Commit Graph

45528 Commits

Author SHA1 Message Date
Felix Fietkau
c9262a96d1 ramips: implement vlan rx offload on MT7621
Avoids the overhead of software VLAN untagging in the network stack

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-03 10:40:09 +02:00
Magnus Kroken
701b8d0050 openvpn: openssl: explicitly depend on deprecated APIs
OpenVPN as of 2.4.7 uses some OpenSSL APIs that are deprecated in
OpenSSL >= 1.1.0.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [white space fix]
2019-04-03 10:00:39 +02:00
Adrian Schmutzler
141698ce8f ath79: Add support for TP-Link CPE210 v2
This PR adds support for a popular low-cost 2.4GHz N based AP

Specifications:
 - SoC: Qualcomm Atheros QCA9533 (650MHz)
 - RAM: 64MB
 - Storage: 8 MB SPI NOR
 - Wireless: 2.4GHz N based built into SoC 2x2
 - Ethernet: 1x 100/10 Mbps, integrated into SoC, 24V POE IN

Installation:
Flash factory image through stock firmware WEB UI
or through TFTP
To get to TFTP recovery just hold reset button while powering on
for around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP adress:192.168.0.254

This is based on the support patch for the identical CPE210 v3
by Mario Schroen <m.schroen@web.de>.

Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[renamed dtsi filename]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-02 02:10:59 +02:00
Mario Schroen
5ec205d7ac ath79: Add support for TP-Link CPE210 v3
Specifications:

    * SoC: Qualcomm Atheros QCA9533 (650MHz)
    * RAM: 64MB
    * Storage: 8 MB SPI NOR
    * Wireless: 2.4GHz N based built into SoC 2x2
    * Ethernet: 1x 100/10 Mbps, integrated into SoC, 24V POE IN

Installation:
    Flash factory image through stock firmware WEB UI or TFTP
    To get to TFTP recovery just hold reset button while powering
    on for around 4-5 seconds and release.
    Rename factory image to recovery.bin
    Stock TFTP server IP:192.168.0.100
    Stock device TFTP adress:192.168.0.254

Thanks to robimarko for the work inside the ar71xx tree.
Thanks to adrianschmutzler for deep discussion and fixes.

Signed-off-by: Mario Schroen <m.schroen@web.de>
[Split into DTS/DTSI, read-only config partition in DTSI]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[renamed dtsi filename, light subject touches]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-02 02:10:59 +02:00
Robert Marko
99f6f2c0b8 ar71xx: Add support for TP-Link CPE210 v3
Looks identical to the v2.

This PR adds support for a popular low-cost 2.4GHz N based AP

Specifications:
 - SoC: Qualcomm Atheros QCA9533 (650MHz)
 - RAM: 64MB
 - Storage: 8 MB SPI NOR
 - Wireless: 2.4GHz N based built into SoC 2x2
 - Ethernet: 1x 100/10 Mbps, integrated into SoC, 24V POE IN

Installation:
Flash factory image through stock firmware WEB UI
or through TFTP
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP adress:192.168.0.254

Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Robert Marko <robimarko@gmail.com>
[Rebased, adjusted for separate tplink-safeloader entry, dynamic partitioning]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-04-02 02:09:58 +02:00
Adrian Schmutzler
a2a972b2cf ar71xx: Use dynamic partitions for TP-Link CPE210 v2
This is also helpful to add support in ath79.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-04-02 02:08:37 +02:00
Hans Dedecker
848d85d13b netifd: update to latest git HEAD
361b3e4 proto-shell: return error in case setup fails
a97297d interface: set interface in TEARDOWN state when checking link state

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-01 23:12:29 +02:00
Petr Štetiar
6027e49093 build: image: Fix off-by-one in DTC kernel version checks
It was reported to me on IRC today, that my change causes issues with
kernel versions between 4.14 and 4.19.

It's because I've wrongly used `git describe` in order to get kernel
version where we should disable noisy DTC checks, but I should've used
`git tag --contains` instead.

Fixes: cbbef976e2 ("build: dtc: Disable noisy warnings by default")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-01 13:53:31 +02:00
Petr Štetiar
0a67e84bae ar71xx: ens202ext: Fix whitespace issues
I've missed leading whitespace issues in the original patch, so fixing
it in this commit. Thanks to pepe2k for letting me know.

Fixes: d260813d ("ar71xx: ens202ext: Fix VLAN switch")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-01 12:07:09 +02:00
Magnus Kroken
4376c06e80 openvpn: update to 2.4.7
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2019-04-01 11:23:43 +02:00
Kabuli Chana
6ba3d70c95 mwlwifi: Fix pcie timeout issue
Increase MAX_WAIT_FW_COMPLETE_ITERATIONS to 10000 as before commit
e5e0700 to prevent timeout as reported here: #308 (Original OP issue is
probably not related though as his post preceeds commit e5e0700).

compile/test target mvebu/mamba, rango

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
[commit subject and message tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-01 10:05:49 +02:00
David Bauer
38f3433420 ramips: add missing SPDX identifier for EX6150
This adds the SPDX license identifier for the NETGEAR EX6150. It was
missed when submitting the original patch.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-03-31 20:59:08 +02:00
Michael Pratt
d260813d09 ar71xx: ens202ext: Fix VLAN switch
The target ENS202EXT was just recently added right before the stable
release of Openwrt 18.

It flashes fine, but the physical switch is almost impossible to use
until you have a VLAN set up. Tested on two devices.

The actual problem is that eth0 represents nothing for whatever reason.
In other words, both WAN and LAN are running from eth1. There may be an
underlying problem in the build, but for now, I assume that this is
correct and that a VLAN switch is an appropriate fix.

Also, it's virtually impossible to get the switch running right through
LuCI. It is one thing to get a switch to appear, but attempting to
configure it breaks the whole thing. The VLAN has to be set up
perfectly, otherwise, interfaces will not start up, and one is forced to
reset settings, OR, the new LuCI feature kicks in and reverses any
steps. It is extremely difficult to determine which virtual ports
correspond to which physical ethernet ports without being able to set up
the switch in LuCI.

Temporary Workaround: followed directions here
[openwrt/luci#867](https://github.com/openwrt/luci/issues/867)

Reviewed-by: Marty Plummer <hanetzer@startmail.com>
Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[commit author fix, subject fix, message text wrap]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-03-31 20:58:51 +02:00
Christian Lamparter
fbe2e7d15e ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

Release notes for wave-1 / 10.1:
2019-03-28: Fix sometimes using bad TID for management frames
	    in htt-mgt mode. (Backported from wave2, looks
	    like bug would be the same though.)

Release notes for wave-2 / 10.4:
2019-03-28: Fix off-channel scanning while associated in
	    proxy-station mode.

2019-03-29: Fix sometimes sending mgt frames on wrong tid when
	    using htt-mgt. This bug has been around since I first
	    enabled htt-mgt mode.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-30 10:36:31 +01:00
Hans Dedecker
6df5ab89cf odhcpd: update to latest git HEAD
7798d50 netlink: rework IPv4 address refresh logic
0b20876 netlink: rework IPv6 address refresh logic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-29 15:55:08 +01:00
Koen Vandeputte
968baed351 kernel: bump 4.14 to 4.14.109
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-29 14:00:44 +01:00
Koen Vandeputte
8305c475cc kernel: bump 4.9 to 4.9.166
Refreshed all patches.

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-29 14:00:44 +01:00
Rosen Penev
2159b25466 ramips: Increase GB-PC1 SPI frequency to 80MHz
The specific flash chip used (W25Q256FVEM) accepts 50MHz for read
requests and higher for others. 104MHz for fast reads. ramips seems to
be limited to 80MHz based on testing with higher values (no speedup).

Based on upstream commit: 97738374a310b9116f9c33832737e517226d3722

 time dd if=/dev/mtdblock3 of=/dev/null bs=64k from 42.96s to 7.01s

 [test done with backported upstream v4.19 driver[1], for numbers on
  stock 4.14 driver please take a look at `ramips: Increase GB-PC2 SPI
  frequency to 80MHz` commit message]

1. https://github.com/openwrt/openwrt/pull/1578

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[expanded note about spi driver version]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-03-29 09:01:46 +01:00
Rosen Penev
274439b780 ramips: Increase GB-PC2 SPI frequency to 80MHz
The flash chip on the board (Spansion S25FL256SAIF00) is rated to
support at least 50MHz for normal read requests according to the
datasheet. 133MHz for fast reads. However, ramips seems to be limited to
80MHz.

>From testing this, higher values do not improve speeds.

time dd if=/dev/mtdblock3 of=/dev/null bs=64k from

42.82s to 14.09s.

boot speed is also faster:
[   66.884087] procd: - init - vs
[   48.976049] procd: - init -

Since spi speed was requested:
[    3.538884] spi-mt7621 1e000b00.spi: sys_freq: 225000000

CPU is 900MHz:
[    0.000000] CPU Clock: 900MHz

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[fixed commit message by adding missing 0 in the spi-mt7621 clock output]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-03-29 09:01:23 +01:00
David Bauer
3f019bf96c ramips: add Netgear EX6150
SoC:   MediaTek MT7621
RAM:   64M (Winbond W9751G6KB-25)
FLASH: 16MB (Macronix MX25L12835F)
WiFi:  MediaTek MT7662E bgn 2SS
WiFi:  MediaTek MT7662E nac 2SS
BTN:   ON/OFF - Reset - WPS - AP/Extender toggle
LED:    - Arrow Right (blue)
        - Arrow Left (blue)
        - WiFi 1 (red/green)
        - WiFi 2 (red/green)
        - Power (green/amber)
        - WPS (Green)
UART:  UART is present as Pads on the backside of the PCB. They are
       located on the other side of the Ethernet port.
       3.3V - GND - TX - RX / 57600-8N1
       3.3V is the nearest one to the antenna connectors

Installation
------------
Update the factory image via the Netgear web-interfaces (by default:
192.168.1.250/24).

You can also use the factory image with the nmrpflash tool.
For more information see https://github.com/jclehner/nmrpflash

Signed-off-by: David Bauer <mail@david-bauer.net>
[merge conflict in 02_network, flash@0 node rename, wlan DTS triggers]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-03-29 07:34:00 +00:00
Vladimir Kot
58becdb30d ramips: add support for ZyXEL Keenetic Start
Device specification:
- SoC: RT5350F
- CPU Frequency: 360 MHz
- Flash Chip: Winbond 25Q32 (4096 KiB)
- RAM: 32768 KiB
- 5x 10/100 Mbps Ethernet (4x LAN, 1x WAN)
- 1x external, non-detachable antenna
- UART (J1) header on PCB (57800 8n1)
- Wireless: SoC-intergated: 2.4GHz 802.11bgn
- USB: None
- 3x LED, 2x button

Flash instruction:
1. Configure PC with static IP 192.168.1.2/24 and start TFTP server.
2. Rename "openwrt-ramips-rt305x-kn_st-squashfs-sysupgrade.bin"
   to "kstart_recovery.bin" and place it in TFTP server directory.
3. Connect PC with one of LAN ports, press the reset button, power up
   the router and keep button pressed until power LED start blinking.
4. Router will download file from TFTP server, write it to flash and reboot.

Signed-off-by: Vladimir Kot <vova28rus@gmail.com>
[fixed git commit author and whitespace issues in DTS]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-03-29 07:34:00 +00:00
Tobias Welz
7c4b85ee27 ramips: add support for WIZnet WizFi630S board
The WIZnet WizFi630S board is in the miniPCIe form factor.

SoC: Mediatek MT7688AN
RAM: 128MB
Flash: 32Mb
WiFi: 2.4GHz
Ethernet: 3x 100Mbit
USB: 1 (USB 2.0)
serial ports: 2 (1x full, 1xlite)

Flash and recovery instructions: Use the factory installed u-boot boot
loader. It is available on UART2 (115200,8,n,1).  Then get the
sysupgrade image from a tftp server.

Signed-off-by: Tobias Welz <tw@wiznet.eu>
[whitespace and device name in makefile fixes]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-03-29 07:33:59 +00:00
Daniel Golle
b0395cfc56 iwinfo: Fix 802.11ad channel to frequency
c2cfe9d iwinfo: Fix 802.11ad channel to frequency

Fixes 9725aa271a ("iwinfo: update to latest git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-28 15:20:58 +01:00
Petr Štetiar
1e55171a12 fstools: update to the latest master branch
ff1ded6 libfstools: Fix overflow of F2FS_MINSIZE constant
bc2c876 libfstools: Print error in case of loop blkdev failure

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-03-28 12:57:08 +01:00
Alexander Couzens
95f07502b7
package/uboot-omap: backport patches to fix build
* 106: fix build when libfdt-devel is installed on host
* 107: fix stdbool.h includes

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-03-28 02:10:12 +01:00
Daniel Golle
28920330f8 wireguard: introduce 'nohostroute' option
Instead of creating host-routes depending on fwmark as (accidentally)
pushed by commit
1e8bb50b93 ("wireguard: do not add host-dependencies if fwmark is set")
use a new config option 'nohostroute' to explicitely prevent creation
of the route to the endpoint.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-27 22:59:03 +01:00
Daniel Golle
7204736076 IB: fix generating .profile.mk for profiles without metadata
Fixes d6fa04a437 ("IB: include SUPPORTED_DEVICES in 'make info' output")

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-27 22:53:14 +01:00
Daniel Golle
1e8bb50b93 wireguard: do not add host-dependencies if fwmark is set
The 'fwmark' option is used to define routing traffic to
wireguard endpoints to go through specific routing tables.
In that case it doesn't make sense to setup routes for
host-dependencies in the 'main' table, so skip setting host
dependencies if 'fwmark' is set.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-27 22:53:14 +01:00
Hans Dedecker
b2152c8e6b odhcpd: update to latest git HEAD (FS#2204)
420945c netlink: fix IPv6 address updates (FS#2204)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-27 21:05:07 +01:00
Koen Vandeputte
555ee02f77 kernel: fix missing dependency in 4.14.108
The 4.14.108 bump introduced a missing dependency when building
specific netfilters.

Thsi was not seen as the error does not occur on all targets.

Thanks to Jo-Philipp Wich for providing the fix

Fixes: af6c86dbe5 ("kernel: bump 4.14 to 4.14.108")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-27 16:46:39 +01:00
Felix Fietkau
b65a270c85 mt76: update to the latest version
f2a18f5 mt76x02: introduce mt76x02_beacon.c
91ade88 mt76x02: add hrtimer for pre TBTT for USB
6370485 mt76x02: introduce beacon_ops
37af803 mt76x02u: implement beacon_ops
41d6190 mt76x02: generalize some mmio beaconing functions
dcccc04 mt76x02u: add sta_ps
5ac5289 mt76x02: disable HW encryption for group frames
e284cc2 mt76x02u: implement pre TBTT work for USB
77e56b8 mt76x02: make beacon slots bigger for USB
d4c740f mt76x02u: add mt76_release_buffered_frames
65e6344 mt76: unify set_tim
f720e49 mt76x02: enable AP mode for USB
cf1838d mt76usb: change mt76u_submit_buf
16b2ccf mt76: remove rx_page_lock
e1bfbeb mt76usb: change mt76u_fill_rx_sg arguments
e9c0171 mt76usb: use usb_dev private data
a4eb5db mt76usb: remove mt76u_buf redundant fileds
3f9b68d mt76usb: move mt76u_buf->done to queue entry
4a366bd mt76usb: remove mt76u_buf and use urb directly
0904bc4 mt76usb: remove MT_RXQ_MAIN queue from mt76u_urb_alloc
42f2899 mt76usb: resue mt76u_urb_alloc for tx
4d4d73a mt76usb: remove unneded sg_init_table
57309c7 mt76usb: allocate urb and sg as linear data
2e89721 mt76usb: remove queue variable from rx_tasklet
30a256a mt76x02: remove extra_tx_headroom (obsoleted by mac8211 skb aligning)
ae166b0 Revert "mt76: mt7603: store software PN/IV in wcid"
bf6e72d Revert "mt76: mt76x02: store software PN/IV in wcid"
a11b673 mt76: fix tx power issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-27 13:05:03 +01:00
Koen Vandeputte
af6c86dbe5 kernel: bump 4.14 to 4.14.108
Refreshed all patches.

Altered patches:
- 950-0033-i2c-bcm2835-Add-debug-support.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-27 10:48:59 +01:00
Koen Vandeputte
4bc0224149 kernel: bump 4.9 to 4.9.165
Refreshed all patches.

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-27 10:48:59 +01:00
Stijn Tintel
b422e1631e scripts/gen_image_generic.sh: fail on errors
The script always exits with value 0, even if some of the commands fail.
This can potentially create broken, unbootable images, e.g. when
make_ext4fs fails due to TARGET_KERNEL_PARTSIZE being too small for the
kernel. Avoid this by failing the script when any command fails.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-03-27 00:13:30 +02:00
Koen Vandeputte
e1444ab59c ar71xx: add support for MikroTik RouterBOARD 922UAGS-5HPacD
This patch adds support for the MikroTik RouterBOARD 922UAGS-5HPacD
with a built-in 802.11ac High-Power radio (31dBm).

See https://mikrotik.com/product/RB922UAGS-5HPacD for more info.

Specifications:
- SoC: Qualcomm Atheros QCA9557 (720 MHz)
- RAM: 128 MB
- Storage: 128 MB NAND
- Wireless: external QCA9882 802.11a/ac 2x2:2
- Ethernet: 1x 1000/100/10 Mbps, integrated, via AR8031 PHY, passive PoE-in 24V
- SFP: 1x host
- USB: 1x 2.0 type A
- PCIe: 1x Mini slot (also contains USB 2.0 for 3G/LTE modems)
- SIM slot: 1x mini-SIM

Working:
- Board/system detection
- NAND storage detection
- PCIe
- USB: Type A & mini PCIe
- Wireless
- Ethernet
- LED's (excl. SFP and RSSI levels)
- Reset button
- Sysupgrade

Not working:
- SFP cage

Installation:

- Boot vmlinux-initramfs image via BOOTP/TFTP and then flash sysupgrade
image using "sysupgrade -n"

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2019-03-26 18:01:47 +01:00
Hauke Mehrtens
63ed513779 mvebu: Add dependency to kmod-i2c-mux-pca954x for armada-macchiatobin
This driver is needed for the I2C mux on the board.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-26 15:12:01 +01:00
Hauke Mehrtens
3d945f5706 mvebu: Refresh kernel configuration
This refreshes the current kernel configuration to remove unneeded
options, add some automatically added ones and reorders them. The normal
build did this automatically, so the builds already used this
configuration.

CONFIG_HW_RANDOM_OMAP is explicitly activated for the cortexa72
subtarget because it has an inside-secure,safexcel-eip76 IP core.

This was done with this command on the cortexa9 subtarget:
	make kernel_oldconfig
and this one on the other subtargets:
	make kernel_oldconfig CONFIG_TARGET=subtarget

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-26 15:11:39 +01:00
Hauke Mehrtens
ae9d3a25c2 mvebu: Fix typo in MACCHIATOBin detection
The name in the device tree file is written with two C.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
6af639e0bf linux: Add kmod-sched-act-vlan
This allows to configure rules to push or pop vlan headers.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
72c7e2dc46 linux: Add kmod-sched-flower
This allows to classify packets based on a configurable combination
of packet keys and masks.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
f83522fa63 linux: Add kmod-sched-mqprio
This adds Multi-queue priority scheduler (MQPRIO).

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
187ab0bceb linux: Add kmod-crxypto-xcbc
This can be used for IPsec.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Konstantin Demin
01964148c6 dropbear: split ECC support to basic and full
- limit ECC support to ec*-sha2-nistp256:
  * DROPBEAR_ECC now provides only basic support for ECC
- provide full ECC support as an option:
  * DROPBEAR_ECC_FULL brings back support for ec{dh,dsa}-sha2-nistp{384,521}
- update feature costs in binary size

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:35 +01:00
Konstantin Demin
5eb7864aad dropbear: rewrite init script startup logic to handle both host key files
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
6145e59881 dropbear: change type of config option "Port" to scalar type "port"
it was never used anywhere, even LuCI works with "Port" as scalar type.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
5d27b10c61 dropbear: introduce config option "keyfile" (replacement for "rsakeyfile")
* option "keyfile" is more generic than "rsakeyfile".
* option "rsakeyfile" is considered to be deprecated and should be removed
  in future releases.
* warn user (in syslog) if option "rsakeyfile" is used
* better check options ("rsakeyfile" and "keyfile"): don't append
  "-r keyfile" to command line if file is absent (doesn't exist or empty),
  warn user (in syslog) about such files

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
efc533cc2f dropbear: add initial support for ECC host key
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
c40a84cc15 dropbear: fix regression where TTY modes weren't reset for client
cherry-pick upstream commit 7bc6280613f5ab4ee86c14c779739070e5784dfe

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
ddf1a06326 dropbear: honour CFLAGS while building bundled libtomcrypt/libtommath
Felix Fietkau pointed out that bundled libtomcrypt/libtommath do funny stuff with CFLAGS.
fix this with checking environment variable OPENWRT_BUILD in both libs.
change in dropbear binary size is drastical: 221621 -> 164277.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
9c3bfd0906 dropbear: fix hardening flags during configure
compiler complains about messed up CFLAGS in build log:
  <command-line>: warning: "_FORTIFY_SOURCE" redefined
  <command-line>: note: this is the location of the previous definition

and then linker fails:
  mips-openwrt-linux-musl-gcc [...] -o dropbearmulti [...]
  collect2: fatal error: ld terminated with signal 11 [Segmentation fault]
  compilation terminated.
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans0.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans1.ltrans.o: relocation R_MIPS_HI16 against `ses' can not be used when making a shared object; recompile with -fPIC
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans2.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550
  [...]
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550
  make[3]: *** [Makefile:198: dropbearmulti] Error 1
  make[3]: *** Deleting file 'dropbearmulti'
  make[3]: Leaving directory '/build_dir/target-mips_24kc_musl/dropbear-2018.76'
  make[2]: *** [Makefile:158: /build_dir/target-mips_24kc_musl/dropbear-2018.76/.built] Error 2
  make[2]: Leaving directory '/package/network/services/dropbear'

This FTBFS issue was caused by hardening flags set up by dropbear's configure script.

By default, Dropbear offers hardening via CFLAGS and LDFLAGS,
but this may break or confuse OpenWrt settings.

Remove most Dropbear's hardening settings in favour of precise build,
but preserve Spectre v2 mitigations:
* -mfunction-return=thunk
* -mindirect-branch=thunk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00