Commit Graph

409 Commits

Author SHA1 Message Date
Jo-Philipp Wich
442db0d6d8 kernel: deny swconfig set requests for unprivileged users
The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).

Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.

Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-11 00:53:19 +02:00
Felix Fietkau
7eeb254cc4 treewide: replace nbd@openwrt.org with nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 08:58:42 +02:00
John Crispin
3a03c08c82 AR8216: improve mmd register access
Combine all bus operations for one MMD access in one function.
Protecting all these bus operations with one lock also helps
to avoid potential issues due to bus operations intercepting
the register and data write.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>

SVN-Revision: 48914
2016-03-04 08:33:33 +00:00
John Crispin
d3776bdfc9 AR8216: make ARL age time configurable
The default TTL for address resolution table entries is 5 minutes
for all members of the AR8216 family. This can cause issues if
e.g. Wifi clients roam to another AP and their MAC appears on
another switch port suddenly. Then the client may not be reachable
until the old ARL entry expires.
I would have expected the switch to invalidate old entries if it
detects the same MAC on another port. But that's not the case.

Therefore make the TTL for ARL entries configurable.
The effective TTL will always be a multiple of 7 seconds.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>

SVN-Revision: 48913
2016-03-04 08:33:30 +00:00
John Crispin
4eaa750089 AR8216: remove redundant port number in MIB header line
The line before includes the port number anyway so there's no need
to duplicate the port number in the MIB info header.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>

SVN-Revision: 48912
2016-03-04 08:33:28 +00:00
John Crispin
f03ec2baf7 AR8216: complement MIB counters with info in GiB / MiB / KiB
The decimal values especially for TxByte and RxGoodByte are hard to read
once bigger amounts of data have been transferred.
Therefore complement the decimal values with info in GiB / MiB / KiB.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>

SVN-Revision: 48911
2016-03-04 08:33:25 +00:00
John Crispin
76e1efc042 AR8216: don't display MIB counters if all are empty
For unused switch ports all MIB values are zero. Displaying ~40 empty
MIB counters is just confusing and makes it hard to read the output of
swconfig dev <dev> show.
Therefore, if all MIB counters for a port are zero, just display
an info that the MIB counters are empty.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>

SVN-Revision: 48910
2016-03-04 08:33:22 +00:00
Felix Fietkau
d527b82862 switch: allow Ethernet port LEDs to show specific port speeds only
This patch adds speed_mask special file to LEDs connected to switch ports
via 'switch' trigger. It allows to choose which speeds to signal when link
is up. If router has more than one LED per port, they may light up
differently depending on how fast connection is. Default setting is 'all
speeds' so backward compatibility with system scripts (for example uci) is
maintained.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>

SVN-Revision: 48775
2016-02-25 13:31:26 +00:00
Felix Fietkau
f61a80444c switch: make LED port_mask file write handler use kstrtoul() function
This patch changes swconfig_trig_port_mask_store() handler to utilize
kstrtoul() function instead of call to obsolete simple_strtoul(). Thanks
to this change, new handler takes less memory and makes port_mask special
file accept not only hexadecimal, but also decimal and octal numbers.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>

SVN-Revision: 48774
2016-02-25 13:31:23 +00:00
Rafał Miłecki
319863f60e kernel: mtdsplit: support uimage with UBI
This patch adds uimage firmware split support for ubi.

Signed-off-by: YounJae Rho <luxflow@live.com>

SVN-Revision: 48755
2016-02-24 22:43:16 +00:00
Rafał Miłecki
1a57ce0c03 kernel: mtdsplit: add missing digest field to Seama header
Seama format has 2 similar headers: container (seal) header and entity
header. The first one has size always set to 0 and doesn't contain MD5
digest.

When dealing with Seama on a flash we deal directly with an entity. You
can see mtdsplit_parse_seama reads from offset 0 and expects entity to
be there. Seama container is used by bootloader / interface only which
extract entity out of it and flash it.

That said we should fix our header struct. This is important as we
calculate possible rootfs offset assuming it may be placed right after
Seama entity. So far calculate offset was always 16B too low.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48754
2016-02-23 14:40:40 +00:00
Rafał Miłecki
6831bac31f b53: support setting port link
When dealing with Broadcom hardware we can simply use swconfig's generic
helper, we just need to do some validation of requested state.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48623
2016-02-03 09:33:56 +00:00
Rafał Miłecki
b3c3542515 b53: provide PHY access to swconfig
Thanks to this change swconfig can access port PHYs e.g. when setting
port link state with a generic helper.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48622
2016-02-03 09:33:50 +00:00
Rafał Miłecki
19b9e14c47 swconfig: add (PHY) generic helper setting port link
It's quite common for switches to have PHY per port so adding a generic
helper setting link state will help many drivers. It just needs an API
to access PHYs which this patch also adds.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48621
2016-02-03 09:33:38 +00:00
Rafał Miłecki
9220dd5d36 kernel: mtdsplit: support Seama entity with UBI
Some D-Link routers (e.g. DIR-885L) have NAND and use Seama format. It
means OpenWrt will want to have UBI in Sseama entity and should be able
to detect it.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48600
2016-02-01 12:41:53 +00:00
Rafał Miłecki
4156f292c1 kernel: mtdsplit: detect UBI partition when looking for rootfs
This allows mtdsplit parsers work with UBI which is very popular on
NAND flases.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48599
2016-02-01 12:41:47 +00:00
Rafał Miłecki
e1491b341b kernel: mtdsplit: modify rootfs helpers to provide partition type
Our mtdsplit parsers may want to create partition with name choice based
on partition file system (e.g. SquashFS vs. JFFS2). This patch allows
passing extra argument pointing to variable that will be set properly.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48598
2016-02-01 12:41:41 +00:00
Rafał Miłecki
02abeb3b0a kernel: mtdsplit: document Seama splitter a bit
Rename kernel_size variable as it includes whole entity size, not just a
kernel size. Also update comments to match it and describe better what
are we checking/looking for.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48480
2016-01-25 07:18:47 +00:00
Jonas Gorski
a9b4952be1 swconfig: simplify init code
Directly return the return value of genl_register_family_with_ops()
instead of storing it in a temporary variable, then returning it.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 48472
2016-01-24 12:36:06 +00:00
Jonas Gorski
38719ecca4 swconfig: drop linux < 3.13 code paths
The oldest kernel we support is 3.18, no need to keep code paths
for older kernels.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 48471
2016-01-24 12:35:59 +00:00
John Crispin
ed72c5f846 ar71xx: add support for Netgear WPN824N
Add support for Netgear WPN824N.
Hardware specs:
  * AR7240, 4 LAN ports, 1 WAN port
  * AR9285 WLAN
  * 32 MB RAM
  * 4 MB Flash
  * 16 LEDs (LAN, WAN and Power/Status contain two LEDs for dual color
    effect)
  * 3 Buttons (not supported)

Signed-off-by: Hartmut Knaack <knaack.h@gmx.de>

SVN-Revision: 48356
2016-01-19 10:16:04 +00:00
Jonas Gorski
2b3b4c95f1 b53: update header register difinitions
BCM531x5 has two pontential cpu ports, and header mode can be enabled
independently on both.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 48302
2016-01-18 10:46:47 +00:00
Felix Fietkau
f8d2ec6e9d ar8327: add IGMP Snooping support
This add support for IGMP Snooping on atheros switches (disabled by default),
which avoids flooding the network with multicast data.

Tested on TL-WDR4300: disabling IGMP Snooping results in multicast flooding
on each specific port, enabling it back again prevents each port from
receiving all multicast packets.

Partially based on: http://patchwork.ozlabs.org/patch/418122/

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>

SVN-Revision: 48268
2016-01-17 10:42:46 +00:00
Felix Fietkau
7703e14bc4 kernel: mtdsplit_squashfs: Align with the erase-block size
On most image types the rootfs ends at an erase-block. However, at least
with brnImages this is not the case: while the partitions are aligned
with the erase-block size there is a 12 byte footer at the end of the
partition which must not be touched by any filesystem. This lead to a
rootfs_data partition which was not aligned properly (and thus ended up
being readonly):
	0x000000480000-0x00000085a800 : "rootfs_data" (128 KiB EB)

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

SVN-Revision: 48263
2016-01-17 10:41:30 +00:00
Felix Fietkau
651083bbd9 kernel: mtdsplit: add support for EVA images
This allows splitting EVA images (usually found in fritz devices). The
firmware will be split into a kernel and a separate rootfs partition.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

SVN-Revision: 48262
2016-01-17 10:41:08 +00:00
Felix Fietkau
bdd2772f1d kernel: mtdsplit: add support for brnImages
This adds brnImage (used with the brnboot bootloader) firmware parsing
support. brnboot verifies the integrity of the firmware stored on the
"Code Image" partitions by looking at the 12 byte footer at the very end
of the partition. This footer contains the checksum of the original
brnImage (kernel + rootfs/squashfs) and must not be touched (by our JFFS2
rootfs_data - otherwise the image will not be bootable anymore).

Big thanks to Mathias Kresin for analyzing the brnImage structure and
finding out the information how to keep images valid even when adding a
nested rootfs_data partition.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

SVN-Revision: 48261
2016-01-17 10:40:51 +00:00
Rafał Miłecki
5f69279dd6 swconfig: add API for setting port link speed
Some switches can force link speed for a port. Let's add API that will
allow drivers to export this feature.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48142
2016-01-06 18:32:21 +00:00
Rafał Miłecki
b836a7c29d ledtrig-netdev: don't stop timer on events for different interfaces
This fixes regression introduced in my recent ledtrig-netdev commit.
Events triggered by different interfaces were stopping timer so it
wasn't working for tx/rx mode.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 48072
2016-01-02 20:38:56 +00:00
John Crispin
df165974c3 ledtrig-netdev: add support for renamed devices
The ppp0 interface is renamed after the connection is established. Due
to a missing NETDEV_REGISTER event, the ledtrig-netdev isn't aware of
the renamed interface and literally ignores the device
(no tx/rx indication, led isn't switched off with 'ifdown wan').

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 48048
2016-01-01 21:19:41 +00:00
John Crispin
71cd537a8a swconfig: switch kernel PORT_LINK support to SWITCH_TYPE_LINK
As explained earlier, using SWITCH_TYPE_LINK gives more flexibility,
it doesn't require e.g. string parsing to read some data.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 47999
2015-12-23 19:25:02 +00:00
John Crispin
67e10d757f swconfig: add SWITCH_TYPE_LINK and support sending link info to user space
So far we were sending link data as a string. It got some drawbacks:
1) Didn't allow writing clean user space apps reading link state. It was
   needed to do some screen scraping.
2) Forced whole PORT_LINK communication to be string based. Adding
   support for *setting* port link required passing string and parting
   it in the kernel space.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 47997
2015-12-23 19:24:30 +00:00
Rafał Miłecki
e9e3a0682c ledtrig-netdev: reset link status & stats after changing device_name
Previously switching to non-existing device (interface) could result in
leaving LED on.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 47990
2015-12-23 17:11:49 +00:00
Rafał Miłecki
2b1129a7ba ledtrig-netdev: drop locking from timer callback function
We may just delete timer on every trigger update and then start it again
if needed. This will let us avoid both: races and locking in frequently
called timer callback.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 47987
2015-12-23 15:45:43 +00:00
Rafał Miłecki
a56aaf73b9 ledtrig-netdev: switch rwlock to spinlock
Read/write lock was adding useless complexity, there wasn't any real
gain in case of this driver.
Also switch to _bh variants to avoid deadlocks.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 47986
2015-12-23 15:45:36 +00:00
Rafał Miłecki
8996164e56 ledtrig-netdev: update base driver instead of patching it for every kernel
All supported kernels require patching ledtrig-netdev in the same way,
so it's safe to just move these changes to the base version of this
driver. We needed these patches for some old kernels 2.6.36 and 3.11.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 47962
2015-12-23 10:17:09 +00:00
Felix Fietkau
814d70b2fd ar8216: rework/fix AR8337 MAC swap handling
In r45970 the MAC swap handling was made opt-in, however some boards
have been forgotten during the conversion. Since the reference design
uses this MAC swapping, and pretty much all known boards using this chip
seem to do so too, enabling the swapping is a more reasonable default
than leaving it disabled.

Change the code to still allow boards to opt-out of this.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 47956
2015-12-20 14:25:45 +00:00
Jonas Gorski
813227d992 kernel: mvswitch: merge 3.10+ compile fix into the code
The lowest we support is 3.18, so no need to keep it as a separate
patch.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 47749
2015-12-04 09:45:07 +00:00
John Crispin
7fe0940c69 generic: fix adm6996 init
Kernel 3.14 added aditional genphy_soft_reset phy reset to phy_init_hw in drivers/net/phy/phy_device.c
Since adm6996 does in driver soft reset and doesn't use BMCR_RESET for soft reset
add dummy soft_reset callback to adm6996 driver, like it is done in ar8216.

This fixes ticket #20147

Signed-off-by: Andrej Vlasic <andrej.vlasic0@gmail.com>

SVN-Revision: 47272
2015-10-26 10:39:53 +00:00
Felix Fietkau
18c01061a9 mvsw61xx: match swconfig function names
Signed-off-by: Claudio Leite <leitec@staticky.com>

SVN-Revision: 46865
2015-09-11 16:34:49 +00:00
Felix Fietkau
b75d188b21 mvsw61xx: use standard swconfig get_port_link
The previous "link" and "status" functions were non-standard,
and thus less useful for parsing.

Signed-off-by: Claudio Leite <leitec@staticky.com>

SVN-Revision: 46864
2015-09-11 16:34:35 +00:00
Imre Kaloz
9cca6c5ad9 Previously, all VLANs (port-based or 802.1q) were sharing a single database in the ATU. This created problems in the case of a system where two ports/devices share a MAC address (e.g. Linksys WRT1900AC eth0/eth1).
This also clears any bootloader-set FDB defaults. This had
caused issues creating port-based VLANs when mappings
overlapped previous VLANs. Packets destined to a port
not in the default port group flooded all ports.

Tested on a 88E6171 (Linksys EA4500) and 88E6172 ('1900AC)

Signed-off-by: Claudio Leite <leitec@staticky.com>
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 46699
2015-08-21 08:09:52 +00:00
Felix Fietkau
b04b1ca933 ar8216: add swconfig attributes for ARL table flushing
Add swconfig attributes for flushing the ARL table globally or per port.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>

SVN-Revision: 46382
2015-07-15 08:17:42 +00:00
Felix Fietkau
33b72b8e0f ar8216: adjust ATU flushing in case of link changes
If a link goes down, don't flush the complete ARL table.
Only flush the entries for the respective port.
Don't touch ARL table if a link goes up.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>

SVN-Revision: 46381
2015-07-15 08:17:36 +00:00
Felix Fietkau
00e599b0b7 ar8216: add ARL table flushing per port
Adds functions for flushing ARL table entries per port.

Successfully tested on AR8327. Implementation for AR8216/AR8236/AR8316
is based on the AR8236 datasheet and assumes that the three chips
share a common ATU register layout.
Compile-tested only for AR8216/AR8236/AR8316.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>

SVN-Revision: 46380
2015-07-15 08:17:28 +00:00
Felix Fietkau
2666403c3a ar8216: add reading ARL table for AR8216/AR8236/AR8316
Adds the chip-specific part of reading ARL table for AR8216/AR8236/AR8316.

It's based on the AR8236 datasheet and compile-tested only as I couldn't
find datasheets for AR8216/AR8316 and don't own devices with these chips.

The existing ar8216_atu_flush implementation was used for all three
chip types, therefore I guess they share a common ATU register layout.

More testing would be appreciated.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>

SVN-Revision: 46379
2015-07-15 08:17:23 +00:00
Hauke Mehrtens
d0aca89c18 kernel: b53: fix build with brcm47xx
The position of the nvram header file on brcm47xx changed with kernel
version 4.1.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46170
2015-07-03 23:27:21 +00:00
Rafał Miłecki
5c809ecfe7 b53: Allow using all 8 ports on BCM53011
On two tested devices: Netgear R6250 (BCM53011 rev 2) and Luxul XWC-1000
(BCM53011 rev 3) it was possible to use port 7 and eth1 (instead of port
5 and eth0). It seems BCM53011 just like BCM53012 has 8 ports and
usually 3 of them are connected to the SoC.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 46104
2015-06-21 21:06:09 +00:00
Felix Fietkau
4a9d726200 ar8216: Fix problem with AR8337 MAC swap handling
AR8337 supports a configuration bit to swap MAC0 and MAC6.
Currently this is set in general if an AR8337 is detected and causes
issues with devices using an AR8334 (internally an AR8337, just
less chip pins).
And it might even cause issues with AR8337-based devices with
different board designs.

Swapping the MAC's however isn't needed for AR8337 in general.
It's just needed in case of certain board designs (affected devices
seem to be based on Atheros reference board AP135/136-010).
Therefore this configuration bit should be moved to platform data.

The patch includes the needed changes to the device initialization
code of affected devices. Hopefully I didn't miss any ..

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>

SVN-Revision: 45970
2015-06-14 17:43:50 +00:00
Jonas Gorski
9fbd6d0ba0 b53: fix memory out of bounds access on 64 bit targets
On device reset the sizes for the vlan and port tables were wrongly
calculated based on the pointer size instead of the struct size. This
causes buffer overruns on 64 bit targets, resulting in panics.

Fix this by dereferencing the pointers.

Reported-by: Fedor Konstantinov <blmink@mink.su>
Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 45938
2015-06-10 09:21:36 +00:00
Jonas Gorski
d24d5412ff b53: widen stp state mask to 3 bits (instead of 2)
At least on my b53 chip, the mask is 3 bits wide, and because
of this some STP states are not set properly and discarded when read.

Maybe for some other chips it makes sense to have just 2 bits width,
but I don't have other versions around to test/validate.

If that's the case then maybe we could add another STP state mask.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 45937
2015-06-10 09:21:31 +00:00