ZTE MF286A and MF286R feature a "power switch override" GPIO in stock
firmware as means to prevent power interruption during firmware update,
especially when used with internal battery.
To ensure that this GPIO is
properly driven as in stock firmware, configure it with userspace GPIO
switch.
It was observed that on some units, the modem would not be
restarted together with the board itself on reboot, this should help
with that as well.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 1fabeeb799)
On GL-AR300M Series GPIO17 described as I2C SDA in Device Tree.
Because of GPIO_OUT_FUNCTION4 register was not initialized on start,
GPIO17 was uncontrollable, it always in high state. According to QCA9531
documentation, default setting of GPIO17 is SYS_RST_L. In order to make
GPIO17 controllable, it should write value 0x00 on bits [15:8] of
GPIO_OUT_FUNCTION4 register, located at 0x1804003C address.
Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
(cherry picked from commit 57efdd6a2d)
Do not reset the RTL930x SerDes on link changes, instead set up
the SDS with internal PHYs for the SFP+ ports only.
This fixes the 8 1GBit ports on the Zyxel XGS1250 which
do not work without this patch.
A complete SerDes reset was performed on all SerDes links. For copper
1Gbit ports, this is commonly a single XGMII link to an RTL8218D. There
is however no support for setting up the XGMII link on RTL9300/RTL9310,
thereby wiping the (RX/TX) setup done by u-boot and breaking the 1GBit
ports. No SerDes reset should be done for these links.
The handling of SGMII/HiSGMII, 1000BX or 10GR links is actually entirely
different. All these modes need to be suitably RX calibrated and the
pre- main and post- amplifiers set up properly for TX.
The 10GBit SFP+ fiber links are recalibrated instead of reset, which
e.g. is necessary when someone pulls a module out and puts another in.
This makes swapping out 10GBit fiber modules possible. 1GBit modules are
not yet supported, nor any modules with an internal phy.
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Birger Koblitz <git@birger-koblitz.de>
[rewrite commit message based on discussion]
Link: http://lists.infradead.org/pipermail/openwrt-devel/2022-May/038623.html
Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit d1b824650f)
This fixes a bug where frames sent to the switch itself were
flooded to all ports unless the MAC address of the CPU-port
was learned otherwise.
Tested-by: Wenli Looi <wlooi@ucalgary.ca>
Tested-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Birger Koblitz <git@birger-koblitz.de>
[fix code formatting]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
(cherry picked from commit 98bb26f9f7)
This fixes a well known "LZMA ERROR 1" error, reported previously on
numerous of similar devices.
Fixes: #9824
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 064e7e57b4)
There are many ways to add external RTC to Raspberry Pi boards. Let's
include support for this for the whole target and while at it, sort
features alphabetically.
Fixes: #9594
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit ff09905a46)
This series also contains other improvement for hardware flow offload support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 0f029b3d2b)
Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.
Fixes: #5066
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 65258f5d60)
Remove forgotten redundant selinuxenabled call and skip the whole
thing in case $IPKG_INSTROOT is set as labels are anyway applied only
later on in fakeroot when squashfs is created.
Fixes: 6d7272852e ("base-files: add missing $IPKG_INSTROOT to restorecon call")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7b07c3cff5)
try to clean up some labeling inconsistencies
iwinfo loose ends
ucode loose ends
Makefile: adjust mintesttgt (adds blockmount/blockd)
nftables: reads inherited netifd pipe
ucode: reads inherited netifd pipes
mountroot: fowner
sandbox: writes inherited dropbear pipes
unbound related to /tmp/etc/ssl
unbound loose ends
adds a sslconftmpfile for /tmp/etc/ssl
README: maintain a wish list in the README
iwinfo: netifd forgot write
gptfdisk loose ends
iwinfo: netifd wpad reads/writes inherited netifd fifo files
netifd (mac80211.sh) executes iwinfo
luci: executes wireguard
luci-cgi: audits xtables execute access
rcuhttpd: lists ssl certfile dirs
iwinfo, wifi,nftables usage of ttyd pty if available
urandomseed: seedrng needs cap_sys_admin
iwinfo iwinfo, nftables and some chronyd rules related to ntp nts server
nftables, wifi and adds iwinfo skel
nftables, rpcd, ucode
nftables, ucode and seedrng ucode, fw3/nftables, luci
adds ucode skel and some fw3/nftables related
urandomseed: some seedrng rules
fw3 adds some support for fw4
urandomseed: /etc/seedrng is for seed.credit
hotplugcal: runs ucode which is interpreter like
adds a nftables skeleton and makes xtables optional
agent: allow all agents to write inherited dropbear pipes
urandomseed: this seems to be replaced by seedrng
kmodloader: label /etc/modules.conf kmodloader.conffile
Revert "shelexecfile: remove auditallow rule"
Makefile: sort the modules to process by secilc
Moves back to git.defensec.nl
unbound odhcpd (ip) reads net proc
tcp dump
shelexecfile: remove auditallow rule
rrd.cil: fixes indent
Target rddtool from cgi-io instead of runnit it without transition
rrd.cil related
rrd, rpcd, cgiio clean ups related to luci-app-statistics
Rules for rrd files and luci-statistics
unboundcontrol ordering
Several missing permissions
blockmount, dnsmasq, hotplugcall, rpcd, unbound
adds mctp_socket (linux 5.15)
ip: forgot tc-tiny type transition to go along with the fc spec
ip: adds a fc spec for tc-tiny (called by sqm)
adds ttyACM fc spec and various assorted loose ends
.gitattributes: do not export the github workflows
workflow use selinux 3.3
project moved back to https://git.defensec.nl/selinux-policy.git
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 4379457098)
Update to overlooked v2 version of Dominick Grift's patch.
Fixes: 5109bd164c ("base-files: address sed in-place without SELinux awareness")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6d7272852e)
sed(1) in busybox does not support this functionality:
https://git.savannah.gnu.org/cgit/sed.git/tree/sed/execute.c#n598
This causes /etc/group to become mislabeled when a package requests
that a uid/gid be added on OpenWrt with SELinux
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[move restorecon inside lock]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 5109bd164c)
After the switch to pre-calibration, ath10k would fail to initialize
the PCIE Wi-Fi on the GL-B200 as follows:
ath10k_pci 0000:01:00.0: enabling device (0140 -> 0142)
ath10k_pci 0000:01:00.0: qca9888 hw2.0 target 0x01000000 chip_id 0x00000000 sub 0000:0000
[...]
ath10k_pci 0000:01:00.0: failed to fetch board data for bus=pci,bmi-chip-id=0,bmi-board-id=16,variant=GL-B2200 from ath10k/QCA9888/hw2.0/board-2.bin
ath10k_pci 0000:01:00.0: failed to fetch board-2.bin or board.bin from ath10k/QCA9888/hw2.0
ath10k_pci 0000:01:00.0: failed to fetch board file: -12
ath10k_pci 0000:01:00.0: could not probe fw (-12)
Repackage the BDF file after renaming relevant fields and files to
allow for the Wi-Fi interface to start again.
Fixes: 80d34d9d59 ("ipq40xx: document pcie wifi chip on the GL.Inet GL-B2200")
CC: Christian Lamparter <chunkeey@gmail.com>
CC: Robert Marko <robimarko@gmail.com>
Reviewed-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
(cherry picked from commit e3f9af4fb6)
Add USB power control in DTS for GL.iNet models:
- AR300M;
- AR300M-Ext;
- AR300M16;
- AR300M16-Ext.
Signed-off-by: PtilopsisLeucotis <PtilopsisLeucotis@yandex.com>
(cherry picked from commit 6e9c814022)
In commit 7e614820a8 ("mpc85xx: add support for Extreme Networks
WS-AP3825i"), we borrowed a recipe convention from apm821xx for device
tree blob padding. Unfortunately, in the apm821xx target, the image
recipes name the device tree blob differently, meaning that in
mpc85xx, the padded dtb is never consumed.
Change the definition of `Build/dtb` so that it outputs the padded dtb
to the correct location for it to be consumed.
Also, rename the recipe to `Build/pad-dtb`, so it is clear we
are building and padding the device tree blob.
This change fixes Github issue #9779 [1].
[1]: https://github.com/openwrt/openwrt/issues/9779
Fixes: 7e614820a8 ("mpc85xx: add support for Extreme Networks WS-AP3825i")
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
(cherry picked from commit 1d06277407)
targetclean should not remove BUILD_LOG
Fixes: db34b93331 (add a version that can be bumped to force toolchain/target rebuild)
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
(cherry picked from commit aeaa816cd2)
If logfacility is a path to a file it needs to be r/w mounted in the
sandbox as well for dnsmasq to work.
Reported-by: @iointerrupt
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2b5fa44f60)
These don't have switches that could be configured using swconfig.
Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
(cherry picked from commit 089eb02abc)
When adding support to the router's built-in modem, this required
package was omitted, because it was already enabled in the image
configuration in use for testing, and this went unnoticed.
In result, the modem still isn't fully supported in official images.
As it is the primary WAN interface, add the missing package.
Fixes: e02fb42c53 ("comgt: support ZTE MF286R modem")
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 8a1003c598)
The 2.4GHz interface doesn't come up properly with the log showing:
mt7621-pci 1e140000.pcie: pcie1 no card, disable it (RST & CLK)
As seen on other MT7621 boards this is caused by a missing reset GPIO.
The MT7621 dtsi set GPIO 19 as PCIe reset GPIO, which on this board
reset the 5GHz interface on port 0. Add GPIO 8 to the PCIe reset GPIO
list to also reset the 2.4GHz interface on port 1.
Signed-off-by: Alban Bedel <albeu@free.fr>
(cherry picked from commit f953a1a4bf)
This commit is completely based on the work of adron-s:
https://github.com/openwrt/openwrt/pull/4721#issuecomment-1101108651
The commit fixes the data corruption on TX packets. Packets are
transmitted, but their contents are replaced with zeros. This error is
caused by the lack of guard (50 ms) intervals between calibration phases.
This error is treated by adding mdelay(50) to the calibration function
code. In the original qca-ssda code [0], these mdelays were existing, but
in the ar41xx.c they are gone.
Tested on:
- Fritz!Box 4040
- Fritz!Box 7530
- Mikrotik SXTsq 5AC
- ZyXEL NBG6617
- [0] https://git.codelinaro.org/clo/qsdk/oss/lklm/qca-ssdk/-/blob/NHSS.QSDK.11.4/src/init/ssdk_init.c#L2072
Suggested-by: Serhii Serhieiev <adron@mstnt.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit ab7e53e5cc)
Add configuration to use uboot-envtools with the Extreme Networks
WS-AP3825i.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit fb7ff6b027)
The bootloader does seem to not correctly patch in the MAC address for
eth0 / eth1 in some cases. While the root cause is not known, manually
applying the MAC-Address in preinit does not hurt.
Reported-by: Tom Herbers <freifunk@tomherbers.de>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit c6d52515e0)
The WS-AP3825i uses Atheros PHYs which according to the datasheet
require the reset to be asserted for at least 1 ms.
This fixes broken eth1 upon soft-reboot. eth0 is no affected, as the
ifup / ifdown cycle in preinit prevents this issue from happening when
the system is ready.
Reported-by: Tom Herbers <freifunk@tomherbers.de>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 8b3c313515)
e14b099 syntax: implement support for ES6 template literals
111cf06 vm: stop executing bytecode on return of nested calls
33f1e0b treewide: move json-c compat shims into internal header file
e0e9431 vm: move unhandled exception reporting out of `uc_vm_execute_chunk()`
2b59140 vm: fix callframe double free on unhanded exceptions
7d7e950 main: abort when failing to load a preload library
1032a67 lib: let `json()` accept input objects implementing `read()` method
5ee68d5 fs: implement `fs.readfile()` and `fs.writefile()`
df6b861 ci: debian: change path before attempting to invoke Git operations
dfaf05a ci: debian: automatically update changelog from Git tag
34f3c45 ci: fix YAML syntax of Debian workflow
e956bcf fs: fix off-by-one in fs.dirname() function
6fc4b6c .gitignore: fix overmatching patterns, blacklist cram .venv
7c2e082 build: remove legacy json-c check
77942af build: add polyfills for older libjson-c versions
0b4aaa3 CI: build Debian package
f404285 debian: Add package definition
a37f654 types: fix escape sequence encoding of high byte values in JSON strings
aae5312 Update README.md
8134e25 build: fix symlink install target
87c7296 treewide: replace some leftover "utpl" occurrences, update .gitignore
7d27ad5 build: only stage ucc symlink if compile support is enabled
171402f lib: add date and time related functions
8b5dc60 lib: provide API function to obtain stdlib function implementations
eb0d2f1 main: turn ucode into multicall executable
28ee7e1 uloop: add support for tasks
753dea9 CI: build on macOS
668c5c0 lib: add argument position support (`%m$`) to `sprintf()` and `printf()`
ab46fdf treewide: remove legacy json-c include directives
b8f49b1 tests: 21_regex_literals: generalize syntax error test case
fd2e5e7 tests: 16_sort: fix logic flaw exposed on OS X
2c71bf2 tests: run_tests.sh: pass dummy value to `-T` flag
55c4a90 lib: disallow zero padding for %s formats
0d05cb5 tests: run_tests.sh: use greadlink if available
271e520 resolv: make OS X compatible
d13c320 fs: avoid Linux specific sys/sysmacros.h include on OS X
33397a3 uloop: use execvp() on OS X
bafdc8f lib: add naive sigtimedwait() stub for OS X
ada1585 build: consolidate CMakeLists.txt and cover OS X deviations
befbb69 include: add OS X compatible endian.h header
49838a8 include: rename include guards to avoid clashes with system headers
91f65de nl80211: add missing attributes and correct some attribute flags
b4a1fd5 lib: adjust require(), render() and include() raw mode semantics
4618807 main: rework CLI frontend
73dcd78 lib: fix potential integer underflow on empty render output
c402551 vm: fix crash on object literals with non-string computed properties
efe8a02 syntax: support add new operators
078d686 ubus: add event support
6c66c83 ubus: refactor error and argument handling
1cb04f9 ubus: add object publishing, notify and subscribe support
0e85974 uloop: clear errno before integer conversion attempts
05bd7ed types: treat resource type prototypes as GC roots
a2a26ca lib: introduce uloop binding
6b6d01f vm: release this context on exception in managed method call
1af23a9 tests: fix proto() testcase
4ce69a8 fs: implement access(), mkstemp(), file.flush() and proc.flush()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commits cef3e6a69c,
0400774a10 and
c59704334c)
Remove '0x' prefix from pstore node in dts, just like it was done
for the device tree used by Linux on MT7622.
This change is done in preparation to update U-Boot to 2022.04.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 810b48e793)
Adresses of device tree nodes are typically noted without the '0x'
prefix. While having the '0x' prefix doesn't hurt when using Linux,
more recent versions of U-Boot will add a duplicate ramoops node as a
simple string compare is used to check if the node is already present.
Remove the '0x' prefix to avoid the kernel warning resulting from
U-Boot adding a dupplicate pstore/ramoops node.
See also https://lists.denx.de/pipermail/u-boot/2022-April/481810.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit fc245338d6)
MPLS feature symbols are normally only set when kmod-mpls is enabled, but the
CONFIG_MPLS symbol they depend on could also have been selected by openvswitch
instead
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 92add80414)
Both legacy iptables and nftables require nf-log modules for rule logging,
so move them into a separate package both firewall implementations can
depend on.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit bea01fa57f)
OrayBox X3A is a 2.4/5GHz dual band AC router, based on MediaTek MT7621.
Specification:
* SoC: MT7621
* RAM: DDR3 128 MiB
* Flash: 16 MiB NOR (XM25Q128)
* Wi-Fi: (single chip hosting both 2.4G and 5G)
* 2.4GHz: MT7615
* 5GHz: MT7615
* Ethernet: 3x 1000Mbps
* Switch: MT7530
* LED:
* Ethernet LEDs: On the back of the router, hardware-controlled.
* Status LEDs: One "pixel-like" RGB LED in the front of the router,
which is actually made up of 3 individual LEDs (with
dedicated GPIO pins) with the color of Red, Green,
and Blue.
The OEM firmware only lights up one color at a time to
indicate status, but that's very boring, and the colors
actually look great when combined, so I've improvised a
little and made them indicate netdev activities.
My test results:
GPIO 13/14/15
000 white (actually more like bright green or cyan
because the brightness of the green LED is
higher than red and blue)
001 bright purple
010 bright green
011 red
100 bright cyan
101 blue
110 green
111 off
Flash Layout:
0x0000000-0x0030000 : "u-boot"
0x0030000-0x0040000 : "u-boot-env"
0x0040000-0x0050000 : "factory"
0x0050000-0x0f50000 : "firmware"
/*0x0f50000 to 0x0fe0000 is undefined, same as OEM firmware*/
0x0fe0000-0x0ff0000 : "bdinfo"
0x0ff0000-0x1000000 : "reserve"
MAC address:
MAC Source Description Fix
A0:CX:XX:BX:XX:0D BDINFO_9 LAN(LABEL) DTS
A0:CX:XX:BX:XX:0E BDINFO_9 + 1 WAN DTS
A2:CX:XX:BX:XX:0F FACTORY_4 WIFI2G DTS
A2:CX:XX:CX:XX:0F SETBIT 7 (FACTORY_4 + 0x100000) WIFI5G HOTPLUG
A6:CX:XX:BX:XX:0F N/A WIFI2G_CLIENT N/A
A6:DX:XX:BX:XX:0F N/A WIFI5G_CLIENT N/A
Stock dmesg:
https://pastebin.com/2t2jwLdf
Stock Dumps:
https://pastebin.com/LDLxSWX3
Installation via SSH (does not void your warranty):
1. -----UNLOCK SSH-----
1.1 Set computer IP to DHCP mode, load 'http://10.168.1.1/cgi-bin/luci' in
your browser. Password is 'admin'.
1.2 Click the "备份且导出" (backup and export) button, and download the
config file.
1.3 Open the downloaded file with 7zip, navigate to '/etc/config/'.
1.4 Edit the file './system'. Change the '0' into '1' under
"config sys 'ssh'".
1.5 Save the file.
1.6 Upload the file by clicking the "导入且恢复" (import and recover)
button. The router will automatically reboot.
2. -----FLASH THE OPENWRT FIRMWARE-----
2.1 Use any scp tool to upload the 'sysupgrade' firmware to the '/tmp/'
folder to your router. It should be root@10.168.1.1 and the password
is 'admin'.
2.2 SSH into the router, also root@10.168.1.1 and the password is 'admin'.
2.3 **IMPORTANT** Type command 'dd if=/dev/mtd3 of=/tmp/firmware.bin', to
backup the stock firmware. Since the OEM does not provide firmware
download on their website, this is the only way to get it.
2.3 **ALSO IMPORTANT** Use any scp tool to download your backed-up stock
firmware from '/tmp/' to your local drive. Then you'd better use a hex
reading tool to have a rough look at it to make sure nothing is
corrupt. Or u can just back up again and cross check the MD5.
2.4 Type command 'mtd write /tmp/XXX.bin firmware', and it should flash
the firmware.
2.5 Verify that nothing went wrong. If you're confident, type 'reboot' and
reboot the router.
Revert to stock firmware:
1. load stock firmware using mtd (make sure u have a backup).
Signed-off-by: Ray Wang <raywang777@foxmail.com>
(cherry picked from commit 9a750aae62)
