Similar to wireguard, vxlan can configure multiple peers or add specific
entries to the fdb for a single mac address.
While you can still use peeraddr/peer6addr option within the proto
vxlan/vxlan6 section to not break existing configurations, this patch
allows to add multiple sections that conigure fdb entries via the bridge
command. As such, the bridge command is now a dependency of the vxlan
package. (To be honest without the bridge command available, vxlan isn't
very much fun to use or debug at all)
Field names are taken direclty from the bridge command.
Example with all supported parameters, since this hasn't been documented so
far:
config interface 'vx0'
option proto 'vxlan6' # use vxlan over ipv6
# main options
option ip6addr '2001:db8::1' # listen address
option tunlink 'wan6' # optional if listen address given
option peer6addr '2001:db8::2' # now optional
option port '8472' # this is the standard port under linux
option vid '42' # VXLAN Network Identifier to use
option mtu '1430' # vxlan6 has 70 bytes overhead
# extra options
option rxcsum '0' # allow receiving packets without checksum
option txcsum '0' # send packets without checksum
option ttl '16' # specifies the TTL value for outgoing packets
option tos '0' # specifies the TOS value for outgoing packets
option macaddr '11:22:33:44:55:66' # optional, manually specify mac
# default is a random address
Single peer with head-end replication. Corresponds to the following call
to bridge:
$ bridge fdb append 00:00:00:00:00:00 dev vx0 dst 2001:db8::3
config vxlan_peer
option vxlan 'vx0'
option dst '2001:db8::3' # always required
For multiple peers, this section can be repeated for each dst address.
It's possible to specify a multicast address as destination. Useful when
multicast routing is available or within one lan segment:
config vxlan_peer
option vxlan 'vx0'
option dst 'ff02::1337' # multicast group to join.
# all bum traffic will be send there
option via 'eth1' # for multicast, an outgoing interface needs
# to be specified
All available peer options for completeness:
config vxlan_peer
option vxlan 'vx0' # the interface to configure
option lladdr 'aa:bb:cc:dd:ee:ff' # specific mac,
option dst '2001:db8::4' # connected to this peer
option via 'eth0.1' # use this interface only
option port '4789' # use different port for this peer
option vni '23' # override vni for this peer
option src_vni '123' # see man 3 bridge
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
vxlan can be configured without a peer address. This is used to prepare
an interface and add peers later.
Fixes: FS#2743
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
Acked-by: Matthias Schiffer <mschiffer@universe-factory.net>
This adds new strings to the support list for the TP-Link CPE210 v3
that are supposed to work with the existing setup.
Without it, the factory image won't be accepted by the vendor UI on
these newer revisions.
Tested on a CPE210 v3.20 (EU).
Ref: https://forum.openwrt.org/t/build-for-cpe210-v3-20/68000
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This fixes a nasty problem introduced in 2.81 which causes random
crashes on systems where there's significant DNS activity over TCP. It
also fixes DNSSEC validation problems with zero-TTL DNSKEY and DS
records.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Further complete OCI container support in ujail:
f5f305e jail: move /tmp/resolv.conf.d to /dev/resolv.conf.d
6f078ae jail: add support for defining devices
686cf7a jail: actually apply filesystem-specific mount options
f91009a jail: refactor default mounts into new structure
66ae2d9 jail: re-implement /proc/sys/net read-write in netns hack
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Pressing the 'WLAN' button should enable/disable wireless activity.
Currently, the button is mapped to the KEY_WLAN, which will not
have this effect.
This patch changes the mapping of the WLAN button, so a button
press will emit an action for the 'rfkill' key instead of 'wlan'.
Apparently, this is what stock OpenWRT expects.
This fix is analogous to the preceding patch for Fritzbox 3370.
Signed-off-by: Dustin Gathmann <dzsoftware@posteo.org>
The WLAN button actions are reversed, i.e. pressing the button emits a
'released' action, and vice versa.
This can easily be checked by adding
logger -t button_action "$BUTTON $ACTION"
as the second line of /etc/rc.button/rfkill, and using logread to read
the events (assuming the preceding patch has been applied).
Defining the GPIO as ACTIVE_LOW corrects this behavior.
Signed-off-by: Dustin Gathmann <dzsoftware@posteo.org>
Pressing the 'WLAN' button should enable/disable wireless activity.
However, on the Fritzbox 3370 this doesn't have an effect.
This patch changes the mapping of the physical WLAN button, so a button
press will emit an action for the 'rfkill' key instead of 'wlan'.
Apparently, this is what stock OpenWRT expects, and also what is
implemented for most other devices.
Signed-off-by: Dustin Gathmann <dzsoftware@posteo.org>
9eddf0f jail: fix hooks
1b1286b jail: parse and apply OCI sysctl values
c049047 jail: implement OCI user additionalGIDs
0e1920c jail: read and apply umask from OCI if defined
1c46cc3 jail: parse and apply POSIX rlimits
76adac5 jail: /proc/$pid/oom_score_adj to OCI defined oomScoreAdj
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The config partition was missing from the flash layout of the device.
Although the stock firmware resets a corrupted config partition to the
default values, the TFTP flash with an image bigger than 0x3d0000 will
truncate the image as the bootloader only copies 0x3d0000 bytes to flash
during TFTP flashing.
Fixed by adding the config partition and shrinking the firmware
partition.
Fixes: 3fd97c522b ("ramips: add support for TP-Link TL-WR841n v14")
Signed-off-by: Alexander Müller <donothingloop@gmail.com>
The factory partition on this device is only 64k in size, so having
mediatek,mtd-eeprom = <&factory 0x10000> would place the EEPROM data
after the end of the flash. As can be verified against the TP-Link
GPL sources, which contain the EEPROM data as binary blob, the actual
address for the EEPROM data is 0x0.
Since 0x0 is default for MT7628, the incorrect line is just removed.
This error is the reason for the abysmal Wifi performance that people
are complaining about for the WR841Nv14.
Fixes: 3fd97c522b ("ramips: add support for TP-Link TL-WR841n v14")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Don't create UCI switch config for the GL.iNet microuter-N300 and
VIXMINI. These devices only have a single LAN port.
Creating the switch config makes usage of VLANs more complicated,
as they would have to be configured on the MAC as well as the "switch".
Signed-off-by: David Bauer <mail@david-bauer.net>
8d5208f jail: fix false return in case of nofail mount
b41f76b procd: fix compile if procd-ujail is not selected
86a5105 jail: fs: fix build on uClibc-ng
bfce7d1 jail: fix some more mount options
268126a jail: add support for maskedPaths and readonlyPaths
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Split the /etc/uci-defaults/01_led_migration scripts into subtargets
as already done for most of the other base-files.
While this introduces a minor amount of code duplication, it still
is considered an improvement, as device-specific settings are kept
together in the subtargets' base-files and the script at hand can be
removed entirely for two of the subtargets not needing it.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This file is always present because it is part of the ltq-dsl-base
package on which these packages depend.
This check would not have been necessary in the past, because the script
was part of the TARGET_LANTIQ on which these packages also depend.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
It does not make sense to install this components on lantiq systems
where the dsl subsystem is not needed/used.
This also makes it possible to use the files also on other targets.
(hopefully ipq401x / FritzBox 7530 in the near future)
Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
For mt7621, console is set up via DTS bootargs individually in
device DTS/DTSI files. However, 44 of 74 statements use the
following setting:
chosen {
bootargs = "console=ttyS0,57600";
};
Therefore, don't repeat ourselves and move that definition to the SoC
DTSI file to serve as a default value.
This patch is cosmetic.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
update_kernel.sh refreshed all patches, no human interaction was needed
Build system: x86_64
Run-tested: Netgear R7800 (ipq806x)
Signed-off-by: John Audia <graysky@archlinux.us>
The last commit to this package that added the pkgconfig file did not
fix the paths to point to the prefix.
This allows packages to find lzo properly.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The Helios 4 is a NAS from Kobol
that is powered by an Armada 38x
MicroSOM from Solidrun, similarly
to Clearfog.
This device has:
-Armada 38x CPU
(dual core ARMv7 1.6 Ghz)
-2 GB of ECC RAM
-Gigabit ethernet (Marvell)
-2x USB 3.0 ports
-4x Sata 3.0 ports
-i2c header (J9 |>GND|SDA|SCL|VCC)
-2x 3-pin fan headers with PWM
-micro-usb port is a TTL/UART to
USB converter connected to TTL
-MicroSD card slot
-System, 4xSata and 1xUSB LEDs
NOT WORKING: fan control
Fan Control requires a kernel patch
that is available in the Armbian
project (the "default firmware"
of this device) and named
mvebu-gpio-remove-hardcoded
-timer-assignment
This patch isn't acceptable
by OpenWrt, it should be upstreamed.
I also have that patch in my own
local OpenWrt builds,
in case you want a more
clean and less confusing patch
for upstreaming.
To install, write the disk image
on a micro SD card with dd or
win32 disk imager, insert the
card in the slot.
Check that the dip switch battery
for boot selection is as follows
Switch 1 and 2 down/off, switches
3, 4, 5 up/on.
Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
This patch adds support for D-Link DIR-867 A1 and D-Link DIR-882 A1. Given
the similarity of these devices, this patch also introduces a common DTS
shared between DIR-867 A1, DIR-878 A1 and DIR-882 A1.
Specifications:
* Board: AP-MTKH7-0002
* SoC: MediaTek MT7621AT
* RAM: 128 MB (DDR3)
* Flash: 16 MB (SPI NOR)
* WiFi: MediaTek MT7615N (x2)
* Switch: 1 WAN, 4 LAN (Gigabit)
* Ports: 1 USB 2.0, 1 USB 3.0
* Buttons: Reset, WiFi Toggle, WPS
* LEDs: Power (green/orange), Internet (green/orange), WiFi 2.4G (green),
WiFi 5G (green), USB 2.0 (green), USB 3.0 (green)
Notes:
* WiFi 2.4G and WiFi 5G LEDs are wired directly to the wireless chips
* DIR-867 wireless chips are limited to 3x3 streams at hardware level
* USB ports and related LEDs available only on DIR-882
Serial port:
* Parameters: 57600, 8N1
* Location: J1 header (close to the Reset, WiFi and WPS buttons)
* Pinout: 1 - VCC
2 - RXD
3 - TXD
4 - GND
Installation:
* D-Link Recovery GUI: power down the router, press and hold the reset
button, then re-plug it. Keep the reset button pressed until the power
LED starts flashing orange, manually assign a static IP address under
the 192.168.0.xxx subnet (e.g. 192.168.0.2) and go to http://192.168.0.1
* Some modern browsers may have problems flashing via the Recovery GUI,
if that occurs consider uploading the firmware through cURL:
curl -v -i -F "firmware=@file.bin" 192.168.0.1
Signed-off-by: Mateus B. Cassiano <mbc07@live.com>
[move DEVICE_VARIANT to individual definitions]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Specifications:
* SoC: MediaTek MT7621A (880 MHz 2c/4t)
* RAM: Nanya NT5CC128M16IP-DIT (256M DDR3-1600)
* Flash: Macronix MX30LF1G18AC-TI (128M NAND)
* Eth: MediaTek MT7621A (10/100/1000 Mbps x5)
* Radio: MT7615N (2.4 GHz & 5 GHz)
4 antennae: 1 internal and 3 non-deatachable
* USB: 3.0 (x1)
* LEDs:
White (x1 logo)
Green (x6 eth + wps)
Orange (x5, hardware-bound)
* Buttons:
Reset (x1)
WPS (x1)
Everything works! Been running it for a couple weeks now and haven't had
any problems. Please let me know if you run into any.
Installation:
Flash factory image through GUI.
This might fail due to the A/B nature of this device. When flashing, OEM
firmware writes over the non-booted partition. If booted from 'A',
flashing over 'B' won't work. To get around this, you should flash the
OEM image over itself. This will then boot the router from 'B' and
allow you to flash OpenWRT without problems.
Reverting to factory firmware:
Hard-reset the router three times to force it to boot from 'B.' This is
where the stock firmware resides. To remove any traces of OpenWRT from
your router simply flash the OEM image at this point.
Signed-off-by: Santiago Rodriguez-Papa <contact@rodsan.dev>
[use v1 only, minor DTS adjustments, use LINKSYS_HWNAME and add it to
DEVICE_VARS, wrap DEVICE_PACKAGES, adjust commit message/title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Add a common definition for ELECOM WRC "GS" devices to mt7621.mk
to not repeat the same assignments five times.
To keep the naming consistent, slightly rename the DTSI and the
factory image recipe as well.
Note that elecom_wrc-1167ghbk2-s uses a slightly different build
recipe for the factory image, so we keep it separate.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: INAGAKI Hiroshi <musashino.open@gmail.com> [WRC-1750GSV]
This harmonizes the model names for the ath79 Ubiquiti devices by
applying a few minor cosmetic adjustments:
- Removes hyphens where they are not found in the product names
(Ubiquiti uses hyphens only for the abbreviated version names
like UAP-AC-PRO which we don't use anyway.)
- Add (XM) suffix for DTS model strings to help with distinguishing
them from their XW counterparts.
- Remove DEVICE_VARIANT for LAP-120 which actually was an alternate
device name.
- Generally make DTS model names and those from generic-ubnt.mk
more consistent.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
In the package guidelines, PKG_VERSION is supposed to be used as
"The upstream version number that we're downloading", while
PKG_RELEASE is referred to as "The version of this package Makefile".
Thus, the variables in a strict interpretation provide a clear
distinction between "their" (upstream) version in PKG_VERSION and
"our" (local OpenWrt trunk) version in PKG_RELEASE.
For local (OpenWrt-only) packages, this implies that those will only
need PKG_RELEASE defined, while PKG_VERSION does not apply following
a strict interpretation. While the majority of "our" packages actually
follow that scheme, there are also some that mix both variables or
have one of them defined but keep them at "1".
This is misleading and confusing, which can be observed by the fact
that there typically either one of the variables is never bumped or
the choice of the variable to increase depends on the person doing the
change.
Consequently, this patch aims at clarifying the situation by
consistently using only PKG_RELEASE for "our" packages. To achieve
that, PKG_VERSION is removed there, bumping PKG_RELEASE where
necessary to ensure the resulting package version string is bigger
than before.
During adjustment, one has to make sure that the new resulting composite
package version will not be considered "older" than the previous one.
A useful tool for evaluating that is 'opkg compare-versions'. In
principle, there are the following cases:
1. Sole PKG_VERSION replaced by sole PKG_RELEASE:
In this case, the resulting version string does not change, it's
just the value of the variable put in the file. Consequently, we
do not bump the number in these cases so nobody is tempted to
install the same package again.
2. PKG_VERSION and PKG_RELEASE replaced by sole PKG_RELEASE:
In this case, the resulting version string has been "version-release",
e.g. 1-3 or 1.0-3. For this case, the new PKG_RELEASE will just
need to be higher than the previous PKG_VERSION.
For the cases where PKG_VERSION has always sticked to "1", and
PKG_RELEASE has been incremented, we take the most recent value of
PKG_RELEASE.
Apart from that, a few packages appear to have developed their own
complex versioning scheme, e.g. using x.y.z number for PKG_VERSION
_and_ a PKG_RELEASE (qos-scripts) or using dates for PKG_VERSION
(adb-enablemodem, wwan). I didn't touch these few in this patch.
Cc: Hans Dedecker <dedeckeh@gmail.com>
Cc: Felix Fietkau <nbd@nbd.name>
Cc: Andre Valentin <avalentin@marcant.net>
Cc: Matthias Schiffer <mschiffer@universe-factory.net>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Steven Barth <steven@midlink.org>
Cc: Daniel Golle <dgolle@allnet.de>
Cc: John Crispin <john@phrozen.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Bumping package version has been overlooked in a previous commit.
While at it, use PKG_RELEASE instead of PKG_VERSION, as the latter
is meant for upstream version number only.
(The effective version string for the package would be "3" in both
cases, so there is no harm done for version comparison.)
Fixes: 0453c3866f ("vxlan: fix udp checksum control")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This adds support for the Ubiquiti PowerBridge M, which has the same
board/LEDs as the Bullet M XM, but different case and antennas.
Specifications:
- AR7241 SoC @ 400 MHz
- 64 MB RAM
- 8 MB SPI flash
- 1x 10/100 Mbps Ethernet, 24 Vdc PoE-in
- Internal antenna: 25 dBi
- POWER/LAN green LEDs
- 4x RSSI LEDs (red, orange, green, green)
- UART (115200 8N1) on PCB
Flashing via WebUI:
Upload the factory image via the stock firmware web UI.
Attention: airOS firmware versions >= 5.6 have a new bootloader with
an incompatible partition table!
Please downgrade to <= 5.5 _before_ flashing OpenWrt!
Refer to the device's Wiki page for further information.
Flashing via TFTP:
Same procedure as other Bullet M (XM) boards.
- Use a pointy tool (e.g., pen cap, paper clip) and keep the reset
button on the device or on the PoE supply pressed
- Power on the device via PoE (keep reset button pressed)
- Keep pressing until LEDs flash alternatively LED1+LED3 =>
LED2+LED4 => LED1+LED3, etc.
- Release reset button
- The device starts a TFTP server at 192.168.1.20
- Set a static IP on the computer (e.g., 192.168.1.21/24)
- Upload via tftp the factory image:
$ tftp 192.168.1.20
tftp> bin
tftp> trace
tftp> put openwrt-ath79-generic-xxxxx-ubnt_powerbridge-m-squashfs-factory.bin
Signed-off-by: Vieno Hakkerinen <vieno@hakkerinen.eu>
So far, passing "rxcsum" and "txcsum" had no effect.
Fixes: 95ab18e012 ("vxlan: add options to enable and disable UDP
checksums")
Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
[add Fixes:]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Feature detection doesn't recognize ipset v7 use on kernel v5.x systems
and thus disables the tc ematch function em_ipset.
- backport patch:
* 002-configure-support-ipset-v7.patch:
650591a7a70c configure: support ipset version 7 with kernel version 5
Fixes: 4e0c54bc5b ("kernel: add support for kernel 5.4")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Recent iproute2 5.x versions modified the symbols resolved for plugins,
causing "tc .. action xt .." to fail. Update the list of symbols to fix.
Fixes: b61495409b ("iproute2: tc: reduce size of dynamic symbol table")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
As the the SoC uses implicit vlan tagging for dual MAC support, the
offload feature breaks when using double tagging.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: John Crispin <john@phrozen.org>
Having looked at this again, it appears that only gsbi2_serial
is actually enabled for this device, so the entry in the broken
aliases node was correct.
Therefore, this needs to set its own serial0 instead of inheriting
"serial0 = &gsbi4_serial;" from DTSI. Do this with the correctly
named aliases node now.
Fixes: c83f7b6d21 ("ipq806x: fix aliases node name for Qualcomm
IPQ8064/DB149")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Kernel uses the label gsbiX_serial, so let's adjust our labels to
this naming scheme.
This is cosmetic, and actually only already existing gsbi4_serial
has been used at all.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This device uses a node incorrectly named "alias" instead of
"aliases" since it was introduced.
Remove it without replacement, as the definitions in it don't
seem to be required anyway:
The serial0 definition has never been effective anyway and this
would be the only device deviating from the common setting
"serial0 = &gsbi4_serial;" for ipq8064. (So, maybe the wrong
node prevented us from finding out about the wrong serial
definition?)
The mdio-gpio0 alias was supposed to be removed in d2a2eb7e48
anyway, the redundant definition in the alias node was just
overlooked back then.
Fixes: 0fd202f3e5 ("ipq806x: add db149 dts files")
Fixes: d2a2eb7e48 ("ipq806x: replace caf nss-gmac driver by upstream stmmac")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Optional instance watchdog timeout and watchdog mode can be set by
adding: procd_set_param $mode $timeout
$mode is an integer [0-1] representing instance watchdog mode of
operation:
0 = disabled
1 = passive mode, client must periodically poke watchdog via ubus
$timeout is an integer representing how often, in seconds, the watchdog must be poked.
Signed-off-by: Daniel Bailey <danielb@meshplusplus.com>
Since commit 6f2e1b7485 (ath79: disable delays on AT803X config init)
the incoming incoming traffic on the ubnt,lap-120 devices Ethernet
port was not making it through. Using rgmii-id instead of rgmii (same
configuration as ubnt,litebeam-ac-gen2) fixes it.
Fixes FS#2893.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
The f-string feature was introduced in Python 3.6. As Buildbots may run
on Debian 9, which comes per default with Python 3.5, this would cause
an issue. Instead of f-strings use the *legacy* `.format()` function.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Specifications:
SoC: MT7621AT
RAM: 128MB
Flash: 16MB NOR SPI flash
WiFi: MT7615N (2.4GHz) and MT7615N (5Ghz)
LAN: 5x1000M
Firmware layout is Uboot with extra 96 bytes in header
Base PCB is AP-MTKH7-0002
LEDs Power Green,Power Orange,Internet Green,Internet Orange
LEDs "2.4G" Green & "5G" Green connected directly to wifi module
Buttons Reset,WPS,WIFI
Flashing instructions:
Upload image via emergency recovery mode
Push and hold reset button (on the back of the device) until power led
starts flashing (about 10 secs or so) while powering the device on.
Give it ~30 seconds, to boot the recovery mode GUI
Connect your client computer to LAN1 of the device
Set your client IP address manually to 192.168.0.2 / 255.255.255.0.
Call the recovery page for the device at http://192.168.0.1
Use the provided emergency web GUI to upload and flash a new firmware to
the device. Some browsers/OS combinations are known not to work, so if
you don't see the percentage complete displayed and moving within a few
seconds, restart the procedure from scratch and try anoher one,
or try the command line way.
Alternative method using command line on Linux:
curl -v -i -F "firmware=@openwrt-xxxx-squashfs-factory.bin" 192.168.0.1
Signed-off-by: Mathieu Martin-Borret <mathieu.mb@protonmail.com>
[use of generic uimage-padhdr in image generation code]
Signed-off-by: Petr Štetiar <ynezz@true.cz>