Do not use find_vpid(), but get_task_pid() to get the pid from
pThrCntrl->tid. This is now a ponter to struct task_struct instead of
an integer.
This fixes the build of ltq-tapi with lantiq/xway.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not include asm/irq.h directly, but include linux/interrupt.h instead.
This fixes the build of ltq-tapi with lantiq/xway.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This backports a commit which fixes a use after free bug in awk.
CVE-2022-30065 description:
A use-after-free in Busybox 1.35-x's awk applet leads to denial of
service and possibly code execution when processing a crafted awk
pattern in the copyvar function.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This backports a commit from upstream dnsmasq to fix CVE-2022-0934.
CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In a254279a6c LS1012A-IOT kernel image was switched to FIT.
But u-boot config is lack of FIT and ext4 support.
This patch enables it.
It also fix envs, because for some reason this board need to use "loadaddr"
variable in brackets.
Fixes: #9894
Fixes: a254279a6c ("layerscape: Change to combined rootfs on sd images")
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
In my commit da5c45f4d8 ("kernel: remove handling of xfrm[4|6]_mode_*
modules") I missed a few default config options and description entries.
Those should be gone as well.
Fixes: da5c45f4d8 ("kernel: remove handling of xfrm[4|6]_mode_* modules")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
[Adam Joseph]
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
[Paul Dale]
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
[Matt Caswell]
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
[Todd Short]
*) Added the loongarch64 target
[Shi Pujin]
*) Fixed a DRBG seed propagation thread safety issue
[Bernd Edlinger]
*) Fixed a memory leak in tls13_generate_secret
[Bernd Edlinger]
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
[Bernd Edlinger]
*) Added a missing header for memcmp that caused compilation failure on some
platforms
[Gregor Jasny]
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
Calling /etc/init.d/uhttpd reload directly in the acme hotplug script
can inadvertently start a stopped instance.
Signed-off-by: Glen Huang <i@glenhuang.com>
This is necessary with firewall4 to avoid a hard-to-diagnose race
condition during boot, causing DNAT rules not to be taken into account
correctly.
The root cause is that, during boot, the ruleset is mostly empty, and
interface-related rules (including DNAT rules) are added incrementally.
If a packet hits the input chain before the DNAT rules are setup, it can
create buggy conntrack entries that will persist indefinitely.
This new default should be safe because firewall4 explicitly accepts
authorized traffic and rejects the rest. Thus, in normal operations, the
default policy is not used.
Fixes: #10749
Ref: https://github.com/openwrt/openwrt/issues/10749
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
The sector number must be stored in hex. Otherwise, the number (like 16)
will be parsed as hex and any write to the partition will end up with an
error like:
MTD erase error on /dev/mtd5: Invalid argument
Fixes: 9adfeccd84 ("uboot-envtools: Add support for IPQ806x AP148 and DB149")
Fixes: 54b275c8ed ("ipq40xx: add target")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@fungible.com>
Add a package for drm_ttm_helper.ko. CONFIG_DRM_TTM_HELPER is compiled
into the kernel on armvirt/64, x86/64, x86/generic and x86/legacy
because also some DRM drivers are compiled into the kernel. On x86/geode
it is not compiled into the kernel, but kmod-drm-amdgpu and
kmod-drm-radeon depend on it.
This fixes the x86/geode build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
For kernel versions before 5.2, the required IPsec modes have to be
enabled explicitly (they are built-in for newer kernels).
Commit 1556ed155a ("kernel: mode_beet mode_transport mode_tunnel xfram
modules") tried to handle this, but it does not really work.
Since we don't support these kernel versions anymore and the code is
also broken, let's remove it.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Remove old generic config options too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
a92c0a7 dhcpv6-ia: make tmp lease file hidden
4a673e1 fix null pointer dereference for INFORM messages
860ca90 odhcpd: Support for Option NTP and SNTP
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The kernel module gpio-mcp23s08 has been replaced by the new
pinctrl-mcp23s08* kernel modules.
There are now 3 kernel modules for this device
- Common module for both I2C and SPI kmod-pinctrl-mcp23s08
- Module for I2C kmod-pinctrl-mcp23s08-i2c
- Module for SPI kmod-pinctrl-mcp23s08-spi
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Adding a new method to `ubus call dsl` to retrieve DSL statistics
used to feed the DSL charts (bit allocation, SNR, QLN and HLOG)
Signed-off-by: Roland Barenbrug <roland@treslong.com>
[fix pointer error, clean up]
Signed-off-by: Andre Heider <a.heider@gmail.com>
DSL_G997_LineStatusData_t defines special invalid values, skip these
metrics.
Signed-off-by: Roland Barenbrug <roland@treslong.com>
[split patch]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Add support for the Linksys EA4500 v3 wireless router
Hardware
--------
SoC: Qualcomm Atheros QCA9558
RAM: 128M DDR2 (Winbond W971GG6KB-25)
FLASH: 128M SPI-NAND (Spansion S34ML01G100TFI00)
WLAN: QCA9558 3T3R 802.11 bgn
QCA9580 3T3R 802.11 an
ETH: Qualcomm Atheros QCA8337
UART: 115200 8n1, same as ea4500 v2
USB: 1 single USB 2.0 host port
BUTTON: Reset - WPS
LED: 1x system-LED
LEDs besides the ethernet ports are controlled
by the ethernet switch
MAC Address:
use address(sample 1) source
label 94:10:3e:xx:xx:6f caldata@cal_macaddr
lan 94:10:3e:xx:xx:6f $label
wan 94:10:3e:xx:xx:6f $label
WiFi4_2G 94:10:3e:xx:xx:70 caldata@cal_ath9k_soc
WiFi4_5G 94:10:3e:xx:xx:71 caldata@cal_ath9k_pci
Installation from Serial Console
------------
1. Connect to the serial console. Power up the device and interrupt
autoboot when prompted
2. Connect a TFTP server reachable at 192.168.1.0/24
(e.g. 192.168.1.66) to the ethernet port. Serve the OpenWrt
initramfs image as "openwrt.bin"
3. To test OpenWrt only, go to step 4 and never execute step 5;
To install, auto_recovery should be disabled first, and boot_part
should be set to 1 if its current value is not.
ath> setenv auto_recovery no
ath> setenv boot_part 1
ath> saveenv
4. Boot the initramfs image using U-Boot
ath> setenv serverip 192.168.1.66
ath> tftpboot 0x84000000 openwrt.bin
ath> bootm
5. Copy the OpenWrt sysupgrade image to the device using scp and
install it like a normal upgrade (with no need to keeping config
since no config from "previous OpenWRT installation" could be kept
at all)
# sysupgrade -n /path/to/openwrt/sysupgrade.bin
Note: Like many other routers produced by Linksys, it has a dual
firmware flash layout, but because I do not know how to handle
it, I decide to disable it for more usable space. (That is why
the "auto_recovery" above should be disabled before installing
OpenWRT.) If someone is interested in generating factory
firmware image capable to flash from stock firmware, as well as
restoring the dual firmware layout, commented-out layout for the
original secondary partitions left in the device tree may be a
useful hint.
Installation from Web Interface
------------
1. Login to the router via its web interface (default password: admin)
2. Find the firmware update interface under "Connectivity/Basic"
3. Choose the OpenWrt factory image and click "Start"
4. If the router still boots into the stock firmware, it means that
the OpenWrt factory image has been installed to the secondary
partitions and failed to boot (since OpenWrt on EA4500 v3 does not
support dual boot yet), and the router switched back to the stock
firmware on the primary partitions. You have to install a stock
firmware (e.g. 3.1.6.172023, downloadable from
https://www.linksys.com/support-article?articleNum=148385 ) first
(to the secondary partitions) , and after that, install OpenWrt
factory image (to the primary partitions). After successful
installation of OpenWrt, auto_recovery will be automatically
disabled and router will only boot from the primary partitions.
Signed-off-by: Edward Chow <equu@openmail.cc>
Several Broadcom targets were using the nand_do_upgrade_success
shell function which has been removed by commit e25e6d8e54
("base-files: fix and clean up nand sysupgrade code"). Refactor the
new nand_do_upgrade to bring back nand_do_upgrade_success with the
behavior expected by those users.
Fixes: e25e6d8e54 ("base-files: fix and clean up nand sysupgrade code")
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hardware specification:
SoC: MediaTek MT7986A 4x A53
Flash: ESMT F50L1G41LB 128 MB
RAM: K4A4G165WF-BCWE 512 MB
Ethernet: 4x 10/100/1000 Mbps
WiFi1: MT7976GN 2.4GHz ax 4x4
WiFi2: MT7976AN 5GHz ax 4x4
Button: Mesh, Reset
Flash instructions:
1. Gain ssh and serial port access, see the link below:
https://openwrt.org/toh/xiaomi/redmi_ax6000#installation
2. Use ssh or serial port to log in to the router, and
execute the following command:
nvram set boot_wait=on
nvram set flag_boot_rootfs=0
nvram set flag_boot_success=1
nvram set flag_last_success=1
nvram set flag_try_sys1_failed=8
nvram set flag_try_sys2_failed=8
nvram commit
3. Set a static ip on the ethernet interface of your computer
(e.g. default: ip 192.168.31.100, gateway 192.168.31.1)
4. Download the initramfs image, rename it to initramfs.bin,
and host it with the tftp server.
5. Interrupt U-Boot and run these commands:
setenv mtdparts nmbm0:1024k(bl2),256k(Nvram),256k(Bdata),2048k(factory),2048k(fip),256k(crash),256k(crash_log),112640k(ubi)
saveenv
tftpboot initramfs.bin
bootm
6. After openwrt boots up, use scp or luci web
to upload sysupgrade.bin to upgrade.
Revert to stock firmware:
Restore mtdparts back to default, then use the
vendor's recovery tool (Windows only).
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
When firmware images only contained compressed kernels and squashfs roots,
uncompressed tar files were a good option. We are now using UBIFS images,
both raw and tarred, as well as ubinized (full UBI partition) images, all
of which benefit greatly from compression.
For example, a raw ubinized backup taken from a running Askey RT4230W REV6
(such full backups can be restored via the LUCI's sysupgrade UI) is over
400 MB, but compresses to less than 10 MB.
This commit adds support for gzipped versions of all file types already
accepted by the nand sysupgrade mechanism, be them raw or tarred.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
It has been reported that ubinized nand sysupgrade fails under certain
circumstances, being unable to detach the existing ubi partition due to
volumes within the partition being mounted.
This is an attempt to solve such issues by unmounting and removing
ubiblock devices and unmounting ubi volumes within the target partition
prior to detaching and formatting it.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
- Never return from 'nand_do_upgrade', not even in case of errors, as that
would cause execution of sysupgrade code not intended for NAND devices.
- Unify handling of sysupgrade success and failure.
- Detect and report more error conditions.
- Fix outdated/incorrect/unclear comments.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Commit e8b5429609 included an unintended change and we now call
scan_wifi before a network reload.
Restore the original behaviour and call scan_wifi only after a network
reload.
Fixes: e8b5429609 ("base-files: wifi: tidy up the reconf code")
Signed-off-by: Bob Cantor <bobc@confidesk.com>
Commit b82cc80713 included an unintended change and we now call
scan_wifi before a network reload.
Restore the original behaviour and call scan_wifi only after a network
reload.
Fixes: b82cc80713 ("base-files: wifi: swap the order of some ubus calls")
Signed-off-by: Bob Cantor <bobc@confidesk.com>
CONFIG_MAC80211_MESH isn't defined for this package, rendering the patch
useless. Match protecting the access of sta_info.mesh with the very same
define declaring it.
Fixes 45109f69a6 "mac80211: fix compile error when mesh is disabled"
Signed-off-by: Andre Heider <a.heider@gmail.com>
This updates mac80211 to version 5.15.74-1 which is based on kernel
5.15.74.
The removed patches were applied upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes:
084911c Release libbsd 0.11.7
3538d38 man: Discourage using the library in non-overlay mode
03fccd1 include: Adjust reallocarray() per glibc adoption
6b6e686 include: Adjust arc4random() per glibc adoption
da1f45a include: explicit_bzero() requires _DEFAULT_SOURCE
2f9eddc include: Simplify glibc version dependent macro handling
28298ac doc: Switch references from pkg-config to pkgconf
ef981f9 doc: Add missing empty line to separate README sections
6928d78 doc: Refer to the main git repository as primary
d586575 test: Fix explicit_bzero() test on the Hurd
be327c6 fgetwln: Add comment about lack of getwline(3) for recommendation
a14612d setmode: Dot not use saveset after free
f4baceb man: Rewrite gerprogname(3bsd) from scratch
f35c545 man: Lowercase man page title
b466b14 man: Document that some arc4random(3) functions are now in glibc 2.36
1f6a48b Sync arc4random(3) implementation from OpenBSD
873639e Fix ELF support for big endian SH
c9c78fd man: Use -compact also for alternative functions in libbsd(7)
5f21307 getentropy: Fix function cast for getauxval()
Signed-off-by: Nick Hainke <vincent@systemli.org>
struct of_device_id is not implicitly included anymore. Include
<linux/mod_devicetable.h> to fix compilation on Linux 5.15.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
MODULE_SUPPORTED_DEVICE is gone after Linux 5.15. Drop it's usage on
newer kernels to fix compilation with Linux 5.15.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
The result of copy_to_user() now has to be checked explicitly. Also
MODULE_SUPPORTED_DEVICE is gone after Linux 5.10.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
MODULE_SUPPORTED_DEVICE was removed after Linux 5.10. Drop it from the
driver as well.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
struct of_device_id is not implicitly included anymore. Include
<linux/mod_devicetable.h> to fix compilation on Linux 5.15.
Also upstream commit a24d22b225ce15 ("crypto: sha - split sha.h into
sha1.h and sha2.h") from Linux 5.11 moves functionality from sha.h to
sha1.h.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
set_fs is no longer supported since kernel 5.13 for mips.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Support was added as variant of 7530 (DEVICE_ALT0_*) in:
cb6f4be1 "ipq40xx: add support for FRITZ!Box 7520"
u-boot has a distinct config for it [0], built it.
[0] https://github.com/chunkeey/FritzBox-4040-UBOOT/pull/6
Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The of_mmc_spi.o resource is provider agnostic in kernels greater 5.13
and does not depend anymore on CONFIG_OF [0].
[0] - edd6021465
Suggested-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Similar to the implementation for the BPi-R3 use the same logic also
for determining the device to look for the U-Boot environment of the
BPi-R64.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This new NTFS driver was added in kernel 5.15. Avoid building empty
package for kernel 5.10.
Fixes: bd0db6017b ("kernel: 5.15: add new module")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Fix accessing the environment in case no OS is installed on the flash
media selected for boot as this is possible when booting initramfs.
In case of relying on the device specified to be mounted as rootfs to
be present, rather just use the kernel cmdline 'root' variable as a
hint to decide where to read/write the U-Boot environment.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ee54c6b libfstools: skip JFFS2 padding on block devices
Fixes config restore on the BPi R3 when using MMC storage.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Remove patches adding support for MT7621 which have been merged upsteam.
Patches for MT7981 and MT7986 have been merged too, but not in time to
be included in the 2022.10 release, so we have to keep carrying them
until the 2023.01 release.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Make it possible to setup default WAN interface for devices with built-in LTE
modems, using QMI or MBIM.
Signed-off-by: Andrey Butirsky <butirsky@gmail.com>
Reviewed-by: Lech Perczak <lech.perczak@gmail.com>
Replace the extern inline with a static inline. With extern inline the
compiler will generate the function in all compile units including this
file which breaks linking later.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Provide ATF support for Methode eDPU as well, this makes it easy for
OpenWrt users to update the included U-boot+ATF combo.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Add support for building for Methode eDPU board, no patches are needed
as board has been upstreamed and is part of the 2022.10-rc releases.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Update mvebu U-boot to 2022.10 to avoid backporting patches in order
to support Methode eDPU.
It also allows dropping existing patches as they are all backports.
Tested-by: Andre Heider <a.heider@gmail.com> # espressobin-v3-v5-1gb-2cs
Tested-by: Russell Morris <github@rkmorris.us> # espressobin-v3-v5-1gb-1cs
Tested-by: Josef Schlehofer <pepe.schlehofer@gmail.com> [Turris Omnia]
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
4fbf6d7 ruleset.uc: log forwarded traffic not matched by zone policies
c7201a3 main.uc: reintroduce set reload restriction
756f1e2 ruleset: fix emitting set_mark/set_xmark rules with masks
3db4741 ruleset: properly handle zone names starting with a digit
43d8ef5 fw4: fix formatting of default log prefix
592ba45 main.uc: remove uneeded/wrong set reload restrictions
b0a6bff tests: fix testcases
145e159 fw4: recognize `option log` and `option counter` in `config nat` sections
ce050a8 fw4: fall back to device if l3_device is not available in ifstatus
Fixes: #10639, #10965
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
On machines with a coarse monotonic clock (here: TP-Link RE200 powered
by a MediaTek MT7620A) it can happen that the two DNS requests (for A
and AAAA) share the same transaction ID. If this happens the second
reply is wrongly dropped and nslookup reports "No answer".
Fix this by ensuring that the transaction IDs are unique.
Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org>
This makes it clear, which phy a wlan device belongs to and also helps with
telling them apart by including the mode in the ifname.
Preparation for automatically renaming PHYs
Signed-off-by: Felix Fietkau <nbd@nbd.name>
These will be used to give WLAN PHYs a specific name based on path specified
in board.json. The platform board.d script can assign a specific order based
on available slots (PCIe slots, WMAC device) and device tree configuration.
This helps with maintaining config compatibility in case the device path
changes due to kernel upgrades.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Reported-by: Chad Monroe <chad.monroe@smartrg.com>
Fixes: 590eaaeed5 ("mac80211: fix issues in HE capabilities")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add the measurement report value to the beacon reports send via ubus. It
is possible to derive from the measurement report if a station refused to
do a beacon report and why. It is important to know why a station refuses
to do a beacon-report. In particular, we should not request a beacon
report from a station again that refused a beacon-report before.
The rejection reasons can be found by looking at the bits defined by:
- MEASUREMENT_REPORT_MODE_ACCEPT
- MEASUREMENT_REPORT_MODE_REJECT_LATE
- MEASUREMENT_REPORT_MODE_REJECT_INCAPABLE
- MEASUREMENT_REPORT_MODE_REJECT_REFUSED
Suggested-by: Ian Clowes <clowes_ian@hotmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
This mainly affects scanning and beacon parsing, especially with MBSSID enabled
Fixes: CVE-2022-41674
Fixes: CVE-2022-42719
Fixes: CVE-2022-42720
Fixes: CVE-2022-42721
Fixes: CVE-2022-42722
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Enable HE SU beamformee by default
Fix spatial reuse configuration:
- he_spr_sr_control is not a bool for enabling, it contains multiple bits
which disable features that should be disabled by default
- one of the features (PSR) can be enabled through he_spr_psr_enabled
- add option to disable bss color / spatial reuse
Signed-off-by: Felix Fietkau <nbd@nbd.name>
CONFIG_CMD_MTDPART does not exist, fix it.
Fixes: e9ad412 ("uboot-mediatek: add build for Ubiquiti Networks UniFi 6 LR")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
CONFIG_CMD_MTDPART does not exist, fix it.
Fixes: ed50004 ("uboot-mediatek: add support for Linksys E8450")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
dhcpv6.script contained support for disabling prefix delegation of 464XLAT
sub-interface, but netifd protocol handler was missing the required
export to disable this. Add missing export, akin to DS-Lite and MAP.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
This fixes following compile error seen when
building mac80211 with mesh disabled:
.../backports-5.15.58-1/net/mac80211/agg-rx.c: In function 'ieee80211_send_addba_resp':
...backports-5.15.58-1/net/mac80211/agg-rx.c:255:17: error: 'struct sta_info' has no member named 'mesh'
255 | if (!sta->mesh)
| ^~
sta_info.h shows this item as being optional based on flags:
struct mesh_sta *mesh;
Guard the check to fix this.
Fixes: f96744ba6b ("mac80211: mask nested A-MSDU support for mesh")
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all
packages using wolfSSL library.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
mac80211 incorrectly processes A-MSDUs contained in A-MPDU frames. This
results in dropped packets and severely impacted throughput.
As a workaround, don't indicate support for A-MSDUs contained in
A-MPDUs. This improves throughput over mesh links by factor 10.
Ref: https://github.com/openwrt/mt76/issues/450
Signed-off-by: David Bauer <mail@david-bauer.net>
If you would like to compile the newest version of U-boot together with the stable
OpenWrt version, which does not have LibreSSL >= 3.5, which was updated
in the master branch by commit 5451b03b7c
("tools/libressl: bump to v3.5.3"), then you need these two patches to
fix it. They are backported from U-boot repository.
This should be backported to stable OpenWrt versions.
Reported-by: Michal Vasilek <michal.vasilek@nic.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This issue was reported by @paper42, who is using Void Linux with musl
to compile OpenWrt and its packages and found out it is not possible to
compile U-boot for Turris Omnia (neither any other).
It fixes following output:
```
HOSTCC tools/kwboot
tools/kwboot.c: In function 'kwboot_tty_change_baudrate':
tools/kwboot.c:662:6: error: 'struct termios' has no member named 'c_ospeed'
662 | tio.c_ospeed = tio.c_ispeed = baudrate;
| ^
tools/kwboot.c:662:21: error: 'struct termios' has no member named 'c_ispeed'
662 | tio.c_ospeed = tio.c_ispeed = baudrate;
| ^
tools/kwboot.c:690:31: error: 'struct termios' has no member named 'c_ospeed'
690 | if (!_is_within_tolerance(tio.c_ospeed, baudrate, 3))
| ^
tools/kwboot.c:693:31: error: 'struct termios' has no member named 'c_ispeed'
693 | if (!_is_within_tolerance(tio.c_ispeed, baudrate, 3))
|
```
Tested-by: Michal Vasilek <michal.vasilek@nic.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Remove upstremed patch:
- 100-tracecmd-add-NO_LIBZSTD-option-to-disable-libzstd.patch
Changes:
c65c02c trace-cmd: Version 3.1.3
14a7aca trace-cmd library: Add API for mapping between host and guests
9191b8e tracecmd extract: Allow using --compression.
d63ae35 trace-cmd report: Add callback for kvm plugin to show guest functions
0c7ef72 trace-cmd library: Add man pages for iterator functions
3cd1b55 trace-cmd library: Add tracecmd_follow_event()
27ea9e1 libtracecmd: Add documentation on tracecmd_set/get_private()
3c544ad libtracecmd: Add a man pages for handling of time stamps
5baf7a3 libtracecmd: Add check-manpages.sh
ee007a1 trace-cmd library: Make tracecmd_filter_match() local
cb04105 tracecmd library documentation: Use star and not underscore for function names
54931be trace-cmd: Do not return zero length name for guest by name
43ffa27 trace-cmd: Close socket descriptor on failed connection
4744ca3 trace-cmd record/agent: Add --notimeout option
e512b22 trace-cmd: Add compile time overrides for libraries
a6fe935 trace-cmd: README: Add note on installing libtracecmd
067f45f trace-cmd: libtracecmd: Fixing linking to C++ code
689a0d4 tracecmd: Add NO_LIBZSTD option to disable libzstd
6bbcd3e trace-cmd report: Use library tracecmd_filter_*() logic
955d05f trace-cmd report: Make filter arguments match their files
82ed4a9 trace-cmd library: Add filtering logic for iterating events
dbd8777 trace-cmd report: Use tracecmd_iterate_events_multi()
78a74b1 trace-cmd library: Allow callers to save private data in tracecmd_input handlers
b37903a tracecmd library: Add tracecmd_iterate_events_multi()
d83b662 tracecmd utest: Add test to test using the libraries to read
2cb6cc2 tracecmd library: Add tracecmd_iterate_events()
762839a tracecmd: Use make variable instead of if statement for zlib test
1504f3f trace-cmd: Document new proxy args for {agent,record}
9a1c5d7 trace-cmd record: Keep --proxy from being passed to agents
ef8a8d7 trace-cmd libs: Initialize msg to NULL tracecmd_msg_read_data()
39ec10a trace-cmd: Do not use instance from trace context
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changes:
93f4d52 libtracefs: version 1.5
bc857db libtracefs: Add tracefs_u{ret}probe_alloc to generic man page
db55441 libtracefs: Add tracefs_debug_dir() to generic libtracefs man page
d2d5924 libtracefs: Add test instructions for openSUSE
4a7b475 libtracefs: Fix test suite typo
ee8c644 libtracefs: Add tracefs_tracer_available() helper
799d88e libtracefs: Add API to set custom tracing directory
1bb00d1 libtracefs: allow pthread inclusion overrideable in Makefile
04651d0 libtracefs sqlhist: Allow pointers to match longs
9de59a0 libtracefs: Remove double free attempt of new_event in tracefs_synth_echo_cmd()
0aaa86a libtracefs: Fix use after free in tracefs_synth_alloc()
d2d5340 libtracefs: Add missed_events to record
9aaa8b0 libtracefs: Set the number of CPUs in tracefs_local_events_system()
56a0ba0 libtracefs: Return negative number when tracefs_filter_string_append() fails
c5f849f libtracefs: Set the long size of the tep handle in tracefs_local_events_system()
5c8103e revert: 0de961e74f96 ("libtracefs: Set visibility of parser symbols as 'internal'")
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changes:
fda4ad9 libtraceevent: version 1.6.3
d02a61e libtraceevent: Add man pages for tep_plugin_kvm_get/put_func()
6643bf9 libtraceevent: Have kvm_exit/enter be able to show guest function
a596299 libtraceevent: Add tep_print_field() to check-manpages.sh deprecated
065c9cd libtraceevent: Add man page documentation of tep_get_sub_buffer_size()
6e18ecc libtraceevent: Add man page for tep_plugin_add_option()
6738713 libtraceevent: Add some missing functions to generic libtraceevent man page
deefe29 libtraceevent: Include meta data functions in libtraceevent man pages
cf6dd2d libtraceevent: Add tep_get_function_count() to libtraceevent man page
5bfc11e libtraceevent: Add printk documentation to libtraceevent man page
65c767b libtraceevent: Update man page to reflect tep_is_pid_registered() rename
7cd173f libtraceevent: Add check-manpages.sh
fd6efc9 libtraceevent: Documentation: Correct typo in example
5c375b0 libtraceevent: Fixing linking to C++ code
7839fc2 libtraceevent: Makefile - set LIBS as conditional assignment
c5493e7 libtraceevent: Remove double assignment of val in eval_num_arg()
efd3289 libtraceevent: Add warnings if fields are outside the event
Signed-off-by: Nick Hainke <vincent@systemli.org>
4f96e67 Up the release version to 2.66
60ff008 Fix typos in the cap_from_text.3 man page.
281b6e4 Add captrace to .gitignore file
09a2c1d Add an example of using BPF kprobing to trace capability use.
26e3a09 Clean up getpcaps code.
fc804ac getpcaps: catch PID parsing errors.
fc437fd Fix an issue with bash displaying an error.
7db9589 Some more simplifications for building
27e801b Fix for "make clean ; make -j48 test"
Signed-off-by: Nick Hainke <vincent@systemli.org>
As also ramips/mt7621 now has a user of the ubnt-ledbar driver, make
the package available on all targets by removing the dependency on
@TARGET_mediatek_mt7622.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.
This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.
Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.
Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable
Fixes: CVE-2022-39173
Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This reverts commit a596a8396b as I've
just discovered private email, that the issue has CVE-2022-39173
assigned so I'm going to reword the commit and push it again.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.
This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.
Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.
Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable
Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This will prevent `module is already loaded` lines from
appearing in the logs when a PPP connection is reconnecting
Signed-off-by: Manas Sambhus <manas.sambhus+github@gmail.com>
'rule inet dscpclassify dscp_match meta l4proto { udp } th dport { 3478 }
th sport { 3478-3497, 16384-16387 } goto ct_set_ef' works with
'nft add', but not 'nft insert', the latter yields:
"BUG: unhandled op 4".
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The luci ucode rewrite exposed the definition of START as being over 1K
from start of file. Initial versions limited the search for START &
STOP to within the 1st 1K of a file. Whilst the search has been
expanded, it doesn't do any harm to define START early in the file like
all other init scripts seen so far.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This reverts commit 6e9613844c.
The patch was wrong in the first place as we base everything on
backports package and the compilation error was caused by an ath11k
present downstream. (will be needed later when backports package will be
updated but not now)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
With kernel 5.15.61 the define IEEE80211_MAX_AMPDU_BUF got changed to
IEEE80211_MAX_AMPDU_BUF_HE. Add patch to fix compilation error on next
5.15 kernel versions.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Rename libwolfssl-cpu-crypto to libwolfsslcpu-crypto so that the
regular libwolfssl version comes first when running:
opkg install libwolfssl
Normally, if the package name matches the opkg parameter, that package
is preferred. However, for libraries, the ABI version string is
appended to the package official name, and the short name won't match.
Failing a name match, the candidate packages are sorted in alphabetical
order, and a dash will come before any number. So in order to prefer
the original library, the dash should be removed from the alternative
library.
Fixes: c3e7d86d2b (wolfssl: add libwolfssl-cpu-crypto package)
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Move CONFIG_PACKAGE_libwolfssl-benchmark from the top of
PKG_CONFIG_DEPENDS to after PKG_ABI_VERSION is set.
This avoids changing the ABI version hash whether the bnechmark package
package is selected or not.
Fixes: 05df135cac (wolfssl: Rebuild when libwolfssl-benchmark gets changes)
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
It's a 4G Cat.20 router used by Vodafone Italy (called Vodafone FWA)
and Vodafone DE\T-Mobile PL (called GigaCube).
Modem is a MiniPCIe-to-USB based on Snapdragon X24,
it supports 4CA aggregation.
There are currently two hardware revisions, which
differ on the 5Ghz radio:
AT1 = QCA9984 5Ghz Radio on PCI-E bus
AT2 = IPQ4019 5Ghz Radio inside IPQ4019 like 2.4Ghz
Device specification
--------------------
SoC Type: Qualcomm IPQ4019
RAM: 256 MiB
Flash: 128 MiB SPI NAND (Winbond W25N01GV)
ROM: 2MiB SPI Flash (GD25Q16)
Wireless 2.4 GHz (IP4019): b/g/n, 2x2
Wireless 5 GHz:
(QCA9984): a/n/ac, 4x4 HW REV AT1
(IPA4019): a/n/ac, 2x2 HW REV AT2
Ethernet: 2xGbE (WAN/LAN1, LAN2)
USB ports: No
Button: 2 (Reset/WPS)
LEDs: 3 external leds: Network (white or red), Wifi, Power and 1 internal (blue)
Power: 12 VDC, 1 A
Connector type: Barrel
Bootloader: U-Boot
Installation
------------
1. Place OpenWrt initramfs image for the device on a TFTP
in the server's root. This example uses Server IP: 192.168.0.2
2. Connect serial console (115200,8n1) to serial connector
GND (which is right next to the thing with MF289F MIMO-V1.0), RX, TX
(refer to this image: https://ibb.co/31Gngpr).
3. Connect TFTP server to RJ-45 port (WAN/LAN1).
4. Stop in u-Boot (using ESC button) and run u-Boot commands:
setenv serverip 192.168.0.2
setenv ipaddr 192.168.0.1
set fdt_high 0x85000000
tftp openwrt-ipq40xx-generic-zte_mf289f-initramfs-fit-zImage.itb
bootm $loadaddr
5. Please make backup of original partitions, if you think about revert to
stock, specially mtd16 (Web UI) and mtd17 (rootFS).
Use /tmp as temporary storage and do:
WEB PARITION
--------------------------------------
cat /dev/mtd16 > /tmp/mtd16.bin
scp /tmp/mtd16.bin root@YOURSERVERIP:/
rm /tmp/mtd16.bin
ROOT PARITION
--------------------------------------
cat /dev/mtd17 > /tmp/mtd17.bin
scp /tmp/mtd17.bin root@YOURSERVERIP:/
rm /tmp/mtd17.bin
6. Login via ssh or serial and remove stock partitions
(default IP 192.168.0.1):
# this can return an error, if ubi was attached before
# or rootfs part was erased before.
ubiattach -m 17
# it could return error if rootfs part was erased before
ubirmvol /dev/ubi0 -N ubi_rootfs
# some devices doesn't have it
ubirmvol /dev/ubi0 -N ubi_rootfs_data
7. download and install image via sysupgrade -n
(either use wget/scp to copy the mf289f's squashfs-sysupgrade.bin
to the device's /tmp directory)
sysupgrade -n /tmp/openwrt-...-zte_mf289f-squashfs-sysupgrade.bin
Sometimes it could print ubi attach error, but please ignore it
if process goes forward.
Flash Layout
NAND:
mtd8: 000a0000 00020000 "fota-flag"
mtd9: 00080000 00020000 "0:ART"
mtd10: 00080000 00020000 "mac"
mtd11: 000c0000 00020000 "reserved2"
mtd12: 00400000 00020000 "cfg-param"
mtd13: 00400000 00020000 "log"
mtd14: 000a0000 00020000 "oops"
mtd15: 00500000 00020000 "reserved3"
mtd16: 00800000 00020000 "web"
mtd17: 01d00000 00020000 "rootfs"
mtd18: 01900000 00020000 "data"
mtd19: 03200000 00020000 "fota"
mtd20: 0041e000 0001f000 "kernel"
mtd21: 0101b000 0001f000 "ubi_rootfs"
SPI:
mtd0: 00040000 00010000 "0:SBL1"
mtd1: 00020000 00010000 "0:MIBIB"
mtd2: 00060000 00010000 "0:QSEE"
mtd3: 00010000 00010000 "0:CDT"
mtd4: 00010000 00010000 "0:DDRPARAMS"
mtd5: 00010000 00010000 "0:APPSBLENV"
mtd6: 000c0000 00010000 "0:APPSBL"
mtd7: 00050000 00010000 "0:reserved1"
Back to Stock (!!! need original dump taken from initramfs !!!)
-------------
1. Place mtd16.bin and mtd17.bin initramfs image
for the device on a TFTP in the server's root.
This example uses Server IP: 192.168.0.2
2. Connect serial console (115200,8n1) to serial console
connector (refer to the pin-out from above).
3. Connect TFTP server to RJ-45 port (WAN/LAN1).
4. rename mtd16.bin to web.img and mtd17.bin to root_uImage_s
5. Stop in u-Boot (using ESC button) and run u-Boot commands:
This will erase RootFS+Web:
nand erase 0x1000000 0x800000
nand erase 0x1800000 0x1D00000
This will restore RootFS:
tftpboot 0x84000000 ${dir}root_uImage_s
nand erase 0x1800000 0x1D00000
nand write $fileaddr 0x1800000 $filesize
This will restore Web Interface:
tftpboot 0x84000000 ${dir}web.img
nand erase 0x1000000 0x800000
nand write $fileaddr 0x1000000 $filesize
After first boot on stock firwmare, do a factory reset.
Push reset button for 5 seconds so all parameters will
be reverted to the one printed on label on bottom of the router
Signed-off-by: Giammarco Marzano <stich86@gmail.com>
Reviewed-by: Lech Perczak <lech.perczak@gmail.com>
(Warning: commit message did not conform to UTF-8 - hopefully fixed?,
added description of the pin-out if image goes down, reformatted
commit message to be hopefully somewhat readable on git-web,
redid some of the gpio-buttons & leds DT nodes, etc.)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Sony NCP-HG100/Cellular is a IoT Gateway with 2.4/5 GHz band 11ac
(WiFi-5) wireless function, based on IPQ4019.
Specification:
- SoC : Qualcomm IPQ4019
- RAM : DDR3 512 MiB (H5TC4G63EFR)
- Flash : eMMC 4 GiB (THGBMNG5D1LBAIT)
- WLAN : 2.4/5 GHz 2T2R (IPQ4019)
- Ethernet : 10/100/1000 Mbps x2
- Transceiver : Qualcomm QCA8072
- WWAN : Telit LN940A9
- Z-Wave : Silicon Labs ZM5101
- Bluetooth : Qualcomm CSR8811
- Audio DAC : Realtek ALC5629
- Audio Amp. : Realtek ALC1304
- Voice Input Processor : Conexant CX20924
- Micro Controller Unit : Nuvoton MINI54FDE
- RGB LED, Fan, Temp. sensors
- Touch Sensor : Cypress CY8C4014LQI
- RGB LED driver : TI LP55231 (2x)
- LEDs/Keys : 11x, 6x
- UART : through-hole on PCB
- J1: 3.3V, TX, RX, GND from tri-angle marking
- 115200n8
- Power : 12 VDC, 2.5 A
Flash instruction using initramfs image:
1. Prepare TFTP server with the IP address 192.168.132.100 and place the
initramfs image to TFTP directory with the name "C0A88401.img"
2. Boot NCP-HG100/Cellular and interrupt after the message
"Hit any key to stop autoboot: 2"
3. Perform the following commands and set bootcmd to allow booting from
eMMC
setenv bootcmd "mmc read 0x84000000 0x2e22 0x4000 && bootm 0x84000000"
saveenv
4. Perform the following command to load/boot the OpenWrt initramfs image
tftpboot && bootm
5. On the initramfs image, perform sysupgrade with the sysupgrade image
(if needed, backup eMMC partitions by dd command and download to
other place before performing sysupgrade)
6. Wait for ~120 seconds to complete flashing
Known issues:
- There are no drivers for audio-related chips/functions in Linux Kernel
and OpenWrt, they cannot be used.
- There is no driver for MINI54FDE Micro-Controller Unit, customized for
this device by the firmware in the MCU. This chip controls the
following functions, but they cannot be controlled in OpenWrt.
- RGB LED
- Fan
this fan is controlled automatically by MCU by default, without
driver
- Thermal Sensors (2x)
- Currently, there is no driver or tool for CY8C4014LQI and cannot be
controlled. It cannot be exited from "booting mode" and moved to "normal
op mode" after booting. And also, the 4x buttons (mic mute, vol down,
vol up, alexa trigger) connected to the IC cannot be controlled.
- it can be exited from "booting mode" by installing and executing
i2cset command:
opkg update
opkg install i2c-tools
i2cset -y 1 0x14 0xf 1
- There is a connection issue on the control by uqmi for the WWAN module.
But modemmanager can be used without any issues and the use of it is
recommended.
- With the F2FS format, too many errors are reported on erasing eMMC
partition "rootfs_data" while booting:
[ 1.360270] sdhci: Secure Digital Host Controller Interface driver
[ 1.363636] sdhci: Copyright(c) Pierre Ossman
[ 1.369730] sdhci-pltfm: SDHCI platform and OF driver helper
[ 1.374729] sdhci_msm 7824900.sdhci: Got CD GPIO
...
[ 1.413552] mmc0: SDHCI controller on 7824900.sdhci [7824900.sdhci] using ADMA 64-bit
[ 1.528325] mmc0: new HS200 MMC card at address 0001
[ 1.530627] mmcblk0: mmc0:0001 004GA0 3.69 GiB
[ 1.533530] mmcblk0boot0: mmc0:0001 004GA0 partition 1 2.00 MiB
[ 1.537831] mmcblk0boot1: mmc0:0001 004GA0 partition 2 2.00 MiB
[ 1.542918] mmcblk0rpmb: mmc0:0001 004GA0 partition 3 512 KiB, chardev (247:0)
[ 1.550323] Alternate GPT is invalid, using primary GPT.
[ 1.561669] mmcblk0: p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17
...
[ 8.841400] mount_root: loading kmods from internal overlay
[ 8.860241] kmodloader: loading kernel modules from //etc/modules-boot.d/*
[ 8.863746] kmodloader: done loading kernel modules from //etc/modules-boot.d/*
[ 9.240465] block: attempting to load /etc/config/fstab
[ 9.246722] block: unable to load configuration (fstab: Entry not found)
[ 9.246863] block: no usable configuration
[ 9.254883] mount_root: overlay filesystem in /dev/mmcblk0p17 has not been formatted yet
[ 9.438915] urandom_read: 5 callbacks suppressed
[ 9.438924] random: mkfs.f2fs: uninitialized urandom read (16 bytes read)
[ 12.243332] mmc_erase: erase error -110, status 0x800
[ 12.246638] mmc0: cache flush error -110
[ 15.134585] mmc_erase: erase error -110, status 0x800
[ 15.135891] mmc_erase: group start error -110, status 0x0
[ 15.139850] mmc_erase: group start error -110, status 0x0
...(too many the same errors)...
[ 17.350811] mmc_erase: group start error -110, status 0x0
[ 17.356197] mmc_erase: group start error -110, status 0x0
[ 17.439498] sdhci_msm 7824900.sdhci: Card stuck in wrong state! card_busy_detect status: 0xe00
[ 17.446910] mmc0: tuning execution failed: -5
[ 17.447111] mmc0: cache flush error -110
[ 18.012440] F2FS-fs (mmcblk0p17): Found nat_bits in checkpoint
[ 18.062652] F2FS-fs (mmcblk0p17): Mounted with checkpoint version = 428fa16b
[ 18.198691] block: attempting to load /etc/config/fstab
[ 18.198972] block: unable to load configuration (fstab: Entry not found)
[ 18.203029] block: no usable configuration
[ 18.211371] mount_root: overlay filesystem has not been fully initialized yet
[ 18.214487] mount_root: switching to f2fs overlay
So, this support uses ext4 format instead which has no errors.
Note:
- The primary uart is shared for debug console and Z-Wave chip. The
function is switched by GPIO15 (Linux: 427).
value:
1: debug console
0: Z-Wave
- NCP-HG100/Cellular has 2x os-image pairs in eMMC.
- 0:HLOS, rootfs
- 0:HLOS_1, rootfs_1
In OpenWrt, the first image pair is used.
- "bootipq" command in U-Boot requires authentication with signed-image
by default. To boot unsigned image of OpenWrt, use "mmc read" and
"bootm" command instead.
- This support is for "Cellular" variant of NCP-HG100 and not tested on
"WLAN" (non-cellular) variant.
- The board files of ipq-wifi may also be used in "WLAN" variant of
NCP-HG100, but unconfirmed and add files as for "Cellular" variant.
- "NET" LED is used to indicate WWAN status in stock firmware.
- There is no MAC address information in the label on the case, use the
address included in UUID in the label as "label-MAC" instead.
- The "CLOUD" LEDs are partially used for indication of system status in
stock firmware, use they as status LEDs in OpenWrt instead of RGB LED
connected to the MCU.
MAC addresses:
LAN : 5C:FF:35:**:**:ED (ART, 0x6 (hex))
WAN : 5C:FF:35:**:**:EF (ART, 0x0 (hex))
2.4 GHz: 5C:FF:35:**:**:ED (ART, 0x1006 (hex))
5 GHz : 5C:FF:35:**:**:EE (ART, 0x5006 (hex))
partition layout in eMMC (by fdisk, GPT):
Disk /dev/mmcblk0: 7733248 sectors, 3776M
Logical sector size: 512
Disk identifier (GUID): ****
Partition table holds up to 20 entries
First usable sector is 34, last usable sector is 7634910
Number Start (sector) End (sector) Size Name
1 34 1057 512K 0:SBL1
2 1058 2081 512K 0:BOOTCONFIG
3 2082 3105 512K 0:QSEE
4 3106 4129 512K 0:QSEE_1
5 4130 4641 256K 0:CDT
6 4642 5153 256K 0:CDT_1
7 5154 6177 512K 0:BOOTCONFIG1
8 6178 6689 256K 0:APPSBLENV
9 6690 8737 1024K 0:APPSBL
10 8738 10785 1024K 0:APPSBL_1
11 10786 11297 256K 0:ART
12 11298 11809 256K 0:HSEE
13 11810 28193 8192K 0:HLOS
14 28194 44577 8192K 0:HLOS_1
15 44578 306721 128M rootfs
16 306722 568865 128M rootfs_1
17 568866 3958065 1654M rootfs_data
[initial work]
Signed-off-by: Iwao Yuki <dev.clef@gmail.com>
Co-developed-by: Iwao Yuki <dev.clef@gmail.com>
[adjustments, cleanups, commit message, sending patch]
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
(dropped clk_unused_ignore, dropped 901-* patches, renamed
key nodes, changed LEDs chan/labels to match func-en, made
:net -> (w)wan leds)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The "tx_burst" option which should control the value was
expecting more of a list and hence tx_queue_data2_burst
value wasn't updated.
Yes, it would make sense to have a list for this, the
existing code only updates tx_queue_data2_burst and
not the other tx_queue_data[0134]_burst values.
Signed-off-by: Alberto Martinez-Alvarez <amteza@gmail.com>
(formatted commit message, wrote extra information into commit,
moved tx_burst to existing json_get_vars)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Prevents build errors by ensuring that it is only selected when a wext based
driver that needs it is also selected
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This package downloads raw files
which have names that are not corresponding to
the name and version of the package
as it is defined in the Makefile.
Use the option DL_SUBDIR to set the DL_DIR
to be a subdirectory named with
PKG_NAME and PKG_RELEASE
to better organize the downloads.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
This package downloads raw files
which have names that are not corresponding to
the name and version of the package
as it is defined in the Makefile.
Use the option DL_SUBDIR to set the DL_DIR
to be a subdirectory named with
PKG_NAME and PKG_VERSION
to better organize the downloads.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
This package downloads raw files
which have names that are not corresponding to
the name and version of the package
as it is defined in the Makefile.
Use the option DL_SUBDIR to set the DL_DIR
to be a subdirectory named with
PKG_NAME and PKG_VERSION
to better organize the downloads.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
This package downloads raw files
which have names that are not corresponding to
the name and version of the package
as it is defined in the Makefile.
Use the option DL_SUBDIR to set the DL_DIR
to be a subdirectory named with
PKG_NAME and PKG_SOURCE_DATE
to better organize the downloads.
Define PKG_VERSION here
using PKG_SOURCE_DATE.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
The currently used shell expansion doesn't seem to exist [0] and also
does not work. This surely was not intended, so lets allow default
naming to actually work.
[0]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
Fixes: be09c5a3cd ("base-files: add board.d support for bridge device")
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
46f04f3808e8 devices: add MediaTek MT7986 WiSoC
b3e08c8b5a8f ops: make support for wireless extensions optional
1f695d9c7f82 nl80211: allow phy names that don't start with 'phy'
b7f9f06e1594 nl80211: fix phy/netdev index lookup
4a43b0d40ba5 nl80211: look up the phy name instead of assuming name == phy<idx>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Also include the station auth_type in the ubus and log message in order
to detect, if clients used FT or FILS to associate
Signed-off-by: Felix Fietkau <nbd@nbd.name>
All contents of staging_dir/image are included in Image Builder (IB) in
case some binary needs to be included in final image. But in case of
this package, all sources are stored there and those clutter the final
tarball of IB for no reason. Those sources are not used during image
creation and are just dead weight. To put it in perspective, the IB for
21.02.0 is 158 MiB, 22.03.0-rc6 is 366 MiB and snapshot is over 620 MiB!
To fix it, put them in package build directory, so they won't end up
included in IB tarball.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Reviewed-by: Andre Heider <a.heider@gmail.com>
b704dc72e tests: sigma_dut and updated ConfResult value for Configurator failures
89de431f2 DPP: Add config response status value to DPP-CONF-SENT
10104915a tests: sigma_dut and DPP PB session overlap
80d5e264c Enhance QCA vendor roam event to indicate MLO links after reassociation
662249306 Update copyright notices for the QCA vendor definitions
8adcdd659 tests: Temporary workaround for dpp_chirp_ap_5g
ddcd15c2d tests: Fix fuzzing/sae build
7fa67861a tests: Fix p2p_channel_avoid3
ee3567d65 tests: Add more time for scan/connection
1d08b238c nl80211: Allow more time for the initial scan with 6 GHz
ac9e6a2ab tests: Allow 6 GHz opclasses in MBO checks
faf9c04cb Remove a host of unnecessary OPENSSL_IS_BORINGSSL ifdefs
b9cd5a82f Always process pending QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH data
ef4cd8e33 QoS: Use common classifier_mask for ipv4/ipv6
93be02592 Add fixed FDD mode to qca_btc_chain_mode QCA vendor attribute
e7cbfa1c1 tests: sigma_dut and DPP Enrollee unsupported curves
5565fbee2 DPP: Check Enrollee supported curves when building Config Response
ceae05cec tests: sigma_dut and DPP MUDURL setting for hostapd
4cfb484e9 DPP: Allow dpp_controller_start without arguments in CLIs
c97000933 Fix ifdef condition for imsi_privacy_cert
2a9a61d6c tests: SAE with extended key AKM
e35f6ed1d tests: More detailed report on SAE PMKSA caching error case
f70db167a SAE: Derive a variable length PMK with the new AKM suites
91010e6f6 SAE: Indicate AKM suite selector in commit for new AKM suites
e81ec0962 SAE: Use H2E unconditionally with the new AKM suites
f8eed2e8b SAE: Store PMK length and AKM in SAE data
9dc4e9d13 SAE: EAPOL-Key and key/MIC length information for the new AKM suites
a32ef3cfb SAE: Driver capability flags for the new SAE AKM suites
91df8c9c6 SAE: Internal WPA_KEY_MGMT_* defines for extended key AKMs
5c8a714b1 SAE: Use wpa_key_mgmt_sae() helper
5456b0f26 Define new RSN AKM suite selector values
def33101c DPP: Clear push button announcement state on wpa_supplicant FLUSH
35587fa8f tests: DPP Controller/Relay with need to discover Controller
d22dfe918 DPP: Event message for indicating when Relay would need a Controller
ca7892e98 tests: DPP Relay and adding/removing connection to a Controller
bfe3cfc38 DPP: Allow Relay connections to Controllers to be added and removed
808834b18 Add a comparison function for hostapd_ip_addr
f7763880b DPP: Advertise Configurator connectivity on Relay automatically
ff7cc1d49 tests: DPP Relay and dynamic Controller addition
ca682f80a DPP: Dynamic Controller initiated connection on Relay
d2388bcca DPP: Strict validation of PKEX peer bootstrapping key during auth
a7b8cef8b DPP3: Fix push button boostrapping key passing through PKEX
69d7c8e6b DPP: Add peer=id entry for PKEX-over-TCP case
b607d2723 tests: sigma_dut and DPP PB Configurator in wpa_supplicant
1ff9251a8 DPP3: Push button Configurator in wpa_supplicant
b94e46bc7 tests: PB Configurator in wpa_supplicant
ca4e82cbf tests: sigma_dut DPP/PKEX initiator as Configurator over TCP and Wi-Fi
e9137950f DPP: Recognize own PKEX Exchange Request if it ends up being received
692956446 DPP: Note PKEX code/identifier deletion in debug log
dfa9183b1 tests: DPP reconfig after Controller-initiated operation through Relay
ae4a3a6f6 DPP: Add DPP-CONF-REQ-RX event for Controller
17216b524 tests: sigma_dut DPP/PKEX initiator as Configurator (TCP) through Relay
fb2937b85 DPP: Allow Controller to initiate PKEX through Relay
15af83cf1 DPP: Delete PKEX code and identifier on success completion of PKEX
d86ed5b72 tests: Allow DPP_PKEX_REMOVE success in dpp_pkex_hostapd_errors
0a4f391b1 tests: sigma_dut and DPP Connector Privacy
479e412a6 DPP3: Default value for dpp_connector_privacy
7d12871ba test: DPP Private Peer Introduction protocol
148de3e0d DPP3: Private Peer Introduction protocol
786ea402b HPKE base mode with single-shot API
f0273bc81 OpenSSL: Remove a forgotten debug print
f2bb0839f test: DPP 3rd party config information
68209ddbe DPP: Allow 3rd party information to be added into config object
0e2217c95 DPP: Allow 3rd party information to be added into config request obj
3d82fbe05 Add QCA vendor subcommand and attributes for SCS rule configuration
16b62ddfa QCA vendor attribute for DBAM configuration
004b1ff47 tests: DPP Controller initiating through Relay
451ede2c3 DPP: Allow AP/Relay to be configured to listed for new TCP connections
248654d36 tests: sigma_dut DPP PB test cases
697b7d7ec tests: DPP push button
7bbe85987 DPP3: Allow external configuration to be specified on AP for PB
8db786a43 DPP3: Testing functionality for push button announcements
37bccfcab DPP3: Push button bootstrap mechanism
a0054fe7c Add AP and STA specific P802.11az security capabilities (vendor command)
159e63613 QCA vendor command for CoAP offload processing
3b7bb17f6 Add QCA vendor attribute for TIM beacon statistics
09a281e52 Add QCA vendor interface for PASN offload to userspace
809fb96fa Add a vendor attribute to configure concurrency policy for AP interface
a5754f531 Rename QCA_NL80211_VENDOR_SUBCMD_CONCURRENT_MULTI_STA_POLICY
085a3fc76 EHT: Add 320 channel width support
bafe35df0 Move CHANWIDTH_* definitions from ieee80211_defs.h to defs.h
92f549901 tests: Remove the 80+80 vs. 160 part from wpa2_ocv_ap_vht160_mismatch
c580c2aec tests: Make OCV negative test error cases more robust
3c2ba98ad Add QCA vendor event to indicate driver recovery after internal failures
6b461f68c Set current_ssid before changing state to ASSOCIATING
8dd826741 QCA vendor attribute to configure direct data path for audio traffic
504be2f9d QCA vendor command support to get WLAN radio combinations
d5905dbc8 OCV: Check the Frequency Segment 1 Channel Number only on 80+80 MHz
Signed-off-by: David Bauer <mail@david-bauer.net>
Don't select channels designated for exclusive-indoor use when the
country3 element is set on outdoor operation.
Signed-off-by: David Bauer <mail@david-bauer.net>
This matches the scheme used by other target packages and will avoid
confusion with any future version.
Signed-off-by: Andre Heider <a.heider@gmail.com>
The 'fxload' tool contained in the examples provided with libusb is
actually useful and turns out to be the only way to load firmware into
some rather ancient EZ-USB microcontrollers made by Cypress (formerly
Anchor Chips).
The original 'fxload' tool from hotplug-linux has been abandonned long
ago and requires usbfs to be mounted in /proc/bus/usb/ (like it was in
Linux 2.4...).
Hence the best option is to package the modern 'fxload' from the libusb
examples which (unsurprisingly) uses libusb and works on modern
systems.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
e065a7627a46 pex: update last query sent timestamp
6c888f897862 unet-cli: add stun server list editing support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
21360a1b1ce6 cli: fix typo
abfebece0af1 wg-linux: ship a copy of linux/wireguard.h
1cbb1a543cb3 pex: reduce unnecessary ping traffic
0c2f39e52d5d pex: remove pex event debug spam
dcf1362c2104 pex: add support for sending/receiving global PEX messages via unix socket
df5f70b8858c ubus: notify on network updates
e58a56697131 add DHT discovery service
be175767bc67 pex: keep active pex hosts after the specified timeout
543e4a3d2ed7 pex: move rx header check to callback function
395659b9c415 pex: move raw ip send code to sendto_rawudp() in utils.c
dda15ea8b3b2 pex: add utility function to get the sockets based on type / address family
e88f2cd4d3f0 utils: add support for passings address family to network_get_endpoint()
639cdcdf6eda pex: add support for figuring out the external data port via STUN servers
9144339ebe1f pex: improve handling of a longer list of PEX hosts
38212218ecdd unet-cli: add DHT support
0d37ca75434d pex: automatically create host entries from incoming endpoint port notifications
035fcc56ef60 host: keep multiple endpoint candidates, one for each type
a089e8ae7504 pex: avoid sending a query to a host more than once every 15 seconds
Signed-off-by: Felix Fietkau <nbd@nbd.name>
libwolfssl-cpu-crypto is a variant of libwolfssl with support for
cryptographic CPU instructions on x86_64 and aarch64.
On aarch64, wolfSSL does not perform run-time detection, so the library
will crash when the AES functions are called. A preinst script attempts
to check for support by querying /proc/cpuinfo, if installed in a
running system. When building an image, the script will check the
DISTRIB_TARGET value in /etc/openwrt_release, and will abort
installation if target is bcm27xx.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
cc4eb79 ubus: support obtaining numeric error code
01c412c ubus: add toplevel constants for ubus status codes
8e240fa ubus: allow object method call handlers to return a numeric status code
5cdddd3 lib: add limit support to split() and replace()
0ba9c3e fs: add optional third permission argument to fs.open()
c1f7b3b lib: remove fixed capture group limit in match() and regex replace()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of always including the XHCI driver in the kernel on all
MediaTek boards, selectively include the kernel module only on boards
which actually make use of USB functionality.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
add Flow Queuing with Proportional Integral controller Enhanced (FQ-PIE) as an
optional kmod in network support and extract sched-pie from kmod-sched to
allow dependency on just kmod-sched-pie (PIE).
Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
Add support for the TP-Link SG2210P switch. This is an RTL8380 based
switch with eight RJ-45 ports with 802.3af PoE, and two SFP ports.
This device shares the same board with the SG2008P and SG2008. To
model this, declare all the capabilities in the sg2xxx dtsi, and
disable unpopulated on the lower end models.
Specifications:
---------------
- SoC: Realtek RTL8380M
- Flash: 32 MiB SPI flash (Vendor varies)
- RAM: 256 MiB (Vendor varies)
- Ethernet: 8x 10/100/1000 Mbps with PoE (all ports)
2x SFP ports
- Buttons: 1x "Reset" button on front panel
- Power: 53.5V DC barrel jack
- UART: 1x serial header, unpopulated
- PoE: 2x TI TPS23861 I2C PoE controller
Works:
------
- (8) RJ-45 ethernet ports
- (2) SFP ports (with caveats)
- Switch functions
- System LED
Not yet enabled:
----------------
- Power-over-Ethernet (driver works, but doesn't enable "auto" mode)
- PoE LEDs
Enabling SFP ports:
-------------------
The SFP port control lines are hardwired, except for tx-disable. These
lines are controller by the RTL8231 in shift register mode. There is
no driver support for this yet.
However, to enable the lasers on SFP1 and SFP2 respectively:
echo 0x0510ff00 > /sys/kernel/debug/rtl838x/led/led_p_en_ctrl
echo 0x140 > /sys/kernel/debug/rtl838x/led/led_sw_p_ctrl.26
echo 0x140 > /sys/kernel/debug/rtl838x/led/led_sw_p_ctrl.24
Install via serial console/tftp:
--------------------------------
The footprints R27 (0201) and R28 (0402) are not populated. To enable
serial console, 50 ohm resistors should be soldered -- any value from
0 ohm to 50 ohm will work. R27 can be replaced by a solder bridge.
The u-boot firmware drops to a TP-Link specific "BOOTUTIL" shell at
38400 baud. There is no known way to exit out of this shell, and no
way to do anything useful.
Ideally, one would trick the bootloader into flashing the sysupgrade
image first. However, if the image exceeds 6MiB in size, it will not
work. The sysupgrade image can also be flashed. To install OpenWrt:
Prepare a tftp server with:
1. server address: 192.168.0.146
2. the image as: "uImage.img"
Power on device, and stop boot by pressing any key.
Once the shell is active:
1. Ground out the CLK (pin 16) of the ROM (U7)
2. Select option "3. Start"
3. Bootloader notes that "The kernel has been damaged!"
4. Release CLK as sson as bootloader thinks image is corrupted.
5. Bootloader enters automatic recovery -- details printed on console
6. Watch as the bootloader flashes and boots OpenWrt.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[OpenWrt capitalisation in commit message]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Serge Vasilugin reports:
To improve mt7620 built-in wifi performance some changes:
1. Correct BW20/BW40 switching (see comments with mark (1))
2. Correct TX_SW_CFG1 MAC reg from v3 of vendor driver see
https://gitlab.com/dm38/padavan-ng/-/blob/master/trunk/proprietary/rt_wifi/rtpci/3.0.X.X/mt76x2/chips/rt6352.c#L531
3. Set bbp66 for all chains.
4. US_CYC_CNT init based on Programming guide, default value was 33 (pci),
set chipset bus clock with fallback to cpu clock/3.
5. Don't overwrite default values for mt7620.
6. Correct some typos.
7. Add support for external LNA:
a) RF and BBP regs never be corrected for this mode
b) eLNA is driven the same way as ePA with mt7620's pin PA
but vendor driver explicitly pin PA to gpio mode (for forrect calibration?)
so I'm not sure that request for pa_pin in dts-file will be enough
First 5 changes (really 2) improve performance for boards w/o eLNA/ePA.
Changes 7 add support for eLNA
Configuration w/o eLAN/ePA and with eLNA show results
tx/rx (from router point of view) for each stream:
35-40/30-35 Mbps for HT20
65-70/60-65 Mbps for HT40
Yes. Max results for 2T2R client is 140-145/135-140
with peaks 160/150, It correspond to mediatek driver results.
Boards with ePA untested.
Reported-by: Serge Vasilugin <vasilugin@yandex.ru>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Prepare patches for sending upstream by adding patch descriptions
generated from the original OpenWrt commits adding each patch.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hardware:
SoC: MediaTek MT7629 Cortex-A7 (ARMv7 1.25GHz, Dual-Core)
RAM: DDR3 128MB
Flash: Macronix MX35LF1GE4AB (SPI-NAND 128MB)
WiFi: MediaTek MT7761N (2.4GHz) / MediaTek MT7762N (5GHz) - no driver
Ethernet: SoC (WAN) / MediaTek MT7531 (LAN x4)
UART: [GND, RX, TX, 3.3V] (115200)
Installation:
- Flash recovery image with TFTP recovery
Revert to stock firmware:
- Flash stock firmware with TFTP recovery
TFTP Recovery method:
1. Unplug the router
2. Hold the reset button and plug in
3. Release when the power LED stops flashing and go off
4. Set your computer IP address manually to 192.168.0.x / 255.255.255.0
5. Flash image with TFTP client to 192.168.0.1
Signed-off-by: Yoonji Park <koreapyj@dcmys.kr>
xdp-tools build currently breaks on build hosts which do not have
libbpf headers installed because the build system wrongly tries to
use the host's include path.
Properly pass path to libbpf headers to xdp-tools build system to
fix build e.g. on the buildbots.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add support for TP-Link Deco S4 wifi router
The label refers to the device as S4R and the TP-Link firmware
site calls it the Deco S4 v2. (There does not appear to be a v1)
Hardware (and FCC id) are identical to the Deco M4R v2 but the
flash layout is ordered differently and the OEM firmware encrypts
some config parameters (including the label mac address) in flash
In order to set the encrypted mac address, the wlan's caldata
node is removed from the DTS so the mac can be decrypted with
the help of the uencrypt tool and patched into the wlan fw
via hotplug
Specifications:
SoC: QCA9563-AL3A
RAM: Zentel A3R1GE40JBF
Wireless 2.4GHz: QCA9563-AL3A (main SoC)
Wireless 5GHz: QCA9886
Ethernet Switch: QCA8337N-AL3C
Flash: 16 MB SPI NOR
UART serial access (115200N1) on board via solder pads:
RX = TP1 pad
TX = TP2 pad
GND = C201 (pad nearest board edge)
The device's bootloader and web gui will only accept images that
were signed using TP-Link's RSA key, however a memory safety bug
in the bootloader can be leveraged to install openwrt without
accessing the serial console. See developer forum S4 support page
for link to a "firmware" file that starts a tftp client, or you
may generate one on your own like this:
```
python - > deco_s4_faux_fw_tftp.bin <<EOF
import sys
from struct import pack
b = pack('>I', 0x00008000) + b'X'*16 + b"fw-type:" \
+ b'x'*256 + b"S000S001S002" + pack('>I', 0x80060200) \
b += b"\x00"*(0x200-len(b)) \
+ pack(">33I", *[0x3c0887fc, 0x35083ddc, 0xad000000, 0x24050000,
0x3c048006, 0x348402a0, 0x3c1987f9, 0x373947f4,
0x0320f809, 0x00000000, 0x24050000, 0x3c048006,
0x348402d0, 0x3c1987f9, 0x373947f4, 0x0320f809,
0x00000000, 0x24050000, 0x3c048006, 0x34840300,
0x3c1987f9, 0x373947f4, 0x0320f809, 0x00000000,
0x24050000, 0x3c048006, 0x34840400, 0x3c1987f9,
0x373947f4, 0x0320f809, 0x00000000, 0x1000fff1,
0x00000000])
b += b"\xff"*(0x2A0-len(b)) + b"setenv serverip 192.168.0.2\x00"
b += b"\xff"*(0x2D0-len(b)) + b"setenv ipaddr 192.168.0.1\x00"
b += b"\xff"*(0x300-len(b)) + b"tftpboot 0x81000000 initramfs-kernel.bin\x00"
b += b"\xff"*(0x400-len(b)) + b"bootm 0x81000000\x00"
b += b"\xff"*(0x8000-len(b))
sys.stdout.buffer.write(b)
EOF
```
Installation:
1. Run tftp server on pc with static ip 192.168.0.2
2. Place openwrt "initramfs-kernel.bin" image in tftp root dir
3. Connect pc to router ethernet port1
4. While holding in reset button on bottom of router, power on router
5. From pc access router webgui at http://192.168.0.1
6. Upload deco_s4_faux_fw_tftp.bin
7. Router will load and execture in-memory openwrt
8. Switch pc back to dhcp or static 192.168.1.x
9. Flash openwrt sysupgrade image via luci/ssh at 192.168.1.1
Revert to stock:
Press and hold reset button while powering device to start the
bootloader's recovery mode, where stock firmware can be uploaded
via web gui at 192.168.0.1
Please note that one additional non-github commits is also needed:
firmware-utils: add tplink-safeloader support for Deco S4
Signed-off-by: Nick French <nickfrench@gmail.com>
FCC ID: U2M-CAP2100AG
WatchGuard AP100 is an indoor wireless access point with
1 Gb ethernet port, dual-band but single-radio wireless,
internal antenna plates, and 802.3at PoE+
this board is a Senao device:
the hardware is equivalent to EnGenius EAP300 v2
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails
**Specification:**
- AR9344 SOC MIPS 74kc, 2.4 GHz AND 5 GHz WMAC, 2x2
- AR8035-A EPHY RGMII GbE with PoE+ IN
- 25 MHz clock
- 16 MB FLASH mx25l12805d
- 2x 64 MB RAM
- UART console J11, populated
- GPIO watchdog GPIO 16, 20 sec toggle
- 2 antennas 5 dBi, internal omni-directional plates
- 5 LEDs power, eth0 link/data, 2G, 5G
- 1 button reset
**MAC addresses:**
Label has no MAC
Only one Vendor MAC address in flash at art 0x0
eth0 ---- *:e5 art 0x0 -2
phy0 ---- *:e5 art 0x0 -2
**Installation:**
Method 1: OEM webpage
use OEM webpage for firmware upgrade to upload factory.bin
Method 2: root shell
It may be necessary to use a Watchguard router to flash the image to the AP
and / or to downgrade the software on the AP to access SSH
For some Watchguard devices, serial console over UART is disabled.
NOTE: DHCP is not enabled by default after flashing
**TFTP recovery:**
reset button has no function at boot time
only possible with modified uboot environment,
(see commit message for Watchguard AP300)
**Return to OEM:**
user should make backup of MTD partitions
and write the backups back to mtd devices
in order to revert to OEM reliably
It may be possible to use sysupgrade
with an OEM image as well...
(not tested)
**OEM upgrade info:**
The OEM upgrade script is at /etc/fwupgrade.sh
OKLI kernel loader is required because the OEM software
expects the kernel to be no greater than 1536k
and the factory.bin upgrade procedure would otherwise
overwrite part of the kernel when writing rootfs.
**Note on eth0 PLL-data:**
The default Ethernet Configuration register values will not work
because of the external AR8035 switch between
the SOC and the ethernet port.
For AR934x series, the PLL registers for eth0
can be see in the DTSI as 0x2c.
Therefore the PLL registers can be read from uboot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x1805002c 1`.
The clock delay required for RGMII can be applied
at the PHY side, using the at803x driver `phy-mode`.
Therefore the PLL registers for GMAC0
do not need the bits for delay on the MAC side.
This is possible due to fixes in at803x driver
since Linux 5.1 and 5.3
**Note on WatchGuard Magic string:**
The OEM upgrade script is a modified version of
the generic Senao sysupgrade script
which is used on EnGenius devices.
On WatchGuard boards produced by Senao,
images are verified using a md5sum checksum of
the upgrade image concatenated with a magic string.
this checksum is then appended to the end of the final image.
This variable does not apply to all the senao devices
so set to null string as default
Tested-by: Steve Wheeler <stephenw10@gmail.com>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
FCC ID: U2M-CAP4200AG
WatchGuard AP200 is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+
this board is a Senao device:
the hardware is equivalent to EnGenius EAP600
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails
**Specification:**
- AR9344 SOC MIPS 74kc, 2.4 GHz WMAC, 2x2
- AR9382 WLAN PCI card 168c:0030, 5 GHz, 2x2, 26dBm
- AR8035-A EPHY RGMII GbE with PoE+ IN
- 25 MHz clock
- 16 MB FLASH mx25l12805d
- 2x 64 MB RAM
- UART console J11, populated
- GPIO watchdog GPIO 16, 20 sec toggle
- 4 antennas 5 dBi, internal omni-directional plates
- 5 LEDs power, eth0 link/data, 2G, 5G
- 1 button reset
**MAC addresses:**
Label has no MAC
Only one Vendor MAC address in flash at art 0x0
eth0 ---- *:be art 0x0 -2
phy1 ---- *:bf art 0x0 -1
phy0 ---- *:be art 0x0 -2
**Installation:**
Method 1: OEM webpage
use OEM webpage for firmware upgrade to upload factory.bin
Method 2: root shell
It may be necessary to use a Watchguard router to flash the image to the AP
and / or to downgrade the software on the AP to access SSH
For some Watchguard devices, serial console over UART is disabled.
NOTE: DHCP is not enabled by default after flashing
**TFTP recovery:**
reset button has no function at boot time
only possible with modified uboot environment,
(see commit message for Watchguard AP300)
**Return to OEM:**
user should make backup of MTD partitions
and write the backups back to mtd devices
in order to revert to OEM reliably
It may be possible to use sysupgrade
with an OEM image as well...
(not tested)
**OEM upgrade info:**
The OEM upgrade script is at /etc/fwupgrade.sh
OKLI kernel loader is required because the OEM software
expects the kernel to be no greater than 1536k
and the factory.bin upgrade procedure would otherwise
overwrite part of the kernel when writing rootfs.
**Note on eth0 PLL-data:**
The default Ethernet Configuration register values will not work
because of the external AR8035 switch between
the SOC and the ethernet port.
For AR934x series, the PLL registers for eth0
can be see in the DTSI as 0x2c.
Therefore the PLL registers can be read from uboot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x1805002c 1`.
The clock delay required for RGMII can be applied
at the PHY side, using the at803x driver `phy-mode`.
Therefore the PLL registers for GMAC0
do not need the bits for delay on the MAC side.
This is possible due to fixes in at803x driver
since Linux 5.1 and 5.3
**Note on WatchGuard Magic string:**
The OEM upgrade script is a modified version of
the generic Senao sysupgrade script
which is used on EnGenius devices.
On WatchGuard boards produced by Senao,
images are verified using a md5sum checksum of
the upgrade image concatenated with a magic string.
this checksum is then appended to the end of the final image.
This variable does not apply to all the senao devices
so set to null string as default
Tested-by: Steve Wheeler <stephenw10@gmail.com>
Tested-by: John Delaney <johnd@ankco.net>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
FCC ID: Q6G-AP300
WatchGuard AP300 is an indoor wireless access point with
1 Gb ethernet port, dual-band wireless,
internal antenna plates, and 802.3at PoE+
this board is a Senao device:
the hardware is equivalent to EnGenius EAP1750
the software is modified Senao SDK which is based on openwrt and uboot
including image checksum verification at boot time,
and a failsafe image that boots if checksum fails
**Specification:**
- QCA9558 SOC MIPS 74kc, 2.4 GHz WMAC, 3x3
- QCA9880 WLAN PCI card 168c:003c, 5 GHz, 3x3, 26dBm
- AR8035-A PHY RGMII GbE with PoE+ IN
- 40 MHz clock
- 32 MB FLASH S25FL512S
- 2x 64 MB RAM NT5TU32M16
- UART console J10, populated
- GPIO watchdog GPIO 16, 20 sec toggle
- 6 antennas 5 dBi, internal omni-directional plates
- 5 LEDs power, eth0 link/data, 2G, 5G
- 1 button reset
**MAC addresses:**
MAC address labeled as ETH
Only one Vendor MAC address in flash at art 0x0
eth0 ETH *:3c art 0x0
phy1 ---- *:3d ---
phy0 ---- *:3e ---
**Serial console access:**
For this board, its not certain whether UART is possible
it is likely that software is blocking console access
the RX line on the board for UART is shorted to ground by resistor R176
the resistors R175 and R176 are next to the UART RX pin at J10
however console output is garbage even after this fix
**Installation:**
Method 1: OEM webpage
use OEM webpage for firmware upgrade to upload factory.bin
Method 2: root shell access
downgrade XTM firewall to v2.0.0.1
downgrade AP300 firmware: v1.0.1
remove / unpair AP from controller
perform factory reset with reset button
connect ethernet to a computer
login to OEM webpage with default address / pass: wgwap
enable SSHD in OEM webpage settings
access root shell with SSH as user 'root'
modify uboot environment to automatically try TFTP at boot time
(see command below)
rename initramfs-kernel.bin to test.bin
load test.bin over TFTP (see TFTP recovery)
(optionally backup all mtdblocks to have flash backup)
perform a sysupgrade with sysupgrade.bin
NOTE: DHCP is not enabled by default after flashing
**TFTP recovery:**
server ip: 192.168.1.101
reset button seems to do nothing at boot time...
only possible with modified uboot environment,
running this command in the root shell:
fw_setenv bootcmd 'if ping 192.168.1.101; then tftp 0x82000000 test.bin && bootm 0x82000000; else bootm 0x9f0a0000; fi'
and verify that it is correct with
fw_printenv
then, before boot, the device will attempt TFTP from 192.168.1.101
looking for file 'test.bin'
to return uboot environment to normal:
fw_setenv bootcmd 'bootm 0x9f0a0000'
**Return to OEM:**
user should make backup of MTD partitions
and write the backups back to mtd devices
in order to revert to OEM
(see installation method 2)
It may be possible to use sysupgrade
with an OEM image as well...
(not tested)
**OEM upgrade info:**
The OEM upgrade script is at /etc/fwupgrade.sh
OKLI kernel loader is required because the OEM software
expects the kernel to be no greater than 1536k
and the factory.bin upgrade procedure would otherwise
overwrite part of the kernel when writing rootfs.
**Note on eth0 PLL-data:**
The default Ethernet Configuration register values will not work
because of the external AR8035 switch between
the SOC and the ethernet port.
For QCA955x series, the PLL registers for eth0 and eth1
can be see in the DTSI as 0x28 and 0x48 respectively.
Therefore the PLL registers can be read from uboot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x18050028 1` and `md 0x18050048 1`.
The clock delay required for RGMII can be applied
at the PHY side, using the at803x driver `phy-mode`.
Therefore the PLL registers for GMAC0
do not need the bits for delay on the MAC side.
This is possible due to fixes in at803x driver
since Linux 5.1 and 5.3
**Note on WatchGuard Magic string:**
The OEM upgrade script is a modified version of
the generic Senao sysupgrade script
which is used on EnGenius devices.
On WatchGuard boards produced by Senao,
images are verified using a md5sum checksum of
the upgrade image concatenated with a magic string.
this checksum is then appended to the end of the final image.
This variable does not apply to all the senao devices
so set to null string as default
Tested-by: Alessandro Kornowski <ak@wski.org>
Tested-by: John Wagner <john@wagner.us.org>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Ruckus ZoneFlex 7321 is a dual-band, single radio 802.11n 2x2 MIMO enterprise
access point. It is very similar to its bigger brother, ZoneFlex 7372.
Hardware highligts:
- CPU: Atheros AR9342 SoC at 533 MHz
- RAM: 64MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi: AR9342 built-in dual-band 2x2 MIMO radio
- Ethernet: single Gigabit Ethernet port through AR8035 gigabit PHY
- PoE: input through Gigabit port
- Standalone 12V/1A power input
- USB: optional single USB 2.0 host port on the 7321-U variant.
Serial console: 115200-8-N-1 on internal H1 header.
Pinout:
H1 ----------
|1|x3|4|5|
----------
Pin 1 is near the "H1" marking.
1 - RX
x - no pin
3 - VCC (3.3V)
4 - GND
5 - TX
JTAG: Connector H5, unpopulated, similar to MIPS eJTAG, standard,
but without the key in pin 12 and not every pin routed:
------- H5
|1 |2 |
-------
|3 |4 |
-------
|5 |6 |
-------
|7 |8 |
-------
|9 |10|
-------
|11|12|
-------
|13|14|
-------
3 - TDI
5 - TDO
7 - TMS
9 - TCK
2,4,6,8,10 - GND
14 - Vref
1,11,12,13 - Not connected
Installation:
There are two methods of installation:
- Using serial console [1] - requires some disassembly, 3.3V USB-Serial
adapter, TFTP server, and removing a single T10 screw,
but with much less manual steps, and is generally recommended, being
safer.
- Using stock firmware root shell exploit, SSH and TFTP [2]. Does not
work on some rare versions of stock firmware. A more involved, and
requires installing `mkenvimage` from u-boot-tools package if you
choose to rebuild your own environment, but can be used without
disassembly or removal from installation point, if you have the
credentials.
If for some reason, size of your sysupgrade image exceeds 13312kB,
proceed with method [1]. For official images this is not likely to
happen ever.
[1] Using serial console:
0. Connect serial console to H1 header. Ensure the serial converter
does not back-power the board, otherwise it will fail to boot.
1. Power-on the board. Then quickly connect serial converter to PC and
hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
you'll enter U-boot shell. Then skip to point 3.
Connection parameters are 115200-8-N-1.
2. Allow the board to boot. Press the reset button, so the board
reboots into U-boot again and go back to point 1.
3. Set the "bootcmd" variable to disable the dual-boot feature of the
system and ensure that uImage is loaded. This is critical step, and
needs to be done only on initial installation.
> setenv bootcmd "bootm 0x9f040000"
> saveenv
4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed:
> setenv serverip 192.168.1.2
> setenv ipaddr 192.168.1.1
> tftpboot 0x81000000 openwrt-ath79-generic-ruckus_zf7321-initramfs-kernel.bin
> bootm 0x81000000
5. Optional, but highly recommended: back up contents of "firmware" partition:
$ ssh root@192.168.1.1 cat /dev/mtd1 > ruckus_zf7321_fw1_backup.bin
$ ssh root@192.168.1.1 cat /dev/mtd5 > ruckus_zf7321_fw2_backup.bin
6. Copy over sysupgrade image, and perform actual installation. OpenWrt
shall boot from flash afterwards:
$ ssh root@192.168.1.1
# sysupgrade -n openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin
[2] Using stock root shell:
0. Reset the device to factory defaullts. Power-on the device and after
it boots, hold the reset button near Ethernet connectors for 5
seconds.
1. Connect the device to the network. It will acquire address over DHCP,
so either find its address using list of DHCP leases by looking for
label MAC address, or try finding it by scanning for SSH port:
$ nmap 10.42.0.0/24 -p22
From now on, we assume your computer has address 10.42.0.1 and the device
has address 10.42.0.254.
2. Set up a TFTP server on your computer. We assume that TFTP server
root is at /srv/tftp.
3. Obtain root shell. Connect to the device over SSH. The SSHD ond the
frmware is pretty ancient and requires enabling HMAC-MD5.
$ ssh 10.42.0.254 \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyCheking=no \
-o MACs=hmac-md5
Login. User is "super", password is "sp-admin".
Now execute a hidden command:
Ruckus
It is case-sensitive. Copy and paste the following string,
including quotes. There will be no output on the console for that.
";/bin/sh;"
Hit "enter". The AP will respond with:
grrrr
OK
Now execute another hidden command:
!v54!
At "What's your chow?" prompt just hit "enter".
Congratulations, you should now be dropped to Busybox shell with root
permissions.
4. Optional, but highly recommended: backup the flash contents before
installation. At your PC ensure the device can write the firmware
over TFTP:
$ sudo touch /srv/tftp/ruckus_zf7321_firmware{1,2}.bin
$ sudo chmod 666 /srv/tftp/ruckus_zf7321_firmware{1,2}.bin
Locate partitions for primary and secondary firmware image.
NEVER blindly copy over MTD nodes, because MTD indices change
depending on the currently active firmware, and all partitions are
writable!
# grep rcks_wlan /proc/mtd
Copy over both images using TFTP, this will be useful in case you'd
like to return to stock FW in future. Make sure to backup both, as
OpenWrt uses bot firmwre partitions for storage!
# tftp -l /dev/<rcks_wlan.main_mtd> -r ruckus_zf7321_firmware1.bin -p 10.42.0.1
# tftp -l /dev/<rcks_wlan.bkup_mtd> -r ruckus_zf7321_firmware2.bin -p 10.42.0.1
When the command finishes, copy over the dump to a safe place for
storage.
$ cp /srv/tftp/ruckus_zf7321_firmware{1,2}.bin ~/
5. Ensure the system is running from the BACKUP image, i.e. from
rcks_wlan.bkup partition or "image 2". Otherwise the installation
WILL fail, and you will need to access mtd0 device to write image
which risks overwriting the bootloader, and so is not covered here
and not supported.
Switching to backup firmware can be achieved by executing a few
consecutive reboots of the device, or by updating the stock firmware. The
system will boot from the image it was not running from previously.
Stock firmware available to update was conveniently dumped in point 4 :-)
6. Prepare U-boot environment image.
Install u-boot-tools package. Alternatively, if you build your own
images, OpenWrt provides mkenvimage in host staging directory as well.
It is recommended to extract environment from the device, and modify
it, rather then relying on defaults:
$ sudo touch /srv/tftp/u-boot-env.bin
$ sudo chmod 666 /srv/tftp/u-boot-env.bin
On the device, find the MTD partition on which environment resides.
Beware, it may change depending on currently active firmware image!
# grep u-boot-env /proc/mtd
Now, copy over the partition
# tftp -l /dev/mtd<N> -r u-boot-env.bin -p 10.42.0.1
Store the stock environment in a safe place:
$ cp /srv/tftp/u-boot-env.bin ~/
Extract the values from the dump:
$ strings u-boot-env.bin | tee u-boot-env.txt
Now clean up the debris at the end of output, you should end up with
each variable defined once. After that, set the bootcmd variable like
this:
bootcmd=bootm 0x9f040000
You should end up with something like this:
bootcmd=bootm 0x9f040000
bootargs=console=ttyS0,115200 rootfstype=squashfs init=/sbin/init
baudrate=115200
ethaddr=0x00:0xaa:0xbb:0xcc:0xdd:0xee
mtdparts=mtdparts=ar7100-nor0:256k(u-boot),13312k(rcks_wlan.main),2048k(datafs),256k(u-boot-env),512k(Board Data),13312k(rcks_wlan.bkup)
mtdids=nor0=ar7100-nor0
bootdelay=2
ethact=eth0
filesize=78a000
fileaddr=81000000
partition=nor0,0
mtddevnum=0
mtddevname=u-boot
ipaddr=10.0.0.1
serverip=10.0.0.5
stdin=serial
stdout=serial
stderr=serial
These are the defaults, you can use most likely just this as input to
mkenvimage.
Now, create environment image and copy it over to TFTP root:
$ mkenvimage -s 0x40000 -b -o u-boot-env.bin u-boot-env.txt
$ sudo cp u-boot-env.bin /srv/tftp
This is the same image, gzipped and base64-encoded:
H4sIAAAAAAAAA+3QQW7TQBQAUF8EKRtQI6XtJDS0VJoN4gYcAE3iCbWS2MF2Sss1ORDYqVq6YMEB3rP0
Z/7Yf+aP3/56827VNP16X8Zx3E/Cw8dNuAqDYlxI7bcurpu6a3Y59v3jlzCbz5eLECbt8HbT9Y+HHLvv
x9TdbbpJVVd9vOxWVX05TotVOpZt6nN8qilyf5fKso3hIYTb8JDSEFarIazXQyjLIeRc7PvykNq+iy+T
1F7PQzivmzbcLpYftmfH87G56Wz+/v18sT1r19vu649dqi/2qaqns0W4utmelalPm27I/lac5/p+OluO
NZ+a1JaTz8M3/9hmtT0epmMjVdnF8djXLZx+TJl36TEuTlda93EYQrGpdrmrfuZ4fZPGHzjmp/vezMNJ
MV6n6qumPm06C+MRZb6vj/v4Mk/7HJ+6LarDqXweLsZnXnS5vc9tdXheWRbd0GIdh/Uq7cakOfavsty2
z1nxGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAD+1x9eTkHLAAAEAA==
7. Perform actual installation. Copy over OpenWrt sysupgrade image to
TFTP root:
$ sudo cp openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin /srv/tftp
Now load both to the device over TFTP:
# tftp -l /tmp/u-boot-env.bin -r u-boot-env.bin -g 10.42.0.1
# tftp -l /tmp/openwrt.bin -r openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin -g 10.42.0.1
Vverify checksums of both images to ensure the transfer over TFTP
was completed:
# sha256sum /tmp/u-boot-env.bin /tmp/openwrt.bin
And compare it against source images:
$ sha256sum /srv/tftp/u-boot-env.bin /srv/tftp/openwrt-ath79-generic-ruckus_zf7321-squashfs-sysupgrade.bin
Locate MTD partition of the primary image:
# grep rcks_wlan.main /proc/mtd
Now, write the images in place. Write U-boot environment last, so
unit still can boot from backup image, should power failure occur during
this. Replace MTD placeholders with real MTD nodes:
# flashcp /tmp/openwrt.bin /dev/<rcks_wlan.main_mtd>
# flashcp /tmp/u-boot-env.bin /dev/<u-boot-env_mtd>
Finally, reboot the device. The device should directly boot into
OpenWrt. Look for the characteristic power LED blinking pattern.
# reboot -f
After unit boots, it should be available at the usual 192.168.1.1/24.
Return to factory firmware:
1. Boot into OpenWrt initramfs as for initial installation. To do that
without disassembly, you can write an initramfs image to the device
using 'sysupgrade -F' first.
2. Unset the "bootcmd" variable:
fw_setenv bootcmd ""
3. Write factory images downloaded from manufacturer website into
fwconcat0 and fwconcat1 MTD partitions, or restore backup you took
before installation:
mtd write ruckus_zf7321_fw1_backup.bin /dev/mtd1
mtd write ruckus_zf7321_fw2_backup.bin /dev/mtd5
4. Reboot the system, it should load into factory firmware again.
Quirks and known issues:
- Flash layout is changed from the factory, to use both firmware image
partitions for storage using mtd-concat, and uImage format is used to
actually boot the system, which rules out the dual-boot capability.
- The 5GHz radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
OpenWrt by choice.
It is controlled by data in the top 64kB of RAM which is unmapped,
to avoid the interference in the boot process and accidental
switch to the inactive image, although boot script presence in
form of "bootcmd" variable should prevent this entirely.
- U-boot disables JTAG when starting. To re-enable it, you need to
execute the following command before booting:
mw.l 1804006c 40
And also you need to disable the reset button in device tree if you
intend to debug Linux, because reset button on GPIO0 shares the TCK
pin.
- On some versions of stock firmware, it is possible to obtain root shell,
however not much is available in terms of debugging facitilies.
1. Login to the rkscli
2. Execute hidden command "Ruckus"
3. Copy and paste ";/bin/sh;" including quotes. This is required only
once, the payload will be stored in writable filesystem.
4. Execute hidden command "!v54!". Press Enter leaving empty reply for
"What's your chow?" prompt.
5. Busybox shell shall open.
Source: https://alephsecurity.com/vulns/aleph-2019014
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Ruckus ZoneFlex 7372 is a dual-band, dual-radio 802.11n 2x2 MIMO enterprise
access point.
Ruckus ZoneFlex 7352 is also supported, lacking the 5GHz radio part.
Hardware highligts:
- CPU: Atheros AR9344 SoC at 560 MHz
- RAM: 128MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi 2.4GHz: AR9344 built-in 2x2 MIMO radio
- Wi-Fi 5Ghz: AR9582 2x2 MIMO radio (Only in ZF7372)
- Antennas:
- Separate internal active antennas with beamforming support on both
bands with 7 elements per band, each controlled by 74LV164 GPIO
expanders, attached to GPIOs of each radio.
- Two dual-band external RP-SMA antenna connections on "7372-E"
variant.
- Ethernet 1: single Gigabit Ethernet port through AR8035 gigabit PHY
- Ethernet 2: single Fast Ethernet port through AR9344 built-in switch
- PoE: input through Gigabit port
- Standalone 12V/1A power input
- USB: optional single USB 2.0 host port on "-U" variants.
The same image should support:
- ZoneFlex 7372E (variant with external antennas, without beamforming
capability)
- ZoneFlex 7352 (single-band, 2.4GHz-only variant).
which are based on same baseboard (codename St. Bernard),
with different populated components.
Serial console: 115200-8-N-1 on internal H1 header.
Pinout:
H1
---
|5|
---
|4|
---
|3|
---
|x|
---
|1|
---
Pin 5 is near the "H1" marking.
1 - RX
x - no pin
3 - VCC (3.3V)
4 - GND
5 - TX
JTAG: Connector H2, similar to MIPS eJTAG, standard,
but without the key in pin 12 and not every pin routed:
------- H2
|1 |2 |
-------
|3 |4 |
-------
|5 |6 |
-------
|7 |8 |
-------
|9 |10|
-------
|11|12|
-------
|13|14|
-------
3 - TDI
5 - TDO
7 - TMS
9 - TCK
2,4,6,8,10 - GND
14 - Vref
1,11,12,13 - Not connected
Installation:
There are two methods of installation:
- Using serial console [1] - requires some disassembly, 3.3V USB-Serial
adapter, TFTP server, and removing a single T10 screw,
but with much less manual steps, and is generally recommended, being
safer.
- Using stock firmware root shell exploit, SSH and TFTP [2]. Does not
work on some rare versions of stock firmware. A more involved, and
requires installing `mkenvimage` from u-boot-tools package if you
choose to rebuild your own environment, but can be used without
disassembly or removal from installation point, if you have the
credentials.
If for some reason, size of your sysupgrade image exceeds 13312kB,
proceed with method [1]. For official images this is not likely to
happen ever.
[1] Using serial console:
0. Connect serial console to H1 header. Ensure the serial converter
does not back-power the board, otherwise it will fail to boot.
1. Power-on the board. Then quickly connect serial converter to PC and
hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
you'll enter U-boot shell. Then skip to point 3.
Connection parameters are 115200-8-N-1.
2. Allow the board to boot. Press the reset button, so the board
reboots into U-boot again and go back to point 1.
3. Set the "bootcmd" variable to disable the dual-boot feature of the
system and ensure that uImage is loaded. This is critical step, and
needs to be done only on initial installation.
> setenv bootcmd "bootm 0x9f040000"
> saveenv
4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed:
> setenv serverip 192.168.1.2
> setenv ipaddr 192.168.1.1
> tftpboot 0x81000000 openwrt-ath79-generic-ruckus_zf7372-initramfs-kernel.bin
> bootm 0x81000000
5. Optional, but highly recommended: back up contents of "firmware" partition:
$ ssh root@192.168.1.1 cat /dev/mtd1 > ruckus_zf7372_fw1_backup.bin
$ ssh root@192.168.1.1 cat /dev/mtd5 > ruckus_zf7372_fw2_backup.bin
6. Copy over sysupgrade image, and perform actual installation. OpenWrt
shall boot from flash afterwards:
$ ssh root@192.168.1.1
# sysupgrade -n openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin
[2] Using stock root shell:
0. Reset the device to factory defaullts. Power-on the device and after
it boots, hold the reset button near Ethernet connectors for 5
seconds.
1. Connect the device to the network. It will acquire address over DHCP,
so either find its address using list of DHCP leases by looking for
label MAC address, or try finding it by scanning for SSH port:
$ nmap 10.42.0.0/24 -p22
From now on, we assume your computer has address 10.42.0.1 and the device
has address 10.42.0.254.
2. Set up a TFTP server on your computer. We assume that TFTP server
root is at /srv/tftp.
3. Obtain root shell. Connect to the device over SSH. The SSHD ond the
frmware is pretty ancient and requires enabling HMAC-MD5.
$ ssh 10.42.0.254 \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyCheking=no \
-o MACs=hmac-md5
Login. User is "super", password is "sp-admin".
Now execute a hidden command:
Ruckus
It is case-sensitive. Copy and paste the following string,
including quotes. There will be no output on the console for that.
";/bin/sh;"
Hit "enter". The AP will respond with:
grrrr
OK
Now execute another hidden command:
!v54!
At "What's your chow?" prompt just hit "enter".
Congratulations, you should now be dropped to Busybox shell with root
permissions.
4. Optional, but highly recommended: backup the flash contents before
installation. At your PC ensure the device can write the firmware
over TFTP:
$ sudo touch /srv/tftp/ruckus_zf7372_firmware{1,2}.bin
$ sudo chmod 666 /srv/tftp/ruckus_zf7372_firmware{1,2}.bin
Locate partitions for primary and secondary firmware image.
NEVER blindly copy over MTD nodes, because MTD indices change
depending on the currently active firmware, and all partitions are
writable!
# grep rcks_wlan /proc/mtd
Copy over both images using TFTP, this will be useful in case you'd
like to return to stock FW in future. Make sure to backup both, as
OpenWrt uses bot firmwre partitions for storage!
# tftp -l /dev/<rcks_wlan.main_mtd> -r ruckus_zf7372_firmware1.bin -p 10.42.0.1
# tftp -l /dev/<rcks_wlan.bkup_mtd> -r ruckus_zf7372_firmware2.bin -p 10.42.0.1
When the command finishes, copy over the dump to a safe place for
storage.
$ cp /srv/tftp/ruckus_zf7372_firmware{1,2}.bin ~/
5. Ensure the system is running from the BACKUP image, i.e. from
rcks_wlan.bkup partition or "image 2". Otherwise the installation
WILL fail, and you will need to access mtd0 device to write image
which risks overwriting the bootloader, and so is not covered here
and not supported.
Switching to backup firmware can be achieved by executing a few
consecutive reboots of the device, or by updating the stock firmware. The
system will boot from the image it was not running from previously.
Stock firmware available to update was conveniently dumped in point 4 :-)
6. Prepare U-boot environment image.
Install u-boot-tools package. Alternatively, if you build your own
images, OpenWrt provides mkenvimage in host staging directory as well.
It is recommended to extract environment from the device, and modify
it, rather then relying on defaults:
$ sudo touch /srv/tftp/u-boot-env.bin
$ sudo chmod 666 /srv/tftp/u-boot-env.bin
On the device, find the MTD partition on which environment resides.
Beware, it may change depending on currently active firmware image!
# grep u-boot-env /proc/mtd
Now, copy over the partition
# tftp -l /dev/mtd<N> -r u-boot-env.bin -p 10.42.0.1
Store the stock environment in a safe place:
$ cp /srv/tftp/u-boot-env.bin ~/
Extract the values from the dump:
$ strings u-boot-env.bin | tee u-boot-env.txt
Now clean up the debris at the end of output, you should end up with
each variable defined once. After that, set the bootcmd variable like
this:
bootcmd=bootm 0x9f040000
You should end up with something like this:
bootcmd=bootm 0x9f040000
bootargs=console=ttyS0,115200 rootfstype=squashfs init=/sbin/init
baudrate=115200
ethaddr=0x00:0xaa:0xbb:0xcc:0xdd:0xee
bootdelay=2
mtdids=nor0=ar7100-nor0
mtdparts=mtdparts=ar7100-nor0:256k(u-boot),13312k(rcks_wlan.main),2048k(datafs),256k(u-boot-env),512k(Board Data),13312k(rcks_wlan.bkup)
ethact=eth0
filesize=1000000
fileaddr=81000000
ipaddr=192.168.0.7
serverip=192.168.0.51
partition=nor0,0
mtddevnum=0
mtddevname=u-boot
stdin=serial
stdout=serial
stderr=serial
These are the defaults, you can use most likely just this as input to
mkenvimage.
Now, create environment image and copy it over to TFTP root:
$ mkenvimage -s 0x40000 -b -o u-boot-env.bin u-boot-env.txt
$ sudo cp u-boot-env.bin /srv/tftp
This is the same image, gzipped and base64-encoded:
H4sIAAAAAAAAA+3QTW7TQBQAYB+AQ2TZSGk6Tpv+SbNBrNhyADSJHWolsYPtlJaDcAWOCXaqQhdIXOD7
Fm/ee+MZ+/nHu58fV03Tr/dFHNf9JDzdbcJVGGRjI7Vfurhu6q7ZlbHvnz+FWZ4vFyFM2mF30/XPhzJ2
X4+pe9h0k6qu+njRrar6YkyzVToWberL+HImK/uHVBRtDE8h3IenlIawWg1hvR5CUQyhLE/vLcpdeo6L
bN8XVdHFumlDTO1NHsL5mI/9Q2r7Lv5J3uzeL5bX27Pj+XjRdJZfXuaL7Vm73nafv+1SPd+nqp7OFuHq
dntWpD5tuqH6e+K8rB+ns+V45n2T2mLyYXjmH9estsfD9DTSuo/DErJNtSu76vswbjg5NU4D3752qsOp
zu8W8/z6dh7mN1lXto9lWx3eNJd5Ng5V9VVTn2afnSYuysf6uI9/8rQv48s3Z93wn+o4XFWl3Vg0x/5N
Vbbta5X9AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAID/+Q2Z/B7cAAAEAA==
7. Perform actual installation. Copy over OpenWrt sysupgrade image to
TFTP root:
$ sudo cp openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin /srv/tftp
Now load both to the device over TFTP:
# tftp -l /tmp/u-boot-env.bin -r u-boot-env.bin -g 10.42.0.1
# tftp -l /tmp/openwrt.bin -r openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin -g 10.42.0.1
Verify checksums of both images to ensure the transfer over TFTP
was completed:
# sha256sum /tmp/u-boot-env.bin /tmp/openwrt.bin
And compare it against source images:
$ sha256sum /srv/tftp/u-boot-env.bin /srv/tftp/openwrt-ath79-generic-ruckus_zf7372-squashfs-sysupgrade.bin
Locate MTD partition of the primary image:
# grep rcks_wlan.main /proc/mtd
Now, write the images in place. Write U-boot environment last, so
unit still can boot from backup image, should power failure occur during
this. Replace MTD placeholders with real MTD nodes:
# flashcp /tmp/openwrt.bin /dev/<rcks_wlan.main_mtd>
# flashcp /tmp/u-boot-env.bin /dev/<u-boot-env_mtd>
Finally, reboot the device. The device should directly boot into
OpenWrt. Look for the characteristic power LED blinking pattern.
# reboot -f
After unit boots, it should be available at the usual 192.168.1.1/24.
Return to factory firmware:
1. Boot into OpenWrt initramfs as for initial installation. To do that
without disassembly, you can write an initramfs image to the device
using 'sysupgrade -F' first.
2. Unset the "bootcmd" variable:
fw_setenv bootcmd ""
3. Write factory images downloaded from manufacturer website into
fwconcat0 and fwconcat1 MTD partitions, or restore backup you took
before installation:
mtd write ruckus_zf7372_fw1_backup.bin /dev/mtd1
mtd write ruckus_zf7372_fw2_backup.bin /dev/mtd5
4. Reboot the system, it should load into factory firmware again.
Quirks and known issues:
- This is first device in ath79 target to support link state reporting
on FE port attached trough the built-in switch.
- Flash layout is changed from the factory, to use both firmware image
partitions for storage using mtd-concat, and uImage format is used to
actually boot the system, which rules out the dual-boot capability.
The 5GHz radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
OpenWrt by choice.
It is controlled by data in the top 64kB of RAM which is unmapped,
to avoid the interference in the boot process and accidental
switch to the inactive image, although boot script presence in
form of "bootcmd" variable should prevent this entirely.
- U-boot disables JTAG when starting. To re-enable it, you need to
execute the following command before booting:
mw.l 1804006c 40
And also you need to disable the reset button in device tree if you
intend to debug Linux, because reset button on GPIO0 shares the TCK
pin.
- On some versions of stock firmware, it is possible to obtain root shell,
however not much is available in terms of debugging facitilies.
1. Login to the rkscli
2. Execute hidden command "Ruckus"
3. Copy and paste ";/bin/sh;" including quotes. This is required only
once, the payload will be stored in writable filesystem.
4. Execute hidden command "!v54!". Press Enter leaving empty reply for
"What's your chow?" prompt.
5. Busybox shell shall open.
Source: https://alephsecurity.com/vulns/aleph-2019014
- Stock firmware has beamforming functionality, known as BeamFlex,
using active multi-segment antennas on both bands - controlled by
RF analog switches, driven by a pair of 74LV164 shift registers.
Shift registers used for each radio are connected to GPIO14 (clock)
and GPIO15 of the respective chip.
They are mapped as generic GPIOs in OpenWrt - in stock firmware,
they were most likely handled directly by radio firmware,
given the real-time nature of their control.
Lack of this support in OpenWrt causes the antennas to behave as
ordinary omnidirectional antennas, and does not affect throughput in
normal conditions, but GPIOs are available to tinker with nonetheless.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Aka Kroks Rt-Cse5 UW DRSIM (KNdRt31R16), ID 1958:
https://kroks.ru/search/?text=1958
See Kroks OpenWrt fork for support of other models:
https://github.com/kroks-free/openwrt
Device specs:
- CPU: MediaTek MT7628AN
- Flash: 16MB SPI NOR
- RAM: 64MB
- Bootloader: U-Boot
- Ethernet: 5x 10/100 Mbps
- 2.4 GHz: b/g/n SoC
- USB: 1x
- SIM-reader: 2x (driven by a dedicated chip with it's own firmware)
- Buttons: reset
- LEDs: 1x Power, 1x Wi-Fi, 12x others (SIM status, Internet, etc.)
Flashing:
- sysupgrade image via stock firmware WEB interface, IP: 192.168.1.254
- U-Boot launches a WEB server if Reset button is held during power up,
IP: 192.168.1.1
MAC addresses as verified by OEM firmware:
vendor OpenWrt source
LAN eth0 factory 0x4 (label)
2g wlan0 label
Signed-off-by: Andrey Butirsky <butirsky@gmail.com>
Aka "Kroks KNdRt31R19".
Ported from v19.07.8 of OpenWrt fork:
see https://github.com/kroks-free/openwrt
for support of other models.
Device specs:
- CPU: MediaTek MT7628AN
- Flash: 16MB SPI NOR
- RAM: 64MB
- Bootloader: U-Boot
- Ethernet: 1x 10/100 Mbps
- 2.4 GHz: b/g/n SoC
- mPCIe: 1x (usually equipped with an LTE modem by vendor)
- Buttons: reset
- LEDs: 1x Modem, 1x Injector, 1x Wi-Fi, 1x Status
Flashing:
- sysupgrade image via stock firmware WEB interface.
- U-Boot launches a WEB server if Reset button is held during power up.
Server IP: 192.168.1.1
SIM card switching:
The device supports up to 4 SIM cards - 2 locally on board and 2 on
remote SIM-injector.
By default, 1-st local SIM is active.
To switch to e.g. 1-st remote SIM:
echo 0 > /sys/class/gpio/modem1power/value
echo 0 > /sys/class/gpio/modem1sim1/value
echo 1 > /sys/class/gpio/modem1rsim1/value
echo 1 > /sys/class/gpio/modem1power/value
MAC addresses as verified by OEM firmware:
vendor OpenWrt source
LAN eth0 factory 0x4 (label)
2g wlan0 label
Signed-off-by: Kroks <dev@kroks.ru>
[butirsky@gmail.com: port to master; drop dts-v1]
Signed-off-by: Andrey Butirsky <butirsky@gmail.com>
This patch adds libbpf to the dependencies of tc-mod-iptables.
The package tc-mod-iptables is missing libbpf as a dependency,
which leads to the build failure described in bug #9491
LIBBPF_FORCE=on set, but couldn't find a usable libbpf
The build dependency is already automatically added because some other
packages from iproute2 depend on libbpf, but bpftools has multiple build
variants. With multiple build variants none gets build by default and
the build system will not build bpftools before iproute2.
Fixes: #9491
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is an RTL8393-based switch with 802.3af on all 48 ports.
Specifications:
---------------
* SoC: Realtek RTL8393M
* Flash: 32 MiB SPI flash
* RAM: 256 MiB
* Ethernet: 48x 10/100/1000 Mbps with PoE+
* Buttons: 1x "Reset" button, 1x "Speed" button
* UART: 1x serial header, unpopulated
* PoE: 12x TI TPS23861 I2C PoE controller, 384W PoE budget
* SFP: 4 SFP ports
Works:
------
- (48) RJ-45 ethernet ports
- Switch functions
- Buttons
- All LEDs on front panel except port LEDs
- Fan monitoring and basic control
Not yet enabled:
----------------
- PoE - ICs are not in AUTO mode, so the kernel driver is not usable
- Port LEDs
- SFP cages
Install via web interface:
-------------------------
Not supported at this time.
Install via serial console/tftp:
--------------------------------
The U-Boot firmware drops to a TP-Link specific "BOOTUTIL" shell at
38400 baud. There is no known way to exit out of this shell, and no
way to do anything useful.
Ideally, one would trick the bootloader into flashing the sysupgrade
image first. However, if the image exceeds 6MiB in size, it will not
work. To install OpenWRT:
Prepare a tftp server with:
1. server address: 192.168.0.146
2. the image as: "uImage.img"
Power on device, and stop boot by pressing any key.
Once the shell is active:
1. Ground out the CLK (pin 16) of the ROM (U6)
2. Select option "3. Start"
3. Bootloader notes that "The kernel has been damaged!"
4. Release CLK as soon as bootloader thinks image is corrupted.
5. Bootloader enters automatic recovery -- details printed on console
6. Watch as the bootloader flashes and boots OpenWRT.
Blind install via tftp:
-----------------------
This method works when it's not feasible to install a serial header.
Prepare a tftp server with:
1. server address: 192.168.0.146
2. the image as: "uImage.img"
3. Watch network traffic (tcpdump or wireshark works)
4. Power on the device.
5. Wait 1-2 seconds then ground out the CLK (pin 16) of the ROM (U6)
6. When 192.168.0.30 makes tftp requests, release pin 16
7. Wait 2-3 minutes for device to auto-flash and boot OpenWRT
Signed-off-by: Andreas Böhler <dev@aboehler.at>
Some platforms lack an established way to name netdevs; for example,
on x86, PCIe-based ethernet interfaces will be named starting from
eth0 in the order they are probed. This is a problem for many devices
supported explicitly by OpenWrt which have hard-wired, standalone or
on-CPU NICs not supported by DSA (which is usually used to rename the
ports based on their ostensible function).
To fix this, add a mapping between ethernet device name and sysfs
device path to board.json; this allows us to configure ethernet device
names we know about for a given board so that they correspond to
external labeling.
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
The GPIO used for the RST button is also used for PCIe-CLKREQ signal.
Hence it cannot be used as button signal if PCIe is also used.
Wire up WPS button to serve as KEY_RESTART in Linux and "reset" button
in U-Boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
It allows prepopulating /etc/config/network interface-s with predefined
metric. It may be useful for devices with multiple WAN ports.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
btusb fails to start on MT792[12] hardware without the appropriate
firmware being loaded first:
[ 9.750285] bluetooth hci0: Direct firmware load for mediatek/BT_RAM_CODE_MT7961_1_2_hdr.bin failed with error -2
[ 9.765723] bluetooth hci0: Falling back to sysfs fallback for: mediatek/BT_RAM_CODE_MT7961_1_2_hdr.bin
Package firmware for MediaTek MT792[12] Bluetooth from linux-firmware.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Enable MediaTek protocol in btusb module to support e.g. the Bluetooth
part of the MT7921K NGFF/M.2 module.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Pakedge WR-1 is a dual-band wireless router.
Specification
SoC: Qualcomm Atheros IPQ4018
RAM: 256 MB DDR3
Flash: 32 MB SPI NOR
WIFI: 2.4 GHz 2T2R integrated
5 GHz 2T2R integrated
Ethernet: 5x 10/100/1000 Mbps QCA8075
USB: 1x 2.0
LEDS: 8x (3 GPIO controlled, 5 connected to switch)
Buttons: 1x GPIO controlled
UART: pin header J5
1. 3.3V, 2. GND, 3. TX, 4. RX
baud: 115200, parity: none, flow control: none
Installation
1. Rename initramfs image to:
openwrt-ipq806x-qcom-ipq40xx-ap.dk01.1-c1-fit-uImage-initramfs.itb
and copy it to USB flash drive with FAT32 file system.
2. Connect USB flash drive to the router and apply power while pressing
reset button. Hold the button, on the lates bootloader version, when
Power and WiFi-5 LEDs will start blinking release it. For the older
bootloader holding it for 15 seconds should suffice.
3. Now the router boots the initramfs image, at some point (close to one
minute) the Power LED will start blinking, when stops, router is fully
booted.
4. Connect to one of LAN ports and use SSH to open the shell at
192.168.1.1.
5. ATTENTION! now backup the mtd8 and mtd9 partitions, it's necessary if,
at some point, You want to go back to original firmware. The firmware
provided by manufacturer on its site is encrypted and U-Boot accepts
only decrypted factory images, so there's no way to restore original
firmware.
6. If the backup is prepared, transfer the sysupgrade image to the router
and use 'sysupgrade' command to flash it.
7. After successful flashing router will reboot. At some point the Power
LED will start blinking, wait till it stops, then router is ready for
configuration.
Additional information
U-Boot command line is password protected. Password is unknown.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Devices using GPT usually have FAT filesystem on boot partition and
that's where the intermediary backup of system configuration is stored
on sysupgrade. Automatic restoring of OpenWrt configuration after
sysupgrade will be inhibited if the driver is not loaded and file system
type is not specified in mount command.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Update host build of fiptool and use the new python sptool.py instead
of the previous sptool executable.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
There are two feature currently altered by the multicast_to_unicast option.
1. bridge level multicast_to_unicast via IGMP snooping
2. hostapd/mac80211 config multicast_to_unicast setting
The hostapd/mac80211 setting has the side effect of converting *all* multicast
or broadcast traffic into per-station duplicated unicast traffic, which can
in some cases break expectations of various protocols.
It also has been observed to cause ARP lookup failure between stations
connected to the same interface.
The bridge level feature is much more useful, since it only covers actual
multicast traffic managed by IGMP, and it implicitly defaults to 1 already.
Renaming the hostapd/mac80211 option to multicast_to_unicast_all should avoid
unintentionally enabling this feature
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Commit 0b7c66c ("at91bootstrap: add sama5d27_som1_eksd1_uboot as
default defconfig") changed default booting media for sama5d27_som1_ek
board w/o any reason. Changed it back to sdmmc0 as it is for all the
other Microchip supported distributions for this board (Buildroot,
Yocto Project). The initial commit cannot be cleanly reverted.
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Commit adc69fe (""uboot-at91: changed som1 ek default defconfigs")
changed the booting media to sdmmc1 as default booting w/o any reason.
The Microchip releases for the rest of supported distributions (Buildroot,
Yocto Project) uses sdmmc0 as default booting media for this board.
Thus change it back to sdmmc0. With this remove references to sdmmc1
config. The initial commit cannot be cleanly reverted.
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
f5d02c32f811 pex: add support for sending endpoint notification from the wg port via raw socket
c3b1127236a0 ubus: add support for querying active networks
8ad119715168 ubus: add support for adding auth_connect hosts at runtime
26dc52789d41 network: add support for configuring extra peers via a separate json file
d7fb9e5b065b ubus: add reload command
Signed-off-by: Felix Fietkau <nbd@nbd.name>
f5fcdcf cli: introduce test mode and refuse firewall restart on errors
a540f6d fw4: fix cosmetic issue with per-ruleset and per-table include paths
695e821 doc: fix swapped include positions in nftables.d README
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Weijie Gao has submitted an updated version of the patchset adding
support for MT7986 and MT7981 to U-Boot. Use that v2 patchset.
Changes of v2:
- Add cpu driver for print_cpuinfo()
- Fix NULL pointer dereference in mtk_image
(was already fixed in OpenWrt)
- Fix coding style
- Minor changes
https://patchwork.ozlabs.org/project/uboot/list/?series=316148
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Create new mediatek_filogic file and add entries for environment on
MMC, UBI and NOR for the Bananapi BPi-R3.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The Bananapi BPi-R3 board can boot from eMMC, SD card, SPI-NAND and
SPI-NOR, depending on the position of switches controlling the BOOTSEL
bootstrap pins as we as hard-wired chip-select lines. The position of the
chip-select switch SW6 decides whether either SD card or eMMC can be
accessed, SW5 selects either SPI-NAND or SPI-NOR.
Generate U-Boot for all 4 boot options. The SD card version allows
installation to SPI-NAND and SPI-NOR (eMMC cannot be accessed
simultanously with the SD card), the SPI-NAND version allows installation
to eMMC.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Testing has shown it to be very unreliable in variety of configurations.
It is not mandatory, so let's disable it by default until we have a better
solution.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
344fa9e lib: extend render() to support function values
89452b2 lib: improve getenv() and split() implementations
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
b75791a6db25 scripts/update-cmd.pl: reorder add/remove calls to better deal with dynamic changes
c29e1ad045d0 scripts/update-cmd.pl: set device up before adding routes/addresses
5ad35ce4beea scripts/update-cmd.pl: run update two times
5d79b88f00c1 add support for overriding peer-exchange-port for individual hosts
0041fcacb624 add support for disabling VXLAN/eBPF support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
5cbd55f60346 unet-cli: fix formatting of help text
59b97448b636 build.sh: force use of -fPIC on static libraries to fix build error
74a14c00abb0 pex-msg: fix siphash key initializer
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This forces a rebuild of the wolfssl package when the
libwolfssl-benchmark OpenWrt package gets activated or deactivated.
Without this change the wolfssl build will fail when it compiled without
libwolfssl-benchmark before and it gets activated for the next build.
Fixes: 18fd12edb8 ("wolfssl: add benchmark utility")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Older MT7623 ARMv7 SoC as well as new Filogic platforms come with
inside-secure,safexcel-eip97 units. Enable them in DTS and select the
driver kernel module by default on those platforms.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Treat missing compression node in FIT image as IH_COMP_NONE.
This is implicentely already happening in most places, but for now
was still triggering an annoying warning about initramfs compression
being obsolete despite compression note being absent.
Fix this.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* updated SNAND/SNFI driver brings support for MT7981
* add support for MediaTek NAND Memory bad Block Management (NMBM)
(not used for any boards atm, but could be useful in future)
* wire up NMBM support for MT7622, MT7629, MT7981 and MT7986
* replace some local patches with updated version from SDK
* bring some legacy precompiler symbols which haven't been converted
into Kconfig symbols in U-Boot 2022.07, remove when bumbping to
U-Boot 2022.10:
100-28-include-configs-mt7986-h-from-SDK.patch
Source: https://github.com/mtk-openwrt/u-boot
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
MediaTek's ARM Trusted Firmware v2.7+ allows the images inside a FIP
structure to be compressed. Make use of that for boards with NOR flash.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Truncating a UBI volume using `ubi write 0x0 volname 0x0` results in
segfault on newer U-Boot. Write 1MB of 0s instead.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The updated sources bring support for the MT798x Filogic SoC family.
Add builds for MT7986 with most supported storage types, each for DDR3
and DDR4 configurations.
A better solution for skipping bad blocks on SPI-NAND connected via the
SNFI interface has been implemented upstream, so drop local patch.
Add pending patches [1] and [2] to fix boot on existing MT7622 boards.
Tested on BananaPi BPi-R64 (SDMMC, eMMC, SPI-NAND), Linksys E8450 and
Ubiquiti UniFi 6 LR as well as upcoming Bananapi BPi-R3 board for which
support will be added in future patches.
[1]: https://github.com/mtk-openwrt/arm-trusted-firmware/pulls/#3
[2]: https://github.com/mtk-openwrt/arm-trusted-firmware/pulls/#4
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Instead of relying on dtc being provided by the build host use the
dtc from $(LINUX_DIR) similar to how it's done also in u-boot.mk.
For this to work kernel.mk now needs to be included before
trusted-firmware-a.mk, add this include to all affected packages.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes from popt 1.16:
- fix an ugly and ancient security issue with popt failing to drop privileges on alias exec from a SUID/SGID program
- perform rudimentary sanity checks when reading in popt config files
- collect accumulated misc fixes (memleaks etc) from distros
- convert translations to utf-8 encoding
- convert old postscript documentation to pdf
- dust off ten years worth of autotools sediment
- reorganize and clean up the source tree for clarity
- remove the obnoxious splint annotations from the sources
Switch to new mirror:
http://ftp.rpm.org/popt/releases/
Switch URL to:
https://github.com/rpm-software-management/popt
Signed-off-by: Nick Hainke <vincent@systemli.org>
Remove upstreamed patch:
- 0001-meta-don-t-use-non-POSIX-formats-in-strptime.patch
Changes:
13248670 build: Bump version to 1.0.5
3432eebd tests/py: disable arp family for queue statement
180ce4d7 meta: don't use non-POSIX formats in strptime()
c1c223f1 src: allow anon set concatenation with ether and vlan
87c3041b evaluate: search stacked header list for matching payload dep
b1e3ed03 netlink_delinearize: also postprocess OP_AND in set element context
f680055c tests: add a test case for ether and vlan listing
dbd5f348 debug: dump the l2 protocol stack
0d9daa04 proto: track full stack of seen l2 protocols, not just cumulative offset
89688c94 netlink_delinearize: postprocess binary ands in concatenations
0542a431 netlink_delinearize: allow postprocessing on concatenated elements
8efab552 parser_json: fix device parsing in netdev family
76fae8f5 src: proto: support DF, LE PHB, VA for DSCP
446e76db doc: Document limitations of ipsec expression with xfrm_interface
a2ddb38f cache: report an error message if cache initialization fails
649b8ce3 cache: validate handle string length
64c74ba5 cache: prepare nft_cache_evaluate() to return error
46980cdd rule: crash when uncollapsing command with unexisting table or set
8a6cdfaf cache: release pending rules when chain binding lookup fails
e17337df evaluate: report missing interval flag when using prefix/range in concatenation
45c097c6 scanner: allow prefix in ip6 scope
6c23bfa5 segtree: fix map listing with interface wildcard
8623772a scanner: don't pop active flex scanner scope
994bf500 parser: add missing synproxy scope closure
ed2426bc tests/py: Add a test for failing ipsec after counter
27107b49 evaluate: fix segfault when adding elements to invalid set
0f82b07f mnl: store netlink error location for set elements
15b3be2e src: remove NFT_NLATTR_LOC_MAX limit for netlink location error reporting
f56e901a parser_bison: fix error location for set elements
6d1ee926 intervals: check for EXPR_F_REMOVE in case of element mismatch
5357cb7b intervals: fix crash when trying to remove element in empty set
d54510f8 netlink_delinearize: memleak when parsing concatenation data
12a223ce libnftables: release top level scope
b91bbf88 optimize: limit statement is not supported yet
45a61a75 optimize: assume verdict is same when rules have no verdict
fa409176 optimize: only merge OP_IMPLICIT and OP_EQ relational
29e62111 tests: shell: run -c -o on ruleset
887405df optimize: add unsupported statement
8f61a69e optimize: add hash expression support
ca8fd77a optimize: add numgen expression support
721efd64 optimize: add binop expression support
f7e901a2 optimize: add fib expression support
54b1e49f optimize: add xfrm expression support
0beaea37 optimize: add osf expression support
d07fe8e8 optimize: fix verdict map merging
38d48fe5 optimize: fix reject statement
f9939f89 optimize: remove comment after merging
8f10f33a optimize: do not print stateful information
3ac932e9 optimize: do not merge rules with set reference in rhs
64ebb03a optimize: do not compare relational expression rhs when collecting statements
59e3a592 intervals: Do not sort cached set elements over and over again
d434de8b intervals: do not empty cache for maps
87ba510f intervals: do not report exact overlaps for new elements
498a5f0c rule: collapse set element commands
8fafe4e6 tests: shell: runtime set element automerge
638af0ce Revert "scanner: flags: move to own scope"
Signed-off-by: Nick Hainke <vincent@systemli.org>
Instead of defining the MIN version it is enough to include "#include
<sys/param.h>".
Delete patch:
- 105-ipstats-Define-MIN-function-to-fix-undefined-referen.patch
Add patch:
- 010-ipstats-Add-param.h-for-musl.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
Use 4k sectors when accessing the U-Boot environment on the 64MiB
SPI-NOR flash chip found in the UniFi 6 LR. The speeds up environment
write access as only 4kB instead of 64kB have to be written.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Image names as well as the calculation of the padded image size did
not work as intended. Fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
35fec487e3 fixed opkg usage,
but when using buildroot we were still defaulting to
ip(6)tables-legacy
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This package simplifies setting up wireguard networks on OpenWrt by a wireguard
network as a JSON file, which can be shared across all participating nodes.
It can be signed with an authentication key and automatically kept in sync.
unetd also supports deterministically generating ipv6 addresses for each host
based on the public key and storing those in a hosts file that can be used with
dnsmasq. It also supports automatically creating VXLAN tunnels between multiple
endpoints.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
gcc 10 with -O2 reports following:
In function ‘strncpy’,
inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:244:4:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘strncpy’,
inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:227:4:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Since it is not possible to avoid truncation by strncpy, it is necessary
to make sure the result of strncpy is properly NUL-terminated and the
NUL must be inserted explicitly, after strncpy has returned.
References: #10442
Reported-by: Alexey Smirnov <s.alexey@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
a4484d4 fw4: support automatic includes
ca7e3a1 fw4: honour enabled option of include sections
5a02f74 tests: add missing fs.stat) mock data for `nf_conntrack_dummy`
111a7f7 fw4: don't inherit zone family from ct helpers
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
e3395cd ucode: initialize search path before VM init
8cb3f85 ucode: initialize default library search path
188dea2 utils: accept '?' as path terminator in uh_path_match()
c5eac5d file: support using dynamic script handlers as error pages
290ff88 relay: trigger close if in header read state with pending data
f9db538 ucode: ignore exit exceptions
8ba0b64 cmake: use variables and find_library for dependency
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
bcdd2cb examples: add module search path initialization and freeing
ee1946f ubus: fix GCC strncpy() truncation warning
131d99c lib: introduce three new functions call(), loadstring() and loadfile()
8e8dae0 lib: introduce helper function for indenting error messages
476f02b lib: simplify include_path()
d84b53a source: avoid null pointer access in uc_source_runpath_set()
c43a54f types: gracefully handle unpatched upvalues in ucv_free()
e2fb11a README.md: document gc() function
b41cb2d main: introduce -g flag to allow enabling periodic gc from cli
85d7885 lib: implement gc()
47528f0 vm: support automatic periodic GC runs
381cc75 types: treat vm->exports as GC roots
fcc49e6 compiler: add import statement support for dynamic extensions
c9442f1 vm: introduce new I_DYNLOAD opcode
b6fd8a2 lib: internally expose new uc_require_library() helper
a486adc vm: don't treat offset 0 special for exceptions
41ccd19 compiler: don't treat offset 0 special at syntax errors
b4a3f68 compiler: improve formatting of nested syntax error messages
5d5dadc program: remove now unused uc_program_export_lookup()
304995b compiler: rework export index allocation
506cc37 compiler: fix deriving module path from source runpath
54b7fac compiler: enforce stricter module compilation rules
d62e372 vm: don't initialize upvalues for module functions
b856602 program: add serialization and deserialization for module function flag
d7d1bde compiler: add a flag denoting module functions
156d584 treewide: unexport libucode internal functions
10e056d compiler: add support for import/export statements
862e49d compiler: resolve predeclared upvalues
78dfb08 compiler: require a name in function declarations
afd78c1 compiler: fix reported source position in inc/dec operator error
e1c3db0 tests: run_tests.sh: substitute dynamic test directory path in output
3c168b5 vm, cli: move search path into global configuration structure
d85bc71 vm: introduce import and export opcodes
365782e vm: honor constant flag of objects and arrays
6becc64 vm: transparently resolve upvalue references
3418967 vm: gracefully handle unresolved upvalues
50cf572 program: add function to globally lookup exported name
c441f65 program: add infrastructure to handle multiple sources per program
2322468 program: fix reporting source position of first instruction
9c9a9ec program: fix en/decoding debuginfo upvalue slots in precompiled bytecode
41114a0 source: add tracking of exported symbols
70ae304 lib: honor constant flag of arrays
3c104f5 types: resolve upvalue references on stringification
3a6f9cb types: add ability to mark array and object values as constant
b738f3a lexer: recognize module related keywords
03c8e4b lexer: rewrite token scanner
fd433aa lexer: fix parsing with disabled block left stripping
557577a rtnl: fix parsing/creation of IFLA_AF_SPEC RTA for the AF_BRIDGE family
35c6b73 compiler: fix stack mismatch on continue statements nested in switches
f673096 uloop: end uloop on exceptions in managed code
2e5426c ubus: end uloop on exceptions in managed code
c024270 rtnl: expose IFLA_STATS64 contents
d3c58c0 rtnl: expose ifinfomsg.ifi_change member
c4dde50 rtnl: update NETLINK_GET_STRICT_CHK socket flag with every request
7ef0d02 nl80211: fix NL80211_SURVEY_INFO_NOISE datatype
9a2e592 compiler: fix stack mismatch on nonmatching switch statements with locals
03c8ca5 nl80211: recognize further NL80211_STA_INFO_* NLAs
a1ed566 struct: add optional offset argument to `unpack()`
230e595 rtnl: fix segmentation fault on parsing linkinfo RTA without data
523566d rtnl: zero request message headers
56be30d rtnl: fix premature netlink reply receive abort
1347440 rtnl: avoid stray "netlink: %d bytes leftover after parsing attributes."
44b0a3b struct: fix packing `*` format after other repeated formats
Also package uloop binding module which has been introduced by a previous
ucode update and introduce a host build with the basic set of modules.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
WPA3 enterprise requires group_mgmt_cipher=BIP-GMAC-256 and if 802.11r is
active also wpa_key_mgmt FT-EAP-SHA384. This commit also requires
corresponding changes in netifd.
Signed-off-by: Joerg Werner <schreibubi@gmail.com>
It is common for 802.11ax NICs to support more than just AP mode, which
results in there being a distinct set of HE capabilities for each mode. As
(bad) luck would have it, iw prints out info for each HE mode in sequential
order according to `enum nl80211_iftype`, and AP mode isn't always first.
As a result, the wrong set of HE capabilities can be parsed if an AP NIC
supports station (managed) mode or any other mode preceding AP mode, since
only the first set of HE capabilities printed by iw is parsed from awk's
output.
This has a noticeable impact on beamforming for example, since managed mode
usually doesn't have beamformer capabilities enabled, while AP mode does.
Hostapd won't be set up with the configs to enable beamformer capabilities
in this scenario, causing hostapd to disable beamforming to HE stations
even when it's supported by the AP.
Always parse the correct set of HE capabilities for AP mode to fix this.
This is achieved by trimming all of iw's output prior to the AP mode
capabilities, which ensures that the first set of HE capabilities are
always for AP mode.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
General hardware info:
-------------------------------------------------------------------------------
D-Link DGS-1210-10MP is a switch with 8 ethernet ports and 2 SFP ports, all
ports Gbit capable. It is based on a RTL8380 SoC @ 500MHz, DRAM 128MB and
32MB flash. All ethernet ports are 802.3af/at PoE capable
with a total PoE power budget of 130W.
File info:
-------------------------------------------------------------------------------
The dgs-1210-10mp is very similar to dgs-1210-10p so I used that as a start.
rtl838x.mk:
- Removed lua-rs232 package since it was a leftover from the old rtl83xx-poe
package.
- Updated the soc to 8380.
- Specified device variant: F.
- Installed the new realtek-poe package.
rtl8380_d-link_dgs-1210-10mp.dts:
- Moved dgs-1210 family common parts and non PoE related ports on rtl8231
to the new device tree dtsi files.
Serial connection:
-------------------------------------------------------------------------------
The UART for the SoC (115200 8N1) is available close to the front panel next
to the LED/key card connector via unpopulated standard 0.1" pin header
marked j4. Pin1 is marked with arrow and square.
Pin 1: Vcc 3,3V
Pin 2: Tx
Pin 3: Rx
Pin 4: Gnd
Installation with TFTP from u-boot
-------------------------------------------------------------------------------
I originally used the install procedure:
'OpenWrt installation using the TFTP method and serial console access' found
in the device wiki for the dgs-1210-16.
< https://openwrt.org/toh/d-link/dgs-1210-16_g1#openwrt_installation_using
_the_tftp_method_and_serial_console_access >
About the realtek-poe package
-------------------------------------------------------------------------------
The realtek-poe package is installed but there isn't any automatic PoE config
setting at this time so for now the PoE config must be edited manually.
Original OEM hardware/firmware data at first installation
-------------------------------------------------------------------------------
It has been installed, developed, and tested on a device with these OEM
hardware and firmware versions.
- U-boot: 2011.12.(2.1.5.67086)-Candidate1 (Jun 22 2020 - 15:03:58)
- Boot version: 1.01.001
- Firmware version: 6.20.007
- Hardware version: F1
Things to be done when support are developed
-------------------------------------------------------------------------------
- realtek-poe has been included in OpenWrt but the automatic config handling
has not been solved yet so in the future there will probably be some minor
updates for this device to handle the poe config.
- LED link_act and poe are per function supposed to be connected to the PoE
system.
But some software development is also needed to make this LED work and
shift the LED array between act and poe indication and to shift the mode
lights with mode key.
- LED poe_max should probably be used as straight forward error output from
the realtek-poe package error handling. But no code has been written for
this.
- SFP is currently not hot pluggable. Development is under progress to get
working I2C communication with SFP and have them hot pluggable.
When any device in the dgs-1210 family gets this working, I expect it
should be possible to implement the same solution in this device.
Signed-off-by: Daniel Groth <flygarn12@gmail.com>
[Capitalisation of abbreviations, DEVICE_VARIANT and update filenames,
device compatibles on single line]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Modify uencrypt to support any cipher provided by ssl library.
Original tool supported only AES-128-CBC to decrypt the config
mtd of Arcadyan WG430223/WG443223.
TP-Link Deco S4 has mtd configuration encrypted with DES-ECB,
so make the cipher generic to support both routers.
Signed-off-by: Nick French <nickfrench@gmail.com>
Reviewed-by: Eneas U de Queiroz >cotequeiroz@gmail.com>
Some Arcadyan devices (e.g. MTS WG430223) keep their config in encrypted
mtd. This adds mtd_get_mac_encrypted_arcadyan() function to get the MAC
address from the encrypted partition. Function uses uencrypt utility for
decryption (and openssl if the uencrypt wasn't found).
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
In the SDK the folder $(LINUX_DIR)/user_headers/include does not exist,
but it more or less contains the same content as
$(LINUX_DIR)/include/uapi which also exists in the SDK.
Since iproute2 commit 1d819dcc741e ("configure: fix parsing issue on
include_dir option") it checks if this folder exists and aborts the
build if it does not exists.
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1d819dcc741e25958190e31f8186c940713fa0a8
With this commit the KERNEL_INCLUDE variable points to a valid folder
with the kernel include headers. I am not sure if they are actually
needed because the build worked before even with an invalid path.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
There is no WLAN_STA_MBO flag, but according to the hostapd source code,
when an STA does not support MBO, cell_capa will be 0. Use this to
indicate MBO support in the get_clients ubus method.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: David Bauer <mail@david-bauer.net>
There is only one module in kmod-sched that depends on iptables. Move it
to its own kmod package so we can drop the kmod-ipt-core dependency from
kmod-sched. This makes it possible to disable all kmod-ipt-* packages
without having to disable kmod-sched. Since we now default to firewall4
and nftables, we should avoid iptables dependencies where we can.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This reverts commit cc24c4ed5e.
binutils does not compile with glibc:
Package binutils is missing dependencies for the following libraries:
libgprofng.so.0
libmsgpackc.so.2
libstdc++.so.6
libbpf does not compile against binutils 2.39 any more, see:
https://github.com/libbpf/bpftool/issues/30
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
8c213b0 libfstools: Rename move_mount() function to ovl_move_mount() for glibc 2.36
81785c1 block: Do not include linux/fs.h any more
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the following build error:
Package kmod-hwmon-tps23861 is missing dependencies for the following libraries:
regmap-i2c.ko
Fixes: b664646db7 ("kernel: add kmod-hwmon-tps23861 support")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes:
* The ELF linker will now generate a warning message if the stack is made
executable. Similarly it will warn if the output binary contains a
segment with all three of the read, write and execute permission
bits set. These warnings are intended to help developers identify
programs which might be vulnerable to attack via these executable
memory regions.
The warnings are enabled by default but can be disabled via a command
line option. It is also possible to build a linker with the warnings
disabled, should that be necessary.
* The ELF linker now supports a --package-metadata option that allows
embedding a JSON payload in accordance to the Package Metadata
specification.
* In linker scripts it is now possible to use TYPE=<type> in an output
section description to set the section type value.
* The objdump program now supports coloured/colored syntax
highlighting of its disassembler output for some architectures.
(Currently: AVR, RiscV, s390, x86, x86_64).
* The nm program now supports a --no-weak/-W option to make it ignore
weak symbols.
* The readelf and objdump programs now support a -wE option to prevent
them from attempting to access debuginfod servers when following
links.
* The objcopy program's --weaken, --weaken-symbol, and
--weaken-symbols options now works with unique symbols as well.
Announcement:
https://sourceware.org/pipermail/binutils/2022-August/122246.html
Signed-off-by: Nick Hainke <vincent@systemli.org>
With the 5.18 and 5.19 update ip-tiny grows in size. Remove some
features bringing it back to the size before 5.18.
Remove
- Identifier-locator addressing (ila)
- MACsec Device Configuration (macsec)
- Multicast Routing Cache Management (mroute)
- mrule
- Virtual Routing and Forwarding (vrf)
- Segment Routing (sr)
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add patch:
- 105-ipstats-Define-MIN-function-to-fix-undefined-referen.patch
Refreshed:
- 170-ip_tiny.patch
- 195-build_variant_ip_tc.patch
Changes:
deb48554 v5.19.0
f8decf82 bpf_glue: include errno.h
71178ae0 rdma: update uapi/ib_user_verbs.h
96594fd2 vdpa: update uapi headers from 5.19-rc7
30c7b77f Revert "uapi: add vdpa.h"
c5433c4b ip neigh: Fix memory leak when doing 'get'
2cb76253 mptcp: Fix memory leak when getting limits
afdbb020 mptcp: Fix memory leak when doing 'endpoint show'
6db01afd bridge: Fix memory leak when doing 'fdb get'
1d540336 ip address: Fix memory leak when specifying device
325f706b uapi: add virtio_ring.h
291898c5 uapi: add vdpa.h
6e2fb804 uapi: update bpf.h
329fda18 ip: Fix size_columns() invocation that passes a 32-bit quantity
2a00a4b1 man: tc-fq_codel: add drop_batch
6bf5abef uapi: update mptcp.h
02410392 ip: Fix size_columns() for very large values
ed243312 man: tc-ct.8: fix example
2bb37e90 l2tp: fix typo in AF_INET6 checksum JSON print
855edb3d man: tc-fq_codel: Fix a typo.
4044a453 tc: declaration hides parameter
a44a7918 genl: fix duplicate include guard
703f2de6 uapi: change name for zerocopy sendfile in tls
248ad98e uapi: update socket.h
11e41a63 ip: Convert non-constant initializers to macros
8d3977ef Update kernel headers
5a1ad9f8 man: ip-stats.8: Describe groups xstats, xstats_slave and afstats
d9976d67 ipstats: Expose bond stats in ipstats
36e10429 ipstats: Expose bridge stats in ipstats
79f5ad95 iplink_bridge: Split bridge_print_stats_attr()
1247ed51 ipstats: Add groups "xstats", "xstats_slave"
c6900b79 ipstats: Add a third level of stats hierarchy, a "suite"
2ed73b9a iplink: Add JSON support to MPLS stats formatter
5ed8fd9d ipstats: Add a group "afstats", subgroup "mpls"
dff392fd iplink: Publish a function to format MPLS stats
72623b73 iplink: Fix formatting of MPLS stats
ce41750f ip: ipstats: Do not assume length of response attribute payload
40b50f15 bridge: vni: add support for stats dumping
c7f12a15 ip: iplink_vxlan: add support to set vnifiltering flag on vxlan device
45cd32f9 bridge: vxlan device vnifilter support
837294e4 libbpf: Remove use of bpf_map_is_offload_neutral
64e5ed77 libbpf: Remove use of bpf_program__set_priv and bpf_program__priv
ba6519cb libbpf: Use bpf_object__load instead of bpf_object__load_xattr
a6eb654d f_flower: add number of vlans man entry
5788732e f_flower: Check args with num_of_vlans
5ba31bcf f_flower: Add num of vlans parameter
b28eb051 man: Add man pages for the "stats" functions
a05a27c0 ipmonitor: Add monitoring support for stats events
0f1fd40c ipstats: Add offload subgroup "l3_stats"
179030fa ipstats: Add offload subgroup "hw_stats_info"
af5e7955 ipstats: Add a group "offload", subgroup "cpu_hit"
0517a2fd ipstats: Add a group "link"
df0b2c6d ipstats: Add a shell of "show" command
82f6444f ipstats: Add a "set" command
54d82b06 ip: Add a new family of commands, "stats"
5520cf16 ip: Publish functions for stats formatting
a463d6b1 libnetlink: Add filtering to rtnl_statsdump_req_filter()
38ae12d3 devlink: introduce -[he]x cmdline option to allow dumping numbers in hex format
bba95837 Update kernel headers
f6559bea ip-link: put types on man page in alphabetic order
ee53174b ip/iplink_virt_wifi: add support for virt_wifi
Signed-off-by: Nick Hainke <vincent@systemli.org>
The ip-tiny size grows from 124k (5.17.0) to 128k (5.18.0).
The update introduces a commit "configure: add check_libtirpc()" that
introduces a check for libtirpc. However, if libtirpc is already in the
staging directory due to an other dependency the check yields that the
library is installed and should be used resulting in failures like:
Package ss is missing dependencies for the following libraries:
libtirpc.so.3
To fix it add a patch making libtirpc optional again and setting it
"HAVE_TIRPC=n":
- 155-keep_tirpc_optional.patch
Fix patches:
- 130-no_netem_tipc_dcb_man_vdpa.patch
Refresh patches:
- 140-keep_libmnl_optional.patch
- 150-keep_libcap_optional.patch
- 180-drop_FAILED_POLICY.patch
- 200-drop_libbsd_dependency.patch
Changes:
6474b7c8 v5.18.0
4429a6c9 tipc: fix keylen check
6b6979b9 iplink: remove GSO_MAX_SIZE definition
19c3e009 doc: fix 'infact' --> 'in fact' typo
ed706c78 man: fix some typos
03589beb man: devlink-region: fix typo in example
b84fc332 tc: em_u32: fix offset parsing
b6d17086 uapi: update of virtio_ids
17bf51b7 libbpf: Remove use of bpf_map_is_offload_neutral
fa305925 libbpf: Remove use of bpf_program__set_priv and bpf_program__priv
9e0057b4 libbpf: Use bpf_object__load instead of bpf_object__load_xattr
e81fd551 devlink: fix "devlink health dump" command without arg
6f3b5843 man: use quote instead of acute accent
42d351fa man: 'allow to' -> 'allow one to'
d8a7a0f4 uapi: upstream update to stddef.h
5b2ff061 uapi: update from 5.18-rc1
292509f9 ss: remove an implicit dependency on rpcinfo
1ee309a4 configure: add check_libtirpc()
41848100 ip/geneve: add support for IFLA_GENEVE_INNER_PROTO_INHERIT
28add137 f_flower: Implement gtp options support
b25599c5 ip: GTP support in ip link
e4880869 man: bridge: document per-port mcast_router settings
9e82e828 bridge: support for controlling mcast_router per port
f1d18e2e Update kernel headers
8130653d vdpa: Update man page with added support to configure max vq pair
56eb8bf4 vdpa: Support reading device features
16482fd4 vdpa: Support for configuring max VQ pairs for a device
bd91c764 vdpa: Allow for printing negotiated features of a device
2d1954c8 vdpa: Remove unsupported command line option
93fb6810 Makefile: move HAVE_MNL check to top-level Makefile
2dee2101 man: ip-link: whitespace fixes to odd line breaks mid sentence
609b90aa man: ip-link: mention bridge port's default mcast_flood state
b1c3ad84 man: ip-link: document new bcast_flood flag on bridge ports
c354a434 ip: iplink_bridge_slave: support for broadcast flooding
909f0d51 man: bridge: add missing closing " in bridge show mdb
3b681cf9 man: bridge: document new bcast_flood flag for bridge ports
a6c848eb bridge: support for controlling flooding of broadcast per port
8acb5247 ip/batadv: allow to specify RA when creating link
0431d8e8 Import batman_adv.h header from last kernel sync point
239bfd45 Revert "configure: Allow command line override of toolchain"
a93c90c7 tc: separate action print for filter and action dump
d9977eaf bpf: Remove use of bpf_create_map_xattr
ac4e0913 bpf: Export bpf syscall wrapper
873bb975 bpf_glue: Remove use of bpf_load_program from libbpf
5e17b715 ss: display advertised TCP receive window and out-of-order counter
712ec66e tc: bash-completion: Add profinet and ethercat to procotol completion list
75061b35 lib: add profinet and ethercat as link layer protocol names
0a685b98 man8/ip-link.8: add locked port feature description and cmd syntax
d4fe3673 man8/bridge.8: add locked port feature description and cmd syntax
092af16b ip: iplink_bridge_slave: add locked port flag support
0e51a185 bridge: link: add command to set port in locked mode
04a0077d Update kernel headers
386ae64c configure: Allow command line override of toolchain
bea92cb0 mptcp: add port support for setting flags
2dbc6c90 mptcp: add fullmesh support for setting flags
5fb6bda0 mptcp: add fullmesh check for adding address
9831202f bond: add ns_ip6_target option
e8fd4d4b devlink: Remove strtouint8_t in favor of get_u8
2688abf0 devlink: Remove strtouint16_t in favor of get_u16
95c03f40 devlink: Remove strtouint32_t in favor of get_u32
7cb0e24d devlink: Remove strtouint64_t in favor of get_u64
7848f6bb Update kernel headers
4f015972 f_flower: fix indentation for enc_key_id and u32
25a9c4fa tunnel: Fix missing space after local/remote print
ff14875e Update documentation
8908cb25 Add support for the IOAM insertion frequency
cd24451e Update kernel headers
e4ba36f7 iplink: add ip-link documentation
5d57e130 iplink: add gro_max_size attribute handling
721435dc tc: u32: add json support in `print_raw`, `print_ipv4`, `print_ipv6`
c733722b tc: u32: add support for json output
5f44590d tc/f_flower: fix indentation
9948b6cb tc_util: fix breakage from clang changes
f4cd4f12 tc: add skip_hw and skip_sw to control action offload
ba5ac984 json_print: suppress clang format warning
bf71c8f2 libbpf: fix clang warning about format non-literal
5632cf69 tunnel: fix clang warning
c0248878 tipc: fix clang warning about empty format string
371c13e8 can: fix clang warning
8d27eee5 ipl2tp: fix clang warning
560d2336 tc_util: fix clang warning in print_masked_type
b2450e46 flower: fix clang warnings
4e27d538 netem: fix clang warnings
9d5e29e6 utils: add format attribute
343c4f52 tc: add format attribute to tc_print_rate
Signed-off-by: Nick Hainke <vincent@systemli.org>
Remove backports:
- 0001-lib-fix-ax25.h-include-for-musl.patch
Changes:
4c424dfd v5.17.0
7846496b link_xfrm: if_id must be non zero
eed4bb1a testsuite: link xfrm delete no if_id test
ac0a54b2 rdma: make RES_PID and RES_KERN_NAME alternative to each other
885e281e uapi: update vdpa.h
19c0def1 ipaddress: remove 'label' compatibility with Linux-2.0 net aliases
1808f002 lib/fs: fix memory leak in get_task_name()
62c0700c uapi: update magic.h
c8d9d925 rdma: Fix the logic to print unsigned int.
a42dfaa4 Revert "rdma: Fix res_print_uint() and add res_print_u64()"
9d0badec rdma: Fix res_print_uint() and add res_print_u64()
86a1452b uapi: update to xfrm.h
09c6a3d2 bridge: Remove vlan listing from `bridge link`
e4fda259 bridge: Fix error string typo
cc143bda lnstat: fix strdup leak in -w argument parsing
90bbf861 iplink_can: print_usage: typo fix, add missing spaces
1b5c7414 dcb: Fix error reporting when accessing "dcb app"
a38d305d tc: fix duplicate fall-through
f8beda6e libnetlink: fix socket leak in rtnl_open_byproto()
7f70eb2a tc_util: Fix parsing action control with space and slash
29da83f8 iprule: Allow option dsfield in 'ip rule show'
07012a1f ss: use freecon() instead of free() when appropriate
03b4de0b man: Fix a typo in the flag documentation of ip address
924f6b4a dcb: app: Add missing "dcb app show dev X default-prio"
5c9571bc uapi: update kernel headers from 5.17-rc1
d542543b tc/action: print error to stderr
52370c61 mptcp: add id check for deleting address
c556f577 dcb: Rewrite array-formatting code to not cause warnings with Clang
0dc5da8e f_flower: fix checkpatch warnings
ffbcb246 netem: fix checkpatch warnings
8bced38a lib: fix ax25.h include for musl
e27bb8e5 uapi: add missing virtio headers
26ff0afa uapi: add missing rose and ax25 files
eb4206ec q_cake: allow changing to diffserv3
db530529 iplink_can: add ctrlmode_{supported,_static} to the "--details --json" output
ac2e9148 Update kernel headers
bb4cc9cc rdma: Don't allocate sparse array
b8767168 rdma: Limit copy data by the destination size
167e33f3 vdpa: Enable user to set mtu of the vdpa device
384938f9 vdpa: Enable user to set mac address of vdpa device
a311f0c4 vdpa: Enable user to query vdpa device config layout
9d8882d5 vdpa: Update kernel headers
5cb7ec0c Update kernel headers and import virtio_net
26113360 mptcp: add support for changing the backup flag
4b301b87 tc: Add support for ce_threshold_value/mask in fq_codel
99d09ee9 bond: add arp_missed_max option
432cb06b mptcp: add support for fullmesh flag
2d777dfe Update kernel headers
a21458fc vdpa: Remove duplicate vdpa UAPI header file
Signed-off-by: Nick Hainke <vincent@systemli.org>
Beeline SmartBox TURBO is a wireless WiFi 5 router manufactured by
Sercomm company.
Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 256 MiB
Flash: 256 MiB, Micron MT29F2G08ABAGA3W
Wireless 2.4 GHz (MT7603EN): b/g/n, 2x2
Wireless 5 GHz (MT7615E): a/n/ac, 4x4
Ethernet: 5xGbE (WAN, LAN1, LAN2, LAN3, LAN4)
USB ports: 1xUSB3.0
Button: 2 buttons (Reset & WPS)
LEDs: 1 RGB LED
Power: 12 VDC, 1.5 A
Connector type: barrel
Bootloader: U-Boot
Installation
-----------------
1. Login to the router web interface (admin:admin)
2. Navigate to Settings -> WAN -> Add static IP interface (e.g.
10.0.0.1/255.255.255.0)
3. Navigate to Settings -> Remote cotrol -> Add SSH, port 22,
10.0.0.0/255.255.255.0 and interface created before
4. Change IP of your client to 10.0.0.2/255.255.255.0 and connect the
ethernet cable to the WAN port of the router
5. Connect to the router using SSH shell (SuperUser:SNxxxxxxxxxx, where
SNxxxxxxxxxx is the serial number from the backplate label)
6. Run in SSH shell:
sh
7. Make a mtd backup (optional, see related section)
8. Change bootflag to Sercomm1 and reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
reboot
9. Login to the router web interface (admin:admin)
10. Remove dots from the OpenWrt factory image filename
11. Update firmware via web using OpenWrt factory image
Revert to stock
---------------
1. Change bootflag to Sercomm1 in OpenWrt CLI and then reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
2. Optional: Update with any stock (Beeline) firmware if you want to
overwrite OpenWrt in Slot 0 completely.
mtd backup
----------
1. Set up a tftp server (e.g. tftpd64 for windows)
2. Connect to a router using SSH shell and run the following commands:
cd /tmp
for i in 0 1 2 3 4 5 6 7 8 9 10; do nanddump -f mtd$i /dev/mtd$i; \
tftp -l mtd$i -p 10.0.0.2; md5sum mtd$i >> mtd.md5; rm mtd$i; done
tftp -l mtd.md5 -p 10.0.0.2
MAC Addresses
-------------
+-----+-----------+---------+
| use | address | example |
+-----+-----------+---------+
| LAN | label | *:54 |
| WAN | label + 1 | *:55 |
| 2g | label + 4 | *:58 |
| 5g | label + 5 | *:59 |
+-----+-----------+---------+
The label MAC address was found in Factory 0x21000
Co-developed-by: Maximilian Weinmann <x1@disroot.org>
Signed-off-by: Maximilian Weinmann <x1@disroot.org>
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Add support for the TP-Link SG2008P switch. This is an RTL8380 based
switch with 802.3af one the first four ports.
Specifications:
---------------
* SoC: Realtek RTL8380M
* Flash: 32 MiB SPI flash (Vendor varies)
* RAM: 256 MiB (Vendor varies)
* Ethernet: 8x 10/100/1000 Mbps with PoE on 4 ports
* Buttons: 1x "Reset" button on front panel
* Power: 53.5V DC barrel jack
* UART: 1x serial header, unpopulated
* PoE: 1x TI TPS23861 I2C PoE controller
Works:
------
- (8) RJ-45 ethernet ports
- Switch functions
- System LED
Not yet enabled:
----------------
- Power-over-Ethernet (driver works, but doesn't enable "auto" mode)
- PoE, Link/Act, PoE max and System LEDs
Install via web interface:
-------------------------
Not supported at this time.
Install via serial console/tftp:
--------------------------------
The footprints R27 (0201) and R28 (0402) are not populated. To enable
serial console, 50 ohm resistors should be soldered -- any value from
0 ohm to 50 ohm will work. R27 can be replaced by a solder bridge.
The u-boot firmware drops to a TP-Link specific "BOOTUTIL" shell at
38400 baud. There is no known way to exit out of this shell, and no
way to do anything useful.
Ideally, one would trick the bootloader into flashing the sysupgrade
image first. However, if the image exceeds 6MiB in size, it will not
work. The sysupgrade image can also be flashed. To install OpenWRT:
Prepare a tftp server with:
1. server address: 192.168.0.146
2. the image as: "uImage.img"
Power on device, and stop boot by pressing any key.
Once the shell is active:
1. Ground out the CLK (pin 16) of the ROM (U7)
2. Select option "3. Start"
3. Bootloader notes that "The kernel has been damaged!"
4. Release CLK as sson as bootloader thinks image is corrupted.
5. Bootloader enters automatic recovery -- details printed on console
6. Watch as the bootloader flashes and boots OpenWRT.
Blind install via tftp:
-----------------------
This method works when it's not feasible to install a serial header.
Prepare a tftp server with:
1. server address: 192.168.0.146
2. the image as: "uImage.img"
3. Watch network traffic (tcpdump or wireshark works)
4. Power on the device.
5. Wait 1-2 seconds then ground out the CLK (pin 16) of the ROM (U7)
6. When 192.168.0.30 makes tftp requests, release pin 16
7. Wait 2-3 minutes for device to auto-flash and boot OpenWRT
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Add patch to skip bad blocks when reading from SPI-NAND. This is needed
in case erase block(s) early in the flash inside the FIP area are bad
and hence need to be skipped in order to be able to boot on such damaged
chips.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The command 'opkg search /etc/config/fstab' does not return a package
name for this config file. In order to know to which package this config
file belongs to, a 'conffiles' entry was made for this file to package
'block-mount'.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
While kmod-input-core was previously indirectly selected by
kmod-input-polldev, this is now only the case on Linux 5.10.
Select kmod-input-core as dependency independently of the kernel
version to fix build error:
Package kmod-input-gpio-keys-polled is missing dependencies for the following libraries:
input-core.ko
Fixes: 54878fbbdd ("kernel: kmod-input-polldev: Depend on kernel 5.10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Import a3ba6adb70 arm: dts: mt7622: remove default pinctrl of uart0
and apply also to locally added boards.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add support for randomly generating a MAC address for a wifi-iface
instance by setting `macaddr` to `random`
When set to `random`, a new locally administered unicast MAC address
is generated and assigned to the iface everytime it is (re-)configured
Signed-off-by: Manas Sambhus <manas.sambhus+github@gmail.com>
The input-polldev.ko kernel module was removed from kernel 5.11. The
normal input implementation now supports polling.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The sps30.ko driver was split into a main sps30.ko driver and a
sps30_i2c.ko driver for the I2C interface with kernel 5.14. Add the
sps30_i2c.ko module to the package too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The isdn4linux drivers and subsystem was removed in kernel 5.3, remove
the kernel package also from OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The rtc-pt7c4338.ko was never upstream under this name, the driver was
removed from OpenWrt some years ago, remove the kmod-rtc-pt7c4338
package too.
Fixes: 74d00a8c38 ("kernel: split patches folder up into backport, pending and hack folders")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds the kmod-wwan package. This provides the generic wwan driver
core which is needed for some existing packages.
Currently the drivers/net/wwan/wwan.ko driver is compiled into the
kernel when one of the wwan module is activated, better build it as a
kernel module.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ulog iptables target was removed with kernel 3.17, remove the kernel
and also the iptables package in OpenWrt too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The nft NAT packages for IPv4 and IPv6 were merged into the common
packages with kernel 5.1. The kmod-nft-nat6 package was empty in our
build, remove it.
Multiple kernel configuration options were also removed, remove them
from our generic kernel configuration too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The w1_ds2760.ko driver was merged into the ds2760_battery.ko driver.
The driver was removed and this package was never build any more.
This happened with kernel 4.19.
Remove this unused package.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The R8712U driver depends on cfg80211. cfg80211 is provided by mac80211
backports, we can not build any in kernel drivers which depend on
cfg80211 which is an out of tree module in OpenWrt.
The cfg80211 dependency was added with kernel 5.9.
We could add rtl8192su to backports and build it from there.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The malta target does not compile CONFIG_OF_MDIO into the kernel. On
malta the kmod-mdio-devres package depends on kmod-of-mdio.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The CONFIG_CACHEFILES configuration option makes the kernel build
cachefiles.ko, also package it. Build CONFIG_CACHEFILES as module and do
not try to build it into the kernel. This did not work because it
depended on CONFIG_FSCACHE which was already build as module.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The CONFIG_NLS_CODEPAGE_932 Config option builds the nls_cp932.ko and
the nls_euc-jp.ko kernel module, package both of them.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add dwc2_pci kernel module into own kernel package.
The dwc2_pci.ko kernel module was always build when kmod-usb-dwc2
was selected, but it was not packaged.
Add the missing kmod-usb-phy-nop dependency to the kmod-usb-dwc2-pci
package too. The CONFIG_USB_DWC2_PLATFORM option is already gone for
some time.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ar8xxx.ko kernel module uses the devm_mdiobus_alloc() function
provided by kmod-mdio-devres, add the missing dependency.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Musl libc does not support the non-POSIX "%F" format for strptime() so
replace all occurrences of it with an equivalent "%Y-%m-%d" format.
Fixes: #10419
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The curl developers found test case that crashed in their testing when
using zlib patched against CVE-2022-37434, same patch we've backported
in commit 7df6795d4c ("zlib: backport fix for heap-based buffer
over-read (CVE-2022-37434)"). So we need to backport following patch in
order to fix issue introduced in that previous CVE-2022-37434 fix.
References: https://github.com/curl/curl/issues/9271
Fixes: 7df6795d4c ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Musl libc does not support the non-POSIX "%F" format for strptime() so
replace all occurrences of it with an equivalent "%Y-%m-%d" format.
Fixes: #10419
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The soversion of the shipped libjansson.so library didn't change, so the
ABI version change is unwarranted and leads to opkg file clashes.
Also stop shipping an unversioned library symlink while we're at it as
it only needed at compile/link time and leading to file level clashes
between packages on future ABI bumps.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Both of these packages depend on CONFIG_WWAN
in the kernel.
Also fix the missing "wwan" subfolder in the path.
This fixes the missing devices in /dev after booting an MHI capable modem.
Fixes: 2519190fec ("kernel: package mhi wwan ctrl driver")
Fixes: 6af46796fa ("kernel: package mhi mbim driver")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Backports upstream fix from 5.19
lockdep complains use of uninitialized spinlock at ieee80211_do_stop() [1],
for commit f856373e2f31ffd3 ("wifi: mac80211: do not wake queues on a vif
that is being stopped") guards clear_bit() using fq.lock even before
fq_init() from ieee80211_txq_setup_flows() initializes this spinlock.
According to discussion [2], Toke was not happy with expanding usage of
fq.lock. Since __ieee80211_wake_txqs() is called under RCU read lock, we
can instead use synchronize_rcu() for flushing ieee80211_wake_txqs().
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
libzstd from the packages feed gets picked up. Add patch adding
NO_LIBZSTD option like in perf and enable it.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This extracts kmod-sched-act-police to allow using it without adding all
the packages from the big kmod-sched package.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
Add the ipset/ip_set_hash_ipmac.ko file. The CONFIG_IP_SET_HASH_IPMAC
KConfig option is already set by the package.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
This adds the act_sample.ko and psample.ko kernel module which allows
traffic sampling.
Signed-off-by: Thomas Langer <tlanger@maxlinear.com>
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
Extract the kmod-sched-prio and kmod-sched-red kernel modules from the
big kmod-sched package. This allows adding the two kernel modules to
OpenWrt without adding the kmod-sched and all its depdnecy.
Signed-off-by: Thomas Langer <tlanger@maxlinear.com>
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
This puts the kmod-sched packages into an alphabetical order.
I kept the kmod-sched-core at the top as this is the main package.
No changes other than reordering were done.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
Change SCHED_MODULES_EXTRA to an explicit list of modules
instead of taking everything that is not filtered out.
This removes the need of updating the filter each time an extra
sch_*, act_* or similar is added with an own kmod definition.
Signed-off-by: Thomas Langer <tlanger@maxlinear.com>
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
The sch_fq_codel.ko and the sch_fifo.ko are always compiled into the
kernel, they are activated in the generic kernel configuration. There is
no need to activate the build of these kernel modules in the kmod-sched*
packages.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
The ZyXEL LTE3301-PLUS is an 4G indoor CPE with 2 external LTE antennas.
Specifications:
- SoC: MediaTek MT7621AT
- RAM: 256 MB
- Flash: 128 MB MB NAND (MX30LF1G18AC)
- WiFi: MediaTek MT7615E
- Switch: 4 LAN ports (Gigabit)
- LTE: Quectel EG506 connected by USB3 to SoC
- SIM: 1 micro-SIM slot
- USB: USB3 port
- Buttons: Reset, WPS
- LEDs: Multicolour power, internet, LTE, signal, Wifi, USB
- Power: 12V, 1.5A
The device is built as an indoor ethernet to LTE bridge or router with
Wifi.
UART Serial:
57600N1
Located on populated 5 pin header J5:
[o] GND
[ ] key - no pin
[o] RX
[o] TX
[o] 3.3V Vcc
MAC assignment:
lan: 98:0d:67:ee:85:54 (base, on the device back)
wlan: 98:0d:67:ee:85:55
Installation from web GUI:
- Log in as "admin" on http://192.168.1.1/
- Upload OpenWrt initramfs-recovery.bin image on the
Maintenance -> Firmware page
- Wait for OpenWrt to boot and ssh to root@192.168.1.1
- format ubi device: ubiformat /dev/mtd6
- attach ubi device: ubiattach -m6
- create rootfs volume: ubimkvol /dev/ubi0 -n0 -N rootfs -s 1MiB
- rootfs_data volume: ubimkvol /dev/ubi0 -n1 -N rootfs_data -s 1MiB
- run sysupgrade with sysupgrade image
For more details about flashing see
commit 2449a63208 ("ramips: mt7621: Add support for ZyXEL NR7101").
Please note that this commit is needed:
firmware-utils: add marcant changes for ZyXEL NBG6716 and LTE3301-PLUS
Signed-off-by: André Valentin <avalentin@marcant.net>
The Sophos AP15 seems to be very close to Sophos AP55/AP100.
Based on:
commit 6f1efb2898 ("ath79: add support for Sophos AP100/AP55 family")
author Andrew Powers-Holmes <andrew@omnom.net>
Fri, 3 Sep 2021 15:53:57 +0200 (23:53 +1000)
committer Hauke Mehrtens <hauke@hauke-m.de>
Sat, 16 Apr 2022 16:59:29 +0200 (16:59 +0200)
Unique to AP15:
- Green and yellow LED
- 2T2R 2.4GHz 802.11b/g/n via SoC WMAC
- No buttons
- No piezo beeper
- No 5.8GHz
Flashing instructions:
- Derived from UART method described in referenced commit, methods
described there should work too.
- Set up a TFTP server; IP address has to be 192.168.99.8/24
- Copy the firmware (initramfs-kernel) to your TFTP server directory
renaming it to e.g. boot.bin
- Open AP's enclosure and locate UART header (there is a video online)
- Terminal connection parameters are 115200 8/N/1
- Connect TFTP server and AP via ethernet
- Power up AP and cancel autoboot when prompted
- Prompt shows 'ath> '
- Commands used to boot:
ath> tftpboot 0x81000000 boot.bin
ath> bootm 0x81000000
- Device should boot OpenWRT
- IP address after boot is 192.168.1.1/24
- Connect to device via browser
- Permanently flash using the web ui (flashing sysupgrade image)
- (BTW: the AP55 images seem to work too, only LEDs are not working)
Testing done:
- To be honest: Currently not so much testing done.
- Flashed onto two devices
- Devices are booting
- MAC addresses are correct
- LEDs are working
- Scanning for WLANs is working
Big thanks to all the people working on this great project!
(Sorry about my english, it is not my native language)
Signed-off-by: Manuel Niekamp <m.niekamp@richter-leiterplatten.de>
Remove outdated patches:
- 100-musl.patch
- 110-mac80211_tracepoint.patch
Trace-cmd now uses libtracefs and livtraceevent as libraries.
The plugins moved to libtraceevent.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changes:
debuginfod: Support -C option for connection thread pooling.
debuginfod-client: Negative cache file are now zero sized instead of
no-permission files.
addr2line: The -A, --absolute option, which shows file names including
the full compilation directory is now the default. To get the
old behavior use the new option --relative.
readelf, elflint: Recognize FDO Packaging Metadata ELF notes
libdw, debuginfo-client: Load libcurl lazily only when files need to
be fetched remotely. libcurl is now never
loaded when DEBUGINFOD_URLS is unset. And when
DEBUGINFOD_URLS is set, libcurl is only loaded
when the debuginfod_begin function is called.
Signed-off-by: Nick Hainke <vincent@systemli.org>
The heartbeat trigger has the option to be inverted, however
openwrt/uci/luci have no way to set this.
This patch adds this support.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow
in inflate in inflate.c via a large gzip header extra field. NOTE: only
applications that call inflateGetHeader are affected. Some common
applications bundle the affected zlib source code but may be unable to
call inflateGetHeader.
Fixes: CVE-2022-37434
References: https://github.com/ivd38/zlib_overflow
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This change was included in the original pull request but later omitted
for some reason:
https://github.com/openwrt/openwrt/pull/4936
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
Config partition contains uboot env for the first 0x20000 bytes.
The rest of the partition contains other data including the device MAC
address and the password printed on the label.
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
"The MCP2221 is a USB-to-UART/I2C serial converter which enables
USB connectivity in applications that have a UART and I2C interfaces."
<https://www.microchip.com/en-us/product/MCP2221>
Signed-off-by: Leo Soares <leo@hyper.ag>
(replaced GPIOLIB KConfig with @GPIO_SUPPORT)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
all other drivers depend on @GPIO_SUPPORT rather than
forcing CONFIG_GPIOLIB=y.
(I wonder what would happen if someone decides to try
UML with USBIP?)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The re-transmit counters can overflow the 32 bit representation resulting
in negative values being displayed. Background being that the numbers are
treated at some point as signed INT rather than unsigned INT.
Change the counters from 32 bit to 64 bit, should provide sufficient room
to avoid any overflow. Not the nicest solution but it works
Fixes: #10077
Signed-off-by: Roland Barenbrug <roland@treslong.com>
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
This fixes the libmnl build on macOS, which ships with an outdated bash
at /bin/bash. During the OpenWrt build, a modern host bash is built and
made available at staging_dir/host/bin/bash, which is present before
/bin/bash in the build's PATH.
This is similar to 8f7ce3aa6d, presently appearing at
package/kernel/mac80211/patches/build/001-fix_build.patch.
Signed-off-by: Mark Mentovai <mark@mentovai.com>
H3C TX180x series WiFi6 routers are customized by different carrier.
While these three devices look different, they use the same motherboard
inside. Another minor difference comes from the model name definition
in the u-boot environment variable.
Specifications:
SOC: MT7621 + MT7915
ROM: 128 MiB
RAM: 256 MiB
LED: status *2
Button: reset *1 + wps/mesh *1
Ethernet: lan *3 + wan *1 (10/100/1000Mbps)
TTL Baudrate: 115200
TFTP server IP: 192.168.124.99
MAC Address:
use address(sample 1) address(sample 2) source
label 88:xx:xx:98:xx:12 88:xx:xx:a2:xx:a5 u-boot-env@ethaddr
lan 88:xx:xx:98:xx:13 88:xx:xx:a2:xx:a6 $label +1
wan 88:xx:xx:98:xx:12 88:xx:xx:a2:xx:a5 $label
WiFi4_2G 8a:xx:xx:58:xx:14 8a:xx:xx:52:xx:a7 (Compatibility mode)
WiFi5_5G 8a:xx:xx:b8:xx:14 8a:xx:xx:b2:xx:a7 (Compatibility mode)
WiFi6_2G 8a:xx:xx:18:xx:14 8a:xx:xx:12:xx:a7
WiFi6_5G 8a:xx:xx:78:xx:14 8a:xx:xx:72:xx:a7
Compatibility mode is used to guarantee the connection of old devices
that only support WiFi4 or WiFi5.
TFTP + TTL Installation:
Although a TTL connection is required for installation, we do not need
to tear down it. We can find the TTL port from the cooling hole at the
bottom. It is located below LAN3 and the pins are defined as follows:
|LAN1|LAN2|LAN3|----|WAN|
--------------------
|GND|TX|RX|VCC|
1. Set tftp server IP to 192.168.124.99 and put initramfs firmware in
server's root directory, rename it to a simple name "initramfs.bin".
2. Plug in the power supply and wait for power on, connect the TTL cable
and open a TTL session, enter "reboot", then enter "Y" to confirm.
Finally push "0" to interruput boot while booting.
3. Execute command to install a initramfs system:
# tftp 0x80010000 192.168.124.99:initramfs.bin
# bootm 0x80010000
4. Backup nand flash by OpenWrt LuCI or dd instruction. We need those
partitions if we want to back to stock firmwre due to official
website does not provide download link.
# dd if=/dev/mtd1 of=/tmp/u-boot-env.bin
# dd if=/dev/mtd4 of=/tmp/firmware.bin
5. Edit u-boot env to ensure use default bootargs and first image slot:
# fw_setenv bootargs
# fw_setenv bootflag 0
6. Upgrade sysupgrade firmware.
7. About restore stock firmware: flash the "firmware" and "u-boot-env"
partitions that we backed up in step 4.
# mtd write /tmp/u-boot-env.bin u-boot-env
# mtd write /tmp/firmware.bin firmware
Additional Info:
The H3C stock firmware has a 160-byte firmware header that appears to
use a non-standard CRC32 verification algorithm. For this part of the
data, the u-boot does not check it so we can just directly replace it
with a placeholder.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
6ff988f mv_ddr: a3700: Use the right size for memset to not overflow
0f3e893 mv_ddr: a38x: fix BYTE_HOMOGENEOUS_SPLIT_OUT decision
4bae770 mv_ddr: a38x: fix SPLIT_OUT_MIX state decision
cdefd8b mv_ddr: a38x: Fix Synchronous vs Asynchronous mode determination
8c42ad9 mv_ddr_4_training: cast uint64_t to unsigned long long
Signed-off-by: Andre Heider <a.heider@gmail.com>
This updates mac80211 to version 5.15.58-1 which is based on kernel
5.15.58.
The removed patches were applied upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Apply upstream patch[1] to fix breakage around math libraries.
This can likely be removed when 5.5.0-stable is tagged and released.
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
1. https://github.com/wolfSSL/wolfssl/pull/5390
Signed-off-by: John Audia <therealgraysky@proton.me>
Changes:
a47d86d Up the release version to 2.65
fc99e56 Include more signatures in pgp.keys.asc.
52288cc Close out this comment in the go/Makefile
eb0f1df Prevent 'capsh --user=xxx --' from generating a bash error.
9a95791 Improve documentation for cap_get_pid and cap_reset_ambient.
21d08b0 Fix syntax error in DEBUG protected setcap.c code.
9425048 More useful captree usage string and man page.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changes:
38cfa2e Up the release version to 2.64
7617af6 Avoid a deadlock in forked psx thread exit.
fc029cb Include LIBCAP_{MAJOR,MINOR} #define's in sys/capability.h
ceaa591 Clarify how the cap_get_pid() argument is interpreted.
15cacf2 Fix prctl return code/errno handling in libcap.
aae9374 Be explicit about CGO_ENABLED=1 for compare-cap build.
66a8a14 psx: free allocated memory at exit.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add driver for NVM Express block devices, ie. PCIe connected SSDs.
Targets which allow booting from NVMe (x86, maybe some mvebu boards come
to mind) should have it built-in, so rootfs can be mounted from there.
For targets without NVMe support in bootloader or BIOS/firmware it's
sufficient to provide the kernel module package.
On targets having the NVMe driver built-in the resulting kmod package
is an empty dummy. In any case, depending on or installing kmod-nvme
results in driver support being available (either because it was already
built-in or because the relevant kernel modules are added and loaded).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Disable the usage of target specific CPU crypto instructions by default
to allow the package being shared again. Since WolfSSL does not offer
a stable ABI or a long term support version suitable for OpenWrt release
timeframes, we're forced to frequently update it which is greatly
complicated by the package being nonshared.
People who want or need CPU crypto instruction support can enable it in
menuconfig while building custom images for the few platforms that support
them.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This fixes problem of overwriting BCM4908 U-Boot and DTB files by
BCM4912 ones. That bug didn't allow booting BCM4908 devices.
Fixes: f4c2dab544 ("uboot-bcm4908: add BCM4912 build")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The change of the PKG_VERSION caused the hash of the package to
change. This is because the PKG_VERSION is present in the
internal directory structure of the archive.
Fixes: e879cccaa2 ("uboot-layerscape: update PKG_HASH")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Hardware
--------
CPU: Mediatek MT7621
RAM: 256M DDR3
FLASH: 128M NAND
ETH: 1x Gigabit Ethernet
WiFi: Mediatek MT7915 (2.4/5GHz 802.11ax 2x2 DBDC)
BTN: 1x Reset (NWA50AX only)
LED: 1x Multi-Color (NWA50AX only)
UART Console
------------
NWA50AX:
Available below the rubber cover next to the ethernet port.
NWA55AXE:
Available on the board when disassembling the device.
Settings: 115200 8N1
Layout:
<12V> <LAN> GND-RX-TX-VCC
Logic-Level is 3V3. Don't connect VCC to your UART adapter!
Installation Web-UI
-------------------
Upload the Factory image using the devices Web-Interface.
As the device uses a dual-image partition layout, OpenWrt can only
installed on Slot A. This requires the current active image prior
flashing the device to be on Slot B.
If the currently installed image is started from Slot A, the device will
flash OpenWrt to Slot B. OpenWrt will panic upon first boot in this case
and the device will return to the ZyXEL firmware upon next boot.
If this happens, first install a ZyXEL firmware upgrade of any version
and install OpenWrt after that.
Installation TFTP
-----------------
This installation routine is especially useful in case
* unknown device password (NWA55AXE lacks reset button)
* bricked device
Attach to the UART console header of the device. Interrupt the boot
procedure by pressing Enter.
The bootloader has a reduced command-set available from CLI, but more
commands can be executed by abusing the atns command.
Boot a OpenWrt initramfs image available on a TFTP server at
192.168.1.66. Rename the image to owrt.bin
$ atnf owrt.bin
$ atna 192.168.1.88
$ atns "192.168.1.66; tftpboot; bootm"
Upon booting, set the booted image to the correct slot:
$ zyxel-bootconfig /dev/mtd10 get-status
$ zyxel-bootconfig /dev/mtd10 set-image-status 0 valid
$ zyxel-bootconfig /dev/mtd10 set-active-image 0
Copy the OpenWrt ramboot-factory image to the device using scp.
Write the factory image to NAND and reboot the device.
$ mtd write ramboot-factory.bin firmware
$ reboot
Signed-off-by: David Bauer <mail@david-bauer.net>
The armvirt target is also used to run OpenWrt in lxc on other targets
like a Raspberry Pi. If we set WOLFSSL_HAS_CPU_CRYPTO by default the
wolfssl binray is only working when the CPU supports the hardware crypto
extension.
Some targets like the Raspberry Pi do not support the ARM CPU crypto
extension, compile wolfssl without it by default. It is still possible
to activate it in custom builds.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds a simple AES-128-CBC encryption/decryption program using
either wolfSSL or OpenSSL as backend to decrypt Arcadyan WG4xx223
configuration partitions. The ipk size is 3,355 bytes.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The system parameters are contained in the Bdata partition.
To use the fw_setsys command, you need to create a file
fw_sys.config.
This file is created after calling the functions
ubootenv_add_uci_sys_config and ubootenv_add_app_config.
Signed-off-by: Oleg S <remittor@gmail.com>
[ wrapped commit description to 72 char ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Now that libiconv-stub is gone, a replacement for its host build is
needed.
Fixes: c0ba4201f8 ("libiconv-stub: remove")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
moves and extends the current facilities, which have been
added some time ago for the the usbip utility, to support
more utilites that are shipped with the Linux kernel tree
to the SDK.
this allows to drop all the hand-waving and code for
failed previous attempts to mitigate the SDK build failures.
Fixes: bdaaf66e28 ("utils/spidev_test: build package directly from Linux")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Accessing the console on many devices is difficult.
netconsole eases debugging on devices that crash
after the network is up.
Reference to the netconsole documentation in upstream Linux:
<https://www.kernel.org/doc/html/latest/networking/netconsole.html>
|
|netconsole=[+][src-port]@[src-ip]/[<dev>],[tgt-port]@<tgt-ip>/[tgt-macaddr]
|
| where
| + if present, enable extended console support
| src-port source for UDP packets (defaults to 6665)
| src-ip source IP to use (interface address)
| dev network interface (eth0)
| tgt-port port for logging agent (6666)
| tgt-ip IP address for logging agent
| tgt-macaddr ethernet MAC address for logging agent (broadcast)
OpenWrt specific notes:
OpenWrt's device userspace scripts are attaching the network
interface (i.e. eth0) to a (virtual) bridge (br-lan) device.
This will cause netconsole to report:
|network logging stopped on interface eth0 as it is joining a master device
(and unfortunately the traffic/logs to stop at this point)
As a workaround, the netconsole module can be manually loaded
again after the bridge has been setup with:
insmod netconsole netconsole=@/br-lan,@192.168.1.x/MA:C...
One way of catching errors before the handoff, try to
append the /etc/modules.conf file with the following extra line:
options netconsole netconsole=@/eth0,@192.168.1.x/MA:C...
and install the kmod-netconsole (=y) into the base image.
Signed-off-by: Catalin Toda <catalinii@yahoo.com>
(Added commit message from PR, added links to documentation)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The change of the PKG_VERSION caused the hash of the package to
change. This is because the PKG_VERSION is present in the
internal directory structure of the uboot-layerscape-21.08.tar.xz
archive.
i.e:
# tar tf uboot-layerscape-21.08.tar.xz:
uboot-layerscape-21.08/
uboot-layerscape-21.08/.azure-pipelines.yml
uboot-layerscape-21.08/.checkpatch.conf
uboot-layerscape-21.08/.gitattributes
uboot-layerscape-21.08/.github/
[...]
vs.
# tar tf uboot-layerscape-LSDK-21.08.tar.xz
uboot-layerscape-LSDK-21.08/
uboot-layerscape-LSDK-21.08/.azure-pipelines.yml
uboot-layerscape-LSDK-21.08/.checkpatch.conf
uboot-layerscape-LSDK-21.08/.gitattributes
uboot-layerscape-LSDK-21.08/.github/
[...]
the (file) content of both archives are otherwise the same.
The PKG_HASH was taken from the builder log:
| Hash of the local file uboot-layerscape-21.08.tar.xz does not match
|(file: 54909a98bdcc26c7f9b35b35fcae09b977ecbf044be7bffa6dad9306c47cccf6,
|requested: 874e871755ef84ebbf3[...]) - deleting download.
without this update, the uboot-layerscape-21.08 package would
always try to download (from git), repacked the archive and
reupload to sources.openwrt.org (~14 MiB saved).
Fixes: 038d5bdab1 ("layerscape: use semantic versions for LSDK")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
those board files can/should be dropped now too.
Fixes: 50c232d6f4 ("ipq-wifi: drop upstreamed board-2.bin")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
the tacked on @TARGET_bcm53xx causes warnings:
tmp/.config-package.in:14027:warning: ignoring unsupported character '@'
tmp/.config-package.in:26028:warning: ignoring unsupported character '@'
this was wrong.
Fixes: be1761fa14 ("nu801: add MR26 to the table")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
ef5d3e3 jail: fix various ignoring return value compilation warning
8e4a956 jail: add WARNING macro to log non critical warning message
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
46a33b8 kmodloader: fix compilation warning with not checking return of asprintf
Also switch PKG_RELEASE to AUTORELEASE.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This version fixes two vulnerabilities:
-CVE-2022-34293[high]: Potential for DTLS DoS attack
-[medium]: Ciphertext side channel attack on ECC and DH operations.
The patch fixing x86 aesni build has been merged upstream.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
the legacy driver was dropped in linux 5.14-rc3:
commit d249ff28b1d8 ("intersil: remove obsolete prism54 wireless driver")
Quoting Lukas Bulwahn:
"p54 replaces prism54 so users should be unaffected."
Reported-by: Marius Dinu <m95d+git@psihoexpert.ro>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The spidev_test is build in phase2 even though it should be disabled.
My best guess is that we hit the same issue that I had with nu801.
The build-system thinks it's a tool that is necessary for
building the kernel.
In this case, the same fix (adding a dependency on the presence of
the module) could work in this case as well?
Fixes: bdaaf66e28 ("utils/spidev_test: build package directly from Linux")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The BDFs for the:
GL.iNet GL-B2200
were upstreamed to the ath10k-firmware repository
and landed in linux-firmware.git
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Kalle:
"I see that variant has a space in it, does that work it correctly? My
original idea was that spaces would not be allowed, but didn't realise
to add a check for that."
Is this an easy change? Because the original author (Tim Davis) noted:
"You may substitute the & and space with something else saner if they
prove to be problematic."
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This PR allows a user to enable a private psk, where each station
may have it's own psk or use a common psk if it is not defined.
The private psk is defined using the sta's mac and a radius server
is required.
ppsk option should be enabled in the wireless configuration along with
radius server details. When using PPSK, the key is ignored, it will be
retrieved from radius server. SAE is not yet supported (private sae) in
hostapd.
Wireless example configuration:
option encryption 'psk2+ccmp'
option ppsk '1'
option auth_server '127.0.0.1'
option auth_secret 'radiusServerPassword'
If you want to use dynamic VLAN on PPSK also include:
option dynamic_vlan '2'
option vlan_tagged_interface 'eth0'
option vlan_bridge 'br-vlan'
option vlan_naming '0'
It works enabling mac address verification on radius server and
requiring the tunnel-password (the private psk) from radius server.
In the radius server we need to configure the users. In case of
freeradius: /etc/freeradius3/mods-config/files/authorize
The user and Cleartext-Password should be the mac lower case using the
format "aabbccddeeff"
<sta mac> Cleartext-Password := "<sta mac>"
Tunnel-Password = <Private Password>
Example of a user configured in radius and using dynamic VLAN5:
8cb84a000000 Cleartext-Password := "8cb84a000000"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = 5,
Tunnel-Password = MyPrivPw
If we want to have a default or shared psk, used when the mac is not
found in the list, we need to add the following at the end of the radius
authorize file:
DEFAULT Auth-Type := Accept
Tunnel-Password = SharedPw
And if using VLANs, for example VLAN6 for default users:
DEFAULT Auth-Type := Accept
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = 6,
Tunnel-Password = SharedPw
Signed-off-by: Manuel Giganto <mgigantoregistros@gmail.com>
the hash and timestamp of the remote copy of the archive
has changed since last bump
meaning the remote archive copy was recreated
Signed-off-by: Michael Pratt <mcpratt@pm.me>
swig has been installed on the buildbots a while a ago and
Petr Štetiar got a fix for the pylibfdt error. Use that and re-enable
the builds for mt7620 and mt7621.
Refresh patches while at it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Let U-Boot handle free space in UBI partitions by recognizing the EOF
marker OpenWrt is using as well for that purpose.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Buidbots are throwing the following compile error:
In file included from tools/aisimage.c:9:
include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory
^~~~~~~~~~~~~~~
compilation terminated.
Fix it by passing `UBOOT_MAKE_FLAGS` variable to make.
Suggested-by: Petr Štetiar <ynezz@true.cz>
Fixes: 6d5611af28 ("uboot-at91: update to linux4sam-2022.04")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Building U-Boot for the MT7621 SoC requires binman, a Python-based
host tool to generate images. For now, binman cannot work inside the
OpenWrt build system because it requires swig, so mark the MT7621
boards as borken to fix the ramips/mt7621 build until someone with
knowledge about Python and swig fixes the underlaying issue.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Buidbots are currently choking on the following compile error:
In file included from tools/aisimage.c:9:
include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory
# include <openssl/evp.h>
^~~~~~~~~~~~~~~
compilation terminated.
This is caused by a complete overriding of make flags which are provided
correctly in `UBOOT_MAKE_FLAGS` variable, but currently overriden
instead of extended. This then leads to the usage of build host include
dirs, which are not available.
Fix it by extending `UBOOT_MAKE_FLAGS` variable like it was done in
commit 481339a042 ("uboot-imx: fix wrong make flags overriding").
Fixes: 7094e65503 ("uboot-imx: add support for TechNexion PICO-PI-IMX7D")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
* Merge uboot-ramips into uboot-mediatek.
* Port support for the RAVPower RP WD009 to U-Boot 2022.07.
* Add support for MT7621 and add builds for the reference boards.
* Add builds for MT7620 and MT7628 reference boards.
This should help to make development of U-Boot-level board support for
all MediaTek targets much easier.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add patch to fix host-build of the mkimage tool without
CONFIG_TOOLS_LIBCRYPTO.
Update and refresh all patches.
Tested on BananaPi R64 (MT7622) successfully booting from SD card,
eMMC and SPI-NAND.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This board features an AP6335 system-in-package combination of Wi-Fi and
Bluetooth module based on BCM4339.
Support is borrowed directly from the following Buildroot commit:
095420e05ae5: ("configs/imx7dpico: Add Wifi support").
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Old firmware provided by 'cypress-firmware' suite is not sufficient for
AP6335 module used in PICO-PI-IMX7D board to probe successfully. Use the
upstream version from linux-firmware instead.
At the same time, drop the old firmware from 'cypress-firmware' package.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
TechNexion PICO-PI-IMX7D uses BCM4339 Wi-Fi interface in SDIO mode.
Enable SDIO support for imx/cortexa7 to fully support it in images.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Add package supporting Bluetooth HCI interfaces connected over SDIO.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
[pepe2k@gmail.com: dropped rfkill dependency, other minor text fixes]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
This will allow using fw_printenv without /etc/fw_env.config. Once there
is Linux NVMEM driver available for U-Boot env data.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Update uboot-at91 to linux4sam-2022.04. As linux4sam-2022.04 is based on
U-Boot v2022.01 which contains commit
93b196532254 ("Makefile: Only build dtc if needed") removed also the DTC
variable passed to MAKE to force the compilation of DTC.
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Remove upstreamed patches:
- 001-xtables-Call-init_extensions6-for-static-builds.patch
- 002-xtables-Call-init_extensions_a_b.patch
Fix patches:
- 102-iptables-disable-modprobe.patch
Fix warnings in the form of:
xtables.c:475:14: warning: 'get_modprobe' defined but not used [-Wunused-function]
475 | static char *get_modprobe(void)
| ^~~~~~~~~~~~
Backport patches:
- 020-treewide-use-uint-instead-of-u_int.patch
- 030-revert-fix-build-for-missing-ETH_ALEN-definition.patch
- 040-xshared-Fix-build-for-Werror-format-security.patch
- 050-build-fix-error-during-out-of-tree-build.patch
- 060-libxtables-unexport-init_extensions-declarations.patch
Refresh patches:
- 101-remove-check-already.patch
- 102-iptables-disable-modprobe.patch
- 200-configurable_builtin.patch
- 600-shared-libext.patch
- 700-disable-legacy-revisions.patch
Remove from Makefile:
$(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
Changelog:
fa0ccdbd configure: bump version for 1.8.8 release
8468fd4f nft: Fix EPERM handling for extensions without rev 0
ce9195c6 extensions: LOG: Document --log-macdecode in man page
404f304d man: *NAT: Review --random* option descriptions
0a538259 extensions: DNAT: Merge core printing functions
a7c2b728 libxtables: Revert change to struct xtables_pprot
fd64a587 libxtables: Drop xtables_globals 'optstring' field
3b8a6a6f xshared: Extend xtables_printhelp() for arptables
8ff84eaf xshared: Move arp_opcodes into shared space
adbfec0b extensions: MARK: Drop extra newline at end of help
1dcfb81e nft: split gen_payload() to allocate register and initialize expression
7e38890c nft: prepare for dynamic register allocation
165cafec nft: pass handle to helper functions to build netlink payload
94309632 nft: native mark matching support
aa92ec96 nft: pass struct nft_xt_ctx to parse_meta()
4c70c42f nft-shared: update context register for bitwise expression
18c96821 extensions: man: Document service name support in DNAT and REDIRECT
72d542b6 extensions: Merge REDIRECT into DNAT
14d77c8a extensions: Merge IPv4 and IPv6 DNAT targets
9621318b extensions: DNAT: Rename from libipt to libxt
2e0c9a40 extensions: ipt_DNAT: Combine xlate functions also
7adef314 extensions: ipt_DNAT: Merge v1/v2 print/save code
3f4f1cf0 extensions: ipt_DNAT: Merge v1 and v2 parsers
070a8626 Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified"
08c14fa6 man: DNAT: Describe shifted port range feature
24fff5d7 xlate-test: Fix for empty source line on failure
ac4c84cc libxtables: Boost rule target checks by announcing chain names
f58b0d74 libxtables: Implement notargets hash table
b1aee6b2 nft: Reject standard targets as chain names when restoring
b555bfed tests: shell: Fix 0004-return-codes_0 for static builds
c293e116 nft: Review static extension loading
0836524f xtables: Call init_extensions{,a,b}() for static builds
6c689b63 Simplify static build extension loading
0c8e2535 libxtables: Fix for warning in xtables_ipmask_to_numeric
0c0cd434 nft: Don't pass command state opaque to family ops callbacks
b6196c75 xshared: Prefer xtables_chain_protos lookup over getprotoent
07ee529f nft: Speed up immediate parsing
b5f2faea nft: Simplify immediate parsing
17534cb1 Improve error messages for unsupported extensions
2dbb49d1 libxtables: Register only the highest revision extension
07e2107e xshared: Implement xtables lock timeout using signals
a3980769 tests: NFLOG: enable `--nflog-range` tests
b8e8ac27 tests: support explicit variant test result
adb03c3f tests: add `NOMATCH` test result
7a006c7d tests: iptables-test: rename variable
b7f15b42 iptables.8: Describe the effect of multiple -v flags
1407a9c4 tests: iptables-test: Support variant deviation
fc8f7289 nft: cache: Dump rules if debugging
73b91292 nft: Add debug output to table creation
51d9d9e0 ebtables: Support verbose mode
ad1ed75f nft: Set NFTNL_CHAIN_FAMILY in new chains
17ed253f iptables-restore: Support for extra debug output
a761a026 nft: Use verbose flag to toggle debug output
98e69b7e nft: add support for native tcp flag matching
92808bd5 nft-shared: add tcp flag dissection
6aba94ef nft: prefer native expressions instead of tcp match
c034cf31 nft: prefer native expressions instead of udp match
5489493e nft-shared: support native udp port delinearize
5795a1b5 nft-shared: support native tcp port range delinearize
250dce87 nft-shared: support native tcp port delinearize
ea5d45dc extensions: libxt_NFLOG: fix typo
26ecdf53 xshared: Fix response to unprivileged users
b32ae771 build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with `LT_INIT`
05286bab extensions: libxt_NFLOG: remove extra space when saving targets with prefixes
f0d02998 extensions: libxt_NFLOG: fix `--nflog-prefix` Python test-cases
f9df828a extensions: libxt_NFLOG: disable `--nflog-range` Python test-cases
62ad29e9 extensions: libxt_NFLOG: don't truncate log prefix on print/save
db99f601 extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG
30b178b9 extensions: *NAT: Kill multiple IPv4 range support
7ee5b970 tests: iptables-test: correct misspelt variable
223f02ca nft: fix indentation error.
5c2c2eea ip6tables: Use the shared do_parse, too
9baf3bf0 iptables: Use xtables' do_parse() function
e4f5185d nft: Move proto_parse and post_parse callbacks to xshared
ded7b579 xshared: Store parsed wait and wait_interval in xtables_args
62c3c93d xshared: Move do_parse to shared space
3039a52c xtables: Do not pass nft_handle to do_parse()
ece001c2 xtables: Pass xtables_args to check_inverse()
17abaeb1 xtables: Pass xtables_args to check_empty_interface()
dc8d8fce xtables: Move struct nft_xt_cmd_parse to xshared.h
98a4462f xtables: Pull table validity check out of do_parse()
d83371c7 xtables: Drop xtables' family on demand feature
49aa44ba nft-shared: set correct register value
b129b1cf iptables-*-restore: Drop pointless line reference
316d8efb libxtables: Extend basic_exit_err()
4bff5aef xtables_globals: Embed variant name in .program_version
51e5d293 xshared: Share exit_tryhelp()
56ac0452 xshared: Share a common printhelp function
4149b5d8 xshared: Share print_match_save() between legacy ip*tables
273d88a7 extensions: tcpmss: add iptables-translate support
7213561d xshared: Make load_proto() static
cf14b92b nft-shared: Drop unused function print_proto()
24f30842 xshared: Share print_header() with legacy iptables
a323c283 xshared: Share print_fragment() with legacy
1d73cec0 xshared: Share print_rule_details() with legacy
e5fb9f8e xshared: Share save_ipv{4,6}_addr() with legacy
22f2e1fc xshared: Share save_rule_details() with legacy
766e4872 xshared: Share print_iface() function
b5881e7f nft: Change whitespace printing in save_rule callback
1189d830 xshared: Merge and share parse_chain()
1eab8e83 extensions: hashlimit: Fix tests with HZ=1000
afa525ee xlate-test: Print full path if testing all files
b8d5271d Unbreak xtables-translate
0af80a91 nft: Merge xtables-arp-standalone.c into xtables-standalone.c
142cf724 xtables: arptables accepts empty interface names
ab0a785a xtables: Derive xtables_globals from family
6cf3976e nft-shared: Make nft_check_xt_legacy() family agnostic
832a0e2b nft-arp: Introduce post_parse callback
0aea399d arptables: Use standard data structures when parsing
fe83b12f libxtables: Introduce xtables_globals print_help callback
0687852d xtables-standalone: Drop version number from init errors
dded8ff3 nft: Add family ops callbacks wrapping different nft_cmd_* functions
38e1fe58 xtables: Simplify addr_mask freeing
cfdda180 nft-shared: Introduce init_cs family ops callback
65b150ae xshared: Store optstring in xtables_globals
2e6014c7 nft: Introduce builtin_tables_lookup()
db90ff64 tests: shell: fix bashism
45d8f769 nft: Delete builtin chains compatibly
e865a853 nft-chain: Introduce base_slot field
f9b33967 nft: Check base-chain compatibility when adding to cache
43189612 nft: cache: Avoid double free of unrecognized base-chains
040a15f2 xtables-translate: add missing argument and option to usage
2ed6dc75 tests: iptables-test: Fix conditional colors on stderr
63ab4fe3 ebtables: Avoid dropping policy when flushing
b714d45d iptables-test.py: print with color escapes only when stdout isatty
481626bb tests: shell: Return non-zero on error
7559af83 tests: iptables-test: Exit non-zero on error
c057939d tests: xlate-test: Exit non-zero on error
a8da7186 tests: iptables-test: Print errors to stderr
5166c445 tests: xlate-test: Print errors to stderr
fa78ff15 tests: xlate-test: Don't skip any input after the first empty line
fcbe454b tests: iptables-test: Fix missing chain case
61e85e31 iptables-nft: allow removal of empty builtin chains
544e7dc1 Fix a few doc typos
e438b976 nft: Use xtables_{m,c}alloc() everywhere
ca11c7b7 nft: Use xtables_malloc() in mnl_err_list_node_add()
cf410aa6 extensions: libxt_mac: Fix for missing space in listing
7ae14dc1 iptables-test: Make netns spawning more robust
bef9dc57 extensions: hashlimit: Fix tests with HZ=100
943fbf3e ip6tables: masquerade: use fully-random so that nft can understand the rule
ef7781eb libxtables: exit if called by setuid executeable
8629c53f tests/shell: Assert non-verbose mode is silent
57d1422d nft: Fix for non-verbose check command
26318637 ebtables: Dump atomic waste
765bf04e doc: ebtables-nft.8: Adjust for missing atomic-options
e727ccad xtables: Call init_extensions6() for static builds
9e1fffdf extensions: libxt_multiport: add translation for -m multiport --ports
c8145139 extensions: libxt_conntrack: simplify translation using negation
1c934617 extensions: libxt_tcp: rework translation to use flags match representation
bb01e33d extensions: libxt_connlimit: add translation
62828a6a tests: xlate-test: support multiline expectation
ba863c4b libxtables: extend xlate infrastructure
68ed965b extensions: libxt_string: Avoid buffer size warning for strncpy()
9b85e1ab libxtables: Introduce xtables_strdup() and use it everywhere
ca840c20 extensions: libebt_ip6: Use xtables_ip6parse_any()
084671d5 iptables-apply: Drop unused variable
0729ab37 nft: Avoid buffer size warnings copying iface names
eab75ed3 nft: Avoid memleak in error path of nft_cmd_new()
ffe88f8f libxtables: Fix memleak in xtopt_parse_hostmask()
8bb5bcae extensions: libebt_ip6: Drop unused variables
97fabae7 libxtables: Drop leftover variable in xtables_numeric_to_ip6addr()
5818be17 extensions: sctp: Translate --chunk-types option
a61282ec extensions: sctp: Fix nftables translation
556f7044 Use proto_to_name() from xshared in more places
eea68ca8 ebtables-translate: Use shared ebt_get_current_chain() function
9dc50b5b xshared: Merge invflags handling code
3664249f xshared: Eliminate iptables_command_state->invert
f647f61f xtables: Make invflags 16bit wide
616800af extensions: SECMARK: Implement revision 1
1e984079 nft-arp: Make use of ipv4_addr_to_string()
acac2dbe Eliminate inet_aton() and inet_ntoa()
9084ef29 extensions: sctp: Explain match types in man page
a3e81c62 nft: Increase BATCH_PAGE_SIZE to support huge rulesets
fdf64dcd nft: cache: Sort chains on demand only
c5d9a723 fix build for missing ETH_ALEN definition
18d7535d extensions: libxt_conntrack: use bitops for status negation
18e334da extensions: libxt_conntrack: use bitops for state negation
831f57c7 libxtables: Simplify xtables_ipmask_to_cidr() a bit
46f9d3a9 xtables-translate: Fix translation of odd netmasks
330f5df0 nft: Fix bitwise expression avoidance detection
5f1fcace iptables-nft: fix -Z option
c9441657 include: Drop libipulog.h
30c1d443 ebtables: Exit gracefully on invalid table names
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changes
- Add configure commands to alter inventory TLVs
Fixes
- Update seccomp rules for newer kernel/libc
- Correctly handle an interface whose index has changed
- Don't send VLANs when there are too many
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changelog:
Assembler:
General:
* Add support for the LoongArch architecture.
* Add an option to control how multibyte characters are handled in
the assembler. Using the option warnings can be generated when
such characters are encountered in symbol names, or anywhere in
the input source file(s).
AArch64 and ARM:
* Add support for more system registers.
* Add support for Scalable Matrix Extension.
* Add support for Cortex-R52+, Cortex-A510, Cortex-A710,
Cortex-X2, Cortex-A710 cores.
* Add support for 'v8.7-a', 'v8.8-a', 'v9-a', 'v9.1-a',
'armv9.2-a' and 'armv9.3-a' architecture extensions.
X86:
* Add a command-line option to encode aligned vector move as
unaligned vector move.
* Add support for Intel AVX512_FP16 instructions.
* The outputs of .ds.x directive and .tfloat directive with hex
input have been reduced from 12 bytes to 10 bytes to match the
output of .tfloat directive.
Linker:
* Add support for the LoongArch architecture.
* Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
linker to pack relative relocations in the DT_RELR section.
* Add -z indirect-extern-access/-z noindirect-extern-access to x86
ELF linker to control canonical function pointers and copy
relocation.
Other Binary Tools:
* elfedit: Add --output-abiversion option to update ABIVERSION.
* Tools which display symbols or strings (readelf, strings, nm,
objdump) have a new command line option which controls how unicode
characters are handled. By default they are treated as normal for
the tool. Using --unicode=locale will display them according to
the current locale. Using --unicode=hex will display them as hex
byte values, whilst --unicode=escape will display them as escape
sequences. In addition using --unicode=highlight will display
them as unicode escape sequences highlighted in red (if supported
by the output device).
* readelf -r dumps RELR relative relocations now.
* Support for efi-app-aarch64, efi-rtdrv-aarch64 and
efi-bsdrv-aarch64 has been added to objcopy in order to enable
UEFI development using binutils.
* ar: Add --thin for creating thin archives. -T is a deprecated
alias without diagnostics. In many ar implementations -T has a
different meaning, as specified by X/Open System Interface.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add libatomic as dependency.
Changelog:
2022-04-10: v1.0.26
* Fix regression with transfer free's after closing device
* Fix regression with destroyed context if API is misused
* Workaround for applications using missing default context
* Fix hotplog enumeration regression
* Fix Windows isochronous transfer regression since 1.0.24
* Fix macOS exit crash in some multi-context cases
* Build fixes for various platforms and configurations
* Fix Windows HID multi-interface product string retrieval
* Update isochronous OUT packet actual lengths on Windows
* Add interface bound checking for broken devices
* Add umockdev tests on Linux
Signed-off-by: Nick Hainke <vincent@systemli.org>
Remove upstreamed patche:
- 001-Correct-a-typo-in-the-Changelog-and-clean-up-a-stray.patch
- 002-linux_usbfs-Fix-parsing-of-descriptors-for-multi-con.patch
Changelog:
2022-01-31: v1.0.25
* Linux: Fix regression with some particular devices
* Linux: Fix regression with libusb_handle_events_timeout_completed()
* Linux: Fix regression with cpu usage in libusb_bulk_transfer
* Darwin (macOS): Add support for detaching kernel drivers with authorization.
* Darwin (macOS): Do not drop partial data on timeout.
* Darwin (macOS): Silence pipe error in set_interface_alt_setting().
* Windows: Fix HID backend missing byte
* Windows: Fix segfault with libusbk driver
* Windows: Fix regression when using libusb0 driver
* Windows: Support LIBUSB_TRANSFER_ADD_ZERO_PACKET on winusb
* New NO_DEVICE_DISCOVERY option replaces WEAK_AUTHORITY option
* Various other bug fixes and improvements
Signed-off-by: Nick Hainke <vincent@systemli.org>
- Rearrange Makefile.
- Switch to codeload.github.com because it looks like new version are
not longer deployed at www.digip.org
Signed-off-by: Nick Hainke <vincent@systemli.org>
Remove upstreamed patches:
- 001-src-nl_extras.h-fix-compatibility-with-libnl-3.3.0.patch
Changes:
- examples: add README with details to the various examples
- examples: af_ieee802154_tx example
- examples: af_ieee802154_rx example
- examples: add af_packet_rx example
- examples: af_inet6_rx example
- examples: af_packet_tx example
- examples: af_inet6_tx example
- examples: add .gitignore file for examples directory
- src/nl_extras.h: fix compatibility with libnl 3.3.0
- wpan-ping: add the support to set wpan-ping interval
- wpan-ping: Add the filtering function for frame receiving
Signed-off-by: Nick Hainke <vincent@systemli.org>
- Use SPDX
- Add PKG_RELEASE
- Change wpan.cakelab.org to linux-wpan.org/wpan-tools.html
- Switch to github.com as PKG_SOURCE_URL
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changes:
1bb4162 libnl-3.7.0 release
897ec9c route: act: Allow full set of actions on gact,skbedit,mirred
00e46f1 Use print() function in both Python 2 and Python 3
083c1b6 sriov: fix setting ce_mask when parsing VF stat counter
2e9a4f7 Fix typos and errors
cc87ad2 changelog: update URL to git history
bde0b4c changelog: fix typos in ChangeLog
44988e6 route: format recently added code with clang-format
df6e38b route/act: add NAT action
7304c42 route: format recently added code with clang-format
f8eb218 cls: flower: extend flower API
e5dc111 flower: use correct attribute when filling out flags
df6058c tests: merge branch 'th/test-link'
9772c1d tests: add unit tests for creating links
4713b76 github: run unit tests several times and directly
8025547 github: export NLTST_SEED_RAND= to randomize unit tests
7efeca2 tests: add test utils
f6f4d36 tests: reformat unit test files with clang-format
135a706 utils: add _NL_AUTO_DEFINE_FCN_STRUCT() macro
0ea11be utils: add _nl_thread_local macro
9b04936 route: fix crash caused by parse_multipath() by wrong free()
2effffe route/link: Set the cache ops when cloning a link
5ecd56c route/link: add lock around rtnl_link_af_ops_put()
e1a077a route/link: avoid accessing af_ops after af_free() in rtnl_link_set_family()
3f4f1dd xfrm/sa: fix reference counters of sa selector addresses
d3c783f all: merge branch 'th/coverity-fixes'
23a75c5 xfrm: fix uninitalized variables in build_xfrm_ae_message()
d52dbcb route: fix check for NULL in nh_encap_dump()
1f61096 route/qdisc/mqprio: fix bufferoverflow and argument checking in rtnl_qdisc_mqprio_set_*()
f918c3a route/sriov: fix buffer overflow in rtnl_link_sriov_parse_vflist()
d4c7972 all: fix "-Wformat" warnings for nl_dump*()
6b2f238 netlink/utils.h: mark nl_dump() with __attribute__((format(printf,a,b)))
d3bd278 netlink/utils.h: add internal _nl_attribute_printf macro for public headers
a30b26d socket: workaround undefined behavior coverity warning in generate_local_port()
8acf6d5 nl-pktloc-lookup: fix buffer overflow when printing alignment
bf3585f route/link/sriov: fix initializing vlans in rtnl_link_sriov_clone()
dd06d22 route/qdisc/netem: fix bogus "%" in format string netem_dump_details()
f50a802 route/u32: fix u32_dump_details() to print data
fa79ee3 link/vrf: avoid coverity warning in rtnl_link_vrf_set_tableid() about CONSTANT_EXPRESSION_RESULT
31380f8 utils: suppress coverity warning in nl_cli_load_module() about leaked handle
aa398b5 route/ip6vti,ip6gre: fix printing invalid data in ip6{vti,gre}_dump_details()
40683cc netlink/private: add internal helper utils
6615dc0 route/link: workaround coverity warning about leak in rtnl_link_set_type()
ff5ef61 all: avoid coverity warnings about assigning variable but not using it
f58a3c0 route/mdb: check parser error in mdb_msg_parser() for nested MDBA_MDB attribute
46506d3 route/mdb: add and use rtnl_mdb_entry_free() internal helper method
46e85d2 route/mdb: fix leak in mdb_msg_parser()
b0641dd route/mdb: add _nl_auto_rtnl_mdb cleanup macro
d544105 route/mdb: fix buffer overflow in mdb_msg_parser()
4d12b63 tests: silently ignore EACCES for setting uid_map for test namespace
ec712a4 tests: cleanup unshare_user() and use _nltst_fclose()
85e3c5d tests: add _assert_nltst_netns() helper
39e4d8d github: test out-of-tree build and "--disable-static"
d63e473 github: build documentation in CI test
fa7f97f build: avoid building check-direct with --disable-static
8c741a7 tools: fix aborting on failure in "tools/build_release.sh" script
e2aa409 doc: fix markup error in "doc/route.txt"
4f3b4f9 doc: fix python2-ism in "doc/resolve-asciidoc-refs.py"
Signed-off-by: Nick Hainke <vincent@systemli.org>
Backport upstream fix to build on kernel 5.15.52 or later since kernel
devs backported newer functionality to older kernels.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Apply an upstream patch that removes unnecessary CFLAGs, avoiding
generation of incompatible code.
Commit 0bd5367233 is reverted so the
accelerated version builds by default on x86_64.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
*) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation would not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.
(CVE-2022-2097)
[Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]
Signed-off-by: Dustin Lundquist <dustin@null-ptr.net>
Make sure the 'configure' shell script finds the libintl when linking
the test programs for discovering libpcap and libbpf.
Reported-by: @trippleflux
Fixes: 6ad1bea2a6 ("xdp-tools: add package")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The SDK does not have the LLVM toolchain yet.
Hopefully fixes errors in the form:
xsk_def_xdp_prog.c:4:10: fatal error: 'bpf/bpf_helpers.h' file not found
#include <bpf/bpf_helpers.h>
Fixes: 6ad1bea2a6 ("xdp-tools: add package")
Signed-off-by: Nick Hainke <vincent@systemli.org>
Without this, WOLFSSL_HAS_DH can be disabled even if WOLFSSL_HAS_WPAS is
enabled, resulting in an "Anonymous suite requires DH" error when trying
to compile wolfssl.
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
Reviewed-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Changes between 1.1.1o and 1.1.1p [21 Jun 2022]
*) In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further bugs where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection have been
fixed.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-2068)
[Daniel Fiala, Tomáš Mráz]
*) When OpenSSL TLS client is connecting without any supported elliptic
curves and TLS-1.3 protocol is disabled the connection will no longer fail
if a ciphersuite that does not use a key exchange based on elliptic
curves can be negotiated.
[Tomáš Mráz]
Signed-off-by: Andre Heider <a.heider@gmail.com>
libjson-c is happy to pick up libbsd both on the host and target.
Reproducible with
make package/libbsd/compile;make package/libjson-c/compile
Also fixes host compilation on Arch Linux for a similar reason.
Undefined reference to arc4random.
Fixes: f3a198697f ("libjson-c: update to 0.16")
Acked-by: Thomas Huehn thomas.huehn@hs-nordhausen.de
Acked-by: Nick Hainke vincent@systemli.org
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Disable lz4 and lzo2 manually.
Fixes errors in the form of:
Package f2fsck is missing dependencies for the following libraries:
liblz4.so.1
liblzo2.so.2
Fixes: 8b9e806160 ("f2fs-tools: update to 1.15.0")
Acked-by: Thomas Huehn <thomas.huehn@hs-nordhausen.de>
Signed-off-by: Nick Hainke <vincent@systemli.org>
xdp-tools - Library and utilities for use with the eXpress Data Path:
Fast Programmable Packet Processing in the Operating System Kernel
* libxdp: library for attaching XDP programs and using AF_XDP sockets
* xdp-filter: a simple XDP-powered packet filter
* xdp-loader: an XDP program loader
* xdpdump: tool for capturing packets at the XDP layer
Thanks to Nick @PolynomialDivision Hainke for testing and fixing!
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Improvements
- Added an interface of raising des Strausses awareness.
- Added --tips option to print strace tips, tricks, and tweaks at the end of the tracing session.
- Enhanced decoding of bpf and io_uring_register syscalls.
- Implemented decoding of COUNTER_*, RTC_PARAM_GET, and RTC_PARAM_SET ioctl commands.
- Updated lists of BPF_*, BR_*, BTRFS_*, IFA_*, IFLA_*, IORING_*, KEY_*, KVM_*, MADV_*, and UFFD_* constants.
- Updated lists of ioctl commands from Linux 5.18.
Bug fixes
- Fixed printing of the updated value of union bpf_attr.next_id on the exiting of bpf(BPF_*_GET_NEXT_ID) calls.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Improvements
- Added 64-bit LoongArch architecture support.
- Extended personality designation syntax of syscall specification expressions to support all@pers and %class@pers.
- Enhanced rejection of invalid syscall numbers in syscall specification expressions.
- Implemented decoding of set_mempolicy_home_node syscall, introduced in Linux 5.17.
- Implemented decoding of IFLA_GRO_MAX_SIZE and TCA_ACT_IN_HW_COUNT netlink attributes.
- Implemented decoding of PR_SET_VMA operation of prctl syscall.
- Implemented decoding of siginfo_t.si_pkey field.
- Implemented decoding of LIRC ioctl commands.
- Updated lists of FAN_*, IORING_*, IOSQE_*, KEY_*, KVM_*, MODULE_INIT_*, TCA_ACT_*, and *_MAGIC constants.
- Updated lists of ioctl commands from Linux 5.17.
Signed-off-by: Nick Hainke <vincent@systemli.org>
The mac80211-hwsim and the Intel iwlwifi driver support ieee80211ax, add
the missing DRIVER_11AX_SUPPORT dependency too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fix:
- 001-dont-build-docs.patch
Remove upstreamed patch:
- 010-clang.patch
Changelog:
Deprecated and removed features:
--------------------------------
* JSON_C_OBJECT_KEY_IS_CONSTANT is deprecated in favor of
JSON_C_OBJECT_ADD_CONSTANT_KEY
* Direct access to lh_table and lh_entry structure members is deprecated.
Use access functions instead, lh_table_head(), lh_entry_next(), etc...
* Drop REFCOUNT_DEBUG code.
New features
------------
* The 0.16 release introduces no new features
Build changes
-------------
* Add a DISABLE_EXTRA_LIBS option to skip using libbsd
* Add a DISABLE_JSON_POINTER option to skip compiling in json_pointer support.
Significant changes and bug fixes
---------------------------------
* Cap string length at INT_MAX to avoid various issues with very long strings.
* json_object_deep_copy: fix deep copy of strings containing '\0'
* Fix read past end of buffer in the "json_parse" command
* Avoid out of memory accesses in the locally provided vasprintf() function
(for those platforms that use it)
* Handle allocation failure in json_tokener_new_ex
* Fix use-after-free in json_tokener_new_ex() in the event of printbuf_new() returning NULL
* printbuf_memset(): set gaps to zero - areas within the print buffer which
have not been initialized by using printbuf_memset
* printbuf: return -1 on invalid arguments (len < 0 or total buffer > INT_MAX)
* sprintbuf(): propagate printbuf_memappend errors back to the caller
Optimizations
--------------
* Speed up parsing by replacing ctype functions with simplified, faster
non-locale-sensitive ones in json_tokener and json_object_to_json_string.
* Neither vertical tab nor formfeed are considered whitespace per the JSON spec
* json_object: speed up creation of objects, calloc() -> malloc() + set fields
* Avoid needless extra strlen() call in json_c_shallow_copy_default() and
json_object_equal() when the object is known to be a json_type_string.
Other changes
-------------
* Validate size arguments in arraylist functions.
* Use getrandom() if available; with GRND_NONBLOCK to allow use of json-c
very early during boot, such as part of cryptsetup.
* Use arc4random() if it's available.
* random_seed: on error, continue to next method instead of exiting the process
* Close file when unable to read from /dev/urandom in get_dev_random_seed()
Signed-off-by: Nick Hainke <vincent@systemli.org>
Refresh:
- 100-portability.patch
Changelog:
ea4ea5e6 Document MacOS test workaround.
b14fc902 Add missing file fat-arm64.c to tar file.
6720f433 Update config.guess and config.sub to latest versions.
a2be57f0 NEWS entries for Nettle-3.8.
bff9a605 Update version numbers, for nettle-3.8.
36386678 Fix comment typo
e05fd5a9 Add ChangeLog entry for SM3 contribution.
8739faa8 Document cbc_aes128_encrypt, cbc_aes192_encrypt and cbc_aes256_encrypt.
efb2ec7f Deleted the manual's incomplete and out of date list of authors.
af38c91f New more accurate AUTHORS file.
ba084efa Fix ChangeLog typo.
0fff3097 ChangeLog entries for s390x ghash update.
75b687a8 Fix comment typo.
5d0089ed Refactor s390x-specific code for new ghash organization
2aabd5e2 ppc: Update fat setup for new ghash organization.
8f5fddfb ppc: Update vpmsumd ghash to new organization.
1227381e Comment fix.
9939f866 arm64: Update fat setup for new ghash organization.
ab62f731 Fix comment error
b1645555 arm64: Update pclmul ghash to new organization.
6b80b889 Update fat setup for new ghash organization.
d382fcc0 Delete _ghash_digest.
d11c4cd9 x86_64: Update pclmul ghash to new organization.
f79cc0c1 x86_64: Update table-based ghash to new organization.
bdc2fc31 Move _ghash_digest.
1d438ad4 Refactor GCM C implementation.
bdf820df New function block16_zero.
d966ea0d Delete code for GCM_TABLE_BITS != 8.
60edc290 x86_64: Fat setup for GCM.
be245313 Fix comment typo.
f8fa4f1f x86_64: Initial implementation of gcm using the pclmulqdq instructions.
23f75f58 Rearrange gcm configuration defines, and add tests for internal functions.
483ccbc9 Add tests for edge cases in poly1305 digest folding.
f3656a44 x86_64: Rewrite of poly1305 assembly.
b7268727 ChangeLog entry for arm64 implementation of chacha.
1d4a985c ChangeLog entries for new ppc64 ecc files.
99be366f ecc: Add powerpc64 assembly for ecc_448_modp
53f7ae66 Move a comment.
e643dcf1 ecc: Add powerpc64 assembly for ecc_25519_modp
741191d1 ecc: Add powerpc64 assembly for ecc_224_modp
4adcb4af Simplify poly1305-test, more use of tstring length.
b48217c8 Add randomized tests of poly1305.
dbf178c0 Arrange so that GMP or mini-gmp is always available for tests.
7d83510e ChangeLog entries for new ppc64 ecc files.
02bbf7d1 ecc: Add powerpc64 assembly for ecc_521_modp
2bc7dfad ecc: Add powerpc64 assembly for ecc_384_modp
9b6c0639 ecc: Add powerpc64 assembly for ecc_192_modp
39af7b2e [Arm64] Optimize Chacha20
c82876a5 [S390x] Alerting assembler of machine type
044d24b0 [S390x] Optimize Chacha20
94228f87 tests: Use inline function for dummy definition of test_randomize.
7926debe Share ecc point validation function in testutils.c.
25f73004 Whitespace cleanup
0ec184d8 ppc: Reduce number of registers used for ecc_secp256r1_redc.
c7cf1939 ppc: New configure test for ELFV2_ABI
f57640ea x86_64: Improved ecc_secp256r1_redc
dd65a63e ChangeLog for previous change.
ecd4eacf ppc: Add powerpc64 assembly for ecc_256_redc
b2758f7c doc: documentation for SM3 hash
0ea74c02 Comment improvements for x86_64 ecc_secp256r1_redc
78aabc69 nettle-benchmark: bench SM3 hashes
7f77ccb4 hmac: add support for SM3 hash function
e2edd9be testsuite: add test for SM3 hash function
b72886e5 Add OSCCA SM3 hash algorithm
d2e4e531 Delete function mpz_limbs_read_n.
dd566239 Delete function mpz_limbs_cmp.
07d5e755 gitlab-ci: Enable randomized tests
64ce8c77 Randomize more tests
a6f9bdeb Reduce allocation in modinv test
957482d9 Fix sqrt_ratio test for v = 0 case.
7f730943 Reduce allocation in sqrt tests
2c9a600d Move NETTLE_TEST_SEED logic to testutils.c.
48d61c28 Delete obsolete comment.
ac95be13 Fix and test for sqrt(0) special case.
ffe0f587 eccdata: Output ecc_sqrt_z and ECC_SQRT_E only when computed.
65c95c79 Fix comment typo.
8db66280 Let secp384r1 inverse and sqrt share most of the powering.
5b2758a3 eccdata: Delete generation of unused values ecc_sqrt_t and ECC_SQRT_T_BITS.
b3abfac5 eccdata: Generate both redc and non-redc versions of ecc_sqrt_z.
2dbe065d Implement secp224r1 square root, based on patch by Wim Lewis.
c8daa71c New function ecc_mod_equal_p, based on patch by Wim Lewis.
4be1725f New function ecc_mod_pow_127m1, used for ecc_secp224r1_inv.
4e987de3 Implement secp521r1 square root, based on patch by Wim Lewis.
2adc4268 Implement secp384r1 square root, based on patch by Wim Lewis.
bc07754f Implement secp256r1 square root, based on patch by Wim Lewis.
35f12552 Implement secp192r1 square root, based on patch by Wim Lewis.
c2726388 Renamed sqrt_itch --> sqrt_ratio_itch, and curve25519 and curve448 sqrt functions.
03421be1 Rename ecc sqrt --> sqrt_ratio.
652bdc79 New function ecc_mod_zero_p.
571d2cc2 [S390x] Improvements on documentation and instruction set usage for SHA3 permute
26b0f47b New function sec_zero_p.
259ec19a [S390x] Remove lgr instructions by using xgrk instead of xgr instruction
73722fb0 Rewrite of secp256r1 mod functions.
45028ff2 Extend ecc-mod-test, with improved coverage of corner cases.
806d6f6a [S390x] Optimize SHA3 permute using vector facility
78f44318 Change "signature on digest" --> "of digest".
0f90c076 Doc fixes.
52c86f94 Delete a few old FIXME comments
2b68ee47 Use @url and https consistently for references. Fix overlong lines.
ea4b2e86 Use texi2pdf to generate the pdf manual
54bbc09b ChangeLog entries for doc structure improvements.
cc92638c Divide Cipher section into menu and nodes, and some other minor fixes.
5e6af10b Delete explicit node pointers in nettle.texinfo
55584f4e Change CBC-AES interface
7a966ac3 Test AEAD encrypt/decrypt with message split into pieces.
686fd559 More checks for null pointers in test_aead, to silent static analyzer.
41a72c24 Fix checks of HAVE_NATIVE_cbc_aes*_encrypt
d5b0b9cb Fix fat builds for x86_64 windows
419d7af5 x86_64: Fat setup for assembly CBC AES.
121290e0 x86_64: Assembly CBC AES aesni functions.
1f58b09c Add specialized functions for cbc-aes.
99dffa9c ChangeLog entries for recent contributions.
38092fde gitlab-ci: Use mini-gmp for big-endian powerpc64 cross build
4147279b gitlab-ci: Explicitly install cross libgmp-dev packages
8c2321d2 gitlab-ci: No-assembly cross-build for s390x, to test big-endian
d4cd2965 gitlab-ci: Delete mips build
9765f8b9 [S390x] Optimize SHA256 and SHA512 compress functions
463553ae x86_64: New 2-way aesni loop also for aes256
c7391e5c x86_64: Refactor aesni assembly, with specific functions for each key size.
4ea2a1f8 [S390x] Optimize SHA1 compress
a47813c2 [AArch64] Utilize AES 1-block macros in 4-block macros
5f7740a3 [AArch64] Load AES keys at function prologue
76c7418c ChangeLog entries for previous change.
f7bc3e1b [AArch64] Move AES round macros to machine.m4
39d1e2a3 [AArch64] Optimize AES with fat build support
b8054a1d [S390x] Optimize memxor3 using vector facility with fat support
422219fe [S390x] Optimize memxor
3900fe65 Add fat-s390x.c to OPT_SOURCES.
c2f16582 Fix name of s390x/fat directory in make dist target.
4fc00c4d [S390x] add FAT_TEST_LIST variable to enable fat build testing
856c62ef [S390x] Replace inline assembly and fix fat filenames
3be3ff3e [S390x] Fat build support for AES and GHASH
9f9d4c4b arm64: Add sha2 to aarch64 fat tests.
774917ec ChangeLog entry for arm64 sha256..
7b446327 [AArch64] Fat build support for SHA-256 compress
6c84092d [S390x] wipe parameter block content and leftover bytes of data from stack
7d301d93 [S390x] wipe hash subkey from stack once GHASH operation completed
d1c8417f [AArch64] Optimize SHA-256 compress
33bfc509 [S390x] Use uppercase for macro names in machine.m4 and enhance the documentation for GHASH implementation
94be863c Add sha1 to aarch64 fat tests.
6c89ed3c ChangeLog entry for previous change.
e5a9dbf4 arm64: Fat build support for SHA1 compress
530e4c8d [S390x] Update configure.ac and Makefile.in
b0525367 [S390x] Implement alloc_stack and free_stack macros in machine.m4
72448928 [S390x] Optimize GHASH
20fedc01 Update Nettle-3.7.3 NEWS.
c80961c6 Add input check to rsa_decrypt family of functions.
cd6059ae Change _rsa_sec_compute_root_tr to take a fix input size.
401e0bdd Fix comment typos.
fd6d9ba7 Add check that message length to _pkcs1_sec_decrypt is valid.
e60d8367 ChangeLog entry for arm64 sha1.
47cafcf2 aarch64: Optimize SHA1 Compress
a46a17e9 Fix C++-style comments
022e51a2 ChangeLog entries for aes keywrap.
0145efbc Implement aes key wrap and key unwrap (RFC 3394)
61bcbbf8 gitlab-ci: Explicitly pass --enable-s390x-msa to s390x build.
3b1bb7cb Fix comment typo.
c23701f3 Reorder and indent asm_replace_list.
c2a14fa3 ChangeLog entry for new s390x AES implementation.
1f38723e Append s390x-specific asm file names to asm_replace_list in configure.ac
71dafe91 [S390x] Basic AES-192 and AES-256 optimizations
8247fa21 ppc: Fix macro name SWAP_MASK to use all uppercase.
b9f0ede2 Update config.guess and config.sub.
46515038 [S390x] Basic AES-128 optimization
f4dc5f20 Split aes-encrypt.c and aes-decrypt.c into one file per key size.
0bff7a2b Initial config for s390x, contributed by Mamone Tarsha.
06d6ef33 nettle-benchmark: avoid -Wmaybe-uninitialized warnings
dda3f4fd gitlab-ci: Fix only: variables: check, and quote variables.
c2b56cd7 gitlab-ci: Use pipeline variable S390X_ACCOUNT
c25774e2 gitlab-ci: Add remote tests for s390x.
d5972ced Add forward declaration of struct aes_table.
085317d6 ChangeLog entries for arm64 fat build.
944881d7 ChangeLog entry for nettle-3.7.2 release
f9e0e1f4 NEWS entries for 3.7.2.
1585f6ac [AArch64] Support fat build for GCM optimization
03b8ba39 [AArch64] Use m4 macros in gcm-hash.asm and add documentation comments
3f43c143 [AArch64] Update README to be on par with other architectures
b30e0ca6 Fix canonical reduction in gostdsa_vko.
d9b564e4 Similar fix for eddsa.
fbaefb64 Analogous fix to ecc_gostdsa_verify.
c24b3616 Ensure ecdsa_sign output is canonically reduced.
2397757b Fix bug in ecc_ecdsa_verify.
5b7608fd Use ecc_mod_mul_canonical for point comparison.
2bf497ba New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical.
a471ae85 aarch64: Rename arm64/v8/ --> arm64/crypto/
0489825e aarch64: Use .arch armv8-a+crypto directive.
d32152f4 aarch64: Move m4 definitions after .file directive
f3dda9f4 ChangeLog entries for arm64 gcm_hash.
b098f19b arch64: Fix clang build
fd9dd9d7 arch64: Fix copyright line and typos
a3f91c0e aarch64: Adjust gcm-hash assembly for big-endian systems
09d77a10 aarch64: Implement GHASH using the crypto extension pmul instructions.
0c5429d3 aarch64: Add README
dbd16501 Add an empty machine.m64 to make configure happy
ebf9ae83 Recognize arm64 in configure
Signed-off-by: Nick Hainke <vincent@systemli.org>
Adjust
- 100-tcpdump_mini.patch
Remove upstreamed patches:
- 101-CVE-2020-8037.patch
- 102-CVE-2018-16301.patch
Changelog:
Wednesday, June 9, 2021 by gharris
Summary for 4.99.1 tcpdump release
Source code:
Squelch some compiler warnings
ICMP: Update the snapend for some nested IP packets.
MACsec: Update the snapend thus the ICV field is not payload
for the caller.
EIGRP: Fix packet header fields
SMB: Disable printer by default in CMake builds
OLSR: Print the protocol name even if the packet is invalid
MSDP: Print ": " before the protocol name
ESP: Remove padding, padding length and next header from the buffer
DHCPv6: Update the snapend for nested DHCPv6 packets
OpenFlow 1.0: Get snapend right for nested frames.
TCP: Update the snapend before decoding a MPTCP option
Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks
ForCES: Refine SPARSEDATA-TLV length check.
ASCII/hex: Use nd_trunc_longjmp() in truncation cases
GeoNet: Add a ND_TCHECK_LEN() call
Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES().
BGP: Fix overwrites of global 'astostr' temporary buffer
ARP: fix overwrites of static buffer in q922_string().
Frame Relay: have q922_string() handle errors better.
Building and testing:
Rebuild configure script when building release
Fix "make clean" for out-of-tree autotools builds
CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH.
Documentation:
man: Update a reference as www.cifs.org is gone. [skip ci]
man: Update DNS sections
Solaris:
Fix a compile error with Sun C
Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl.
Summary for 4.99.0 tcpdump release
CVE-2018-16301: For the -F option handle large input files safely.
Improve the contents, wording and formatting of the man page.
Print unsupported link-layer protocol packets in hex.
Add support for new network protocols and DLTs: Arista, Autosar SOME/IP,
Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand
(IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch
Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS,
ZigBee Encapsulation Protocol (ZEP).
Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP,
ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS,
NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD,
VXLAN-GPE.
User interface:
Make SLL2 the default for Linux "any" pseudo-device.
Add --micro and --nano shorthands.
Add --count to print a counter only instead of decoding.
Add --print, to cause packet printing even with -w.
Add support for remote capture if libpcap supports it.
Display the "wireless" flag and connection status.
Flush the output packet buffer on a SIGUSR2.
Add the snapshot length to the "reading from file ..." message.
Fix local time printing (DST offset in timestamps).
Allow -C arguments > 2^31-1 GB if they can fit into a long.
Handle very large -f files by rejecting them.
Report periodic stats only when safe to do so.
Print the number of packets captured only as often as necessary.
With no -s, or with -s 0, don't specify the snapshot length with newer
versions of libpcap.
Improve version and usage message printing.
Building and testing:
Install into bindir, not sbindir.
autoconf: replace --with-system-libpcap with --disable-local-libpcap.
Require the compiler to support C99.
Better detect and use various C compilers and their features.
Add CMake as the second build system.
Make out-of-tree builds more reliable.
Use pkg-config to detect libpcap if available.
Improve Windows support.
Add more tests and improve the scripts that run them.
Test both with "normal" and "x87" floating-point.
Eliminate dependency on libdnet.
FreeBSD:
Print a proper error message about monitor mode VAP.
Use libcasper if available.
Fix failure to capture on RDMA device.
Include the correct capsicum header.
Source code:
Start the transition to longjmp() for packet truncation handling.
Introduce new helper functions, including GET_*(), nd_print_protocol(),
nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others.
Put integer signedness right in many cases.
Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix
alignment issues, especially on SPARC.
Fix many C compiler, Coverity, UBSan and cppcheck warnings.
Fix issues detected with AddressSanitizer.
Remove many workarounds for older compilers and OSes.
Add a sanity check on packet header length.
Add and remove plenty of bounds checks.
Clean up pcap_findalldevs() call to find the first interface.
Use a short timeout, rather than immediate mode, for text output.
Handle DLT_ENC files *not* written on the same OS and byte-order host.
Add, and use, macros to do locale-independent case mapping.
Use a table instead of getprotobynumber().
Get rid of ND_UNALIGNED and ND_TCHECK().
Make roundup2() generally available.
Resync SMI list
against Wireshark.
Fix many typos.
Co-Developed-by: Ivan Pavlov <AuthorReflex@gmail.com>
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Release Notes:
- The libiconv library is now licensed under the LGPL version 2.1,
instead of the LGPL version 2.0. The iconv program continues to
be licensed under GPL version 3.
- Added converters for many single-byte EBCDIC encodings: IBM-{037,
273,277,278,280,282,284,285,297,423,424,425,500,838,870,871,875},
IBM-{880,905,924,1025,1026,1047,1097,1112,1122,1123,1130,1132,1137,
1140}, IBM-{1141,1142,1143,1144,1145,1146,1147,1148,1149,1153,1154,
1155,1156,1157}, IBM-{1158,1160,1164,1165,1166,4971,12712,16804}.
They are available through the configure option
'--enable-extra-encodings'.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add patches:
- 100-configure.ac-fix-AC_ARG_WITH.patch
Remove upstreamed patches:
- 200-resize_f2fs-fix_wrong_ovp_calculation.patch
Changelog:
64f2596 f2fs-tools: upgrade version 1.15.0
d9d5b11 f2fs-tools: build silently
299c0b5 fsck.f2fs: fix broken file_map output
3af62be f2fs-tools: show segment/section layout correctly
4d9c009 f2fs-tools: use android config only if there's no config.h
0b9b89f dump.f2fs: compress: fix dstlen of LZ4_compress_fast_extState()
eee3969 mkfs.f2fs: check uuid library
e5fe1a2 f2fs-tools: use fsync() in Android
ea9921f f2fs-tools: support zoned device in Android
a8fefc2 android_config.h: add missing liblz4
0c54cf7 libf2fs_io: add unused mactor to avoid build failure
6eebd13 ci: Enable -Wall, -Wextra and -Werror
c491657 Fix PowerPC format string warnings
70e4139 Suppress a compiler warning about integer truncation
7a1206a Annotate switch/case fallthrough
b964b79 Change #ifdef _WIN32 checks into #ifdef HAVE_.*
28de4d1 tools/f2fs_io: Fix the type of 'ret'
fdff1ab fsck/segment.c: Remove dead code
ede3bde fsck/main.c: Suppress a compiler warning
93c6483 tools/f2fscrypt.c: Fix build without uuid/uuid.h header file
559e60e fsck: Remove a superfluous include directive
98f7f56 mkfs/f2fs_format.c: Suppress a compiler warning
ef011a4 configure.ac: Detect selinux/android.h
2e59ab8 configure.ac: Detect the sparse/sparse.h header
1790203 Fix the MinGW build
ecd27dc Use %zu to format size_t
24663b6 Include <stddef.h> instead of defining offsetof()
cdefef0 Move the be32_to_cpu() definition
1612bf9 Remove unnecessary __attribute__((packed)) annotations
7a5109f f2fs_fs.h: Use standard fixed width integer types
e61203c Suppress a compiler warning
9425b47 Verify structure sizes at compile time
006bb13 Change one array member into a flexible array member
cb4c5d6 ci: Build f2fstools upon push and pull requests
f3033fb Change the ANDROID_WINDOWS_HOST macro into _WIN32
87d7a95 Switch from the u_int to the uint types
c483354 configure.ac: Enable cross-compilation
3e97d07 configure.ac: Sort header file names alphabetically
91ba5e5 configure.ac: Enable the automake -Wall option
ae65a15 configure.ac: Remove two prototype tests
d24fd5c configure.ac: Stop using obsolete macros
6afcf64 libf2fs: don't allow mkfs / fsck on non power-of-2 zoned devices
c7757ec man: update mkfs.f2fs to give the default android option
46e1b83 f2fs-tools: use proper 64bit types for PPC
97ce230 mkfs.f2fs: fix wrong indentation and clean up
0d3d26d mkfs.f2fs: set project quota by default for -g android for v4.14+
1de1db8 f2fs-tools: add atomic write related options to f2fs_io write command
85cd72a mkfs.f2fs: set required quota types only
028af9f fsck.f2fs: Add progression feedback
972d710 fsck.f2fs: do not assert if i_size is missing i_blocks in symlink
f63551b f2fs-tools: separate other bugs in fsck_verify
ade81b9 f2fs-tools: remove false failure alarm when fixing quota
99bc497 f2fs-tools: fall back to the original version check when clock_gettime is not supported
1603a3d mkfs.f2fs: wipe other FS magics given -f
63d5004 fsck.f2fS: is_valid_summary(): check whether offset is out of bounds
3fd996c Avoid redefined ALIGN_UP
1edc138 fsck.f2fs: Update the usage about option of preen mode
49159df f2fs-tools: change fiemap print out format
8bcb58e f2fs_io: add rename w/ fsync option
9429e86 fsck.f2fs: add basic compress related check/fix
529967e f2fs-tools: make fiemap command in accordance with uapi
1228009 f2fs-tools: rebuild the quota inode if it is corrupted
9ee091e f2fs-tools: add periodic check in kernel version check
1bc7658 dump.f2fs: minor clean ups
69952e3 f2fs-tools: fix wrong value of reserve_new_block parameter in page_symlink
76d2a91 f2fs-tools: add extent cache for each file
8d464ee f2fs-tools: fix wrong file offset
acd2518 fsck|dump.f2fs: add -M to get file map
027488e mkfs.f2fs: remove android features for RO
e01ad31 f2fs-tools: fix metadata region overlap with zoned block device zones
f3b93bf sload.f2fs: Reword "IMMUTABLE" in strings/comments
820b5e3 sload.f2fs: use F2FS_COMPRESS_RELEASED instead of IMMUTABLE bit
1d2683f f2fs-tools: support small RO partition
a9594c6 fsck.f2fs: add "-l" to show the layout information
38e3115 f2fs_io: add to show immutable bit
6afd3e9 tools: Introduce f2fslabel
3218ff9 f2fs-tools: correct get kernel version logic
19d49b5 dump.f2fs: fix memory leak caused by dump_node_blk()
15d4d7b fsck.f2fs: fix memory leak caused by fsck_chk_orphan_node()
1900c22 mkfs.f2fs: fix memory leak in not enough segments error path
5cc365c resize.f2fs: fix memory leak caused by migrate_nat()
870915f f2fs_io: split definition check for crypto ioctl
91f9db2 fsck.f2fs: update kernel version in superblock on forced check
1531853 f2fs_io: Add get file name encryption mode
3bfcca8 f2fs-tool: increase debug level from 0 to 1 in migrate_block
5263ae2 resize.f2fs: fix to check free space before shrink
159752d resize.f2fs: fix wrong sit/nat bitmap during rebuild_checkpoint()
98e6463 resize.f2fs: add force option to rewrite broken calculation
f056fbe resize.f2fs: fix wrong ovp calculation
80dba0f Add -P option to preserve file owner
f0fda11 libf2fs: fix memory leak caused by get_rootdev()
5144f2f mkfs.f2fs: add VM disk files to hot data types
73c0871 libzoned: use blk_zone_v2 and blk_zone_report_v2 by default
9cb5150 f2fs-tools: fix wrong blk_zone_rep_v2 definition
15474db mkfs.f2fs: allocate zones together to avoid random access
316e128 mkfs.f2fs: adjust zone alignment when using multi-partitions
cc57f2c fsck.f2fs: fix alignment on multi-partition support
ff7172e f2fs-tools: Miscellaneous cleanup to README.
2b26417 mkfs.f2fs.8: Better document the -g argument.
e05afe5 mkfs.f2fs.8: fix formatting for -l parameter in man page
747b74c f2fs-tools: Make sload.f2fs reproduce hard links
b585244 f2fs-tools:sload.f2fs compression support
7b63f7b f2fs_io: add compress/decompress commands
457392a f2fs-tools: Added #ifdef WITH_func
d322d47 f2fs-tools: fix a few spelling errors in f2fs-tools
fcd5cd0 f2fs-tools: skipped to end on error syntax error
31d30f0 mkfs.f2fs: show a message when compression is enabled
1d4c7e7 f2fs_io: add get/set compression option
4bd7008 Fix ASSERT() macro with '%' in the expression
ca0ed8a f2fs-toos: fsck.f2fs Fix bad return value
c954e7c fsck.f2fs: do xnid sanity check only during fsck
1bfc173 f2fs_io: add erase option
e59bb17 mkfs.f2fs.8: document the verity feature
8fd836f fsck: clear unexpected casefold flags
1a7415a mkfs.f2fs: add -h and --help
717d70d f2fs_io: change fibmap to fiemap
Signed-off-by: Nick Hainke <vincent@systemli.org>
This enables building WolfSSL with Curve448, which can be used by
Strongswan. This has been tested on a Linksys E8450, running OpenWrt
22.03-rc4.
This allows parity with OpenSSL, which already supports Curve448 in
OpenWrt 21.02.
Fixesopenwrt/packages#18812.
Signed-off-by: Joel Low <joel@joelsplace.sg>
Remove upstreamed patch:
- 100-build-add-Libs.private-field-in-libnl-pkg-config-file.patch
cacaa5f libnl-3.6.0 release
855c02f route/mdb: merge branch 'troglobit:mdb-dump-fixes'
930fc11 route/mdb: add support for MAC multicast entries
2d68caf route/mdb: add missing detils and stats dump callbacks
d9ed99b nl-monitor: support for setting libnl debug level
4c41e0d nl-monitor: add missing --help to long_opts[]
7e96356 Check validation type against end of enum
4e153bc route/link: add VLAN bridge binding flag
b7256d3 github: build unit tests also with "clang"
8111933 route: assert that "rtnl_link_info_ops" refcount does not drop below zero
4f5c846 lib: merge branch 'th/object-clone-fixes'
d23fb81 lib: make nl_object_clone() out-of-memory safe
7f7452c route: fix ref counting for l_info_ops and io_clone()
620d024 route: drop unnecessary oo_clone() implementation from netconf
93a02eb netfilter: make log-msg,queue-msg setters robust against ENOMEM
23902d0 xfrm/sa: clone user_offload in xfrm_sa_clone()
29e5092 xfrm/sa: style cleanup xfrm_sa_clone()
14a9ebc utils: add internal _nl_memdup() helper
2e0d7f8 lib: add rtnl_link_info_ops_get() and take lock for rtnl_link_info_ops's io_refcnt
e884286 lib: include <netlink-private/utils.h> in <netlink-private/netlink.h>
7d43191 tests: merge branch 'th/tests-netns'
a7bbdab tests: add unit test for nl_object_clone() and nl_object_diff()
fdb0121 tests: add new "netns" test suite
9102872 tests: add fixture/teardown for tests to run in separate netns
9a42798 tests: cleanup creating test suites
1fc3e07 tests: refactor tests and add n-test-util helper library
7a3d6e2 netlink: add _NL_N_ELEMENTS() macro
3da4f7d netlink: add _nl_streq()/_nl_streq0() helper
1ad8555 netlink: add _nl_auto_nl_socket cleanup macro
c8a5729 lib: add _nl_close() helper
80868e6 clang-format: add ".clang-format" from linux kernel
2782ed3 github: build tests with "-std=gnu11"
af59b9a github: split tests in separate steps
c8f7902 build: add "check-progs" make target to build unit tests
23b4d33 route/cls: add TCA_FLOWER_KEY_VLAN_ETH_TYPE to "flower_policy" policy
1f8dc89 route/cls: return -NLE_INVAL in case rtnl_tc_data_peek() fails
ef5f3eb route/cls: merge branch 'westermo:cls-flower'
c385c84 route/cls: no need to copy simple fields in flower_clone()
79217d8 route/cls: make output pointers in rtnl_flower_get_{src,dst}_mac() optional
64e0836 route/cls: adjust whitspace/indentation
5ac9ce3 route/cls: use SPDX-License-Identifier
1a1c4e5 route/cls: reorder fields in "struct rtnl_flower" and adjust indentation
ef46de1 route/cls: add flower classifier
f0aad20 route: merge branch 'pugo:master'
d0cfecc route: make argument of rtnl_link_can_set_{bittiming,data_bittiming}() const
6a92268 route: add rtnl_link_can_set_data_bittiming_const()
841553b route: drop bitrate,sample-point getters/setters from can link
37998f7 route: rename rtnl_link_can_get_data_bt_const() to rtnl_link_can_get_data_bittiming_const()
96d3a6b route: fix adding rtnl_link_can_* symbols to symbol file
881e329 route: fix indentation
37c10ef route/link: add CAN FD support
d56bf73 route/mdb: merge branch 'rubensfig:mdb'
e0b2406 route/mdb: drop setting ifindex in mdb_clone()
d78a6eb route/mdb: minor cleanup in "mdb.c"
57a6d51 route/mdb: drop extra MDB attributes and rework mdb_compare()
0b44562 route/mdb: hide rtnl_mdb_entry_alloc() from public API
1c65ff7 route/mdb: reorder fields in "rtnl_mdb_entry" for tighther packing
1ac5403 route/mdb: use nl_list_for_each_entry_safe() for destroying list in mdb_free_data()
92035e2 route/mdb: cleanup mdb.h header
6237621 build: sort file names in Makefile.am
0ec6c6c mdb: support bridge multicast database notification
c980034 route/cls: merge branch 'westermo:classifier-api-extension'
a694c33 route/cls: rename rtnl_cls_get{,_by_prio}() API to rtnl_cls_find_by{handle,prio}()
88a5138 route/cls: allow fetching of classifiers from cache
90577b5 route: merge branch 'TummyFish:master'
299f61a license: use SPDX license identifiers and drop license comments
05a540d ip6vti: Add fwmark API
41e4365 ip6gre: Add fwmark API
ebc7df3 sit: Add fwmark API
8e1da8e ipip: Add fwmark API
bda19be ip6_tnl: Add fwmark API
cdc6c0f ipvti: Add fwmark API
2995710 ipgre: Add fwmark API
d9dc6c2 ip6vti: Add IPv6 VTI support
be86170 license: use SPDX license identifiers and drop license comments
919d9c6 route: merge branch 'westermo:fib-lookup'
1ff9b38 route/route: don't report failure when we receive a route in rtnl_route_lookup()
53bc27e route/route: support FIB lookups using rtnl
ed76b9a build: sort files in Makefile.am
46b22c1 route/link: merge branch 'westermo:team-support'
586a6b6 build: fix new symbols in "libnl-route-3.sym"
831f125 route/link: add support for team device
6c59580 route/link: Move LINK_ATTR_IFNAME to a proper location
f77cd25 route/netconf: full API export
f59f443 build: add Libs.private field in libnl pkg-config file
b3333e0 route/qdisc: allow fetching qdiscs by their kind
9a39188 netlink: merge branch 'michael-dev:feature/nflog-vlan-v3'
a93fc5f nflog: add recent missing symbols to "libnl-nf-3.sym"
7b4df53 nflog: add missing symbols to "libnl-nf-3.sym"
8266436 nflog:add conntrack flag and enable flags for nflog
246904d nflog: add CT support
59fc1d7 nflog: add mac_header support
c268c48 nflog: add vlan attribute
2548468 refresh linux/netfilter/nfnetlink_log.h with linux 5.4
4edffbd route/link: Add IPv6 GRE support
5d69587 route: add global sectin in "libnl-route-3.sym"
d0cf3a9 neigh: support to add fdb entry
3bf0a9c cls:u32: fix u32_clone() function
3147d86 route:tc: fix rtnl_tc_clone() calling to_clone() and add comment
c027e54 route:cls: fix dangling pointers in to_clone() implementations
47c04fb route:act: drop unnecessary implementations for to_clone()
79f7c9d tests: add test for cloning cls:u32 object
b1caff8 github: run unit tests under valgrind
38b3be3 tests: cleanup tests and avoid leaks
c2b94b9 lib: add more _nl_auto* cleanup macros
1f05e5a tests: replace libcheck's fail_if() macro by ck_assert*()
6341d89 log: fix typo in dumping msg
bfee88b route: fix memory leak of l_info_ops in link_msg_parser()
431ba83 route: merge branch 'qbdwlr:mplsPR'
cc680d4 route: add accessors for setting/getting ENCAP_MPLS attributes
efe8aad route: remove incorrect nl_addr_valid() from rtnl_route_nh_set_newdst(), etc.
0688bc6 netfilter/ct: fix use of reply/orig for conntrack requests
5d92516 route: don't use internal bit mask constants in NLA_PUT in can_put_attrs()
6fe9418 lib: fix descriptions for nl_cache_pickup()/nl_cache_pickup_checkdup()
d0d91c7 route: merge branch 't0mmmy90:check-if-nh-exists-while-updating-ipv6-multipath-route'
28a652b route: fix duplicate check for next hop for IPv6 multipath routes
03bfd2f route: check if nh exists while updating route
92c9237 ci: add github-actions
3d1fb00 tests/check-addr: replace deprecated fail_if() macro from libcheck with ck_assert_msg()
d9cad53 xfrm: fix naming consistency in xfrmnl_sp_get_curlifetime()
c0e82db cli: Add C++ linkage support
000a3bd yyerror: update to POSIX standard
f865a99 xfrm: merge branch 'spellingmistake:master'
0306ae2 xfrm: fix libnl-xfrm-3.sym linker versioning
8950194 xfrm: ensure minlen in policy for XFRMA_OFFLOAD_DEV
c8f33a4 xfrm: Add support for xfrm user offloading
b6cc13d Supporting Hardware offload capability for MACsec
39944c6 route/link: check calloc() return value
12cc0aa zero stack allocated memory in xfrmnl_build_sa_delete_request
5f39502 merge branch 'bengal/coverity'
26f342d route/qdisc: handle error of calloc()
d1a151e route/qdisc: fix memory leak in netem.c
aa092d1 route/link: fix copy-paste error in geneve.c
30552e8 route/cls: fix cgroup's clone() function
764c30a route: let route/link join RTNLGRP_IPV6_IFINFO mcast group
b24e833 doc: update link to mscgen-filter
0b5d17d addr: merge branch 'lcrestez-dn:dadfailed'
30924e7 tests: Add test for rtnl_addr_flags2str
5c05c75 addr: Add address flag `dadfailed`
2abeec8 xfrm: remove superfluous xfrm_userpolicy_id from dump request
5611487 lib/trivial: whitespace
ab015e1 lib: merge branch 'th/object-identical-fix'
36b0894 lib: allow to compare incomplete objects in nl_object_identical()
5020077 lib: let nl_object_identical() declare the same object as identical
406ebc8 lib: fix using right compare mask in nl_object_diff64()
8637c70 lib/trivial fix indentation
4be6062 route/link: avoid cloning link policy in link_msg_parser()
ba3c51c route/link: fix link_msg_parser() for using the af_ops of the link family
f9d0181 lib: use proper int type for id attributes in nl_object_identical()
68b3431 lib: fix documentation of nl_cache_dump_filter to have @params optional
2375cde lib: fix spelling errors in "netlink/handlers.h"
3faf26c gitignore: fix ignoring check-direct build artifacts
47fb1c0 xfrm: remove superfluous xfrm_usersa_id from dump request
846d288 travis: install "check" in travis
d64a0ec route: convert non-leading tabs to spaces in "include/netlink/route/link.h"
aaefd92 route: add test for valid content of map_stat_id_from_IPSTATS_MIB_v2 array
bab9e77 route/link: add RTNL_LINK_REASM_OVERLAPS stat
bae11ec tests: add "check-direct" test
2d50b04 route: add "netlink-private/route/utils.h" header
9a52b3d gitignore: merge all gitignore files in top level directory
4c5f2d6 merge branch 'th/license-comment-cleanup'
2d3e690 license: update "doc/COPYING" license text
1389188 license: add SPDX license identifer to "configure.ac" files
503aa5e license: fix and add SPDX license identifiers and drop license comments
4333aef license: cleanup copyright comments
956635b license: fix SPDX license identifier for nl-auto.h
5614b4c lib: merge branch 'th/cleanup-errout'
17e09aa rtnl/route: use cleanup attribute in "lib/route/link.c"
b50be8f rtnl/route: use cleanup attribute in "lib/route/route_obj.c"
fca338b rtnl/route: fix NLE_NOMEM handling in parse_multipath()
2957d8f rtnl/link: fix leaking rtnl_link_af_ops in link_msg_parser()
77b4f68 rtnl/route: only consider negative error codes as error
6870ece lib: cleanup nla_parse() to return early on error
a858a0b lib: use _nl_strncpy*() instead of plain strncpy()
018c694 lib: cleanup _nl_strncpy_assert()
e97b990 lib: rename _nl_strncpy() to _nl_strncpy_assert()
5ffbc6f lib: add _NL_RETURN_*() helper macros
abb7391 lib: add "include/netlink-private/nl-auto.h" header
ecd15bc lib: add _nl_assert_not_reached()
9cc38dc lib/route: adjust coding style
01ea9a6 route/link: Check for null pointer in macvlan
Signed-off-by: Nick Hainke <vincent@systemli.org>
Beeline SmartBox GIGA is a wireless WiFi 5 router manufactured by
Sercomm company.
Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 256 MiB, Nanya NT5CC128M16JR-EK
Flash: 128 MiB, Macronix MX30LF1G18AC
Wireless 2.4 GHz (MT7603EN): b/g/n, 2x2
Wireless 5 GHz (MT7613BE): a/n/ac, 2x2
Ethernet: 3 ports - 2xGbE (WAN, LAN1), 1xFE (LAN2)
USB ports: 1xUSB3.0
Button: 1 button (Reset/WPS)
PCB ID: DBE00B-1.6MM
LEDs: 1 RGB LED
Power: 12 VDC, 1.5 A
Connector type: barrel
Bootloader: U-Boot
Installation
-----------------
1. Downgrade stock (Beeline) firmware to v.1.0.02;
2. Give factory OpenWrt image a shorter name, e.g. 1001.img;
3. Upload and update the firmware via the original web interface.
Remark: You might need make the 3rd step twice if your running firmware
is booted from the Slot 1 (Sercomm0 bootflag). The stock firmware
reverses the bootflag (Sercomm0 / Sercomm1) on each firmware update.
Revert to stock
---------------
1. Change the bootflag to Sercomm1 in OpenWrt CLI and then reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
2. Optional: Update with any stock (Beeline) firmware if you want to
overwrite OpenWrt in Slot 0 completely.
MAC Addresses
-------------
+-----+-----------+---------+
| use | address | example |
+-----+-----------+---------+
| LAN | label | *:16 |
| WAN | label + 1 | *:17 |
| 2g | label + 4 | *:1a |
| 5g | label + 5 | *:1b |
+-----+-----------+---------+
The label MAC address was found in Factory 0x21000
Notes
-----
1. The following scripts are required for the build:
sercomm-crypto.py - already exists in OpenWrt
sercomm-partition-tag.py - already exists in OpenWrt
sercomm-payload.py - already exists in OpenWrt
sercomm-pid.py - new, the part of this pull request
sercomm-kernel-header.py - new, the part of this pull request
2. This device (same as other Sercomm S2,S3-based devices) requires
special LZMA and LOADADDR settings for successful boot:
LZMA_TEXT_START=0x82800000
KERNEL_LOADADDR=0x81001000
LOADADDR=0x80001000
3. This device (same as several other Sercomm-based devices - Beeline,
Netgear, Etisalat, Rostelecom) has partition map (mtd1) containing
real partition offsets, which may differ from device to device
depending on the number and location of bad blocks on NAND.
"fixed-partitions" is used if the partition map is not found or
corrupted. This behavour (it's the same as on stock firmware) is
provided by MTD_SERCOMM_PARTS module.
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Operating Channel Validation (OCV) is a security feature designed to
prevent person-in-the-middle multi-channel attacks. Compile -basic and
-full variants with support for OCV. This feature can be configured in the
wireless config by setting ocv equal to one of the following values:
0 = disabled (hostapd/wpa_supplicant default)
1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the
driver indicates support for operating channel validation.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
Operating Channel Validation (OCV) is a security feature designed to
prevent person-in-the-middle multi-channel attacks. Compile the -basic and
-full variants of hostapd with this feature, and enable discovery of this
feature for future luci integration. OCV can be configured by setting ocv
equal to one of the following values in the wireless config:
0 = disabled (hostapd/wpa_supplicant default)
1 = enabled
2 = enabled in workaround mode - Allow STA that claims OCV capability to
connect even if the STA doesn't send OCI or negotiate PMF.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
c07f45927839 firmware: update mt7622 firmware to version 20220630
af406a2d1c36 mt76: do not use skb_set_queue_mapping for internal purposes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This external switch driver should be loaded on boot for network
support in failsafe mode.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This external switch driver should be loaded on boot for network
support in failsafe mode.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
In Turris MOX SDIO card [1], which uses Marvell 88W997 and its driver
mwifiex, you might get cryptic messages, which are not helpful to use.
@pali created patch, which improves messages by the driver and he will
send this to Linux kernel soon.
Before:
[ 81.026156] mwifiex_sdio mmc1:0001:1: CMD_RESP: cmd 0x20 error, result=0x1
After:
[ 15.784018] mwifiex_sdio mmc1:0001:1: CMD_RESP: cmd RF_ANTENNA (0x20) error, result=0x1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
SDIO chip 88W9997 from NXP [1] is quite limited by its firmware and
driver. Add hacky patch to allow up to 4 SSID instead of 3 SSID.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Add support for Methode euroDPU which is based on uDPU but does not
have a second SFP cage, instead of which a Maxlinear G.hn IC is used.
PHY mode is set to 1000Base-X despite Maxlinear IC being capable of
2500Base-X since until 5.15 support for mvebu is available trying to use
2500Base-X will cause buffer overruns for which the fix is not easily
backportable.
Installation instructions:
1. Boot the FIT initramfs image (openwrt-mvebu-cortexa53-methode_edpu-initramfs.itb)
2. sysupgrade using the openwrt-mvebu-cortexa53-methode_edpu-firmware.tgz
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
uDPU DTS has pending upstream fixups, so backport those as well as split
the DTS into a DTSI and DTS in preparation for euroDPU support which
uses uDPU as the base.
Ethernet aliases have not yet been sent upstream but will be soon in order
for U-boot to set the correct MAC on both ethernet interfaces instead of
just one.
Since U-boot environment now has its own partition, update the envtools
config script to search for it instead.
Patch hardcoding PHY mode is also not applicable anymore, so drop it and
set in the uDPU DTS directly.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
OpenWrt now uses firewall4 (nft) by default,
so iptables should also default to nftables backend.
When multiple packages provide the same virtual package,
opkg pick the first one by alphabetical order,
so we rename iptables-legacy to iptables-zz-legacy and add
iptables-legacy in PROVIDES.
We also need to remove IPTABLES_NFTABLES config as
this cause recursive dependencies.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Enabling mbo by default on 802.11ax devices breaks for encryption types
that do not enable 802.11w by default. Disable mbo by default to fix
this. Enabling mbo by default on 802.11ax devices was not explained in
the commit message anyway.
Fixes: 6eee983656 ("hostapd: introduce mbo option")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Introduce a new option background_radar to toggle hostapd's background
radar feature. Enabling this allows DFS CAC to run on dedicated radio RF
chains while the radio(s) are otherwise running normal AP activities on
other channels.
As OpenWrt configures hostapd to use a channel list even when a single
channel is configured, using this feature requires a list of channels in
/etc/config/wireless. Alternatively, channel can be set to auto.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Support the use of MBO in the bss_transition_request ubus method.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Introduce a new option mbo to toggle Multi Band Operation aka Agile
Multiband for a BSS.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Multi Band Operation is required for 802.11ax certification, so let's
enable it if 802.11ax support is enabled.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Multi Band Operation aka Agile Multiband introduces new Transition
and Transition Rejection Reason Codes that should improve client
steering. Add a config symbol to enable it, and enable it by default for
the full variants.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Enable ath10k offload by default. This improves wireless performance
without requiring user configuration.
This adds ath10k_core to the AUTOLOAD section so that the frame_mode
paramter can be added to /etc/modules.d and passed to the driver.
The frame_mode 2 enables ethernet mode on the firmware/driver.
This parameter is set by passing a different value to the frame_mode
value on kmod insmod.
Link to the original patchset:
https://patchwork.kernel.org/project/linux-wireless/cover/20220516032519.29831-1-ryazanov.s.a@gmail.com/
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Changes:
9c44557 opkg_remove: avoid remove pkg repeatly with option --force-removal-of-dependent-packages
2edcfad libopkg: set 'const' attribute for argv
This should fix the CI error in the packages repository, which happens with perl.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
9eabf30 Release version 5.18.
2b3ddcb ethtool: fec: Change the prompt string to adapt to current situations
d660dde pretty: add missing message descriptions for rings
aaeb16a pretty: support u8 enumerated types
6b320b8 rings: add support to set/get cqe size
41fddc0 update UAPI header copies
42e6c28 help: fix alignment of rx-buf-len parameter
e1d0a19 ethtool.8: Fix typo in man page
37f0586 Release version 5.17.
8c2984c strset: do not put a pointer to a local variable to nlctx
8fd02a2 ioctl: add the memory free operation after send_ioctl call fails
b9f25ea ethtool: Add support for OSFP transceiver modules
6e79542 features: add --json support
5ed5ce5 Merge branch 'next' into master
b90abbb man: document recently added parameters
51a9312 tunables: add support to get/set tx copybreak buf size
a081c2a rings: add support to set/get rx buf len
d699bab Merge branch 'master' into next
52db6b9 Merge branch 'review/module-extstate' into next
6407b52 monitor: add option for --show-module/--set-module
1f35786 ethtool: Add transceiver module extended state
2d4c5b7 ethtool: Add ability to control transceiver modules' power mode
005908b Update UAPI header copies
Signed-off-by: Nick Hainke <vincent@systemli.org>
WolfSSL is crashing with an illegal opcode in some x86_64 CPUs that have
AES instructions but lack other extensions that are used by WolfSSL
when AES-NI is enabled.
Disable the option by default for now until the issue is properly fixed.
People can enable them in a custom build if they are sure it will work
for them.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This reverts the airtime scheduler back from the virtual-time based scheduler
to the deficit round robin scheduler implementation.
This reduces burstiness and improves fairness by improving interaction with AQL.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
1696f9eb8b40 mt76: mt7915: do not copy ieee80211_ops pointer in mt7915_mmio_probe
a4db5869d660 mt76: mt7915: update mpdu density in 6g capability
500c18014d95 mt76: mt7915: add sta_rec with EXTRA_INFO_NEW for the first time only
3ef66fc7c714 mt76: do not check the ccmp pn for ONLY_MONITOR frame
dd682eead016 mt76: mt7915: update the maximum size of beacon offload
4fb991f2c997 mt76: mt7615: add sta_rec with EXTRA_INFO_NEW for the first time only
ba39ed3b44f1 mt76: mt76x02: improve reliability of the beacon hang check
fd8211cf7c59 mt76: mt7921: sync with updated patch
f2edd340ddb4 mt76: allow receiving frames with invalid CCMP PN via monitor interfaces
b6e865e2cc70 mt76: mt7615: fix throughput regression on DFS channels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The MAC can be stored in OTP memory or in flash memory, currently the
driver could read it only from OTP. Backport the patch allowing setting
the MAC address from flash. Some modules have the OTP programmed but
the ODM/OEM decided to overwrite it with value stored in flash.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
These narrowments are no longer useful, since there's no lower version
than 5.10 supported in tree.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Remove backport:
- 001-examples-compile-with-make-check.patch
87fdf683 build: Bump version to 1.0.3
c4ec825b nft: simplify chain lookup in do_list_chain
4f6724f1 intervals: fix compilation --with-mini-gmp
4c20fe95 json: update json output ordering to place rules after chains
57741350 netlink_delinearize: release last register on exit
d6fdb0d8 sets_with_ifnames: add test case for concatenated range
88b2345a segtree: add pretty-print support for wildcard strings in concatenated sets
806ab081 netlink: swap byteorder for host-endian concat data
c224aa6b intervals: deletion should adjust range not yet in the kernel
ea1f1c9f optimize: memleak in statement matrix
0a6dbfce optimize: merge nat rules with same selectors into map
743b0e81 optimize: do not clone unsupported statement
c8b35039 optimize: incorrect logic in verdict comparison
fc4da141 src: fix always-true assertions
d1289bff intervals: set on EXPR_F_KERNEL flag for new elements in set cache
721b9dec tests: add concat test case with integer base type subkey
22b750aa src: allow use of base integer types as set keys in concatenations
3ed9fada intervals: build list of elements to be added from cache
e45b4939 intervals: fix deletion of multiple ranges with automerge
3b7b22ae intervals: add elements with EXPR_F_KERNEL to purge list only
ea31855d netlink: remove unused argument from helper function
48204bd7 intervals: Simplify element sanity checks
ab1b21be intervals: unset EXPR_F_KERNEL for adjusted elements
e0beff27 src: restore interval sets work with string datatypes
3e8d934e intervals: support to partial deletion with automerge
7a6e1604 evaluate: allow for zero length ranges
3da9643f intervals: add support to automerge with kernel elements
7b061e63 mnl: update mnl_nft_setelem_del() to allow for more reuse
fdb8e0ff src: remove rbtree datastructure
81e36530 src: replace interval segment tree overlap and automerge
f1cc44ed src: add EXPR_F_KERNEL to identify expression in the kernel
ad43b84e segtree: add support for get element with sets that contain ifnames
06db2308 segtree: use correct byte order for 'element get'
4c6681a7 tests: add testcases for interface names in sets
5e393ea1 segtree: add string "range" reversal support
2fb4d7ea src: make interval sets work with string datatypes
403936c1 evaluate: string prefix expression must retain original length
ada50f84 segtree: split prefix and range creation to a helper function
ae7d32fc evaluate: keep prefix expression length
d2b23984 evaluate: make byteorder conversion on string base type a no-op
c36ecfc2 tests: py: Add meta time tests without 'meta' keyword
6fa4ff56 tests: py: Don't colorize output if stderr is redirected
f561a0cc tests: monitor: Hide temporary file names from error output
75fea8a5 tests: py: extend meta time coverage
4460b839 meta: fix compiler warning in date_type_parse()
02100978 meta: time: use uint64_t instead of time_t
4e0026dc include: add missing `#include`
ab74fb5b examples: add .gitignore file
bcad4761 tests: py: add inet/vmap tests
214494aa optimize: Restore optimization for raw payload expressions
82762ab6 src: allow to use integer type header fields via typeof set declaration
64bb3f43 src: allow to use typeof of raw expressions in set declaration
ff0f30e3 expression: typeof verdict needs verdict datatype
60f5c107 src: copy field_count for anonymous object maps as well
4cf97abf rule: Avoid segfault with anonymous chains
4e718641 evaluate: init cmd pointer for new on-stack context
1ea71c23 optimize: do not assume log prefix
3f36cc6c optimize: do not merge unsupported statement expressions
19960c8d optimize: incorrect assert() for unexpected expression type
3de1dbd2 optimize: more robust statement merge with vmap
99eb4696 optimize: fix vmap with anonymous sets
e8f0fa21 scanner: Fix for ipportmap nat statements
59d184be scanner: dup, fwd, tproxy: Move to own scopes
069a0450 scanner: meta: Move to own scope
2165324d scanner: at: Move to own scope
a67fce7f scanner: nat: Move to own scope
578467c1 scanner: policy: move to own scope
a1669709 scanner: flags: move to own scope
020372d9 scanner: reject: Move to own scope
543bf3c2 scanner: import, export: Move to own scopes
88105810 scanner: reset: move to own Scope
8a7e430a scanner: monitor: Move to own Scope
e5547017 scanner: rt: Extend scope over rt0, rt2 and srh
04c95f14 scanner: type: Move to own scope
62a95698 scanner: dst, frag, hbh, mh: Move to own scopes
a060d912 scanner: ah, esp: Move to own scopes
4e215fdf scanner: osf: Move to own scope
5166b298 scanner: dccp, th: Move to own scopes
3e04a6e2 scanner: udp{,lite}: Move to own scope
bbdcfbfa scanner: comp: Move to own scope.
232f2c32 scanner: synproxy: Move to own scope
26b53653 scanner: tcp: Move to own scope
f5722119 scanner: igmp: Move to own scope
a7d8cca9 scanner: icmp{,v6}: Move to own scope
5d837d27 src: add tcp option reset support
1d507ce7 build: explicitly pass --version-script to linker
e98a9b83 libnftables.map: export new nft_ctx_{get,set}_optimize API
9eb98b3b tests: add test case for flowtable with owner flag
18a08fb7 examples: compile with `make check' and add AM_CPPFLAGS
Signed-off-by: Nick Hainke <vincent@systemli.org>
4554ee652caf mt76: mt7921: fix warning Using plain integer as NULL pointer
a3f1d6ccf3ca mt76: mt7921: add missing bh-disable around rx napi schedule
9aeca2a5ce47 mt76: mt7921: get rid of mt7921_mcu_exit
fee8a5911c76 mt76: connac: move shared fw structures in connac module
db4d784ae7ba mt76: mt7921: move fw toggle in mt7921_load_firmware
16ab6bf49556 mt76: connac: move mt76_connac2_load_ram in connac module
29fd748801c6 mt76: connac: move mt76_connac2_load_patch in connac module
051c68d18214 mt76: mt7663: rely on mt76_connac2_fw_trailer
d6ae3505ac6c mt76: enable the VHT extended NSS BW feature
488a5ccc9762 mt76: mt7921: rely on mt76_dev in mt7921_mac_write_txwi signature
934029bb93e2 mt76: mt7915: rely on mt76_dev in mt7915_mac_write_txwi signature
ecefae4c7d72 mt76: connac: move mac connac2 defs in mt76_connac2_mac.h
b5eecc841df8 mt76: connac: move connac2_mac_write_txwi in mt76_connac module
012e619a07b9 mt76: connac: move mt76_connac2_mac_add_txs_skb in connac module
1b492be795ea mt76: mt7921: not support beacon offload disable command
f1f46d3b4b19 mt76: mt7921: fix command timeout in AP stop period
cae61112ef1d mt76: connac: move HE radiotap parsing in connac module
487674062643 mt76: connac: move mt76_connac2_reverse_frag0_hdr_trans in mt76-connac module
649bdc4983c4 mt76: connac: move mt76_connac2_mac_fill_rx_rate in connac module
cb75aaa39252 mt76: mt7921s: remove unnecessary goto in mt7921s_mcu_drv_pmctrl
e0eaf66eaebb mt76: mt7615: do not update pm stats in case of error
f8d125b4ea30 mt76: mt7921: do not update pm states in case of error
6329a834907e mt76: mt7921s: fix possible sdio deadlock in command fail
8a04f1b04662 mt76: mt7921: fix aggregation subframes setting to HE max
e52283439094 mt76: mt7915: disable UL MU-MIMO for mt7915
fd3958970e3d mt76: mt7921: enlarge maximum VHT MPDU length to 11454
18df38fe77f7 mt76: mt7915: get rid of unnecessary new line in mt7915_mac_write_txwi
149e95f5d7a6 mt76: connac: move mt76_connac_fw_txp in common module
899d192e8a79 mt76: move mt7615_txp_ptr in mt76_connac module
7184f0a6f6a5 mt76: connac: move mt76_connac_tx_free in shared code
c42d45278fa5 mt76: connac: move mt76_connac_tx_complete_skb in shared code
0993f4ef96f8 mt76: connac: move mt76_connac_write_hw_txp in shared code
467960fab791 mt76: connac: move mt7615_txp_skb_unmap in common code
2e758064b085 mt76: mt7915: rely on mt76_connac_tx_free
2065a7901671 mt76: move mcu_txd/mcu_rxd structures in shared code
576c1b7c472b mt76: move mt76_connac2_mcu_fill_message in mt76_connac module
7275f7758090 mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Document the ubus methods we added to hostapd so that people don't have
to read code to figure out which methods are available and what they do.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This adds a few fixes for compiling against Linux 5.10:
1. segment_eq() has been removed with upstream commit
428e2976a5bf7e7f5554286d7a5a33b8147b106a ("uaccess: remove
segment_eq") and can use uaccess_kernel() instead
2. ioremap_nocache() is removed and is now an alias for ioremap() with
upstream commit 4bdc0d676a643140bdf17dbf7eafedee3d496a3c ("remove
ioremap_nocache and devm_ioremap_nocache")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Existing conntracks will continue to be SNATed to 192.0.0.1 even after
464xlat interface gets teared down. To prevent this, matching
conntracks must be killed.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
On x86, when both CONFIG_GRUB_CONSOLE and CONFIG_GRUB_SERIAL are set (as
they are by default), the kernel command line will have two console=
entries, such as
console=tty0 console=ttyS0,115200n8
Failsafe was only running a shell on the first defined console, the VGA
console. This is a problem for devices like apu2, where there is only a
serial console and it appears on ttyS0.
Moreover, the console prompt to enter failsafe during boot was delivered
to, and its input read from, the last console= on the kernel command
line. So while the failsafe shell was on the first defined console, only
the last defined console could be used to enter failsafe during boot.
In contrast, the x86 bootloader (GRUB) operates on both the serial
console and the VGA console by virtue of "terminal_{input,output}
console serial". GRUB also provided an alternate means to enter failsafe
from either console. The presence of two console= kernel command line
parameters causes kernel messages to be delivered to both. Under normal
operation (not failsafe), procd runs login in accordance with inittab,
which on x86 specifies ttyS0, hvc0, and tty1, allowing login through any
of serial, hypervisor, or VGA console. Thus, serial access was
consistently available on x86 devices with serial consoles under normal
operation, except for shell access in failsafe mode (without editing the
kernel command line).
By presenting the failsafe prompt, reading failsafe prompt input, and
running failsafe shells on all consoles listed in /proc/cmdline,
failsafe mode will work correctly on devices with a serial console (like
apu2), and the same image without any need for reconfiguration can be
shared by devices with the more traditional (for x86) VGA console. This
improvement should benefit any system with multiple console= arguments,
including x86 and bcm27xx (Raspberry Pi).
Signed-off-by: Mark Mentovai <mark at moxienet.com>
adds `libusb-1.0.so` link on the target root again.
Fixes: 43539a6aab ("libusb: make InstallDev explicit")
Signed-off-by: Leo Soares <leo@hyper.ag>
(added fixed tag, reworded commit)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This backports encap offload support from upstream.
On some ath10k devices there can be about 10% improvement on tx throughput.
Users can turn it on by setting frame_mode=2.
Signed-off-by: Zhijun You <hujy652@gmail.com>
This adds support for the Netgear PGZNG1, also known as the ADT Pulse
Gateway.
Hardware:
CPU: Atheros AR9344
Memory: 256MB
Storage: 256MB NAND Hynix H27U2G8F2CTR-BC
USB: 1x USB 2.0
Ethernet: 2x 100Mb/s
WiFi: Atheros AR9340 2.4GHz 2T2R
Leds: 8 LEDs
Button: 1x Reset Button
UART:
Header marked JPE1. Pinout is VCC, TX, RX, GND. The marked pin, closest
to the JPE1 marking, is VCC. Note VCC isn't required to be connected
for UART to work.
Enable Stock Firmware Shell Access:
1. Interrupt u-boot and run the following commands
setenv console_mode 1
saveenv
reset
This will enable a UART shell in the firmware. You can then login using
the root password of `icontrol`. If that doesn't work, the device is
running a firmware based on OpenWRT where you can drop into failsafe to
mount the FS and then modify /etc/passwd.
Installation Instructions:
1. Interupt u-boot and run the following commands
setenv active_image 0
setenv stock_bootcmd nboot 0x81000000 0 \${kernel_offset}
setenv openwrt_bootcmd nboot 0x82000000 0 \${kernel_offset}
setenv bootcmd run openwrt_bootcmd
saveenv
2. boot initramfs image via TFTP u-boot
tftpboot 0x82000000 openwrt-ath79-nand-netgear_pgzng1-initramfs-kernel.bin; bootm 0x82000000
3. Once booted, use LuCI sysupgrade to
flash openwrt-ath79-nand-netgear_pgzng1-squashfs-sysupgrade.bin
MAC Table:
WAN (eth0): xx:xa - caldata 0x0
LAN (eth1): xx:xb - caldata 0x6
WLAN (phy0): xx:xc - burned into ath9k caldata
Not Working:
Z-Wave
RS422
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
(added more hw-info, fixed file permissions)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch adds support for the mainline kernel module for the PCA955x
LED driver. Note this requires i2c and GPIO support. Also worth calling
out this driver also enables GPIO support, depending on device tree
configuration.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
This row is no longer necessary as it was replaced by LOCALVERSION in
uboot.mk, which explicitly sets OpenWrt version to all U-boot packages accross
OpenWrt. [1]
[1] d6aa9d9e07
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
The MBL has a 512KiB Microchip SST39VF040 chip for uboot and
not much else.
Thanks to Ewald who figured out that the "jedec-probe" vs.
"jedec-flash" was the wrong binding. With this information
and the jedec-probe support enabled => the chip works.
| physmap-flash 4fff80000.nor_flash: physmap platform flash device: [mem 0x4fff80000-0x4ffffffff]
| Found: SST 39LF040
| 4fff80000.nor_flash: Found 1 x8 devices at 0x0 in 8-bit bank
Suggested-by: Ewald Comhaire <e.comhaire@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Hardware specification
----------------------
* RTL8382M SoC, 1 MIPS 4KEc core @ 500MHz
* 128MB DRAM
* 32MB NOR Flash
* 16 x 10/100/1000BASE-T ports
- Internal PHY with 8 ports (RTL8218B)
- External PHY with 8 ports (RTL8218B)
* 4 x Gigabit RJ45/SFP Combo ports
- External PHY with 4 SFP ports (RTL8214FC)
* Power LED
* Reset button on front panel
* UART (115200 8N1) via unpopulated standard 0.1" pin header marked J6
UART pinout
-----------
[o]ooo|J6
| ||`------ GND
| |`------- RX
| `-------- TX
`---------- Vcc (3V3)
Boot initramfs image from U-Boot
--------------------------------
1. Press Escape key during `Hit Esc key to stop autoboot` prompt
2. Press CTRL+C keys to get into real U-Boot prompt
3. Init network with `rtk network on` command
4. Load image with `tftpboot 0x8f000000 openwrt-realtek-rtl838x-d-link_dgs-1210-20-initramfs-kernel.bin` command
5. Boot the image with `bootm` command
To install, upload the sysupgrade image to the OEM webpage or sysupgrade
from the system running from initramfs image.
It has been developed and tested on device with F1 revision.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
[correct initramfs image name]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
4383528e0 P2P: Use weighted preferred channel list for channel selection
f2c5c8d38 QCA vendor attribute to configure RX link speed threshold for roaming
94bc94b20 Add QCA vendor attribute for DO_ACS to allow using existing scan entries
b9e2826b9 P2P: Filter 6 GHz channels if peer doesn't support them
d5a9944b8 Reserve QCA vendor sub command id 206..212
ed63c286f Remove space before tab in QCA vendor commands
e4015440a ProxyARP: Clear bridge parameters on deinit only if hostapd set them
02047e9c8 hs20-osu-client: Explicit checks for snprintf() result
cd92f7f98 FIPS PRF: Avoid duplicate SHA1Init() functionality
5c87fcc15 OpenSSL: Use internal FIPS 186-2 PRF with OpenSSL 3.0
9e305878c SAE-PK: Fix build without AES-SIV
c41004d86 OpenSSL: Convert more crypto_ec_key routines to new EVP API
667a2959c OpenSSL: crypto_ec_key_get_public_key() using new EVP_PKEY API
5b97395b3 OpenSSL: crypto_ec_key_get_private_key() using new EVP_PKEY API
177ebfe10 crypto: Convert crypto_ec_key_get_public_key() to return new ec_point
26780d92f crypto: Convert crypto_ec_key_get_private_key() to return new bignum
c9c2c2d9c OpenSSL: Fix a memory leak on crypto_hash_init() error path
6d19dccf9 OpenSSL: Free OSSL_DECODER_CTX in tls_global_dh()
4f4479ef9 OpenSSL: crypto_ec_key_parse_{priv,pub}() without EC_KEY API
b092d8ee6 tests: imsi_privacy_attr
563699174 EAP-SIM/AKA peer: IMSI privacy attribute
1004fb7ee tests: Testing functionality to discard DPP Public Action frames
355069616 tests: Add forgotten files for expired IMSI privacy cert tests
b9a222cdd tests: sigma_dut and DPP curve-from-URI special functionality
fa36e7ee4 tests: sigma_dut controlled STA and EAP-AKA parameters
99165cc4b Rename wpa_supplicant imsi_privacy_key configuration parameter
dde7f90a4 tests: Update VM setup example to use Ubuntu 22.04 and UML
426932f06 tests: EAP-AKA and expired imsi_privacy_key
35eda6e70 EAP-SIM peer: Free imsi_privacy_key on an error path
1328cdeb1 Do not try to use network profile with invalid imsi_privacy_key
d1652dc7c OpenSSL: Refuse to accept expired RSA certificate
866e7b745 OpenSSL: Include rsa.h for OpenSSL 3.0
bc99366f9 OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using TLS 1.0/1.1
39e662308 tests: Work around reentrant logging issues due to __del__ misuse
72641f924 tests: Clean up failed test list in parallel-vm.py
e36a7c794 tests: Support pycryptodome
a44744d3b tests: Set ECB mode for AES explicitly to work with cryptodome
e90ea900a tests: sigma_dut DPP TCP Configurator as initiator with addr from URI
ed325ff0f DPP: Allow TCP destination (address/port) to be used from peer URI
e58dabbcf tests: DPP URI with host info
37bb4178b DPP: Host information in bootstrapping URI
1142b6e41 EHT: Do not check HE PHY capability info reserved fields
7173992b9 tests: Flush scan table in ap_wps_priority to make it more robust
b9313e17e tests: Update ap_wpa2_psk_ext_delayed_ptk_rekey to match implementation
bc3699179 Use Secure=1 in PTK rekeying EAPOL-Key msg 1/4 and 2/4
d2ce1b4d6 tests: Wait for request before responding in dscp_response
Compile-tested: all versions / ath79-generic, ramips-mt7621
Run-tested: hostapd-wolfssl / ath79-generic, ramips-mt7621
Signed-off-by: David Bauer <mail@david-bauer.net>
Downstream projects might re-generate device-specific configuration
based on OpenWrt's defaults on each upgrade, thus being unaffected by
forward- as well as backwards-breaking configuration.
Add a new sysupgrade parameter, which allows sysupgrades between minor
compat-versions. Upgrades will still fail upon mismatching major compat
versions.
Signed-off-by: David Bauer <mail@david-bauer.net>
11f5c7b fw4.uc: fix zone helper assignment
b9d35ff fw4.uc: don't skip zone for unavailable helper
e35e26b tests: add test for zone helpers
a063317 ruleset: fix conntrack helpers
e1cb763 ruleset: reuse zone-jump.uc template for notrack and helper chain jumps
11410b8 ruleset: reorder declarations & output tweaks
880dd31 fw4: fix skipping invalid IPv6 ipset entries
5994466 fw4: simplify `is_loopback_dev()`
53886e5 fw4: fix crash in parse_cthelper() if no helpers are present
11256ff fw4: add support for configurable includes
3b5a033 tests: add test coverage for firewall includes
d79911c fw4: support sets with timeout capability but without default expiry
15c3831 fw4: add support for `option log` in rule and redirect sections
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Select matching U-Boot for both v1 and v2 variants.
Fixes: 15a02471bb ("mediatek: new target mt7622-ubnt-unifi-6-lr-v1")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Before this change UCI sections of both types were parsed in order as
specified in UCI. That didn't work well with all drivers (e.g. b53).
It seems that VLAN setup can reset / overwrite previously set ports
parameters. It resulted in "switch_port" options defined above
"switch_vlan"s being silently ignored.
Ideally swconfig & all drivers should be improved to handle that
properly but it'd be a waste of time at this point as DSA replaces
swconfig. Use this minor parsing change as a quick fix.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
MTS WG430223 is a wireless AC1300 (WiFi 5) router manufactured by
Arcadyan company. It's very similar to Beeline Smartbox Flash (Arcadyan
WG443223).
Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 128 MiB
Flash: 128 MiB (Winbond W29N01HV)
Wireless 2.4 GHz (MT7615DN): b/g/n, 2x2
Wireless 5 GHz (MT7615DN): a/n/ac, 2x2
Ethernet: 3xGbE (WAN, LAN1, LAN2)
USB ports: No
Button: 1 (Reset/WPS)
LEDs: 2 (Red, Green)
Power: 12 VDC, 1 A
Connector type: Barrel
Bootloader: U-Boot (Ralink UBoot Version: 5.0.0.2)
OEM: Arcadyan WG430223
Installation
------------
1. Login to the router web interface (superadmin:serial number)
2. Navigate to Administration -> Miscellaneous -> Access control lists &
enable telnet & enable "Remote control from any IP address"
3. Connect to the router using telnet (default admin:admin)
4. Place *factory.trx on any web server (192.168.1.2 in this example)
5. Connect to the router using telnet shell (no password required)
6. Save MAC adresses to U-Boot environment:
uboot_env --set --name eth2macaddr --value $(ifconfig | grep eth2 | \
awk '{print $5}')
uboot_env --set --name eth3macaddr --value $(ifconfig | grep eth3 | \
awk '{print $5}')
uboot_env --set --name ra0macaddr --value $(ifconfig | grep ra0 | \
awk '{print $5}')
uboot_env --set --name rax0macaddr --value $(ifconfig | grep rax0 | \
awk '{print $5}')
7. Ensure that MACs were saved correctly:
uboot_env --get --name eth2macaddr
uboot_env --get --name eth3macaddr
uboot_env --get --name ra0macaddr
uboot_env --get --name rax0macaddr
8. Download and write the OpenWrt images:
cd /tmp
wget http://192.168.1.2/factory.trx
mtd_write erase /dev/mtd4
mtd_write write factory.trx /dev/mtd4
9. Set 1st boot partition and reboot:
uboot_env --set --name bootpartition --value 0
Back to Stock
-------------
1. Run in the OpenWrt shell:
fw_setenv bootpartition 1
reboot
2. Optional step. Upgrade the stock firmware with any version to
overwrite the OpenWrt in Slot 1.
MAC addresses
-------------
+-----------+-------------------+----------------+
| Interface | MAC | Source |
+-----------+-------------------+----------------+
| label | A4:xx:xx:51:xx:F4 | No MACs was |
| LAN | A4:xx:xx:51:xx:F6 | found on Flash |
| WAN | A4:xx:xx:51:xx:F4 | [1] |
| WLAN_2g | A4:xx:xx:51:xx:F5 | |
| WLAN_5g | A6:xx:xx:21:xx:F5 | |
+-----------+-------------------+----------------+
[1]:
a. Label wasb't found neither in factory nor in other places.
b. MAC addresses are stored in encrypted partition "glbcfg". Encryption
key hasn't known yet. To ensure the correct MACs in OpenWrt, a hack
with saving of the MACs to u-boot-env during the installation was
applied.
c. Default Ralink ethernet MAC address (00:0C:43:28:80:A0) was found in
"Factory" 0xfff0. It's the same for all MTS WG430223 devices. OEM
firmware also uses this MAC when initialazes ethernet driver. In
OpenWrt we use it only as internal GMAC (eth0), all other MACs are
unique. Therefore, there is no any barriers to the operation of several
MTS WG430223 devices even within the same broadcast domain.
Stock firmware image format
---------------------------
The same as Beeline Smartbox Flash but with another trx magic
+--------------+---------------+----------------------------------------+
| Offset | | Description |
+==============+===============+========================================+
| 0x0 | 31 52 48 53 | TRX magic "1RHS" |
+--------------+---------------+----------------------------------------+
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Fix hostapd feature detection after the bump to 2022-05-08.
getopt was not updated correctly after upstream added support for -q arg.
This reenables feature detection so that LuCi can check for features like
SAE, fast roaming etc.
Fixes: c35ff1affe ("hostapd: update to 2022-05-08")
Signed-off-by: Robert Marko <robimarko@gmail.com>
902b321 wireless-regdb: Update regulatory rules for Israel (IL)
20f6f34 wireless-regdb: add missing spaces for US S1G rules
25652b6 wireless-regdb: Update regulatory rules for Australia (AU)
081873f wireless-regdb: update regulatory database based on preceding changes
166fbdd wireless-regdb: add db files missing from previous commit
e3f03f9 Regulatory update for 6 GHz operation in Canada (CA)
888da5f Regulatory update for 6 GHz operation in United States (US)
647bcaa Regulatory update for 6 GHz operation in FI
c6b079d wireless-regdb: update regulatory rules for Bulgaria (BG) on 6GHz
2ed39be wireless-regdb: Remove AUTO-BW from 6 GHz rules
7a6ad1a wireless-regdb: Unify 6 GHz rules for EU contries
68a8f2f wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7e06706 iw: event: report missing radar events
5909e73 iw: survey: add support for radio stats
64bf570 update nl80211.h
0900996 iw: print Radar background capability if supported
56c6077 iw: print out assoc comeback event
a4e5418 iw: support 160MHz frequency command for 6GHz band
5a71b72 iw: Print local EHT capabilities
e3287a1 station: print EHT rate information
ff67fb2 iw: fix double tab in mesh path header
05a5267 iw: fix 'upto' -> 'up to'
00a2985 iw: handle VHT extended NSS
82e0bd1 update nl80211.h
c95877c info: add missing extended features
0976378 info: refactor extended features
79f20cb bump version to 5.19
Sync nl80211.h with our version of mac80211 and remove parts of the iw
code that are not supported by our version of mac80211.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Sync nl80211.h with upstream in order to maintain parity with
nl80211_copy.h shipped with hostapd.
This is necessary, as currently the enum value for
NL80211_EXT_FEATURE_RADAR_BACKGROUND mismatches between hostapd and
mac80211. This breaks background radar capability detection in hostapd.
Reported-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: David Bauer <mail@david-bauer.net>
Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build
the now non-shared package, openvpn will not be selected, and WolfSSL
will be built without it. Then phase2 bots have CONFIG_ALL=y, which
will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This
changes the version hash, causing dependency failures, as shared
packages expect the phase2 hash.
Fixes: #9738
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
libwolfssl-benchmark should NOT be compiled as nonshared but
currently there is a bug where, on buildbot stage2, the package
is recompiled to build libwolfssl-benchmark and the dependency
change to the new libwolfssl version.
Each dependant package will now depend on the new wolfssl package
instead of the one previously on stage1 that has a different package
HASH.
Set the nonshared PKGFLAGS global while this gets investigated
and eventually fixed.
Fixes: 0a2edc2714 ("wolfssl: enable CPU crypto instructions")
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
commit c3a4cddaaf ("hostapd: remove hostapd-hs20 variant")
as well as
commit 9f1927173a ("hostapd: wpas: add missing config symbols")
indicate hostapd-full should support Hotspot 2.0 already, but only
wpa_supplicant (and wpad) do.
How this happened is not really clear, as no commit adding support for
Hotspot 2.0 is in the history.
Fix this and add Hotspot 2.0 capability to hostapd-full.
Signed-off-by: David Bauer <mail@david-bauer.net>
Add the current BSS color to hostapd get_status method. This field is
set to -1 in case BSS color is not active for the BSS.
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
In case no specific BSS color is configured, set it to a random value.
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
Update hostapd to Git HEAD from 2022-05-08. This allows us to take
advantage of background radar-detection as well as BSS color collision
detection.
Suggested-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
This patch allows the user to set `auth_server` and related settings on
non WPA2 Enterprise AP modes in `/etc/config/wireless`, too, so the
Radius Attributes for Dynamic VLAN Assignment can be fetched from Radius.
Without this patch, `auth_server` and other needed options are only
written to `hostapd-phy<n>.conf` when `option encryption wpa2` is set.
`hostapd` however supports "Station MAC address -based authentication" for
non WPA Enterprise Modes, too.
A classic approch is to use `accept_mac_file` which contains MAC addr
and VLAN-ID pairs. But, using `accept_mac_file` does not support
VLAN assignment for unknown stations.
This is a sample `freeradius3` config, where a known station
("7e:a6:a7:2a:93:d2") is assigned to VLAN `65` and unknown stations are
assigned to VLAN `67`.
```
"7ea6a72a93d2" Cleartext-Password := "7ea6a72a93d2"
Tunnel-Type = "VLAN",
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Private-Group-Id = 65
DEFAULT Cleartext-Password := "%{User-Name}"
Tunnel-Type = "VLAN",
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Private-Group-Id = 67
```
Other option is to configure known stations via `accept_mac_file` and
using only Radius for unknown stations.
I tested this patch only with `wpa_key_mgmt=WPA-PSK`, and assumed that
it should work with other Encryption/Access Mode, too.
Signed-off-by: Bernd Naumann <bernd.naumann@kr217.de>
This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures. Add this to the hardware acceleration choice, since they
can't be enabled at the same time.
The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them. There is no run-time detection of this for arm.
NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Enabling different hardware crypto acceleration should not change the
library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in.
Patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800, x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
The ZyXEL GS1900-24E is a 24 port gigabit switch similar to other GS1900
switches.
Specifications
--------------
* Device: ZyXEL GS1900-24E
* SoC: Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash: 16 MiB Macronix MX25L12835F
* RAM: 128 MiB DDR2 SDRAM Nanya NT5TU128M8GE
* Ethernet: 24x 10/100/1000 Mbps
* LEDs: 1 PWR LED (green, not configurable)
1 SYS LED (green, configurable)
24 ethernet port link/activity LEDs (green, SoC controlled)
* Buttons: 1 "RESET" button on front panel
* Switch: 1 Power switch on rear of device
* Power 120-240V AC C13
* UART: 1 serial header (JP2) with populated standard pin connector on
the left side of the PCB.
Pinout (front to back):
+ Pin 1 - VCC marked with white dot
+ Pin 2 - RX
+ Pin 3 - TX
+ PIn 4 - GND
Serial connection parameters: 115200 8N1.
Installation
------------
OEM upgrade method:
* Log in to OEM management web interface
* Navigate to Maintenance > Firmware
* Select the HTTP radio button
* Select the Active radio button
* Use the browse button to locate the
realtek-rtl838x-zyxel_gs1900-24e-initramfs-kernel.bin
file and select open so File Path is updated with filename.
* Select the Apply button. Screen will display "Prepare
for firmware upgrade ...".
*Wait until screen shows "Do you really want to reboot?"
then select the OK button
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/realtek-rtl838x-zyxel_gs1900-24e-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
* Since the GS1900-24E is a dual-partition device, you want to keep the OEM
firmware on the backup partition for the time being. OpenWrt can only boot
from the first partition anyway (hardcoded in the DTS). To make sure we are
manipulating the first partition, issue the following commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-rtl838x-zyxel_gs1900-24e-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24e-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
Signed-off-by: Raylynn Knight <rayknight@me.com>
All known users of this ubus method have been updated to use the new
bss_transition_request method instead.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Major changes are:
Add support for smbd-direct multi-desctriptor.
Add support for dkms.
Add support for key exchange.
Fix seveal bugs.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This patch adds support for Linksys WHW01 v1 ("Velop") [FCC ID Q87-03331].
Specification
-------------
SOC: Qualcomm IPQ4018
WiFi 1: Qualcomm QCA4019 IEEE 802.11b/g/n
WiFi 2: Qualcomm QCA4019 IEEE 802.11a/n/ac
Bluetooth: Qualcomm CSR8811 (A12U)
Ethernet: Qualcomm QCA8072 (2-port)
SPI Flash 1: Mactronix MX25L1605D (2MB)
SPI Flash 2: Winbond W25M02GV (256MB)
DRAM: Nanya NT5CC128M16IP-DI (256MB)
LED Controller: NXP PCA963x (I2C)
Buttons: Single reset button (GPIO).
Notes
-----
There does not appear to be a way to trigger TFTP recovery without entering
U-Boot. The device must be opened to access the serial console in order to
first flash OpenWrt onto a device from factory.
The device has automatic recovery backed by a second set of partitions on
the larger of the two SPI flash ICs. Both the primary and secondary must
be flashed to prevent accidental rollback to "factory" after 3 failed boot
attempts.
Serial console
--------------
A serial console is available on the following pins of the populated J2
connector on the device mainboard (115200 8n1).
(<-- Top of PCB / Device)
J2
[o o o o o o]
| | |
| | `-- GND
| `---- TX
`--------- RX
Installation instructions
-------------------------
1. Setup TFTP server with server IP set to 192.168.1.236.
2. Copy compiled `...squashfs-factory.bin` to `nodes-jr.img` in tftp root.
3. Connect to console using pinout detailed in the serial console section.
4. Power on device and press enter when prompted to drop into U-Boot.
5. Flash first partition device via `run flashimg`.
6. Once complete, reset device and allow to power up completely.
7. Once comfortable with device upgrade reboot and drop back into U-Boot.
8. Flash the second partition (recovery) via `run flashimg2`.
Revert to "factory"
-------------------
1. Download latest firmware update from vendor support site.
2. Copy extracted `.img` file to `nodes-jr.img` in tftp root.
3. Connect to console using pinout detailed in the serial console section.
4. Power on device and press enter when prompted to drop into U-Boot.
5. Flash first partition device via `run flashimg`.
6. Once complete, reset device and allow to power up completely.
7. Once comfortable with device upgrade reboot and drop back into U-Boot.
8. Flash the second partition (recovery) via `run flashimg2`.
Link: https://github.com/openwrt/openwrt/pull/3682
Signed-off-by: Peter Adkins <peter@sunkenlab.com>
(calibration from nvmem, updated to 5.10+5.15)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Make ar8216/8327 swconfig driver modularizable and add
entry to the netdevices.mk kernel modules file.
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
latency and short-term fairness is improved by fixing the tx queue sorting
so that it considers the pending AQL budget
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Needed by strongSwan IPsec VPN for strongswan-mod-chapoly. Not to be confused with
kmod-crypto-LIB-chacha20poly1305, which is an 8-byte nonce version used
by wireguard.
Signed-off-by: Xu Wang <xwang1498@gmx.com>
Aruba deploys a BDF in the root filesystem, however this matches the one
used for the DK04 reference board.
The board-specific BDFs are built into the kernel. The AP-365 shows
sinificant degraded performance with increased range when used with the
reference BDF.
Replace the BDF with the one extracted from Arubas kernel.
Signed-off-by: David Bauer <mail@david-bauer.net>
2f793a4 lua: add optional path filter to objects() method
2bebf93 ubusd: handle invoke on event object without data
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2e1fcf4 netifd: fix hwmode for 60g band
39ef9fe interface-ip: fix memory corruption bug when using jail network namespaces
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
557c98e init: selinux: don't relabel virtual filesystems
7a00968 init: only relabel rootfs if started from initramfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
210991d fw4: prefer /dev/stdin if available
4e5e322 fw4: make `fw4 restart` behavior more robust
221040e ruleset: emit time ranges when both start and stop times are specified
30a7d47 fw4: fix datetime parsing
fb9a6b2 ruleset: correct mangle_output chain type
6dd2617 fw4: fix logic flaw in testing hw flow offloading support
c7c9c84 fw4: ensure that negative bitcounts are properly translated
c4a78ed fw4: fix typo in emitted set types
Fixes: #9764, #9923, #9927, #9935, #9955
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add ieee80211_rx_check_bss_color_collision routine in order to introduce
BSS color collision detection in mac80211 if it is not supported in HW/FW
(e.g. for mt7915 chipset).
Add IEEE80211_HW_DETECTS_COLOR_COLLISION flag to let the driver notify
BSS color collision detection is supported in HW/FW. Set this for ath11k
which apparently didn't need this code.
Tested-by: Peter Chiu <Chui-Hao.Chiu@mediatek.com>
Co-developed-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Link: https://lore.kernel.org/r/a05eeeb1841a84560dc5aaec77894fcb69a54f27.1648204871.git.lorenzo@kernel.org
[clarify commit message a bit, move flag to mac80211]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Buidbots are currently choking on the following compile error:
In file included from tools/aisimage.c:9:
include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory
# include <openssl/evp.h>
^~~~~~~~~~~~~~~
compilation terminated.
This is caused by a complete overriding of make flags which are provided
correctly in `UBOOT_MAKE_FLAGS` variable, but currently overriden
instead of extended. This then leads to the usage of build host include
dirs, which are not available.
Fix it by extending `UBOOT_MAKE_FLAGS` variable in all device recipes.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Original patch: https://github.com/cifsd-team/ksmbd-tools/issues/227
adapted for ksmbd kernel module v3.4.3 by me.
Fixes crash in v3.4.3 only. Use original patch when updating to v3.4.4
as this one will fail hunk #1.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
4b4849cf5e5a interface-ip: unify host and proto route handling
507c0513d176 interface-ip: add support for excluding interfaces in host route lookup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
86ca9c6 devstatus: prints to terminal
95de949 deal with /rom/dev/console label inconsistencies
ab6b6ee uci: hack to deal with potentially mislabeled char files
acf9172 dnsmasq this can't be right
021db5b luci-app-tinyproxy
cf3a9c4 support/secmark: removes duplicate loopback rules
eeb2610 dhcp servers: recv dhcp client packets
d5a5fc3 more support/secmark "fixes"
35d8604 update support secmark
4c155c0 packets these were caused by labeling issues with loopback
fad35a5 nftables reads routing table
f9c5a04 umurmur: kill an mumur instance that does not run as root
10a10c6 mmc stordev make this consistent
ab3ec5b Makefile: sort with LC_ALL=C
b34eaa5 fwenv rules
8c2960f adds rfkill nodedev and some mmc partitions to stordev
5a9ffe9 rcboot runs fwenv with a transition
9954bf6 dnsmasq in case of tcp
ab66468 dnsmasq try this
5bfcb88 dnsmasq stubby not sure why this is happening
863f549 luci not sure why it recv and send server packets
d5cddb0 uhttpd sends sigkill luci cgi
44cc04d stubby: it does not maintain anything in there
db730b4 Adds stubby
ccbcf0e tor simplify network access
a308065 tor basic
a9c0163 znc loose ends
327a9af acme: allow acme_cleanup.sh to restart znc
4015614 basic znc
7ef14a2 support/secmark: clarify some things
3107afe README: todo qrencode
943035a README and secmark doc
4c90937 ttyd: fix that socket leak again
3239adf dnsmasq icmp packets and fix a tty leak issue
b41d38f Makefile: optimize
95d05b1 sandbox dontaudit ttyd leak
0b7d670 rpcd: reads mtu
e754bf1 opkg-lists try this
35fb530 opkg-lists: custom
4328754 opkg try to address mislabeled /tmp/opkg-lists
3e2385c rcnftqos
95eae2d ucode
c86d366 luci diagnostics
e10b443 rpcd packets and wireguard/luci
a25e020 igmpproxt packets
0106f00 luci
dcef79c nftqos related
3c9bc90 related to nft-qos and luci
f8502d4 dnsmasq more related to /usr/lib/dnsmasq/dhcp-script.sh
29a4271 dnsmasq: related to /usr/lib/dnsmasq/dhcp-script.sh
0c5805a some nft-qos
1100b41 adds a label for /tmp/.ujailnoafile
e141a83 initscript: i labeled ujail procd.execfile
a3b0302 Makefile: adds a default target + packets target
6a3f8ef label usign as opkg and label fwtool and sysupgrade
04d1cc7 sysupgrade: i meant don't do the fc spec
763bec0 sysupgrade: dont do /tmp/sysupgrade.img
af2306f adds a failsafe.tmpfile and labels validate_firmware_image
5b15760 fwenv: comment doesnt make sense
370ac3b fwenv: executes shell
67e3fcb fwenv: adds fw_setsys
544d211 adds procd execfile module to label procd related exec files
99d5f13 rclocalconffile: treat /etc/rc.button like /etc/rc.local
4dfd662 label uclient-fetch the same as wget
75d8212 osreleasemiscfile: adds /etc/device_info
0c1f116 adds a rcbuttonconffile for /etc/rc.button (base-files)
ccd23f8 adds a syslog.conffile for /etc/syslog.conf (busybox)
f790600 adds a libattr.conffile for /etc/xattr.conf
fcc028e fwenv: adds fwsys
1255470 xtables: various iptables alternatives
a7c4035 Revert "sqm: runs xtables, so also allow nftables"
0d331c3 sqm: runs xtables, so also allow nftables
f34076b acme: will run nftables in the near future
6217046 allow ssl.read types to read /tmp/etc/ssl/engines.cnf
d0deea3 fixes dns packets
8399efc Revert "sandbox: see if dontauditing this affects things"
73d716a sandbox: see if dontauditing this affects things
b5ee097 sandbox: also allow readinherited dropbear pipes
12ee46b iwinfo traverses /tmp/run/wpa_supplicant
4a4d724 agent.cil: also reads inherited dropbear pipes
d48013f support/secmark: i tightened my dns packet policy
645ad9e dns packets redone
4790b25 dnsnetpacket: fix obj macro template
d9fafff redo dns packets
0a68498 ttyd: leaks a netlink route socket
1d2e6be .gitattributes: remove todo
e1bb954 usbutil: reads bus sysfile symlinks
d275a32 support/secmark: clean it up a little
af5ce12 Makefile: exclude packet types in default make target
3caacdf support/secmark: document tunable/boolean
e3dd3e6 invalidpacketselinuxbool: make it build-time again
54f0ccf odhcpd packet fix
4a864ba contrib/secmark: add a big FAT warning
bead937 contrib/secmark: adds note about secmark support
146ae16 netpacket remove test
2ce9899 dns packets, odhcp6c raw packet, 4123 ntpnts for netnod
070a45f chrony and unbound packets
eba894f rawip socket packets cannot be labeled
656ae0b adds isakmp (500), ipsec-nat-t (4500) and rawip packet types
35325db adds igmp packet type
5cf444c adds icmp packet type
2e41304 sandbox some more packet access for sandbox net
12caad6 packet accesses
b8eb9a8 adds a trunkload of packet types
a42a336 move rules related to invalid netpeers and ipsec associations
a9e40e0 xtables/nftables allow relabelto all packet types
aa5a52c README: adds item to wish list
3a96eec experiment: simple label based packet filtering
26d6f95 nftables reads/writes fw pipes
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
c22eeef fw4: support negative CIDR bit notation
628d791 hotplug: reliably handle interfaces with ubus zone hints
d005293 fw4: store zone associations from ubus in statefile as well
b268225 fw4: filter non hw-offload capable devices when resolving lower devices
57984e0 fw4: always resolve lower flowtable devices
7782017 tests: fix mocked `fd.read("line")` api
72b196d config: remove restictions on DHCPv6 allow rule
f0cc317 fw4: refactor family selection for forwarding rules
b0b8122 treewide: use modern syntax
05995f1 fw4: fix emitting device jump rules for family restricted zones
b479815 fw4: fix family auto-selection for config nat rules
2816a82 ruleset: ensure that family-agnostic ICMP rules cover ICMPv6 as well
2379c3d tests: add test coverage for zone family selection logic
Fixes: #5066, #9611, #9765, #9854
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Since we now provide the BDF-s for MikroTik IPQ40xx devices on the fly,
there is noneed to include package and ship them like we do now.
This also resolves the performance issues that happen as MikroTik
changes the boards and ships them under the same revision but they
actually ship with and require a different BDF.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Some ath10k IPQ40xx devices like the MikroTik hAP ac2 and ac3 require the
BDF-s to be extracted from the device storage instead of shipping packaged
API 2 BDF-s.
This is required as MikroTik has started shipping boards that require BDF-s
to be updated, as otherwise their WLAN performance really suffers.
This is however impossible as the devices that require this are release under
the same revision and its not possible to differentiate them from devices
using the older BDF-s.
In OpenWrt we are extracting the calibration data during runtime and we are
able to extract the BDF-s in the same manner, however we cannot package the
BDF-s to API 2 format on the fly and can only use API 1 to provide BDF-s on
the fly.
This is an issue as the ath10k driver explicitly looks only for the board.bin
file and not for something like board-bus-device.bin like it does for pre-cal
data.
Due to this we have no way of providing correct BDF-s on the fly, so lets
extend the ath10k driver to first look for BDF-s in the board-bus-device.bin
format, for example: board-ahb-a800000.wifi.bin
If that fails, look for the default board file name as defined previously.
So, backport the upstream ath10k patch.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Update ath10k-ct to the latest version which includes the backported
ath10k commit for requesting API 1 BDF-s with a unique name like caldata.
Signed-off-by: Robert Marko <robimarko@gmail.com>
HOST_LOADLIBES was renamed to KBUILD_HOSTLDLIBS in kernel 4.19. As the
oldest kernel version we support is 5.10, cleanup HOST_LOADLIBES use.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The upcoming dwarves host package requires elfutils. As dependencies for
tools must exist in tools, we need to move elfutils host build there.
As there is at least one package that depends on this, and there is no
proper way to create such dependency in the build system, build it
unconditionally when not building on macOS.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This is mostly a bug fix release, including two that were already
patched here:
- 300-fix-SSL_get_verify_result-regression.patch
- 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This release comes with a security fix related to c_rehash. OpenWrt
does not ship or use it, so it was not affected by the bug.
There is a fix for a possible crash in ERR_load_strings() when
configured with no-err, which OpenWrt does by default.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Compiles faster, is PIC by default, and does not have pkgconfig files
with wrong paths.
Add various fixes to it as it seems cross compilation was never tested.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
f2d6752901f2 blob: clear buf->head when freeing a buffer
45210ce14136 list.h: add container_of_safe macro
cfa372ff8aed blobmsg: implicitly reserve space for 0-terminator in string buf alloc
d2223ef9da71 blobmsg: work around false positive gcc -Warray-bounds warnings
Signed-off-by: Felix Fietkau <nbd@nbd.name>
From Andreas Böhler:
"Some revisions of the FRITZ!7530 use a Toshiba NAND with 8 bit ECC
in contrast to the Macronix NAND with 4 bit ECC.".
Uboot needs to know this in order to have a chance to load from
the NAND.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Kalle Valo managed to add the qca9980's boardfile in the
upstream repository. Sourcing the file from his repository
is no longer needed.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The ZyXEL GS1900-16 is a 16 port gigabit switch similar to other GS1900 switches.
Specifications
--------------
* Device: ZyXEL GS1900-16
* SoC: Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash: 16 MiB Macronix MX25L12835F
* RAM: 128 MiB DDR2 SDRAM Nanya NT5TU128M8HE
* Ethernet: 16x 10/100/1000 Mbps
* LEDs: 1 PWR LED (green, not configurable)
1 SYS LED (green, configurable)
16 ethernet port link/activity LEDs (green, SoC controlled)
* Buttons: 1 "RESET" button on front panel
* Power 120-240V AC C13
* UART: 1 serial header (J12) with populated standard pin connector on
the right back of the PCB.
Pinout (front to back):
+ Pin 1 - VCC marked with white dot
+ Pin 2 - RX
+ Pin 3 - TX
+ PIn 4 - GND
Serial connection parameters: 115200 8N1.
Installation
------------
OEM upgrade method:
* Log in to OEM management web interface
* Navigate to Maintenance > Firmware
* Select the HTTP radio button
* Select the Active radio button
* Use the browse button to locate the
realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin
file amd select open so File Path is update with filename.
* Select the Apply button. Screen will display "Prepare
for firmware upgrade ...".
*Wait until screen shows "Do you really want to reboot?"
then select the OK button
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
* Since the GS1900-16 is a dual-partition device, you want to keep the OEM
firmware on the backup partition for the time being. OpenWrt can only boot
from the first partition anyway (hardcoded in the DTS). To make sure we are
manipulating the first partition, issue the following commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/openwrt-realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
Signed-off-by: Raylynn Knight <rayknight@me.com>
[removed duplicate patch title, align RAM specification]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
With 5.4 out of the picture, remove LINUX_5_10 here. This is
needed for the WNDR4700 as otherwise kmod-usb3 isn't available
for 5.15.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
upstream linux have these watchdogs locked behind X86.
These will not build on other architectures. So move them
to target/linux/x86/modules.mk
drivers/watchdog/Kconfig:
|config F71808E_WDT
| tristate "Fintek F718xx, F818xx Super I/O Watchdog"
| depends on X86
|[...]
|config IT87_WDT
| tristate "IT87 Watchdog Timer"
| depends on X86
|[...]
|config ITCO_WDT
| tristate "Intel TCO Timer/Watchdog"
| depends on (X86 || IA64) && PCI
|[...]
|config W83627HF_WDT
| tristate "Watchdog timer for W83627HF/W83627DHG and compatibles"
| depends on X86
|[...]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
the Intel i6300esb is QEMU's default watchdog. And unlike
the real "Intel i6300ESB I/O Controller hub" hardware, the
i6300esb watchdog driver works on non-x86 targets like for
ARM (armvirt 32bit) and potentially virtual PowerPC and MIPS
targets (if there was any).
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Hardware specs:
SoC: Qualcomm IPQ8065 (dual core Cortex-A15)
RAM: 512 MB DDR3
Flash: 256 MB NAND, 32 MB NOR
WiFi: QCA9983 2.4 GHz, QCA9984 5 GHz
Switch: QCA8337
Ethernet: 5x 10/100/1000 Mbit/s
USB: 1x USB 3.0 Type-A
Buttons: WPS, Reset
Power: 12 VDC, 2.5 A
Ethernet ports:
1x WAN: connected to eth2
4x LAN: connected via the switch to eth0 and eth1
(eth0 is disabled in OEM firmware)
MAC addresses (OEM and OpenWrt):
fw_env @ 0x00 d4🆎82:??:??:?a LAN (eth1)
fw_env @ 0x06 d4🆎82:??:??:?b WAN (eth2)
fw_env @ 0x0c d4🆎82:??:??:?c WLAN 2.4 GHz (ath1)
fw_env @ 0x12 d4🆎82:??:??:?d WLAN 5 GHz (ath0)
fw_env @ 0x18 d4🆎82:??:??:?e OEM usage unknown (eth0 in OpenWrt)
OID d4🆎82 is registered to:
ARRIS Group, Inc., 6450 Sequence Drive, San Diego CA 92121, US
More info:
https://openwrt.org/inbox/toh/arris/tr4400_v2
IMPORTANT:
This port requires moving the 'fw_env' partition prior to first boot to
consolidate 70% of the usable space in flash into a contiguous partition.
'fw_env' contains factory-programmed MAC addresses, SSIDs, and passwords.
Its contents must be copied to 'rootfs_1' prior to booting via initramfs.
Note that the stock 'fw_env' partition will be wiped during sysupgrade.
A writable 'stock_fw_env' partition pointing to the old, stock location
is included in the port to help rolling back this change if desired.
Installation:
- Requires serial access and a TFTP server.
- Fully boot stock, press ENTER, type in:
mtd erase /dev/mtd21
dd if=/dev/mtd22 bs=128K count=1 | mtd write - /dev/mtd21
umount /config && ubidetach -m 23 && mtd erase /dev/mtd23
- Reboot and interrupt U-Boot by pressing a key, type in:
set mtdids 'nand0=nand0'
set mtdparts 'mtdparts=nand0:155M@0x6500000(mtd_ubi)'
set bootcmd 'ubi part mtd_ubi && ubi read 0x44000000 kernel && bootm'
env save
- Setup TFTP server serving initramfs image as 'recovery.bin', type in:
set ipaddr 192.168.1.1
set serverip 192.168.1.2
tftpboot recovery.bin && bootm
- Use sysupgrade to install squashfs image.
This port is based on work done by AmadeusGhost <amadeus@jmu.edu.cn>.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
[add 5.15 changes for 0069-arm-boot-add-dts-files.patch]
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Add NVRAM quirks script for the bcm53xx target. Split NVRAM quirks for the
bcm47xx and bcm53xx targets. Move clear partialboot NVRAM quirk for Linksys
EA9500 here. Add set wireless LED behaviour quirk for Asus RT-AC88U.
Use boot() instead of start() as nvram commands are meant to be executed
only once, at boot.
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.
Fixes: #5066
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Stop the connection when the control daemon is terminated. The code is
a modified version of the termination routine in version 4.23.1 of the
daemon (which doesn't support VR9 modems anymore).
This could also be implemented by calling the acos and acs commands via
dsl_cpe_pipe.sh in the init script. However, doing it in the daemon
itself has the advantage of also working if it is terminated in another
way (for example during sysupgrade).
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
The driver maintains elapsed times by repeatedly accumulating the time
since the previous update in a loop. For the elapsed showtime time, the
time difference is truncated to seconds before adding it, leading to a
sizable error over time.
Move the truncation to before calculation of the time difference in
order to remove this error. Also maintain the total elapsed time in the
same way in full seconds, to prevent the unsigned 32-bit counter from
wrapping around after about 50 days.
Testing on a VR9 device shows that the reported line uptime now matches
the actual elapsed wall time. The ADSL variant is only compile-tested,
but it should also work as the relevant code is identical.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Right now, both ltq-adsl-mei and ltq-vdsl-mei are always built, even
when they aren't necessary for the selected variant. This can cause the
build to fail, for example ltq-vdsl-mei doesn't build successfully here
on xway target due to the vectoring callback.
Make these dependencies conditional on the specific package variants,
so they are only built when actually needed.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>