If we're being paranoid and quote all the arguments to ipcalc.sh,
it's possible to pass in empty start and range arguments. This
should be handled the same as their being absent.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Link: https://github.com/openwrt/openwrt/pull/15946
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Huawei AP6010DN is a dual-band, dual-radio 802.11a/b/g/n 2x2 MIMO
enterprise access point with one Gigabit Ethernet port and PoE
support.
Hardware highlights:
- CPU: AR9344 SoC at 480MHz
- RAM: 128MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi 2.4GHz: AR9344-internal radio
- Wi-Fi 5GHz: AR9580 PCIe WLAN SoC
- Ethernet: 10/100/1000 Mbps Ethernet through Atheros AR8035 PHY
- PoE: yes
- Standalone 12V/2A power input
- Serial console externally available through RJ45 port
- External watchdog: CAT706SVI (1.6s timeout)
Serial console:
9600n8 (9600 baud, no stop bits, no parity, 8 data bits)
MAC addresses:
Each device has 32 consecutive MAC addresses allocated by
the vendor, which don't overlap between devices.
This was confirmed with multiple devices with consecutive
serial numbers.
The MAC address range starts with the address on the label.
To be able to distinguish between the interfaces,
the following MAC address scheme is used:
- eth0 = label MAC
- radio0 (Wi-Fi 2.4GHz) = label MAC + 1
- radio1 (Wi-Fi 5GHz) = label MAC + 2
Installation:
0. Connect some sort of RJ45-to-USB adapter to "Console" port of the AP
1. Power up the AP
2. At prompt "Press f or F to stop Auto-Boot in 3 seconds",
do what they say.
Log in with default admin password "admin@huawei.com".
3. Boot the OpenWrt initramfs from TFTP using the hidden script "run ramboot".
Replace IP address as needed:
> setenv serverip 192.168.1.10
> setenv ipaddr 192.168.1.1
> setenv rambootfile openwrt-ath79-generic-huawei_ap6010dn-initramfs-kernel.bin
> saveenv
> run ramboot
4. Optional but recommended as the factory firmware cannot be downloaded publicly:
Back up contents of "firmware" partition using the web interface or ssh:
$ ssh root@192.168.1.1 cat /dev/mtd11 > huawei_ap6010dn_fw_backup.bin
5. Run sysupgrade using sysupgrade image. OpenWrt
shall boot from flash afterwards.
Return to factory firmware (using firmware upgrade package downloaded from non-public Huawei website):
1. Start a TFTP server in the directory where
the firmware upgrade package is located
2. Boot to u-boot as described above
3. Install firmware upgrade package and format the config partitions:
> update system FatAP6X10XN_SOMEVERSION.bin
> format_fs
Return to factory firmware (from previously created backup):
1. Copy over the firmware partition backup to /tmp,
for example using scp
2. Use sysupgrade with force to restore the backup:
sysupgrade -F huawei_ap6010dn_fw_backup.bin
3. Boot AP to U-Boot as described above
Quirks and known issues:
- The stock firmware has a semi dual boot concept where the primary
kernel uses a squashfs as root partition and the secondary kernel uses
an initramfs. This dual boot concept is circumvented on purpose to gain
more flash space and since the stock firmware's flash layout isn't
compatible with mtdsplit.
- The external watchdog's timeout of 1.6s is very hard to satisfy
during bootup. This is why the GPIO15 pin connected to the watchdog input
is configured directly in the LZMA loader to output the AHB_CLK/2 signal
which keeps the watchdog happy until the wdt-gpio kernel driver takes
over. Because it would also take too long to read the whole kernel image
from flash, the uImage header only includes the loader which then reads
the kernel image from flash after GPIO15 is configured.
Signed-off-by: Marco von Rosenberg <marcovr@selfnet.de>
Link: https://github.com/openwrt/openwrt/pull/15941
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hardware specification:
SoC: MediaTek MT7981B 2x A53
Flash: 128 MB SPI-NAND
RAM: 256MB
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976C
Button: Reset, Mesh
Power: DC 12V 1A
Gain telnet access:
1. Login into web interface, and download the configuration.
2. Decode and uncompress the configuration:
* Enter fakeroot if you are not login as root.
base64 -d e-xxxxxxxxxxxx-cfg.tar.gz | tar -zx
3. Edit 'etc/passwd', remove root password: 'root::1:0:99999:7:::'.
4. Edit 'etc/rc.local', insert telnetd command before 'exit 0':
( sleep 3s; /usr/sbin/telnetd; ) &
5. Repack the configuration:
tar -zc etc/ | base64 > e-xxxxxxxxxxxx-cfg.tar.gz
6. Upload new configuration via web interface, now you can connect to
ASR3000 via telnet.
Flash instructions:
1. Connect to ASR3000, backup everything, especially 'Factory' part.
2. Write new BL2:
mtd write openwrt-mediatek-filogic-abt_asr3000-preloader.bin BL2
3. Write new FIP:
mtd write openwrt-mediatek-filogic-abt_asr3000-bl31-uboot.fip FIP
4. Set static IP on your PC:
IP 192.168.1.254/24, GW 192.168.1.1
5. Serve OpenWrt initramfs image using TFTP server.
6. Cut off the power and re-engage, wait for TFTP recovery to complete.
7. After OpenWrt has booted, perform sysupgrade.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/15887
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Remove kmod-switch-rtl8366-smi from the package list, as it is still loaded
because kmod-switch-rtl8367b depends on it
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/15757
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit fixes all errors reported by the checkpatch script. This
should make it easier to accept upstream this patch.
There should be no functional changes.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Link: https://github.com/openwrt/openwrt/pull/15939
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch fixes two issues in the driver detach:
* double free of the same descriptor (upstream bug, backported in 66177c081f),
* releasing tx descriptor instead of rx (downstream bug).
The driver is compiled into the kernel that is why the error
is not visible in normal use.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Link: https://github.com/openwrt/openwrt/pull/15939
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch cleans up the following warnings during build:
"warning: format not a string literal"
```
conf.c: In function 'conf_askvalue':
conf.c:89:17: warning: format not a string literal and no format arguments [-Wformat-security]
89 | printf(_("(NEW) "));
| ^~~~~~
conf.c: In function 'conf_choice':
conf.c:285:33: warning: format not a string literal and no format arguments [-Wformat-security]
285 | printf(_(" (NEW)"));
| ^~~~~~
conf.c: In function 'check_conf':
conf.c:440:41: warning: format not a string literal and no format arguments [-Wformat-security]
440 | printf(_("*\n* Restart config...\n*\n"));
| ^~~~~~
conf.c: In function 'main':
conf.c:617:41: warning: format not a string literal and no format arguments [-Wformat-security]
617 | _("\n*** The configuration requires explicit update.\n\n"));
| ^
conf.c:669:25: warning: format not a string literal and no format arguments [-Wformat-security]
669 | fprintf(stderr, _("\n*** Error during writing of the configuration.\n\n"));
| ^~~~~~~
conf.c:673:25: warning: format not a string literal and no format arguments [-Wformat-security]
673 | fprintf(stderr, _("\n*** Error during update of the configuration.\n\n"));
| ^~~~~~~
conf.c:684:25: warning: format not a string literal and no format arguments [-Wformat-security]
684 | fprintf(stderr, _("\n*** Error during writing of the configuration.\n\n"));
| ^~~~~~~
```
And POSIX Yacc warnings
```
lex -ozconf.lex.c -L zconf.l
yacc -ozconf.tab.c -t -l zconf.y
zconf.y:34.1-7: warning: POSIX Yacc does not support %expect [-Wyacc]
34 | %expect 32
| ^~~~~~~
zconf.y:97.1-11: warning: POSIX Yacc does not support %destructor [-Wyacc]
97 | %destructor {
| ^~~~~~~~~~~
gcc -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -DKBUILD_NO_NLS -c -o zconf.tab.o zconf.tab.c
gcc conf.o zconf.tab.o -o conf
```
After:
gcc -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -DKBUILD_NO_NLS -c -o conf.o conf.c
yacc -Wno-yacc -ozconf.tab.c -t -l zconf.y
gcc -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -DKBUILD_NO_NLS -c -o zconf.tab.o zconf.tab.c
gcc conf.o zconf.tab.o -o conf
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/15953
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
NAND code uses either "cat" or "zcat" for getting firmware image
content. Code was full of duplicated ${gz}cat calls. Use "cmd" variable
that is determined by a caller and passed to lower level functions. This
avoids code duplication and allows adding support for more formats.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Switch to new nvmem binding.
Also fixes a issue that the MAC address assigned to lan/wan was
reversed on eMMC boards.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The config options that are enabled by default and where other default
packages depends on should not only be set if there is no .config file,
but also if the .config exists but the config option (e.g.
CONFIG_SECCOMP) is missing in the file.
This is relevant, for example, if you are working with .config templates
and then want to complete the configuration using make defconfig.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
The fix in commit 847fad476f ("target.mk: improve handling of default
enabled SECCOMP") unfortunately does not work for targets where the ARCH
variable is set in ./$(SUBTARGET)/target.mk.
To get this working, the ./$(SUBTARGET)/target.mk must be included
before the check.
Fixes: 847fad476f ("target.mk: improve handling of default enabled SECCOMP")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Also use env variables exported by export_fitblk_rootdev() in
platform_copy_config().
Fixes: 4448d6325f ("mediatek: make use of common uImage.FIT upgrade functions")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The function was moved to /lib/upgrade/fit.sh which is part of the fitblk
package. Remove it from /lib/upgrade/common.sh to safe space on boards
not using unified uImage.FIT images.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use export_fitblk_bootdev() in /lib/upgrade/fit.sh instead of now
deprecated fitblk_get_bootdev() function. Include /lib/upgrade/fit.sh
instead of /lib/upgrade/common.sh to allow removing the function there.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Move shell functions used for sysupgrade into /lib/upgrade/fit.sh.
Introduce improved fitblk boot device detection function which
works also in case ubiblock devices have not yet been created or
even UBI itself not yet being attached.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The target was marked source-only due do the broken Ethernet port on
some devices. With that fixed, it can be enabled again.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
The new cpsw-switch driver reserves VLAN 1 for internal use, which
conflicts with the default network configuration of OpenWrt.
Switch back to the older cpsw driver to make the network connection on
the affected devices (BeagleBone Black and AM335x EVM) usable again.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Initramfs images are not supported by imagebuilder. With recent changes
to support Per Device Rootfs, we now generate an image and a vmlinux for
each Rootfs and these additional files are all shipped in the
imagebuilder tar.
Drop these new file and any vmlinux-initramfs as they are not used and
increase the final size of the imagebuilder archive.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This fixes multiple security problems:
* [Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls.
* [Medium] CVE-2024-5288
A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations.
* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS.
* [Low] CVE-2024-5991
In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.
* [Medium] CVE-2024-5814
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection.
* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received.
* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt.
Unset DISABLE_NLS to prevent setting the unsupported configuration
option --disable-nls which breaks the build now.
Link: https://github.com/openwrt/openwrt/pull/15948
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The eMMC chip used in a small batch of these devices has issues operating
in HS400 mode. Reducing to HS200 mode works around the problem and does
not cause any noticeable performance penalties as smaller chips are not fast
enough to saturate the bus. Root cause analysis is pending.
Signed-off-by: Chad Monroe <chad@monroe.io>
408c2cc libfstools: skip JFFS2 padding when BLOCKSIZE was given
013050f fstools: remove redundant F2FS_MINSIZE definition
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add entry for the BananaPi R3 mini to the platform_check_image()
function where it has been missing.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
There is no point in hard-coding the UBI volume numbers as we are
dynamically looking up the volume by volume name in all cases by now.
Remove this relict as it causes problems without being useful for
anything.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1. Rename function _do_env_set() to env_do_env_set().
2. Replace kwbimage hack with UBOOT_CUSTOMIZE_CONFIG:
"--disable TOOLS_KWBIMAGE" and "--disable TOOLS_LIBCRYPTO".
3. Disable CONFIG_CMD_BOOTEFI_BOOTMGR for all supported devices
because the newly added UEFI bootmenu entries doesn't work.
4. Enable CONFIG_VERSION_VARIABLE for the OpenWrt One.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
73644a036f5a nl80211: move access to tb array out of uc_nl_convert_attr and below
6e3cf83a77a7 nl80211: add support for multi-attribute arrays
6ff24d5488a9 nl80211: update nl80211.h to latest wireless-next
abc2aef28641 nl80211: add wiphy multi-radio support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Brings lots of driver updates and API changes needed for mt76 updates.
Disable iwlwifi and ath11k on 5.15, since backport is too difficult,
and the only remaining targets won't need those drivers.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
There is no reason not to wire up the default netdev trigger for the SFP
LED since we have a separate SFP interface visible.
Link: https://github.com/openwrt/openwrt/pull/15927
Signed-off-by: Robert Marko <robimarko@gmail.com>
Since we are trying to get rid of using labels, lets convert RB5009 to the
function/color combo.
Link: https://github.com/openwrt/openwrt/pull/15927
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, QCA8081 LED is never configured and the default configuration
has the LED polarity inverted so it will be lit when there is nothing
connected to the PHY.
So lets define the LED as active-low and configure the trigger via 01_leds.
Fixes: 85d9fd6f0e ("mvebu: add support for RB5009UG+S+IN")
Link: https://github.com/openwrt/openwrt/pull/15927
Signed-off-by: Robert Marko <robimarko@gmail.com>
stop "heartbeat" which happens before OpenWrt controls LED. instead,
just turn LED on.
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15913
Signed-off-by: Robert Marko <robimarko@gmail.com>