Hardware
--------
SoC: Freescale P1010
RAM: 512MB
FLASH: 1 MB SPI-NOR
512 MB NAND
ETH: 3x Gigabite Ethernet (Atheros AR8033)
SERIAL: Cisco RJ-45 (115200 8N1)
RTC: Battery-Backed RTC (I2C)
Installation
------------
1. Patch U-Boot by dumping the content of the SPI-Flash using a SPI
programmer. The SHA1 hash for the U-Boot password is currently
unknown.
A tool for patching U-Boot is available at
https://github.com/blocktrron/t10-uboot-patcher/
You can also patch the unknown password yourself. The SHA1 hash is
E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA
2. Interrupt the bootmenu by pressing CTRL+C. A password prompt appears.
The patched password is '1234' (without quotation marks)
3. Download the OpenWrt initramfs image. Copy it to a TFTP server
reachable at 10.0.1.13/24 and rename it to uImage.
4. Connect the TFTP server to ethernet port 0 of the Watchguard T10.
5. Download and boot the initramfs image by entering "tftpboot; bootm;"
in U-Boot.
6. After OpenWrt booted, create a UBI volume on the old data partition.
The "ubi" mtd partition should be mtd7, check this using
$ cat /proc/mtd
Create a UBI partition by executing
$ ubiformat /dev/mtd7 -y
7. Increase the loadable kernel-size of U-Boot by executing
$ fw_setenv SysAKernSize 800000
8. Transfer the OpenWrt sysupgrade image to the Watchguard T10 using
scp. Install the image by using sysupgrade:
$ sysupgrade -n <path-to-sysupgrade>
Note: The LAN ports of the T10 are 1 & 2 while 0 is WAN. You might
have to change the ethernet-port.
9. OpenWrt should now boot from the internal NAND. Enjoy.
Signed-off-by: David Bauer <mail@david-bauer.net>
This allows adding backup servers, in case the primary ones fail.
Assume that port and shared secret are going to be the same.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fix the trivial abscence of $() when assigning engine config files to
the main libopenssl-config package even if the corresponding engines
were not built into the main library.
This is mostly cosmetic, since scripts/ipkg-build tests the file's
presence before it is actually included in the package's conffiles.
Fixes: 30b0351039 "openssl: configure engine packages during install"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The bump to 3.0.8 inadvertently removed patches that are needed here,
but were not adopted upstream. The most important one changes the
default value of the DIGESTS setting from ALL to NONE. The absence of
this patch causes a sysupgrade failure while the engine is in use with
digests enabled. When this happens, the system fails to boot with a
kernel panic.
Also, explicitly set DIGESTS to NONE in the provided config file, and
change the default ciphers setting to disable ECB, which has been
recommended for a long time and may cause trouble with some apps.
The config file change by itself is not enough because the config file
may be preserved during sysupgrade.
For people affected by this bug:
You can either:
1. remove, the libopenssl-devcrypto package
2. disable the engine in /etc/config/openssl;
3. change /etc/ssl/engines.cnf.d/devcrypto.cnf to set DIGESTS=NONE;
4. update libopenssl-devcrypto to >=3.0.8-3
However, after doing any of the above, **you must reboot the device
before running sysupgrade** to ensure no running application is using
the engine. Running `/etc/init.d/openssl restart` is not enough.
Fixes: 7e7e76afca "openssl: bump to 3.0.8"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
binutils 2.39: https://lists.gnu.org/archive/html/info-gnu/2022-08/msg00002.html
binutils 2.40: https://lists.gnu.org/archive/html/info-gnu/2023-01/msg00003.html
This version includes a new libsframe.so library, pack it into the
libbfd package as it is used by this library. Also deactivate some
optional configuration options for now.
An extra patch to fix compile problem in AARCH64 is added.
gprofng needs a C++ standard library, deactivate it for now.
Activate feature-disassembler-init-styled in bpftools too to fix
compilation with the updated binutils.
An bpftool version 7.0 or later is needed for binutils 2.39 and later.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
bpftool changelog: https://github.com/libbpf/bpftool/releases
libbpf changelog: https://github.com/libbpf/libbpf/releases
This updates the bfptool to version 7.1.0. This also includes an update
of the libbpf to version 1.1.
This also adds some new feature options and removes some old ones which
were also removed form the source code. zlib for example is now
mandatory.
Add -flto also to LD flags to make it really work.
Before this change bpftool was on a git commit between version 6.7 and
6.8 and libbpf was on a commit between version 0.7 and 0.8.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
in kernel 5.17, fcd09c90c3c5254b18ef34e30c57c65d34290a84 integrated it
better with thee random framework.
Gives boot time randomness on supported devices.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Changelog:
039a994 Bump version to v1.7.0
3f29d6d pylibfdt: add size_hint parameter for get_path
2022bb1 checks: Update #{size,address}-cells check for 'dma-ranges'
abbd523 pylibfdt: Work-around SWIG limitations with flexible arrays
a41509b libfdt: Replace deprecated 0-length arrays with proper flexible arrays
2cd89f8 dtc: Warning rather than error on possible truncation of cell values
55778a0 libfdt: tests: add get_next_tag_invalid_prop_len
7359034 libfdt: prevent integer overflow in fdt_next_tag
035fb90 libfdt: add fdt_get_property_by_offset_w helper
98a0700 Makefile: fix infinite recursion by dropping non-existent `%.output`
a036cc7 Makefile: limit make re-execution to avoid infinite spin
c6e9210 libdtc: remove duplicate judgments
e37c256 Don't generate erroneous fixups from reference to path
5045465 libfdt: Don't mask fdt_get_name() returned error
e64a204 manual.txt: Follow README.md and remove Jon
f508c83 Update README in MANIFEST.in and setup.py to README.md
c2ccf8a Add description of Signed-off-by lines
90b9d9d Split out information for contributors to CONTRIBUTING.md
0ee1d47 Remove Jon Loeliger from maintainers list
b33a73c Convert README to README.md
7ad6073 Allow static building with meson
fd9b8c9 Allow static building with make
fda71da libfdt: Handle failed get_name() on BEGIN_NODE
c7c7f17 Fix test script to run also on dash shell
01f23ff Add missing relref_merge test to meson test list
ed31080 pylibfdt: add FdtRo.get_path()
c001fc0 pylibfdt: fix swig build in install
26c54f8 tests: add test cases for label-relative path references
ec7986e dtc: introduce label relative path references
651410e util: introduce xstrndup helper
4048aed setup.py: fix out of tree build
ff5afb9 Handle integer overflow in check_property_phandle_args()
ca72944 README: Explain how to add a new API function
c0c2e11 Fix a UB when fdt_get_string return null
cd5f69c tests: setprop_inplace: use xstrdup instead of unchecked strdup
a04f690 pylibfdt: add Property.as_*int*_array()
8310271 pylibfdt: add Property.as_stringlist()
d152126 Fix Python crash on getprop deallocation
17739b7 Support 'r' format for printing raw bytes with fdtget
45f3d1a libfdt: overlay: make overlay_get_target() public
c19a4ba libfdt: fix an incorrect integer promotion
1cc41b1 pylibfdt: Add packaging metadata
db72398 README: Update pylibfdt install instructions
383e148 pylibfdt: fix with Python 3.10
23b56cb pylibfdt: Move setup.py to the top level
69a7607 pylibfdt: Split setup.py author name and email
0b106a7 pylibfdt: Use setuptools_scm for the version
c691776 pylibfdt: Use setuptools instead of distutils
5216f3f libfdt: Add static lib to meson build
4eda259 CI: Cirrus: bump used FreeBSD from 12.1 to 13.0
0a3a9d3 checks: Add an interrupt-map check
8fd2474 checks: Ensure '#interrupt-cells' only exists in interrupt providers
d8d1a9a checks: Drop interrupt provider '#address-cells' check
52a16fd checks: Make interrupt_provider check dependent on interrupts_extended_is_cell
37fd700 treesource: Maintain phandle label/path on output
e33ce1d flattree: Use '\n', not ';' to separate asm pseudo-ops
d24cc18 asm: Use assembler macros instead of cpp macros
ff3a30c asm: Use .asciz and .ascii instead of .string
5eb5927 fdtdump: fix -Werror=int-to-pointer-cast
0869f82 libfdt: Add ALIGNMENT error string
69595a1 checks: Fix bus-range check
72d09e2 Makefile: add -Wsign-compare to warning options
b587787 checks: Fix signedness comparisons warnings
69bed6c dtc: Wrap phandle validity check
9102211 fdtget: Fix signedness comparisons warnings
d966f08 tests: Fix signedness comparisons warnings
ecfb438 dtc: Fix signedness comparisons warnings: pointer diff
5bec74a dtc: Fix signedness comparisons warnings: reservednum
24e7f51 fdtdump: Fix signedness comparisons warnings
Remove upstreamed:
- 0001-Support-r-format-for-printing-raw-bytes-with-fdtget.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
The last mac80211 commits did not refresh the patches.
Refresh:
- ath/402-ath_regd_optional.patch
- ath10k/080-ath10k_thermal_config.patch
- ath10k/974-ath10k_add-LED-and-GPIO-controlling-support-for-various-chipsets.patch
- ath9k/551-ath9k_ubnt_uap_plus_hsr.patch
- rt2x00/602-rt2x00-introduce-rt2x00eeprom.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
They are enabled by selecting devices. Fixes build errors when enabling extra
devices without creating a new config from scratch.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* Fix incorrect error message in case input file opening fails
* Don't close files in case the pointers are invalid
Signed-off-by: David Bauer <mail@david-bauer.net>
This helps bring down rx CPU usage by avoiding calls to the rx handlers in
the slow path. Supports forwarding and local rx, including A-MSDU.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
71d84bfb343e wifi: mt76: mt76x0u: report firmware version through ethtool
99d13130b517 wifi: mt76: support ww power config in dts node
09c614734880 Revert "wifi: mt76: mt7996: rely on mt76_connac2_mac_decode_he_radiotap"
e1c9c1cb50a8 mt76: mt7921: Let PCI core handle power state and use pm_sleep_ptr()
34064dbcd72a wifi: mt76: mt7921e: add pci .shutdown() support
18ccfa73a9e2 wifi: mt76: remove redundent MCU_UNI_CMD_* definitions
282845ce7f3d wifi: mt76: mt7921: fix wrong command to set STA channel
546934dacfd4 wifi: mt76: mt7921: fix PCI DMA hang after reboot
fc2ed0dfc5b0 wifi: mt76: mt7996: Remove unneeded semicolon
1b602db9c235 wifi: mt76: mt7915: unlock on error in mt7915_thermal_temp_store()
ce2438aa616a wifi: mt76: mt7996: fix radiotap bitfield
17ec2146b8f0 wifi: mt76: dynamic channel bandwidth changes in AP mode
ab2d3650a456 wifi: mt76: mt7915: expose device tree match table
90d78253498e wifi: mt76: mt7915: add dev->hif2 support for mt7916 WED device
a69c34a60451 wifi: mt76: mt7915: rework init flow in mt7915_thermal_init()
39079b5e44a7 wifi: mt76: drop the incorrect scatter and gather frame
f9ca70d6367a wifi: mt76: mt7915: add back 160MHz channel width support for MT7915
eff7666e1aa4 wifi: mt76: handle failure of vzalloc in mt7615_coredump_work
920bc6e1fc8e wifi: mt76: do not run mt76_unregister_device() on unregistered hw
b0721b96927b wifi: mt76: connac: refresh tx session timer for WED device
c32d6d849c43 wifi: mt76: usb: fix use-after-free in mt76u_free_rx_queue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fix hwmon-gsc driver by replacing out-of-tree hwmon-gsc driver with in-tree
driver that was merged in Linux v5.8:
- remove the old out-of-tree module
- add configuration for the in-tree modules
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
If a packet has reached its intended destination, it was bumped to the code
that accepts it, without first checking if a mesh_path needs to be created
based on the discovered source.
Fix this by moving the destination address check further down
Signed-off-by: Felix Fietkau <nbd@nbd.name>
It seems more hardware needs early load of firmware when initialised
to work properly (at least Intel hardware). One of previous case is CPU
microcode, which this series[1] tried to change. The second one is Intel
graphics IC, which needs firmware for controlling DMC circuit (switch
conncted display to DC6 power state). As it stands, the i915 module is
built-in and it seems the hardware can't cope with firmware loaded
later from rootfs, it needs to be supplied when the module is loaded.
Unfortunately we need bootloader to handle the load of firmware in this
case, but as previously mentioned series[1], there was an error when
initrd was hardcoded, instead of testing existence for it and then
loading. To remedy this in later the 55b808e0c4 ('x86: image: add test
module to bootloader') was commited. Which was later accidentally
dropped when grub2 image creation was moved to packages. Therefore bring
back test module, so we can test for cases of existing firmware in
grub.cfg.
1. https://patchwork.ozlabs.org/project/openwrt/cover/20181120162044.16371-1-tomek_n@o2.pl
Fixes: 5a5df62d95 ("x86/grub2: move grub2 image creation to package")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
The Buffalo LinkStation LS220DE is a dual bay NAS, based on Marvell
Armada 370
Hardware:
SoC: Marvell Armada 88F6707
CPU: Cortex-A9 800 MHz, 1 core
Flash 1: SPI-NOR 1 MiB (U-Boot)
Flash 2: NAND 512 MiB (OS)
RAM: DDR3 256 MiB
Ethernet: 1x 1GbE
USB: 1x 2.0
SATA: 2x 3Gb/s
LEDs/Input: 5x / 2x (1x button, 1x slide-switch)
Fan: 1x casing
Flash instructions, from hard drive:
1. Get access to the "boot" partition at the hard drive where the stock
firmware is installed. It can be done with acp-commander or by
plugging the hard drive to a computer.
2. Backup the stock uImage:
mv /boot/uImage.buffalo /boot/uImage.buffalo.bak
3. Move and rename the Openwrt initramfs image to the boot partition:
mv openwrt-initramfs-kernel.bin /boot/uImage.buffalo
4. Power on the Linkstation with the hardrive inside. Now Openwrt will
boot, but still not installed.
5. Connect via ssh to OpenWrt:
ssh root@192.168.1.1
6. Rename boot files inside boot partition
mount -t ext3 /dev/sda1 /mnt
mv /mnt/uImage.buffalo /mnt/uImage.buffalo.openwrt.bak
mv /mnt/initrd.buffalo /mnt/initrd.buffalo.bak
7. Format ubi partitions at the NAND flash ("kernel_ubi" and "ubi"):
ubiformat /dev/mtd0 -y
ubidetach -p /dev/mtd1
ubiformat /dev/mtd1 -y
8. Flash the sysupgrade image:
sysupgrade -n openwrt-squashfs-sysupgrade.bin
9. Wait until it finish, the device will reboot with OpenWrt installed
on the NAND flash.
Restore the stock firmware:
1. Take the hard drive used for the installation and restore boot backup
files to their original names:
mount -t ext3 /dev/sda1 /mnt
mv /mnt/uImage.buffalo.bak /mnt/uImage.buffalo
mv /mnt/initrd.buffalo.bak /mnt/initrd.buffalo
2. Boot from the hard drive and perform a stock firmware update using
the Buffalo utility. The NAND will be restored to the original
state.
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Release notes:
- Feature: link down event statistics (no option)
- Feature: JSON output for coalesce (-c)
- Feature: new link modes (no option)
- Feature: JSON output for ring (-g)
- Feature: netlink handler for RSS get (-x)
- Fix: fix boolean value output in JSON output
- Fix: fix build errors and warnings
Remove upstreamed patches:
- 100-uapi-Bring-in-if-h.patch
- 101-netlink-Fix-maybe-uninitialized-meters-variable.patch
- 102-raw-marvell-c-Fix-build-with-musl-libc.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
In DHCPv6-PD enabled environments, addresses are assigned to interfaces.
These new functions retrieve the IPv6 assigned prefix(es).
Signed-off-by: Mark Baker <mark@vpost.net>
Synchronize the ath11k backports with the current ath-next tree.
This backports several memory leak issues, PCI IRQ fixup, peer add locking
fix as well as IPQ5018 support, though IPQ5018 support is unused for now.
This allows to easily backport further fixes as cherry picking them has
started requiring manual conflict resolution.
Signed-off-by: Robert Marko <robimarko@gmail.com>
PowerPC CONFIG_ARCH is defined as powerpc, not ppc. Fix that in the
DEPENDS condition.
Arc needs to be built with libatomic. Change the OpenSSL configuration
file, and add it to the libatomic DEPENDS condition.
Fixes: 7e7e76afca "openssl: bump to 3.0.8"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This patch fixes a corner case when using passwords that are exactly 64
characters in length with mesh mode or passwords longer than 63 characters
with SAE because 'psk' is used instead of 'sae_password'.
SAE is obligatory for 802.11s (mesh point).
The 'psk' option for hostapd is suited for WPA2 and enforces length
restrictions on passwords. Values of 64 characters are treated as PMKs.
With SAE, PMKs are always generated during the handshake and there are no
length restrictions.
The 'sae_password' option is more suited for SAE and should be used
instead.
Before this patch, the 'sae_password' option is only used with mesh mode
passwords that are not 64 characters long.
As a consequence:
- mesh passwords can't be 64 characters in length
- SAE only works with passwords with lengths >8 and <=63 (due to psk
limitation).
Fix this by always using 'sae_password' with SAE/mesh and applying the PMK
differentiation only when PSK is used.
Fixes: #11324
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ improve commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
On some devices the chip has RTC but no battery save time.
This leads back to getting the wrong time
and skipping the check of the last file modification date.
This commit ensures that the file time is checked even
if the RTC exists.
which would ordinarily return an approbiate
system time used for e.g. certificate generation.
Tested-on: NanoPi R2S
Signed-off-by: Yuan Tao <ty@wevs.org>
Including kernel.mk moves the package build folder in the linux one, which
is confusing since this isn't building any kernel modules.
package-defaults.mk is already included my package.mk.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Pstore ramoops support is useful even when there isn't an explicit
panic/crash. We can log all kernel messages via a "console", and then
retrieve them in the event of some non-kernel-panic reset (e.g.,
watchdog).
Since the buffer memory is already reserved, there isn't much overhead
to doing this.
The new console files will show up as:
/sys/fs/pstore/console-ramoops-N
Cc: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
FCC ID: A8J-EPG600
Engenius EPG600 is an indoor wireless router with
1 Gb ethernet switch, dual-band wireless,
internal antenna plates, USB, and phone lines (not supported)
this board is a Senao device:
the hardware is equivalent to EnGenius ESR600 (except for phone lines)
the software is Senao SDK which is based on openwrt and uboot
which uses the legacy Senao header with Vendor / Product IDs
to verify the firmware upgrade image.
**Specification:**
- MT7620 SOC MIPS 24kec, 2.4 GHz WMAC, 2x2
- RT5592N WLAN PCI chip, 5 GHz, 2x2
- QCA8337N Gb SW RGMII GbE, SW P0 -- SOC P5, 5 LEDs
- 40 MHz clock
- 16 MB FLASH MX25L12845EMI-10G
- 64 MB RAM NT5TU32M16
- UART console J2, populated
- USB 2.0 port direct to SOC
- 6 GPIO LEDs power, 2G, 5G, wps2g, wps5g, line
- 3 buttons reset, wps, "reg" (registeration)
- 4 antennas internal omni-directional plates
NOT YET SUPPORTED: VoIP
- Si3050-FT + Si3019-FT Voice DAA, SPI control, PCM data
- Phone Ports "TEL", "LINE" RJ11, 4P2C (2 pins)
**MAC addresses:**
MAC address labeled as MAC ADDRESS
MACs present in both wifi cal data and uboot environment
eth0.1/phy1 ---- *:82 rf 0x4
phy0 ---- *:83 factory 0x4
eth0.2 MAC *:b8 "wanaddr"
**Installation:**
Method 1: Firmware upgrade page:
(if you cannot access the APs webpage)
factory reset with the reset button
connect ethernet to a computer
OEM webpage at 192.168.0.1
username and password 'admin'
Navigate to gear icon, "Device Management", "Tools"
select the factory.dlf image
Upload and verify checksum
Method 2: Serial to upload initramfs:
Follow directions for TFTP recovery
upload and boot initramfs and do a sysupgrade
**TFTP recovery:**
Requires UART serial console, reset button does nothing
rename initramfs-kernel.bin to 'uImageEPG600'
make available on TFTP server at 192.168.99.8
power board, interrupt boot with "4"
execute `tftpboot` and `bootm` (with the load address)
**Return to OEM:**
Images from OEM are provided, but not compatible
with openwrt sysupgrade. So it must be modified.
Alternatively, back up all mtd partitions before flashing
**Note on switch registers:**
The necessary registers needed for the QCA8337 switch
can be read from interrupted boot (tftpboot, bootm)
by using the following lines in the switch driver ar8327.c
in the function 'ar8327_hw_config_of'
where 'qca,ar8327-initvals' is parsed from DTS
before the new register values are written:
pr_info("0x04 %08x\n", ar8xxx_read(priv, AR8327_REG_PAD0_MODE));
pr_info("0x08 %08x\n", ar8xxx_read(priv, AR8327_REG_PAD5_MODE));
pr_info("0x0c %08x\n", ar8xxx_read(priv, AR8327_REG_PAD6_MODE));
pr_info("0x10 %08x\n", ar8xxx_read(priv, AR8327_REG_POWER_ON_STRAP));
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Changes:
7f7a9f7 wireless-regdb: update regulatory database based on preceding changes
660a1ae wireless-regdb: Update regulatory info for Russia (RU) on 5GHz
fe05cc9 wireless-regdb: Update regulatory rules for Japan (JP) on 6GHz
d8584dc wireless-regdb: Update regulatory rules for Japan (JP) on 5GHz
c04fd9b wireless-regdb: update regulatory rules for Switzerland (CH)
f29772a wireless-regdb: Update regulatory rules for Brazil (BR)
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
We currently have build options to customize the IP address used in the
preinit phase of the boot process, but not to set the default LAN IP.
Introduce a boolean build option that, when enabled, results in the IP
address configured for the preinit phase, to be also used as the default
LAN IP address.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Package the Aquantia AQR PHY driver as kmod.
This enables using the Aquantia driver with hwmon support on targets where
hwmon is not compiled-in.
Currently, in case when AQR driver is compiled-in but hwmon core is not
hwmon code in AQR driver will not get compiled because of macro
IS_REACHABLE(CONFIG_HWMON) evaluating to false.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Package kmod-ipt-raw enables CONFIG_IP_NF_RAW and packages
iptable_raw.ko
According to kernel's net/netfilter/Kconfig there are only 3 kernel
symbols that depend on the IP_NF_RAW:
1. NETFILTER_XT_TARGET_CT (xt_CT.ko)
2. NETFILTER_XT_TARGET_NOTRACK (unused symbol?!)
3. NETFILTER_XT_TARGET_TRACE (xt_TRACE.ko)
Now: iptables-mod-conntrack-extra selects kmod-ipt-conntrack-extra which
provides: xt_helper.ko nf_conncount.ko xt_connlimit.ko xt_connmark.ko
xt_recent.ko and xt_connbytes.ko (none of them seems to require
iptable_raw.ko).
It seems there is no explicit reason for iptables-mod-conntrack-extra to
require kmod-ipt-raw (iptables_raw.ko).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Starting from Linux Kernel version 6.3 UBI devices will no longer be
considered virtual, but rather have an MTD device parent. Hence they
will no longer be listed under /sys/devices/virtual/ubi which is
used in multiple places in OpenWrt. Prepare for future kernels by
using /sys/class/ubi instead of /sys/devuces/virtual/ubi.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The standard defines the A-MSDU header length field differently for mesh
compared to other modes. Deal with this accordingly and work around broken
implementations (e.g. ath10k, ath11k).
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Specifications:
- Device: ASUS RT-AX54 (AX1800S/HP,AX54HP)
- SoC: MT7621AT
- Flash: 128MB
- RAM: 256MB
- Switch: 1 WAN, 4 LAN (10/100/1000 Mbps)
- WiFi: MT7905 2x2 2.4G + MT7975 2x2 5G
- LEDs: 1x POWER (blue, configurable)
1x LAN (blue, configurable)
1x WAN (blue, configurable)
1x 2.4G (blue, not configurable)
1x 5G (blue, not configurable)
Flash by U-Boot TFTP method:
- Configure your PC with IP 192.168.1.2
- Set up TFTP server and put the factory.bin image on your PC
- Connect serial port(rate:115200) and turn on AP, then interrupt "U-Boot Boot Menu" by hitting any key
Select "2. Upgrade firmware"
Press enter when show "Run firmware after upgrading? (Y/n):"
Select 0 for TFTP method
Input U-Boot's IP address: 192.168.1.1
Input TFTP server's IP address: 192.168.1.2
Input IP netmask: 255.255.255.0
Input file name: openwrt-ramips-mt7621-asus_rt-ax1800hp-squashfs-factory.bin
- Restart AP aftre see the log "Firmware upgrade completed!"
Signed-off-by: Karl Chan <exkc@exkc.moe>
Removed upstreamed patch: 010-padlock.patch
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Signed-off-by: John Audia <therealgraysky@proton.me>
Use ipcalc's return value to react to invalid range specifications.
By simply ignoring the range instead of aborting with an error code,
dnsmasq should still start when there's an error (best effort).
Aborting the config generation or working with invalid range specs leaves
dnsmasq crash-looping which is the right thing to do concerning that
particular interface but it also hinders DHCP service on other interfaces
and DNS on the router itself.
Signed-off-by: Leon M. George <leon@georgemail.eu>
There's hardly an shell logic in ipcalc.sh and a $* that would garble
parameter positions.
Move the awk invokation to the shebang.
A rename from "ipcalc.sh" to "ipcalc" is desirable but could prove tricky
with packages in other repositories depending on the filename.
Signed-off-by: Leon M. George <leon@georgemail.eu>
It's possible to move range boundaries in a way that the start address
lies behind the end address.
Detect this condition and exit with an error message.
Signed-off-by: Leon M. George <leon@georgemail.eu>
With this patch, ipcalc only calculates range boundaries if the
corresponding parameters are supplied.
Signed-off-by: Leon M. George <leon@georgemail.eu>
$BOOTDEV_MAJOR may be empty for many of the uevents parsed in this
function. This condition thus tends to fail benignly (we just skip to
the next device), but it can really clutter the stage2 sysupgrade
stderr, since it looks like the "=" operand doesn't have an appropriate
left-hand argument.
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
The upstream value read from the device seems to already be in bits per
second, so there is no need to multiply by 1000 again (which for typical
values causes an overflow of the 32-bit unsigned integer).
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Inline the preinst.arm-ce script. Support for including was added in
make 4.2 and is not working with older make versions.
Fixes: https://github.com/openwrt/openwrt/issues/11866
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
I've somehow managed to commit wrong package mirror hash in commit 36076b5a40
("ubus: update to version 2022-06-15"), so lets fix it by using a proper
one.
Fixes: 36076b5a40 ("ubus: update to version 2022-06-15")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Selecting the environment when booting from SD card has been broken by
a previous commit. Fix it.
Fixes: f46355b4d7 ("uboot-envtools: mediatek_filogic: fix BPi-R3 when no OS is installed")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Selecting the environment when booting from SD card has been broken by
a previous commit. Fix it.
Fixes: 84b5b0f88c ("uboot-envtools: mediatek/mt7622: don't rely on mapped rootfs")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This change ensures compatibility with both types of sysupgrade-tar files.
1. For some boards like xiaomi,redmi-router-ax6s, sysupgrade-tar
is pack in directory `vendor,name/`
2. For some boards like xiaomi,mi-router-3g, sysupgrade-tar is pack
in directory `vendor_name/`
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Just as lua or the various languages from the package feed.
libucode is the exception, so move it to the libs menu instead.
Signed-off-by: Andre Heider <a.heider@gmail.com>
uhttpd's cmake options all default to ON. Either we set all of them or
none if the defaults need to be changed. Let's go with the latter.
Because support for all modules is always compiled in, remove two unused
and useless config toggles.
uhttpd detects and uses libcrypt itself, no need to add it here again.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Instead of accessing /dev/urandom use the getrandom syscall. This way we
do not have to keep the file open all the time.
This also fixes a compile error with glibc:
--------
px5g-mbedtls.c: In function '_urandom':
px5g-mbedtls.c:48:9: error: ignoring return value of 'read' declared with attribute 'warn_unused_result' [-Werror=unused-result]
48 | read(urandom_fd, out, len);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
--------
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
"842" is a compression scheme and this is the software implementation
which is too slow to really use beyond a proof of concept. It can be
selected in ZRAM, ZSWAP, or `fs/pstore`, and is here for completeness.
In general you need a Power8 or better with 842-in-hardware for it to
be fast, but other 842-accelerators are emerging.
Signed-off-by: Tony Butler <spudz76@gmail.com>
FCC ID: A8J-EWS660AP
Engenius EWS660AP is an outdoor wireless access point with
2 gigabit ethernet ports, dual-band wireless,
internal antenna plates, and 802.3at PoE+
**Specification:**
- QCA9558 SOC 2.4 GHz, 3x3
- QCA9880 WLAN mini PCIe card, 5 GHz, 3x3, 26dBm
- AR8035-A PHY RGMII GbE with PoE+ IN
- AR8033 PHY SGMII GbE with PoE+ OUT
- 40 MHz clock
- 16 MB FLASH MX25L12845EMI-10G
- 2x 64 MB RAM
- UART at J1 populated, RX grounded
- 6 internal antenna plates (5 dbi, omni-directional)
- 5 LEDs, 1 button (power, eth0, eth1, 2G, 5G) (reset)
**MAC addresses:**
Base MAC addressed labeled as "MAC"
Only one Vendor MAC address in flash
eth0 *:d4 MAC art 0x0
eth1 *:d5 --- art 0x0 +1
phy1 *:d6 --- art 0x0 +2
phy0 *:d7 --- art 0x0 +3
**Serial Access:**
the RX line on the board for UART is shorted to ground by resistor R176
therefore it must be removed to use the console
but it is not necessary to remove to view boot log
optionally, R175 can be replaced with a solder bridge short
the resistors R175 and R176 are next to the UART RX pin
**Installation:**
2 ways to flash factory.bin from OEM:
Method 1: Firmware upgrade page:
OEM webpage at 192.168.1.1
username and password "admin"
Navigate to "Firmware Upgrade" page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm and wait 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt uboot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9fd70000`
wait a minute
connect to ethernet and navigate to
"192.168.1.1/index.htm"
Select the factory.bin image and upload
wait about 3 minutes
**Return to OEM:**
If you have a serial cable, see Serial Failsafe instructions
otherwise, uboot-env can be used to make uboot load the failsafe image
ssh into openwrt and run
`fw_setenv rootfs_checksum 0`
reboot, wait 3 minutes
connect to ethernet and navigate to 192.168.1.1/index.htm
select OEM firmware image from Engenius and click upgrade
**TFTP recovery:**
Requires serial console, reset button does nothing
rename initramfs.bin to '0101A8C0.img'
make available on TFTP server at 192.168.1.101
power board, interrupt boot
execute tftpboot and bootm 0x81000000
**Format of OEM firmware image:**
The OEM software of EWS660AP is a heavily modified version
of Openwrt Kamikaze. One of the many modifications
is to the sysupgrade program. Image verification is performed
simply by the successful ungzip and untar of the supplied file
and name check and header verification of the resulting contents.
To form a factory.bin that is accepted by OEM Openwrt build,
the kernel and rootfs must have specific names...
openwrt-ar71xx-generic-ews660ap-uImage-lzma.bin
openwrt-ar71xx-generic-ews660ap-root.squashfs
and begin with the respective headers (uImage, squashfs).
Then the files must be tarballed and gzipped.
The resulting binary is actually a tar.gz file in disguise.
This can be verified by using binwalk on the OEM firmware images,
ungzipping then untaring.
Newer EnGenius software requires more checks but their script
includes a way to skip them, otherwise the tar must include
a text file with the version and md5sums in a deprecated format.
The OEM upgrade script is at /etc/fwupgrade.sh.
OKLI kernel loader is required because the OEM software
expects the kernel to be no greater than 1536k
and the factory.bin upgrade procedure would otherwise
overwrite part of the kernel when writing rootfs.
Note on PLL-data cells:
The default PLL register values will not work
because of the external AR8035 switch between
the SOC and the ethernet port.
For QCA955x series, the PLL registers for eth0 and eth1
can be see in the DTSI as 0x28 and 0x48 respectively.
Therefore the PLL registers can be read from uboot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x18050028 1` and `md 0x18050048 1`.
The clock delay required for RGMII can be applied
at the PHY side, using the at803x driver `phy-mode`.
Therefore the PLL registers for GMAC0
do not need the bits for delay on the MAC side.
This is possible due to fixes in at803x driver
since Linux 5.1 and 5.3
Tested-by: Niklas Arnitz <openwrt@arnitz.email>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
47561aa mimetypes: add audio/video support for apple airplay
6341357 ucode: respect all arguments passed to send()
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds missing HE modes to mac80211_prepare_ht_modes.
Previously mesh without wpa_supplicant would be initialized with 802.11g
/NO-HT only, as this method did not parse channel bandwidth for HE
operation.
Signed-off-by: David Bauer <mail@david-bauer.net>
Update which contains just a following fix:
* ubusd: add lookup command queuing support
Defers and continues a client's lookup command to avoid unnecessary
buffering under load.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This change consolidates Netgear EX7300 series devices into two images
corresponding to devices that share the same manufacturer firmware
image. Similar to the manufacturer firmware, the actual device model is
detected at runtime. The logic is taken from the netgear GPL dumps in a
file called generate_board_conf.sh.
Hardware details for EX7300 v2 variants
---------------------------------------
SoC: QCN5502
Flash: 16 MiB
RAM: 128 MiB
Ethernet: 1 gigabit port
Wireless 2.4GHz (currently unsupported due to lack of ath9k support):
- EX6250 / EX6400 v2 / EX6410 / EX6420: QCN5502 3x3
- EX7300 v2 / EX7320: QCN5502 4x4
Wireless 5GHz:
- EX6250: QCA9986 3x3 (detected by ath10k as QCA9984 3x3)
- EX6400 v2 / EX6410 / EX6420 / EX7300 v2 / EX7320: QCA9984 4x4
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
1ea5855 partname: Introduce fstools_partname_fallback_scan option
While at it also drop AUTORELEASE from PKG_RELEASE.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Byte swapping code incorrectly uses the number of AES rounds to swap expanded
AES key, while swapping only a single dword in a loop, resulting in swapped
key and partially swapped expanded keys, breaking AES encryption and
decryption on VIA Padlock hardware.
This commit correctly sets the number of swapping loops to be done.
Upstream: 2bcf8e69bd
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: ValdikSS ValdikSS <iam@valdikss.org.ru>
Dnsmasq DNS cache size is only 150 by default.
Set the uci default value to 1000, so that cache gets used more
and unnecessary DNS queries to upstream can be avoided.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
c0df2a7 iwinfo: add "band" and "mhz" to the scan output
06ad60f iwinfo: add "band" to the freqlist output
b32fd32 iwinfo: add flags to freqlist output
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Bump ABI to 20230121 due to struct changes
f766138 cli: print the flags on the frequency list
8ee7971 lib: add IWINFO_FREQ_FLAG_NAMES
81184d2 nl80211: fix some comments
2c4ee84 nl80211: prefer non-supplicant-based devices
6194aaf nl80211: simplify iterating over phy's devices
acbf4fe nl80211: remove redundant check in nl80211_phy2ifname()
0172c97 cli: print the frequency and band on the scan list
bbe424f cli: print the band on the frequency list
afa147c nl80211: add "mhz" and "band" to iwinfo_scanlist_entry
0d5ea34 nl80211: add "band" to iwinfo_freqlist_entry
dba0f06 nl80211: add support for radiation and indoor chan restriction
7e3d7de iwinfo: reorganize iwinfo header to enum and defines
9b47b03 devices: add USB devices supported by the mt76 driver
c0fda7c utils: skip comment lines when parsing devices.txt
dbc0ee7 cli: describe USB devices as such
891acee devices: add MediaTek MT7628 card
fac0787 devices: add support for declaring compatible matched devices
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
emmc_do_upgrade() relies on identify() from the nand.sh upgrade helper.
This only works because FEATURES=emmc targets also tend to include
FEATURES=nand.
Rename identify_magic() to identify_magic_long() to match the common.sh
style and make it clear it pairs with other *_long() variants (and not,
say *_word()).
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
To bring in isatty() support.
Includes new commits:
be30472bfdbb fs: add `isatty()` function
0a58d510529e nl80211: add support for NL80211_ATTR_MPATH_INFO
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
[ remove additional merge commit ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
ZyXEL NBG7815 is a premium 802.11ax "tri"-band router/AP.
Specifications:
* CPU: Qualcomm IPQ8072A Quad core Cortex-A53 2.2GHz
* RAM: 1 GB 2x Nanya NT5CC256M16ER-EK
* Storage:
* 8MB serial flash Winbond W25Q64DW
* 4GB eMMC flash Kingston EMMC04G-M627
* Ethernet:
* 4x1G RJ45 ports (QCA8074A) with 1x status LED per port
* 1x2.5G RJ45 port (QCA8081) with 1x status LED
* 1x10G RJ45 port (AQR113C) with 1x status LED
* Switch: Qualcomm Atheros QCA8075
* WLAN:
* 2.4GHz: Qualcomm QCN5024 4x4@40MHz 802.11b/g/n/ax 1147 Mbps PHY rate
* 2x 5GHz: Qualcomm QCN5054 4x4 802.11a/b/g/n/ac/ax 2402 PHY rate
* Bluetooth CSR8811 using HSUART, currently unsupported
* USB: 1x USB3.0 Type-A port
* LED-s currently not supported:
* White
* Dark Blu
* Amber
* Purple
* Purple and dark blue
* Red
* Buttons:
* 1x Soft reset
* Power: 12V DC Jack
Installation instructions:
* Disconnect WAN
* Reset device to factory defaults by pushing reset button 15 sec,
LEDs should lit orange color.
* After 5-10 minutes, when the LEDs turn constant dark blue,
put your LAN cable and connect at address 192.168.123.1 by telnet on port 23
* Login with
NBG7815 login: root
password: nbg7815@2019
* cd /tmp/ApplicationData
* wget -O openwrt-ipq807x-generic-zyxel_nbg7815-squashfs-sysupgrade.bin http://...
* wget https://github.com/itorK/nbg7815_tools/blob/main/flash_to_openwrt.sh
* run flash_to_openwrt.sh
If you can't use wget, you can transfer the files via nc.
See https://openwrt.org/inbox/toh/zyxel/nbg7815_armor_g5 for installation details.
Bluetooth usage:
* you need at least package bluez-utils, recommended bluez-daemon
* run following commands to enable and start
hciattach /dev/ttyMSM1 bcsp
hciconfig hci0 up
Many thanks to itorK for his work on this device:
https://github.com/itorK/openwrt/tree/nbg7815
Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: André Valentin <avalentin@marcant.net>
Patch the mbedtls source instead of modifying the compile-targets
in the prepare buildstep within OpenWrt.
Signed-off-by: David Bauer <mail@david-bauer.net>
Move defines from header to defconfig
The package build and the Buildbot hang in 'make syncconfig' for
u-boot-ravpower_rp-wd009 because CONFIG_SYS_MIPS_TIMER_FREQ is not in
the .config, causing a console prompt. Also moved two other defines in
defconfig causing duplicate definition warnings.
Fixes: 3d5c5427e1 ("uboot-mediatek: update to U-Boot 2023.01")
Signed-off-by: Jo Deisenhofer <jo.deisenhofer@gmail.com>
The configured u_env partition for the Linksys WHW03 V2 was not correct.
It should have been set to mtd6.
This fix allow to flash the OEM firmware from OpenWRT and to change the
boot partition using fw_setenv.
Fixes: 9e4ede8344 ("ipq40xx: add support for Linksys WHW03 V2")
Signed-off-by: Vincent Tremblay <vincent@vtremblay.dev>
In the version 2023.01, the U-boot image was renamed because of the
upstream change [1]
[1] 87ac4b4b4c
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This uses version 4.23.1 of the dsl_cpe_control package from the Intel
UGW 8.5.2.10 for the VRX518.
Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[rebased]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[update to 4.23.1, added Jan's vector mac patch, fix warnings,
switch to tag tarball]
Signed-off-by: Andre Heider <a.heider@gmail.com>
[add missing nLine in autoboot script, fix disconnect on termination,
remove unneeded VR9 leftovers in init script]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Andre Heider <a.heider@gmail.com>
This uses version 4.23.1 of the drv_dsl_cpe_api package from the Intel
UGW 8.5.2.10 for the VRX518.
Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[rebased and updated for kernel 5.10]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[update to 4.23.1, switch to tag tarball, update patches]
Signed-off-by: Andre Heider <a.heider@gmail.com>
[added fix for elapsed time and upstream MINEFTR]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Andre Heider <a.heider@gmail.com>
This uses version 1.11.1 of the drv_mei_cpe package from the Intel UGW
8.5.2.10 for the VRX518.
Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[updated for kernel 5.10]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[update to 1.11.1, switch to tag tarball, update patches]
Signed-off-by: Andre Heider <a.heider@gmail.com>
[update for kernel 5.15]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Andre Heider <a.heider@gmail.com>
This driver version is also included in Intel UGW 8.5.2.10.
Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[updated for kernel 5.10]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[update to 1.5.12.4, switch to tag tarball]
Signed-off-by: Andre Heider <a.heider@gmail.com>
[add working software data path]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Andre Heider <a.heider@gmail.com>
This driver was picked from the Intel UGW 8.5.2.
Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[updated for kernel 5.10]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[update to 8.5.2]
Signed-off-by: Andre Heider <a.heider@gmail.com>
[fix masking interrupts and add locking]
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Andre Heider <a.heider@gmail.com>
04d7570 jail: fs: don't overwrite existing mount target
6b9629b jail: don't assume positive return value of creat
190f13a init: attempt to mount efivarfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Dynalink DL-WRX36 is a AX WIFI router with 4 1G and 1 2.5G ports.
Specifications:
• CPU: Qualcomm IPQ8072A Quad core Cortex-A53 2.2GHz
• RAM: 1024MB of DDR3
• Storage: 256MB Nand
• Ethernet: 4x 1G RJ45 ports (QCA8075) + 1 2.5G Port (QCA8081)
• WLAN:
2.4GHz: Qualcomm QCN5024 2x2 802.11b/g/n/ax 1174 Mbps PHY rate
5GHz: Qualcomm QCN5054 4x4 802.11a/b/g/n/ac/ax 2402 PHY rate
• 1x USB 3.0
• 1 gpio-controlled dual color led (blue/red)
• Buttons: 1x soft reset / 1x WPS
• Power: 12V DC jack
A poulated serial header is onboard (J1004)
the connector size is a 4-pin 2.0 mm JST PH.
RX/TX is working, u-boot bootwait is active, secure boot is enabled.
Notes:
- Serial is completely deactivated in the stock firmware image.
- This commit adds only single partition support, that means
sysupgrade is upgrading the current rootfs partition.
- Installation can be done by serial connection or
SSH access on OEM firmware
Installation Instructions:
Most part of the installation is performed from an initramfs image
running OpenWrt, and there are two options to boot it.
Boot initramfs option 1: Using serial connection (3.3V)
1. Stop auto boot to get to U-boot shell
2. Transfer initramfs image to device
(openwrt-ipq807x-generic-dynalink_dl-wrx36-initramfs-uImage.itb)
Tested using TFTP and a FAT-formatted USB flash drive.
3. Boot the initramfs image
# bootm
Boot initramfs option 2: From SSH access on OEM firmware
1. Copy the initramfs image to a FAT-formatted flash drive
(tested on single-partition drive) and connect it to device USB port.
2. Change boot command so it loads the initramfs image on next boot
Fallback to OEM firmware is provided.
# fw_setenv bootcmd 'usb start && fatload usb 0:1 0x44000000 openwrt-ipq807x-generic-dynalink_dl-wrx36-initramfs-uImage.itb && bootm 0x44000000; bootipq'
3. Reboot the device to boot the initramfs
# reboot
Install OpenWrt from initramfs image:
1. Use SCP (or other way) to transfer OpenWrt factory image
2. Connect to device using SSH (on a LAN port)
3. Check MTD partition table.
rootfs and rootfs_1 should be mtd18 and mtd20
depending on current OEM slot.
# cat /proc/mtd
4. Do a ubiformat to both rootfs partitions:
# ubiformat /dev/mtd18 -y -f /path_to/factory_image
# ubiformat /dev/mtd20 -y -f /path_to/factory_image
5. Set U-boot env variable: mtdids
# fw_setenv mtdids 'nand0=nand0'
6. Get offset of mtd18 to determine current OEM slot
- If current OEM slot is 1, offset is 16777216 (0x1000000)
- If current OEM slot is 2, offset is 127926272 (0x7a00000)
# cat /sys/class/mtd/mtd18/offset
7. Set U-boot env variable: mtdparts
If current OEM slot is 1, run:
# fw_setenv mtdparts 'mtdparts=nand0:0x6100000@0x1000000(fs),0x6100000@0x7a00000(fs_1)'
If current OEM slot is 2, run:
# fw_setenv mtdparts 'mtdparts=nand0:0x6100000@0x7a00000(fs),0x6100000@0x1000000(fs_1)'
8. Set U-boot env variable: bootcmd
# fw_setenv bootcmd 'setenv bootargs console=ttyMSM0,115200n8 ubi.mtd=rootfs rootfstype=squashfs rootwait; ubi part fs; ubi read 0x44000000 kernel; bootm 0x44000000#config@rt5010w-d350-rev0'
9. Reboot the device
# reboot
Note: this PR adds only single partition support, that means sysupgrade is
upgrading the current rootfs partition
Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
The Edgecore EAP102 is a wall/ceiling mountable AP. The AP can be
powered by either PoE or AC adapter.
Device info:
- IPQ8071-A SoC
- 1GiB RAM
- 256MiB NAND flash
- 32MiB SPI NOR
- 2 Ethernet ports
- 1 Console port
- 2GHz/5GHz AX WLAN
- 2 USB 2.0 ports
Install instructions:
Prerequistes - TFTP server, preferrably within 192.168.1.0/24
Console cable plugged in (115200 8N1 no flow control)
1. Power on device and interrupt u-boot to obtain u-boot CLI
2. set serverip to IP address of the TFTP server:
`setenv serverip 192.168.1.250`
3. Download image from TFTP server:
`tftpboot 0x44000000 openwrt-ipq807x-generic-edgecore_eap102-squashfs-nand-factory.ubi`
4. Flash ubi image to both partitions and reset:
`sf probe
imxtract 0x44000000 ubi
nand device 0
nand erase 0x0 0x3400000
nand erase 0x3c00000 0x3400000
nand write $fileaddr 0x0 $filesize
nand write $fileaddr 0x3c00000 $filesize
reset`
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
Xiaomi AX9000 is a premium 802.11ax "tri"-band router/AP.
Specifications:
* CPU: Qualcomm IPQ8072A Quad core Cortex-A53 2.2GHz
* RAM: 1024MB of DDR3
* Storage: 256MB of parallel NAND
* Ethernet:
* 4x1G RJ45 ports (QCA8075) with 1x status LED per port
* 1x2.5G RJ45 port (QCA8081) with 1x status LED
* WLAN:
* PCI based Qualcomm QCA9889 1x1 802.11ac Wawe 2 for IoT
* 2.4GHz: Qualcomm QCN5024 4x4@40MHz 802.11b/g/n/ax 1147 Mbps PHY rate
* 5.8GHz: Qualcomm QCN5054 4x4@80MHz or 2x2@160MHz 802.11a/b/g/n/ac/ax 2402Mbps PHY rate
* 5GHz: PCI based Qualcomm QCN9024 4x4@160MHz 802.11a/b/g/n/ac/ax 4804Mbps PHY rate
* USB: 1x USB3.0 Type-A port
* LED-s:
* System (Blue and Yellow)
* Network (Blue and Yellow)
* RGB light bar on top in X shape
* Buttons:
* 1x Power switch
* 1x Soft reset
* 1x Mesh button
* Power: 12V DC Jack
Installation instructions:
Obtaining SSH access is mandatory
https://openwrt.org/inbox/toh/xiaomi/ax9000#obtain_ssh_access
Installation is done by the ubiformat method, through SSH:
1. Open an SSH shell to the router
2. Copy the file openwrt-ipq807x-generic-xiaomi_ax9000-initramfs-factory.ubi to the /tmp directory
3. Check which rootfs partition is your router booted in (0 = rootfs | 1 = rootfs_1):
nvram get flag_boot_rootfs
4. Find the rootfs and rootfs_1 mtd indexes respectively:
cat /proc/mtd
Please confirm if mtd21 and mtd22 are the correct indexes from above!
5. Use the command ubiformat to flash the opposite mtd with UBI image:
If nvram get flag_boot_rootfs returned 0:
ubiformat /dev/mtd22 -y -f /tmp/openwrt-ipq807x-generic-xiaomi_ax9000-initramfs-factory.ubi && nvram set flag_boot_rootfs=1 && nvram set flag_last_success=1 && nvram commit
otherwise:
ubiformat /dev/mtd21 -y -f /tmp/openwrt-ipq807x-generic-xiaomi_ax9000-initramfs-factory.ubi && nvram set flag_boot_rootfs=0 && nvram set flag_last_success=0 && nvram commit
6. Reboot the device by:
reboot
Previous commands flashed an ubinized OpenWrt initramfs that will serve as the intermediate step
since OpenWrt uses unified rootfs in order to fully utilize NAND and provide enough space for packages.
Continue in order to pernamently flash OpenWrt:
7. SSH into OpenWrt from one of the LAN ports
8. Copy the file openwrt-ipq807x-generic-xiaomi_ax9000-squashfs-sysupgrade.bin to the /tmp directory
9. Sysupgrade the device:
sysupgrade -n /tmp/openwrt-ipq807x-generic-xiaomi_ax9000-squashfs-sysupgrade.bin
Device will reboot with OpenWrt, and then sysupgrade can be used to upgrade the device when desired.
Signed-off-by: Robert Marko <robimarko@gmail.com>
QNAP 301w is a AX WIFI router with 4 1G and 2 10G ports.
Specifications:
• CPU: Qualcomm IPQ8072A Quad core Cortex-A53 2.2GHz
• RAM: 1024MB of DDR3
• Storage: 4GB eMMC (contains kernel and rootfs) / 8MB NOR
(contains art and u-boot-env)
• Ethernet: 4x 1G RJ45 ports + 2 10G ports (Aquantia AQR113C)
• WLAN:
2.4GHz: Qualcomm QCN5024 4x4 (40 MHz) 802.11b/g/n/ax 1174 Mbps PHY rate
5GHz: Qualcomm QCN5054 4x4 (80 MHz) or 2x2 (160 MHz) 802.11a/b/g/n/ac/ax 2402 PHY rate
• LEDs:
7 x GPIO-controlled dual color LEDs + 2 GPIO-controlled single color LEDs
• Buttons: 1x soft reset / 1x WPS
• Power: 12V DC jack
A poulated serial header is onboard.
RX/TX is working, bootwait is active, secure boot is not enabled.
SSH can be activated in the stock firmware, hold WPS button til the second beep
(yes the router has a buzzer)
SSH is available on port 22200, login with user admin and
password "mac address of the router".
Installation Instructions:
• obtain serial access (https://openwrt.org/inbox/toh/qnap/301w#serial)
• stop auto boot
• setenv serverip 192.168.10.1
• setenv ipaddr 192.168.10.10
• tftpboot the initramfs image
(openwrt-ipq807x-generic-qnap_301w-initramfs-fit-uImage.itb)
• bootm
• make sure that current_entry is set to "0":
"fw_printenv -n current_entry" should be print "0". If not,
do "fw_setenv current_entry 0"
• copy openwrt-ipq807x-generic-qnap_301w-squashfs-sysupgrade.bin
to the device to /tmp folder
• sysupgrade -n /tmp/openwrt-ipq807x-generic-qnap_301w-squashfs-sysupgrade.bin
this flashes openwrt to the first kernel and rootfs partition (mmcblk0p1 / mmcblk0p4)
• reboot
Note: this leaves the second kernel / rootfs parition untouched. So if you want
to go back to stock, stop u-boot autoboot, "setenv current_entry 1" ,
"saveenv", "bootipq".
Stock firmware should start from the second partition.
Then do a firmwareupgrade in the stock gui, that should overwrite the openwrt
in the first partitions
Make 10G Aquantia phy's work:
The aquantia phy's need a firmware to work. This can either be loaded
in linux with a userspace tool or in u-boot.
I was not successfull to load the firmware in linux (aq-fw-download) but luckily there is
aq_load_fw available in u-boot. But first the right firmware needs to write
to the 0:ETHPHYFW mtd partition (it is empty on my device)
Grab the ethphy firmware image from:
https://github.com/kirdesde/nbg7815_gpl/blob/master/target/linux/ipq/ipq807x_64/prebuilt_images/AQR_ethphyfw.mbn
and scp that to openwrt.
Check the 0:ETHPHYFW partition number:
cat /proc/mtd|grep "0:ETHPHYFW", should be mtd10.
Backup the 0:ETHPHYFW partition:
dd if=/dev/mtd10 of=/tmp/ethphyfw.backup, scp ethphyfw.backup to a save place.
Write the new firmware image to the 0:ETHPHYFW partition:
"mtd erase /dev/mtd10", "mtd -n write AQR_ethphyfw.mbn /dev/mtd10".
Reboot to u-boot.
Check if aq_load_fw is working:
"aq_load_fw 0", that checks the firmware and if successfull,
loads iram and dram to one of the aquantia phy's.
If that worked, add the aq_load_fw to the bootcmd:
setenv bootcmd "aq_load_fw 0 && aq_load_fw 8 && bootipq"
"saveenv"
"reset"
Board reboots and the firmware load to both phy's should start and
then openwrt boots.
Check if the 10G ports work.
Note: lan port labeled "10G-2" is configured as WAN port as per default.
All other port are in the br-lan. This can be changed in the network config.
Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
Edimax CAX1800 is a 802.11 ax dual-band AP
with PoE. AP can be ceiling or wall mount.
Specifications:
• CPU: Qualcomm IPQ8070A Quad core Cortex-A53 1.4GHz
• RAM: 512MB of DDR3
• Storage: 128MB NAND (contains rootfs) / 8MB NOR (contains art and uboot-env)
• Ethernet: 1x 1G RJ45 port (QCA8072) PoE
• WLAN:
2.4GHz: Qualcomm QCN5024 2x2 802.11b/g/n/ax 574 Mbps PHY rate
5GHz: Qualcomm QCN5054 2x2 802.11a/b/g/n/ac/ax 1201 PHY rate
• LEDs:
3 x GPIO-controlled System-LEDs
(form one virtual RGB System-LED)
black_small_square Buttons: 1x soft reset
black_small_square Power: 12V DC jack or PoE (802.3af )
An unpopulated serial header is onboard.
RX/TX is working, bootwait is active, secure boot is not enabled.
SSH can be activated in the stock firmware, but it drops only
to a limited shell .
Installation Instructions:
black_small_square obtain serial access
black_small_square stop auto boot
black_small_square tftpboot the initramfs image (serverip is set to 192.168.99.8 in uboot)
black_small_square bootm
black_small_square copy openwrt-ipq807x-generic-edimax_cax1800-squashfs-nand-factory.ubi
to the device
black_small_square write the image to the NAND:
black_small_square cat /proc/mtd and look for rootfs partition (should be mtd0)
black_small_square ubiformat /dev/mtd0 -f -y openwrt-ipq807x-generic-edimax_cax1800-squashfs-
nand-factory.ubi
black_small_square reboot
Note: Device is not using dual partitioning (NAND contains other partitions
with different manufacture data etc.)
Draytek VigorAP 960C and Lancom LW-600 both look similar, but I haven't checked them.
Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
Redmi AX6 is a budget 802.11ax dual-band router/AP
Specifications:
* CPU: Qualcomm IPQ8071A Quad core Cortex-A53 1.4GHz
* RAM: 512MB of DDR3
* Storage: 128MB NAND
* Ethernet: 4x1G RJ45 ports (QCA8075)
* WLAN:
* 2.4GHz: Qualcomm QCN5024 2x2 802.11b/g/n/ax 574 Mbps PHY rate
* 5GHz: Qualcomm QCN5054 4x4@80MHz or 2x2@160MHz 802.11a/b/g/n/ac/ax 2402 PHY rate
* LEDs:
* System (Blue/Yellow)
* Network (Blue/Yellow)
*Buttons: 1x soft reset
*Power: 12V DC jack
Installation instructions:
Obtaining SSH access is mandatory
https://openwrt.org/inbox/toh/xiaomi/xiaomi_redmi_ax6_ax3000#ssh_access
Installation is done by the ubiformat method, through SSH:
1. Open an SSH shell to the router
2. Copy the file openwrt-ipq807x-generic-redmi_ax6-initramfs-factory.ubi to the /tmp directory
3. Check which rootfs partition is your router booted in (0 = rootfs | 1 = rootfs_1):
nvram get flag_boot_rootfs
4. Find the rootfs and rootfs_1 mtd indexes respectively:
cat /proc/mtd
Please confirm if mtd12 and mtd13 are the correct indexes from above!
5. Use the command ubiformat to flash the opposite mtd with UBI image:
If nvram get flag_boot_rootfs returned 0:
ubiformat /dev/mtd13 -y -f /tmp/openwrt-ipq807x-generic-redmi_ax6-initramfs-factory.ubi && nvram set flag_boot_rootfs=1 && nvram set flag_last_success=1 && nvram commit
otherwise:
ubiformat /dev/mtd12 -y -f /tmp/openwrt-ipq807x-generic-redmi_ax6-initramfs-factory.ubi && nvram set flag_boot_rootfs=0 && nvram set flag_last_success=0 && nvram commit
6. Reboot the device by:
reboot
Previous commands flashed an ubinized OpenWrt initramfs that will serve as the intermediate step
since OpenWrt uses unified rootfs in order to fully utilize NAND and provide enough space for packages.
Continue in order to pernamently flash OpenWrt:
7. SSH into OpenWrt from one of the LAN ports
8. Copy the file openwrt-ipq807x-generic-redmi_ax6-squashfs-sysupgrade.bin to the /tmp directory
9. Sysupgrade the device:
sysupgrade -n /tmp/openwrt-ipq807x-generic-redmi_ax6-squashfs-sysupgrade.bin
Device will reboot with OpenWrt, and then sysupgrade can be used to upgrade the device when desired.
Signed-off-by: Zhijun You <hujy652@gmail.com>
Xiaomi AX3600 is a budget 802.11ax dual-band router/AP.
Specifications:
* CPU: Qualcomm IPQ8071A Quad core Cortex-A53 1.4GHz
* RAM: 512MB of DDR3
* Storage: 256MB of parallel NAND
* Ethernet: 4x1G RJ45 ports (QCA8075) with 1x status LED per port
* WLAN:
* PCI based Qualcomm QCA9889 1x1 802.11ac Wawe 2 for IoT
* 2.4GHz: Qualcomm QCN5024 2x2 802.11b/g/n/ax 574 Mbps PHY rate
* 5GHz: Qualcomm QCN5054 4x4@80MHz or 2x2@160MHz 802.11a/b/g/n/ac/ax 2402 PHY rate
* LED-s:
* System (Blue and Yellow)
* IoT (Blue)
* Network (Blue and Yellow)
* Buttons: 1x Soft reset
* Power: 12V DC Jack
Installation instructions:
Obtaining SSH access is mandatory
https://openwrt.org/inbox/toh/xiaomi/xiaomi_ax3600#obtain_ssh_access
Installation is done by the ubiformat method, through SSH:
1. Open an SSH shell to the router
2. Copy the file openwrt-ipq807x-generic-xiaomi_ax3600-initramfs-factory.ubi to the /tmp directory
3. Check which rootfs partition is your router booted in (0 = rootfs | 1 = rootfs_1):
nvram get flag_boot_rootfs
4. Find the rootfs and rootfs_1 mtd indexes respectively:
cat /proc/mtd
Please confirm if mtd12 and mtd13 are the correct indexes from above!
5. Use the command ubiformat to flash the opposite mtd with UBI image:
If nvram get flag_boot_rootfs returned 0:
ubiformat /dev/mtd13 -y -f /tmp/openwrt-ipq807x-generic-xiaomi_ax3600-initramfs-factory.ubi -s 2048 -O 2048 && nvram set flag_boot_rootfs=1 && nvram set flag_last_success=1 && nvram commit
otherwise:
ubiformat /dev/mtd12 -y -f /tmp/openwrt-ipq807x-generic-xiaomi_ax3600-initramfs-factory.ubi -s 2048 -O 2048 && nvram set flag_boot_rootfs=0 && nvram set flag_last_success=0 && nvram commit
6. Reboot the device by:
reboot
Previous commands flashed an ubinized OpenWrt initramfs that will serve as the intermediate step
since OpenWrt uses unified rootfs in order to fully utilize NAND and provide enough space for packages.
Continue in order to pernamently flash OpenWrt:
7. SSH into OpenWrt from one of the LAN ports
8. Copy the file openwrt-ipq807x-generic-xiaomi_ax3600-squashfs-sysupgrade.bin to the /tmp directory
9. Sysupgrade the device:
sysupgrade -n /tmp/openwrt-ipq807x-generic-xiaomi_ax3600-squashfs-sysupgrade.bin
Device will reboot with OpenWrt, and then sysupgrade can be used to upgrade the device when desired.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
Qualcomm NSS-DP is as its name says Qualcomms ethernet driver for the NSS
subsystem (Networking subsystem) built-into various Qualcomm SoCs.
It has 2 modes of operation:
* Without NSS FW and rest of code required for offloading
This is the one that we will use as the amount of kernel patching required
for NSS offloading and the fact that its not upstreamable at all makes it
unusable for us.
Driver in this mode is rather basic, it currently only offers NAPI GRO
(Added by us as part of the fixup) and basically relies on the powerfull
CPU to get good throughput.
* With NSS FW and rest of code required for offloading
In this mode, driver just registers the interfaces and hooks them into
NSS-ECM to allow offloading.
This mode is not viable for use in OpenWrt due to reasons already described
above.
This driver is required for ipq807x to have wired networking until a better
one is available, so lets add the fixed-up version for 5.15 for now.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Qualcomm SSDK is driver for Qualcomm Atheros switches and PHY-s.
It is quite complicated and used by rest of the Qualcomm SDK stack for
anything switch or PHY related.
It is required for IPQ807x support as currently, there is no better driver
for the built-in switch or UNIPHY.
So, lets add the fixed-up version that supports kernel 5.15 for use on
ipq807x target until a better driver is available.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
This is the follow up to the PCI support commit now providing support for
AHB variant as well, though currently only for ipq807x as that is only
OpenWrt supported SoC ath11k supports as well.
Currently, we are disabling coldboot calibration on ipq807x as it does not
work, there is a remoteproc bug that makes it come late out of reset so
disable coldboot until that is fixed.
Also, as ath11k is quite memory hungry, we are introducing a config option
to use the limits for 512MB of RAM, similar to what QCA does downstream but
in way simpler and cleaner way so that 512MB save some RAM.
512MB profile is also set as the default for now.
Signed-off-by: Robert Marko <robimarko@gmail.com>
