This is necessary with firewall4 to avoid a hard-to-diagnose race
condition during boot, causing DNAT rules not to be taken into account
correctly.
The root cause is that, during boot, the ruleset is mostly empty, and
interface-related rules (including DNAT rules) are added incrementally.
If a packet hits the input chain before the DNAT rules are setup, it can
create buggy conntrack entries that will persist indefinitely.
This new default should be safe because firewall4 explicitly accepts
authorized traffic and rejects the rest. Thus, in normal operations, the
default policy is not used.
Fixes: #10749
Ref: https://github.com/openwrt/openwrt/issues/10749
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
The sector number must be stored in hex. Otherwise, the number (like 16)
will be parsed as hex and any write to the partition will end up with an
error like:
MTD erase error on /dev/mtd5: Invalid argument
Fixes: 9adfeccd84 ("uboot-envtools: Add support for IPQ806x AP148 and DB149")
Fixes: 54b275c8ed ("ipq40xx: add target")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@fungible.com>
Add a package for drm_ttm_helper.ko. CONFIG_DRM_TTM_HELPER is compiled
into the kernel on armvirt/64, x86/64, x86/generic and x86/legacy
because also some DRM drivers are compiled into the kernel. On x86/geode
it is not compiled into the kernel, but kmod-drm-amdgpu and
kmod-drm-radeon depend on it.
This fixes the x86/geode build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
For kernel versions before 5.2, the required IPsec modes have to be
enabled explicitly (they are built-in for newer kernels).
Commit 1556ed155a ("kernel: mode_beet mode_transport mode_tunnel xfram
modules") tried to handle this, but it does not really work.
Since we don't support these kernel versions anymore and the code is
also broken, let's remove it.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Remove old generic config options too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
a92c0a7 dhcpv6-ia: make tmp lease file hidden
4a673e1 fix null pointer dereference for INFORM messages
860ca90 odhcpd: Support for Option NTP and SNTP
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The kernel module gpio-mcp23s08 has been replaced by the new
pinctrl-mcp23s08* kernel modules.
There are now 3 kernel modules for this device
- Common module for both I2C and SPI kmod-pinctrl-mcp23s08
- Module for I2C kmod-pinctrl-mcp23s08-i2c
- Module for SPI kmod-pinctrl-mcp23s08-spi
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Adding a new method to `ubus call dsl` to retrieve DSL statistics
used to feed the DSL charts (bit allocation, SNR, QLN and HLOG)
Signed-off-by: Roland Barenbrug <roland@treslong.com>
[fix pointer error, clean up]
Signed-off-by: Andre Heider <a.heider@gmail.com>
DSL_G997_LineStatusData_t defines special invalid values, skip these
metrics.
Signed-off-by: Roland Barenbrug <roland@treslong.com>
[split patch]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Add support for the Linksys EA4500 v3 wireless router
Hardware
--------
SoC: Qualcomm Atheros QCA9558
RAM: 128M DDR2 (Winbond W971GG6KB-25)
FLASH: 128M SPI-NAND (Spansion S34ML01G100TFI00)
WLAN: QCA9558 3T3R 802.11 bgn
QCA9580 3T3R 802.11 an
ETH: Qualcomm Atheros QCA8337
UART: 115200 8n1, same as ea4500 v2
USB: 1 single USB 2.0 host port
BUTTON: Reset - WPS
LED: 1x system-LED
LEDs besides the ethernet ports are controlled
by the ethernet switch
MAC Address:
use address(sample 1) source
label 94:10:3e:xx:xx:6f caldata@cal_macaddr
lan 94:10:3e:xx:xx:6f $label
wan 94:10:3e:xx:xx:6f $label
WiFi4_2G 94:10:3e:xx:xx:70 caldata@cal_ath9k_soc
WiFi4_5G 94:10:3e:xx:xx:71 caldata@cal_ath9k_pci
Installation from Serial Console
------------
1. Connect to the serial console. Power up the device and interrupt
autoboot when prompted
2. Connect a TFTP server reachable at 192.168.1.0/24
(e.g. 192.168.1.66) to the ethernet port. Serve the OpenWrt
initramfs image as "openwrt.bin"
3. To test OpenWrt only, go to step 4 and never execute step 5;
To install, auto_recovery should be disabled first, and boot_part
should be set to 1 if its current value is not.
ath> setenv auto_recovery no
ath> setenv boot_part 1
ath> saveenv
4. Boot the initramfs image using U-Boot
ath> setenv serverip 192.168.1.66
ath> tftpboot 0x84000000 openwrt.bin
ath> bootm
5. Copy the OpenWrt sysupgrade image to the device using scp and
install it like a normal upgrade (with no need to keeping config
since no config from "previous OpenWRT installation" could be kept
at all)
# sysupgrade -n /path/to/openwrt/sysupgrade.bin
Note: Like many other routers produced by Linksys, it has a dual
firmware flash layout, but because I do not know how to handle
it, I decide to disable it for more usable space. (That is why
the "auto_recovery" above should be disabled before installing
OpenWRT.) If someone is interested in generating factory
firmware image capable to flash from stock firmware, as well as
restoring the dual firmware layout, commented-out layout for the
original secondary partitions left in the device tree may be a
useful hint.
Installation from Web Interface
------------
1. Login to the router via its web interface (default password: admin)
2. Find the firmware update interface under "Connectivity/Basic"
3. Choose the OpenWrt factory image and click "Start"
4. If the router still boots into the stock firmware, it means that
the OpenWrt factory image has been installed to the secondary
partitions and failed to boot (since OpenWrt on EA4500 v3 does not
support dual boot yet), and the router switched back to the stock
firmware on the primary partitions. You have to install a stock
firmware (e.g. 3.1.6.172023, downloadable from
https://www.linksys.com/support-article?articleNum=148385 ) first
(to the secondary partitions) , and after that, install OpenWrt
factory image (to the primary partitions). After successful
installation of OpenWrt, auto_recovery will be automatically
disabled and router will only boot from the primary partitions.
Signed-off-by: Edward Chow <equu@openmail.cc>
Several Broadcom targets were using the nand_do_upgrade_success
shell function which has been removed by commit e25e6d8e54
("base-files: fix and clean up nand sysupgrade code"). Refactor the
new nand_do_upgrade to bring back nand_do_upgrade_success with the
behavior expected by those users.
Fixes: e25e6d8e54 ("base-files: fix and clean up nand sysupgrade code")
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hardware specification:
SoC: MediaTek MT7986A 4x A53
Flash: ESMT F50L1G41LB 128 MB
RAM: K4A4G165WF-BCWE 512 MB
Ethernet: 4x 10/100/1000 Mbps
WiFi1: MT7976GN 2.4GHz ax 4x4
WiFi2: MT7976AN 5GHz ax 4x4
Button: Mesh, Reset
Flash instructions:
1. Gain ssh and serial port access, see the link below:
https://openwrt.org/toh/xiaomi/redmi_ax6000#installation
2. Use ssh or serial port to log in to the router, and
execute the following command:
nvram set boot_wait=on
nvram set flag_boot_rootfs=0
nvram set flag_boot_success=1
nvram set flag_last_success=1
nvram set flag_try_sys1_failed=8
nvram set flag_try_sys2_failed=8
nvram commit
3. Set a static ip on the ethernet interface of your computer
(e.g. default: ip 192.168.31.100, gateway 192.168.31.1)
4. Download the initramfs image, rename it to initramfs.bin,
and host it with the tftp server.
5. Interrupt U-Boot and run these commands:
setenv mtdparts nmbm0:1024k(bl2),256k(Nvram),256k(Bdata),2048k(factory),2048k(fip),256k(crash),256k(crash_log),112640k(ubi)
saveenv
tftpboot initramfs.bin
bootm
6. After openwrt boots up, use scp or luci web
to upload sysupgrade.bin to upgrade.
Revert to stock firmware:
Restore mtdparts back to default, then use the
vendor's recovery tool (Windows only).
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
When firmware images only contained compressed kernels and squashfs roots,
uncompressed tar files were a good option. We are now using UBIFS images,
both raw and tarred, as well as ubinized (full UBI partition) images, all
of which benefit greatly from compression.
For example, a raw ubinized backup taken from a running Askey RT4230W REV6
(such full backups can be restored via the LUCI's sysupgrade UI) is over
400 MB, but compresses to less than 10 MB.
This commit adds support for gzipped versions of all file types already
accepted by the nand sysupgrade mechanism, be them raw or tarred.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
It has been reported that ubinized nand sysupgrade fails under certain
circumstances, being unable to detach the existing ubi partition due to
volumes within the partition being mounted.
This is an attempt to solve such issues by unmounting and removing
ubiblock devices and unmounting ubi volumes within the target partition
prior to detaching and formatting it.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
- Never return from 'nand_do_upgrade', not even in case of errors, as that
would cause execution of sysupgrade code not intended for NAND devices.
- Unify handling of sysupgrade success and failure.
- Detect and report more error conditions.
- Fix outdated/incorrect/unclear comments.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
Commit e8b5429609 included an unintended change and we now call
scan_wifi before a network reload.
Restore the original behaviour and call scan_wifi only after a network
reload.
Fixes: e8b5429609 ("base-files: wifi: tidy up the reconf code")
Signed-off-by: Bob Cantor <bobc@confidesk.com>
Commit b82cc80713 included an unintended change and we now call
scan_wifi before a network reload.
Restore the original behaviour and call scan_wifi only after a network
reload.
Fixes: b82cc80713 ("base-files: wifi: swap the order of some ubus calls")
Signed-off-by: Bob Cantor <bobc@confidesk.com>
CONFIG_MAC80211_MESH isn't defined for this package, rendering the patch
useless. Match protecting the access of sta_info.mesh with the very same
define declaring it.
Fixes 45109f69a6 "mac80211: fix compile error when mesh is disabled"
Signed-off-by: Andre Heider <a.heider@gmail.com>
This updates mac80211 to version 5.15.74-1 which is based on kernel
5.15.74.
The removed patches were applied upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes:
084911c Release libbsd 0.11.7
3538d38 man: Discourage using the library in non-overlay mode
03fccd1 include: Adjust reallocarray() per glibc adoption
6b6e686 include: Adjust arc4random() per glibc adoption
da1f45a include: explicit_bzero() requires _DEFAULT_SOURCE
2f9eddc include: Simplify glibc version dependent macro handling
28298ac doc: Switch references from pkg-config to pkgconf
ef981f9 doc: Add missing empty line to separate README sections
6928d78 doc: Refer to the main git repository as primary
d586575 test: Fix explicit_bzero() test on the Hurd
be327c6 fgetwln: Add comment about lack of getwline(3) for recommendation
a14612d setmode: Dot not use saveset after free
f4baceb man: Rewrite gerprogname(3bsd) from scratch
f35c545 man: Lowercase man page title
b466b14 man: Document that some arc4random(3) functions are now in glibc 2.36
1f6a48b Sync arc4random(3) implementation from OpenBSD
873639e Fix ELF support for big endian SH
c9c78fd man: Use -compact also for alternative functions in libbsd(7)
5f21307 getentropy: Fix function cast for getauxval()
Signed-off-by: Nick Hainke <vincent@systemli.org>
struct of_device_id is not implicitly included anymore. Include
<linux/mod_devicetable.h> to fix compilation on Linux 5.15.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
MODULE_SUPPORTED_DEVICE is gone after Linux 5.15. Drop it's usage on
newer kernels to fix compilation with Linux 5.15.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
The result of copy_to_user() now has to be checked explicitly. Also
MODULE_SUPPORTED_DEVICE is gone after Linux 5.10.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
MODULE_SUPPORTED_DEVICE was removed after Linux 5.10. Drop it from the
driver as well.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
struct of_device_id is not implicitly included anymore. Include
<linux/mod_devicetable.h> to fix compilation on Linux 5.15.
Also upstream commit a24d22b225ce15 ("crypto: sha - split sha.h into
sha1.h and sha2.h") from Linux 5.11 moves functionality from sha.h to
sha1.h.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
set_fs is no longer supported since kernel 5.13 for mips.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Support was added as variant of 7530 (DEVICE_ALT0_*) in:
cb6f4be1 "ipq40xx: add support for FRITZ!Box 7520"
u-boot has a distinct config for it [0], built it.
[0] https://github.com/chunkeey/FritzBox-4040-UBOOT/pull/6
Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The of_mmc_spi.o resource is provider agnostic in kernels greater 5.13
and does not depend anymore on CONFIG_OF [0].
[0] - edd6021465
Suggested-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Similar to the implementation for the BPi-R3 use the same logic also
for determining the device to look for the U-Boot environment of the
BPi-R64.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This new NTFS driver was added in kernel 5.15. Avoid building empty
package for kernel 5.10.
Fixes: bd0db6017b ("kernel: 5.15: add new module")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>