This is necessary with firewall4 to avoid a hard-to-diagnose race
condition during boot, causing DNAT rules not to be taken into account
correctly.
The root cause is that, during boot, the ruleset is mostly empty, and
interface-related rules (including DNAT rules) are added incrementally.
If a packet hits the input chain before the DNAT rules are setup, it can
create buggy conntrack entries that will persist indefinitely.
This new default should be safe because firewall4 explicitly accepts
authorized traffic and rejects the rest. Thus, in normal operations, the
default policy is not used.
Fixes: #10749
Ref: https://github.com/openwrt/openwrt/issues/10749
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
The sector number must be stored in hex. Otherwise, the number (like 16)
will be parsed as hex and any write to the partition will end up with an
error like:
MTD erase error on /dev/mtd5: Invalid argument
Fixes: 9adfeccd84 ("uboot-envtools: Add support for IPQ806x AP148 and DB149")
Fixes: 54b275c8ed ("ipq40xx: add target")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@fungible.com>
Add a package for drm_ttm_helper.ko. CONFIG_DRM_TTM_HELPER is compiled
into the kernel on armvirt/64, x86/64, x86/generic and x86/legacy
because also some DRM drivers are compiled into the kernel. On x86/geode
it is not compiled into the kernel, but kmod-drm-amdgpu and
kmod-drm-radeon depend on it.
This fixes the x86/geode build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
After replacing the R4K event timer and clock source with the new
Realtek Otto timer, performance for RTL839x devices was severely
impacted, as reported by Hiroshi.
Research by Markus showed that after commit 4657a5301e ("realtek:
avoid busy waiting for RTL839x PHY read/write"), the ethernet driver
could only update a phy once per timer interval, which also heavily
impacted boot time. On e.g. a Zyxel GS1900-48, this added around a
minute to the time to fully initialise the switch.
By marking the otto clocksource as continuous, the kernel enables it to
be used for high resolution timers. This allows readx_poll_timeout() to
sleep for less than one system timer interval, reducing system dead
time.
Link: https://github.com/openwrt/openwrt/issues/11117
Reported-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Cc: Markus Stockhausen <markus.stockhausen@gmx.de>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Tested-by: INAGAKI Hiroshi <musashino.open@gmail.com> # Panasonic Switch-M48eG PN28480K
Tested-by: Jan Hoffmann <jan@3e8.eu> # HPE 1920-8G, HPE 1920-48G
The use of the adc_oe value stored in the efuse has been dropped in
MediaTek's SDK during a recent refactorization of the temperature
calculation formula. Don't ignore this offset value and again include
it in raw-to-deg-celsius calculation.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
It is an in-wall 802.11ax (Wi-Fi 6) router, based on MediaTek MT7621A.
Specifications:
- SoC: MT7621AT (880MHz, 2 Cores)
- RAM: 128 MB
- Flash: 16 MB SPI NOR
- Wi-Fi:
- MT7915DN + MT7905DAN: 2.4/5 GHz
- Ethernet: 1x 1GiE via MT7530
- UART: J4 (115200 baud)
- Pinout: [3V3] (TXD) (RXD) (GND)
- Bootloader: U-Boot
- Buttons:
- SW1 - no label on the box, combined with led
- Led: Status. RGB controlled by
- GPIO 14 - green color
- GPIO 15 - red color
- GPIO 16 - blue color
Installation:
OEM firmware is based on LEDE with custom UI and support standard sysupgrade
variant of firmware. However it requires "*.ubin" extension for sysupgrade file.
Always select "Factory reset" switch on upgrade to OpenWRT, otherwise
it will not boot.
MAC addresses as verified by OEM firmware:
vendor source
LAN factory 0x4 (label)
5g factory 0x4 (label)
2g label with flipped bits bit in 1-st byte and bits 5, 6, 7 in
4-th byte
Example
label: 44:xx:xx:b7:xx:xx
lan: 44:xx:xx:b7:xx:xx
2g 46:xx:xx:c7:xx:xx
5g 44:xx:xx:b7:xx:xx
Signed-off-by: Volodymyr Puiul <volodymyr.puiul@gmail.com>
For kernel versions before 5.2, the required IPsec modes have to be
enabled explicitly (they are built-in for newer kernels).
Commit 1556ed155a ("kernel: mode_beet mode_transport mode_tunnel xfram
modules") tried to handle this, but it does not really work.
Since we don't support these kernel versions anymore and the code is
also broken, let's remove it.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Remove old generic config options too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
a92c0a7 dhcpv6-ia: make tmp lease file hidden
4a673e1 fix null pointer dereference for INFORM messages
860ca90 odhcpd: Support for Option NTP and SNTP
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This will build OpenWrt for MIPS malta BE and x86 64 Bit with all
packages and kernel modules activated. It is triggered when something
changes in the build system or when a package definition is changed.
This task probably needs 90 minutes to execute, but I hope that it
will find build problems in pull requests early.
This intentionally does not activate the feeds, because building them
too would take too long. We only build x86/64 and malta/be to save
resources.
I would like to detect build problems when a package is changed. We
often had build breaks when a package version was increased sometime
even in other packages which used it as a dependency.
This is based on the .github/workflows/packages.yml workflow.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
unetd always includes $(INCLUDE_DIR)/bpf.mk. This file always checks if
the LLVM version is supported in CLANG_VER_VALID. unetd only needs bpf
when UNETD_VXLAN_SUPPORT is set. It fails when UNETD_VXLAN_SUPPORT is
not set and llvm is not installed.
Fix it by only checking the LLVM version when a LLVM toolchain is
available.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The CONFIG_PINCTRL_MCP23S08 configuration option is already unset in the
generic kernel configuration.
Fixes: f938512af6 ("target/at91: replace gpio-mcp23s08 with pinctrl-mcp23s08-spi update config")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds support for the MikroTik RouterBOARD RBD53GR-5HacD2HnD
(hAP ac³ LTE6 kit), an indoor dual band, dual-radio 802.11ac
wireless AP with built-in Mini PCI-E LTE modem, one USB port, five
10/100/1000 Mbps Ethernet ports.
See https://mikrotik.com/product/hap_ac3_lte6_kit for more info.
Specifications:
- SoC: Qualcomm Atheros IPQ4019
- RAM: 256 MB
- Storage: 16 MB NOR
- Wireless:
· Built-in IPQ4019 (SoC) 802.11b/g/n 2x2:2, 3 dBi internal antennae
· Built-in IPQ4019 (SoC) 802.11a/n/ac 2x2:2, 5.5 dBi internal antennae
- Ethernet: Built-in IPQ4019 (SoC, QCA8075) , 5x 1000/100/10 port
- 1x USB Type A port
- 1x Mini PCI-E port (supporting USB)
- 1x Mini PCI-E LTE modem (MikroTik R11e-LTE6, Cat.6)
Installation:
Make sure your unit is runnning RouterOS v6 and RouterBOOT v6 (tested on 6.49.6).
0. Export your MikroTik license key (in case you want to use the device with RouterOS later)
1. Boot the initramfs image via TFTP
2. Upload the "openwrt-ipq40xx-mikrotik-mikrotik_hap-ac3-lte6-kit-squashfs-sysupgrade.bin" via SCP to the /tmp folder
3. Use sysupgrade to flash the image: sysupgrade -n /tmp/openwrt-ipq40xx-mikrotik-mikrotik_hap-ac3-lte6-kit-squashfs-sysupgrade.bin
4. Recovery to factory software is possible via Netinstall:
https://help.mikrotik.com/docs/display/ROS/Netinstall
Signed-off-by: Csaba Sipos <metro4@freemail.hu>
The dependency on the kernel module gpio-mcp23s08 is replaced by
pinctrl-mcp23s08-spi and pinctrl-mcp23s08-i2c, as the gpio-mpc23s08 kernel
module no longer exists.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The kernel config option 'CONFIG_GPIO_MCP23S08' no longer exists.
Therefore, it is removed from the generic kernel configuration for
linux-5.10 and linux-5.15.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Adapt the device package to no longer use the gpio-mcp23s08 but instead
use the pinctrl-mcp23s08-spi. In addition, the kernel configuration was
adapted so that this can be built as a module and does not have to be
integrated directly into the kernel for this target.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The kernel module gpio-mcp23s08 has been replaced by the new
pinctrl-mcp23s08* kernel modules.
There are now 3 kernel modules for this device
- Common module for both I2C and SPI kmod-pinctrl-mcp23s08
- Module for I2C kmod-pinctrl-mcp23s08-i2c
- Module for SPI kmod-pinctrl-mcp23s08-spi
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Adding a new method to `ubus call dsl` to retrieve DSL statistics
used to feed the DSL charts (bit allocation, SNR, QLN and HLOG)
Signed-off-by: Roland Barenbrug <roland@treslong.com>
[fix pointer error, clean up]
Signed-off-by: Andre Heider <a.heider@gmail.com>
DSL_G997_LineStatusData_t defines special invalid values, skip these
metrics.
Signed-off-by: Roland Barenbrug <roland@treslong.com>
[split patch]
Signed-off-by: Andre Heider <a.heider@gmail.com>
In the stock firmware of Linksys, there is a '0' after the crc checksum.
Validated on EA6350V3, EA7300 and EA7300V2's stock images.
Fixes: 892d741259 build: add a script for generating Linksys factory images
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Add support for the Linksys EA4500 v3 wireless router
Hardware
--------
SoC: Qualcomm Atheros QCA9558
RAM: 128M DDR2 (Winbond W971GG6KB-25)
FLASH: 128M SPI-NAND (Spansion S34ML01G100TFI00)
WLAN: QCA9558 3T3R 802.11 bgn
QCA9580 3T3R 802.11 an
ETH: Qualcomm Atheros QCA8337
UART: 115200 8n1, same as ea4500 v2
USB: 1 single USB 2.0 host port
BUTTON: Reset - WPS
LED: 1x system-LED
LEDs besides the ethernet ports are controlled
by the ethernet switch
MAC Address:
use address(sample 1) source
label 94:10:3e:xx:xx:6f caldata@cal_macaddr
lan 94:10:3e:xx:xx:6f $label
wan 94:10:3e:xx:xx:6f $label
WiFi4_2G 94:10:3e:xx:xx:70 caldata@cal_ath9k_soc
WiFi4_5G 94:10:3e:xx:xx:71 caldata@cal_ath9k_pci
Installation from Serial Console
------------
1. Connect to the serial console. Power up the device and interrupt
autoboot when prompted
2. Connect a TFTP server reachable at 192.168.1.0/24
(e.g. 192.168.1.66) to the ethernet port. Serve the OpenWrt
initramfs image as "openwrt.bin"
3. To test OpenWrt only, go to step 4 and never execute step 5;
To install, auto_recovery should be disabled first, and boot_part
should be set to 1 if its current value is not.
ath> setenv auto_recovery no
ath> setenv boot_part 1
ath> saveenv
4. Boot the initramfs image using U-Boot
ath> setenv serverip 192.168.1.66
ath> tftpboot 0x84000000 openwrt.bin
ath> bootm
5. Copy the OpenWrt sysupgrade image to the device using scp and
install it like a normal upgrade (with no need to keeping config
since no config from "previous OpenWRT installation" could be kept
at all)
# sysupgrade -n /path/to/openwrt/sysupgrade.bin
Note: Like many other routers produced by Linksys, it has a dual
firmware flash layout, but because I do not know how to handle
it, I decide to disable it for more usable space. (That is why
the "auto_recovery" above should be disabled before installing
OpenWRT.) If someone is interested in generating factory
firmware image capable to flash from stock firmware, as well as
restoring the dual firmware layout, commented-out layout for the
original secondary partitions left in the device tree may be a
useful hint.
Installation from Web Interface
------------
1. Login to the router via its web interface (default password: admin)
2. Find the firmware update interface under "Connectivity/Basic"
3. Choose the OpenWrt factory image and click "Start"
4. If the router still boots into the stock firmware, it means that
the OpenWrt factory image has been installed to the secondary
partitions and failed to boot (since OpenWrt on EA4500 v3 does not
support dual boot yet), and the router switched back to the stock
firmware on the primary partitions. You have to install a stock
firmware (e.g. 3.1.6.172023, downloadable from
https://www.linksys.com/support-article?articleNum=148385 ) first
(to the secondary partitions) , and after that, install OpenWrt
factory image (to the primary partitions). After successful
installation of OpenWrt, auto_recovery will be automatically
disabled and router will only boot from the primary partitions.
Signed-off-by: Edward Chow <equu@openmail.cc>
Several Broadcom targets were using the nand_do_upgrade_success
shell function which has been removed by commit e25e6d8e54
("base-files: fix and clean up nand sysupgrade code"). Refactor the
new nand_do_upgrade to bring back nand_do_upgrade_success with the
behavior expected by those users.
Fixes: e25e6d8e54 ("base-files: fix and clean up nand sysupgrade code")
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Manually rebased:
bcm53xx/patches-5.10/180-usb-xhci-add-support-for-performing-fake-doorbell.patch
All patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me>
[Move gro_skip in 680-NET-skip-GRO-for-foreign-MAC-addresses.patch to old position]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hardware specification:
SoC: MediaTek MT7986A 4x A53
Flash: ESMT F50L1G41LB 128 MB
RAM: K4A4G165WF-BCWE 512 MB
Ethernet: 4x 10/100/1000 Mbps
WiFi1: MT7976GN 2.4GHz ax 4x4
WiFi2: MT7976AN 5GHz ax 4x4
Button: Mesh, Reset
Flash instructions:
1. Gain ssh and serial port access, see the link below:
https://openwrt.org/toh/xiaomi/redmi_ax6000#installation
2. Use ssh or serial port to log in to the router, and
execute the following command:
nvram set boot_wait=on
nvram set flag_boot_rootfs=0
nvram set flag_boot_success=1
nvram set flag_last_success=1
nvram set flag_try_sys1_failed=8
nvram set flag_try_sys2_failed=8
nvram commit
3. Set a static ip on the ethernet interface of your computer
(e.g. default: ip 192.168.31.100, gateway 192.168.31.1)
4. Download the initramfs image, rename it to initramfs.bin,
and host it with the tftp server.
5. Interrupt U-Boot and run these commands:
setenv mtdparts nmbm0:1024k(bl2),256k(Nvram),256k(Bdata),2048k(factory),2048k(fip),256k(crash),256k(crash_log),112640k(ubi)
saveenv
tftpboot initramfs.bin
bootm
6. After openwrt boots up, use scp or luci web
to upload sysupgrade.bin to upgrade.
Revert to stock firmware:
Restore mtdparts back to default, then use the
vendor's recovery tool (Windows only).
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
When firmware images only contained compressed kernels and squashfs roots,
uncompressed tar files were a good option. We are now using UBIFS images,
both raw and tarred, as well as ubinized (full UBI partition) images, all
of which benefit greatly from compression.
For example, a raw ubinized backup taken from a running Askey RT4230W REV6
(such full backups can be restored via the LUCI's sysupgrade UI) is over
400 MB, but compresses to less than 10 MB.
This commit adds support for gzipped versions of all file types already
accepted by the nand sysupgrade mechanism, be them raw or tarred.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
It has been reported that ubinized nand sysupgrade fails under certain
circumstances, being unable to detach the existing ubi partition due to
volumes within the partition being mounted.
This is an attempt to solve such issues by unmounting and removing
ubiblock devices and unmounting ubi volumes within the target partition
prior to detaching and formatting it.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
- Never return from 'nand_do_upgrade', not even in case of errors, as that
would cause execution of sysupgrade code not intended for NAND devices.
- Unify handling of sysupgrade success and failure.
- Detect and report more error conditions.
- Fix outdated/incorrect/unclear comments.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
In rtl83xx_set_features we set bit 3 to enable, and bit 4 to disable
checksuming. Looking at rtl93xx_set_features we however see that for
both enable and disable the same bit is used (bit 4). This can't be
right, especially as bit 4 for rtl83xx seems to be Collision threshold
occupying 2 bits. Change this to make this more logical.
Fixes: 9e8d62e421 ("realtek: enable CRC offloading")
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Linksys EA8500 is currently broken after the kernel 5.15 bump. Disable
compiling it by default from buildbot to prevent brick from the user.
Don't mark it as BROKEN to permit user to compile images and permit devs
to bisect the problem with the users.
The current problem with the device is that the switch is not detected
and we can't comunicate with it via MDIO.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Linksys EA8500 is currently broken after the kernel 5.15 bump. Disable
compiling it by default from buildbot to prevent brick from the user.
Don't mark it as BROKEN to permit user to compile images and permit devs
to bisect the problem with the users.
The current problem with the device is that the switch is not detected
and we can't comunicate with it via MDIO.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>