Device specifications:
======================
* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi
* 3T3R 5 GHz Wi-Fi
* 6x GPIO-LEDs (2x wifi, 2x status, 1x lan, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
- AR8035 ethernet PHY (RGMII)
- 10/100/1000 Mbps Ethernet
- 802.3af POE
- used as LAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Device specifications:
======================
* Qualcomm/Atheros AR9344 rev 2
* 560/450/225 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi
* 2T2R 5 GHz Wi-Fi
* 8x GPIO-LEDs (6x wifi, 1x wps, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
- AR8035 ethernet PHY (RGMII)
- 10/100/1000 Mbps Ethernet
- 802.3af POE
- used as LAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Device specifications:
======================
* Qualcomm/Atheros AR9344 rev 2
* 560/450/225 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi
* 2T2R 5 GHz Wi-Fi
* 4x GPIO-LEDs (2x wifi, 1x wps, 1x power)
* 1x GPIO-button (reset)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 1x ethernet
- AR8035 ethernet PHY (RGMII)
- 10/100/1000 Mbps Ethernet
- 802.3af POE
- used as LAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[rebase, make WLAN LEDs consistent, add LED migration]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The "cidr_contains6" functions clones the given cidr. The contains4
does not clone the cidr. Both functions do not behave the same.
I see no reason to push the cidr. I think that we get only a negligible
performance gain, but it makes ipv4 and ipv6 equal again.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
overflow in sort_rrset() when DNSSEC is used. This can allow a remote
attacker to write arbitrary data into target device's memory that can
lead to memory corruption and other unexpected behaviors on the target
device.
* CVE-2020-25682:
Dnsmasq versions before 2.83 is susceptible to buffer overflow in
extract_name() function due to missing length check, when DNSSEC is
enabled. This can allow a remote attacker to cause memory corruption
on the target device.
* CVE-2020-25683:
Dnsmasq version before 2.83 is susceptible to a heap-based buffer
overflow when DNSSEC is enabled. A remote attacker, who can create
valid DNS replies, could use this flaw to cause an overflow in a heap-
allocated memory. This flaw is caused by the lack of length checks in
rtc1035.c:extract_name(), which could be abused to make the code
execute memcpy() with a negative size in get_rdata() and cause a crash
in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
A lack of proper address/port check implemented in Dnsmasq version <
2.83 reply_query function makes forging replies easier to an off-path
attacker.
* CVE-2020-25685:
A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
versions before 2.83 reply_query function allows remote attackers to
spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
Multiple DNS query requests for the same resource name (RRNAME) by
Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
traffic, using a birthday attack (RFC 5452), that can lead to DNS
cache poisoning.
* CVE-2020-25687:
Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
remote attacker, who can create valid DNS replies, could use this flaw
to cause an overflow in a heap-allocated memory. This flaw is caused
by the lack of length checks in rtc1035.c:extract_name(), which could
be abused to make the code execute memcpy() with a negative size in
sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
Service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.
I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.
I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
53f07e9 ra: fix routing loop on point to point links
2b6959d ra: align ifindex resolving
Tested-by: Karl Vogel <karl.vogel@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Reordered for consistency between packages.
Fixed license information.
Change PKG_BUILD_PARALLEL to 1. This is no longer a problem.1
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The following four led triggers are enabled in generic config.
* kmod-ledtrig-default-on
* kmod-ledtrig-heartbeat
* kmod-ledtrig-netdev
* kmod-ledtrig-timer
Drop the packages and remove them from DEVICE_PACKAGES.
There's no other package depending on them in this repo.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
With encryption disabled, it was intended to set wpa_state=1 (enabled,
not configured) through the 'wps_not_configured' flag.
The flag is set appropriately but the condition using it is broken.
Instead, 'wps_configured' is checked and wpa_state is always 2 (enabled,
configured). Fix it by using the correct variable name.
Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")
Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit title/message improvements]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
CONFIG_THERMAL option was changed to boolean in upstream linux commit
554b3529fe01 ("thermal/drivers/core: Remove the module Kconfig's option").
Switch it to 'y' and remove FILES and AUTOLOAD for non-existant module file.
And update the descripton text for the package as in upstream linux commit
eb8504620381 ("thermal: Rephrase the Kconfig text for thermal").
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
The cidr_parse6 function parses a string to an ipv6-address.
The cidr struct contains a union called buf for the ipv4 and ipv6
address. Since it is a char pointer and the struct is initialized with
the maximum size (so ipv6 string) it does not make any difference.
However, we should access the buffer using the v6 name, since it could
be confusing otherwise.
Signed-off-by: Nick Hainke <vincent@systemli.org>
a46f9a9160e9 mt76: mt7915: add vif check in mt7915_update_vif_beacon()
27ad12352ac9 mt76: mt7615: add vif check in mt7615_update_vif_beacon()
0a449cef024e mt76: mt7915: fix MT_CIPHER_BIP_CMAC_128 setkey
eacd2d493c61 mt76: mt7915: reset token when mac_reset happens
e4b23301e6c9 mt76: mt7615: reset token when mac_reset happens
6e22bbfe0360 mt76: mt7615: convert comma to semicolon
37865118ae2d mt76: mt7915: convert comma to semicolon
742c36b2e527 mt76: mt7915: run mt7915_configure_filter holding mt76 mutex
a515727e8423 mt76: mt7915: add support for flash mode
b6f7b3da5216 mt76: mt7915: fix endianness warning in mt7915_mcu_set_radar_th
062f3f4f06a2 mt76: mt7915: simplify mt7915_mcu_send_message routine
dbba9b993300 mt76: mt7915: drop zero-length packet to avoid Tx hang
36a745d0f71c mt76: Fix queue ID variable types after mcu queue split
a4539760b0b1 mt7915: update the testmode support to the latest upstream patch
64bd6f87e4c2 mt7915: fix crash on failure in pci_set_dma_mask
c202ace409e0 mt76: remove unused variable q
d1b827781f84 mt76: mt7915: add partial add_bss_info command on testmode init
a897a69769f5 mt76: testmode: introduce dbdc support
b44472e99822 mt76: testmode: move mtd part to mt76_dev
45e27e6cdc12 mt76: mt7915: move testmode data from dev to phy
b6673b005770 mt76: mt7615: move testmode data from dev to phy
abdd471e9f2d mt76: mt7915: fix ht mcs in mt7915_mcu_get_rx_rate()
d679b56b9585 mt76: move mac_work in mt76_core module
36cd48ab4454 mt76: move chainmask in mt76_phy
89a6781ed045 mt76: mt7915: force ldpc for bw larger than 20MHz in testmode
3d0834e78005 mt76: testmode: add support to set user-defined spe index
cc05f4679667 mt76: testmode: add attributes for ipg related parameters
77b18b16fe16 mt76: testmode: make tx queued limit adjustable
6365a58573cb mt76: mt7915: split edca update function
e56282bf67f6 mt76: mt7915: add support for ipg in testmode
6fa642903e4e mt76: mt7915: calculate new packet length when tx_time is set in testmode
729ec5daeba5 mt76: mt7915: clean hw queue before starting new testmode tx
981443da5cf7 mt76: testmode: add a new state for continuous tx
4793fc9b3d48 mt76: mt7915: rework set state part in testmode
11a1e86e5946 mt76: mt7915: add support for continuous tx in testmode
364affef82fc mt76: mt7615: mt7915: disable txpower sku when testmode enabled
9fc19db51293 mt76: mt7915: simplify peer's TxBF capability check
6377b7f330be mt76: mt7915: add implicit Tx beamforming support
983091a40633 mt76: mt7915: fix MESH ifdef block
bbb7a9e77751 mt76: mt76u: fix NULL pointer dereference in mt76u_status_worker
a28a8dd2f7de mt76: usb: fix crash on device removal
9c312f2ce2c5 mt76: mt7915: rework mcu API
e6fe82acb111 mt76: mt7915: disable RED support in the WA firmware
25d7429bdc41 mt76: mt7915: fix eeprom parsing for DBDC
7a93026dd3dc mt76: mt7915: fix eeprom DBDC band selection
4c8a09cc45d0 tools: Set mode for new file /tmp/mt76-test-%s
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The key_mgmt variable was mistyped when checking against "WPS", so
the if clause was never entered.
Fixes: f5753aae23 ("hostapd: add support for WPS pushbutton station")
Signed-off-by: Leon M. George <leon@georgemail.eu>
[add commit message, bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
'base' was never used.
Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")
Signed-off-by: Leon M. George <leon@georgemail.eu>
'enc_str' was never used.
Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")
Signed-off-by: Leon M. George <leon@georgemail.eu>
Granting capabilities CAP_NET_ADMIN and CAP_NET_RAW allows running
hostapd and wpa_supplicant without root priviledges.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This allows configuration of multicast_to_unicast and per_sta_vif options.
- multicast_to_unicast requests multicast-to-unicast conversion.
- per_sta_vif assigns each station its own AP_VLAN interface.
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
This adds a config option to allow compiling with HKDF algorithm support
to support applications that require this feature.
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
This allows libnetfilter_queue to access connection tracking information
by requesting NFQA_CFG_F_CONNTRACK. Connection tracking information is
provided in the NFQA_CT attribute.
CONFIG_NETFILTER_NETLINK_GLUE_CT enables the interaction between
nf_queue and nf_conntrack_netlink. Without this option, trying to access
connection tracking information results in "Operation not supported".
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
Both devices use u-boot env variables to boot OpenWrt from its flash
partition. Using u-boot envtools, it is possible to change the bootcmd
back to the stock firmware partition directly from OpenWrt without
attaching a serial cable or even physically accessing the device.
Signed-off-by: Jan Alexander <jan@nalx.net>
Hardware
--------
SoC: Qualcomm IPQ8064
RAM: 512MB DDR3
Flash: 256MB NAND (Micron MT29F2G08ABBEAH4)
32MB SPI-NOR (Macronix MX25U25635F)
WLAN: Qualcomm Atheros QCA9994 4T4R b/g/n
Qualcomm Atheros QCA9994 4T4R a/n/ac
ETH: eth0 - SECONDARY (Atheros AR8033)
eth1 - MAIN (Atheros AR8033)
USB: USB-C
LED: Dome (white / blue)
BTN: Reset
Installation
------------
Copy the OpenWrt sysupgrade image to the /tmp directory of the device
using scp. Default IP address is 192.168.1.20 and default username and
password are "ubnt".
SSH to the device and write the bootselect flag to ensure it is booting
from the mtd partition the OpenWrt image will be written to. Verify the
output device below matches mtd partition "bootselect" using /proc/mtd.
> dd if=/dev/zero bs=1 count=1 seek=7 conv=notrunc of=/dev/mtd11
Write the OpenWrt sysupgrade image to the mtd partition labeled
"kernel0". Also verify the used partition device using /proc/mtd.
> dd if=/tmp/sysupgrade.bin of=/dev/mtdblock12
Reboot the device.
Back to stock
-------------
Use the TFTP recovery procedure with the Ubiquiti firmware image to
restore the vendor firmware.
Signed-off-by: Jan Alexander <jan@nalx.net>
Update the U-Boot to version v2021.01.
Run-tested: FriendlyARM NanoPi R2S
Radxa Rock Pi 4
Pine64 RockPro64
Signed-off-by: Marty Jones <mj8263788@gmail.com>
[format commit message]
Signed-off-by: David Bauer <mail@david-bauer.net>
Currently PHY information obtained from "iw phy" lacks information about
a PHYs HE capabilities when using the by default installed iw-tiny.
As there are already 802.11ax supported devices, enabled printing this
information for the by-default installed iw variant.
Signed-off-by: David Bauer <mail@david-bauer.net>
To simplify the way netifd acquires the PIDs of wpa_supplicant and
hostapd let the config_add method of both of them return the PID of the
called process. Use the returned PID instead of querying procd when
adding wpa_supplicant configuration.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This patch adds kernel module for Silicon Labs CP2112 HID USB to SMBus
Master Bridge. This is a HID device driver which registers as an i2c
adapter and gpiochip to expose these functions of the CP2112.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
While the speed improvement might be negligible, there is still no
reason to read individual bytes.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
For glibc, lua needs an explicit link to libdl as glibc has it separate
Fixes the following error in at least collectd:
ld: usr/lib/liblua.so: undefined reference to `dlopen'
ld: usr/lib/liblua.so: undefined reference to `dlclose'
ld: usr/lib/liblua.so: undefined reference to `dlerror'
ld: usr/lib/liblua.so: undefined reference to `dlsym'
Signed-off-by: Rosen Penev <rosenp@gmail.com>
fd017ba iwinfo: add ht and vht operation info to wifi scan
4c66b31 iwinfo: export center channel for info ubus call
e28d4a5 iwinfo: add support for 802.11ad and GCMP
5c15f57 iwinfo: return hwmode 'ad' on 802.11ad-only hardware
ea7f471 iwinfo: include ht_operation data only if available
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
- Encode ABI version in compiled shared object file
- Only ship versioned shared library
a17f561 iwinfo: detect QCA IPQ4019 WiSoC from FDT
ea28dfb iwinfo: export ht and vht operation in scan results
4e22953 iwinfo: export center_chan info for local wifi
74d13fb cli: account for additional digit for frequencies above 10GHz
8bfd8d8 iwinfo: add support for GCMP cipher
618c1e8 iwinfo: add hardware description for QCA MIPS WiSoCs
0702f32 iwinfo: improve center channel handling
51c1336 iwinfo: set center chan unsupported for not-nl80211 driver
23d2722 build: add ability to specify shared object version
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This reverts commit f1620630e9.
This update introduces potentially remote exploitable buffer overreads
in IE parsing logic.
It also breaks the ABI without introdcing SOVERSION library versioning.
Furthermore, HT information is incorrectly added for non-HT BSSes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This reverts commit 190e793963.
This update introduces a potential null-pointer deref with subsequent rpcd
crash when querying wireless info for non-nl80211 wdevs.
Additionally it wrongly includes ht frequency information for non-ht BSSes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
fd017ba iwinfo: add ht and vht operation info to wifi scan
4c66b31 iwinfo: export center channel for info ubus call
e28d4a5 iwinfo: add support for 802.11ad and GCMP
5c15f57 iwinfo: return hwmode 'ad' on 802.11ad-only hardware
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
a17f561 iwinfo: detect QCA IPQ4019 WiSoC from FDT
ea28dfb iwinfo: export ht and vht operation in scan results
4e22953 iwinfo: export center_chan info for local wifi
74d13fb cli: account for additional digit for frequencies above 10GHz
8bfd8d8 iwinfo: add support for GCMP cipher
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This patch adds wil6210 driver for Wilocity/QCA based 802.11ad
PCI cards.
Driver uses cfg80211 and nl80211 but not mac80211.
Integration for UCI and LuCI will come in other patches.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This patch adds wil6210 firmware and board files.
Firmware version is not up to date but is only freely redistributable one I found.
Board file is a generic one so most devices and especially those for long distance
PtP links will require so in a ipq-wifi like way.
Signed-off-by: Robert Marko <robimarko@gmail.com>