Commit Graph

55668 Commits

Author SHA1 Message Date
Kevin Darbyshire-Bryant
d7f378796f dnsmasq: Support nftables nftsets
Add build option for nftables sets. By default disable iptables ipset
support.  By default enable nftable nftset support since this is what
fw4 uses.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

dnsmasq: nftset: serve from ipset config

Use existing ipset configs as source for nftsets to be compatible with
existing configs. As the OS can either have iptables XOR nftables
support, it's fine to provide both to dnsmasq. dnsmasq will silently
fail for the present one. Depending on the dnsmasq compile time options,
the ipsets or nftsets option will not be added to the dnsmasq config
file.

dnsmasq will try to add the IP addresses to all sets, regardless of the
IP version defined for the set. Adding an IPv6 to an IPv4 set and vice
versa will silently fail.

Signed-off-by: Mathias Kresin <dev@kresin.me>

dnsmasq: support populating nftsets in addition to ipsets

Tell dnsmasq to populate nftsets instead of ipsets, if firewall4 is present in
the system. Keep the same configuration syntax in /etc/config/dhcp, for
compatibility purposes.

Huge thanks to Jo-Philipp Wich for basically writing the function.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>

dnsmasq: obtain nftset ip family from nft

Unfortunately dnsmasq nft is noisy if an attempt to add a mismatched ip address
family to an nft set is made.

Heuristic to guess which ip family a nft set might belong by inferring
from the set name.

In order of preference:

If setname ends with standalone '4' or '6' use that, else
if setname has '4' or '6' delimited by '-' or '_' use that (eg
foo-4-bar) else
If setname begins with '4' or '6' standalone use that.

By standalone I mean not as part of a larger number eg. 24

If the above fails then use the existing nft set query mechanism and if
that fails, well you're stuffed!

With-thanks-to: Jo-Philipp Wich <jo@mein.io> who improved my regexp
knowledge.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>

dnsmasq: specify firewall table for nftset

Permit ipsets to specify an nftables table for the set.  New config
parameter is 'table'.  If not specified the default of 'fw4' is used.

config ipset
	list name 'BK_4,BK_6'
	option table 'dscpclassify'
	option table_family 'ip'
	option family '4'
	list domain 'ms-acdc.office.com'
	list domain 'windowsupdate.com'
	list domain 'update.microsoft.com'
	list domain 'graph.microsoft.com'
	list domain '1drv.ms'
	list domain '1drv.com'

The table family can also be specified, usually 'ip' or 'ip6' else the
default 'inet' capable of both ipv4 & ipv6 is used.

If the table family is not specified then finally a family option is
available to specify either '4' or '6' for ipv4 or ipv6 respectively.

This is all in addition to the existing heuristic that will look in the
nftset name for an ip family clue, or in total desperation, query the
value from the nftset itself.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-11-06 19:47:13 +00:00
Mathias Kresin
7cdf74e163 dnsmasq: add uci-defaults script for ipset migration
When running sysupgrade from an existing configuration, move existing
ipset definitions to a dedicated config section. Later on, it will allow
to serve ipset as well as nftable sets from the same configuration.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2022-11-06 19:47:13 +00:00
Kevin Darbyshire-Bryant
bf27d977f0 dnsmasq: bump to 2.87
Bump dnsmasq to 2.87 & refresh patches

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2022-11-06 19:47:13 +00:00
Kuan-Yi Li
f795ecc0dd sdk: use git-src-full to allow Git versioning
$(AUTORELEASE) uses Git log to determine releases and package timestamps.

Base feed is shallow cloned by default in generated SDK, resulting in
an incomplete Git log and therefore different local package versions than
offered upstream.

This patch complements commit 7fae1e5677 by setting the base feed to use
`src-git-full` to solve that.

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
2022-11-06 17:08:23 +01:00
Alan Luck
aca8bb5cc3 ath79: expand rootfs for DIR-825-B1 with unused space
Expand currently unused flash space to roofs for DIR-825-B1 by using the same
flash space as the old ar71xx big image without moving the caldata.

With some testing this partition is use by the OEM firmware
but if changed is regenerated which allows reverting to OEM firmware

Signed-off-by: Alan Luck <luckyhome2008@gmail.com>
2022-11-06 01:03:16 +01:00
Korey Caro
12cee86989 ath79: add support to TrendNet TEW-673GRU
Add support for the TrendNet TEW-673GRU to ath79.
This device was supported in 19.07.9 but was deprecated with ar71xx.
This is mostly a copy of D-Link DIR-825 B1.
Updates have been completed to enable factory.bin and sysupgrade.bin both.
Code improvements to DTS file and makefile.

Architecture   |  MIPS
Vendor         |  Qualcomm Atheros
bootloader     |  U-Boot
System-On-Chip |  AR7161 rev 2 (MIPS 24Kc V7.4)
CPU/Speed      |  24Kc V7.4 680 MHz
Flash-Chip     |  Macronix MX25L6405D
Flash size     |  8192 KiB
RAM Chip:      |  ProMOS V58C2256164SCI5 × 2
RAM size       |  64 MiB
Wireless       |  2 x Atheros AR922X 2.4GHz/5.0GHz 802.11abgn
Ethernet       |  RealTek RTL8366S Gigabit w/ port based vlan support
USB            |  Yes 2 x 2.0

Initial Flashing Process:
	1) Download 22.03 tew-673gru factory bin
	2) Flash 22.03 using TrendNet GUI

OpenWRT Upgrade Process
	3) Download 22.03 tew-673gru sysupgrade.bin
	4) Flash 22.03 using OpenWRT GUI

Signed-off-by: Korey Caro <korey.caro@gmail.com>
2022-11-06 00:51:58 +01:00
Hauke Mehrtens
6645a019f8 CI: packages.yml: Fix usage of pre-build tools
Activate CONFIG_AUTOREMOVE to match the settings used to build the
pre-build tools. This has to match the pre-build tools to not rebuild
them.

This prevents the tools being rebuild in packages.yml.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-06 00:08:09 +01:00
Linos Giannopoulos
78110c3b5f ramips: add support for TP-Link MR600 V2(EU)
MR600 V2(EU) is an LTE router that also supports 4G+ band aggregation
etc. and can reportedly achieve higher bandwidth with it.

- Specifications:

* SoC: Mediatek MT7621DAT 880MHz
* RAM: 128MB DDR3
* Flash: 16MB SPI NOR flash (GD25Q128C)
* LTE Modem: Qualcomm MDM9240
* WiFi 5GHz: Mediatek MT7613BEN
* WiFi 2.4GHz: Mediatek MT7603EN
* Ethernet: MT7530, 4x 1000Base-T.
* UART: Serial console (115200 8n1), J1(GND:3)
* Buttons: Reset, WPS.
* LED: Power, WAN, LTE, WiFi 2GHz and 5GHz, LAN, Signal1, Signal2,
  Signal3

- MAC Addresses:

OEM firmware configuration:
54:af:97:xx:xx:7b : 2.4G
54:af:97:xx:xx:7a : 5G
54:af:97:xx:xx:7c : LTE
54:af:97:xx:xx:7b : LAN (label)
54:af:97:xx:xx:7c : WAN

- Installation:

1. Download the OpenWrt initramfs-image.

Place it into a TFTP server root directory and rename it to openwrt.img
Configure the TFTP server to listen at 192.168.0.5/24.

3. Connect to the serial console.

Attach power and interrupt the boot procedure when prompted (type `tpl`).

Credentials are admin / 1234

4. Configure U-Boot for booting OpenWrt from ram

 $ tftpboot
 $ bootm

5. Transfer the OpenWrt sysupgrade image to the device.

- LTE:

In order to setup the wwan0 interface:
1. Add a `qmi` proto interface under `/etc/config/network`, e.g.:
```
config interface 'wwan0'
        option device '/dev/cdc-wdm0'
        option proto 'qmi'
        option pincode 'XXXX'
        option apn 'your_isp_apn'
```

2. Add `wwan0` interface to the `wan` firewall zone
3. `/etc/init.d/network restart`

Signed-off-by: Linos Giannopoulos <linosgian00@gmail.com>
2022-11-05 23:13:16 +01:00
Shiji Yang
f7f9203854 ramips: add support for SIM SIMAX1800T and Haier HAR-20S2U1
SIM AX18T and Haier HAR-20S2U1 Wi-Fi6 AX1800 routers are designed based
on Tenbay WR1800K. They have the same hardware circuits and u-boot.
SIM AX18T has three carrier customized models: SIMAX1800M (China Mobile),
SIMAX1800T (China Telecom) and SIMAX1800U (China Unicom). All of these
models run the same firmware.

Specifications:
 SOC:      MT7621 + MT7905 + MT7975
 ROM:      128 MiB
 RAM:      256 MiB
 LED:      status *3 R/G/B
 Button:   reset *1 + wps/mesh *1
 Ethernet:      lan *3 + wan *1 (10/100/1000Mbps)
 TTL Baudrate:  115200
 TFTP Server:   192.168.1.254
 TFTP IP:       192.168.1.28 or 192.168.1.160 (when envs is broken)

MAC Address:
 use        address               source
 label      30:xx:xx:xx:xx:62     wan
 lan        30:xx:xx:xx:xx:65     factory.0x8004
 wan        30:xx:xx:xx:xx:62     factory.0x8004 -3
 wlan2g     30:xx:xx:xx:xx:64     factory.0x0004
 wlan5g     32:xx:xx:xx:xx:64     factory.0x0004 set 7th bit

TFTP Installation (initramfs image only & recommend):
1. Set local tftp server IP: 192.168.1.254 and NetMask: 255.255.255.0
2. Rename initramfs-kernel.bin to "factory.bin" and put it in the root
   directory of the tftp server. (tftpd64 is a good choice for Windows)
3. Start the TFTP server, plug in the power supply, and wait for the
   system to boot.
4. Backup "firmware" partition and rename it to "firmware.bin", we need
   it to back to stock firmware.
5. Use "fw_printenv" command to list envs.
   If "firmware_select=2" is observed then set u-boot enviroment:
   /# fw_setenv firmware_select 1
6. Apply sysupgrade.bin in OpenWrt LuCI.

Web UI Installation:
1. Apply update by uploading initramfs-factory.bin to the web UI.
2. Use "fw_printenv" command to list envs.
   If "firmware_select=2" is observed then set u-boot enviroment:
   /# fw_setenv firmware_select 1
3. Apply squashfs-sysupgrade.bin in OpenWrt LuCI.

Recovery to stock firmware:
a. Upload "firmware.bin" to OpenWrt /tmp, then execute:
   /# mtd -r write /tmp/firmware.bin firmware
b. We can also write factory image "UploadBrush-bin.img" to firmware
   partition to recovery. Upload image file to /tmp, then execute:
   /# mtd erase firmware
   /# mtd -r write /tmp/UploadBrush-bin.img firmware

How to extract stock firmware image:
  Download stock firmware, then use openssl:
  openssl aes-256-cbc -d -salt -in [Downloaded_Firmware] \
  -out "firmware.tar.tgz" -k QiLunSmartWL

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2022-11-05 22:38:01 +01:00
Hauke Mehrtens
898b4104b3 ltq-tapi: Fix compile with kernel 5.15
Do not use find_vpid(), but get_task_pid() to get the pid from
pThrCntrl->tid. This is now a ponter to struct task_struct instead of
an integer.

This fixes the build of ltq-tapi with lantiq/xway.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-05 22:35:58 +01:00
Hauke Mehrtens
b3aa998f6c ltq-ifxos: Fix compile with ltq-tapi
Do not include asm/irq.h directly, but include linux/interrupt.h instead.
This fixes the build of ltq-tapi with lantiq/xway.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-05 22:35:46 +01:00
Hauke Mehrtens
8b383ee2a0 busybox: awk: fix use after free (CVE-2022-30065)
This backports a commit which fixes a use after free bug in awk.

CVE-2022-30065 description:
A use-after-free in Busybox 1.35-x's awk applet leads to denial of
service and possibly code execution when processing a crafted awk
pattern in the copyvar function.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-05 22:07:09 +01:00
Hauke Mehrtens
002a99eccd dnsmasq: Backport DHCPv6 server fix (CVE-2022-0934)
This backports a commit from upstream dnsmasq to fix CVE-2022-0934.

CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-05 22:05:47 +01:00
Alexander Horner
53f2e438cb ramips: add support for Zbtlink ZBT-WG1602-V04
Description heavily based on commit
7e89421a7c by
Sergey Ryazanov <ryazanov.s.a@gmail.com> Details I cannot confirm have
been removed

Completed with great help from \x on IRC. Thanks, \x!

Zbtlink ZBT-WG1602-V04 is a Wi-Fi router intendend for use with WWAN
(UMTS/LTE/3G/4G) modems. The router board offers a couple of miniPCIe
slots with USB and SIM only and another one which is a pure miniPCIe
slot as well as five Gigabit Ethernet ports (4xLAN + WAN).

Specification:

* SoC: MT7621A
* RAM: 256/512 MiB
* Flash: 16/32 MiB
* Eth: 10/100/1000 Mbps Ethernet x5 ports (4xLAN + WAN)
* WLAN 2GHz: MT7603E (.11bgn, MIMO 2x2)
* WLAN 5GHz: MT7662E (.11nac, MIMO 2x2)
* WLAN Ants: detachable x2, shared by 2GHz & 5GHz radios
* miniPCIe: 2x slots with USB&SIM + 1x slot with regular PCIe bus
* WWAN Ants: detachable x4
* External storage: microSD (SDXC) slot
* USB: 3.0 Type-A port
* LED: 11 (5 per Eth phy, 3 SoC controlled, 2 WLAN 2/5 controlled,
  1 power indicator)
* Button: 1 (reset)
* UART: console (115200 baud)
* Power: DC jack (12 V / 2.5 A)

Additional HW information:

* SoC USB port 1 is shared by internal miniPCIe slot and external
  Type-A USB port, USB D+/D- lines are toggled between ports using a
  GPIO controlled DPDT switch.

Installation:

The kernel image can be installed directly onto the device via a browser
to 192.168.1.1 using the built in firmware recovery Web UI available.
It can be accessed by pushing the reset button in, applying power and
holding the reset button for approximately 10 seconds. When the kernel
image has been flashed, you can access LuCI and upload the sysupgrade
as normal.

Signed-off-by: Alexander Horner <ahorner@programmer.net>
2022-11-05 21:12:25 +01:00
Shiji Yang
7a504c151d ramips: add support for Youku X2
Specifications:
  SOC:      MT7620AN + MT7612EN
  RAM:      128 MiB DDR2
  Flash:    16 MiB (Winbond W25Q28FVFG)
  WLAN:     2.4G + 5G
  LAN:      LAN ports *2
  WAN:      WAN port *1
  USB:      USB2.0 *1
  SD Card:  MicroSD *1
  Buttons:  Reset *1
  LEDs: ethernet *3, system, usb, wlan2g, wlan5g

MAC Address:
  use        address               source
  label      54:36:9b:xx:xx:ac     lan
  lan        54:36:9b:xx:xx:ac     factory.0x0028
  wan        54:36:9b:xx:xx:ad     factory.0x002e
  wlan2g     54:36:9b:xx:xx:ae     factory.0x0004
  wlan5g     54:36:9b:xx:xx:af     factory.0x8004

Installation:
1. Apply initramfs-kernel.bin in stock firmware Web UI.
2. Install sysupgrade.bin on OpenWrt and do not retain any configuration.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2022-11-05 21:12:24 +01:00
Shiji Yang
eba0a8deb6 ramips: improve compatibility for Youku YK-L2 and YK-L1 series
Add UIMAGE_NAME and UIMAGE_MAGIC to allow users to directly install
initramfs-kernel.bin from the stock firmware Web UI. At the same time,
this change makes it possible to boot OpenWrt with the official u-boot.

Notice:
Since the stock firmware is based on OpenWrt and the configuration
will be retained by default during the upgrade process, so we must use
initramfs-kernel.bin to do a initial installation. After the system
restarts, install sysupgrade.bin and do not retain any configuration.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2022-11-05 21:12:24 +01:00
Pawel Dembicki
d75ed3726d uboot-layerscape: adjust LS1012A-IOT config and env
In a254279a6c LS1012A-IOT kernel image was switched to FIT.

But u-boot config is lack of FIT and ext4 support.

This patch enables it.

It also fix envs, because for some reason this board need to use "loadaddr"
variable in brackets.

Fixes: #9894
Fixes: a254279a6c ("layerscape: Change to combined rootfs on sd images")
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2022-11-05 21:12:03 +01:00
Nick Hainke
8623a449c2 valgrind: update to 3.20.0
Release Notes:
https://valgrind.org/docs/manual/dist.news.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 16:29:28 +01:00
Martin Schiller
1e028ac51e kernel: further cleanup of xfrm[4|6]_mode*
In my commit da5c45f4d8 ("kernel: remove handling of xfrm[4|6]_mode_*
modules") I missed a few default config options and description entries.
Those should be gone as well.

Fixes: da5c45f4d8 ("kernel: remove handling of xfrm[4|6]_mode_* modules")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2022-11-05 16:28:33 +01:00
Luiz Angelo Daros de Luca
1ee635c561 realtek: fix typo in debug message
vid_end was mentioned twice.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2022-11-05 16:27:21 +01:00
John Audia
1eebe72a80 kernel: bump 5.15 to 5.15.77
Manually rebased:
   bcm27xx/patches-5.15/950-0600-xhci-quirks-add-link-TRB-quirk-for-VL805.patch
   bcm27xx/patches-5.15/950-0606-usb-xhci-add-VLI_TRB_CACHE_BUG-quirk.patch
   bcm27xx/patches-5.15/950-0717-usb-xhci-add-a-quirk-for-Superspeed-bulk-OUT-transfe.patch
   bcm53xx/patches-5.15/180-usb-xhci-add-support-for-performing-fake-doorbell.patch
   lantiq/patches-5.15/0028-NET-lantiq-various-etop-fixes.patch

All other patches automatically rebased

Build system: x86_64
Build-tested: bcm2711/RPi4B, mt7622/RT3200
Run-tested: bcm2711/RPi4B, mt7622/RT3200

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-11-05 16:26:38 +01:00
John Audia
87edb650c7 kernel: bump 5.10 to 5.10.153
Manually rebased:
  bcm53xx/patches-5.10/180-usb-xhci-add-support-for-performing-fake-doorbell.patch
  lantiq/patches-5.10/0028-NET-lantiq-various-etop-fixes.patch

All patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-11-05 16:26:00 +01:00
Nick Hainke
52167feff8 tools/fakeroot: update to 1.30.1
Release Notes:
https://tracker.debian.org/news/1381350/accepted-fakeroot-1301-1-source-into-unstable/

Refresh patches:
- 600-macOS.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 14:07:46 +00:00
John Audia
a0814f04ed openssl: bump to 1.1.1s
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]

  *) Fixed a regression introduced in 1.1.1r version not refreshing the
     certificate data to be signed before signing the certificate.
     [Gibeom Gwon]

 Changes between 1.1.1q and 1.1.1r [11 Oct 2022]

  *) Fixed the linux-mips64 Configure target which was missing the
     SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
     platform.
     [Adam Joseph]

  *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
     causing incorrect results in some cases as a result.
     [Paul Dale]

  *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
     report correct results in some cases
     [Matt Caswell]

  *) Fixed a regression introduced in 1.1.1o for re-signing certificates with
     different key sizes
     [Todd Short]

  *) Added the loongarch64 target
     [Shi Pujin]

  *) Fixed a DRBG seed propagation thread safety issue
     [Bernd Edlinger]

  *) Fixed a memory leak in tls13_generate_secret
     [Bernd Edlinger]

  *) Fixed reported performance degradation on aarch64. Restored the
     implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
     32-bit lane assignment in CTR mode") for 64bit targets only, since it is
     reportedly 2-17% slower and the silicon errata only affects 32bit targets.
     The new algorithm is still used for 32 bit targets.
     [Bernd Edlinger]

  *) Added a missing header for memcmp that caused compilation failure on some
     platforms
     [Gregor Jasny]

Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-11-05 14:07:46 +00:00
Nick Hainke
bef3699ad5 elfutils: update to 1.88
Release Notes:
https://sourceware.org/pipermail/elfutils-devel/2022q4/005561.html

Refresh patches:
- 003-libintl-compatibility.patch
- 100-musl-compat.patch
- 101-no-fts.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 14:07:46 +00:00
Nick Hainke
e0e7e349fa tools/elfutils: update to 1.88
Release Notes:
https://sourceware.org/pipermail/elfutils-devel/2022q4/005561.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 14:07:46 +00:00
Nick Hainke
6dd14bab3f strace: update to 6.0
Release Notes:
https://github.com/strace/strace/releases/tag/v6.0

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 14:07:46 +00:00
Nick Hainke
17dd18d993 tools/mtd-utils: update to 2.1.5
Release Notes:
https://lore.kernel.org/buildroot/c0992bbb-9487-9a51-ea9f-39cf074b61ec@sigma-star.at/

Refresh patches:
- 130-lzma_jffs2.patch
- 320-mkfs.jffs2-SOURCE_DATE_EPOCH.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 14:07:46 +00:00
Nick Hainke
f06e995c13 tools/mtools: update to 4.0.42
Release Notes:
https://lists.gnu.org/archive/html/info-mtools/2022-10/msg00000.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 14:07:46 +00:00
Nick Hainke
29d987fc89 mediatek: replace mt7986 watchdog assert patch with upstream
Replace "920-watchdog-add-mt7986-assert.patch" with upstreamed
- 920-v5.16-watchdog-mtk-add-disable_wdt_extrst-support.patch
- 921-v5.19-watchdog-mtk_wdt-mt7986-Add-toprgu-reset-controller.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 14:07:46 +00:00
Nick Hainke
61a9367b86 mediatek: mt7629: add tag to upstreamed patches
The patches were upstreamed.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 14:07:46 +00:00
Nick Hainke
0c8d84a642 mediatek: add tag for upstreamed patches
The patches were upstreamed.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 14:07:46 +00:00
Nick Hainke
e8080ce89b mediatek: mt7986: add tag to upstreamed patches
The patch "210-pinctrl-mediatek-add-support-for-MT7986-SoC.patch" and
"212-clk-mediatek-add-mt7986-clock-support.patch" are upstreamed.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 14:07:46 +00:00
Nick Hainke
e4270d6493 mediatek: mt7622: add tag to upstreamed patches
The patches "191-arm64-dts-mt7622-specify-the-L2-cache-topology.patch"
and "192-arm64-dts-mt7622-specify-the-number-of-DMA-requests.patch" are
upstreamed to 5.19.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-11-05 14:07:46 +00:00
Aleksander Jan Bajkowski
985d59cdf0 mediatek: filogic: disable swconfig
This subtarget supports 3 devices:
 * Bananapi BPi-R3 (added in a96382c1bb),
 * MediaTek MTK7986 rfba AP (added in cffc77ae55),
 * MediaTek MTK7986 rfbb AP (added in cffc77ae55).

This subtarget supports DSA from the beginning. It looks like CONFIG_SWCONFIG
was copied from another config when the subtarget was created.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
2022-11-05 14:02:13 +00:00
Aleksander Jan Bajkowski
c4f63f7364 mediatek: filogic: refresh config
This was done by executing these command:
$ time make kernel_oldconfig CONFIG_TARGET=subtarget

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
2022-11-05 14:02:13 +00:00
Glen Huang
46fbe55971 uhttpd: use procd to reload on acme renew
Calling /etc/init.d/uhttpd reload directly in the acme hotplug script
can inadvertently start a stopped instance.

Signed-off-by: Glen Huang <i@glenhuang.com>
2022-11-04 16:21:00 +01:00
Rafał Miłecki
6198eb3e64 bcm4908: backport upstream BQL support for bcm4908_enet
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-11-03 07:38:35 +01:00
Hauke Mehrtens
e42ec112a4 kernel: Refresh generic patches
This patch was out of sync.

Fixes: 1673b7dca3 ("kernel: backport fixes for MediaTek Ethernet driver")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-03 00:25:34 +01:00
Rafał Miłecki
c3322cf04a kernel: sort filesystems symbols alphabetically
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-11-02 20:10:42 +01:00
Daniel Golle
1673b7dca3 kernel: backport fixes for MediaTek Ethernet driver
Backport patches from net-next which fix possible memory and resource
leaks in the error codepaths of WED initialization.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-11-02 15:53:34 +00:00
Daniel Golle
9721a42a27
kernel: support hw flow-offloading counters on newer MediaTek SoCs
The packet processing engine (PPE) found in newer ARM-based MediaTek
SoCs provides packet and byte counters for offloaded streams.
Import pending patch reading and using those counters.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-11-02 11:41:56 +00:00
Daniel Golle
82a05ce14b
mediatek: remove obsolete patch
The patch enabling hardware flow offloading support on the MT7623 SoC
has been merged upstream as of Linux 5.13. Remove our local patch which
wrongly got forward-ported and now actually enables hardware flow
offloading for the MT2701 SoC family (unsupported in OpenWrt).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-11-02 11:41:50 +00:00
Baptiste Jonglez
ef597b026b firewall: config: drop input traffic by default
This is necessary with firewall4 to avoid a hard-to-diagnose race
condition during boot, causing DNAT rules not to be taken into account
correctly.

The root cause is that, during boot, the ruleset is mostly empty, and
interface-related rules (including DNAT rules) are added incrementally.
If a packet hits the input chain before the DNAT rules are setup, it can
create buggy conntrack entries that will persist indefinitely.

This new default should be safe because firewall4 explicitly accepts
authorized traffic and rejects the rest.  Thus, in normal operations, the
default policy is not used.

Fixes: #10749
Ref: https://github.com/openwrt/openwrt/issues/10749
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2022-11-01 23:25:39 +01:00
Hauke Mehrtens
5b7c99bc4c libnl-tiny: update to the latest version
db3b2cd libnl-tiny: set SOCK_CLOEXEC if available

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-01 18:04:39 +01:00
Hauke Mehrtens
5c70b19c42 iwinfo: update to the latest version
00aab87 Correctly identify key management algorithms starting with "FT-"

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-01 18:04:39 +01:00
Sven Eckelmann
8d3e932b65 uboot-envtools: Fix format of autogenerated sectors
The sector number must be stored in hex. Otherwise, the number (like 16)
will be parsed as hex and any write to the partition will end up with an
error like:

  MTD erase error on /dev/mtd5: Invalid argument

Fixes: 9adfeccd84 ("uboot-envtools: Add support for IPQ806x AP148 and DB149")
Fixes: 54b275c8ed ("ipq40xx: add target")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@fungible.com>
2022-11-01 18:04:38 +01:00
Hauke Mehrtens
633f3e1118 kernel: Add kmod-drm-ttm-helper
Add a package for drm_ttm_helper.ko. CONFIG_DRM_TTM_HELPER is compiled
into the kernel on armvirt/64, x86/64, x86/generic and x86/legacy
because also some DRM drivers are compiled into the kernel. On x86/geode
it is not compiled into the kernel, but kmod-drm-amdgpu and
kmod-drm-radeon depend on it.

This fixes the x86/geode build.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-01 14:47:14 +01:00
Sander Vanheule
75c576d4c4 realtek: mark clock source as continuous
After replacing the R4K event timer and clock source with the new
Realtek Otto timer, performance for RTL839x devices was severely
impacted, as reported by Hiroshi.

Research by Markus showed that after commit 4657a5301e ("realtek:
avoid busy waiting for RTL839x PHY read/write"), the ethernet driver
could only update a phy once per timer interval, which also heavily
impacted boot time. On e.g. a Zyxel GS1900-48, this added around a
minute to the time to fully initialise the switch.

By marking the otto clocksource as continuous, the kernel enables it to
be used for high resolution timers. This allows readx_poll_timeout() to
sleep for less than one system timer interval, reducing system dead
time.

Link: https://github.com/openwrt/openwrt/issues/11117
Reported-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Cc: Markus Stockhausen <markus.stockhausen@gmx.de>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Tested-by: INAGAKI Hiroshi <musashino.open@gmail.com> # Panasonic Switch-M48eG PN28480K
Tested-by: Jan Hoffmann <jan@3e8.eu> # HPE 1920-8G, HPE 1920-48G
2022-11-01 09:13:11 +01:00
Rosen Penev
3b93651072 target/realtek: use netif_receive_skb_list
Small performance improvement on rx.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-11-01 09:09:24 +01:00