Commit Graph

54277 Commits

Author SHA1 Message Date
Stijn Tintel
e8433fb433 firewall4: bump to git HEAD
11f5c7b fw4.uc: fix zone helper assignment
  b9d35ff fw4.uc: don't skip zone for unavailable helper
  e35e26b tests: add test for zone helpers
  a063317 ruleset: fix conntrack helpers
  e1cb763 ruleset: reuse zone-jump.uc template for notrack and helper chain jumps
  11410b8 ruleset: reorder declarations & output tweaks
  880dd31 fw4: fix skipping invalid IPv6 ipset entries
  5994466 fw4: simplify `is_loopback_dev()`
  53886e5 fw4: fix crash in parse_cthelper() if no helpers are present
  11256ff fw4: add support for configurable includes
  3b5a033 tests: add test coverage for firewall includes
  d79911c fw4: support sets with timeout capability but without default expiry
  15c3831 fw4: add support for `option log` in rule and redirect sections

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-06-17 18:15:50 +03:00
Rafał Miłecki
d19c37486b bcm53xx: copy bgmac revert (performance fix) to 5.15
Ref: 230c9da963 ("bcm53xx: revert bgmac back to the old limited max frame size")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-06-17 08:04:31 +02:00
Sander Vanheule
9320516613 ath79: move ethernet phy node for TP-Link EAP devices
Move the ethernet phy definition from the eap2x5-1port include to the
device-specific DTS files. This is to prepare for new devices that have
a different ethernet phy, at another MDIO address.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-06-16 21:39:32 +02:00
Sander Vanheule
48625a0445 ath79: TP-Link EAP225-Wall v1: convert radios to nvmem-cells
Replace the mtd-cal-data phandle by an nvmem-cell reference to the art
partition for the 2.4GHz ath9k radio.

Add the PCIe node for the ath10k radio to the devicetree, and refer to
the art partition for the calibration data using nvmem-cells.

Use mac-address-increment to ensure the MAC address is set correctly,
and remove the device from the caldata extraction and patching script.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-06-16 21:39:32 +02:00
Sander Vanheule
d4b3b23942 ath79: TP-Link EAP245 v3: convert radios to nvmem-cells
Replace the mtd-cal-data phandle by an nvmem-cell reference from the art
partition for the 2.4GHz ath9k radio.

Add the PCIe node for the ath10k radio to the devicetree, and refer to
the art partition for the calibration data using an nvmem-cell.

Use mac-address-increment to ensure the MAC address is set correctly,
and remove the device from the caldata extraction and patching script.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-06-16 21:39:32 +02:00
Sander Vanheule
eca0d73011 ath79: TP-Link EAP225 v3: convert ath10k to nvmem-cells
Add the PCIe node for the ath10k radio to the devicetree, and refer to
the art partition for the calibration data using nvmem-cells.

Use mac-address-increment to ensure the MAC address is set correctly,
and remove the device from the caldata extraction and patching script.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-06-16 21:39:32 +02:00
Sander Vanheule
23b9040745 ath79: TP-Link EAP225-Outdoor v1: convert ath10k to nvmem-cells
Add the PCIe node for the ath10k radio to the devicetree, and refer to
the art partition for the calibration data using nvmem-cells.

Use mac-address-increment to ensure the MAC address is set correctly,
and remove the device from the caldata extraction and patching script.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-06-16 21:39:32 +02:00
Sander Vanheule
7cf3a37957 ath79: TP-Link EAP225 v1: convert ath10k to nvmem-cells
Add the PCIe node for the ath10k radio to the devicetree, and refer to
the art partition for the calibration data using nvmem-cells.

Use mac-address-increment to ensure the MAC address is set correctly,
and remove the device from the caldata extraction and patching script.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-06-16 21:39:32 +02:00
Sander Vanheule
d61882783d ath79: TP-Link EAP245 v1: convert ath10k to nvmem-cells
Add the PCIe node for the ath10k radio to the devicetree, and refer to
the art partition for the calibration data using nvmem-cells.

Use mac-address-increment to ensure the MAC address is set correctly,
and remove the device from the caldata extraction and patching script.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-06-16 21:39:32 +02:00
Sander Vanheule
e71b5d2db7 ath79: convert 1-port TP-Link EAP ath9k to nvmem-cells
Replace the mtd-cal-data phandle with an nvmem-cell reference for the
2.4GHz ath9k radio. This affects the following devices:
  - TP-Link EAP225 v1
  - TP-Link EAP225 v3
  - TP-Link EAP225-Outdoor v1
  - TP-Link EAP245 v1

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-06-16 21:39:32 +02:00
Daniel Golle
2caa03ec86
uboot-mediatek: update UniFi 6 LR board name
Select matching U-Boot for both v1 and v2 variants.

Fixes: 15a02471bb ("mediatek: new target mt7622-ubnt-unifi-6-lr-v1")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-06-16 19:56:12 +01:00
David Bauer
574539ee2c hostapd: add owe_transition_ifname
Add the owe_transition_ifname config option to wifi-ifaces.

This allows to configure OWE transition VAPs without adding SSID / BSSID
to the uci conifg but instead autodiscovering these parameters from
other networks on the same PHY.

The following configuration creates a OWE transition mode network
constellation.

config wifi-iface 'open0'
	option device 'radio0'
	option ifname 'open0'
	option network 'lan'
	option mode 'ap'
	option ssid 'FreeNet'
	option encryption 'none'
	option owe_transition_ifname 'owe0'

config wifi-iface 'owe0'
	option device 'radio0'
	option ifname 'owe0'
	option network 'lan'
	option mode 'ap'
	option ssid 'owe_tm.FreeNet'
	option encryption 'owe'
	option hidden '1'
	option owe_transition_ifname 'open0'

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-06-16 11:07:19 +02:00
Felix Fietkau
958785508c mac80211: sync airtime fairness fixes with updated upstream submission
- fix ath10k latency issues
- reject too large weight values
- code cleanup

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-06-15 20:43:49 +02:00
Sander Vanheule
dae3927527 ath79: drop phy-mask property
The phy-mask property is no longer supported by the ag71xx-mdio driver,
so let's drop it.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-06-15 20:07:26 +02:00
Sander Vanheule
c8c96b22c6 ath79: ag71xx-mdio: remove phy-mask property
The phy-mask property is read by the ag71xx-mdio driver to set the
mii_bus's phy_mask field. On OF platforms, the devicetree is expected to
provide all present ethernet phy-s however, so the phy_mask field is
later set to all-ones. Having a devicetree override is of no use then,
so let's drop it.

Cc: David Bauer <mail@david-bauer.net>
Cc: John Crispin <john@phrozen.org>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Acked-by: David Bauer <mail@david-bauer.net>
2022-06-15 20:07:26 +02:00
Rafał Miłecki
230c9da963 bcm53xx: revert bgmac back to the old limited max frame size
Bumping max frame size has significantly affected network performance.
It was done by upstream commit that first appeared in the 5.7 release.

This change bumps NAT masquarade speed from 196 Mb/s to 383 Mb/s for the
BCM4708 SoC.

Ref: f55f1dbaad ("bcm53xx: switch to the kernel 5.10")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-06-15 10:44:32 +02:00
Rafał Miłecki
d75bb744ea swconfig: parse "switch_vlan" before "switch_port"
Before this change UCI sections of both types were parsed in order as
specified in UCI. That didn't work well with all drivers (e.g. b53).

It seems that VLAN setup can reset / overwrite previously set ports
parameters. It resulted in "switch_port" options defined above
"switch_vlan"s being silently ignored.

Ideally swconfig & all drivers should be improved to handle that
properly but it'd be a waste of time at this point as DSA replaces
swconfig. Use this minor parsing change as a quick fix.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-06-15 10:44:32 +02:00
Stijn Tintel
c4b499bc03 qoriq: use FIT uImage for Firebox M300 kernel
This requires U-Boot environment changes:

  setenv OpenWrt_kernel watchguard_firebox-m300-fit-uImage.itb
  setenv loadaddr 0x20000000
  setenv wgBootSysA 'setenv bootargs root=/dev/mmcblk0p2 rw rootdelay=2 console=$consoledev,$baudrate fsl_dpaa_fman.fsl_fm_max_frm=1530; mmc dev 0; ext2load mmc 0:1 $loadaddr $OpenWrt_kernel; bootm $loadaddr'

Trying to sysupgrade an image containing this change on an M300 already
running OpenWrt will fail with the following error:

  Tue Jun 14 12:06:21 EEST 2022 upgrade: The device is supported, but the config is incompatible to the new image (1.0->1.1). Please upgrade without keeping config (sysupgrade -n).
  Tue Jun 14 12:06:21 EEST 2022 upgrade: Kernel switched to FIT uImage. Update U-Boot environment.
  Tue Jun 14 12:06:21 EEST 2022 upgrade: Reading partition table from bootdisk...
  Tue Jun 14 12:06:21 EEST 2022 upgrade: Extract boot sector from the image
  Tue Jun 14 12:06:21 EEST 2022 upgrade: Reading partition table from image...
  Image check failed.

This is to prevent rendering your device unbootable. Make the U-Boot
environment changes as instruced above, and then flash the image using
sysupgrade -F. The config can be kept, there is no need to use -n.

After the new image booted successfully, you can increase the compat_version:

  uci set system.@system[0].compat_version='1.1'
  uci commit

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-06-14 12:06:31 +03:00
Stijn Tintel
86948716db qoriq: use KERNEL_SUFFIX in Build/sdcard-img
Use the KERNEL_SUFFIX variable in Build/sdcard-img, rather than
using hardcoded "-kernel.bin", to allow overriding KERNEL_SUFFIX for a
device.

Fixes: 080a769b4d ("qoriq: new target")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-06-14 12:03:55 +03:00
Rosen Penev
a7be143646 tools/ninja: update to 1.11.0
Updated patchset to latest.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-06-13 19:50:25 +02:00
Mikhail Zhilkin
498c15376b ramips: add support for MTS WG430223
MTS WG430223 is a wireless AC1300 (WiFi 5) router manufactured by
Arcadyan company. It's very similar to Beeline Smartbox Flash (Arcadyan
WG443223).

Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 128 MiB
Flash: 128 MiB (Winbond W29N01HV)
Wireless 2.4 GHz (MT7615DN): b/g/n, 2x2
Wireless 5 GHz (MT7615DN): a/n/ac, 2x2
Ethernet: 3xGbE (WAN, LAN1, LAN2)
USB ports: No
Button: 1 (Reset/WPS)
LEDs: 2 (Red, Green)
Power: 12 VDC, 1 A
Connector type: Barrel
Bootloader: U-Boot (Ralink UBoot Version: 5.0.0.2)
OEM: Arcadyan WG430223

Installation
------------
1. Login to the router web interface (superadmin:serial number)
2. Navigate to Administration -> Miscellaneous -> Access control lists &
   enable telnet & enable "Remote control from any IP address"
3. Connect to the router using telnet (default admin:admin)
4. Place *factory.trx on any web server (192.168.1.2 in this example)
5. Connect to the router using telnet shell (no password required)
6. Save MAC adresses to U-Boot environment:
   uboot_env --set --name eth2macaddr --value $(ifconfig | grep eth2 | \
    awk '{print $5}')
   uboot_env --set --name eth3macaddr --value $(ifconfig | grep eth3 | \
    awk '{print $5}')
   uboot_env --set --name ra0macaddr --value $(ifconfig | grep ra0 | \
    awk '{print $5}')
   uboot_env --set --name rax0macaddr --value $(ifconfig | grep rax0 | \
    awk '{print $5}')
7. Ensure that MACs were saved correctly:
   uboot_env --get --name eth2macaddr
   uboot_env --get --name eth3macaddr
   uboot_env --get --name ra0macaddr
   uboot_env --get --name rax0macaddr
8. Download and write the OpenWrt images:
   cd /tmp
   wget http://192.168.1.2/factory.trx
   mtd_write erase /dev/mtd4
   mtd_write write factory.trx /dev/mtd4
9. Set 1st boot partition and reboot:
   uboot_env --set --name bootpartition --value 0

Back to Stock
-------------
1. Run in the OpenWrt shell:
   fw_setenv bootpartition 1
   reboot
2. Optional step. Upgrade the stock firmware with any version to
   overwrite the OpenWrt in Slot 1.

MAC addresses
-------------
+-----------+-------------------+----------------+
| Interface | MAC               | Source         |
+-----------+-------------------+----------------+
| label     | A4:xx:xx:51:xx:F4 | No MACs was    |
| LAN       | A4:xx:xx:51:xx:F6 | found on Flash |
| WAN       | A4:xx:xx:51:xx:F4 | [1]            |
| WLAN_2g   | A4:xx:xx:51:xx:F5 |                |
| WLAN_5g   | A6:xx:xx:21:xx:F5 |                |
+-----------+-------------------+----------------+
[1]:
a. Label wasb't found neither in factory nor in other places.
b. MAC addresses are stored in encrypted partition "glbcfg". Encryption
   key hasn't known yet. To ensure the correct MACs in OpenWrt, a hack
   with saving of the MACs to u-boot-env during the installation was
   applied.
c. Default Ralink ethernet MAC address (00:0C:43:28:80:A0) was found in
   "Factory" 0xfff0. It's the same for all MTS WG430223 devices. OEM
   firmware also uses this MAC when initialazes ethernet driver. In
   OpenWrt we use it only as internal GMAC (eth0), all other MACs are
   unique. Therefore, there is no any barriers to the operation of several
   MTS WG430223 devices even within the same broadcast domain.

Stock firmware image format
---------------------------
The same as Beeline Smartbox Flash but with another trx magic
+--------------+---------------+----------------------------------------+
| Offset       |               | Description                            |
+==============+===============+========================================+
| 0x0          | 31 52 48 53   | TRX magic "1RHS"                       |
+--------------+---------------+----------------------------------------+

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2022-06-13 15:26:23 +08:00
Mikhail Zhilkin
5b59137a16 ramips: create new dtsi for Arcadyan routers
This commit moves common properties for the boards below to a new dtsi:
Beeline Smartbox Flash (Arcadyan WG443223)
MTS WG430223 (Arcadyan WG430223)

The boards are almost the same. Here is the differences:
+------+----------+----------+
|      | WG430223 | WG443223 |
+------+----------+----------+
| RAM  | 128      | 256      |
+------+----------+----------+
| USB  | -        | 1x3.0    |
+------+----------+----------+
| LEDS | RG       | RGB      |
+------+----------+----------+

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2022-06-13 15:26:23 +08:00
Mikhail Zhilkin
109c503bee ramips: allow custom trx magic for Arcadyan
This commit:
1. Renames beeline-trx recipe in mt7621.mk to arcadyan-trx. The recipe
   is necessary for:
   - MTS WG430223 (Arcadyan WG430223)
   - Beeline Smartbox Flash (Arcadyan WG443223)
2. Allows specify custom trx magic which is different for the routers
   mentined above.

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2022-06-13 15:26:23 +08:00
Aviana Cruz
857ea3f690 ramips: decrease SPI frequency for Phicomm K2P
Some K2P comes with the worse boards with GD25Q128 (may be A2), which
only works with 50MHz frequency and less. Reduce spi frequency so that
these routers can boot.
remove m25p,fast-read because it isn't needed for 50MHz SPI.

Signed-off-by: Aviana Cruz <gwencroft@proton.me>
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2022-06-13 15:26:23 +08:00
Robert Marko
f03b20837b hostapd: fix feature detection
Fix hostapd feature detection after the bump to 2022-05-08.
getopt was not updated correctly after upstream added support for -q arg.

This reenables feature detection so that LuCi can check for features like
SAE, fast roaming etc.

Fixes: c35ff1affe ("hostapd: update to 2022-05-08")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2022-06-12 23:03:36 +02:00
Nick Hainke
f4415f7635 ath79: move ubnt-xm to tiny
ath79 has was bumped to 5.10. With this, as with every kernel change,
the kernel has become larger. However, although the kernel gets bigger,
there are still enough flash resources. But the RAM reaches its capacity
limits. The tiny image comes with fewer kernel flags enabled and
fewer daemons.

Improves: 15aa53d7ee ("ath79: switch to Kernel 5.10")

Tested-by: Robert Foss <me@robertfoss.se>
Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-06-11 21:22:58 +02:00
Henrik Riomar
31d86a1a11 mediatek: add Ubiquiti UniFi 6 LR v2 targets
Add targets:
 * Ubiquiti UniFi 6 LR v2
 * Ubiquiti UniFi 6 LR v2 (U-Boot mod)

This target does not have a RGB led bar like v1 did

Used target/linux/ramips/dts/mt7621_ubnt_unifi.dtsi as inspiration

The white dome LED is default-on, blue will turn on when the system is
in running state

Signed-off-by: Henrik Riomar <henrik.riomar@gmail.com>
2022-06-11 19:51:33 +01:00
Henrik Riomar
5c8d3893a7 mediatek: new target ubnt_unifi-6-lr-v1-ubootmod
based on current ubnt_unifi-6-lr-ubootmod

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[added SUPPORTED_DEVICES for compatibility with existing setups]
Signed-off-by: Henrik Riomar <henrik.riomar@gmail.com>
2022-06-11 19:51:18 +01:00
Henrik Riomar
15a02471bb mediatek: new target mt7622-ubnt-unifi-6-lr-v1
Based on current mt7622-ubnt-unifi-6-lr, this is a preparation for
adding a v2 version of this target

* v1 - with led-bar
* v2 - two simple GPIO connected LEDs (in later commits)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[added SUPPORTED_DEVICES for compatibility with existing setups]
Signed-off-by: Henrik Riomar <henrik.riomar@gmail.com>
2022-06-11 19:50:26 +01:00
Stijn Tintel
e3e9eb31a2 wireless-regdb: bump to 2022.06.06
902b321 wireless-regdb: Update regulatory rules for Israel (IL)
  20f6f34 wireless-regdb: add missing spaces for US S1G rules
  25652b6 wireless-regdb: Update regulatory rules for Australia (AU)
  081873f wireless-regdb: update regulatory database based on preceding changes
  166fbdd wireless-regdb: add db files missing from previous commit
  e3f03f9 Regulatory update for 6 GHz operation in Canada (CA)
  888da5f Regulatory update for 6 GHz operation in United States (US)
  647bcaa Regulatory update for 6 GHz operation in FI
  c6b079d wireless-regdb: update regulatory rules for Bulgaria (BG) on 6GHz
  2ed39be wireless-regdb: Remove AUTO-BW from 6 GHz rules
  7a6ad1a wireless-regdb: Unify 6 GHz rules for EU contries
  68a8f2f wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-06-11 16:03:14 +03:00
Stijn Tintel
bbce9f84ec iw: bump to 5.19
7e06706 iw: event: report missing radar events
  5909e73 iw: survey: add support for radio stats
  64bf570 update nl80211.h
  0900996 iw: print Radar background capability if supported
  56c6077 iw: print out assoc comeback event
  a4e5418 iw: support 160MHz frequency command for 6GHz band
  5a71b72 iw: Print local EHT capabilities
  e3287a1 station: print EHT rate information
  ff67fb2 iw: fix double tab in mesh path header
  05a5267 iw: fix 'upto' -> 'up to'
  00a2985 iw: handle VHT extended NSS
  82e0bd1 update nl80211.h
  c95877c info: add missing extended features
  0976378 info: refactor extended features
  79f20cb bump version to 5.19

Sync nl80211.h with our version of mac80211 and remove parts of the iw
code that are not supported by our version of mac80211.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-06-11 16:03:14 +03:00
Stijn Segers
0dc056eb66 ath79: D-Link DAP-2680: select QCA9984 firmware
The DAP-2680 has a QCA9984 radio [1], but the commit adding support
mistakenly adds the QCA99x0 firmware package. See forum topic [2].

[1] https://wikidevi.wi-cat.ru/D-Link_DAP-2680_rev_A1
[2] https://forum.openwrt.org/t/missing-5ghz-radio-on-dlink-dap-2680/

Fixes: 5b58710fad ("ath79: add support for D-Link DAP-2680 A1")
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Alessandro Fellin <af.registrazioni@gmail.com>
2022-06-11 10:20:06 +02:00
David Bauer
a10e0d7d35 mac80211: sync nl80211.h with upstream
Sync nl80211.h with upstream in order to maintain parity with
nl80211_copy.h shipped with hostapd.

This is necessary, as currently the enum value for
NL80211_EXT_FEATURE_RADAR_BACKGROUND mismatches between hostapd and
mac80211. This breaks background radar capability detection in hostapd.

Reported-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: David Bauer <mail@david-bauer.net>
2022-06-11 01:05:45 +02:00
Paul Spooren
2a07270180 octeon: add SUPPORTED_DEVICES to er/erlite
Using the BOARD_NAME variable results for both er and erlite devices to
identify themselfs as `er` and `erlite` (via `ubus call system board`).

This is problematic when devices search for firmware upgrades since the
OpenWrt profile is actually called `ubnt_edgerouter` and
`ubnt_edgerouter-lite`.

By adding the `SUPPORTED_DEVICE` a mapping is created to point devices
called `er` or `erlite` to the corresponding profile.

FIXES: https://github.com/openwrt/asu/issues/348

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-06-09 17:14:28 +02:00
Christian 'Ansuel' Marangi
ab1f3a8706 prereq-build: add additional git detection
With some OS (Guix) the git submodule command is wrapped in
a script. Current logic parse the git submodule script directly.
If it's wrapped the prereq check wrongly fails while 'git submodule
--recursive' is actually available.
Add an additional check that try to directly use the 'git submodule'
command to check if the prereq is satisfied.

Fixes: #9986
Reported-by: Attila Lendvai <attila@lendvai.name>
Suggested-by: Attila Lendvai <attila@lendvai.name>
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
2022-06-09 15:30:33 +02:00
Eneas U de Queiroz
d55f12cc79 wolfssl: make WOLFSSL_HAS_OPENVPN default to y
Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y.  When the phase1 bots build
the now non-shared package, openvpn will not be selected, and WolfSSL
will be built without it.  Then phase2 bots have CONFIG_ALL=y, which
will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y.  This
changes the version hash, causing dependency failures, as shared
packages expect the phase2 hash.

Fixes: #9738

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-06-09 02:11:37 +02:00
Christian 'Ansuel' Marangi
eac1b8ab69 Revert "wolfssl: set nonshared flag global"
This reverts commit e0cc5b9b3a.
A better and correct solution was found.

Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
2022-06-09 01:35:45 +02:00
Christian 'Ansuel' Marangi
e0cc5b9b3a wolfssl: set nonshared flag global
libwolfssl-benchmark should NOT be compiled as nonshared but
currently there is a bug where, on buildbot stage2, the package
is recompiled to build libwolfssl-benchmark and the dependency
change to the new libwolfssl version.
Each dependant package will now depend on the new wolfssl package
instead of the one previously on stage1 that has a different package
HASH.

Set the nonshared PKGFLAGS global while this gets investigated
and eventually fixed.

Fixes: 0a2edc2714 ("wolfssl: enable CPU crypto instructions")
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
2022-06-09 00:47:13 +02:00
David Bauer
b72c7db229 hostapd: fix missing HS20 support for hostapd-full
commit c3a4cddaaf ("hostapd: remove hostapd-hs20 variant")
as well as
commit 9f1927173a ("hostapd: wpas: add missing config symbols")
indicate hostapd-full should support Hotspot 2.0 already, but only
wpa_supplicant (and wpad) do.

How this happened is not really clear, as no commit adding support for
Hotspot 2.0 is in the history.

Fix this and add Hotspot 2.0 capability to hostapd-full.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-06-08 23:17:09 +02:00
David Bauer
6ee4383350 hostapd: ubus: add bss-color to get_status
Add the current BSS color to hostapd get_status method. This field is
set to -1 in case BSS color is not active for the BSS.

Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-06-08 23:16:20 +02:00
David Bauer
6c152ce5b0 hostapd: randomize default BSS color
In case no specific BSS color is configured, set it to a random value.

Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-06-08 23:16:12 +02:00
David Bauer
c35ff1affe hostapd: update to 2022-05-08
Update hostapd to Git HEAD from 2022-05-08. This allows us to take
advantage of background radar-detection as well as BSS color collision
detection.

Suggested-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-06-08 23:16:06 +02:00
Bernd Naumann
98d91e4d5e hostapd: Radius based VLANs on AP with PSK
This patch allows the user to set `auth_server` and related settings on
non WPA2 Enterprise AP modes in `/etc/config/wireless`, too, so the
Radius Attributes for Dynamic VLAN Assignment can be fetched from Radius.

Without this patch, `auth_server` and other needed options are only
written to `hostapd-phy<n>.conf` when `option encryption wpa2` is set.

`hostapd` however supports "Station MAC address -based authentication" for
non WPA Enterprise Modes, too.

A classic approch is to use `accept_mac_file` which contains MAC addr
and VLAN-ID pairs. But, using `accept_mac_file` does not support
VLAN assignment for unknown stations.

This is a sample `freeradius3` config, where a known station
("7e:a6:a7:2a:93:d2") is assigned to VLAN `65` and unknown stations are
assigned to VLAN `67`.

```
"7ea6a72a93d2" Cleartext-Password := "7ea6a72a93d2"
        Tunnel-Type = "VLAN",
        Tunnel-Medium-Type = "IEEE-802",
        Tunnel-Private-Group-Id = 65

DEFAULT Cleartext-Password := "%{User-Name}"
        Tunnel-Type = "VLAN",
        Tunnel-Medium-Type = "IEEE-802",
        Tunnel-Private-Group-Id = 67
```

Other option is to configure known stations via `accept_mac_file` and
using only Radius for unknown stations.

I tested this patch only with `wpa_key_mgmt=WPA-PSK`, and assumed that
it should work with other Encryption/Access Mode, too.

Signed-off-by: Bernd Naumann <bernd.naumann@kr217.de>
2022-06-08 16:04:04 +02:00
Luiz Angelo Daros de Luca
f5a87a0a7b realtek: add gpio-restart for D-Link DGS-1210-28
A GPIO assert is required to reset the system. Otherwise, the system
will hang on reboot.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
2022-06-07 17:11:28 +02:00
Luiz Angelo Daros de Luca
8121e7dd75 realtek: add reset button for D-Link DGS-1210-28
Tested in a DGS-1210-28 F3, both triggering failsafe and reboot.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
2022-06-07 17:11:28 +02:00
Arınç ÜNAL
5c1b1918ab bcm53xx: remove BROKEN flag from Asus RT-AC88U
The image builds and works fine on Asus RT-AC88U. Therefore, remove the
BROKEN flag from the makefile.

Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
2022-06-07 16:16:56 +02:00
Eneas U de Queiroz
0a2edc2714 wolfssl: enable CPU crypto instructions
This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures.  Add this to the hardware acceleration choice, since they
can't be enabled at the same time.

The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them.  There is no run-time detection of this for arm.

NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-06-07 10:56:49 +02:00
Eneas U de Queiroz
18fd12edb8 wolfssl: add benchmark utility
This packages the wolfssl benchmark utility.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-06-07 10:56:49 +02:00
Eneas U de Queiroz
677774d445 wolfssl: don't change ABI because of hw crypto
Enabling different hardware crypto acceleration should not change the
library ABI.  Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-06-07 10:56:49 +02:00
Rui Salvaterra
fbf6992f2b kernel: bump 5.15 to 5.15.45
Patches automatically rebased.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2022-06-06 19:20:28 +02:00