* tools: add wincompat layer to wg(8)
Consistent with a lot of the Windows work we've been doing this last cycle,
wg(8) now supports the WireGuard for Windows app by talking through a named
pipe. You can compile this as `PLATFORM=windows make -C src/tools` with mingw.
Because programming things for Windows is pretty ugly, we've done this via a
separate standalone wincompat layer, so that we don't pollute our pretty *nix
utility.
* compat: udp_tunnel: force cast sk_data_ready
This is a hack to work around broken Android kernel wrapper scripts.
* wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel
FreeBSD had a number of kernel race conditions, some of which we can vaguely
work around. These are in the process of being fixed upstream, but probably
people won't update for a while.
* wg-quick: make darwin and freebsd path search strict like linux
Correctness.
* socket: set ignore_df=1 on xmit
This was intended from early on but didn't work on IPv6 without the ignore_df
flag. It allows sending fragments over IPv6.
* qemu: use newer iproute2 and kernel
* qemu: build iproute2 with libmnl support
* qemu: do not check for alignment with ubsan
The QEMU build system has been improved to compile newer versions. Linking
against libmnl gives us better error messages. As well, enabling the alignment
check on x86 UBSAN isn't realistic.
* wg-quick: look up existing routes properly
* wg-quick: specify protocol to ip(8), because of inconsistencies
The route inclusion check was wrong prior, and Linux 5.1 made it break
entirely. This makes a better invocation of `ip route show match`.
* netlink: use new strict length types in policy for 5.2
* kbuild: account for recent upstream changes
* zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2
The usual churn of changes required for the upcoming 5.2.
* timers: add jitter on ack failure reinitiation
Correctness tweak in the timer system.
* blake2s,chacha: latency tweak
* blake2s: shorten ssse3 loop
In every odd-numbered round, instead of operating over the state
x00 x01 x02 x03
x05 x06 x07 x04
x10 x11 x08 x09
x15 x12 x13 x14
we operate over the rotated state
x03 x00 x01 x02
x04 x05 x06 x07
x09 x10 x11 x08
x14 x15 x12 x13
The advantage here is that this requires no changes to the 'x04 x05 x06 x07'
row, which is in the critical path. This results in a noticeable latency
improvement of roughly R cycles, for R diagonal rounds in the primitive. As
well, the blake2s AVX implementation is now SSSE3 and considerably shorter.
* tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES
System integrators can now specify things like
WG_ENDPOINT_RESOLUTION_RETRIES=infinity when building wg(8)-based init
scripts and services, or 0, or any other integer.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The R6220 and WNDR3700v5 are identical apart from using NAND/NOR flash and
having a different casing. This adds a new cleaned up R6220.dtsi with the
common bits for both devices. Both devices now have feature parity.
Performed cleanup:
* generic DTS node names
* regulator for usb power
* added missing pinctrl groups
* use switch port instead of VLAN as trigger for WAN LED
Fixes for WNDR3700v5:
* all LEDS work
* correct ethernet MAC addresses
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
- SoC: MediaTek MT7628AN
- Flash: 16MB (Winbond W25Q128JV)
- RAM: 64MB
- Serial: As marked on PCB, 3V3 logic, baudrate is 115200
- Ethernet: 3x 10/100 Mbps (switched, 2x LAN + WAN)
- WIFI0: MT7628AN 2.4GHz 802.11b/g/n
- WIFI1: MT7612EN 5GHz 802.11ac
- Antennas: 4x external (2 per radio), non-detachable
- LEDs: Programmable power-LED (two-colored, yellow/blue)
Non-programmable internet-LED (shows WAN-activity)
- Buttons: Reset
INSTALLATION:
1. Connect to the serial port of the router and power it up.
If you get a prompt asking for boot-mode, go to step 3.
2. Unplug the router after
> Erasing SPI Flash...
> raspi_erase: offs:20000 len:10000
occurs on the serial port. Plug the router back in.
3. At the prompt select option 2 (Load system code then
write to Flash via TFTP.)
4. Enter 192.168.1.1 as the device IP and 192.168.1.2 as the
Server-IP.
5. Connect your computer to LAN1 and assign it as 192.168.1.2/24.
6. Rename the sysupgrade image to test.bin and serve it via TFTP.
7. Enter test.bin on the serial console and press enter.
Signed-off-by: Markus Scheck <markus@mscheck.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[added mt76 compatible]
Adds support to && operand in DEPENDS. Also, fixes generation of ||
dependencies by scripts/package-metadata.pl.
The precedence order from higher to lower is && then ||. Use of
parentheses to change the order is not supported. As before, they are
silently ignored. Use them for readability only.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
Highlights of this version:
- Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
- Fix OPENSSL_config bug (patch removed)
- Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
- Enable SHA3 pre-hashing for ECDSA and DSA
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
In ar71xx v2 has blue color defined because the same mach-*.c is also used
for TL-WDR4900 model with blue leds. ath79 v2 dts defines them as green.
For v4 the situation is the same as v5 so the conversion is identical only
v4 instead v5.
So now upgrading from ar71xx to ath79 should be also smoother for v2 and v4.
Signed-off-by: David Santamaría Rogado <howl.nsp@gmail.com>
Cudy WR1200 is an AC1200 AP with 3-port FE and 2 non-detachable antennas
Specifications:
MT7628 (580 MHz)
64 MB of RAM (DDR2)
8 MB of FLASH
2T2R 2.4 GHz (MT7628)
2T2R 5 GHz (MT7612E)
3x 10/100 Mbps Ethernet (2 LAN + 1 WAN)
2x external, non-detachable antennas (5dbi)
UART header on PCB (57600 8n1)
7x LED, 2x button
Known issues:
The Power LED is always ON, probably because it is connected
directly to power.
Flash instructions
------------------
Load the ...-factory.bin image via the stock web interface.
Openwrt upgrade instructions
----------------------------
Use the ...-sysupgrade.bin image for future upgrades.
Revert to stock FW
------------------
Warning! This tutorial will work only with the following OEM FW:
WR1000_EU_92.122.2.4987.201806261618.bin
WR1000_US_92.122.2.4987.201806261609.bin
If in the future these firmwares will not be available anymore,
you have to find the new XOR key.
1) Download the original FW from the Cudy website.
(For example WR1000_EU_92.122.2.4987.201806261618.bin)
2) Remove the header.
dd if="WR1000_EU_92.122.2.4987.201806261618.bin" of="WR1000_EU_92.122.2.4987.201806261618.bin.mod" skip=8 bs=64
3) XOR the new file with the region key.
FOR EU: 7B76741E67594351555042461D625F4545514B1B03050208000603020803000D
FOR US: 7B76741E675943555D5442461D625F454555431F03050208000603060007010C
You can use OpenWrt's tools/firmware-utils/src/xorimage.c tool for this:
xorimage -i WR1000..bin.mod -o stock-firmware.bin -x -p 7B767..
Or, you can use this tool (CHANGE THE XOR KEY ACCORDINGLY!):
https://gchq.github.io/CyberChef/#recipe=XOR(%7B'option':'Hex','string':''%7D,'',false)
4) Check the resulting decrypted image.
Check if bytes from 0x20 to 0x3f are:
4C 69 6E 75 78 20 4B 65 72 6E 65 6C 20 49 6D 61 67 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Alternatively, you can use u-boot's tool dumpimage tool to check
if the decryption was successful. It should look like:
# dumpimage -l stock-firmware.bin
Image Name: Linux Kernel Image
Created: Tue Jun 26 10:24:54 2018
Image Type: MIPS Linux Kernel Image (lzma compressed)
Data Size: 4406635 Bytes = 4303.35 KiB = 4.20 MiB
Load Address: 80000000
Entry Point: 8000c150
5) Flash it via forced firmware upgrade and don't "Keep Settings"
CLI: sysupgrade -F -n stock-firmware.bin
LuCI: make sure to click on the "Keep settings" checkbox
to disable it. You'll need to do this !TWICE! because
on the first try, LuCI will refuse the image and reset
the "Keep settings" to enable. However a new
"Force upgrade" checkbox will appear as well.
Make sure to do this very carefully!
Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[added wifi compatible, spiffed-up the returned to stock instructions]
The first version of this script allowed just 4Mb factory images.
With this patch is possible to set the maximum size of the payload.
For an 8Mb flash, the corresponding maxsize is:
8 * 1024 * 1024 - 5 * 64 * 1024 = 8388608 - 327680 = 8060928
If the -m argument is not set, the default maximum size will be
used for backward compatibility.
Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
This patch fixes the active_low setting and
converts all of the physical keys on the wndr4700
to utilize the interrupt-driven gpio-keys driver
over the polled version.
The sdcard-insertion hack has been removed since the
block-subsystem will now be polling the device instead.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Upstream Linux's input gpio-keys driver supports
specifying a external interrupt for a gpio via the
'interrupts' properties as well as having support
for software debounce.
This patch ports these features to OpenWrt's event
version. Only the "pure" interrupt-driven support is
left behind, since this goes a bit against the "gpio"
in the "gpio-keys" and I don't have a real device to
test this with.
This patch also silences the generated warnings showing
up since 4.14 due to the 'constification' of the
struct gpio_keys_button *buttons variable in the
upstream struct gpio_keys_platform_data declaration.
gpio-button-hotplug.c: In function 'gpio_keys_get_devtree_pdata':
gpio-button-hotplug.c:392:10: warning: assignment discards 'const'
qualifier from pointer target type [-Wdiscarded-qualifiers]
button = &pdata->buttons[i++];
^
gpio-button-hotplug.c: In function 'gpio_keys_button_probe':
gpio-button-hotplug.c:537:12: warning: assignment discards 'const'
qualifier from pointer target type [-Wdiscarded-qualifiers]
bdata->b = &pdata->buttons[i];
^
gpio-button-hotplug.c: In function 'gpio_keys_probe':
gpio-button-hotplug.c:563:37: warning: initialization discards 'const'
qualifier from pointer target type [-Wdiscarded-qualifiers]
struct gpio_keys_button *button = &pdata->buttons[i];
^
Acked-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Upstream PPP project has added in commit 8e77984 options to tune discovery
timeout and attempts in the rp-pppoe plugin.
Expose these options in the uci datamodel for pppoe:
padi_attempts: Number of discovery attempts
padi_timeout: Initial timeout for discovery packets in seconds
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
It is not always necessary to add a host route for the gre peer address.
This introduces a new config option 'nohostroute' (similar to the
option introduced for wireguard in d8e2e19) to allow to disable
the creation of those routes explicitely.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
This version bump contains the following commit to fix FS#2222
3b3e368 uclient-http: set data_eof when content-length is 0
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This adds support for kernel 4.14 to the target and directly make it the
default kernel version to use.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Sandeep Sheriker <sandeepsheriker.mallikarjun@microchip.com>
Instead of maintaining 3 very similar subtargets merge them into one.
This does not use the Arm NEON extension any more, because the SAMA5D3
does not support NEON.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Sandeep Sheriker <sandeepsheriker.mallikarjun@microchip.com>
This removes some settings which are normally set by the generic
configuration and should not be changed.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Sandeep Sheriker <sandeepsheriker.mallikarjun@microchip.com>
The configuration of the sama5d4 subtarget was used as the default
configuration and then the subtarget configurations were adapted.
The resulting kernel configuration without any extra modules selected is
still the same.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Sandeep Sheriker <sandeepsheriker.mallikarjun@microchip.com>
The restart button is currently assigned to KEY_POWER power script but
an easily accessible button immediately powering off the device is
undesirable. Switch to using new KEY_POWER2 reboot script with 5 second
seen delay.
Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.
As KEY_RESTART is already used for reset script (and there's no
KEY_REBOOT in Linux input events), use KEY_POWER2 for rebooting via new
reboot script with 5 second seen delay.
Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.
As KEY_RESTART is already used for reset script (and there's no
KEY_REBOOT in Linux input events), use KEY_POWER2 for rebooting via new
reboot script with 5 second seen delay.
Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.
Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
ade00ca585a4 container: fix .dockerenv stat check
385b904b2f0a hotplug: improve error message during group ownership change
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Add upstream patch from:
https://git.busybox.net/busybox/commit/?id=028c5aa18b5273c029f0278232d922ee1a164de6
The patch fixes a problem with an infinite loop causing 100% CPU usage
when running the following command /lib/preinit/10_indicate_preinit
without the CAP_NET_ADMIN capability (such as in Docker):
ip -4 address flush dev $pi_ifname
Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patch]
This patch fixes following missing bits:
- add missing 'compatible' property on firmware partition
- set vendor partition 'userconfig' read-only
Fixes: 30dcbc741d ("ath79: add support for EnGenius ECB1750")
Signed-off-by: Sven Friedmann <sf.openwrt@okay.ms>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
SoC: AR9344
RAM: 128MB
Flash: 16MiB Winbond 25Q128BVFG SPI NOR
5GHz WiFi: AR9380 PCIe 3x3:3 802.11n
2.4GHz WiFi: AR9344 (SoC) AHB 2x2:2 802.11n
5x Gigabit ethernet via AR8327N switch (green + amber LEDs)
2x USB 2.0 via GL850G hub
4x front LEDs from SoC GPIO
1x front WPS button from SoC GPIO
1x bottom reset button from SoC GPIO
Known issues:
AR8327N LEDs only have default functionality, not presented in sysfs.
This is a regression from ar71xx.
UART header JP1, 115200 no parity 1 stop
TX
GND
VCC
(N/P)
RX
See https://openwrt.org/toh/wd/n750 for flashing detail.
Procedures unchanged from ar71xx.
Tested sysupgrade + factory flash from WD Emergency Recovery
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add procd inbound/outbound firewall rules if a zone is specified.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add a procd inbound firewall rule if a zone is specified.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Feature: Add support for 200Gbps (50Gbps per lane) link mode
* Feature: simplify handling of PHY tunable downshift
* Feature: add support for PHY tunable Fast Link Down
* Feature: add PHY Fast Link Down tunable to man page
* Feature: Add a 'start N' option when specifying the Rx flow hash indirection table.
* Feature: Add bash-completion script
* Feature: add 10000baseR_FEC link mode name
* Fix: qsfp: fix special value comparison
* Feature: move option parsing related code into function
* Feature: move cmdline_coalesce out of do_scoalesce
* Feature: introduce new ioctl for per-queue settings
* Feature: support per-queue sub command --show-coalesce
* Feature: support per-queue sub command --coalesce
* Fix: fix up dump_coalesce output to match actual option names
* Feature: fec: add pretty dump
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This makes sysupgrade work on the D-Link DIR-685 after
initial factory install.
We create the platform.sh script to support sysupgrade
on more targets as we move on with sysupgrade support.
Cc: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[cleanup in platform.sh, removed superfluous SUPPORTED_DEVICES]
Lua's LNUM patch currently doesn't parse properly certain numbers as
it's visible from the following simple tests.
On x86_64 host (stock Lua 5.1.5, expected output):
$ /usr/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'
2147483648
8796093022208
4294967296
On x86_64 host:
$ staging_dir/hostpkg/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'
-2147483648
0
0
On x86_64 target:
$ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'
-2147483648
0
0
On ath79 target:
$ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'
-2147483648
8796093022208
4294967296
It's caused by two issues fixed in this patch, first issue is caused by
unhadled strtoul overflow and second one is caused by the cast of
unsigned to signed Lua integer when parsing from hex literal.
Run tested on:
* Zidoo Z9S with RTD1296 CPU (aarch64_cortex-a53)
* qemu/x86_64
* qemu/armvirt_64
* ath79
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
[commit subject/message touches, fixed From to match SOB, fixed another
unhandled case in luaO_str2i, host Lua, package bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This reverts commit 0111b86f1d as it
breaks on Linux distributions without ed support
./fix-libmath_h: line 1: ed: command not found
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
When running OpenWrt inside an LXC container no shell is opend as LXC
defaults to a virtual /dev/console.
This patch allows to enter a shell after starting the container via
`lxc-start`, without it is only posible to access a shell on tty1 via
`lxc-console`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The vendor firmware only uses two mac addresses, the mac address on the
label and the label + 1. While checking multiple devices, all labels have
even mac addresses. Concluding only 2 address are assigned to a device.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>