)
* Ethernet: 24x 10/100/1000 Mbps, 2x SFP 100/1000 Mbps
* LEDs: 1 PWR LED (green, not configurable)
1 SYS LED (green, configurable)
24 ethernet port link/activity LEDs (green, SoC controlled)
24 ethernet port PoE status LEDs
2 SFP status/activity LEDs (green, SoC controlled)
* Buttons: 1 "RESTORE" button on front panel
1 "RESET" button on front panel
* Power 120-240V AC C13
* UART: 1 serial header (J41) with populated standard pin connector on
the left edge of the PCB, angled towards the side.
The casing has a rectangular cutout on the side that provides
external access to these pins.
Pinout (front to back):
+ GND
+ TX
+ RX
+ VCC
Serial connection parameters for both devices: 115200 8N1.
Installation
------------
OEM upgrade method:
(Possible on master once https://patchwork.ozlabs.org/project/openwrt/patch/20210624210408.19248-1-bjorn@mork.no/ is merged)
* Log in to OEM management web interface
* Navigate to Maintenance > Firmware > Management
* If "Active Image" has the first option selected, OpenWrt will need to be
flashed to the "Active" partition. If the second option is selected,
OpenWrt will need to be flashed to the "Backup" partition.
* Navigate to Maintenance > Firmware > Upload
* Upload the openwrt-realtek-generic-zyxel_gs1900-24hp-v2-initramfs-kernel.bin
file by your preferred method to the previously determined partition.
When prompted, select to boot from the newly flashed image, and reboot the switch.
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/openwrt-realtek-generic-zyxel_gs1900-24hp-v2-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
* Since the GS1900-24HPv2 is a dual-partition device, you want to keep the OEM
firmware on the backup partition for the time being. OpenWrt can only boot
from the first partition anyway (hardcoded in the DTS). To make sure we are
manipulating the first partition, issue the following commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-24hp-v2-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/openwrt-realtek-generic-zyxel_gs1900-24hp-v2-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
Signed-off-by: Soma Zambelly <zambelly.soma@gmail.com>
The ipq-wifi-netgear_wac510 package is not selected by any device and would
be empty anyway. The default board-2.bin from ath10k-board-qca4019 is
therefore used for this device and the package doesn't provide any visible
features.
Fixes: b126d9c3a3 ("ipq40xx: add netgear wac510 support")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
When doing parallel build on a fast machine with bottleneck in i/o,
m_xt.so may start linking faster than dynsyms.list gets populated,
resulting in error:
ld:dynsyms.list:0: syntax error in dynamic list
Fix this by adding dynsyms.list as make dependency to m_xt.so
Described also here:
https://bugs.openwrt.org/index.php?do=details&task_id=3353
Change from v1:
- add dynsysms.list dependancy only when shared libs are enabled
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Fixes: FS#3353
Sitecom WLR-4100 v1 002 (marked as X4 N300) is a wireless router
Specification:
SoC: MT7620A
RAM: 64 MB DDR2
Flash: MX25L6405D SPI NOR 8 MB
WIFI: 2.4 GHz integrated
Ethernet: 5x 10/100/1000 Mbps QCA8337
USB: 1x 2.0
LEDS: 2x GPIO controlled, 5x switch
Buttons: 1x GPIO controlled
UART: row of 4 unpopulated holes near USB port, starting count from
white triangle on PCB:
VCC 3.3V
GND
TX
RX
baud: 115200, parity: none, flow control: none
Installation
Connect to one of LAN (yellow) ethernet ports,
Open router configuration interface,
Go to Toolbox > Firmware,
Browse for OpenWrt factory image with dlf extension and hit Apply,
Wait few minutes, after the Power LED will stop blinking, the router is
ready for configuration.
Known issues
Some USB 2.0 devices work at full speed mode 1.1 only
MAC addresses
factory partition only contains one (binary) MAC address in 0x4.
u-boot-env contains four (ascii) MAC addresses, of which two appear
to be valid.
factory 0x4 **:**:**:**:b9:84 binary
u-boot-env ethaddr **:**:**:**:b9:84 ascii
u-boot-env wanaddr **:**:**:**:b9:85 ascii
u-boot-env wlanaddr 00:AA:BB:CC:DD:12 ascii
u-boot-env iNICaddr 00:AA:BB:CC:DD:22 ascii
The factory firmware only assigns ethaddr. Thus, we take the
binary value which we can use directly in DTS.
Additional information
OEM firmware shell password is: SitecomSenao
useful for creating backup of original firmware.
There is also another revision of this device (v1 001), based on RT3352 SoC
Signed-off-by: Andrea Poletti <polex73@yahoo.it>
[remove config DT label, convert to nvmem, remove MAC address
setup from u-boot-env, add MAC address info to commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Update busybox to version 1.34.0
* Remove upstreamed patches (205, 530, 540)
* Remove one old patch that does not apply any more. (203)
That was originally introduced in 2008 with 563d23459,
but does not apply after busybox restructuring with
https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?h=1_34_stable&id=e6007c4911c3ea26925f9473b9f156a692585f30
and
https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?h=1_34_stable&id=1c7253726fcbab09917f143f0b703efbd2df55c3
* Refresh config and patches.
* Backport upstream fixes for
- MIPS compilation breakage and
- process substitution regression
Config refresh:
Refresh commands, run after busybox is first built once:
cd utils/busybox/
cd config/
../convert_menuconfig.pl ../../../../build_dir/target-aarch64_cortex-a53_musl/busybox-default/busybox-1.34.0
cd ..
./convert_defaults.pl < ../../../build_dir/target-aarch64_cortex-a53_musl/busybox-default/busybox-1.34.0/.config > Config-defaults.in
Manual edits needed afterward:
* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
BUSYBOX_DEFAULT_FEATURE_IPV6
* Config-defaults.in: OpenWrt configTARGET_bcm53xx logic applied to
BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)
* Config-defaults.in: OpenWrt logic applied to
BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)
BUSYBOX_DEFAULT_UDHCPC_DEFAULT_INTERFACE (just "")
* config/editors/Config.in: Add USE_GLIBC dependency to
BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)
* config/shell/Config.in : change at "Options common to all shells" the symbol
SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
(discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
Apparently our script does not see the hidden option while
prepending config options with "BUSYBOX_CONFIG_" which leads to a
missed dependency when the options are later evaluated.)
* Edit Config.in files by adding quotes to sourced items in
config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
929c862 vm: fix toplevel function call protocol
8f34d70 fs: fix chown() and rename() error return values
03ca445 tests: disable fuzz tests for now
3b1be3d types: mark further GC roots
d49af4e types: fix comparison of differently signed integers
c79ff39 types: handle conversion errors when dealing with negative error indexes
3315b1f types: allow negative array indexes
d5b25f9 treewide: harmonize function naming
cc4ce8d module: remove unused defines
f5d7526 examples: add libucode usage examples
559eff2 types, vm: adjust GC api
e5e7e62 treewide: move header files into dedicated directory
ff6168a build: install header files
7e6ce0f main: introduce new flag `-x` to allow disabling specific functions
b1817b3 vm: fix invalid memory access on GC'ing uninitialized VM context
498fe87 main: refactor option parsing and VM setup
ff52440 treewide: consolidate typedef naming
1d60418 vm: add API to control trace mode
48f33ad vm: make root exception handler configurable
0f69f09 vm: fix invalid memory access on toplevel function calls
6bcc318 vm: fix handling exceptions in top-level function calls
4ae0568 lib, vm: reimplement exit() as exception type
2f77657 vm: extend API to allow returning result value from VM execution
111645a vm: remove module preloading logic
38ff6de main: preload modules ourselves
d5bc223 vm: add uc_vm_invoke() helper
ef0baf1 vm: cosmetic fix for outputting exceptions without source context
b11a2fa vm: move global scope allocation into uc_vm_init()
900b2a3 vm: add getter and setter for vm globals scope
0179576 lib: rename uc_add_proto_functions() to uc_add_functions()
98b9c84 lib: expose stdlib function array
1adfba0 treewide: eliminate dead code and unused functions
3974e71 treewide: replace a number of unnecessary type casts
bf85226 treewide: move ressource type registry into vm instance
e2b3d2e build: split into libucode and ucode cli
dad8f3a types: properly deal with circular data in GC mark phase
62dbd64 lexer: rename UT_ prefixed constants to UC_
bc8e465 types: fix wrong assert() on tearing down object trees
853b9f1 vm: fix potential invalid memory access in uc_vm_get_error_context()
6f05cdd lib: fix refcount imbalance in uc_require_path()
96f140b lib, vm: ensure that require() compiles modules only once
df5db5f compiler: don't segfault on invalid declaration expressions
a97c7a1 lexer: transition into EOF state on unrecognized character
2a838d1 compiler: improve mapping of binary operator tokens to instructions
9872f65 vm: add support for I_LE and I_GE instructions
4e410c3 treewide: let uc_cmp() use instruction instead of token numbers
ce6081d lexer, vm: reorder token and instruction numbers
234a4f6 lib: implement b64enc() and b64dec() functions
856a0c0 lib: only consider context of calling function for callbacks
86fb130 lib: implement min() and max() functions
3e893e6 lib: pass-through "this" context to library function callbacks
42de7ab lib: implement `sourcepath()` function
05c80a7 lib: fix negative uc_index() return value on 32bit systems
9874562 lexer: implement raw code mode
3b665c8 lexer: drop value union from keyword table
44354cf lexer, compiler: separate TK_BOOL token into TK_TRUE and TK_FALSE tokens
5879bdf syntax: drop Infinity and NaN keywords
d4edadc lib: rename uc_lib_init() to uc_load_stdlib()
d81bad7 main, lib: move allocation of globals object into lib function
c4f4b38 main: simplify REQUIRE_SEARCH_PATH initialization
54ca3aa types: fix uninitialized memory on setting non-contiguous array indexes
cbc0d78 build: let require search patch default to CMAKE_INSTALL_PREFIX
5714705 syntax: introduce `const` support
ed32c42 compiler, lexer: add NO_LEGACY define to disable legacy syntax features
ff6811f syntax: implement `delete` as proper operator
5803d86 lib: implement wildcard() function
dfb7379 fs: implement chmod(), chown(), rename() and glob() functions
1ddf5b6 lexer: skip interpreter line in any source buffer
9951a00 build: lower minimum required CMake version to v3.13
7b81ab2 main: expose argv as global ARGV array to ucode scripts
7283a70 tests: rename misnamed testcases for consistency
3f80116 compiler: fix local for-loop initializer variable declarations
f20b56f compiler: properly parse slashes in parenthesized division expressions
5c4e1ea lib: implement regexp(), a function to construct regexp instances at runtime
e546bba lib: implement render(), an include variant capturing output in a string
0cb10c6 vm: implement mechanism to change output file descriptor
eb8a64d lib: fix uc_sort()
f1ffc9f vm: truncate long values after 60 chars in trace output
850612f compiler: properly handle break/continue in nested scopes
f0a9875 compiler: properly handle keyword in parenthesized property access expression
1660433 compiler: fix stack mismatch on compiling `use strict` statements
a36e0df syntax: implement support for 'use strict' pragma
827a34a vm, compiler: get rid of unused struct members
594cdf3 lib: implement assert()
c4d1648 lib: add support for pretty printing JSON to printf() and sprintf()
f2eaea3 lib: gracefully handle truncated format strings in uc_printf_common()
02629b8 lexer: fix infinite loop on parsing unterminated comments
2bc9bac lexer: fix infinite loop on parsing unterminated expression blocks
f73e201 lexer: fix infinite loop when parsing regexp literal at EOF
86b4863 compiler: fix segfault on parsing invalid pre/post increment expressions
0e24509 lib: fix reporting source context lines at EOF
e66b2ad compiler, lexer: improve lexical state handling
e29b574 lib: fix uc_split() quirks
64eec7f treewide: ISO C / pedantic compliance
4af803d build: output error messages on test failures
9ef693e vm: improve context for early errors
6def9fc tests: pass ucode library path through environment
d5dd183 treewide: address various sign-compare warnings
28825ac types: support creating ressource values without associated type
9c5106a types: fix potential memory leaks and null pointer accesses
c51934a types: fix potential leak of key in ucv_object_add()
7b28727 main: fix ineffective EOF check in parse()
4cf897c lib: uc_system(): fix invalid free() of non-heap memory
35af4ba treewide: rework internal data type system
f2c4b79 treewide: fix issues reported by clang code analyzer
93ededb tests: allow executing run_tests.sh from any directory
0e4a387 Add initial GitLab and GitHub CI support
df73b25 tests: add more tests
41d33d0 tests: custom: return exit code if tests fails
1c548a6 cmake: do not output binaries into lib directory
2b59097 tests: create custom tests from current tests cases
8039361 main: provide just binary name in help output
778e4f7 lexer: fix incomplete struct initializers
502ecdc cmake: enable extra compiler checks
3c2aeff cmake: fix includes and libraries
617a114 cmake: make 3.0 minimum version
f360350 lib: implement sleep(ms) function
7f0ff91 lib: allow parsing non-array, non-object value in json()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Change the CONFLICTS definition from the alternative package
(ethtool-full) to the main one.
The CONFLICTS line creates a dependency to the conflicting package.
Right now, the dependency would be created in the PACKAGE_ethtool-full
symbol:
config PACKAGE_ethtool-full
depends on m || (PACKAGE_ethtool != y)
When the main package is selected by airmon-ng, it selects
PACKAGE_ethtool, *depending* on the value of PACKAGE_ethtool-full:
config PACKAGE_airmon-ng
select PACKAGE_ethtool if PACKAGE_ethtool-full<PACKAGE_airmon-ng
In the first block, the value of PACKAGE_ethtool-full depends on the
value of PACKAGE_ethtool. In the second block, the opposite is true:
the value of PACKAGE_ethtool depends on the value of
PACKAGE_ethtool-full. This is a recursive dependency.
Fix it by changing the package where the dependency is created, so that
only the value of PACKAGE_ethtool will depend on PACKAGE_ethtool-full.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The previous procd update broke mounting overlayfs in an attempt to
fix an off-by-one error. Revert that broken fix and apply fix from
Nick Hainke <vincent@systemli.org> instead to bring things back to
life.
20adf53 Revert "initd: fix off-by-one error in mkdev.c"
773e8da initd: fix off-by-one error in mkdev.c
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Remove old math patch meant for old GCC versions. It's not needed
for GCC and causes issues with clang.
Add CMake patch to identify clang properly and apply the proper
flags. Fixes the following warnings/errors:
json_pointer.c:230:7: warning: implicit declaration of function
'vasprintf' is invalid in C99 [-Wimplicit-function-declaration]
rc = vasprintf(&path_copy, path_fmt, args);
^
json_pointer.c:317:7: warning: implicit declaration of function
'vasprintf' is invalid in C99 [-Wimplicit-function-declaration]
rc = vasprintf(&path_copy, path_fmt, args);
^
/usr/include/bits/mathcalls.h:177:23: error: cannot redeclare builtin
function '__builtin_isinf'
__MATHDECL_ALIAS (int,isinf,, (_Mdouble_ __value), isinf)
^
/usr/include/bits/mathcalls.h:177:23: note: '__builtin_isinf' is a
builtin with type 'int ()'
/usr/include/bits/mathcalls.h:213:23: error: cannot redeclare builtin
function '__builtin_isnan'
__MATHDECL_ALIAS (int,isnan,, (_Mdouble_ __value), isnan)
The clang patch is an upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
df251c2 uxc: move mountpoint of persistent config to /var/run/uxc
e5b38fd trace: free memory allocated by blobmsg_format_json_indent()
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The hostapd.sh script already has support for configuring proxy-ARP,
however no built variant has support for it enabled.
Enable proxy-ARP support for hostapd-full builds in order to allow users
to actually use this feature.
Signed-off-by: David Bauer <mail@david-bauer.net>
The disable_dgaf config fiels is only available in case Hostapd is
compiled with Hotspot 2.0 support, however Proxy-ARP does not depend on
Hotspot 2.0.
Only add the code related to this config field when Hotspot 2.0 is
enabled to fix compilation with the aformentioned preconditions.
Signed-off-by: David Bauer <mail@david-bauer.net>
This version fixes two vulnerabilities:
- SM2 Decryption Buffer Overflow (CVE-2021-3711)
Severity: High
- Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
Severity: Medium
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
OpenWrt's special gpio-button-hotplug driver is still using
exclusively the legacy GPIO Subsystem gpio_ API.
While it still does work fine for most devices, upstream
linux is starting to convert platform support like that of
the APU2/3/4 to the new GPIOD LOOKUP tables that are not
supported by it.
Hence, this patch replaces the gpio_ calls present in
gpio-button-hotplug with gpiod_ equivalent wherever
it's possible. This allows the driver to use the
gpiod lookup tables and still have a fallback for
legacy platform data code that just sets button->gpio
set to the real button/switch GPIO.
As a bonus: the active_low logic is now being handled
by the linux's gpio subsystem too. Another issue that
was address is the of_handle leak in the dt parser
error path.
Tested with legacy platform data: x86_64: APU2, MX-100
Tested on OF: ATH79; MR18, APM821xx: Netgear WNDR4700,
RAMIPS: WL-330N3G
LANTIQ: AVM FritzBox 7360v1
Reported-by: Chris Blake <chrisrblake93@gmail.com>
Tested-by: Chris Blake <chrisrblake93@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This integrates with netifd in order to provide STP/RSTP protocol support
in user space. It defaults to using RSTP for bridges with stp enabled.
This daemon has no config files, it uses the configuration passed from
netifd via ubus
Signed-off-by: Felix Fietkau <nbd@nbd.name>
50e6b20 libfstools: handle open() return value properly in F2FS check
e1b6811 blockd: include missing libubox/utils.h
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
8a8306d uxc.c: fix coverity resource leak warning
7f2398e jail: devices: create parent folder when creating devices
0603c8d jail: return to hook callback instead of just calling it
3edb7eb jail: check return value when opening console
af048a3 jail: use portable sizeof(void *)
6010bd3 utils: make sure read() string is 0 terminated
f6daca3 uxc: free string returned by blobmsg_format_json_indent()
51f1cd2 trace: free string returned by blobmsg_format_json_indent()
d716cb5 trace: handle open() return value and make sure string is terminated
b824a89 jail: preload: avoid NULL-dereference in case things go wrong
167dc24 jail: protect against strcat buffer overflows
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
94170ae24bc9 device: extend device settings flags to 64 bit
1eb0fafaa986 device: add support for configuring device link speed/duplex
ed84473b7af9 bridge: memset bst->config by default to avoid stale config values
6519cf31e4b0 bridge: add support for an external STP daemon
454e9c33c906 bridge: tune default stp parameters
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add a config option for json_script instead of unconditionally including
all json files in /etc/uhttpd in every uhttpd instance. This makes it
possible to configure a single instance with an unconditional redirect,
which currently renders all other uhttpd instances unusable.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Felix Fietkau <nbd@nbd.name>
01b4e60 dhcpv4: fix uninitialized hostname in some ubus events
1666769 dhcpv6-ia: allow up to 64 bit wide hostid
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The option was initially named TARGET_ROOTFS_LN_VAR_TMP, and the check
was correct. When renaming the option to something more suitable, the
check was changed to check for n, but when an option is not set, it's
not n but empty. This results in the check always evaluating to false.
Fix the check by checking for y with ifneq.
Fixes: 57807f50de ("base-files: add option to make /var persistent")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
In OpenWrt, /var is symlinked to /tmp by default. This is done to reduce
the amount of writes to the flash chip, which often have not the
greatest durability. As a result, things like DHCP or UPnP lease files,
are not persistent across reboots.
Since OpenWrt can run on devices with more durable storage, it makes
sense to have an option for a persistent /var. Add an option to make
/var persistent. When enabled, /var will no longer be symlinked to /tmp,
but /var/run will be symlink to /tmp/run, as it should contains only
files that should not be kept during reboot. The option is off by
default, to maintain the current behaviour.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The userspace application now uses the model=full option to match the
configuration of the kernel module. The source no longer contains SOAP
support, which was the primary reason to build only typical instead
of full before.
This makes several CLI commands, which were already supported in the
kernel module, available in the userspace application. For example, this
includes bbsg which allows to get information about VDSL2 bands.
Some previously applied build options were redundant. Disabling ADSL MIB
support is unnecessary, as it only applies to Danube. ADSL LED support
is no longer included in the source. ReTx counters are already included
with model type full.
This increases the size of the userspace application by approximately
15 kB (uncompressed). The kernel module does not change at all.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
with xinetd allowed+blocked (ipv6) hosts could be set
what is not possible with stock dropbear package
The file size increased 12 Bytes, so this "opimisation" did not really helped.
Within a compressed storage format it is 0..
ipk: 111.171 -> 111.361 = 190 bytes
bin: 215.128 -> 215.140 = 12 bytes
Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
Replace some OpenWrt patches with openembedded ones for easier
maintainability. Remove several outdated ones as well.
Replace PKG_RELEASE with AUTORELEASE to avoid manual bumps.
Remove !arc dependency as it is supported upstream now.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
BananaPi BPi-R2 comes with HDMI and MIPI-DSI. Use dislpay facility in
Linux by add "console=tty1" boot argument.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This fixes a build problem seen after binutils 2.36 is used by default.
Fixes: 3f41153b1c ("toolchain/binutils: switch to version 2.36.1 by default")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
592ac0f add a note
4bacd14 sslcertfile: list /etc/ssl
7bdefa4 example: indicate that skip is an option
d1e9a85 wifi: sys pipe usage
eb903e1 README: add note about policycoreutils-setfiles weak dependency
762e011 ttyd: signull all subjects
fbfc079 acme: add basic support for acme_cleanup.sh and acme_setup.sh
9ac7592 acme: transition to sys.subj on generic initscript execution
f3dd1ba acme: missing rules related to sys.subj trans on file.initscriptfile
ae273fa odhcp6c/netifd: support drop-in directories
5fa9b41 subj: do not encourage misconfiguration
44722b6 blockd, logd, odhcpc6, ubiutil, mtdstordev
a775d93 21.02 related
a473691 rcboot runs rcuhttpd which creates /tmp/etc for /tmp/etc/uhttpd
290e9fb rcuhttpd: related to rcboot and uci-defaults
3fc0d8b rcuhttpd: lists /etc/uci-defaults
1f5ef48 removes ubvol.lock policy and adds move mtd/ubi partitions
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Installing headers and static libraries to the target system seems
to be not required for most use cases, so let's factor them
out into a dedicated -dev package.
This cuts down to disk usage to around 50% of the original
package to ~ 2MB - not that disk space is an issue normally,
but when using inside an initramfs only project, it counts.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
When compiling busybox with GCC 10 and CONFIG_PKG_ASLR_PIE_ALL=y, there
are hundreds of errors like:
relocation R_MIPS16_26 against `xzalloc' cannot be used when making a
shared object; recompile with -fPIC
Simply solve this by no longer disabling PKG_ASLR_PIE, so that $(FPIC)
is properly added to the CFLAGS and LDFLAGS.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
While an image layout based on MBR and 'bootfs' partition may be easy
to understand for users who are very used to the IBM PC and always have
the option to access the SD card outside of the device (and hence don't
really depend on other recovery methods or dual-boot), in my opinion
it's a dead end for many desirable features on embedded systems,
especially when managed remotely (and hence without an easy option to
access the SD card using another device in case things go wrong, for
example).
Let me explain:
* using a MSDOS/VFAT filesystem to store kernel(s) is problematic, as a
single corruption of the bootfs can render the system into a state
that it no longer boots at all. This makes dual-boot useless, or at
least very tedious to setup with then 2 independent boot partitions
to avoid the single point of failure on a "hot" block (the FAT index
of the boot partition, written every time a file is changed in
bootfs). And well: most targets even store the bootloader environment
in a file in that very same FAT filesystem, hence it cannot be used
to script a reliable dual-boot method (as loading the environment
itself will already fail if the filesystem is corrupted).
* loading the kernel uImage from bootfs and using rootfs inside an
additional partition means the bootloader can only validate the
kernel -- if rootfs is broken or corrupted, this can lead to a reboot
loop, which is often a quite costly thing to happen in terms of
hardware lifetime.
* imitating MBR-boot behavior with a FAT-formatted bootfs partition
(like IBM PC in the 80s and 90s) is just one of many choices on
embedded targets. There are much better options with modern U-Boot
(which is what we use and build from source for all targets booting
off SD cards), see examples in mediatek/mt7622 and mediatek/mt7623.
Hence rename the 'sdcard' feature to 'legacy-sdcard', and prefix
functions with 'legacy_sdcard_' instead of 'sdcard_'.
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
procd.sh:
Instead of triggering on every mount.add event, there should be no
mount trigger at all in case none of the directories passed to
procd_add_*_mount_trigger() are located on a mountpoint configured in
/etc/config/fstab.
uxc:
add missing dependency on rpcd.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
040fecc system: fix issues reported by Coverity
48f481b service: make sure string read is null terminated
16dbc2a uxc: fix a bunch of issues discovered by Coverity
ff9002f uxc: fix help output
104b49d uxc: support config in uvol
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Delete tunnel on 6in4 interface teardown.
Should solve problem related to tunnel stuck on restart loop
with "Unknown Command" on tunnel restart due to wan connection drop.
Fixes: FS#3690
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Add --disable-libdebuginfod with remove libcurl dependency.
Remove totally unused host elfutils.
Refreshed and rebased patches.
Also happens to fix compilation with GCC11.
Newer versions of elfutils seem to have some kind of dependency on
obstack.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
When using htmode 'HE20' with a radio mode that uses wpa-supplicant
(like mesh or sta), it will default to 40 MHz bw if disable_ht40 is not
set. This commit fixes this behaviour.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
This enables building of rpcapd and adds it as a package.
It is a daemon that allows remote packet capturing from another machine.
E.g. Wireshark can talk to it using the Remote Capture Protocol (RPCAP).
https://www.tcpdump.org/manpages/rpcapd.8.html
Compile and run tested: OpenWrt SNAPSHOT r17190-2801fe6132 on x86/64
Signed-off-by: Stephan Schmidtmer <hurz@gmx.org>
When having two keys that start with the same characters and the second
key just has one character more nand_tffs_read and tffs_read return the
wrong value for the longer key. This is due to the usage of strncmp in
combination with the length of the shorter key which is usually first in
the list before the longer key and when strncmp matches, the search is
stopped. The problem only occurs when the length of the two keys is
different, not if just the last character is different. The fix is to
use strcmp and as such it will only return the value if the key (name)
and the key to look for (namefilter) have the same value and length. A
sample case returning wrong values is when keys macwlan and macwlan2 are
defined and querying macwlan2 returns the value for macwlan.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
This increases the size of the iw_5.9-8fab0c9e-3_mips_24kc.ipk from
41166 to 41942 bytes by 776 bytes.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Change procd_add_start_mount_trigger to procd_add_restart_mount_trigger
and make it call 'restart' instead of 'start'.
This is more useful as it allows to handle both cases, intial start of
a services as well as restarting services. Calling 'restart' on a
service which has not yet been started has the same result as calling
'start'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add a generic sdcard upgrade method instead of duplicating code in yet
another target, and add a feature flag to only install this upgrade
method in targets that set this flag. Copied from mvebu.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The xfrm_interface module will not be built if IPv6 is not enabled in
the kernel. Add this dependency in the kmod package to avoid people
wondering why it doesn't build when they disabled IPv6.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
e10de28 jail: cgroups-bpf: fix compile with musl 1.2
f5d9b14 hotplug-dispatch: fix rare memory leaks in error paths
Add new init script helpers:
procd_add_start_mount_trigger
procd_add_reload_mount_trigger
procd_get_mountpoints
Both trigger helpers expect a list of paths which are checked against
the mount targets configured in /etc/config/fstab and a trigger for all
mountpoints covered by the list of paths is setup.
procd_get_mountpoints is useful to find out if and which mountpoints
are covered by a list of paths.
Example:
DATADIRS="/mnt/data/foo /mnt/data/bar /etc/foo/baz /var/lib/doe"
start_service() {
[ "$_BOOT" = "1" ] &&
[ "$(procd_get_mountpoints $DATADIRS)" ] && return 0
procd_open_instance
# ...
procd_close_instance
}
boot() {
_BOOT=1 start
}
service_triggers() {
procd_add_start_mount_trigger $DATADIRS
}
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Netlink support is required for using the virtual cable tester
functionality.
Remove the pretty print build option and instead create a second package
variant ethtool-full. This allows users to install the full ethtool
featureset using opkg.
Signed-off-by: David Bauer <mail@david-bauer.net>
In the current state, nvmem cells are only detected on platform device.
To quickly fix the problem, we register the affected problematic driver
with the of_platform but that is more an hack than a real solution.
Backport from net-next the required patch so that nvmem can work also
with non-platform devices and rework our current patch.
Drop the mediatek and dsa workaround and rework the ath10k patches.
Rework every driver that use the of_get_mac_address api.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Fix build on glibc targets and address a bunch of compiler warnings.
93fc089 jail: cgroups-bpf: don't use sys/reg.h when building with glibc
548d057 jail: don't ignore return value of seteuid()
220b716 jail: ignore return value when creating default /dev symlinks
78d5baa hotplug-dispatch: don't ignore asprintf() return value
736aee5 uxc: always handle asprintf() return value
2b20456 hotplug-dispatch: replace wrongly used assert()
bfc86a2 jail: cgroups: replace wrongly used assert()
516bdf2 jail: don't ignore return value of write()
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Try umount on device mapper and loop devices still mounted, so the
subsequent call to disactivate all physical volumes and delete all
loop devices is more likely to succeed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
141ac85 libblkid-tiny: fix invalid open syscall return check
9e26563 libblkid-tiny: install header file to include dir
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
If the busybox applet losetup was selected, `command -v` selects that
during sysupgrade. As this applet is in another path and doesn't cover
the '-D' option which is used to make sure user-defined loop devices
are no longer active during sysupgrade.
Detect losetup at the path of the full utility to avoid error messages
in case of the busybox applet being selected.
Reported-by: fda77 <fda77@users.noreply.github.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
EXTRA_MOUNT variable should be reset in dnsmasq_start() rather than
just once at the beginning of the script.
Fixes: ac4e8aa2f8 ("dnsmasq: fix more dnsmasq jail issues")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* remove superflus mounts of /dev/null and /dev/urandom
* reset EXTRA_MOUNTS at the beginning of the script
* add mount according to ignore_hosts_dir
* don't add mount for file which is inside a directory already in the
EXTRA_MOUNTS list
Fixes: 59c63224e1 ("dnsmasq: rework jail mounts")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* split into multiple lines to improve readability
* use EXTRA_MOUNT for addnhosts instead of blindly adding /tmp/hosts
* remove no longer needed mount for /sbin/hotplug-call
* add dhcp-script.sh dependencies (jshn, ubus)
Fixes: 3a94c2ca5c ("dnsmasq: add /tmp/hosts/ to jail_mount")
Fixes: aed95c4cb8 ("dnsmasq: switch to ubus-based hotplug call")
Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
46d02c2 block: don't add non-ubifs ubi devices
cc63933 blockd: send mount.ready when startup has completed
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
CZ.NIC as part of Turris project released free and open source WTMI
application firmware wtmi_app.bin for all Armada 3720 devices.
This firmware includes additional features like access to Hardware
Random Number Generator of Armada 3720 SoC which original Marvell's
fuse.bin image does not have.
Add a patch which allows to pass the commit id, so the firmware is able
to identify itself, see a04bffeb.
Add a patch to disable linking with gold, since the ARM toolchain
doesn't ship gold.
Cherry-pick the 3 post-release fixes.
Signed-off-by: Andre Heider <a.heider@gmail.com>
02e23db fix compilation errors popped up by GCC-10
7c35173 Merge pull request #29 from pali/sync-a38x-uboot
bb734f5 mv_ddr: a38x: Use SOC_REGS_PHY_BASE for INTER_REGS_BASE
ee1ea84 mv_ddr: a38x: Fix ddr3 compilation
70f3e2e mv_ddr: Fix comment typo
dd960b4 mv_ddr: ddr3: Allow boards to specify CK_DELAY parameter
a87f4f7 mv_ddr: ddr3: only use active chip-selects when tuning ODT
3defcec mv_ddr: a38x: Add support for setting timing in hws_topology_map
Signed-off-by: Andre Heider <a.heider@gmail.com>
2efdb10 wtmi: Fix calculation of UART divider
4247e39 fix: twin die ddr porting guide
8ad7992 sys_init: Add missing newlines in debug mode
4ddea19 avs: Validate VDD value from OTP
c444aeb avs: Fix description for avs value 0x2e
1915b78 tim: Optimize code generated by gettimver.sh and print newline
21f566d tim: Print mv_ddr version and configuration on UART
840b70b tim: Use variable $DDRFILE where possible
c10e6ae tim: Fix waiting for UART TX ready
7bf95cf wtmi: Wait 3ms for the TX on UART to be empty prior resetting TX FIFO
63e8433 wtmi: Add "dirty" suffix to git commit and rebuild sys_init.bin binary when VERSION changes
e949b58 wtmi: During setup clock phase print CPU and DDR speed
10376b5 wtmi: Flush output on UART after the '\n' character
509c647 Makefile: Check that specified DDR_TOPOLOGY option is valid
Signed-off-by: Andre Heider <a.heider@gmail.com>
Revert to using the checked in `tbb_linux` image tool binary since building
it drags in the rather big Crypto++ project.
Cherry-pick the post-release UART fixes.
Switch to AUTORELEASE while at it.
Signed-off-by: Andre Heider <a.heider@gmail.com>
From version 2021.09 U-Boot will fixup Turris Omnia's DTB before
booting, separating U-Boot's environment into separate MTD partition
"u-boot-env" [1].
Check if "u-boot-env" MTD partition exists and set the uci defaults
accordingly.
[1] https://lists.denx.de/pipermail/u-boot/2021-July/455017.html
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Some devices (such as Extreme Networks WS-AP3959i-ROW) do not contain
precal binaries in ART, and the precal in the cards eeprom causes
firmware load errors.
These firmware files were previously in linux-firmware,
so these are adding them back and renaming to be cleaner.
Signed-off-by: Damien Mascord <tusker@tusker.org>
Add a patch to fix building with GCC 11, which triggers new warnings by
enabling -Warray-parameter by default.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
85f01c44a950 bridge: check bridge port vlan membership on link-up events
17e453bd68b4 wireless: add back regular virtual interfaces on hotplug-add events as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
772292e uxc: don't restart containers when mount shows up
3a9d910 uxc: resolve volume UUIDs by name of UCI fstab section
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
a846c6b blockd: fix length of timeout int passed to ioctl
1d681ca block: support umount device basename
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
59f7c11 blockd: create mountpoint parent folder if needed
9cc96af Revert "block: resolve /dev/mapper/* name for /dev/dm-0 when hotplugging"
06334ac Revert "blockd: detect mountpoint of /dev/mapper/*"
9ab3551 block: use /dev/dm-* instead of /dev/mapper/*
5114595 block: allow remove hotplug event to arrive at blockd
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When the kmod-qlcnic package is built on targets that have
CONFIG_PCI_IOV enabled, the CONFIG_QLCNIC_SRIOV symbol is exposed.
Enable this symbol in the kmod package to fix its build.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
As the board name was changed to be identical to the device tree
compatible string (just like for other boards), also reflect that
change for U-Boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add fw_env configuration for the BPi-R2 which is a mediatek/mt7623
devboard which can be booted from SD Card or eMMC.
Auto detect the boot device and add environment accordingly.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
All mediatek boards having fw_env accessible through uboot-envtools
belong to be mt7622 subtarget. Move the file, as subtarget-specific
files are supported for a while now.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* use built-in default environment instead of file in bootfs
* get rid of bootfs alltogether and use uImage.FIT
* auto-detect boot device like original script did
* add support for factory button
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
of_platform_device_create require CONFIG_OF selected.
Add an ifdef and register to the of platform only if of is available.
Fixes: 985954ccbd ("kernel: add ath10k support for of_get_mac_address")
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
ath10k doesn't currently support the standard function to get mac-address from the dts.
Add this for both ath10k and ath10k-ct
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Programs like the olsr-name-plugin write hostname files to "/tmp/hosts/".
If you don't add this to the jail_mount, dnsmasq can't read it anymore.
Signed-off-by: Nick Hainke <vincent@systemli.org>
0ee73b2 uxc: implement support for rootfs overlay in containers
b0a8ea1 jail: do not hack /etc/resolv.conf on container rootfs
92aba53 jail: increase max additional env records to 64
15997e6 jail: allow rootfs to be a symbolic link
0114c6f jail: open() extroot folder before mounting
ed96eda uxc: check for required blockd mounts
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This will restart the interface in case the CSA fails and can be used to
force the device on a DFS channel (including full CAC)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
4d4dcfb blockd: detect mountpoint of /dev/mapper/*
2f42515 block: resolve /dev/mapper/* name for /dev/dm-0 when hotplugging
39558a1 blockd: also send ubus notification on mount hotplug
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
f12b073c0cc3 wireless: add some comments to functions
b0d090688302 bridge: fix setting pvid for updated vlans
ff3764ce28e0 device: move hotplug handling logic from system-linux.c to device.c
16bff892f415 ubus: add a dummy mode ubus call to simulate hotplug events
7f30b02013f2 examples: make dummy wireless vif names shorter
013a1171e9b0 device: do not treat devices with non-digit characters after . as vlan devices
f037b082923a wireless: handle WDS per-sta devices
db0fa24e1c17 bridge: fix enabling hotplug-added VLANs on the bridge port
4e92ea74273f bridge: bring up pre-existing vlans on hotplug as well
1f283c654aeb bridge: fix hotplug vlan overwrite on big-endian systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ! Behavior change !
Old behavior: If the Reset button is held down during power-on
do factory reset and try booting recovery from TFTP forever.
If valid recovery is received via TFTP, write it to flash and boot.
New behavior: If the Reset button is held down during power-on
do factory reset, then try TFTP *once*, then try booting on-flash
recovery, then keep trying via TFTP forever until a valid image is
received.
Only if there is no bootable recovery stored on flash, store the
downloaded recovery. Then boot it.
* Set loadaddr to 0x48000000 in order to allow booting images larger
than ~47MB (reported by Oskari Lemmelä). Setting loadaddr to
0x48000000 gives us 384MB on devices with 512MB RAM, which should be
more than enough as a maximum size for uImage.FIT to be loaded.
* Widely unify device-specific default environment in preparation to
auto-generate it from parameters.
* backport upstream commit fixing MBR/DOS partitioning
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Specifications:
- SoC: MT7621AT
- RAM: 256MB
- Flash: 128MB NAND
- Ethernet: 5 Gigabit ports
- WiFi: 2.4G/5G MT7615N
- USB: 1 USB 3.0, 1 USB 2.0
This device is very similar to the EA7300 v1/v2, EA7500 v2, and EA8100 v1.
Installation:
Upload the generated factory image through the factory web interface.
(following part taken from EA7300 v2 commit message:)
This might fail due to the A/B nature of this device. When flashing, OEM
firmware writes over the non-booted partition. If booted from 'A',
flashing over 'B' won't work. To get around this, you should flash the
OEM image over itself. This will then boot the router from 'B' and
allow you to flash OpenWRT without problems.
Reverting to factory firmware:
Hard-reset the router three times to force it to boot from 'B.' This is
where the stock firmware resides. To remove any traces of OpenWRT from
your router simply flash the OEM image at this point.
With thanks to Tom Wizetek (@wizetek) for testing.
Signed-off-by: Tee Hao Wei <angelsl@in04.sg>
a0a0e02 iwinfo: rename hardware.txt to devices.txt
Also split common devices.txt (former hardware.txt) into a common
libiwinfo-data package to allow different libiwinfo versions to
coexist without file clashes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Imports a function from iw to convert frequencies to channel numbers.
Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
[fix potential out of bounds read]
Signed-off-by: David Bauer <mail@david-bauer.net>
'--local' is a synonym for '--server' so let's use '--local' in the
resultant config file for uci's 'local' instead of uci's local
parameter being turned into '--server'. Slightly less confusion all
round.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Drop support for building the obsolete broadcom-wl backend and always
forcibly enable the nl82011 support. This allows us to make the package
shared again since no target specific compilation is happening anymore.
This will solve various repository coherency issues related to unavailable
libiwinfo versions in the long run.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This partially reverts changes done in commit 72cc44958e ("treewide:
mark selected packages nonshared") as it removes the nonshared flag, but
keeps the PKG_RELEASE as the PKG_RELEASE bump while adding nonshared
flag was incorrect.
Unmark uci, ubus, libubox, lua, libnl-tiny and libjson-c as nonshared
packages as this fix attempt didn't worked out. Currently the
imagebuilder is broken again:
openwrt-imagebuilder-21.02.0-rc3-ipq40xx-generic.Linux-x86_64$ make image PROFILE=avm_fritzbox-7530 PACKAGES=luci-ssl-openssl
...
Collected errors:
* pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for luci-mod-status
* pkg_hash_fetch_best_installation_candidate: Packages for luci-mod-status found, but incompatible with the architectures configured
* pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for rpcd-mod-iwinfo
* pkg_hash_fetch_best_installation_candidate: Packages for rpcd-mod-iwinfo found, but incompatible with the architectures configured
* satisfy_dependencies_for: Cannot satisfy the following dependencies for luci-ssl-openssl:
* libiwinfo20210430
* opkg_install_cmd: Cannot install package luci-ssl-openssl.
Everything because iwinfo's ABI was changed two times since rc3 release:
+IWINFO_ABI_VERSION:=20210430
+IWINFO_ABI_VERSION:=20210420
Since iwinfo is marked as nonshared, it wasn't built by phase2 builders, but
luci-mod-status was already updated 2 times since rc3 and was thus rebuilt by
phase2 builders:
d1d452ed2fb3 luci-mod-status: don't set '-' hostname when creating static lease
95b3633055c1 luci-mod-status: switch to html table for wlan channel analysis
So now luci-mod-status depends on libiwinfo20210430 but only
libiwinfo20210106 can be downloaded. This is first part of the fix, in
the upcoming commit Jo is going to remove nonshared flag from iwinfo
package as well.
References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035736.html
References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035741.html
Acked-by: Jo-Philipp Wich <jo@mein.io>
Reported-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This script was expecting only add/remove events which has not been the
case since Kernel 4.12 (which added bind/unbind). Bind events were getting
treated as remove events which would cause hotplugged 3g modems to not
work.
More info:
https://lkml.org/lkml/2018/12/23/128https://github.com/systemd/systemd/issues/8221
Signed-off-by: Arjun AK <arjunak234@gmail.com>
Currently, when using multiple dnsmasq instances they are all assigned
to the same Ubus instance name. This does not work, as only a single
instance can register with Ubus at a time. In the log, this leads to
`Cannot add object to UBus: Invalid argument` error messages.
Furthermore, upstream 3c93e8eb41952a9c91699386132d6fe83050e9be changes
behaviour so that instead of the log, dnsmasq exits at start instead.
With this patch, all dnsmasq instances are assigned unique names so that
they can register with Ubus concurrently. One of the enabled instances
is always assigned the previous default name "dnsmasq" to avoid breaking
backwards compatibility with other software relying on that default.
Previously, a random instance got assigned that name (while the others
produced error logs). Now, the first unnamed dnsmasq config section is
assigned the default name. If there are no unnamed dnsmasq sections the
first encountered named dnsmasq config section is assigned instead.
A similar issue exists for Dbus and was similarly addressed.
Signed-off-by: Etan Kissling <etan.kissling@gmail.com>
[tweaked commit message] dnsmasq was not crashing it is exiting
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
commit 5edbd390d321532d9a697d6895a1a7c71c40bd5d rearranged the
"wifi up" code.
This commit tidies up the "wifi reconf" code so as to
keep it aligned with the "wifi up" code.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
"/sbin/wifi up" makes three ubus calls:
1. ubus call network reload
2. ubus call network.wireless down
3. ubus call network.wireless up
The first and third ubus calls call drv_mac80211_setup,
while the second ubus call triggers wireless_device_setup_cancel,
so the call sequence becomes,
1. drv_mac80211_setup
2. wireless_device_setup_cancel
3. drv_mac80211_setup
This commit swaps the order of the first two ubus calls,
1. ubus call network.wireless down
2. ubus call network reload
3. ubus call network.wireless up
Consequently drv_mac80211_setup is only called once,
and two related bugs (#FS3784 and #FS3902) are no longer triggered
by /sbin/wifi.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
drv_mac80211_teardown fails silently if the device to be torn down is
not defined. This commit prints an error message.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
When wifi is turned off, drv_mac80211_teardown sometimes fails (silently)
because the device to be torn down is not defined.
This situation arises if drv_mac80211_setup was called twice when
wifi was turned on.
This commit ensures that the device to be torn down is always defined
in drv_mac80211_teardown.
Steps to reproduce:
1) Use /sbin/wifi to turn on wifi.
uci set wireless.@wifi-iface[0].disabled=0
uci set wireless.@wifi-device[0].disabled=0
uci commit
wifi
2) Use /sbin/wifi to turn off wifi.
uci set wireless.@wifi-device[0].disabled=1
uci commit
wifi
3) Observe that wifi is still up.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
If drv_mac80211_setup is called twice with the same wifi configuration,
then the second call returns early with error HOSTAPD_START_FAILED.
(wifi works nevertheless, despite the fact that setup is incomplete. But
"ubus call network.wireless status" erroneously reports that radio0 is down.)
The relevant part of drv_mac80211_setup is,
if [ "$no_reload" != "0" ]; then
add_ap=1
ubus wait_for hostapd
local hostapd_res="$(ubus call hostapd config_add "{\"iface\":\"$primary_ap\", \"config\":\"${hostapd_conf_file}\"}")"
ret="$?"
[ "$ret" != 0 -o -z "$hostapd_res" ] && {
wireless_setup_failed HOSTAPD_START_FAILED
return
}
wireless_add_process "$(jsonfilter -s "$hostapd_res" -l 1 -e @.pid)" "/usr/sbin/hostapd" 1 1
fi
This commit sets no_reload = 0 during the second call of drv_mac80211_setup.
It is perhaps worth providing a way to reproduce the situation
where drv_mac80211_setup is called twice.
When /sbin/wifi is used to turn on wifi,
uci set wireless.@wifi-iface[0].disabled=0
uci set wireless.@wifi-device[0].disabled=0
uci commit
wifi
/sbin/wifi makes the following ubus calls,
ubus call network reload
ubus call network.wireless down
ubus call network.wireless up
The first and third ubus calls both call drv_mac80211_setup,
while the second ubus call triggers wireless_device_setup_cancel.
So the call sequence becomes,
drv_mac80211_setup
wireless_device_setup_cancel
drv_mac80211_setup
In contrast, when LuCI is used to turn on wifi only a single call
is made to drv_mac80211_setup.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
Remove redundant tags and name things more consistently.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[removed superflous dash]
Signed-off-by: Paul Spooren <mail@aparcar.org>
New swap devices are added in decreasing priority order, starting at -1. Make
sure the zram swap device has the highest priority, by default.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
sysntpd server becomes unavailable if the index of the bound
interface changes. So let's add an interface trigger to reload sysntpd.
This patch also adds the ability for the sysntpd script to handle
uci interface name from configuration.
Fixes: 4da60500ebd2 ("busybox: sysntpd: option to bind server to iface")
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
This reverts commit 3628870015.
dnsmasq v2.86test3 has some issues with ubus, so is being reverted.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This reverts commit dea4bae7c2.
dnsmasq v2.86test3 has some issues with ubus and needs reverting, hence
this needs reverting.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Need this version to add config option for connmark DNS filtering.
Summary of upstream CHANGELOG:
* Handle DHCPREBIND requests in the DHCPv6 server code.
* Fix bug which caused dnsmasq to lose track of processes forked.
* Major rewrite of the DNS server and domain handling code.
* Revise resource handling for number of concurrent DNS queries.
* Improve efficiency of DNSSEC.
* Connection track mark based DNS query filtering.
Signed-off-by: Etan Kissling <etan.kissling@gmail.com>
The zoneinfo packages are not installed per default so neither
/tmp/localtime nor /tmp/TZ is generated.
This patch mostly reverts the previous fix and instead incooperates a
solution suggested by Jo.
Fixes "base-files: fix zoneinfo support " 8af62ed
Signed-off-by: Paul Spooren <mail@aparcar.org>
Instead of assuming /sbin contains the correct BusyBox symlinks, directly invoke
the busybox executable. The required utilities are guaranteed to be present,
since the zram-swap package selects them. Additionally, don't assume busybox
resides in /bin, rely on PATH to find it.
While at it, update the copyright year, use SPDX and switch to AUTORELEASE.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
With the default configuration we generate, the supplicant starts
scanning and tries to connect to any open network when the interface
is enabled.
In some cases it can be desirable to prevent the supplicant from
scanning by itself. For example, if on the same radio an AP is
configured and an unconfigured STA is added (to be configured with
WPS), the AP might not be able to beacon until the STA stops
scanning.
In such a case, the STA configuration can still be required to set
specific settings (e.g. multi_ap_backhaul_sta) so it can't be set to
"disabled" in uci (because that would prevent the supplicant from
being run at all). The alternative is to add the "disabled" parameter
to the default network block in the supplicant configuration.
This patch adds a "default_disabled" setting in UCI which, when set,
adds the "disabled" parameter to the supplicant default network block.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
The system init script currently sets /tmp/localinfo when zoneinfo is
populated. However, zoneinfo has spaces in it whereas the actual files
have _ instead of spaces. This made the if condition never return true.
Example failure when removing the if condition:
/tmp/localtime -> /usr/share/zoneinfo/America/Los Angeles
This file does not exist. America/Los_Angeles does.
Ran through shfmt -w -ci -bn -sr -s
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Vlan subinterface was never brought up when using vlan-based preinit network.
Tested forcing ifname="" before preinit_ip() on a Tp-Link Archer C5v4.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Some interfaces have a VLAN modifier like :t in lan1:t, this modifier
should be removed from the interface before calling preinit_ip_config().
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Adapt the preinit_config_board() to the board.json network changes. It
now looks for the device and the ports variables to configure the LAN
network.
This works with swconfig configurations.
Fixes: FS#3866
Fixes: d42640e389 ("base-files: use "ports" array in board.json network for bridges")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Rafał Miłecki <rafal@milecki.pl>
CONFIG_CRYPTO_DEV_HIFN_795X depends on PCI. This driver only makes sense on
devices with pci support.
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
In the aftermath of the KRACK attacks, hostapd gained an AP-side workaround
against WNM-Sleep Mode GTK/IGTK reinstallation attacks. WNM Sleep Mode is not
enabled by default on OpenWrt, but it is configurable through the option
wnm_sleep_mode. Thus, make the AP-side workaround configurable as well by
exposing the option wnm_sleep_mode_no_keys. If you use the option
wpa_disable_eapol_key_retries and have wnm_sleep_mode enabled, you might
consider using this workaround.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
There are services that have only STOP value set. They are executed only
on shutdown and it is common to use them for system cleanup. There is
one such service shipped directly with base-files, it is 'umount'. Those
work the same way as those with START but enabled does not report them
as enabled although it should have as they can be enabled and disabled
as any other service.
This also changes check from check for executable to check for symbolic
link. The implementation depends on those being links to service file
and it is much cleaner and direct to check for them being links.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
Commit 0a7657c ("hostapd: add channel utilization as config option") added the
two new uci options bss_load_update_period and chan_util_avg_period. However,
the corresponding "config_add_int" calls for these options weren't added, so
attempting to actually use these options and change their values is bound to
fail - they always stay at their defaults. Add the missing code to actually
make these options work.
Fixes: 0a7657c ("hostapd: add channel utilization as config option")
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
The country3 option in hostapd.conf allows the third octet of the country
string to be set. It can be used e.g. to indicate indoor or outdoor use (see
hostapd.conf for further details). Make this option configurable but optional
in OpenWrt.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
This adds conflicts between variants of libustream pacakge.
They provide the same file and thus it should not be possible to install
them side by side.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
Without loading the igb at boot, the recovery wouldn't have
network available. All network drivers should be loaded before
etc/board.d/02_network is called. Note that other network drivers
already have this set, such as tg3.
Fixes: 7e0e5110bc ("kernel: add igb kernel module")
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
commit 50413e1ec8 replaced ifconfig
with ip. In order to set a link state to up, the interface needs
to be added first.
Fixes: FS#3754
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
[Add Fixes tag]
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Make it possible to specify the SAE mechanism for PWE derivation. The
following values are possible:
0 = hunting-and-pecking loop only
1 = hash-to-element only
2 = both hunting-and-pecking loop and hash-to-element enabled
hostapd currently defaults to hunting-and-pecking loop only.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
If one of the programmes is not running, then we see the following
output in the logs.
`killall: telnetd: no process killed`
To ensure that the log is clean, redirect the output to /dev/null
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The remaining vn calls have been ported to v.
Therefore, these functions are no longer needed and will be removed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The logging output should not only be displayed in the calling shell
session but also in the syslog. A sysupgrade and a configuration
import, export can thus be traced in the syslog.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Calling `switch_to_ramfs()` will not copy the gzip executable
(/bin/gzip) to ramfs, but `/bin/zcat` will call `/bin/gzip` when
package gzip is installed, instead of the busybox-supplied zcat.
This will cause `zcat` to fail to find `gzip`, then cause the
sysupgrade to fail. Adding the `busybox` prefix here will solve
the problem.
Signed-off-by: Chuck Fan <fanck0605@qq.com>
bzip2 adds about 8kb of size. For tiny builds it's often disabled.
It's not directly used by stock OpenWrt programs.
Kernel images compressed with bzip2 are also not fully supported.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
[fix \ indention]
Signed-off-by: Paul Spooren <mail@aparcar.org>
This is a follow up of 1a9b896d ("treewide: nuke DRIVER_11W_SUPPORT").
LuCI commit ab010406 ("luci-mod-network: skip check for 802.11w feature")
skips check of the 11w feature [1]. Now advertising it in hostapd is
superfluous so stop doing it.
[1]: https://github.com/openwrt/luci/pull/4689
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
[remove outdated PKG_RELEASE bump and update to SPDX]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Make the organization (O=) of the cert configurable via uci. If not
configured, use a combination of "OpenWrt" and an unique id like it was
done before.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
In order for the grub2 boot-related code to compile normally, we have
made many adjustments to the compilation parameters. These adjustments
are not necessary for tools-related code. We apply these parameter
adjustments only to the boot-related code.
Signed-off-by: 李国 <uxgood.org@gmail.com>
grub2 boot-related code and tools-related code may require different
compilation parameters. We split them into different variants for
compilation, so that we can accurately pass the required parameters and
avoid causing problems.
Signed-off-by: 李国 <uxgood.org@gmail.com>
The grub2 and grub2-efi packages should only contain boot-related code.
grub-bios-setup is the same as grub-editenv, they are both grub2 tools
and should be placed in a separate package.
Signed-off-by: 李国 <uxgood.org@gmail.com>
[use AUTORELEASE and update to SPDX]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Use of WPA3 and things like FILS is getting much more common, and platforms
that can't affort the extra kilobytes for this code are fading away.
Let's not hold back modern authentication methods any longer
Signed-off-by: Felix Fietkau <nbd@nbd.name>
We need to skip sampling if the next sample time is after jiffies, not before.
This patch fixes an issue where in some cases only very little sampling (or none
at all) is performed, leading to really bad data rates
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Don't bail out from init script in case the GPS device is missing.
Some modems take time to come up, and some people may use things like
'kplex' to feed ugpsd. Hence it is better to always start ugpsd
unconditionally and let procd's respawn take care of retrying.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This restores the original config_generate behaviour. With MAC set for
bridged devices the bridge automatically gets its MAC adjusted (it picks
the lowest MAC of bridged devices).
This fixes confusing interfaces setup (bridge ports not having custom
MAC assigned).
Reported-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Fixes: e002179a6d ("base-files: simplify setting device MAC")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Set the PKG_SOURCE_URL using a lazy set to allow evaluating
$(PROJECT_GIT) later. Without this change PKG_SOURCE_URL is evaluated
immediately, before PROJECT_GIT is defined and the download over git is
not working.
Fixes: 6687a2483a ("opkg: use $(PROJECT_GIT), $(AUTORELEASE) and SPDX")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mark uci, ubus, libubox, lua, libnl-tiny and libjson-c
as nonshared packages. This helps to keep coherent dependencies
if these ABI versioned packages are later updated.
Before this commit it is possible to get missing dependencies
in target-specific nonshared packages (like iwinfo) that depend
on these shared ABI versioned packages. If these are later updated
and rebuilt, only the new ABI version will be available for download,
while the target-specific packages in releases continue to depend on
the old ABI version.
After this commit the packages are built along the other nonshared
packages by the phase1 images buildbot and will be available at the
target/ download directories instead of packages/base dir. That will
help to keep a coherent set available.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
These processes are managed by procd and set to start again when killed
via the procd instance parameter "respawn" being set during init.
Example:
procd_set_param respawn 3600 1 0
When they are killed manually during sysupgrade,
they are started again in 5 seconds or less, depending on
how the "respawn" parameter is set.
Use procd through ubus to disable the instances that respawn them,
however, allow dnsmasq, netifd, and logd to restart for remote logging.
Properly closing all these processes increases free memory by about 3 MB,
which should help low memory devices upgrade without crashing.
For very low memory devices (set to 32 MB for now)
also kill dnsmasq, netifd, and logd for an additional 3 MB of free memory.
Also, bump sleep values to allow at least 10 seconds
for network interfaces and daemons
to come up after they are killed and restarted
before caches are dropped.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
aa0e3c4bbe12 iwinfo: nl80211: add support for printing the device path for a phy
dd6d6d2dec35 iwinfo: nl80211: use new path lookup function for nl80211_phy_idx_from_uci_path
268bb26d2e2a iwinfo: nl80211: support looking up phy by path=.. and macaddr=...
c0414642fead iwinfo: nl80211: fix typo
Signed-off-by: Felix Fietkau <nbd@nbd.name>
86ee86e nmea: parse $GPZDA sentences for date/time
8e12414 nmea: parse $GPGLL sentences for position
5e88403 ubus: display only available information
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This is only cosmetic, but the next one adding a patch here would
have to do it anyway, and thus will get a smaller diff for review
now.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The removed patches were integrated upstream.
The brcmf_driver_work workqueue was removed in brcmfmac with kernel
5.10.42, the asynchronous call was covered to a synchronous call. There
is no need to wait any more.
This part was removed manually from this patch:
brcm/860-brcmfmac-register-wiphy-s-during-module_init.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add mt7915e dependency on kmod-thermal
22b690334c0f mt76: mt7915: do not fail if the cooling device could not be registered
Signed-off-by: Felix Fietkau <nbd@nbd.name>
In there linux-firmware repository located in kernel, there were removed old
broadcom firmware [1] as they seem to be likely vulnerable to KrØØk vulnerability
(CVE-2019-15126), because Cypress released new versions and superseded
by it.
In OpenWrt, there is Makefile for cypress-firmware, which already provides
the same named packages like it was in linux-firmware. For example, cypress-firmware-43455-sdio
provides brcmfmac-firmware-43455-sdio [2].
Changelog between 2020118 and 20210315:
3568f96 (tag: 20210315) linux-firmware: Update firmware file for Intel Bluetooth AX210
9e96e50 linux-firmware: Update firmware file for Intel Bluetooth AX200
c8d0db5 linux-firmware: Update firmware file for Intel Bluetooth AX201
5e2a387 Merge tag 'iwlwifi-fw-2021-03-05-v3' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware into main
b0d3e31 rtw88: 8822c: Update normal firmware to v9.9.6
5a2fd63 iwlwifi: add new FWs from core59-66 release
4f54906 iwlwifi: update 9000-family firmwares
11b7607 iwlwifi: update 7265D firmware
e425f76 Merge branch 'add-silabs-wf200' of github.com:jerome-pouiller/linux-firmware into main
5ecd13f Mellanox: Add new mlxsw_spectrum firmware xx.2008.2406
58fb90a linux-firmware: add frimware for mediatek bluetooth chip (MT7921)
e576a1b rtw89: 8852a: add firmware v0.9.12.2
048a7cb WHENCE: add missing symlink for BananaPi M3
aa6c6e7 Add symlink for BananaPi M2 to brcmfmac43430-sdio config
58825f7 brcm: Fix Raspberry Pi 4B NVRAM file
520f71b silabs: add new firmware for WF200
f7915a0 amdgpu: add initial firmware for green sardine
80cb579 rtw88: RTL8822C: Update normal firmware to v9.9.5
b79d239 (tag: 20210208) Merge branch 'DG1-guc-huc-ADLS-dmc' of git://anongit.freedesktop.org/drm/drm-firmware into main
66970e1 Merge branch 'qcom-rb5' of https://github.com/lumag/linux-firmware into main
cf6fc2b Mellanox: Add new mlxsw_spectrum firmware xx.2008.2304
391fd50 linux-firmware: add firmware for MT7921
c5e3240 rtw88: RTL8821C: Update firmware to v24.8
d33d2d8 linux-firmware: Update firmware file for Intel Bluetooth AX210
3027ae4 linux-firmware: Update firmware file for Intel Bluetooth AX200
13979c3 linux-firmware: Update firmware file for Intel Bluetooth AX201
348d8a9 i915: Add DMC v2.01 for ADL-S
f33f1f7 i915: Add HuC v7.7.1 for DG1
6a422f5 i915: Add GuC v49.0.1 for DG1
df822a8 qcom: Add venus firmware files for VPU-1.0
11a1db1 qcom: Add SM8250 Compute DSP firmware
e55248b qcom: Add SM8250 Audio DSP firmware
da74cc6 qcom: add firmware files for Adreno a650
0578970 brcm: Link RPi4's WiFi firmware with DMI machine name.
d528862 brcm: Add NVRAM for Vamrs 96boards Rock960
870b805 brcm: Update Raspberry Pi 3B+/4B NVRAM for downstream changes
a28a590 cypress: Fix link direction
060ad8b cypress: Link the new cypress firmware to the old brcm files
0f0aefd brcm: remove old brcm firmwares that have newer cypress variants
f580dc2 rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x059A_25CB
7df2220 rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099a_7253
e79405d rtl_bt: Add firmware and config files for RTL8852A BT USB chip
ef3813d rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x829a_7644
646f159 (tag: 20201218) make AP6212 in bananpi m2 plus/zero work
28185ec linux-firmware: Update firmware file for Intel Bluetooth AX210
23da869 linux-firmware: Update firmware file for Intel Bluetooth AX200
2099248 linux-firmware: Update firmware file for Intel Bluetooth AX201
94de5e2 linux-firmware: Update firmware file for Intel Bluetooth 9560
27a3689 linux-firmware: Update firmware file for Intel Bluetooth 9260
5c3c4af Merge branch 'lt9611uxc' of https://github.com/lumag/linux-firmware into main
aaed4a8 Merge branch 'v1.1.6' of https://github.com/irui-wang/linux_fw_vpu_v1.1.6 into main
d8c9865 Merge branch 'master' of https://github.com/sampnimm/linux-firmware-BT into main
63ab3db linux-firmware: add firmware for Lontium LT9611UXC DSI to HDMI bridge
0fe0fe0 mediatek: update MT8173 VPU firmware to v1.1.6
1a08ec9 QCA : Updated firmware files for WCN3991
7455a36 Merge branch 'guc_v49' of git://anongit.freedesktop.org/drm/drm-firmware into main
7eb7fda linux-firmware: Update firmware file for Intel Bluetooth AX210
5cbf459 linux-firmware: Update firmware file for Intel Bluetooth AX210
c487f7d i915: Add GuC firmware v49.0.1 for all platforms
d9ffb07 i915: Remove duplicate KBL DMC entry
b362fd4 Mellanox: Add new mlxsw_spectrum firmware xx.2008.2018
bc9cd0b linux-firmware: Update AMD SEV firmware
54c797a amdgpu: add sienna cichlid firmware for 20.45
1340e9c amdgpu: update vega20 firmware for 20.45
b260c9c amdgpu: update vega12 firmware for 20.45
d683bd5 amdgpu: update vega10 firmware for 20.45
7c81cc2 amdgpu: update renoir firmware for 20.45
3619e57 amdgpu: update navi14 firmware for 20.45
68ce0fb amdgpu: update navi12 firmware for 20.45
e889b80 amdgpu: update navi10 firmware for 20.45
f4edc15 amdgpu: update raven2 firmware for 20.45
e71210f amdgpu: update raven firmware for 20.45
[1] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0f0aefd733f70beae4c0246edbd2c158d5ce974c
[2] eeda8652f1/package/firmware/cypress-firmware/Makefile (L124)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This adds support for the Askey RT4230W REV6
(Branded by Spectrum/Charter as RAC2V1K)
At this time, there's no way to reinstall the stock firmware so don't install
this on a router that's being rented.
Specifications:
Qualcomm IPQ8065
1 GB of RAM (DDR3)
512 MB Flash (NAND)
2x Wave 2 WiFi cards (QCA9984)
5x 10/100/1000 Mbps Ethernet (Switch: QCA8337)
1x LED (Controlled by a microcontroller that switches it between red and
blue with different patterns)
1x USB 3.0 Type-A
12V DC Power Input
UART header on PCB - pinout from top to bottom is RX, TX, GND, 5V
Port settings are 115200n8
More information: https://forum.openwrt.org/t/askey-rac2v1k-support/15830https://deviwiki.com/wiki/Askey_RAC2V1K
To check what revision your router is, restore one of these config backups
through the stock firmware to get ssh access then run
"cat /proc/device-tree/model".
https://forum.openwrt.org/t/askey-rac2v1k-support/15830/17
The revision number on the board doesn't seem to be very consistent so that's
why this is needed. You can also run printenv in the uboot console and if
machid is set to 177d, that means your router is rev6.
Note: Don't install this if the router is being rented from an ISP. The defined
partition layout is different from the OEM one and even if you changed the
layout to match, backing up and restoring the OEM firmware breaks /overlay so
nothing will save and the router will likely enter a bootloop.
How to install:
Method 1: Install without opening the case using SSH and tftp
You'll need:
RAC2V1K-SSH.zip:
https://github.com/lmore377/openwrt-rt4230w/blob/master/RAC2V1K-SSH.zip
initramfs and sysupgrade images
Connect to one of the router's LAN ports
Download the RAC2V1K-SSH.zip file and restore the config file that
corresponds to your router's firmware (If you're firmware is newer than what's
in the zip file, just restore the 1.1.16 file)
After a reboot, you should be able to ssh into the router with username:
"4230w" and password: "linuxbox" or "admin". Run the following commannds
fw_setenv ipaddr 10.42.0.10 #IP of router, can be anything as long as
it's in the same subnet as the server
fw_setenv serverip 10.42.0.1# #IP of tftp server that's set up in next
steps
fw_setenv bootdelay 8
fw_setenv bootcmd "tftpboot initramfs.bin; bootm; bootipq"
Don't reboot the router yet.
Install and set up a tftp server on your computer
Set a static ip on the ethernet interface of your computer (use this for
serverip in the above commands)
Rename the initramfs image to initramfs.bin, and host it with the tftp
server
Reboot the router. If you set up everything right, the router led should
switch over to a slow blue glow which means openwrt is booted. If for some
reason the file doesn't get loaded into ram properly, it should still boot to
the OEM firmware.
After openwrt boots, ssh into it and run these commands:
fw_setenv bootcmd "setenv mtdids nand0=nand0 && setenv mtdparts
mtdparts=nand0:0x1A000000@0x2400000(firmware) && ubi part firmware && ubi
read 0x44000000 kernel 0x6e0000 && bootm"
fw_setenv bootdelay 2
After openwrt boots up, figure out a way to get the sysupgrade file onto it
(scp, custom build with usb kernel module included, wget, etc.) then flash it
with sysupgrade. After it finishes flashing, it should reboot, the light should
start flashing blue, then when the light starts "breathing" blue that means
openwrt is booted.
Method 2: Install with serial access (Do this if something fails and you can't
boot after using method 1)
You'll need:
initramfs and sysupgrade images
Serial access:
https://openwrt.org/inbox/toh/askey/askey_rt4230w_rev6#opening_the_case
Install and set up a tftp server
Set a static ip on the ethernet interface of your computer
Download the initramfs image, rename it to initramfs.bin, and host it with
the tftp server
Connect the wan port of the router to your computer
Interrupt U-Boot and run these commands:
setenv serverip 10.42.0.1 (You can use whatever ip you set for the computer)
setenv ipaddr 10.42.0.10 (Can be any ip as long as it's in the same subnet)
setenv bootcmd "setenv mtdids nand0=nand0 &&
set mtdparts mtdparts=nand0:0x1A000000@0x2400000(firmware) && ubi part firmware
&& ubi read 0x44000000 kernel 0x6e0000 && bootm"
saveenv
tftpboot initramfs.bin
bootm
After openwrt boots up, figure out a way to get the sysupgrade file onto it
(scp, custom build with usb kernel module included, wget, etc.) then flash it
with sysupgrade. After it finishes flashing, it should reboot, the light should
start flashing blue, then when the light starts "breathing" blue that means
openwrt is booted.
Signed-off-by: Lauro Moreno <lmore377@gmail.com>
[add entry in 5.10 patch, fix whitespace issues]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Specifications:
- SoC: MT7621AT
- RAM: 256MB
- Flash: 128MB NAND
- Ethernet: 5 Gigabit ports
- WiFi: 2.4G/5G MT7615N
- USB: 1 USB 3.0, 1 USB 2.0
This device is very similar to the EA7300 v1/v2 and EA7500 v2.
Installation:
Upload the generated factory image through the factory web interface.
(following part taken from EA7300 v2 commit message:)
This might fail due to the A/B nature of this device. When flashing, OEM
firmware writes over the non-booted partition. If booted from 'A',
flashing over 'B' won't work. To get around this, you should flash the
OEM image over itself. This will then boot the router from 'B' and
allow you to flash OpenWRT without problems.
Reverting to factory firmware:
Hard-reset the router three times to force it to boot from 'B.' This is
where the stock firmware resides. To remove any traces of OpenWRT from
your router simply flash the OEM image at this point.
With thanks to Leon Poon (@LeonPoon) for the initial bringup.
Signed-off-by: Tee Hao Wei <angelsl@in04.sg>
[add missing entry in 10_fix_wifi_mac]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Amped Wireless ALLY is a whole-home WiFi kit, with a router (model
ALLY-R1900K) and an Extender (model ALLY-00X19K). Both are devices are
11ac and based on MediaTek MT7621AT and MT7615N chips. The units are
nearly identical, except the Extender lacks a USB port and has a single
Ethernet port.
Specification:
- SoC: MediaTek MT7621AT (2C/4T) @ 880MHz
- RAM: 128MB DDR3 (Nanya NT5CC64M16GP-DI)
- FLASH: 128MB NAND (Winbond W29N01GVSIAA)
- WiFi: 2.4/5 GHz 4T4R
- 2.4GHz MediaTek MT7615N bgn
- 5GHz MediaTek MT7615N nac
- Switch: SoC integrated Gigabit Switch
- USB: 1x USB3 (Router only)
- BTN: Reset, WPS
- LED: single RGB
- UART: through-hole on PCB.
J1: pin1 (square pad, towards rear)=3.3V, pin2=RX,
pin3=GND, pin4=TX. Settings: 57600/8N1.
Note regarding dual system partitions
-------------------------------------
The vendor firmware and boot loader use a dual partition scheme. The boot
partition is decided by the bootImage U-boot environment variable: 0 for
the 1st partition, 1 for the 2nd.
OpenWrt does not support this scheme and will always use the first OS
partition. It will set bootImage to 0 during installation, making sure
the first partition is selected by the boot loader.
Also, because we can't be sure which partition is active to begin with, a
2-step flash process is used. We first flash an initramfs image, then
follow with a regular sysupgrade.
Installation:
Router (ALLY-R1900K)
1) Install the flashable initramfs image via the OEM web-interface.
(Alternatively, you can use the TFTP recovery method below.)
You can use WiFi or Ethernet.
The direct URL is: http://192.168.3.1/07_06_00_firmware.html
a. No login is needed, and you'll be in their setup wizard.
b. You might get a warning about not being connected to the Internet.
c. Towards the bottom of the page will be a section entitled "Or
Manually Upgrade Firmware from a File:" where you can manually choose
and upload a firmware file.
d: Click "Choose File", select the OpenWRT "initramfs" image and click
"Upload."
2) The Router will flash the OpenWrt initramfs image and reboot. After
booting, LuCI will be available on 192.168.1.1.
3) Log into LuCI as root; there is no password.
4) Optional (but recommended) is to backup the OEM firmware before
continuing; see process below.
5) Complete the Installation by flashing a full OpenWRT image. Note:
you may use the sysupgrade command line tool in lieu of the UI if
you prefer.
a. Choose System -> Backup/Flash Firmware.
b. Click "Flash Image..." under "Flash new firmware image"
c. Click "Browse..." and then select the sysupgrade file.
d. Click Upload to upload the sysupgrade file.
e. Important: uncheck "Keep settings and retain the current
configuration" for this initial installation.
f. Click "Continue" to flash the firmware.
g. The device will reboot and OpenWRT is installed.
Extender (ALLY-00X19K)
1) This device requires a TFTP recovery procedure to do an initial load
of OpenWRT. Start by configuring a computer as a TFTP client:
a. Install a TFTP client (server not necessary)
b. Configure an Ethernet interface to 192.168.1.x/24; don't use .1 or .6
c. Connect the Ethernet to the sole Ethernet port on the X19K.
2) Put the ALLY Extender in TFTP recovery mode.
a. Do this by pressing and holding the reset button on the bottom while
connecting the power.
b. As soon as the LED lights up green (roughly 2-3 seconds), release
the button.
3) Start the TFTP transfer of the Initramfs image from your setup machine.
For example, from Linux:
tftp -v -m binary 192.168.1.6 69 -c put initramfs.bin
4) The Extender will flash the OpenWrt initramfs image and reboot. After
booting, LuCI will be available on 192.168.1.1.
5) Log into LuCI as root; there is no password.
6) Optional (but recommended) is to backup the OEM firmware before
continuing; see process below.
7) Complete the Installation by flashing a full OpenWRT image. Note: you
may use the sysupgrade command line tool in lieu of the UI if you prefer.
a. Choose System -> Backup/Flash Firmware.
b. Click "Flash Image..." under "Flash new firmware image"
c. Click "Browse..." and then select the sysupgrade file.
d. Click Upload to upload the sysupgrade file.
e. Important: uncheck "Keep settings and retain the current
configuration" for this initial installation.
f. Click "Continue" to flash the firmware.
g. The device will reboot and OpenWRT is installed.
Backup the OEM Firmware:
-----------------------
There isn't any downloadable firmware for the ALLY devices on the Amped
Wireless web site. Reverting back to the OEM firmware is not possible
unless we have a backup of the original OEM firmware.
The OEM firmware may be stored on either /dev/mtd3 ("firmware") or
/dev/mtd6 ("oem"). We can't be sure which was overwritten with the
initramfs image, so backup both partitions to be safe.
1) Once logged into LuCI, navigate to System -> Backup/Flash Firmware.
2) Under "Save mtdblock contents," first select "firmware" and click
"Save mtdblock" to download the image.
3) Repeat the process, but select "oem" from the pull-down menu.
Revert to the OEM Firmware:
--------------------------
* U-boot TFTP:
Follow the TFTP recovery steps for the Extender, and use the
backup image.
* OpenWrt "Flash Firmware" interface:
Upload the backup image and select "Force update"
before continuing.
Signed-off-by: Jonathan Sturges <jsturges@redhat.com>
This adds support for the Netgear WAC510 Insight Managed Smart Cloud
Wireless Access Point, an indoor dual-band, dual-radio 802.11ac
business-class wireless AP with integrated omnidirectional antennae
and two 10/100/1000 Mbps Ethernet ports.
For more information see:
<https://www.netgear.com/business/wifi/access-points/wac510>
Specifications:
SoC: Qualcomm IPQ4018 (DAKOTA) ARM Quad-Core
RAM: 256 MiB
Flash1: 2 MiB Winbond W25Q16JV SPI-NOR
Flash2: 128 MiB Winbond W25N01GVZEIG SPI-NAND
Ethernet: Built-in IPQ4018 (SoC, QCA8072 PHY), 2x 1000/100/10 port,
WAN port active IEEE 802.3af/at PoE in
Wireless1: Built-in IPQ4018 (SoC) 802.11b/g/n 2x2:2, 3 dBi antennae
Wireless2: Built-in IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 4 dBi antennae
Input: (Optional) Barrel 12 V 2.5 A Power, Reset button SW1
LEDs: Power, Insight, WAN PoE, LAN, 2.4G WLAN, 5G WLAN
Serial: Header J2
1 - 3.3 Volt (Do NOT connect!)
2 - TX
3 - RX
4 - Ground
WARNING: The serial port needs a TTL/RS-232 3.3 volt level converter!
The Serial settings are 115200-8-N-1.
Installation via Stock Web Interface:
BTW: The default factory console/web interface login user/password are
admin/password.
In the web interface navigating to Management - Maintenance - Upgrade -
'Firmware Upgrade' will show you what is currently installed e.g.:
Manage Firmware
Current Firmware Version: V5.0.10.2
Backup Firmware Version: V1.2.5.11
Under 'Upgrade Options' choose Local (alternatively SFTP would be
available) then click/select 'Browse File' on the right side, choose
openwrt-ipq40xx-generic-netgear_wac510-squashfs-nand-factory.tar
and hit the Upgrade button below. After a minute or two your browser
should indicate completion printing 'Firmware update complete.' and
'Rebooting AP...'.
Note that OpenWrt will use the WAN PoE port as actual WAN port
defaulting to DHCP client but NOT allowing LuCI access, use LAN port
defaulting to 192.168.1.1/24 to access LuCI.
Installation via TFTP Requiring Serial U-Boot Access:
Connect to the device's serial port and hit any key to stop autoboot.
Upload and boot the initramfs based OpenWrt image as follows:
(IPQ40xx) # setenv serverip 192.168.1.1
(IPQ40xx) # setenv ipaddr 192.168.1.2
(IPQ40xx) # tftpboot openwrt-ipq40xx-generic-netgear_wac510-initramfs-fit-uImage.itb
(IPQ40xx) # bootm
Note: This only runs OpenWrt from RAM and has not installed anything
to flash as of yet. One may permanently install OpenWrt as follows:
Check the MTD device number of the active partition:
root@OpenWrt:/# dmesg | grep 'set to be root filesystem'
[ 1.010084] mtd: device 9 (rootfs) set to be root filesystem
Upload the factory image ending with .ubi to /tmp (e.g. using scp or
tftp). Then flash the image as follows (substituting the 9 in mtd9
below with whatever number reported above):
root@OpenWrt:/# ubiformat /dev/mtd9 -f /tmp/openwrt-ipq40xx-generic-netgear_wac510-squashfs-nand-factory.ubi
And reboot.
Dual Image Configuration:
The default U-Boot boot command bootipq uses the U-Boot environment
variables primary/secondary to decide which image to boot. E.g.
primary=0, secondary=3800000 uses rootfs while primary=3800000,
secondary=0 uses rootfs_1.
Switching their values changes the active partition. E.g. from within
U-Boot:
(IPQ40xx) # setenv primary 0
(IPQ40xx) # setenv secondary 3800000
(IPQ40xx) # saveenv
Or from a OpenWrt userspace serial/SSH console:
fw_setenv primary 0
fw_setenv secondary 3800000
Note that if you install two copies of OpenWrt then each will have its
independent configuration not like when switching partitions on the
stock firmware.
BTW: The kernel log shows which boot partition is active:
[ 2.439050] ubi0: attached mtd9 (name "rootfs", size 56 MiB)
vs.
[ 2.978785] ubi0: attached mtd10 (name "rootfs_1", size 56 MiB)
Note: After 3 failed boot attempts it automatically switches partition.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Marcel Ziswiler <marcel@ziswiler.com>
[squashed netgear-tar commit into main and rename netgear-tar for
now, until it is made generic.]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
In setups using VLAN bridge filtering, hostapd may need to communicate using
a VLAN interface on top of the bridge, instead of using the bridge directly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Device specifications:
======================
* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi (11n)
* 2T2R 5 GHz Wi-Fi (11ac)
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x ethernet
- eth0
+ Label: Ethernet 1
+ AR8035 ethernet PHY (RGMII)
+ 10/100/1000 Mbps Ethernet
+ 802.3af POE
+ used as WAN interface
- eth1
+ Label: Ethernet 2
+ AR8035 ethernet PHY (SGMII)
+ 10/100/1000 Mbps Ethernet
+ used as LAN interface
* 1x USB
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Device specifications:
======================
* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi (11n)
* 3T3R 5 GHz Wi-Fi (11ac)
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x ethernet
- eth0
+ Label: Ethernet 1
+ AR8035 ethernet PHY (RGMII)
+ 10/100/1000 Mbps Ethernet
+ 802.3af POE
+ used as WAN interface
- eth1
+ Label: Ethernet 2
+ AR8031 ethernet PHY (SGMII)
+ 10/100/1000 Mbps Ethernet
+ used as LAN interface
* 1x USB
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The ath patch number is already large and adding other patch for ath11k
will add more confusion with the patch numbering.
Since the support of ath11k based device is imminent, prepare the mac80211
ath patch dir and split it in the dedicated ath5k, ath9k, ath10k and ath11k
(empty for now).
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
61a71e5e49c3 bridge: dynamically create vlans for hotplug members
cb6ee9608e10 bridge: fix dynamic delete of hotplug vlans
7f199050f395 wireless: pass the real network ifname to the setup script
50381d0a2998 bridge: allow adding/removing VLANs to configured member ports via hotplug
Signed-off-by: Felix Fietkau <nbd@nbd.name>
bddc1db76d0f mt76: mt7915: drop the use of repeater entries for station interfaces
3c90f35dddac mt76: mt7915: add thermal sensor device support
afab0e8202ff mt76: mt7915: add thermal cooling device support
41cf02184699 mt76: mt7615: add thermal sensor device support
2ac6b8762565 mt76: connac: update BA win size in Rx direction
ddb301127291 mt76: mt7921: fix reset under the deep sleep is enabled
e4cbefd1d69a mt76: mt7921: avoid unnecessary consecutive WiFi resets
393eea2034d7 mt76: mt7921: fix invalid register access in wake_work
a15d46407ffa mt76: mt7921: fix OMAC idx usage
e4d267d8e900 mt76: mt7921: enable runtime pm by default
50fd8ce2412a mt76: connac: add bss color support for sta mode
e29058c3c860 mt76: mt7921: return proper error value in mt7921_mac_init
c89c8c347b1e mt76: mt7921: do not schedule hw reset if the device is not running
9f7bb428e587 mt76: mt7921: reset wfsys during hw probe
22ea365913b5 mt76: mt7915: add .offset_tsf callback
ad91f8e8e494 mt76: mt7615: add .offset_tsf callback
6f871f35e3c1 mt76: mt7915: use mt7915_mcu_get_txpower_sku() to get per-rate txpower
597b68b7daa3 mt76: mt7615: remove useless if condition in mt7615_add_interface()
3945264468eb mt76: testmode: fix memory leak in mt76_testmode_alloc_skb
bdcc57a11606 mt76: testmode: remove unnecessary function calls in mt76_testmode_free_skb
a9763452601d mt76: testmode: remove undefined behaviour in mt76_testmode_alloc_skb
4aef2a2be464 mt76: mt7615: fix potential overflow on large shift
d9dd7635b055 mt76: mt7915: use mt7915_mcu_get_mib_info() to get survey data
d740e921758a mt76: mt7921: introduce mac tx done handling
259ddfc7cb73 mt76: mt7921: update statistic in active mode only
757b93f4b179 mt76: mt7921: remove leftover 80+80 HE capability
1fcff599b2e1 mt76: allow hw driver code to overwrite wiphy interface_modes
c55c22e39b7d mt7915: update firmware to 2020110522
10548aef1f45 mt76: mt7915: improve error recovery reliability
ed6b0c79820c mt76: mt7921: set MT76_RESET during mac reset
321443258bea mt76: move mt76_rates in mt76 module
d1652e8af9e1 Revert "mt76: connac: do not schedule wake_work if the runtime-pm is disabled"
4f4cab39ed9f mt76: mt7915: read all eeprom fields from fw in efuse mode
71450535f164 mt76: mt7921: enable hw offloading for wep keys
833d577e430c mt76: mt7921: remove mt7921_get_wtbl_info routine
67b7a22d2b99 mt76: mt7921: enable random mac address during sched_scan
cf1ff7bf4f1b mt76: mt7915: setup drr group for peers
ef2f7aa8745f mt76: mt7615: update radar parameters
b9f09f530223 mt76: mt7915: fix MT_EE_CAL_GROUP_SIZE
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes it possible to avoid using a RADIUS server for WPA enterprise authentication
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This allows WPA enterprise roaming in the same mobility domain without any
manual key configuration (aside from radius credentials)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
It allows enforcing a limit on associated stations to be enforced for the
full device, e.g. in order to deal with hardware/driver limitations
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Some drivers advertise it, but it's not supported at the moment
Reported-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The colon does not directly follow the "VHT Capabilities" string
Reported-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This update only adds one commit:
b102f19bcc53 tests: Opportunistic Wireless Encryption - SA Query
The main reason for the bump is to have a newer PKG_SOURCE_DATE,
so we can reset PKG_RELEASE to 1 (this has not been done for the
most recent bump), and replace it with AUTORELEASE.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
1. Move code above interface generation
It results in more logical order. Device gets its config section
above interface section.
2. Drop the loop
We have separated code handling bridges now so $device should be
guaranteed to contain a single device name.
3. Drop section name
It's not required by netifd or LuCI & it's not needed by this script
as $device contains a single device name now.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The underlying logread process uses usock() to handle remote connections
which is able to handle both hostnames and IP addresses.
Ref: https://github.com/openwrt/luci/issues/5077
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Replace "ifname" with "device" as netifd has been recently patches to
used the later one. It's more clear and accurate.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Channel 100 is a valid channel to choose for 80MHz operation. However,
it's assigned to 5500 MHz, not 5550MHz. In fact, there is no channel
assigned to this frequency.
Fix this obbvious typo to allow ACS to select channel 100 for 80 MHz
operation again.
Signed-off-by: David Bauer <mail@david-bauer.net>
The name of the module is 'uleds', not 'leds-uleds'.
Signed-off-by: Evgeny Kolesnikov <evgenyz@gmail.com>
[improve commit title]
Signed-off-by: David Bauer <mail@david-bauer.net>
This fixes `iw dev wlan0-mesh station dump`.
8fab0c9 iw: fix ftm_request missing arguments segfault
e816fbc iw: fix mgmt dump missing arguments segfault
5d9d1b8 iw: Fix timestamp output on 32-bit architectures
4b25ae3 iw: fix pointer arithmetic in __print_he_capa
c3df363 iw: add option to print human readable event time
cd64525 iw: print ctrl port tx status event
0ba98b9 iw: use correct type in policy check for mesh
9e38dee iw: scan: fixup HE caps whitespace
17e8564 iw: scan: parse HE capabilities
5735e58 iw: util: factor out HE capability parser
6d8d507 iw: scan: add extension tag parsing
b4e1ec4 man: update wikipage URL, reformat SEE ALSO section
c56036a iw: enable 80MHz support for 6GHz band 11s mesh
fa72728 iw: handle positive error codes gracefully
7ba9093 iw: scan: add flag for scanning colocated ap
5ec60ed iw: Add 'coloc' and 'flush' options to sched_scan
f8ade75 iw: update wikipage URL
b6f2dac iw: Add support for specifying the 160MHz bandwidth when setting the channel/frequency
Signed-off-by: Andre Heider <a.heider@gmail.com>
Instead of requiring the user to call it on each BSS individually,
run it on all BSSs internally.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
899c2a4 interface: support "device" attribute and deprecate "ifname"
62e3cb5 scripts/netifd-wireless.sh: add support for specifying the operating band
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
1) Use SPDX license headers to be machine readable.
2) Update copyright to 2021.
3) Use $(PROJECT_GIT) instead of manually specifying the git url.
4) Use $(AUTORELEASE) to automatically set the correct PKG_RELEASE.
Signed-off-by: Nick Hainke <vincent@systemli.org>
The SRV was added some time ago and should be mentioned in the short
help message to avoid confusion about missing features.
Signed-off-by: Paul Spooren <mail@aparcar.org>
0d5860d fix memory leak in nat46_netdev_destroy().The netdev is forgotten to free in nat46_netdev_destroy function (#26)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
After the commit 43fc720657
("base-files: generate "device UCI type section for bridge"), the wrong
network configuration is generated for the devices that already have the
bridge device section for VLAN, such as the devices in realtek target.
As a result, the bridge device by additional "device" section is
specified to the "ports" option in the "bridge-vlan" section and netifd
shuts down the switch and the ethernet when the network service started.
Fixes: 43fc720657 ("base-files: generate "device" UCI type section for bridge")
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
[rmilecki: use $ports for generate_bridge_vlan argument]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This marks all packages which depend on a target with @TARGET nonshared.
If they are not marked nonshared they would be build by the SDK build
and if this happens with a different SDK, then the SDK from the target
the package depends on, the package would not be added to the index.
This should fix the image builder for some of these packages.
This should fix the image builder at least for bcm27xx/bcm2710 and
bcm4908/generic.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
ATH_REG_DYNAMIC_USER_REG_HINTS is currently not being set as mac80211
tries to set it as m which is not possible as its boolean only.
Since its used alongside user regulatory, move it to USER_REGD.
This is required for ath11k to accept regulatory changes, otherwise
it wont accept any changes and will simply force US.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This patch fixes a recently found problem when a zImage passed to
kexec-tools contains an appended DTB. In that case kexec boot fails because
the decompressor wrongly tries to use the non-existing appended DTB instaed
of the one passed in the register r2.
- http://lists.infradead.org/pipermail/kexec/2021-April/022353.html
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
CONFIG_CRYPTO_DEV_TALITOS depends on FSL_SOC. This driver only makes sense
on Freescale(NXP) SoCs.
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
CONFIG_CRYPTO_DEV_GEODE depends on X86_32. This driver only makes sense
on X86\geode.
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
CONFIG_CRYPTO_PCOMP and CONFIG_CRYPTO_PCOMP2 have been removed in upstream commit[1].
This symbol doesn't exist since kernel 4.6 and this package is empty.
1. [ crypto: compress - remove unused pcomp interface ]
(110492183c)
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
CONFIG_CRYPTO_WORKQUEUE was removed in upstream commit[1]. This symbol doesn't
exist since kernel 5.3 and this package is empty.
1. [ crypto: cryptd - move kcrypto_wq into cryptd ]
(3e56e16863)
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
Support for wolfSSL has been upstreamed to the master OpenVPN branch
in f6dca235ae560597a0763f0c98fcc9130b80ccf4, so we can use wolfSSL
directly in OpenVPN. So no more needed differnt SSL engine for OpenVPN
in systems based on wolfSSL library
Compiled && tested on ramips/mt7620, ramips/mt7621
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Adds support for LEDs on input devices. Useful for example on x86 laptops-
allows re-purposing num/caps/scroll lock LEDs.
Signed-off-by: Anderson McKinley <coyoso@tuta.io>
Since upstream commit 6467de5a8840 ("Randomize z ordinates in
scalar mult when timing resistant") WolfSSL requires a RNG for
the EC key when built hardened which is the default.
Set the RNG for the EC key to fix connections for OWE clients.
Signed-off-by: David Bauer <mail@david-bauer.net>
Since commit 6467de5a8840 ("Randomize z ordinates in scalar
mult when timing resistant") wolfssl requires a RNG for an EC
key when the hardened built option is selected.
wc_ecc_set_rng is only available when built hardened, so there
is no safe way to install the RNG to the key regardless whether
or not wolfssl is compiled hardened.
Always export wc_ecc_set_rng so tools such as hostapd can install
RNG regardless of the built settings for wolfssl.
Signed-off-by: David Bauer <mail@david-bauer.net>
This fixed b36b8b6929
("busybox: remove nslookup_lede/openwrt.patch")
It is likely dropped by mistake, This add back the changes
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Florian Ekert reported:
"I have build a fresh master branch recently, Since your last change [1]
on grub2, I have now a new dependency on liblzma for the install package
grub2-editenv.
root@st-dev-07 /usr/lib # ldd /root/grub-editenv
/lib/ld-musl-x86_64.so.1 (0x7f684b088000)
liblzma.so.5 => /usr/lib/liblzma.so.5 (0x7f684b06d000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7f684b059000)
libc.so => /lib/ld-musl-x86_64.so.1 (0x7f684b088000)
This was not the case before your update.
root@st-dev-07 /usr/sbin # ldd /usr/sbin/grub-editenv
/lib/ld-musl-x86_64.so.1 (0x7fd970176000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7fd970162000)
libc.so => /lib/ld-musl-x86_64.so.1 (0x7fd970176000)
My build complains that it cannot satisfy the runtime package dependency
for grub2-editenv.
install -d -m0755 /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/ipkg-x86_64/grub2-editenv/usr/sbin
install -m0755 /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/grub-editenv /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/ipkg-x86_64/grub2-editenv/usr/sbin/
find /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/build_dir/target-x86_64_musl/linux-x86_64/grub-pc/grub-2.06~rc1/ipkg-x86_64/grub2-editenv -name 'CVS' -o -name '.svn' -o -name '.#*' -o -name '*~'| xargs -r rm -rf
Package grub2-editenv is missing dependencies for the following libraries:
liblzma.so.5
make[2]: *** [Makefile:166: /home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/bin/APOS/feckert/master/master-Maggie-455-ga5edc0e8e/x86_64/targets/x86/64/packages/grub2-editenv_2.06~rc1-1_x86_64.ipk] Error 1
make[2]: Leaving directory '/home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/package/boot/grub2'
time: package/boot/grub2/pc/compile#78.64#9.79#83.88
ERROR: package/boot/grub2 failed to build (build variant: pc).
make[1]: *** [package/Makefile:116: package/boot/grub2/compile] Error 1
make[1]: Leaving directory '/home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt'
make: *** [/home/feckert/workspace/openwrt/LDM-master-x86_64/build/openwrt/include/toplevel.mk:230: package/boot/grub2/compile] Error 2
If I add the following changes to the package all works as expected.
<snip>
- DEPENDS:=@TARGET_x86
+ DEPENDS:=@TARGET_x86 +liblzma
VARIANT:=pc
endef
This is a hotfix but I dont´t think this is the final solution, because lzma is provided by the package xz.
And This is maintained in the package feed [not the core]"
Dirk stated & offered his patch to disable liblzma and thus resolve the
'out of core dependency' problem:
"LZMA is used in mkimage.c
disabling it prints
Without liblzma (no support for XZ-compressed mips images) (explicitly disabled)
(see configure.ac)
liblzma is autodetected so this issue was present but hidden somehow
[unsure: grep/image generation does not use grub with that option]
OpenWrt does not use that feature currently
[!] some scripts and examples use --compression=xz or -C xz and those will break
grub has an internal xzlib for different "lzma" functionality
(ext. LIBLZMA from XZ (GRUB_COMPRESSION_XZ) vs. GRUB_COMPRESSION_LZMA)"
Hopefully fixes e74d81ece2 and doesn't
break anything else.
Signed-off-by: Dirk Neukirchen <plntyk.lede@plntyk.name>
[include Florian's description of how problem 1st encountered]
[bump package release]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The current version of 'uboot-envtools' package generates dedicated
uci-default file only per target. This change makes it possible to
use subtarget-specific files, with name pattern: 'target_subtarget'
(example: 'ath79_nand'). The subtarget-specific files will take
precedence over target-specific one.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
This reverts commit f716c30241.
Migrating everyone to the new syntax could break downgrades. We may
reintroduce it way later if needed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Missing br- prefix could result in name conflict between DSA port
interface and bridge interface. Some devices with just one LAN port use
"lan" interface name for DSA port. Trying to create bridge with the same
"lan" name was failing.
Reported-by: David Bauer <mail@david-bauer.net>
Fixes: 43fc720657 ("base-files: generate "device" UCI type section for bridge")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
/etc/syslog.conf is used by sysklogd, and /etc/crontabs is used
by crond, both features of busybox. Given this, ownership for
these files should be bound to busybox, especially if one day
there's a way to do an in-place opkg update of busybox.
There's also the busybox provided syslogd which uses this file
if CONFIG_BUSYBOX_FEATURE_SYSLOGD_CFG is set.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The nslookup_lede/openwrt applet was introduced in de5b8e5. It was
introduced because:
Add a new LEDE nslookup applet which is compatible with musl libc
and providing more features like ability to specify query type.
In contrast to busybox' builtin nslookup applet, this variant does
not rely on libc resolver internals but uses explicit send logic
and the libresolv primitives to parse received DNS responses.
In busybox this applet is added in 0dd3be8. In particular, this commit
introduces the variable NSLOOKUP_BIG. We set the default to true and
so nothing changes.
Signed-off-by: Nick Hainke <vincent@systemli.org>
On login busybox shows a timestamp per default contianing the build
date. Since the build date isn't reproducible per default this behaviour
was disabled by default via 34df4d40 "busybox: disable timestamp in
version".
This commit modifies busybox so that the printed timestamp reproducible
using SOURCE_DATE_EPOCH and therefore shouldn't be disabled anymore.
Before:
BusyBox v1.33.1 () built-in shell (ash)
After:
BusyBox v1.33.1 (2021-05-13 09:34:34 UTC) built-in shell (ash)
Signed-off-by: Paul Spooren <mail@aparcar.org>
netifd has been recently patched to use more accurate "ports" option
instead of "ifname". This is a simple translation between two UCI
options.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This switches from the old way of defining bridges in an "interface" UCI
section type (that should be used for layer 3 only). From now a defualt
board switch will have its own "device" UCI section type. It's a new &
preferred way of defining L2 devices.
Before:
config interface 'lan'
option type 'bridge'
option ifname 'lan1 lan2 lan3 lan4'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
After:
config device
option name 'lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option ifname 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
use AUTORELEASE since BusyBox is often updaten and PKG_RELEASE is not
consistently bumped. Also use SPDX license headers to be machine
readable and bump the copyright year to 2021.
Signed-off-by: Paul Spooren <mail@aparcar.org>
02dd2f2df7cb fix unannotated fall-through warnings
3052f2f67686 extdev: remove unused function
2a97fd006c3b device: add support for configuring devices with external auth handler
87e469be0c08 wireless: fix memory corruption bug when using vlans/station entries in the config
7277764bf817 bridge: rename "ifname" attribute to "ports"
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This can be used to handle network configuration of dynamically created vlan
interfaces in a more flexible way
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Bridge aggregates multiple ports so use a more accurate name ("ports")
and format (array) for storing them in board.json.
Example:
"network": {
"lan": {
"ports": [
"lan1",
"lan2",
"lan3",
"lan4"
],
"protocol": "static"
},
"wan": {
"ifname": "wan",
"protocol": "dhcp"
}
}
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the master feeds.
If one of the other keys would be compromised this would not affect
users of master snapshot builds.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
ZiKing CPE46B is a POE outdoor 2.4ghz device with an integrated directional
antenna. It is low cost and mostly available via Aliexpress, references can
be found at:
- https://forum.openwrt.org/t/anddear-ziking-cpe46b-ar9331-ap121/60383
- https://git.lsd.cat/g/openwrt-cpe46b
Specifications:
- Atheros AR9330
- 32MB of RAM
- 8MB of flash (SPI NOR)
- 1 * 2.4ghz integrated antenna
- 2 * 10/100/1000 ethernet ports (1 POE)
- 3 * Green LEDs controlled by the SoC
- 3 * Green LEDs controlled via GPIO
- 1 * Reset Button controlled via GPIO
- 1 * 4 pin serial header on the PCB
- Outdoor packaging
Flashing instruction:
You can use sysupgrade image directly in vendor firmware which is based
on OpenWrt/LEDE. In case of issues with the vendor GUI, the vendor
Telnet console is vulnerable to command injection and can be used to gain
a shell directly on the OEM OpenWrt distribution.
Signed-off-by: Giulio Lorenzo <salveenee@mortemale.org>
[fix whitespaces, drop redundant uart status and serial0, drop
num-chipselects, drop 0x1002 MAC address for wmac]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Remove vn call in favour of v call. This commit serves as preparation
for removing the v function call.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[alter slightly to prevent double space after colon]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
When building GRUB with binutils 2.35.2 or later, an error occurs due to
a section .note.gnu.property that is placed at an offset such that
objcopy needs to pad the img file with zeros. This in turn causes the
following error: "error: Decompressor is too big.".
The fix accepted by upstream patches a python script that isn't executed
at all when building GRUB with OpenWrt buildroot. There's another patch
that patches the files generated by that python script directly, but by
including it we would deviate further from upstream. Instead of doing
that, simply bump to the latest release candidate.
As one of the fixes for the CVEs causes grub to crash on some x86
hardware using legacy BIOS when compiled with -O2, filter -O2 and
-O3 out of TARGET_CFLAGS.
Fixes the following CVEs:
- CVE-2020-14372
- CVE-2020-25632
- CVE-2020-25647
- CVE-2020-27749
- CVE-2020-27779
- CVE-2021-3418
- CVE-2021-20225
- CVE-2021-20233
Runtime-tested on x86/64.
Fixes: FS#3790
Suggested-by: Dirk Neukirchen <plntyk.lede@plntyk.name>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
c44b40b overlay: fix syncronizing typo
b5397a1 fstools: block: fix segfault on mount with no target
bd7cc8d block: use dynamically allocated target string
6d8450e blockd: use allocated strings instead of fixed buffers
d47909e libblkid-tiny: fix buffer overflow
67d2297 block: match device path instead of assuming /dev/%s
2aeba88 block: allow autofs and umount commands also on MTD/UBI
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
28b162366d09 mt76: fix calling mt76_get_of_eeprom with an offset for pre-cal data
9d736545bb5a mt76: mt7915: disable pre-calibration support for now
Signed-off-by: Felix Fietkau <nbd@nbd.name>
6a6011d uclient-http: set eof mark when content-length is 0
19571e4 tests: fix help usage test for uclient built with sanitizer
c5fc04b tests: fix help usage test
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
PREFER_IPV4_ADDRESS is broken on IPv6-only hosts, as it causes busybox
utilities (ping, traceroute, ntpd) to forcibly use the A record instead of
the AAAA record when resolving a DNS name. This obviously fails when
there is no IPv4 connectivity. Since IPv6-only hosts or routers will only
become more common over time, disable PREFER_IPV4_ADDRESS to support this
use-case.
As a side-effect, disabling PREFER_IPV4_ADDRESS changes the default
resolution behaviour of busybox utilities on dual-stack hosts. Busybox
utilities now simply use the order given by getaddrinfo(), so they will
now prefer IPv6 addresses when resolving a name with both A and AAAA
records if there is IPv6 connectivity. This is in line with RFC 6724.
PREFER_IPV4_ADDRESS was likely intended to work around naive
implementations of getaddrinfo() that could return AAAA records first,
even on an IPv4-only host. But both musl (since 1.1.3) and glibc
correctly implement RFC 6724 for getaddrinfo() and check connectivity to
determine the correct order in which to return records. On IPv4-only
hosts, getaddrinfo() will return A records first, so there is no need for
the PREFER_IPV4_ADDRESS hack.
See also: https://bugs.busybox.net/show_bug.cgi?id=12381
Fixes: FS#84
Fixes: FS#2608
References: https://github.com/openwrt/openwrt/pull/4167
Signed-off-by: Alexander Traud <pabstraud@compuserve.com>
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Before this commit, it was assumed that mkhash is in the PATH. While
this was fine for the normal build workflow, this led to some issues if
make TOPDIR="$(pwd)" -C "$pkgdir" compile
was called manually. In most of the cases, I just saw warnings like this:
make: Entering directory '/home/.../package/gluon-status-page'
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
[...]
While these were only warnings and the package still compiled sucessfully,
I also observed that some package even fail to build because of this.
After applying this commit, the variable $(MKHASH) is introduced. This
variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the
correct path.
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
Includes fix for CVE-2020-24588
c7dd54a22e30 mt76: connac: skip wtbl reset on sta disconnect
3511fd430356 mt76: validate rx A-MSDU subframes
aedc3145de6e mt76: fix possible NULL pointer dereference in mt76_tx
5c2baab92cd0 mt76: mt7615: fix NULL pointer dereference in tx_prepare_skb()
af21659ee834 mt76: mt76x0: use dev_debug instead of dev_err for hw_rf_ctrl
e423c16f16f7 mt76: mt7615: free irq if mt7615_mmio_probe fails
f2d0da8da9b7 mt76: mt7663: enable hw rx header translation
d2713a5d9de9 mt76: mt7921: fix mt7921_wfsys_reset sequence
ce5f32d84f33 mt76: mt7921: Don't alter Rx path classifier
8ab8c7747197 mt76: connac: fw_own rely on all packet memory all being free
a747b0bb4956 mt76: mt7921: enable deep sleep at runtime
2e6e999509b1 mt76: mt7921: add deep sleep control to runtime-pm knob
30bcb2338ce2 mt76: connac: fix WoW with disconnetion and bitmap pattern
56518f4a126e mt76: mt7921: consider the invalid value for to_rssi
e969ab10a034 mt76: mt7921: add back connection monitor support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
From the patch series description:
Several security issues in the 802.11 implementations were found by
Mathy Vanhoef (New York University Abu Dhabi), who has published all
the details at
https://papers.mathyvanhoef.com/usenix2021.pdf
Specifically, the following CVEs were assigned:
* CVE-2020-24586 - Fragmentation cache not cleared on reconnection
* CVE-2020-24587 - Reassembling fragments encrypted under different
keys
* CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to
payload being parsed as an L2 frame under an
A-MSDU bit toggling attack
* CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender
* CVE-2020-26140 - Accepting plaintext data frames in protected
networks
* CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames
* CVE-2020-26142 - Processing fragmented frames as full frames
* CVE-2020-26143 - Accepting fragmented plaintext frames in
protected networks
* CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that
start with RFC1042 header with EAPOL ethertype
* CVE-2020-26145 - Accepting plaintext broadcast fragments as full
frames
* CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive
packet numbers
* CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments
In general, the scope of these attacks is that they may allow an
attacker to
* inject L2 frames that they can more or less control (depending on the
vulnerability and attack method) into an otherwise protected network;
* exfiltrate (some) network data under certain conditions, this is
specific to the fragmentation issues.
A subset of these issues is known to apply to the Linux IEEE 802.11
implementation (mac80211). Where it is affected, the attached patches
fix the issues, even if not all of them reference the exact CVE IDs.
In addition, driver and/or firmware updates may be necessary, as well
as potentially more fixes to mac80211, depending on how drivers are
using it.
Specifically, for Intel devices, firmware needs to be updated to the
most recently released versions (which was done without any reference
to the security issues) to address some of the vulnerabilities.
To have a single set of patches, I'm also including patches for the
ath10k and ath11k drivers here.
We currently don't have information about how other drivers are, if
at all, affected.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add support for querying and parsing SRV DNS records to nslookup_lede.c
This patch is based on http://lists.busybox.net/pipermail/busybox/2019-June/087359.html
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
[reword subject, bump PKG_RELEASE]
Signed-off-by: Paul Spooren <mail@aparcar.org>
When the list of packages to be installed in a built image exceeds a certain
number, then 'opkg install' executed for target '$(curdir)/install' in
package/Makefile fails with: /usr/bin/env: Argument list too long.
On Linux, the length of a command-line parameter is limited by
MAX_ARG_STRLEN to max 128 kB.
* https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/binfmts.h#L15
* https://www.in-ulm.de/~mascheck/various/argmax/
To solve the problem, store the package list being passed to 'opkg install'
in a temporary file and use the shell command substitution to pass the
content of the file to 'opkg install'. This guarantees that the length of
the command-line parameters passed to the bash shell is short.
The following bash script demonstrates the problem:
----------------------------------------------------------------------------
count=${1:-1000}
FILES=""
a_file="/home/egorenar/Repositories/openwrt-rel/bin/targets/alpine/generic/packages/base-files_1414-r16464+19-e887049fbb_arm_cortex-a15_neon-vfpv4.ipk"
for i in $(seq 1 $count); do
FILES="$FILES $a_file"
done
env bash -c "echo $FILES >/dev/null"
echo "$FILES" | wc -c
----------------------------------------------------------------------------
Test run:
----------------------------------------------------------------------------
$ ./test.sh 916
130989
$ ./test.sh 917
./test.sh: line 14: /bin/env: Argument list too long
131132
----------------------------------------------------------------------------
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
[reword commit subject]
Signed-off-by: Paul Spooren <mail@aparcar.org>
The allows userspace LEDs to be created and controlled. This can be useful
for testing triggers and can also be used to implement virtual LEDs.
Signed-off-by: Keith T. Garner <kgarner@kgarner.com>
[squash fixup commit and improve option wording]
Signed-off-by: Paul Spooren <mail@aparcar.org>
186af01047b2 mt76: mt7921: introduce MCU_EVENT_LP_INFO event parsing
93b5c28c97d5 mt76: mt7921: add rcu section in mt7921_mcu_tx_rate_report
a8e89c5a1d1f mt76: testmode: add support to send larger packet
a0cc9a9e3877 mt76: mt7915: rework mt7915_tm_set_tx_len()
c8b96630324e mt76: mt7915: fix rate setting of tx descriptor in testmode
22fd2958c42a mt76: mt7615: fix memleak when mt7615_unregister_device()
7401e0db3143 mt76: mt7915: fix memleak when mt7915_unregister_device()
c3656268b3f6 mt76: mt7915: only free skbs after mt7915_dma_reset() when reset happens
0ce955b04ba8 mt76: mt7615: only free skbs after mt7615_dma_reset() when reset happens
b03d1e62acf7 mt76: mt7615: use ieee80211_free_txskb() in mt7615_tx_token_put()
5ac02e22fb03 mt76: flush tx status queue on DMA reset
c71f609b398a mt76: sync with upstream changes
23ecadd4af77 mt76: mt7615: fix hardware error recovery for mt7663
57a899ee3c3c mt76: mt7615: fix entering driver-own state on mt7663
42a2dddb706b mt76: mt7615: load ROM patch before checking patch semaphore status
cf0e406af84a mt76: mt7915: add support for applying pre-calibration data
459940ccbc58 mt76: mt7921: move hw configuration in mt7921_register_device
0a094b11f3c0 mt76: improve mcu error logging
bf536832e37d mt76: mt7921: run mt7921_mcu_fw_log_2_host holding mt76 mutex
7616f4f78163 mt76: mt7921: add wifisys reset support in debugfs
e620bd881ef5 mt76: mt7921: abort uncompleted scan by wifi reset
e8dacf59ab1c mt76: mt7915: rework the flow of txpower setting
c8c78e577236 mt76: mt7915: directly read per-rate tx power from registers
1622bf4f8705 mt76: mt7921: add mt7921_dma_cleanup in mt7921_unregister_device
ef96fafad8a9 mt76: Convert to DEFINE_SHOW_ATTRIBUTE
90e4bfea2948 mt76: mt7921: do not use 0 as NULL pointer
0a139d7f5966 mt76: connac: move mcu_update_arp_filter in mt76_connac module
de26c73ce3c2 mt76: mt7921: remove leftover function declaration
1c0b6cb4f942 mt76: mt7921: fix a race between mt7921_mcu_drv_pmctrl and mt7921_mcu_fw_pmctrl
2923e3e2b8e4 mt76: mt7663: fix a race between mt7615_mcu_drv_pmctrl and mt7615_mcu_fw_pmctrl
74d0fdaa7a99 mt76: connac: introduce wake counter for fw_pmctrl synchronization
28c87e09a5ea mt76: mt7921: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx path
36f664edc7db mt76: mt7663: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx path
51b3d1a9a2b7 mt76: dma: add the capability to define a custom rx napi poll routine
4f1339c9fb72 mt76: mt7921: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx/rx napi
1bc5e67a60be mt76: mt7663: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx/rx napi
325f7b451c03 mt76: connac: unschedule ps_work in mt76_connac_pm_wake
12115052a02f mt76: connac: check wake refcount in mcu_fw_pmctrl
e5d28e3cef66 mt76: connac: remove MT76_STATE_PM in mac_tx_free
475112a3cdcc mt76: mt7921: get rid of useless MT76_STATE_PM in mt7921_mac_work
112998f32d85 mt76: connac: alaways wake the device before scanning
4334f3e2fc43 mt76: mt7615: rely on pm refcounting in mt7615_led_set_config
0562380659ad mt76: connac: do not run mt76_txq_schedule_all directly
acfa78df5708 mt76: connac: use waitqueue for runtime-pm
ca74a4cd0722 mt76: remove MT76_STATE_PM in tx path
0c2d3e74852e mt76: mt7921: add awake and doze time accounting
45e0eefffe9f mt76: mt7921: enable sw interrupts
fd2ff641166f mt76: mt7615: Fix a dereference of pointer sta before it is null checked
7e2521468767 mt76: mt7921: move mt7921_dma_reset in dma.c
c9dd6b1fa171 mt76: mt7921: introduce mt7921_wpdma_reset utility routine
2ac7c7e9c568 mt76: mt7921: introduce mt7921_dma_{enable,disable} utilities
662a89f2b9d1 mt76: mt7921: introduce mt7921_wpdma_reinit_cond utility routine
614efe9e9180 mt76: connac: introduce mt76_connac_mcu_set_deep_sleep utility
0dbb16ef39d8 mt76: mt7921: enable deep sleep when the device suspends
3c19f569cc70 mt76: mt7921: fix possible invalid register access
ade1f5aad4c6 mt76: move token_lock, token and token_count in mt76_dev
8d5c456be1ff mt76: move token utilities in mt76 common module
fb04d9df5e52 mt76: mt7915: do not read rf value from efuse in flash mode
2126b2176336 mt76: mt7921: get rid of mcu_reset function pointer
d325b7eff1b1 mt76: mt7921: improve doze opportunity
2ae25c7e547e mt76: mt7663: add awake and doze time accounting
349bbb9d6f13 mt76: connac: unschedule mac_work before going to sleep
98a235004dea mt76: mt7921: mt7921_stop should put device in fw_own state
63d80b9ab251 mt76: mt7921: introduce mt7921_mcu_sta_add routine
3c5bf837fdbd mt76: mt7615: fix a precision vs width bug in printk
ded14da5eacc mt76: mt7915: fix a precision vs width bug in printk
aaf0d254f9ea mt76: mt7921: fix a precision vs width bug in printk
757af5c67d32 mt76: move mt76_token_init in mt76_alloc_device
ed41ed73a495 mt76: mt7921: reinit wpdma during drv_own if necessary
92fb81e085c6 mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
53d915a23bc9 mt76: connac: do not schedule wake_work if the runtime-pm is disabled
23fe1bdcf15a mt76: connac: do not schedule mac_work if the device is not running
e5b19336c58e mt76: mt7615: do not set MT76_STATE_PM at bootstrap
0fc2136a61dd mt76_connac_mcu: move mt76_connac_mcu_update_arp_filter outside of CONFIG_PM
e693f3e23e06 mt76: mt7915: add MSI support
5231e7300fa4 mt7915: disable ASPM
554b50dabf54 mt76: connac: fix uninitialized HT A-MPDU setting field in STA_REC_PHY
43b9c0a838bb mt76: mt7921: fix max aggregation subframes setting
5a387a0a3004 mt76: mt7921: enable rx hw de-amsdu
c8cbcb87be07 mt76: connac: add missing configuration in mt76_connac_mcu_wtbl_hdr_trans_tlv
55921e57b380 mt76: mt7921: enable rx header traslation offload
01441f67d8b2 mt76: mt7921: enable rx csum offload
c9ab76dd93a0 mt76: mt7915: move mt7915_queue_rx_skb to mac.c
caedb4c4ee41 mt76: mt7615: fix fixed-rate tx status reporting
c6ae95d43e6d mt76: improve tx status codepath
27d468d094e6 mt76: mt7915: rework tx rate reporting
3b4ca5b09e2c mt76: mt7615: avoid use of ieee80211_tx_info_clear_status
e1f07d7f1cb9 mt76: mt7603: avoid use of ieee80211_tx_info_clear_status
18513ba5fbc2 mt76: mt7915: add support for tx status reporting
35f189cf81b2 mt76: mt7915: fix uninitialized variable in MSI error handling
9e928ac1ea9b mt76: dma: use ieee80211_tx_status_ext to free packets when tx fails
628eee9c386c mt76: fill queue entry wcid for all skbs with a station
a9bc4d94b7a1 mt76: intialize tx queue entry wcid to 0xffff by default
998ca8af7d17 mt76: mt7915: fix tssi indication field of DBDC NICs
7dd24b3cfacf mt76: mt7915: fix a signedness bug in mt7915_mcu_apply_tx_dpd()
535025d65d8d mt76: mt7915: cleanup mt7915_mcu_sta_rate_ctrl_tlv()
ff8bbe22dd87 mt76: mt7915: add .set_bitrate_mask() callback
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The previous commit bumped the source commit level without reflecting
that in PKG_SOURCE_DATA. Bump PKG_SOURCE_DATA as well.
Fixes: 97e820c6d6 ("rpcd: update to latest HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The ZyXEL NR7101 is an 802.3at PoE powered 5G outdoor (IP68) CPE
with integrated directional 5G/LTE antennas.
Specifications:
- SoC: MediaTek MT7621AT
- RAM: 256 MB
- Flash: 128 MB MB NAND (MX30LF1G18AC)
- WiFi: MediaTek MT7603E
- Switch: 1 LAN port (Gigabiti)
- 5G/LTE: Quectel RG502Q-EA connected by USB3 to SoC
- SIM: 2 micro-SIM slots under transparent cover
- Buttons: Reset, WLAN under same cover
- LEDs: Multicolour green/red/yellow under same cover (visible)
- Power: 802.3at PoE via LAN port
The device is built as an outdoor ethernet to 5G/LTE bridge or
router. The Wifi interface is intended for installation and/or
temporary management purposes only.
UART Serial:
57600N1
Located on populated 5 pin header J5:
[o] GND
[ ] key - no pin
[o] RX
[o] TX
[o] 3.3V Vcc
Remove the SIM/button/LED cover, the WLAN button and 12 screws
holding the back plate and antenna cover together. The GPS antenna
is fixed to the cover, so be careful with the cable. Remove 4
screws fixing the antenna board to the main board, again being
careful with the cables.
A bluetooth TTL adapter is recommended for permanent console
access, to keep the router water and dustproof. The 3.3V pin is
able to power such an adapter.
MAC addresses:
OpenWrt OEM Address Found as
lan eth2 08:26:97:*:*:BC Factory 0xe000 (hex), label
wlan0 ra0 08:26:97:*:*:BD Factory 0x4 (hex)
wwan0 usb0 random
WARNING!!
ISP managed firmware might at any time update itself to a version
where all known workarounds have been disabled. Never boot an ISP
managed firmware with a SIM in any of the slots if you intend to use
the router with OpenWrt. The bootloader lock can only be disabled with
root access to running firmware. The flash chip is physically
inaccessible without soldering.
Installation from OEM web GUI:
- Log in as "supervisor" on https://172.17.1.1/
- Upload OpenWrt initramfs-recovery.bin image on the
Maintenance -> Firmware page
- Wait for OpenWrt to boot and ssh to root@192.168.1.1
- (optional) Copy OpenWrt to the recovery partition. See below
- Sysupgrade to the OpenWrt sysupgrade image and reboot
Installation from OEM ssh:
- Log in as "root" on 172.17.1.1 port 22022
- scp OpenWrt initramfs-recovery.bin image to 172.17.1.1:/tmp
- Prepare bootloader config by running:
nvram setro uboot DebugFlag 0x1
nvram setro uboot CheckBypass 0
nvram commit
- Run "mtd_write -w write initramfs-recovery.bin Kernel" and reboot
- Wait for OpenWrt to boot and ssh to root@192.168.1.1
- (optional) Copy OpenWrt to the recovery partition. See below
- Sysupgrade to the OpenWrt sysupgrade image and reboot
Copying OpenWrt to the recovery partition:
- Verify that you are running a working OpenWrt recovery image
from flash
- ssh to root@192.168.1.1 and run:
fw_setenv CheckBypass 0
mtd -r erase Kernel2
- Wait while the bootloader mirrors Image1 to Image2
NOTE: This should only be done after successfully booting the OpenWrt
recovery image from the primary partition during installation. Do
not do this after having sysupgraded OpenWrt! Reinstalling the
recovery image on normal upgrades is not required or recommended.
Installation from Z-Loader:
- Halt boot by pressing Escape on console
- Set up a tftp server to serve the OpenWrt initramfs-recovery.bin
image at 10.10.10.3
- Type "ATNR 1,initramfs-recovery.bin" at the "ZLB>" prompt
- Wait for OpenWrt to boot and ssh to root@192.168.1.1
- Sysupgrade to the OpenWrt sysupgrade image
NOTE: ATNR will write the recovery image to both primary and recovery
partitions in one go.
Booting from RAM:
- Halt boot by pressing Escape on console
- Type "ATGU" at the "ZLB>" prompt to enter the U-Boot menu
- Press "4" to select "4: Entr boot command line interface."
- Set up a tftp server to serve the OpenWrt initramfs-recovery.bin
image at 10.10.10.3
- Load it using "tftpboot 0x88000000 initramfs-recovery.bin"
- Boot with "bootm 0x8800017C" to skip the 380 (0x17C) bytes ZyXEL
header
This method can also be used to RAM boot OEM firmware. The warning
regarding OEM applies! Never boot an unknown OEM firmware, or any OEM
firmware with a SIM in any slot.
NOTE: U-Boot configuration is incomplete (on some devices?). You may
have to configure a working mac address before running tftp using
"setenv eth0addr <mac>"
Unlocking the bootloader:
If you are unebale to halt boot, then the bootloader is locked.
The OEM firmware locks the bootloader on every boot by setting
DebugFlag to 0. Setting it to 1 is therefore only temporary
when OEM firmware is installed.
- Run "nvram setro uboot DebugFlag 0x1; nvram commit" in OEM firmware
- Run "fw_setenv DebugFlag 0x1" in OpenWrt
NOTE:
OpenWrt does this automatically on first boot if necessary
NOTE2:
Setting the flag to 0x1 avoids the reset to 0 in known OEM
versions, but this might change.
WARNING:
Writing anything to flash while the bootloader is locked is
considered extremely risky. Errors might cause a permanent
brick!
Enabling management access from LAN:
Temporary workaround to allow installing OpenWrt if OEM firmware
has disabled LAN management:
- Connect to console
- Log in as "root"
- Run "iptables -I INPUT -i br0 -j ACCEPT"
Notes on the OEM/bootloader dual partition scheme
The dual partition scheme on this device uses Image2 as a recovery
image only. The device will always boot from Image1, but the
bootloader might copy Image2 to Image1 under specific conditions. This
scheme prevents repurposing of the space occupied by Image2 in any
useful way.
Validation of primary and recovery images is controlled by the
variables CheckBypass, Image1Stable, and Image1Try.
The bootloader sets CheckBypass to 0 and reboots if Image1 fails
validation.
If CheckBypass is 0 and Image1 is invalid then Image2 is copied to
Image1.
If CheckBypass is 0 and Image2 is invalid, then Image1 is copied to
Image2.
If CheckBypass is 1 then all tests are skipped and Image1 is booted
unconditionally. CheckBypass is set to 1 after each successful
validation of Image1.
Image1Try is incremented if Image1Stable is 0, and Image2 is copied to
Image1 if Image1Try is 3 or larger. But the bootloader only tests
Image1Try if CheckBypass is 0, which is impossible unless the booted
image sets it to 0 before failing.
The system is therefore not resilient against runtime errors like
failure to mount the rootfs, unless the kernel image sets CheckBypass
to 0 before failing. This is not yet implemented in OpenWrt.
Setting Image1Stable to 1 prevents the bootloader from updating
Image1Try on every boot, saving unnecessary writes to the environment
partition.
Keeping an OpenWrt initramfs recovery as Image2 is recommended
primarily to avoid unwanted OEM firmware boots on failure. Ref the
warning above. It enables console-less recovery in case of some
failures to boot from Image1.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Add support for pstore/ramoops now that DRAM content is preserved
over reboot on MT7622. On each boot, check pstore and boot to recovery
image in case there are records stored in it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Most notably this enabled use of pstore/ramoops on MT7622 as DRAM
content is now preserved over reboot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
With some debug in qmi.sh using following patch, some errors are visible
in the registration step
@@ -29,6 +29,7 @@ proto_qmi_init_config() {
}
proto_qmi_setup() {
+ set -x
local interface="$1"
local dataformat connstat plmn_mode mcc mnc
local device apn auth username password pincode delay modes pdptype
@@ -224,6 +225,8 @@ proto_qmi_setup() {
fi
done
+ registration=$(uqmi -s -d "$device" --get-serving-system)
+
[ -n "$modes" ] && uqmi -s -d "$device" --set-network-modes "$modes" > /dev/null 2>&1
echo "Starting network $interface"
During the boot of the system, modem could not start automatically its
network registration.
netifd: wan (9235): + echo 'Waiting for network registration'
netifd: wan (9235): Waiting for network registration
netifd: wan (9235): + local 'registration_timeout=0'
netifd: wan (9235): + uqmi -s -d /dev/cdc-wdm1 --get-serving-system
netifd: wan (9235): + grep '"searching"'
netifd: wan (9235): + uqmi -s -d /dev/cdc-wdm1 --get-serving-system
netifd: wan (9235): + registration='{"registration":"not_registered","plmn_mcc":208,"plmn_mnc":20,"plmn_description":"","roaming":true}'
netifd: wan (9235): + '[' -n ]
netifd: wan (9235): + echo 'Starting network wan'
As the while loop checks only "searching" pattern, uqmi.sh script quits
searching loop and continues whereas the modem is not registered
Other issue, after X seconds modem stops searching.
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + grep '"searching"'
netifd: wan (9213): + '[' -e /dev/cdc-wdm0 ]
netifd: wan (9213): + '[' 3 -lt 0 -o 0 '=' 0 ]
netifd: wan (9213): + let registration_timeout++
netifd: wan (9213): + sleep 1
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + grep '"searching"'
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + registration='{"registration":"not_registered"}'
netifd: wan (9213): + '[' -n ]
netifd: wan (9213): + echo 'Starting network wan'
netifd: wan (9213): Starting network wan
If registration_timeout is not expired, registration can be restarted
Signed-off-by: Thomas Richard <thomas.richard@kontron.com>
Tested-by: Florian Eckert <fe@dev.tdt.de>
The previous commit increased the U-Boot environment size of the
UniFi 6 LR to 0x4000. Also change it uboot-envtools accordingly.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
mtd erase needs to be aligned with erase blocks. Use padded image size
for erasing the production volume.
As the environment grew above the current size of 0x1000 bytes by
introducing the new padding function, increase the env size to 0x4000.
While at it, clean up reset button function to work to more reliable on
that board.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Users of devices with large block storage may choose to have an LVM
partition on the same device which is used for booting OpenWrt.
The presents a problem during sysupgrade as the root device is then
still busy and changing partitions will not work as desired,
leading to data corruption in case the newly flashed image is larger
than the currently installed one.
Having loop devices setup causes similar havoc.
Make sure all volume groups are offline and all loop devices have been
released before sysupgrade.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fixes issue with merged DNS requests in 2.83/2.84 not being
retried on the firsts failed request causing lookup failures.
Also fixes the following security problem in dnsmasq:
* CVE-2021-3448:
If specifiying the source address or interface to be used
when contacting upstream name servers such as:
server=8.8.8.8@1.2.3.4, server=8.8.8.8@1.2.3.4#66 and
server=8.8.8.8@eth0 then all would use the same socket
bound to the explicitly configured port. Now only
server=8.8.8.8@1.2.3.4#66 will use the explicitly
configured port and the others random source ports.
Remove upstreamed patches and update remaining patch.
Signed-off-by: Alan Swanson <reiver@improbability.net>
[refreshed old runtime support patch]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This package depends on the lantiq target and is only build for that
target. A normal package would be build by the SDK builder probably
under a different target and then this package will not be selected.
Mark it as nonshared to build it when the lantiq target gets build.
Fixes: FS#3773, FS#3774
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This backports a fix for the low priority CVE-2021-28831:
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit
on the huft_build result pointer, with a resultant invalid free or
segmentation fault, via malformed gzip data.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
QLCNIC_HWMON was activated when hwmon was set, but the dependency was
missing. This broke the build bot builds. Fix this by explicitly
activating HWMON support and adding a dependency.
Fixes: f88c64d28c ("kernel: netdev: add qlcnic")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This kmod is similar to macvlan with the difference being that the
endpoints have the same mac address.
It is useful on cloud where only one mac address allowed on port,
where macvlan not works but ipvlan would.
One use case is where multiple IPs and gateways assign on one net port
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
This commit adds support for the MikroTik SXTsq 5 ac (RBSXTsqG-5acD),
an outdoor 802.11ac wireless CPE with one 10/100/1000 Mbps Ethernet
port.
Specifications:
- SoC: Qualcomm Atheros IPQ4018
- RAM: 256 MB
- Storage: 16 MB NOR
- Wireless: IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 16 dBi antennae
- Ethernet: IPQ4018 (SoC) 1x 10/100/1000 port, 10-28 Vdc PoE in
- 1x Ethernet LED (green)
- 7x user-controllable LEDs
· 1x power (blue)
· 1x user (green)
· 5x rssi (green)
Note:
Serial UART is probably available on the board, but it has not been
tested.
Flashing:
Boot via TFTP the initramfs image. Then, upload a sysupgrade image
via SSH and flash it normally. More info at the "Common procedures
for MikroTik products" page https://openwrt.org/toh/mikrotik/common.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Erase firmware ereas before writing to recovery or production partition
when updating them via the bootloader menu.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The Ubiquiti Networks UniFi 6 LR access point comes with a total of
512 MB RAM provided by 2x 8-bit DDR3 SDRAM. This combination lead to
problems with the DDR calibration on boot resulting in occasional hang
on boot. Use updated calibration binary provided by MediaTek to make
boot on that device more reliable.
The binary has also been tested on the BananaPi BPi-R64 board and that
also works just fine with the new binary.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Missing braces in a macro were leading to badly working rates sometimes
getting a success probabilty of 1.0
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When running multiple instances of dnsmasq, for example one being for the lan
and another for a guest network, it might not be desirable to have the same dns names
configured in both networks
Signed-off-by: João Henriques <joaoh88@gmail.com>
9df230a Zero checksum handling (#25)
7688102 skip generating a UDP4 csum if the UDP6 csum is 0 and zero_csum_pass is set
4a9e4b1 zero csum: avoid calling the checksum adjustment function if udp csum is zero
2de14c5 add a module argument to skip checksum adjust for UDP if checksum is zero
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Update to the latest stable upstream version.
Drop unneeded make variables to remove redundant assignments seen during
invocation of package Makefile.
Also remove the following patch now included upstream:
* 200-fix-install-param-order-on-macos.patch
Compile and run-tested on malta/mips32be, using bpftool directly and also
libbpf (linked with tc) to inspect and load simple eBPF programs.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Rename feature variable clang-bpf-global-var following upstream changes.
This restores the HAVE_CLANG feature override and should avoid rare build
errors where a recent host clang and BTF-enabled host kernel are present.
Fixes: 23be333401 ("bpftools: update to 5.10.10")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Skip building Makefile targets that aren't packaged: tipc, dcb, ifstat,
rtacct, lnstat, and man. Also, only compile targets needed for the current
build variant i.e. don't compile 'tc' when building an 'ip' variant and
vice versa.
These changes reduce typical build times by over 30%:
$ make package/iproute2/clean && time make -j8 package/iproute2/compile
(old)
...
real 2m24.985s
user 3m12.537s
sys 0m26.677s
(new)
...
real 1m36.945s
user 2m8.734s
sys 0m20.046s
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Update the uboot-rockchip to the latest upstream release.
Remove upstreamed patches.
Tested-on: FriendlyElec NanoPi R2S
Signed-off-by: David Bauer <mail@david-bauer.net>
Select kmod-backlight as dependency for kmod-drm in case kmod-backlight
is compiled.
This fixes kernel 5.10 build issues on x86-geode with all kmods
enabled:
Package kmod-drm is missing dependencies for the following libraries:
backlight.ko
Signed-off-by: David Bauer <mail@david-bauer.net>
CONFIG_MDIO_OF depends on CONFIG_OF which is not enabled for x86.
Fixes builds of x86 with Kernel 5.10 due to unresolved dependencies.
Signed-off-by: David Bauer <mail@david-bauer.net>
The Buffalo Linkstation LS421DE NAS lacks an uboot env config file.
Create it via scripts.
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
As the name suggests, act_gact has the generic actions such as dropping
and accepting packets, so move it into kmod-sched-core.
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
Add firmware and board file for Qualcomm Atheros QCA9377 802.11ac Wireless
Network Adapter (rev 31) recognized as [168c:0042].
This card supports standard 1x1 802.11ac Wave2, BT5, and MU-MIMO.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
With the old ubus dsl API, the numbers for the individual line_states and
power_states were also returned. These were not ported to the new DSL
C-API. This commit adds the missing information.
For this the internal values are mapped to numbers.
* additional JSON output for state_num:
"state_num": <map_state_number>
Since not all values are meaningful only the following values are
implemented, this can be extended if the future.
* LSTATE_MAP_NOT_INITIALIZED
* LSTATE_MAP_EXCEPTION
* LSTATE_MAP_IDLE
* LSTATE_MAP_SILENT
* LSTATE_MAP_HANDSHAKE
* LSTATE_MAP_FULL_INIT
* LSTATE_MAP_SHOWTIME_NO_SYNC
* LSTATE_MAP_SHOWTIME_TC_SYNC
* LSTATE_MAP_RESYNC
* additinal JSON output for power_level:
"power_state_num": <map_power_satte_number>,
Since there are not so many here, all are mapped.
* PSTATE_MAP_NA,
* PSTATE_MAP_L0,
* PSTATE_MAP_L1,
* PSTATE_MAP_L2,
* PSTATE_MAP_L3,
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
v6:
Add state LSTATE_MAP_NOT_INITILIZED at the beginning of the list
Start the list LSTATE_MAP with -1
Reviewed-by: Andre Heider <a.heider@gmail.com>
Placeholder DHCP user scripts were added recently.
These files make package-based installations of such scripts more difficult.
Pull user callbacks from directories instead to allow packages and users to
install co-existing scripts more easily.
References:
b4f3d93b5 odhcp6c: add a odhcp6c.user placeholder script
Signed-off-by: Leon M. George <leon@georgemail.eu>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Placeholder DHCP user scripts were added recently.
These files make package-based installations of such scripts more difficult.
Pull user callbacks from directories instead to allow packages and users to
install co-existing scripts more easily.
References:
130118f7a netifd: add a udhcpc.user placeholder script
Signed-off-by: Leon M. George <leon@georgemail.eu>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
CRYPTO_DEV_CCP depends on X86 or ARM64
CRYPTO_DEV_CCP_DD depends on CPU_SUP_AMD or ARM64
Compiling this driver makes sense for x86 mainly. If one day support for
ARM64 board with AMD Secure Processor gets added this package may be
updated.
Trying to build this package on bcm4908 was causing:
ERROR: module 'build_dir/target-aarch64_cortex-a53_musl/linux-bcm4908_generic/linux-5.4.110/drivers/crypto/ccp/ccp-crypto.ko' is missing.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
For linux 5.10, kmod-ltq-deu need to be migrated to the new crypto
API/framework.
Leave it in tree for now and enable it only for Kernel 5.4. Maybe
someone picks up the work to migrate the package.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The callback handling of the tasklet API was redesigned and the macros
using the old syntax renamed to _OLD.
The stuck queue is now passed to ndo_tx_timeout callback but not used so
far.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Due to SCHED_FIFO being a broken scheduler model, all users of
sched_setscheduler() are converted to sched_set_fifo_low() upstream and
sched_setscheduler() is no longer exported.
The callback handling of the tasklet API was redesigned and the macros
using the old syntax renamed to _OLD.
Signed-off-by: Mathias Kresin <dev@kresin.me>
ltq tapi
ioremap has provided non-cached semantics by default since the Linux 2.6
days and was removed with kernel version 5.6.
Signed-off-by: Mathias Kresin <dev@kresin.me>
CPU: Allwinner V40 quad-core Cortex A7 @ 1.2GHz
Memory: 1GB DDR3
Storage: SDcard, native SATA
Network: 10/100/1000M ethernet, Ampak AP6212 wifi + BT
USB: 4x USB 2.0
Installation:
Use the standard sunxi installation to an SD-card.
While the board is very similar to the M2 Ultra board
(the V40 is the automotive version of the R40), as both
the u-boot and kernel supports them separately, and some
pins are different, let's add a separate device spec.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* check image checksums before writing to flash
* only bootmenu_0...9 are working, remove bootmenu_a entry
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
In preparation for H6 support (which requires a separate ATF blob), add
an envvar to the A64 boards specifying which ATF blob to use.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
valgrind does not compile any more when using a GCC 10 for MIPS with
soft float. Just remove the parts which are generating assembler which
would not work.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Default to U-Boot env in UBI if root device is not mmc block device.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
Some of bpi-r64 boards have serial NAND attached to SPI bus.
Build U-Boot for booting from SPI-NAND.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
Use generic functions to get env partition.
Fixes: 7043e4334f ("mediatek: mt7622: improve sysupgrade on MMC")
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
The can-dev.ko kernel module was moved in kernel 5.4.110 and 5.10.28.
Fixes: a1311df95587 ("kernel: bump 5.10 to 5.10.28")
Fixes: b0a34e886d ("kernel: bump 5.4 to 5.4.110")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due
to changes on libraries used by umdns now using slightly different
calls.
Found using
/etc/init.d/umdns trace
now use umdns, ie. cover all ubus call etc., then
/etc/init.d/umdns stop
find list of syscalls traced in /tmp/umdns.*.json
Fixes: FS#3355 ("UMDNS: does not start on master with seccomp")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Without 'BUILD_DEVICES' defined, the U-Boot related package won't be
automatically selected when building for Toradex Apalis device.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
These devices never got officially supported in the tree thus it doesn't
make much sense to waste our infrastructure resources and keep building
dedicated U-Boot images for them.
CC: Petr Štetiar <ynezz@true.cz>
CC: Luka Perkov <luka.perkov@sartura.hr>
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
Add settings for fw_printenv/fw_setenv for the Ubiquiti UniFi 6 LR
when running OpenWrt's version of U-Boot. The settings should work
equally with the unmodified version, but that has not yet been
tested.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add U-Boot build for the Ubiquiti Networks UniFi 6 LR access point.
This allows updating the bootchain to modern ARM Trusted Firmware 2.4
and U-Boot 2021.04 while keeping as much of the existing flash layout
as possible (u-boot-env, factory and eeprom partitions are retained),
gaining robust recovery vs. production dual-boot mechanism.
Add info for the Winbond W25Q512JV SPI NOR flash used in the device
and wait for GPIOs to settle after reset before checking for reset
button.
I2C connected LED controller is not supported yet.
Writing large amounts of data to SPI flash currently doesn't work due
to watchdog timeout causing reset before data write completes.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use bl3 size of 0xa0000 instead of 0x80000 in NOR flash.
This results in bl3 ending at 0xc0000 which is where the legacy
bootchain typically puts U-Boot environment.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
bcm4908img is a tool managing BCM4908 platform images. It's used for
creating them as well as checking, modifying and extracting data from.
It's required by both: host (for building firmware images) and target
(for sysupgrade purposes). Make it a host/target package.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Now that we can create an alternate configuration file, add two
wrapper scripts for simple access to it using the alternate
alternate application names `fw_printsys' and `fw_setsys'.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Most (all?) of the realtek devices have two u-boot config partitions
with a different set of variables in each. The U-Boot shell provides
two sets of apps to manipulate these:
printenv- print environment variables
printsys- printsys - print system information variables
saveenv - save environment variables to persistent storage
savesys - savesys - save system information variables to persistent storage
setenv - set environment variables
setsys - setsys - set system information variables
Add support for multiple ubootenv configuration types, allowing
more than one configuration file.
Section names are not suitable for naming the different
configurations since each file can be the result of multiple sections
in case of backup partitions.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Now that libcap is in OpenWrt base, we can drop our custom patch to
disable libcap support and have lldpd depend on it instead. This will
allow the monitor process to drop its privileges instead of running as
root, improving security.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Having libcap in OpenWrt base allows us to enable libcap support in
other packages in base.
In lldpd, this would allow the monitor process to drop its privileges
instead of running as root, improving security. It will also allow us to
drop our patch to disable libcap.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds support for the MikroTik RouterBOARD RBD52G-5HacD2HnD-TC
(hAP ac²), a indoor dual band, dual-radio 802.11ac
wireless AP with integrated omnidirectional antennae, USB port and five
10/100/1000 Mbps Ethernet ports.
See https://mikrotik.com/product/hap_ac2 for more info.
Specifications:
- SoC: Qualcomm Atheros IPQ4018
- RAM: 128 MB
- Storage: 16 MB NOR
- Wireless:
· Built-in IPQ4018 (SoC) 802.11b/g/n 2x2:2, 2.5 dBi antennae
· Built-in IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 2.5 dBi antennae
- Ethernet: Built-in IPQ4018 (SoC, QCA8075) , 5x 1000/100/10 port,
passive PoE in
- 1x USB Type A port
Installation:
Boot the initramfs image via TFTP and then flash the sysupgrade
image using "sysupgrade -n"
Signed-off-by: Robert Marko <robimarko@gmail.com>
Now that sdcard.gz image contains everything needed to boot straight
into production image, no longer force booting into recovery image on
first boot by removing the logic which implemented that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
f8899b9 netifd: bridge: set default value for igmp_snoop
327da98 netifd: add possibility to switch off route config
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Airtime policy configuration is extremely useful in multiple BSS scenarios.
Since nowadays most people configure both private and guest networks (at
least), it makes sense to enable it by default, except for the most limited
of the variants.
Size of the hostapd-basic-openssl binary (mipsel 24Kc -O2):
543944 bytes (airtime policy disabled)
548040 bytes (airtime policy enabled)
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Acked-by: Daniel Golle <daniel@makrotopia.org>
Since KERNEL_SWAP is only enabled by default for !SMALL_FLASH targets, we need
to check if the current kernel supports swap before trying to configure
zram-swap, as opkg can't check for kernel dependencies.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Switch to Actual Net Data Rate (ACTNDR) for speed reporting on lantiq VDSL modems
Refer to ITU-T G.997.1 chapter 7.5.2.8
Independent whether retransmission is used or not in a given transmit direction:
- In L0 state, this parameter reports the Net Data Rate (as specified in G.992.3, G.992.5 or G.993.2) at which the bearer channel is operating.
- In L2 state, the parameter contains the Net Data Rate (as specified in G.992.3, G.992.5 or G.993.2) in the previous L0 state.
Signed-off-by: Jeroen Peelaerts <jeroen.peelaerts@gmail.com>
Reviewed-by: Andre Heider <a.heider@gmail.com>
This commit adds monitoring for a couple of DSL line features that are
present in the lantiq firmware blobs.
* G.INP ON/OFF
* Trellis encoding ON/OFF
* Virtaul Noise ON/OFF
* Bitswap ON/OFF
Difference in size for ltq-vdsl-app = 1k
Difference in size for kmod-ltq-vdsl-vr9 < 1k
Reviewed-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Jeroen Peelaerts <jeroen.peelaerts@gmail.com>
If service() is called w/o parameter then the status display for services
with multiple instances is incorrect. E.g. samba4 or wpad have 2 instances.
root@OpenWrt:~# /etc/init.d/samba4 status
running
root@OpenWrt:~# /etc/init.d/wpad status
running
Before change:
/etc/init.d/samba4 enabled stopped
/etc/init.d/wpad enabled stopped
After change:
/etc/init.d/samba4 enabled running
/etc/init.d/wpad enabled running
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Upstream iproute2 detects libbpf using a one-line $CC test-compile, which
normally ignores LDFLAGS. With NLS enabled however, LDFLAGS includes an
"rpath-link" linker option needed to resolve libintl.so. Its absence
causes both the compile and libbpf detection to fail:
ld: warning: libintl.so.8, needed by libbpf.so, not found (try using
-rpath or -rpath-link)
ld: libelf.so.1: undefined reference to `libintl_dgettext'
collect2: error: ld returned 1 exit status
Fix this by directly including $LDFLAGS in the test-compile command.
Reported-by: Ian Cooper <iancooper@hotmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The libbfd package definition uses $(ICONV_DEPENDS) and $(INTL_DEPENDS)
but links against neither, leading to libbfd detection failures in other
packages (e.g. bpftools) and on-target relocation problems with libintl.so:
root@OpenWrt:/# ldd /usr/lib/libbfd.so
ldd (0x77db6000)
libc.so => ldd (0x77db6000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77c6d000)
Error relocating /usr/lib/libbfd.so: libintl_dgettext: symbol not found
Add NLS-conditional linking of "libintl" to fix this. Also remove libbfd
package dependency $(ICONV_DEPENDS) which is not used during building or
linking.
Tested with QEMU on malta/be32, after building all packages from binutils,
bpftools and iproute2, using different libc options musl and glibc.
Fixes: 08e8175696 ("binutils: use nls.mk to fix libbfd link errors in
other packages")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
There is no direct linking of libintl from bpftools, only secondary linking
through libelf, so remove "-lintl" from TARGET_LDFLAGS.
Fixes: 5582fbd613 ("bpftools: support NLS, fix ppc build and update to 5.8.9")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
973cc6c compiler: actually expand block scope fix to for/while alt syntax
97bf297 compiler: ensure that alternative if/for/while syntax has own block scope
f0e2a64 tests: add missing test case for fixed switch codegen
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Introduce cmdline_get_var() to /lib/function.sh and make use of it in
export_rootdev() in /lib/upgrade/common.sh, making the code more
simple and removing one level of indentation.
Introduce get_partition_by_name() to /lib/upgrade/common.sh which is
useful on non-EFI GPT platforms like mt7622.
Remove some dead-code while at it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
a4355a6 firewall3: clean up the flow table detection logic
edd0dc5 firewall3: create a common helper to find strings in files
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The terminfo is required by the popular terminal multiplexer screen and
tmux, offer it by default as the size impact is minimal with 885 Bytes.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The terminfo files were all in one row which is terrible to read.
Split them over multiple lines to improve readability.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This includes several improvements and fixes:
61db17e rules: fix device and chain usage for DSCP/MARK targets
7b844f4 zone: avoid duplicates in devices list
c2c72c6 firewall3: remove last remaining sprintf()
12f6f14 iptables: fix serializing multiple weekdays
00f27ab firewall3: fix duplicate defaults section detection
e8f2d8f ipsets: allow blank/commented lines with loadfile
8c2f9fa fw3: zones: limit zone names to 11 bytes
78d52a2 options: fix parsing of boolean attributes
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
This version fixes 2 security vulnerabilities, among other changes:
- CVE-2021-3450: problem with verifying a certificate chain when using
the X509_V_FLAG_X509_STRICT flag.
- CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously
crafted renegotiation ClientHello message from a client.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Building with MIPS16 was disabled in 2013 due to an issue with GCC TLS:
https://dev.archive.openwrt.org/ticket/13572. But after the problematic
GCC version was retired, this change wasn't revisited.
Re-enable MIPS16 builds to reduce average elfutils library sizes ~10%.
This was compile-tested on malta/mips32be and malta/mips32le, and linked
with iproute2 for run-testing. Package sizes follow:
Library MIPS16:=0 MIPS16:=1
------- --------- ---------
libelf1 43217 37492
libasm1 12481 11658
libdw1 229723 205793
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
NXP 74HC153 is a GPIO expander. Its original source cide sits in ar71xx
architecture tree. It has been slightly modified to get GPIO pin
configuration from the device tree rather than a MACH file.
Changes to the source file:
- Remove struct nxp_74hc153_config
- in nxp_74hc153_probe(), fetch GPIO configuration from device tree
- allow GPIO framework decide the base number by passing -1 to it
- remove support for kernel versions below 4.5.0
- add OF device compatibility string
Create a package for inclusion in image.
References: https://lore.kernel.org/linux-gpio/545111184.50061.1615922388276@ichabod.co-bxl/
Signed-off-by: Mauri Sandberg <sandberg@mailfence.com>
[added link to driver usptreaming work in progress]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Moved to packages repo because it was considered
non-essential for most router configurations.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
[shorten commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Instead of doing uci commit and reload_config for each setting do it
only once when one of these options was changed. This should make it a
little faster when both conditions are taken.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Without this change the config is only committed, but the uhttpd daemon
is not reloaded. This reload is needed to apply the config. Without the
reload of uhttpd, the ubus server is not available over http and returns
a Error 404.
This caused problems when installing luci on the snapshots and
accessing it without reloading uhttpd.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Dependency tracking for kmod-sound-hda-core is fragile. Enabling some sound
codecs (Realtek, Conexant, Sigmatel) implicitly adds a kmod-ledtrig-audio
dependency, while an enabled kmod-ledtrig-audio can be picked up through
enabling others (e.g. kmod-sound-hda-intel), and the behaviour can change
across kernel versions.
As kmod-ledtrig-audio is under 2KB, make it an unconditional dependency.
Fixes: a374b8f190 ("kernel: 5.10: update sound modules")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
When $(FPIC) gets expanded on the command line (for instance
when setting environment variables for libtool, configure, or
make) we can't count on it not needing quoting (i.e. it could
contain multiple flags separated with spaces).
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Now that ujail supports seccomp also on Aarch64, add missing syscall
'fstat' to the list of allowed syscalls.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Enable seccomp features on Aarch64.
3e88c6f jail/seccomp: add support for aarch64
c23d8bf trace: fix build on aarch64
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
With kernel 5.10, exfat is out of staging and in tree.
Added small hack to make it work with kernel 5.4 as well.
Added removed config options for 5.4 to generic config.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[Set CONFIG_EXFAT_ config options to default values]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This change was investigated previously [1] but not deemed necessary. With
the recent addition [2] of modern BPF loader support, however, tc gained
dependencies on libelf and libbpf, with a larger installation footprint.
Similar to ip-tiny/ip-full, split tc into tc-full and tc-tiny variants,
where the latter excludes the eBPF loader, uses a smaller executable, and
avoids libelf and libbpf package dependencies. Both variants provide the
'tc' virtual package, with tc-tiny as the default.
The previous tc package included a loadable module for iptables actions.
Separate this out into a common package, tc-mod-iptables, which both
variants depend on. Some package sizes on mips_24kc:
Before:
148343 tc_5.11.0-1_mips_24kc.ipk
After:
144833 tc-full_5.11.0-2_mips_24kc.ipk
138430 tc-tiny_5.11.0-2_mips_24kc.ipk (and no libelf or libbpf)
4115 tc-mod-iptables_5.11.0-2_mips_24kc.ipk
Also fix up some Makefile indentation.
[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447619962
[2] b048a305a3 ("iproute2: update to 5.11.0")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The link equalizer sch_teql.ko of package kmod-sched relies on a hotplug
script historically included in iproute2's tc package. In previous
discussion [1], consensus was the hotplug script is best located together
with the module in kmod-sched, but this change was deferred at the time.
Relocate the hotplug script now. This change also simplifies adding a tc
variant for minimal size with reduced functionality.
[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447923636
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
This patch has been submitted upstream to fix an error reported by a few
users. One instance seen using gcc 10.2.0, binutils 2.35.1 and musl 1.1.24:
bpf_glue.c: In function 'get_libbpf_version':
bpf_glue.c:46:11: error: 'PATH_MAX' undeclared (first use in this function);
did you mean 'AF_MAX'?
46 | char buf[PATH_MAX], *s;
| ^~~~~~~~
| AF_MAX
Reported-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Update file paths for kmod-sound-hda-intel and reflect new dependency of
kmod-sound-hda-core on kmod-ledtrig-audio.
Reported-by: Javier Marcet <javier@marcet.info>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Add conditional dependency on kmod-of-mdio due to mdio_devres.c code:
#if IS_ENABLED(CONFIG_OF_MDIO)
...
EXPORT_SYMBOL(devm_of_mdiobus_register);
#endif /* CONFIG_OF_MDIO */
Fixes: 95a3741d17 ("kernel: support new mdio_devres.ko module in 5.10")
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
kdump was removed in 7acd257ae67b4ca94f8c23cb8bda0ee0709b9216
gdb can be used as an alternative.
Remove autoreconf. It's not needed as the configure files are already
generated.
Remove upstreamed patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
If the environment variable FILTER is set before compilation,
compilation of the ppp-package will fail with the error message
Package ppp is missing dependencies for the following libraries:
libpcap.so.1
The reason is that the OpenWrt-patch for the Makefile only comments
out the line FILTER=y. Hence the pcap-library will be dynamically
linked if the environment variable FILTER is set elsewhere, which
causes compilation to fail. The fix consists on explicitly unsetting
the variable FILTER instead.
Signed-off-by: Eike Ritter <git@rittere.co.uk>
This fixes writing to the U-Boot environment by making the partition
writable and setting the correct flash sector size of 128K.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Allow selecting either SATA or PCIE functionality using uImage.FIT
configurations and device-tree overlays.
By default, PCIE1 is selected (as it has been before this change).
To select SATA instead, you can do this now:
fw_setenv bootconf config-mt7622-bananapi-bpi-r64-sata
and reboot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Commit b5b0796a13 added an uint32_t to mtd.h without including stdint, which
results in a compilation error for those files not including stdint.h.
In file included from imagetag.c:36:
mtd.h:15:8: error: unknown type name 'uint32_t'
extern uint32_t opt_trxmagic;
^~~~~~~~
imagetag.c: In function 'trx_fixup':
imagetag.c:180:10: warning: unused variable 'res' [-Wunused-variable]
ssize_t res;
^~~
imagetag.c:177:14: warning: unused variable 'scan' [-Wunused-variable]
void *ptr, *scan;
^~~~
imagetag.c: In function 'trx_check':
imagetag.c:246:27: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
struct bcm_tag *tag = (const struct bcm_tag *) buf;
^
make[3]: *** [<builtin>: imagetag.o] Error 1
Fixes: b5b0796a13 ("mtd: add option for TRX magic to fixtrx")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Security fixes:
* Fix a buffer overflow in mbedtls_mpi_sub_abs()
* Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem()
* Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout()
* Guard against strong local side channel attack against base64 tables
by making access aceess to them use constant flow code
Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
This adds support for the Buffalo WSR-2533DHP2.
The device uses the Broadcom TRX image format with a special magic. To
be able to boot the images or load them they have to be wrapped with
different headers depending how it is loaded.
There are multiple ways to install OpenWrt on this device.
Boot ramdisk from U-Boot
----------------------------
This will load the image and not write it into the flash.
1. Stop boot menu with "space" key
2. Select "System Load Linux to SDRAM via TFTP."
3. Load this image:
openwrt-mediatek-mt7622-buffalo_wsr-2533dhp2-initramfs-kernel.bin
4. The system boots the image
Write to flash from U-Boot
-----------------------------
This will load the image over tftp and directly write it into the flash.
1. Stop boot menu with "space" key
2. Select "System Load Linux Kernel then write to Flash via TFTP."
3. Load this image:
openwrt-mediatek-mt7622-buffalo_wsr-2533dhp2-squashfs-factory-uboot.bin
4. The system writes this image into the flash and boots into it.
Write to flash from Web UI
-----------------------------
This will load the image over over the Web UI and write it into the flash
1. Open the Web UI
2. Go to "管理" -> "ファームウェア更新"
3. Select "ローカルファイル指定" and click "更新実行"
4. Load this image:
openwrt-mediatek-mt7622-buffalo_wsr-2533dhp2-squashfs-factory.bin
5. The system writes this image into the flash and boots into it.
Specifications
-------------------
* SoC: MT7622 (4x4 2.4 GHz Wifi)
* Wifi: MT7615 (4x4 5 GHz Wifi)
* Flash: Winbond W29N01HZ 128MB SLC NAND
* RAM 256MB
* Ethernet: Realtek RTL8367S (5 x 1GBit/s, SoC via 2.5GBit/s)
Co-Developed-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Buffalo uses the TRX header with a different magic and even changes this
magic with different devices. This change allows to specify the header
to use as a command line argument.
This is needed for the Buffalo WSR-2533DHP2 based on mt7622.
Co-Developed-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Make installation to eMMC more convenient on the BPi-R64 by also
copying the production image (if valid) from SD Card to eMMC.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Instead of building all U-Boot variants by default, build only those
needed by the selected board(s).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add kmod-mdio-devres package and kernel config symbol, and update related
kmod-r8169 and kmod-ixgbe package dependencies.
Build tested module dependencies on x86/64 with CONFIG_ALL_KMODS=y.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The ZyXEL GS1900-8 is a 8 port switch without any PoE functionality or
SFP ports, but otherwise similar to the other GS1900 switches.
Specifications
--------------
* Device: ZyXEL GS1900-8 v1.2
* SoC: Realtek RTL8380M 500 MHz MIPS 4KEc
* Flash: Macronix MX25L12835F 16 MiB
* RAM: Nanya NT5TU128M8GE-AC 128 MiB DDR2 SDRAM
* Ethernet: 8x 10/100/1000 Mbit
* LEDs: 1 PWR LED (green, not configurable)
1 SYS LED (green, configurable)
8 ethernet port status LEDs (green, SoC controlled)
* Buttons: 1 on-off glide switch at the back (not configurable)
1 reset button at the right side, behind the air-vent
(not configurable)
1 reset button on front panel (configurable)
* Power 12V 1A barrel connector
* UART: 1 serial header (JP2) with populated standard pin connector on
the left side of the PCB, towards the back. Pins are labelled:
+ VCC (3.3V)
+ TX (really RX)
+ RX (really TX)
+ GND
the labelling is done from the usb2serial connector's point of
view, so RX/ TX are mixed up.
Serial connection parameters for both devices: 115200 8N1.
Installation
------------
Instructions are identical to those for the GS1900-10HP and GS1900-8HP.
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs
image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
* Since the GS1900-10HP is a dual-partition device, you want to keep the
OEM firmware on the backup partition for the time being. OpenWrt can
only boot off the first partition anyway (hardcoded in the DTS). To
make sure we are manipulating the first partition, issue the following
commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-8-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade /tmp/openwrt-realtek-generic-zyxel_gs1900-8-squashfs-sysupgrade.bin
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3d7da7a igmpproxy tidy some loose ends
c84ba0f rcigmpproxy: add entries to /etc when creating /etc/igmpproxy.conf
5a18967 adds igmpproxy skeleton
7e6a218 logread: support resolving dns names
e39ca8b netifd: add support for /etc/udhcpc.user
7952bd0 odhcp6c: support /etc/odhcp6c.user
ba0eb4e swconfig, fwenv, agent
4556b8a pppd cosmetic
9324d9d pppd: sends AT commands to model using /dev/ttyUSBN
417b14a ttydev: add some more ttyUSB
ed739dc example: dont depend on policycoreutils
97613f9 dropbear: using dropbear as scp: dns name resolving
12c193b dropbear tcp connect ssh ports for scp
c050077 rcdnsmasq: remove redundant rule and make rcsysntpd optional
8c5de35 this is a bug
8d5c463 uhttpd rcboot rcdnsmasq
094266e hostapd and wpa_supplicant
aef0bd7 mountroot: maintains /tmp/sysupgrade.tar
24f0406 dropbear: allow it to read tmp.fs files
2901433 firstboot mkfsf2fs rcboot
2c4afb7 blockmount mmc
465ca98 adds industrial i/o (iio) nodedev
82f686e mtd stordev: back that ubiblock0_4p1 up with a filecon
7df78bd ubus: "support" older ubusd versions that run as root
4458bce swconfig: allow using terminal (to print output)
e8d606d sslcert: openssl linked: this shaves off 200 bytes
93afffb jshn ntpdhotplug
0b847f0 wpad: reads /etc/ssl/openssl.cnf
f14ee34 indent fix
a0c7cad mtd, uhttpd, ubus and ntpdhotplug
d74f98f adds a not about checkreqprot requirement in some scenarios
affacce example: add policycoreutils-setfiles for make check
4f944dc kmodloader and fwenv:
efe36a3 netifd: adds a comment/reminder
581b087 more fw_printenv loose ends
30177a4 fw_setenv: needs mtd write access to set and delete env
da28f4c fw_printenv: some minor clean ups
a062053 fw_printenv missing rules
244ba5f blockmount: extroot and /rwm
0745a6a squid: allow squid to run sslcrtd with domain transition
b851df6 squid fix
8c55acd squid: adds certfile and allow connect http but...
b7c1f6d Makefile: exclude tinyproxy from mintesttgt (using squid)
5ff39bd squid: forgot about luci
5366c97 squid/rcsquid some basic fill in
8743da6 squid skeleton
687a43b adds squid 3128 port to httpproxy port
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Commit f4da28c301 ("elfutils: Add host build") supplied a libelf host
library to fix a glib2 host build error, but this need was later removed
by b6212c8769 ("glib2: don't use libelf during host build").
More importantly, there are already two sources for libelf host libraries:
OpenWRT build prerequisites [1] and tools/libelf. A third is not needed.
Ref [1]: https://openwrt.org/docs/guide-developer/build-system/install-buildsystem#prerequisites
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Import patch form Frank Wunderlich <frank-w@public-files.de> to fix
build of MediaTek AHCI SATA driver.
Enable that driver on Bananapi BPi-R64.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[ -d /sys/module/xfrm_interface ] is enough to check if
CONFIG_XFRM_INTERFACE support was enabled in kernel.
Signed-off-by: Alin Nastac <alin.nastac@technicolor.com>
Copy patch added to uboot-sunxi by commit 3cc57ba462
("uboot-sunxi: add missing type __u64") also to uboot-mediatek.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* make sure USB 2.0 works (useful for UEFI-booting eg. memtest86)
* include more useful U-Boot config options on BPi-R64.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
MediaTek published their current U-Boot patchset on github:
https://github.com/mtk-openwrt/u-boot/commits/mtksoc
Import the platform patches from there (`00-mtk-*.patch`), arrange,
them nicely, drop no longer needed local patches and rebase on top of
U-Boot 2021.04-rc3.
Tested and works well on Linksys E8450 (snand-1ddr) as well as
Bananapi BPi-R64 (sdmmc-2ddr, emmc-2ddr).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Most prominently this adds changes which allow replacing the binary-
only 'bromimage' tool by U-Boot's 'mkimage' (see previous commit).
This fixes build on non-Linux and/or non-x86 platforms.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add patches for mkimage to allow using it instead of the binary-only
'bromimage' tool to generate bl2 for MT7622.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
d3f2041 uci: manually clear uci_ptr flags after uci_delete() operations
ccb7517 sys: packagelist: drop ABI version from package name
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Document the existence of this feature. This allows the user to execute a script
at each DHCPv4 event. This is useful, for example, as an ad-hoc way to update a
DDNS entry when (and only when) required.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Document the existence of this feature. This allows the user to execute a script
at each DHCPv6 event. This is useful, for example, as an ad-hoc way to update a
DDNS entry when (and only when) required.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
d464187c policycoreutils: sestatus belongs to bin not sbin
d59932a7 policycoreutils: Resolve path in restorecon_xattr
5682c0d5 policycoreutils/fixfiles.8: add missing file systems and merge check and verify
57dd1f65 policycoreutils/setfiles: Drop unused nerr variable
be7f54cb setfiles: drop ABORT_ON_ERRORS and related code
9207823c setfiles: Do not abort on labeling error
c064d214 selinux_config(5): add a note that runtime disable is deprecated
8bc865e1 newrole: support cross-compilation with PAM and audit
ba2d6c10 fixfiles: correctly restore context of mountpoints
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
142826a3 libselinux: fix segfault in add_xattr_entry()
398d2cee libselinux: rename gettid() to something which never conflicts with the libc
8f0f0a28 selinux(8,5): Describe fcontext regular expressions
9cc6b5cf libselinux/getconlist: report failures
156dd0de libselinux: update getseuser
e2dca5df libselinux: accept const fromcon in get_context API
da4829d0 libselinux: Always close status page fd
45b15c22 selinux(8): explain that runtime disable is deprecated
3c16aaef selinux(8): mark up SELINUX values
c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable
db0f2f38 libselinux: Add build option to disable X11 backend
4a142ac4 libsepol: Bump libsepol.so version
d23342a9 libselinux: convert matchpathcon to selabel_lookup()
7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format.
f5d644c7 libselinux: Add additional log callback details in man page for auditing.
075f9cfe libselinux: Fix selabel_lookup() for the root dir.
a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices.
a63f93d8 libselinux: initialize last_policyload in selinux_status_open()
ef902db9 libselinux: safely access shared memory in selinux_status_updated()
9e4480b9 libselinux: Remove trailing slash on selabel_file lookups.
21fb5f20 libselinux: use full argument specifiers for security_check_context in man page
e7abd802 libselinux: fix build order
05bdc031 libselinux: use kernel status page by default
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails
6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr
b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf
0861c659 libsepol: Validate policydb values when reading binary policy
8f5409cf libsepol: Create function ebitmap_highest_set_bit()
0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete
32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast
4662bdc1 libsepol/cil: be more robust when encountering <src_info>
6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument
0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks
1b36ace2 libsepol: include header files in source files when matching declarations
1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check
72a88d75 libsepol: remove unused files
eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit
1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block
b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep
f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values()
5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums
34bd9a9d libsepol: destroy filename_trans list properly
bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer
b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails
228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit
a25d9104 libsepol/cil: constify some strings
e2d01842 libsepol/cil: propagate failure of cil_fill_list()
6c8fca10 libsepol/cil: do not add a stack variable to a list
38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias
3c357285 libsepol/cil: remove useless print statement
90809674 libsepol/cil: always destroy the lexer state
d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible
2aac859a libsepol/cil: Use the macro NODE() whenever possible
d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases()
9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve
e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node()
ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_*
89dab467 libsepol: free memory when realloc() fails
2d353bd5 libsepol/cil: Give error for more than one true or false block
4a142ac4 libsepol: Bump libsepol.so version
506c7b95 libsepol: Drop deprecated functions
ae58e84b libsepol: Get rid of the old and duplicated symbols
c97d63c6 libsepol: silence potential NULL pointer dereference warning
64387cb3 libsepol: drop confusing BUG_ON macro
521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
a152653b libsepol/cil: Fix neverallow checking involving classmaps
734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy
685f577a libsepol/cil: Validate constraint expressions before adding to binary policy
8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS
42ae834a libsepol,checkpolicy: optimize storage of filename transitions
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
945d0d7 utils: fix C style in header file
2cfc26f inittab: detect active console from kernel if no console= specified
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fix: bpftools 5.11.2 does not compile on macOS, because the -m option
was placed between src and dst. Corrected by moving -m 644 before src.
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
The pkgconfig file hardcodes a host library directory which cannot be
overridden by OpenWrt during builds. Use SED to fix this and potential
include directory problems, as is done with several other packages.
This fixes a strange issue intermittently seen building iproute2 on the
oxnas target:
iptables modules directory: /usr/lib/iptables
libc has setns: yes
SELinux support: no
libbpf support: no
libbpf version 0.3.0 is too low, please update it to at least 0.1.0
LIBBPF_FORCE=on set, but couldn't find a usable libbpf
Fixes: 2f0d672088 ("bpftools: add utility and library packages
supporting eBPF usage")
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Make packages depending on usb-serial selective, so we do not have
to add kmod-usb-serial manually for every device.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
So far, board.d files were having execute bit set and contained a
shebang. However, they are just sourced in board_detect, with an
apparantly unnecessary check for execute permission beforehand.
Replace this check by one for existance and make the board.d files
"normal" files, as would be expected in /etc anyway.
Note:
This removes an apparantly unused '#!/bin/sh /etc/rc.common' in
target/linux/bcm47xx/base-files/etc/board.d/01_network
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Partially restore the wild-card matching for kmod-usb3 modules to fix
build on platforms without PCI which otherwise file, as seen on
buildbot:
ERROR: module '[...]/linux-5.4.102/drivers/usb/host/xhci-pci.ko' is missing.
modules/usb.mk:1675: recipe for target '[...]/kmod-usb3_5.4.102-1_mips_mips32.ipk' failed
Fixes: 7bda2e9aba ("kernel: fix kmod-usb3 dependencies")
Fixes: be23f9818a ("apm821xx: add support for kernel 5.10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Remove unneeded delcarations form package Makefile now that everything
comes from github.com/mtk-openwrt upstream.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Adding CONFIG_USB_XHCI_PCI_RENESAS to KCONFIG made it so it was set
for all targets that included kmod-usb3, not just the intended
apm821xx/nand. xhci-pci has a dependency on xhci-pci-renesas if
CONFIG_USB_XHCI_PCI_RENESAS is set, breaking kmod-usb3 builds on
Linux 5.10 on all other targets.
Rework the dependencies by breaking out xhci-hcd, xhci-mtk, and
xhci-pci-renesas into new hidden kernel modules and setting kmod-usb3
dependencies properly.
Tested by building mt7621 and apm821xx/nand with kmod-usb3 on Linux 5.10
Fixes: be23f981 ("apm821xx: add support for kernel 5.10")
Cc: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
DDR3_FLYBY has accidentally been set also for the 1-chip variant which
lead to broken, unbootable images. Fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This patch copies over refreshed patches from 5.4.
- dropped crypto patches (they got upstreamed)
- dropped renesas USB 3 firmware loader (they got upstreamed)
- NAND now needs extra device-properties for ECC settings.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* allow MAC address from U-Boot env to be inhertied
* allow eMMC installation to succeed also without recovery present
on the SD Card.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
All necessary blobs are now contained in the upstream repository, no
more wild replacing of blobs needed.
This new version also contains new storage drivers for (SPI-)NAND which
already comes with support for FM35Q1GA, so that patch can be dropped
as well.
Tested on:
* Bananapi BPi-R64
- sdmmc-2ddr
- emmc-2ddr
* Linksys E8450
- snand-1ddr
All works fine (booting Bananapi BPi-R64 from SD Card does NOT require
a signed image, so patch arm-trusted-firmware-mediatek to allow doing
that).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This will use the new application led trigger backend. For now this is
the only package that uses leds trigger in user space to configure the
kernel led triggers.
The callback script only emmits a message for now, so that this LED is now
managed by the rssileds service. Until now a generic warning was emitted that
this LED trigger is not supported. But that is not true.
-> Skipping trigger 'rssileds' for led '<name>' due to missing kernel module
I think this callback should be changed in the future to restart the
service.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
For now we have only kernel LED trigger support. With this change it is now
possible to use application triggers.
If we configure a LED with a non kernel trigger, then we check on every
restart and boot of the LED service if we have this trigger as an application
in "/usr/libexec/led-trigger". If this file with the name is found, then we
execute this to init the LED.
Possible use cases are:
- Start/Stop/Restart an application led trigger service for this led
- Init a LED that is configured by a hotplug script (VPN tunnel established)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
stropts.h is unavailable under glibc (and unneeded when building
against glibc). Include it only if not building against glibc.
Reported-by: @DazzyWalkman
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Don't try to install files which no longer exist
Since {e,sd}mmc are now produced by ptgen they have been removed.
Fixes: 5a3562cd1d ("arm-trusted-firmware-mediatek: remove {e,sd}mmc headers")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Turned out those are simply MBR with active boot partition. And not
needed at all on emmc. Remove them as ptgen can now generate hybrid
MBR sufficient to boot MT7622 from SD Card.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Write everything needed for eMMC install into the gaps between
partitions on SD card. In that way, installation to eMMC only needs
the SD card, no additional files need to be loaded via TFTP any more.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.
Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.
This fixes the following security vulnerabilities/bugs:
- CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c
in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
discovery requests. It could result in denial of service or other
impact (potentially execution of arbitrary code), for an attacker
within radio range.
Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Changes:
- Remove custom Build/Compile because it's no longer needed
- Remove std=gnu99 which is added automaticaly by igmpproxy if needed
- Remove -Dlog from CFLAGS because igmpproxy doesn't have log function
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
libunwind dependency check does not allow for MIPS64 arch. Add MIPS64 awareness.
libunwind seems to support MIPS64 without issues, it was limited by the dep arch
check in the Makefile.
Used to compile Suricata6/Rust locally without issue.
Signed-off-by: Donald Hoskins <grommish@gmail.com>
Non Linux systems e.g. macOS lack the __u64 type and produce build errors:
In file included from tools/aisimage.c:9:
In file included from include/image.h:19:
In file included from ./arch/arm/include/asm/byteorder.h:29:
In file included from include/linux/byteorder/little_endian.h:13:
include/linux/types.h:146:9: error: unknown type name '__u64'; did you mean '__s64'?
typedef __u64 __bitwise __le64;
Resolved by declaring __u64 in include/linux/types.h
Build tested on macOS and Ubuntu.
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
Compile and run-tested on malta/mip32be, using bpftool directly and also
libbpf (linked with tc) to inspect and load simple eBPF programs.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The latest iproute2 version brings various improvements and fixes:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?qt=range&q=v5.10.0..v5.11.0
In particular, ip and tc now use libbpf as the standard way to load BPF
programs, rather than the old, limited custom loader. This allows more
consistent and featureful BPF program handling e.g. support for global
initialized variables.
Also fix a longstanding problem with iproute2 builds where unneeded DSO
dependencies are added to most utilities, bloating their installation
footprint. From research and testing, explicitly using a "--as-needed"
linker flag avoids the issue. Update accordingly and drop extra package
dependencies from Makefile.
Additional build and packaging updates include:
- install missing development header to iproute2/bpf_elf.h
- propagate OpenWrt verbose flag during build
- update and refresh patches
Compile and run tested: QEMU/malta-mips32be on kernels 5.4 & 5.10.
All iproute2 packages were built and installed to the test image. Some
regression testing using ip-full and tc was successfully performed to
exercise several kmods, tc modules, and simple BPF programs.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
