Evaluating the return value of 'json_load' didn't work in the intended way resulting in PIN status no longer being read on modems where --get-pin-status doesn't fail. Fix this by trying --get-pin-status first and checking if pin1_status field exists in JSON, and if it doesn't try again with --uim-get-sim-state.
Fixes: #9501 Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: ee7cb5e)
qoriq: remove CONFIG_GDB_SCRIPTS from kernel config
It is disabled in the generic kernel config and not used in any of the other targets. There was no specific reason for enabling it, so let's be consistent and remove it from the qoriq kernel config.
imagebuilder: fix broken image generation with external targets
When using external targets there is a symlink being created for the target under target/linux which then becomes dangling under Image Builder. Fix it by dereferencing the possible symlink.
Tested on IB with external target, ipq40xx and mvebu.
Signed-off-by: Petr Štetiar <ynezz@true.cz> (commit: 621f39d)
Some configure scripts look for msgfmt and gmsgfmt. As we don't install the latter, configure might pick up one from staging_dir/hostpkg, and the other from the host:
checking for msgfmt... /home/stijn/Development/OpenWrt/openwrt/staging_dir/hostpkg/bin/msgfmt checking for gmsgfmt... /usr/bin/gmsgfmt
This could potentially lead to hard to debug undefined behaviour. Install a symlink in the host install phase to avoid this.
This turned out this is an issue with upstream changing ATA_TAG_INTERNAL's value from 31 to 32 during 4.18 release. Update "SATA_DWC_QCMD_MAX" to account for that.
Link: https://forum.openwrt.org/t/my-book-live-duo-reboot-loop/122464 Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: e95dec8)
Naming follows existing Google projects included in upstream board-2.bin -- GO(ogle) prefix, an underscore (_), and the project code name, all in caps.
Note that I only tested the "gale" model; the "breeze" model is a later revision (same marketing name) with very small hardware changes but otherwise using the same firmware image.
Submitted upstream here:
ath10k-firmware: QCA4019: hw1.0: Add Google Wifi BDFs http://lists.infradead.org/pipermail/ath10k/2022-March/013465.html https://lore.kernel.org/ath10k/YjaNGW252Ls%2FyDw8@localhost/
Signed-off-by: Brian Norris <computersforpeace@gmail.com> (commit: 331d78a)
See firmware-utils.git commits [1], which implemented the cros-vbutil verified-boot payload-packing tool, and extended ptgen for the CrOS kernel partition type. With these, it's now possible to package kernel + rootfs to make disk images that can boot a Chrome OS-based system (e.g., Chromebooks, or even a few AP models).
Regarding PARTUUID= changes: Chromium bootloaders work well with a partition number offset (i.e., relative to the kernel partition), so we'll be using a slightly different root UUID line.
NB: I've made this support specific to ip40xx for now, because I only plan to support an IPQ4019-based AP that uses a Chromium-based bootloader, but this image format can be used for essentially any Chromebook, as well as the Google OnHub, a prior Chromium-based AP using an IPQ8064 chipset.
[1] ptgen: add Chromium OS kernel partition support https://git.openwrt.org/?p=project/firmware-utils.git;a=commit;h=6c95945b5de973026dc6f52eb088d0943efa96bb
cros-vbutil: add Chrome OS vboot kernel-signing utility https://git.openwrt.org/?p=project/firmware-utils.git;a=commit;h=8e7274e02fdc6f2cb61b415d6e5b2e1c7e977aa1
Signed-off-by: Brian Norris <computersforpeace@gmail.com> (commit: 17b0504)
See my upstream questions: https://lore.kernel.org/linux-arm-msm/20200913201608.GA3162100@bDebian/
This effectively reverts upstream Linux commit 13e77747800e ("firmware: qcom: scm: Use atomic SCM for cold boot"), because Google WiFi boot firmwares don't support the atomic variant.
This fixes SMP support for Google WiFi.
Signed-off-by: Brian Norris <computersforpeace@gmail.com> (commit: 26af098)
Google WiFi (codename: Gale) is an IPQ4019-based AP, with 2 Ethernet ports, 2x2 2.4+5GHz WiFi, 512 MB RAM, 4 GB eMMC, and a USB type C port. In its stock configuration, it runs a Chromium OS-based system, but you wouldn't know it, since you can only manage it via a "cloud" + mobile-app system.
The "v2" label is coded into the bootloader, which prefers the "google,gale-v2" compatible string. I believe "v1" must have been pre-release hardware.
Note: this is *not* the Google Nest WiFi, released in 2019.
I include "factory.bin" support, where we generate a GPT-based disk image with 2 partitions -- a kernel partition (using the custom "Chrome OS kernel" GUID type) and a root filesystem partition. See below for flashing instructions.
Sysupgrade is supported via recent emmc_do_upgrade() helper.
This is a subtarget because it enables different features (FEATURES=boot-part rootfs-part) whose configurations don't make sense in the "generic" target, and because it builds in a few USB drivers, which are necessary for installation (installation is performed by booting from USB storage, and so these drivers cannot be built as modules, since we need to load modules from USB storage).
* Ethernet, both WAN and LAN ports * eMMC * USB-C (hub, power-delivery, peripherals) * LED0 (R/G/B) * WiFi (limited testing) * SPI flash * Serial console: once in developer mode, console can be accessed via the USB-C port with SuzyQable, or other similar "Closed Case Debugging" tools: https://chromium.googlesource.com/chromiumos/third_party/hdctools/+/master/docs/ccd.md#suzyq-suzyqable * Sysupgrade
Not tested:
* TPM
Known not working:
* Reboot: this requires some additional TrustZone / SCM configuration to disable Qualcomm's SDI. I have a proposal upstream, and based on IRC chats, this might be acceptable with additional DT logic: [RFC PATCH] firmware: qcom_scm: disable SDI at boot https://lore.kernel.org/linux-arm-msm/20200721080054.2803881-1-computersforpeace@gmail.com/ * SMP: enabling secondary CPUs doesn't currently work using the stock bootloader, as the qcom_scm driver assumes newer features than this TrustZone firmware has. I posted notes here: [RFC] qcom_scm: IPQ4019 firmware does not support atomic API? https://lore.kernel.org/linux-arm-msm/20200913201608.GA3162100@bDebian/ * There's a single external button, and a few useful internal GPIO switches. I haven't hooked them up.
The first two are fixed with subsequent commits.
Additional notes ================
Much of the DTS is pulled from the Chrome OS kernel 3.18 branch, which the manufacturer image uses.
Note: the manufacturer bootloader knows how to patch in calibration data via the wifi{0,1} aliases in the DTB, so while these properties aren't present in the DTS, they are available at runtime:
Ethernet MAC addresses are similarly patched in via the ethernet{0,1} aliases.
Signed-off-by: Brian Norris <computersforpeace@gmail.com> (updated 901 - x1pro moved in the process) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: f1c041e)
This model, also know as "1&1 HomeServer", shares the same features as 7530.
The vendor firmware has artificial software limitations: only 2 of the 4 LAN-Ports are GBit, and the USB-Host is only v2.0.
With OpenWrt, USB is already working at v3.0.
Signed-off-by: Andre Heider <a.heider@gmail.com> (updated commit message to reflect current state) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: cb6f4be)
This reverts commit 80b7a8a7f5a0a88fde6dd19f097df4d7cac9ff04.
Now that 5.10 is the default kernel for all platforms, we can bring back the NU801 userspace driver for platforms that rely on it. Currently it's used on the MX100 x86_64 target, but other Meraki platforms use this controller.
Note that we also now change how we load nu801. The way we did this previously with procd worked, but it meant it didn't load until everything was up and working.
To fix this, let's call nu801 from boot and re-trigger the preinit blink sequence. Since nu801 runs as a daemon this is now something we can do.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com> (removed empty line, currently only MX100 uses it so: @TARGET_x86) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 3f87451)
This commit moves the patches for the r8152.c driver to the generic directory. Previously they were only available on the bcm27xx target. With these patches the Realtek RTL8153C, RTL8153D, RTL8156A and RTL8156B chips are supported on all targets by the kmod-usb-net-rtl8152 module. The RTL8156A and RTL8156B are the 2.5Gb/s Ethernet adapters.
The patches have been tested on TP-Link UE300 (RTL8153A) and UNITEK 1313B (RTL8156B).
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> (commit: 210c534)
1. Drop package: cypress-firmware-4359-pcie This binary is no longer provided and there are not many details what happened.
2. Drop package: cypress-firmware-4359-sdio This binary is no longer provided, but in this case, to compare it with PCIe package mention as first, there was added support in Linux-firmware [1], but no sign of firmware file.
4. Drop package: cypress-firmware-89459-pcie [2] According to Infineon: "CYW89459 is an automotive Wi-Fi chip which is not supported in the broad market community."
The patch was rejected by upstream. The mtk_nand driver should be modified to support the mt7621 flash controller instead. As there is no newer version to backport, or no upstream version to fix bugs, let's move the driver to the files dir under the ramips target. This makes it easier to make changes to the driver while waiting for mt7621 support to land in mtk_nand.
ARM Builds like sunxi/cortexa53 or the rpi family failed to build due to a new symbols showing up:
|Google Firmware Drivers (GOOGLE_FIRMWARE) [Y/n/?] y | Coreboot Table Access (GOOGLE_COREBOOT_TABLE) [M/n/y/?] m | Coreboot Framebuffer (GOOGLE_FRAMEBUFFER_COREBOOT) [N/m/?] (NEW) |Error in reading or end of file.
removes usb-port remains as neither the WAC510 nor the WAC505 come with a USB port. Update the LED properties to phase out labels and introduce generic node-names as well as adding the color, function and function-enumerator properties.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 026fda1)
kernel: add (disabled) ASYMMETRIC_TPM_KEY_SUBTYPE symbol
at91/sama7 fails to build due to:
| Asymmetric (public-key cryptographic) key type (ASYMMETRIC_KEY_TYPE) [Y/?] y | Asymmetric public-key crypto algorithm subtype (ASYMMETRIC_PUBLIC_KEY_SUBTYPE) [Y/?] y | Asymmetric TPM backed private key subtype (ASYMMETRIC_TPM_KEY_SUBTYPE) [N/m/?] (NEW) |Error in reading or end of file.
please note that asym_tpm (module) has been removed in 5.17: <https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d3cff4a9>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 6387715)
ramips: fix wifi mac address of HiWiFi series devices
For HiWiFi series devices, label_mac can be read from bdinfo partition, and lan_mac, wlan2g_mac are same as the label_mac. Converting label_mac to wlan5g_mac only needs to unset 6th bit. (It seems that all HiWiFi's label_mac start with D4:EE)
For example: label D4:EE:07:32:84:88 lan D4:EE:07:32:84:88 wan D4:EE:07:32:84:89 wlan2g D4:EE:07:32:84:88 wlan5g D0:EE:07:32:84:88
Tested on HiWiFi HC5661.
Signed-off-by: Shiji Yang <yangshiji66@qq.com> (commit: 2e6d19e)
In commit ab143647ef ("kernel: generic: improve FIT partition parser") part_bits was bumped to 2 in order to allow up to 3 additional FIT sub-images mapped into sub-partitions. This change has to be reflected also in our local patch 420-mtd-set-rootfs-to-be-root-dev.patch which still assumed part_bits==1 for mtdblock devices in case of CONFIG_FIT_PARTITION=y.
Fixes: #9557 Fixes: ab143647ef ("kernel: generic: improve FIT partition parser") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 13960fb)
Rework hack patch in dir for kernel 5.15. For the specific patch of packet mangeling introduce a new extra_priv_flags as we don't have enough space to add additional flags in priv_flags.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> (commit: 1f302af)
Standardize pending patch tcp_no_window_check patch as with new kernel they added a check for global variables. The 2 new condition are that they must be read-only or the data pointer should not point to kernel/module global data. Remove the global variable and move it to a standard place following other variables logic.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> (commit: 92fb51b)
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> [added some missing Kconfig symbols] Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 07b92c6)
Add new module require in 5.15 - Changes in block module - Changes in netfilter module (log module unified) - Changes in fs module (mainly new depends for cifs and new ntfs3 module) - Changes in lib add shared lib now used by more than 1 kmod - Changes in crypto, dropped one crypto algo added arm crypto accellerator - Changes in other, add zram default compressor choice and missing lib by tpm module
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> (commit: bd0db60)
After fixing the original 720 patch, it looks like more were added for additional AQR ID-s.
Patches that add the additional AQR PHY ID-s is just copy/paste from 5.10 and kernel 5.11 dropped the ack_interrupt method for PHY IRQ handling, instead handle_interrupt is used.
So, simply switch to using handle_interrupt like other upstream AQR PHY-s.
Signed-off-by: Robert Marko <robimarko@gmail.com> (commit: 81fdb6a)
Patches that add the additional AQR PHY ID-s is just copy/paste from 5.10 and kernel 5.11 dropped the ack_interrupt method for PHY IRQ handling, instead handle_interrupt is used.
So, simply switch to using handle_interrupt like other upstream AQR PHY-s.
Signed-off-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> (commit: 71efd34)
generic: fix compilation warning for ar8xxx swconfig
There are 2 warning for ar8xxx swconfig. - Fix not used dev variable when ETHERNET_PACKET_MANGLE is not selected - Convert fallthrough comment to compilation macro
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> (commit: 49d9d2b)
Chen Minqiang reported that he has troubles downloading nu801. His logs showed the followin TLS Handshake failure.
|Checking out files from the git repository... |Cloning into 'nu801-d9942c0c'... |fatal: unable to access 'https://github.com/chunkeey/nu801.git/': | gnutls_handshake() failed: The TLS connection was non-properly terminated. |Makefile:39: recipe for target '[...]/dl/nu801-d9942c0c.tar.xz' failed
This can be fixed by providing a PKG_MIRROR_HASH. The download scripts will now be able to pull the source from OpenWrt's source archive, which should be available through HTTP.
Reported-by: Chen Minqiang <ptpt52@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 7368345)
gpio-cdev: move kmod-leds-uleds dependency to MX100
The inclusion of the kmod-leds-uleds into the userspace nu801 package causes a circular dependency inside the buildsystem... which causes it to be picked regardless of other DEPENDS values.
In case of the mx100, this could be solved by moving the kmod-leds-uled dependency to the kmod-meraki-mx100.
Bonus: drop @!LINUX_5_4 from kmod-meraki-mx100 Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: eeb8fd4)
Since the Google Wifi (Gale) is currently the only target in this sub-target. So this means that subtarget has to be disabled from the time being to not be picked up by the builders.
For people wanting to checkout out OpenWrt on the Google Wifi: please compile it locally.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 35d2bbc)
Refresh patch for 5.15 Rework tweak patch to sync with upstream ipq8064 dtsi and fix regression introduced. Rename nand_controller to nand in every dts.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> (commit: 8cc2cae)
Now that smem actually free the leaked parts, when a rootfs partition is detected, the kernel panics as it try to free the static space allocated for the "ubi" name. Change the logic and fix the name at the allocate_partition function to correctly free the space allocated by smem.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> (commit: e86dfd0)
Fix dedicated cpufreq for kernel 5.15 as they changed module order and now it can happen that cpufreq probe after cache driver. Also add lock between cache scaling in set_target as it's now required by opp functions.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> (commit: 876a49c)
kernel: Backport mv88e6xxx patch to keep pvid at 0 if VLAN-unaware and remove hack
Backport patch 8b6836d82470 ("net: dsa: mv88e6xxx: keep the pvid at 0 when VLAN-unaware") from 5.15.
Keeping the pvid at 0 when VLAN-unaware makes it possible to drop the hack introduced in commit 920eaab1d817 ("kernel: DSA roaming fix for Marvell mv88e6xxx"). Dropping the hack makes it possible to use VLAN interfaces with VID 1 on DSA ports without problems with FDB.
Signed-off-by: Marek Behún <kabel@kernel.org> (commit: 9caa6f0)
libs/zlib: bump to latest stable release 1.2.12 (CVE-2018-25032)
List of changes since previous release from 2018 is quite long:
* Fix crc32.c to compile local functions only if used. * Check for cc masquerading as gcc or clang in configure. * Remove destructive aspects of make distclean. * Separate out address sanitizing from warnings in configure. * Eliminate use of ULL constants. * Add fallthrough comments for gcc. * Clean up minizip to reduce warnings for testing. * Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner) * minizip warning fix if MAXU32 already defined. (gvollant) * Replace black/white with allow/block. (theresa-m) * Fix indentation in minizip's zip.c. * Improve portability of contrib/minizip. * Correct typo in blast.c. * Change macro name in inflate.c to avoid collision in VxWorks. * Clarify gz* function interfaces, referring to parameter names. * Fix error in comment on the polynomial representation of a byte. * Fix memory leak on error in gzlog.c. * Avoid adding empty gzip member after gzflush with Z_FINISH. * Explicitly note that the 32-bit check values are 32 bits. * Use ARM crc32 instructions if the ARM architecture has them. * Add use of the ARMv8 crc32 instructions when requested. * Correct comment in crc32.c. * Don't bother computing check value after successful inflateSync(). * Use atomic test and set, if available, for dynamic CRC tables. * Speed up software CRC-32 computation by a factor of 1.5 to 3. * Add crc32_combine_gen() and crc32_combine_op() for fast combines. * Add tables for crc32_combine(), to speed it up by a factor of 200. * Fix the zran.c example to work on a multiple-member gzip file. * Add gznorm.c example, which normalizes gzip files. * Show all the codes for the maximum tables size in enough.c. * Clarify that prefix codes are counted in enough.c. * Use inline function instead of macro for index in enough.c. * Clean up code style in enough.c, update version. * Use a macro for the printf format of big_t in enough.c. * Use a structure to make globals in enough.c evident. * Assure that the number of bits for deflatePrime() is valid. * Fix a bug that can crash deflate on some input when using Z_FIXED. * Correct the initialization requirements for deflateInit2(). * Emphasize the need to continue decompressing gzip members. * Add legal disclaimer to README. * Fix deflateEnd() to not report an error at start of raw deflate. * Remove old assembler code in which bugs have manifested. * Make the names in functions declarations identical to definitions. * Avoid an undefined behavior of memcpy() in _tr_stored_block(). * Avoid undefined behaviors of memcpy() in gz*printf(). * Avoid an undefined behavior of memcpy() in gzappend(). * Avoid the use of ptrdiff_t. * Handle case where inflateSync used when header never processed. * Don't compute check value for raw inflate if asked to validate. * Add address checking in clang to -w option of configure. * Return an error if the gzputs string length can't fit in an int. * Small speedup to inflate [psumbera]. * Update use of errno for newer Windows CE versions. * Avoid some conversion warnings in gzread.c and gzwrite.c. * Have Makefile return non-zero error code on test failure. * Avoid a conversion error in gzseek when off_t type too small. * Fix CLEAR_HASH macro to be usable as a single statement. * Fix bug when window full in deflate_stored(). * Limit hash table inserts after switch from stored deflate. * Permit a deflateParams() parameter change as soon as possible. * Cygwin does not have _wopen(), so do not create gzopen_w() there.
Removed 006-fix-compressor-crash-on-certain-inputs.patch which was hotfix for CVE-2018-25032 and is now included in this release.
This release is not available on @SF (yet?) so the sources are now pulled from GitHub.
Fixes: CVE-2018-25032 Signed-off-by: Petr Štetiar <ynezz@true.cz> (commit: 8839a93)
tools/zlib: bump to latest stable release 1.2.12 (CVE-2018-25032)
List of changes since previous release from 2018 is quite long:
* Fix crc32.c to compile local functions only if used. * Check for cc masquerading as gcc or clang in configure. * Remove destructive aspects of make distclean. * Separate out address sanitizing from warnings in configure. * Eliminate use of ULL constants. * Add fallthrough comments for gcc. * Clean up minizip to reduce warnings for testing. * Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner) * minizip warning fix if MAXU32 already defined. (gvollant) * Replace black/white with allow/block. (theresa-m) * Fix indentation in minizip's zip.c. * Improve portability of contrib/minizip. * Correct typo in blast.c. * Change macro name in inflate.c to avoid collision in VxWorks. * Clarify gz* function interfaces, referring to parameter names. * Fix error in comment on the polynomial representation of a byte. * Fix memory leak on error in gzlog.c. * Avoid adding empty gzip member after gzflush with Z_FINISH. * Explicitly note that the 32-bit check values are 32 bits. * Use ARM crc32 instructions if the ARM architecture has them. * Add use of the ARMv8 crc32 instructions when requested. * Correct comment in crc32.c. * Don't bother computing check value after successful inflateSync(). * Use atomic test and set, if available, for dynamic CRC tables. * Speed up software CRC-32 computation by a factor of 1.5 to 3. * Add crc32_combine_gen() and crc32_combine_op() for fast combines. * Add tables for crc32_combine(), to speed it up by a factor of 200. * Fix the zran.c example to work on a multiple-member gzip file. * Add gznorm.c example, which normalizes gzip files. * Show all the codes for the maximum tables size in enough.c. * Clarify that prefix codes are counted in enough.c. * Use inline function instead of macro for index in enough.c. * Clean up code style in enough.c, update version. * Use a macro for the printf format of big_t in enough.c. * Use a structure to make globals in enough.c evident. * Assure that the number of bits for deflatePrime() is valid. * Fix a bug that can crash deflate on some input when using Z_FIXED. * Correct the initialization requirements for deflateInit2(). * Emphasize the need to continue decompressing gzip members. * Add legal disclaimer to README. * Fix deflateEnd() to not report an error at start of raw deflate. * Remove old assembler code in which bugs have manifested. * Make the names in functions declarations identical to definitions. * Avoid an undefined behavior of memcpy() in _tr_stored_block(). * Avoid undefined behaviors of memcpy() in gz*printf(). * Avoid an undefined behavior of memcpy() in gzappend(). * Avoid the use of ptrdiff_t. * Handle case where inflateSync used when header never processed. * Don't compute check value for raw inflate if asked to validate. * Add address checking in clang to -w option of configure. * Return an error if the gzputs string length can't fit in an int. * Small speedup to inflate [psumbera]. * Update use of errno for newer Windows CE versions. * Avoid some conversion warnings in gzread.c and gzwrite.c. * Have Makefile return non-zero error code on test failure. * Avoid a conversion error in gzseek when off_t type too small. * Fix CLEAR_HASH macro to be usable as a single statement. * Fix bug when window full in deflate_stored(). * Limit hash table inserts after switch from stored deflate. * Permit a deflateParams() parameter change as soon as possible. * Cygwin does not have _wopen(), so do not create gzopen_w() there.
Removed 006-fix-compressor-crash-on-certain-inputs.patch which was hotfix for CVE-2018-25032 and is now included in this release.
This release is not available on @SF (yet?) so the sources are now pulled from GitHub.
Fixes: CVE-2018-25032 Signed-off-by: Petr Štetiar <ynezz@true.cz> (commit: 9d8f620)
urandom-seed: use seedrng for seeding the random number generator
The RNG can't actually be seeded from a shell script, due to the reliance on ioctls. For this reason, the seedrng project provides a basic script meant to be copy and pasted into projects like OpenWRT and tweaked as needed: <https://git.zx2c4.com/seedrng/about/>.
This commit imports it into the urandom-seed package and wires up the init scripts to call it. This also is a significant improvement over the current init script, which does not robustly handle cleaning up of seeds and syncing to prevent reuse. Additionally, the existing script creates a new seed immediately after writing an old one, which means that the amount of entropy might actually regress, due to failing to credit the old seed.
Closes: https://github.com/openwrt/openwrt/issues/9570 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> [fixed missing INSTALL_DIR] (commit: 2edc017)
The mediatek USB kernel module xhci-mtk was restructed. The module after kernel 5.13 is named xhci-mtk-hcd. Link: https://lore.kernel.org/all/0b62e21ddfacc1c2874726dd27ccab80c993f303.1615170625.git.chunfeng.yun@mediatek.com/ Linux 14295a150050 ("usb: xhci-mtk: support to build xhci-mtk-hcd.ko")
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au> (commit: f65596e)
generic: 5.15: fix FIT partition parser on block partitions
Using set_disk_ro() doesn't have the desired effect and instead of just setting the single partition to be read-only it affects the whole disk. Use the bd_read_only flag in struct block_device instead to mark a partition being read-only.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 506ddce)
generic: backport 5.16 fix for hv utils build failure
Backports following fix:
hv: utils: add PTP_1588_CLOCK to Kconfig to fix build
The hyperv utilities use PTP clock interfaces and should depend a a kconfig symbol such that they will be built as a loadable module or builtin so that linker errors do not happen.
Prevents these build errors:
ld: drivers/hv/hv_util.o: in function `hv_timesync_deinit': hv_util.c:(.text+0x37d): undefined reference to `ptp_clock_unregister' ld: drivers/hv/hv_util.o: in function `hv_timesync_init': hv_util.c:(.text+0x738): undefined reference to `ptp_clock_register'
References: https://lore.kernel.org/stable/20220328093115.7486-1-ynezz@true.cz/T/#u Signed-off-by: Petr Štetiar <ynezz@true.cz> (commit: 972f2bf)
realtek: Remove dnsmasq and odhcpd-ipv6only from default
Do not include the dnsmasq and odhcpd-ipv6only package by default any more. These services are not needed on a switch. If someone needs this it is still possible to use opkg or image builder to add them.
This decreases the compressed image size by about 165KBytes.
The realtek target is not a router, but basic device, see DEVICE_TYPE. The basic device type does not come with firewall by default, see include/target.mk for details. The realtek target extended DEFAULT_PACKAGES manually with firewall.
This changes the defaults to take firewall4 and nftables instead of firewall and iptables. This also adds the additional package kmod-nft-offload.
The only difference to the router type is the missing ppp, ppp-mod-pppoe, dnsmasq and odhcpd-ipv6only package.
This increases the compressed image size by about 422KBytes.
Drop the -processors argument from the mksquashfs4 call, so it will use all available processors. This dramatically reduces the time to create squashfs filesystems.
The times below are observed when building an image for my main router, the WatchGuard Firebox M300 (qoriq target):
Before: real 4m45,973s
After: real 0m23,497s
With this commit `mksquashfs` may use more cores than defined via `-j`. This is the same behaviour as for archive creation of ImageBuilder, SDK or toolchain. There is no trivial way to limit `mksquashfs` CPU core usage to the amount of "free" make jobs since two running `mksquashfs` instances would each run with the total allowed number (-j) of threads.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> [extended reasoning in commit message] Signed-off-by: Paul Spooren <mail@aparcar.org> (commit: df2ae88)
Make sure xz uses at least 2 threads so compression always runs in multi-threaded mode as the resulting file in single-threaded mode differs.
Fixes: 29d7461d11 ("kernel: set options to make external initramfs reproducible") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: fc6a83e)
Flashing instructions: * Boot to CFE Recovery Mode by holding the reset button while power-on. * Connect to the router with an ethernet cable. * Set IPv4 address of the computer to 192.168.1.2 subnet 255.255.255.0. * Head to http://192.168.1.1. * Reset NVRAM. * Upload the OpenWrt image.
CFE bootloader may reject flashing the image due to image integrity check. In that case, follow the instructions below.
* Rename the OpenWrt image as firmware.trx. * Run a TFTP server and make it serve the firmware.trx file. * Run the URL below on a browser or curl. http://192.168.1.1/do.htm?cmd=flash+-noheader+192.168.1.2:firmware.trx+flash0.trx
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com> [rmilecki: mark BROKEN until we sort out nvram & CFE recovery] Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (commit: 72b9b72)
Introduce `sha256_unsigned` which is a checksum of the image _before_ a signature is attached. This is helpful to compare image reproducibility.
Since the `.sha256sum` file is located in the $(KDIR) folder, switch $(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR) itself is not stored inside the resulting JSON file, so it can be replaced.
Signed-off-by: Paul Spooren <mail@aparcar.org> (commit: 8822a8d)
bcm53xx: add switch ports for Buffalo WZR-900DHP & re-enable it
Specify the switch ports in the DTS file. Re-enable it after it was disabled by commit e9672b1a8fa4 ("bcm53xx: switch to the upstream DSA-based b53 driver").
ath79: fix label MAC address for Ubiquiti UniFi AP Outdoor+
The label has the MAC address of eth0, not the WLAN PHY address. We can merge the definition back into ar7241_ubnt_unifi.dtsi, as both DTS derived from it use the same interface for their label MAC addresses after all.
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7 digits) which will cause buffer overflow in busbox lock patch, this often happens when running in a rootfs container environment. This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer for pid number and an additional char '\n'.
imx: make 5.15 default kernel and remove 5.10 support
In imx target we're sharing single, version agnostic kernel `config-default` file, which doesn't work very well with current 5.10 and upcoming 5.15 kernel symbols as recent rebase onto 5.15 kernel introduced in commit 2b395c298247 ("imx: update config for 5.15) has introduced following regression with 5.10 kernel:
Marvell 88E6xxx Ethernet switch fabric support (NET_DSA_MV88E6XXX) [Y/n/m/?] y Switch Global 2 Registers support (NET_DSA_MV88E6XXX_GLOBAL2) [Y/n/?] (NEW)
That NET_DSA_MV88E6XXX_GLOBAL2 kernel config symbol has been removed in upstream commit 63368a7416df ("net: dsa: mv88e6xxx: Make global2 support mandatory") in kernel version 5.12.
This issue could be probably fixed by introduction of separate kernel config files for each currently used kernel versions and subtarget, but it is not worth the hassle and resources as imx target is running mostly upstream kernel, so lets fix it by switching to 5.15 version instead.
Fixes: 2b395c298247 ("imx: update config for 5.15") Acked-by: Piotr Dymacz <pepe2k@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> (commit: 9d26651)
Config option `ARM_ARCH_TIMER` has been removed during rebasing onto 5.15 kernel in commit 2b395c298247 ("imx: update config for 5.15").
Anyway, as stated in commit 8cdc356f8c30 ("mediatek: mt7623: Re-enable ARM arch timer") config option `ARM_ARCH_TIMER` cannot be enabled in the config directly; it is only selected by `HAVE_ARM_ARCH_TIMER`. We need to enable the latter in our config.
Fixes: 2b395c298247 ("imx: update config for 5.15") Reported-by: Piotr Dymacz <pepe2k@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> (commit: bf1c3a5)
Revert "ipq40xx: stop chromium sub-target builds on the buildbots"
This reverts commit 35d2bbc29ba7f802706bf65585aeb8808fcac622 as we believe we found that it is indeed an openssl issue, where openssl is trying to use getrandom(2), but fails because this particular builder has an ancient kernel without that syscall. We didn't get to the bottom of why openssl doesn't fall back to something like /dev/random.
Signed-off-by: Petr Štetiar <ynezz@true.cz> (commit: 39d28b8)
Use the kernel's built-in formula for computing this value. The value applied by OpenWRT's sysctl configuration file does not scale with the available memory, under-using hardware capabilities. Also, that formula also influences net.netfilter.nf_conntrack_buckets, which should improve conntrack performance in average (fewer connections per hashtable bucket).
Backport upstream commit for its effect on the number of connections per hashtable bucket.
Apply a hack patch to set the RAM size divisor to a more reasonable value (2048, down from 16384) for our use case, a typical router handling several thousands of connections.
Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com> Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> (commit: 15fbb91)
octeon/patches-5.10 -> octeon/patches-5.15 Removed 140-octeon_e300_support.patch as E300 support appears to be upstreamed. Reworked 130-add_itus_support.patch to compensate for the upstreaming of E300
octeon/config-5.15 The following Kernel Symbols were ADDED: Line 5: +CONFIG_AF_UNIX_OOB=y Line 6: +CONFIG_AHCI_OCTEON=y Line 9: +CONFIG_ARCH_KEEP_MEMBLOCK=y Line 16: +CONFIG_ATA=y Line 17: +CONFIG_BINARY_PRINTF=y Line 29: +CONFIG_CPU_R4K_FPU=y Line 45: +CONFIG_FWNODE_MDIO=y Line 51: +CONFIG_GENERIC_FIND_FIRST_BIT=y Line 59: +CONFIG_GLOB=y Line 61: +CONFIG_GPIO_CDEV=y Line 77: +CONFIG_LTO_NONE=y Line 85: +CONFIG_MIPS_FP_SUPPORT=y Line 93: +CONFIG_NET_SELFTESTS=y Line 94: +CONFIG_NET_SOCK_MSG=y Line 105: +CONFIG_PATA_OCTEON_CF=y Line 106: +CONFIG_PATA_TIMINGS=y Line 114: +CONFIG_PTP_1588_CLOCK_OPTIONAL=y Line 121: +CONFIG_SATA_AHCI_PLATFORM=y Line 122: +CONFIG_SATA_HOST=y Line 124: +CONFIG_SCSI_COMMON=y Line 132: +CONFIG_SOCK_RX_QUEUE_MAPPING=y Line 157: +CONFIG_USB_XHCI_HCD=y Line 158: +CONFIG_USB_XHCI_PLATFORM=y
The following kernel symbols were REMOVED: Line 21: -CONFIG_BLK_SCSI_REQUEST=y Line 37: -CONFIG_ENABLE_MUST_CHECK=y Line 69: -CONFIG_HOLES_IN_ZONE=y Line 102: -CONFIG_OF_NET=y Line 140: -CONFIG_SYS_SUPPORTS_HUGETLBFS=y
Compiled for Itus Shield, Boots successfully, continuing to test for existing 5.10 memory leak.
Previously commit openwrt/packages@3abb7cb ("lvm2: Added script and updated Makefile[...]") couldn't actually work and allow rootfs_data to be stored on a LVM2 as the necessary kernel modules had not been loaded at this point. Fix this by loading device-mapper modules early at boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 82f9ad6)
The WatchGuard Firebox M200 and M300 use a Marvell 88e1543 PHY for the first 3 ethernet ports. This PHY is supported by the Marvell Alaska PHY driver, so enable it.
* Always store build logs * Store .config as an artifact * Rename job to `tools-{ os }` for log archive without spaces * Run CI job on changes to the CI file itself
Signed-off-by: Paul Spooren <mail@aparcar.org> (commit: 80f79be)
MHI WWAN CTRL allows QCOM-based PCIe modems to expose different modem control protocols/ports to userspace, including AT, MBIM, QMI, DIAG and FIREHOSE. These protocols can be accessed directly from userspace (e.g. AT commands) or via libraries/tools (e.g. libmbim, libqmi, libqcdm)
kernel: set SOURCE_DATE_EPOCH for initramfs root dir
Make sure the timestamp of the root directory of the initramfs is set to SOURCE_DATE_EPOCH as well.
Fixes: 29d7461d11 ("kernel: set options to make external initramfs reproducible") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 54bcf58)
This package uses BPF to create a fast path which improves bridging performance by bypassing the bridge layer. It also supports creating tc offload rules for hardware that supports it. Hardware offload support can be used with MT7622 + MT7915 once it is merged
Signed-off-by: Felix Fietkau <nbd@nbd.name> (commit: 64f629e)
Problem exist when dnsmasq is exclusively bind to particular interface. After reconfiguring or restarting this interface, its index changes, but dnsmasq uses the old one. When this problem occurs, dnsmasq does not listen on the correct interface so DHCP does not work, and clients do not get an IP address. Procd netdev param can be added to restart dnsmasq when the interface index is changed.
Signed-off-by: Valentyn Datsko <valikk.d@gmail.com> [combined into a single &&-connected statement] Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 76f55e3)
libselinux: add missing host-build dependency on libsepol/host
The host-build of libselinux requires libsepol/host. Add the libsepol/host to HOST_BUILD_DEPENDS to allow build on hosts which don't have libsepol installed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 0d3850d)
Two patches were removed because of the changes introduced in upstream:
1. 110-mx6cuboxi-mmc-fallback.patch Looks like similar changes were introduced in 6c3fbf3e456c ("mx6cuboxi: customize board_boot_order to access eMMC").
2. 111-mx6cuboxi_defconfig-force-mmc-boot.patch The 'CONFIG_SPL_FORCE_MMC_BOOT' was removed in 15aec318ef03 ("Revert "imx: Introduce CONFIG_SPL_FORCE_MMC_BOOT to force MMC boot on falcon mode").
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com> (commit: e213375)
imx: bootscript-apalis: make it working with U-Boot 2022.01
Upstream in commit 8b9c0cb46471 ("apalis_imx6: boot env configuration updates") removed emmc legacy wrappers, but so far didn't included any replacements. Fix it by simply defining the missing variables and UUID gathering directly into the boot script.
Signed-off-by: Petr Štetiar <ynezz@true.cz> [pepe2k@gmail.com: updated commit title for 2022.01] Signed-off-by: Piotr Dymacz <pepe2k@gmail.com> (commit: bfbf235)
imx: image: use 'u-boot-dtb.img' filename for SPL payload
For targets in U-Boot which were migrated to DM, the correct binary image filename will be 'u-boot-dtb.img'. For backward compatibility, keep support for both files and use the one which was generated with our 'uboot-imx' package.
See also 'CONFIG_SPL_FS_LOAD_PAYLOAD_NAME' and 'CONFIG_OF_CONTROL' in mainline U-Boot sources.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com> (commit: a0528ca)
There are many ways to add external RTC to Raspberry Pi boards. Let's include support for this for the whole target and while at it, sort features alphabetically.
Fixes: #9594 Signed-off-by: Piotr Dymacz <pepe2k@gmail.com> (commit: ff09905)
5beb87716e70 mt76: dma: add wrapper macro for accessing queue registers e0bc736d5617 mt76: add support for overriding the device used for DMA mapping b8c842daa081 mt76: make number of tokens configurable dynamically 87a962e0608f mt76: mt7915: add Wireless Ethernet Dispatch support 2accb74e6be3 mt76: mt7915: fix using null pointer when wfsys on e5227f2f3120 mt76: mt7921: Fix the error handling path of mt7921_pci_probe() ec0e9f4da32f mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup 5a87be892ba7 mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector fe441e5d3dcf mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set f3ddfe886283 mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate 2a0d370cb5fe mt76: mt7915: use 0xff to initialize bitrate_mask in mt7915_init_bitrate_mask 506bb0605e3e mt76: mt7921: Add AP mode support
Signed-off-by: Felix Fietkau <nbd@nbd.name> (commit: fd354ff)
Remove the configuration options which are building modules for the sub target configuration.
These kernel modules are not packaged. Kernel options should only be build as a module when they are selected by a kmod package and not by setting them to =m in the target kernel configuration.
The sama7 sub target does not have USB support, the feature should not be activated there. OpenWrt can automatically detect if the target supports USB by using the scripts/target-metadata.pl script. With the automatic detection USB support will only get activated on subtargest which actually support USB like sam9x and sama5.
hostapd: add ubus method for requesting link measurements
Add a ubus method to request link-measurements from connected STAs.
In addition to the STAs address, the used and maximum transmit power can be provided by the external process for the link-measurement. If they are not provided, 0 is used as the default value.
Signed-off-by: David Bauer <mail@david-bauer.net> (commit: 965aa33)
33f1e0b treewide: move json-c compat shims into internal header file e0e9431 vm: move unhandled exception reporting out of `uc_vm_execute_chunk()` 2b59140 vm: fix callframe double free on unhanded exceptions 7d7e950 main: abort when failing to load a preload library 1032a67 lib: let `json()` accept input objects implementing `read()` method 5ee68d5 fs: implement `fs.readfile()` and `fs.writefile()` df6b861 ci: debian: change path before attempting to invoke Git operations dfaf05a ci: debian: automatically update changelog from Git tag 34f3c45 ci: fix YAML syntax of Debian workflow e956bcf fs: fix off-by-one in fs.dirname() function 6fc4b6c .gitignore: fix overmatching patterns, blacklist cram .venv 7c2e082 build: remove legacy json-c check 77942af build: add polyfills for older libjson-c versions 0b4aaa3 CI: build Debian package f404285 debian: Add package definition a37f654 types: fix escape sequence encoding of high byte values in JSON strings aae5312 Update README.md 8134e25 build: fix symlink install target 87c7296 treewide: replace some leftover "utpl" occurrences, update .gitignore 7d27ad5 build: only stage ucc symlink if compile support is enabled 171402f lib: add date and time related functions 8b5dc60 lib: provide API function to obtain stdlib function implementations eb0d2f1 main: turn ucode into multicall executable 28ee7e1 uloop: add support for tasks 753dea9 CI: build on macOS 668c5c0 lib: add argument position support (`%m$`) to `sprintf()` and `printf()` ab46fdf treewide: remove legacy json-c include directives b8f49b1 tests: 21_regex_literals: generalize syntax error test case fd2e5e7 tests: 16_sort: fix logic flaw exposed on OS X 2c71bf2 tests: run_tests.sh: pass dummy value to `-T` flag 55c4a90 lib: disallow zero padding for %s formats 0d05cb5 tests: run_tests.sh: use greadlink if available 271e520 resolv: make OS X compatible d13c320 fs: avoid Linux specific sys/sysmacros.h include on OS X 33397a3 uloop: use execvp() on OS X bafdc8f lib: add naive sigtimedwait() stub for OS X ada1585 build: consolidate CMakeLists.txt and cover OS X deviations befbb69 include: add OS X compatible endian.h header 49838a8 include: rename include guards to avoid clashes with system headers 91f65de nl80211: add missing attributes and correct some attribute flags b4a1fd5 lib: adjust require(), render() and include() raw mode semantics 4618807 main: rework CLI frontend 73dcd78 lib: fix potential integer underflow on empty render output c402551 vm: fix crash on object literals with non-string computed properties efe8a02 syntax: support add new operators 078d686 ubus: add event support 6c66c83 ubus: refactor error and argument handling 1cb04f9 ubus: add object publishing, notify and subscribe support 0e85974 uloop: clear errno before integer conversion attempts 05bd7ed types: treat resource type prototypes as GC roots a2a26ca lib: introduce uloop binding 6b6d01f vm: release this context on exception in managed method call 1af23a9 tests: fix proto() testcase 4ce69a8 fs: implement access(), mkstemp(), file.flush() and proc.flush()
c63f193 bump version to 1.0.2 3cffa84 libnfnetlink: Check getsockname() return code 90ba679 include: Silence gcc warning in linux_list.h bb4f6c8 Make it clear that this library is deprecated e46569c Minimally resurrect doxygen documentation 5087de4 libnfnetlink: hide private symbols 62ca426 autogen: don't convert __u16 to u_int16_t efa1d8e src: Use stdint types everywhere 7a1a07c include: Sync with kernel headers 7633f0c libnfnetlink: initialize attribute padding to resolve valgrind warnings 94b68f3 configure: uclinux is also linux 617fe82 src: get source code license header in sync with current licensing terms 97a3960 build: resolve automake-1.12 warnings
Removed the patch 100-missing_include.patch, libnfnetlink compiles fine with musl without this patch.
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: aecf088)
Duncan Roe (5): nlmsg: Fix a missing doxygen section trailer build: doc: "make" builds & installs a full set of man pages build: doc: get rid of the need for manual updating of Makefile build: If doxygen is not available, be sure to report "doxygen: no" to ./configure src: doc: Fix messed-up Netlink message batch diagram
Fernando Fernandez Mancera (1): src: fix doxygen function documentation
Florian Westphal (1): libmnl: zero attribute padding
Guillaume Nault (1): callback: mark cb_ctl_array 'const' in mnl_cb_run2()
Kylie McClain (1): examples: nfct-daemon: Fix test building on musl libc
Laura Garcia Liebana (4): examples: add arp cache dump example examples: fix neigh max attributes examples: fix print line format examples: reduce LOCs during neigh attributes validation
Pablo Neira Ayuso (3): doxygen: remove EXPORT_SYMBOL from the output include: add MNL_SOCKET_DUMP_SIZE definition build: libmnl 1.0.5 release
Petr Vorel (1): examples: Add rtnl-addr-add.c
Stephen Hemminger (1): examples: rtnl-addr-dump: fix typo
igo95862 (1): doxygen: Fixed link to the git source tree on the website.
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: c3b7389)
- update dropbear to latest stable 2022.82; for the changes see https://matt.ucc.asn.au/dropbear/CHANGES - use $(AUTORELEASE) in PKG_RELEASE - use https for all uris - refresh all patches - rewrite patches: - 100-pubkey_path.patch - 130-ssh_ignore_x_args.patch
ath79: Move TPLink WPA8630Pv2 to ath79-tiny target
These devices only have 6MiB available for firmware, which is not enough for recent release images, so move these to the tiny target.
Note for users sysupgrading from the previous ath79-generic snapshot images:
The tiny target kernel has a 4Kb flash erase block size instead of the generic target's 64kb. This means the JFFS2 overlay partition containing settings must be reformatted with the new block size or else there will be data corruption.
To do this, backup your settings before upgrading, then during the sysupgrade, de-select "Keep Settings". On the CLI, use "sysupgrade -n".
If you forget to do this and your system becomes unstable after upgrading, you can do this to format the partition and recover:
* Reboot * Press RESET when Power LED blinks during boot to enter Failsafe mode * SSH to 192.168.1.1 * Run "firstboot" and reboot
Signed-off-by: Joe Mullally <jwmullally@gmail.com> Tested-by: Robert Högberg <robert.hogberg@gmail.com> (commit: 44e1e5d)
This commit add some enabled symbols to generic config. LTO is only supported by clang compiler and therefore should be disabled in the generic config instead of duplicating this symbol in each target. CONFIG_LTO_NONE do this job.
The second group of symbols is enabled by the options available in the generic config and is therefore added here: * CONFIG_AF_UNIX_OOB is selected by CONFIG_NET && CONFIG_UNIX, * CONFIG_BINARY_PRINTF is selected by CONFIG_BPF_SYSCALL, * CONFIG_NET_SOCK_MSG is selected by CONFIG_BPF_SYSCALL && CONFIG_NET.
The other symbols are disabled and should be in the generic config.
This commit also removes these symbols from subtargets.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> (commit: a98ded6)
trusted-firmware-a.mk: make sure include directory exists
ARM Trusted Firmware builds do not depend on any target libraries as they are bare-metal builds. However, the compiler aborts due to -Werror=missing-include-dirs if the include dir doesn't exists and this can happen when building with parallelisation as that makes it likely for arm-trusted-firmware-* to be build very early before any of the libraries which would implicitely create the directory. Fix this by making sure the include dir exists before building.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 738d44f)
imagebuilder: export SOURCE_DATE_EPOCH to environment
Export SOURCE_DATE_EPOCH to environment so filesystem and image creation tools will make use of it. Fixes reproducibility of images generated with the ImageBuilder.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 5cf5dce)
This updates mac80211 to version 5.15.33-1 which is based on kernel 5.15.33. The removed patches were applied upstream.
This new release contains many fixes which were merged into the upstream Linux kernel. This also contains the following new drivers which are needed for ath11k: * net/qrtr/ * drivers/bus/mhi/
Generate FAT filesystem for EFI boot in a reproducible way: * use '--invariant' option of mkfs.fat * set timestamps of all files to SOURCE_DATE_EPOCH * make sure files are ordered locale-independent
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: aece8f5)
- CVE-2022-25640: A TLS v1.3 server who requires mutual authentication can be bypassed. If a malicious client does not send the certificate_verify message a client can connect without presenting a certificate even if the server requires one.
- CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS v1.3 server can have its certificate heck bypassed. If the sig_algo in the certificate_verify message is different than the certificate message checking may be bypassed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (commit: e89f3e8)
Changes: new features: - qsort_r function (POSIX-future) - pthread_getname_np extension function - hard float on SPE FPU for powerpc-sf - SEEK_DATA and SEEK_HOLE exposed in unistd.h (Linux extensions)
compatibility: - free now preserves errno (POSIX-future requirement) - setjmp is declared explicitly with returns_twice for non-GCC compilers - macro version of isascii is no longer defined for C++ - dynamic linker now tolerates zero-length LOAD segments - epoll_[p]wait is now a cancellation point - pwd/grp functions no longer fail on systems without AF_UNIX support - POSIX TZ parsing is stricter to allow more names to fallback to files - NULL is now defined as nullptr when used in C++11 or later - gettext now accepts null pointer as argument
bugs fixed: - old regression in wcwidth of Hangul combining (vowel/final) letters - duplocale used wrong malloc when malloc was replaced (1.2.2 regression) - fmaf rounded wrong on archs without FE_TOWARDZERO (all softfloat archs) - popen didn't honor requirement not to leak other popen pipe fds to child - aligned_alloc and variants crashed on allocation failure - dl_iterate_phdr reported incorrect module TLS pointers - mishandling of some inputs in acoshf and expm1f and functions using them - potentially wrong-sign zero in cproj functions at infinity - multiple bugs in legacy function cuserid - minor posix_spawn file actions API conformance issues - pthread_setname_np fd leak - out-of-bound read in zoneinfo handling with distant-past times - out-of-tree builds lacked generated debug cfi for x86 asm
arch-specific bugs fixed: - powerpc (32-bit) struct shmid_ds layout was wrong for some fields - time64 struct layout was wrong in sound ioctl fallback (32-bit archs)
In addition it contains the following improvements: * protect stack canary from leak via read-as-string by zeroing second byte * fix excessively slow TLS performance on some mips models
netfilter: move nf-log modules into separate packages
Both legacy iptables and nftables require nf-log modules for rule logging, so move them into a separate package both firewall implementations can depend on.
Make sure sysupgrade on NAND also works in case of UBI volumes having index >9. While at it, also make sure UBI device is detected and abort in case it isn't. Use Shell built-in shorthand ':' instead of 'true'.
Fixes #9708 Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 0dbca1b)
Checking whether /sbin/udhcpc is a symbolic link breaks using the DHCP proto handler inside procd-ujail where bind-mounts are used for the resolved link. Check whether /sbin/udhcpc is executable instead to allow using the proto handler for DHCP-provisioned containers.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: c5f113c)
urandom-seed: go back to seeding with shell script temporarily
This reverts commit 2edc017a6e0cb92b72b768aaa46c6d336ad84eff.
We shouldn't be using a shell script here, but the SeedRNG integration into OpenWRT requires a bit more thought. Etienne raised some important points immediately after this was merged and planned to send some follow up commits, but became busy with other things. The points he raised are important enough that we should actually back this out until it's ready to go, and then merge it as a cohesive unit. So let's revert this for now, and come back to it later on.
Cc: Etienne Champetier <champetier.etienne@gmail.com> Cc: Petr Štetiar <ynezz@true.cz> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (commit: a001630)
gemini: Create patches and config for kernel v5.15
This creates a v5.15 baseline for the Gemini platform. The main new attraction is the new crypto driver from Corentin Labbe that we activate in the new config. Config was refreshed.
scripts/gen_image_generic.sh: fix order of files in EFI bootfs
mtools recursive copy (mcopy -s ...) is using READDIR(3) to iterate over the directory entries, hence they end up in the FAT filesystem in traversal order which breaks reproducibility (rather than being added to the FAT filesystem in a reproducible order). Implement recursive copy in gen_image_generic.sh in Shell code instead, as in that way we can force files to be copied in reproducible order.
Improvements since the 4.0.38 release are: - Rename strtoi to strosi (string to signed int). The strtoi function on BSD does something else (returns an intmax, not an int)
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 08ebc38)
Upstream in commit 3e1e58d64c3d ("net: add generic selftest support") in version 5.13 added generic selftests module and usb-net-asix already depends on it, in version 5.18 via commit 1710b52d7c13 ("net: usb: smsc95xx: add generic selftest support") it will be used by usb-net-smsc95xx as well.
Signed-off-by: Petr Štetiar <ynezz@true.cz> (commit: 8361946)
Upstream in commit 34a1dee6bc44 ("net: usb: asix: ax88772: add generic selftest support") in version 5.14 added dependency on generic selftest functionality and armvirt/64 when compiled with ALL_KMODS=y reports following:
Package kmod-usb-net-asix is missing dependencies for the following libraries: mdio_devres.ko selftests.ko
Signed-off-by: Petr Štetiar <ynezz@true.cz> (commit: afb0e93)
- QCA9563 (775MHz), 128MB RAM, 16MB SPI NOR - 2T2R 802.11b/g/n 2.4GHz - 2T2R 802.11n/ac 5GHz - 2x 10/100/1000 Mbps Ethernet, with 802.3at PoE support (WAN port)
LED for 5 GHz WLAN is currently not supported as it is connected directly to the QCA9882 radio chip.
Flash instructions:
If your device comes with generic QSDK based firmware, you can login over telnet (login: root, empty password, default IP: 192.168.188.253), issue first (important!) 'fw_setenv' command and then perform regular upgrade, using 'sysupgrade -n -F ...' (you can use 'wget' to download image to the device, SSH server is not available):
In case your device runs firmware with YunCore custom GUI, you can use U-Boot recovery mode:
1. Set a static IP 192.168.0.141/24 on PC and start TFTP server with 'tftp' image renamed to 'upgrade.bin' 2. Power the device with reset button pressed and release it after 5-7 seconds, recovery mode should start downloading image from server (unfortunately, there is no visible indication that recovery got enabled - in case of problems check TFTP server logs)
ath9k is setting the TX PA DC bias level different on QCA9561 and QCA9565 although they have the same radio IP-core, which results in a very low output power and very low throughput as devices are further away from the AP (compared to other 2.4GHz APs.)
In real life testing, without this patch the 2.4GHz throughput on Yuncore XD3200 is around 10Mbps sitting close to the AP, and close to theoretical maximum with the patch applied.
- QCA9533 (650 MHz), 64 or 128MB RAM, 16MB SPI NOR - 2x 10/100 Mbps Ethernet, with 802.3at PoE support (WAN) - 2T2R 802.11b/g/n 2.4GHz
Flash instructions:
If your device comes with generic QSDK based firmware, you can login over telnet (login: root, empty password, default IP: 192.168.188.253), issue first (important!) 'fw_setenv' command and then perform regular upgrade, using 'sysupgrade -n -F ...' (you can use 'wget' to download image to the device, SSH server is not available):
In case your device runs firmware with YunCore custom GUI, you can use U-Boot recovery mode:
1. Set a static IP 192.168.0.141/24 on PC and start TFTP server with 'tftp' image renamed to 'upgrade.bin' 2. Power the device with reset button pressed and release it after 5-7 seconds, recovery mode should start downloading image from server (unfortunately, there is no visible indication that recovery got enabled - in case of problems check TFTP server logs)
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net> Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> (commit: a05dcb0)
For some reason useless labels and aliases have been propagated through copy-paste. Before the issue spreads any further, this patch cleans up all relevant DTS files to the canonical form, bringing ath79 in line with other mikrotik platforms (ramips and ipq40xx).
image: strip metadata from images when used in other artifacts
Image metadata and signature is of no use for images which are included inside other artifacts (like an SD-card image). Strip them off before using images in artifacts or stashing them for the ImageBuilder as the contained signature breaks reproducibility.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 7a256d9)
The vendor u-boot image accepts sysupgrade.bin image with specific requirements, including having squashfs signature "hsqs" at file offset 0x140000. This is not possible now that OpenWrt kernel image is at least 2MB with the signature at offset 0x240000.
Installation of current build of OpenWrt now requires a bootstrap step of installing an earlier version first.
- If the vendor u-boot accepts sysupgrade image, hc6361 image of LEDE release should work - If the vendor u-boot accepts only verified flashsmt image, install the one in the above device page. The image is based on Barrier Breaker
The existing device tree has incorrect definitions for usb3_0 and usb3_1 and the blocks they depend upon: their addresses and interrupts are swapped. However, their clocks and resets are not. The result is that the USB blocks are non-functional if only one of them is enabled.
This fix backports the definitions from mainline Linux 5.15 to OpenWrt's 5.10 dtsi additions. See the relevant mainline code here: https://github.com/torvalds/linux/blob/v5.17/arch/arm/boot/dts/qcom-ipq8064.dtsi#L1062-L1148
This fix does not break existing ports. But some ports may have enabled both USB blocks even thought their board only implements one, because enabling a single USB block would not have worked before this fix. This means that revisiting all ports of ipq806x devices that implement a single USB port is advised. This work must be done by maintainers that can determine which USB block corresponds to the implemented port on their hardware.
Note that this fix swaps the names of the hardware ports. This is unfortunate, but will happen anyway when switching to kernel 5.15. Thus, it is best to do this ASAP, before users get to depend on port names.
It is strongly recommended that this fix is backported to 22.03 before its release. This will minimize the number of users affected by the port name swap.
This is required to support built-in modem of ZTE MF286R, in addition to other external modems, such as MF831, MF910, MF920, which refuse to reconfigure their remote MAC address, even if "locally administered" bit is set, leading to dropped traffic towards the host. Add a workaround for that issue already present in cdc_ether to rndis_host driver as well.
Add ifname property to UCI, which can be used to override the autodetected interface name in case the detection fails due to having none or more than one interface exposed by the modem, which is not explicitly linked to TTY port. This is needed on certain variants of ZTE MF286R built-in modem, which exposes both RNDIS and CDC-ECM interfaces on the modem, on which the automatic detection may select the wrong network interface.
comgt: ncm: select first available network interface for device
Some modems expose multiple network interfaces on the same USB device, causing the connection setup script to fail, because glob matching in the detection phase causes 'ls' to output more than one interface name plus their base directories in sysfs. Avoid that by listing the directories explicitly and then selecting first available interface. This is the case for some variants of ZTE MF286R built-in modem, which exposes both RNDIS and CDC-ECM network interfaces, causing the connection setup to fail.
comgt: ncm: try to detect interface for ttyACM ports
Some modems expose ttyACM as their control ports, which have the "device" symlink pointing one level down in sysfs tree. Try to find network interfaces for them as well, this is commonly used for modems exposing ACM + RNDIS or ACM + ECM interface combinations.
The modem is based on Marvell PXA1826 and uses ACM+RNDIS interface to establish connection with custom commands specific to ZTE modems. Two variants of modems were discovered, some identifying themselves as "ZTE", and others as plain "Marvell", the chipset manufacturer. The modem itself runs a fork of OpenWrt inside, which root shell can be accessed via ADB interface.
lantiq: fritz736x: Move GPIO resets to the inidvidual board.dts files
FRITZ!Box 7360 V2 and FRITZ!Box 7360 SL both use GPIOs 37 (for &phy0) and GPIO 44 (for &phy1) to control the PHY's reset lines. FRITZ!Box 7362 SL however uses GPIO 45 (for &phy0) and GPIO 44 (for &phy1). Move the GPIO reset definitions to each individual board .dts and while at it, fix the GPIOs for the FRITZ!Box 7362 SL.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> (commit: 56cd49b)
The Wavlink WL-WN531A3 is an AC1200 router with 5 fast ethernet ports and one USB 2.0 port. It's also known as Wavlink QUANTUM D4.
Hardware -------- SoC: Mediatek MT7628AN RAM: 64MB FLASH: 8MB NOR (GigaDevice GD25Q64CSIG3) ETH: - 5x 10/100 Mbps Ethernet (4x LAN + 1x WAN) WIFI: - 2.4GHz: 1x (integrated in SOC) (2x2:2) - 5GHz: 1x MT7612E (2x2:2) - 4 external antennas BTN: - 1x Reset button - 1x WPS button - 1x Turbo button - 1x Touchlink button - 1x ON/OFF switch LEDS: - 1x Red led (system status) - 1x Blue led (system status) - 7x Blue leds (wifi led + 5 ethernet ports + power) USB: - 1x USB 2.0 port UART: - 57600-8-N-1 J1 O VCC +3,3V (near lan ports) o RX o TX o GND
Everything works correctly.
Currently there is no firmware update available. Because of this, in order to restore the OEM firmware, you must firstly dump the OEM firmware from your router before you flash the OpenWrt image.
Backup the OEM Firmware ----------------------- The following steps are to be intended for users having little to none experience in linux. Obviously there are many ways to backup the OEM firmware, but probably this is the easiest way for this router. Procedure tested on M31A3.V4300.200420 firmware version.
1) Go to http://192.168.10.1/webcmd.shtml
2) Type the following line in the "Command" input box and then press enter: mkdir /etc_ro/lighttpd/www/dev; cp /dev/mtd0ro /etc_ro/lighttpd/www/dev/mtd0ro; ls -la /etc_ro/lighttpd/www/dev/mtd0ro
3) After few seconds in the textarea should appear this output: -rw-r--r-- 1 0 0 8388608 /etc_ro/lighttpd/www/dev/mtd0ro
If your output doesn't match mine, stop reading and ask for help in the forum.
4) Open in another tab http://192.168.10.1/dev/mtd0ro to download the content of the whole NOR. If the file size is 0 byte, stop reading and ask for help in the forum.
5) Come back to the http://192.168.10.1/webcmd.shtml webpage and type: rm /etc_ro/lighttpd/www/dev/mtd0ro; for i in 1 2 3 4 ; do cp /dev/mtd${i}ro /etc_ro/lighttpd/www/dev/mtd${i}ro; done; ls -la /etc_ro/lighttpd/www/dev/
6) After few seconds, in the textarea should appear this output: -rw-r--r-- 1 0 0 196608 mtd1ro -rw-r--r-- 1 0 0 65536 mtd2ro -rw-r--r-- 1 0 0 65536 mtd3ro -rw-r--r-- 1 0 0 8060928 mtd4ro drwxr-xr-x 7 0 0 0 .. drwxr-xr-x 2 0 0 0 .
If your output doesn't match mine, stop reading and ask for help in the forum.
7) Open the following links to download the partitions of the OEM FW: http://192.168.10.1/dev/mtd1ro http://192.168.10.1/dev/mtd2ro http://192.168.10.1/dev/mtd3ro http://192.168.10.1/dev/mtd4ro
If one (or more) of these files are 0 byte, stop reading and ask for help in the forum.
8) Store these downloaded files in a safe place.
9) Reboot your router to remove any temporary file in ram.
Installation ------------ Flash the initramfs image in the OEM firmware interface (http://192.168.10.1/update.shtml). When Openwrt boots, flash the sysupgrade image otherwise you won't be able to keep configuration between reboots.
Restore OEM Firmware -------------------- Flash the "mtd4ro" file you previously backed-up directly from LUCI. Warning: Remember to not keep settings! Warning2: Remember to force the flash.
Notes ----- 1) Router mac addresses: LAN XX:XX:XX:XX:XX:9B (factory @ 0x28) WAN XX:XX:XX:XX:XX:9C (factory @ 0x2e) WIFI 2G XX:XX:XX:XX:XX:9D (factory @ 0x04) WIFI 5G XX:XX:XX:XX:XX:9E (factory @ 0x8004)
LABEL XX:XX:XX:XX:XX:9D
2) There is just one wifi led for both wifi interfaces. It currently shows only the 2.4 GHz wifi activity.
This device is from now-defunct BOLT! ISP in Indonesia. The original firmware is based on mediatek SDK running linux 2.6 or 3.x in later revision.
Specifications:
- SoC: MediaTek MT7621 - Flash: 32 MiB NOR SPI - RAM: 128 MiB DDR3 - Ethernet: 2x 10/100/1000 Mbps (switched, LAN + WAN) - WIFI0: MT7603E 2.4GHz 802.11b/g/n - WIFI1: MT7612E 5GHz 802.11ac - Antennas: 2x internal, non-detachable - LEDs: Programmable LEDs: 5 blue LEDs (wlan, tel, sig1-3) and 2 red LEDs (wlan and sig1) Non-programmable "Power" LED - Buttons: Reset and WPS
Instalation: Install from TFTP
Set your PC IP to 10.10.10.3 and gateway to 10.10.10.123 Press "1" when turning on the router, and type the initramfs file name
You also need to solder pin header or cable to J4 or neighboring test points (T19-T21) Pinouts from top to bottom: GND, TX, RX, VCC (3.3v) Baudrate: 57600n8
There's also an additional gigabit transformer and RTL8211FD managed by the LTE module on the backside of the PCB.
Signed-off-by: Abdul Aziz Amar <abdulaziz.amar@gmail.com> (commit: 78c3534)
MAC addresses as verified by OEM firmware: use address source Lan/Wan/2G *:60 factory 0x4 (label) 5G *:64 factory 0x8000
Serial console: 57600,8n1
Installation:
Asus windows recovery tool:
install the Asus firmware restoration utility unplug the router, hold the reset button while powering it on release when the power LED flashes slowly specify a static IP on your computer: IP address: 192.168.1.75 Subnet mask 255.255.255.0 start the Asus firmware restoration utility, specify the factory image and press upload do NOT power off the device after OpenWrt has booted until the LED flashing after flashing OpenWrt, there will be first no 5GHz Wifi available probably, wait until blinking finishes and do a reboot TFTP Recovery method:
set computer to a static ip, 192.168.1.75 connect computer to the LAN 1 port of the router hold the reset button while powering on the router for a few seconds send firmware image using a tftp client; i.e from linux: $ tftp tftp> binary tftp> connect 192.168.1.1 tftp> put factory.bin tftp> quit do NOT power off the device after OpenWrt has booted until the LED flashing after flashing OpenWrt, there will be first no 5GHz Wifi available probably, wait until blinking finishes and do a reboot
ramips: mt7621: make u_env partition r/w for Linksys EA7xxx devices
Make u_env partition read/write - currently cannot write to it, which blocks fw_setenv. This in turn breaks features like Advanced Reboot, which rely on setting the environment variable boot_part (1 or 2).
Signed-off-by: Russell Morris <rmorris@rkmorris.us> (commit: fb3f519)
The Sophos AP100, AP100C, AP55, and AP55C are dual-band 802.11ac access points based on the Qualcomm QCA9558 SoC. They share PCB designs with several devices that already have partial or full support, most notably the Devolo DVL1750i/e.
The AP100 and AP100C are hardware-identical to the AP55 and AP55C, however the 55 models' ART does not contain calibration data for their third chain despite it being present on the PCB.
Specifications common to all models: - Qualcomm QCA9558 SoC @ 720 MHz (MIPS 74Kc Big-endian processor) - 128 MB RAM - 16 MB SPI flash - 1x 10/100/1000 Mbps Ethernet port, 802.3af PoE-in - Green and Red status LEDs sharing a single external light-pipe - Reset button on PCB[1] - Piezo beeper on PCB[2] - Serial UART header on PCB - Alternate power supply via 5.5x2.1mm DC jack @ 12 VDC
Unique to AP100 and AP100C: - 3T3R 2.4GHz 802.11b/g/n via SoC WMAC - 3T3R 5.8GHz 802.11a/n/ac via QCA9880 (PCI Express)
AP55 and AP55C: - 2T2R 2.4GHz 802.11b/g/n via SoC WMAC - 2T2R 5.8GHz 802.11a/n/ac via QCA9880 (PCI Express)
AP100 and AP55: - External RJ45 serial console port[3] - USB 2.0 Type A port, power controlled via GPIO 11
Flashing instructions:
This firmware can be flashed either via a compatible Sophos SG or XG firewall appliance, which does not require disassembling the device, or via the U-Boot console available on the internal UART header.
To flash via XG appliance: - Register on Sophos' website for a no-cost Home Use XG firewall license - Download and install the XG software on a compatible PC or virtual machine, complete initial appliance setup, and enable SSH console access - Connect the target AP device to the XG appliance's LAN interface - Approve the AP from the XG Web UI and wait until it shows as Active (this can take 3-5 minutes) - Connect to the XG appliance over SSH and access the Advanced Console (Menu option 5, then menu option 3) - Run `sudo awetool` and select the menu option to connect to an AP via SSH. When prompted to enable SSH on the target AP, select Yes. - Wait 2-3 minutes, then select the AP from the awetool menu again. This will connect you to a root shell on the target AP. - Copy the firmware to /tmp/openwrt.bin on the target AP via SCP/TFTP/etc - Run `mtd -r write /tmp/openwrt.bin astaro_image` - When complete, the access point will reboot to OpenWRT.
To flash via U-Boot serial console: - Configure a TFTP server on your PC, and set IP address 192.168.99.8 with netmask 255.255.255.0 - Copy the firmware .bin to the TFTP server and rename to 'uImage_AP100C' - Open the target AP's enclosure and locate the 4-pin 3.3V UART header [4] - Connect the AP ethernet to your PC's ethernet port - Connect a terminal to the UART at 115200 8/N/1 as usual - Power on the AP and press a key to cancel autoboot when prompted - Run the following commands at the U-Boot console: - `tftpboot` - `cp.b $fileaddr 0x9f070000 $filesize` - `boot` - The access point will boot to OpenWRT.
MAC addresses as verified by OEM firmware:
use address source LAN label config 0x201a (label) 2g label + 1 art 0x1002 (also found at config 0x2004) 5g label + 9 art 0x5006
Increments confirmed across three AP55C, two AP55, and one AP100C.
These changes have been tested to function on both current master and 21.02.0 without any obvious issues.
[1] Button is present but does not alter state of any GPIO on SoC [2] Buzzer and driver circuitry is present on PCB but is not connected to any GPIO. Shorting an unpopulated resistor next to the driver circuitry should connect the buzzer to GPIO 4, but this is unconfirmed. [3] This external RJ45 serial port is disabled in the OEM firmware, but works in OpenWRT without additional configuration, at least on my three test units. [4] On AP100/AP55 models the UART header is accessible after removing the device's top cover. On AP100C/AP55C models, the PCB must be removed for access; three screws secure it to the case. Pin 1 is marked on the silkscreen. Pins from 1-4 are 3.3V, GND, TX, RX
Signed-off-by: Andrew Powers-Holmes <andrew@omnom.net> (commit: 6f1efb2)
* If "Active Image" has the first option selected, OpenWrt will need to be flashed to the "Active" partition. If the second option is selected, OpenWrt will need to be flashed to the "Backup" partition.
* Navigate to Maintenance > Firmware > Upload
* Upload the openwrt-realtek-rtl838x-zyxel_gs1900-24hp-v1-initramfs-kernel.bin file by your preferred method to the previously determined partition. When prompted, select to boot from the newly flashed image, and reboot the switch.
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs image.
* Connect serial, power up the switch, interrupt U-boot by hitting the space bar, and enable the network:
> rtk network on
* Since the GS1900-24HP v1 is a dual-partition device, you want to keep the OEM firmware on the backup partition for the time being. OpenWrt can only be installed in the first partition anyway (hardcoded in the DTS). To ensure we are set to boot from the first partition, issue the following commands:
> setsys bootpartition 0 > savesys
* Download the image onto the device and boot from it:
Signed-off-by: Martin Kennedy <hurricos@gmail.com> [Add info on PoE hardware to commit message] Signed-off-by: Sander Vanheule <sander@svanheule.net> (commit: a5ac8ad)
This reverts commit f9ff282d17ec652d63fa2404e47bb0e15ed95b69 as during upstream patch review process nbd pointed out, that this patch needs more work:
"The patch looks wrong to me. I'm pretty sure that AR_CH0_TOP2 is the correct register, the definition has an explicit check for 9561 as well. I believe this patch works by accident because it avoids writing a wrong value to that register."
OrayBox X3A is a 2.4/5GHz dual band AC router, based on MediaTek MT7621.
Specification: * SoC: MT7621 * RAM: DDR3 128 MiB * Flash: 16 MiB NOR (XM25Q128) * Wi-Fi: (single chip hosting both 2.4G and 5G) * 2.4GHz: MT7615 * 5GHz: MT7615 * Ethernet: 3x 1000Mbps * Switch: MT7530 * LED: * Ethernet LEDs: On the back of the router, hardware-controlled. * Status LEDs: One "pixel-like" RGB LED in the front of the router, which is actually made up of 3 individual LEDs (with dedicated GPIO pins) with the color of Red, Green, and Blue. The OEM firmware only lights up one color at a time to indicate status, but that's very boring, and the colors actually look great when combined, so I've improvised a little and made them indicate netdev activities. My test results: GPIO 13/14/15 000 white (actually more like bright green or cyan because the brightness of the green LED is higher than red and blue) 001 bright purple 010 bright green 011 red 100 bright cyan 101 blue 110 green 111 off
Flash Layout: 0x0000000-0x0030000 : "u-boot" 0x0030000-0x0040000 : "u-boot-env" 0x0040000-0x0050000 : "factory" 0x0050000-0x0f50000 : "firmware" /*0x0f50000 to 0x0fe0000 is undefined, same as OEM firmware*/ 0x0fe0000-0x0ff0000 : "bdinfo" 0x0ff0000-0x1000000 : "reserve"
Installation via SSH (does not void your warranty): 1. -----UNLOCK SSH----- 1.1 Set computer IP to DHCP mode, load 'http://10.168.1.1/cgi-bin/luci' in your browser. Password is 'admin'. 1.2 Click the "备份且导出" (backup and export) button, and download the config file. 1.3 Open the downloaded file with 7zip, navigate to '/etc/config/'. 1.4 Edit the file './system'. Change the '0' into '1' under "config sys 'ssh'". 1.5 Save the file. 1.6 Upload the file by clicking the "导入且恢复" (import and recover) button. The router will automatically reboot. 2. -----FLASH THE OPENWRT FIRMWARE----- 2.1 Use any scp tool to upload the 'sysupgrade' firmware to the '/tmp/' folder to your router. It should be root@10.168.1.1 and the password is 'admin'. 2.2 SSH into the router, also root@10.168.1.1 and the password is 'admin'. 2.3 **IMPORTANT** Type command 'dd if=/dev/mtd3 of=/tmp/firmware.bin', to backup the stock firmware. Since the OEM does not provide firmware download on their website, this is the only way to get it. 2.3 **ALSO IMPORTANT** Use any scp tool to download your backed-up stock firmware from '/tmp/' to your local drive. Then you'd better use a hex reading tool to have a rough look at it to make sure nothing is corrupt. Or u can just back up again and cross check the MD5. 2.4 Type command 'mtd write /tmp/XXX.bin firmware', and it should flash the firmware. 2.5 Verify that nothing went wrong. If you're confident, type 'reboot' and reboot the router.
Revert to stock firmware: 1. load stock firmware using mtd (make sure u have a backup).
Signed-off-by: Ray Wang <raywang777@foxmail.com> (commit: 9a750aa)
This patch fixes an invalid TX PA DC bias level on QCA9561, which results in a very low output power and very low throughput as devices are further away from the AP (compared to other 2.4GHz APs), following a suggestion from nbd[1].
See https://mikrotik.com/product/RBwAP2nD for more info.
Flashing: TFTP boot initramfs image and then perform sysupgrade. Follow common MikroTik procedure as in https://openwrt.org/toh/mikrotik/common.
Note: following 781d4bfb397cdd12ee0151eb66c577f470e3377d The network setup avoids using the integrated switch and connects the single Ethernet port directly. This way, link speed (10/100 Mbps) is properly reported by eth0.
Signed-off-by: David Musil <0x444d@protonmail.com> (commit: e20de22)
base-files: safer sysupgrade for kernel-in-UBI devices
Ensure that the kernel CRC is invalidated while rootfs is being updated. This allows the bootloader to detect an interrupted sysupgrade and fall back to an alternate booting method, instead of just going ahead with normal boot and effectively bricking the device.
Possible fallbacks include a recovery initramfs partition or UBI volume and TFTP. See here for an example U-Boot configuration with fallbacks: https://shorturl.at/befsA (https://github.com/Lanchon/openwrt-tr4400-v2/ blob/e7d707d6bd7839fbd0b8d0bd180fce451df77e47/install-recovery.sh#L52-L63)
base-files: safer sysupgrade.tar for kernel-out-of-UBI
Ensure that the kernel CRC is invalidated while rootfs is being updated. This allows the bootloader to detect an interrupted sysupgrade and fall back to an alternate booting method, such as TFTP, instead of just going ahead with normal boot and effectively bricking the device.
Prepares code for ubirename-based safe sysupgrade implementation.
Fixes several issues: - the special CI_KERNPART value "none" is ignored if an MTD partition named "none" exists - misleading variable names (such as has_kernel to mean "tar has kernel and it should not be written to an MTD partition but a UBI volume") - inconsistent treatment of zero-length tar member files - inconsistent meaning of "0" and "" variable values - redundant operations (unneeded untaring, repeated untaring, unneeded partition lookups) - inconsistent variable quoting
Remove redundant check from nand ubinized sysupgrade code. This check has already been done in the only caller of the affected function: nand_do_upgrade.
Fix issues while retaining configuration during nand sysupgrade: - abort configuration saving if data partition is not found - generate diagnostics if saving fails (eg, because of lack of space) - do not output "sysupgrade successful" in case of errors
Attempt to minimize the time during which an interrupted nand sysupgrade can lead to a non-functional device by flushing caches before starting the upgrade procedure.
mediatek: mt7622: remove '0x' prefix from pstore address in dts
Adresses of device tree nodes are typically noted without the '0x' prefix. While having the '0x' prefix doesn't hurt when using Linux, more recent versions of U-Boot will add a duplicate ramoops node as a simple string compare is used to check if the node is already present.
Remove the '0x' prefix to avoid the kernel warning resulting from U-Boot adding a dupplicate pstore/ramoops node.
See also https://lists.denx.de/pipermail/u-boot/2022-April/481810.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: fc24533)
uboot-mediatek: remove '0x' prefix from pstore node
Remove '0x' prefix from pstore node in dts, just like it was done for the device tree used by Linux on MT7622. This change is done in preparation to update U-Boot to 2022.04.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 810b48e)
To create packages the `ipkg-build` script is used which double packs `control.tar.gz` and `data.tar.gz` to a single package. By default it's using a verbose username instead of a numeric value for files.
Official OpenWrt images (artifacts) are created within docker containers which do not seem to contain those verbose usernames and instead defaults to numeric values.
This becomes a problem when rebuilding public artifacts because other build environments may offer verbose usernames and there the created packages is different from the official ones.
With this commit `ipkg-build` always uses numeric values for user/group and thereby making it easier to reproduce official artifacts.
Signed-off-by: Paul Spooren <mail@aparcar.org> (commit: 7a73221)
MPLS feature symbols are normally only set when kmod-mpls is enabled, but the CONFIG_MPLS symbol they depend on could also have been selected by openvswitch instead
Signed-off-by: Felix Fietkau <nbd@nbd.name> (commit: 92add80)
uboot-mediatek: replace patch with accepted commit
Replace pending patch with version accepted upstream. Other than in the first suggested version, the new property is now called 'u-boot,bootconf' instead of 'bootconf'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 079828f)
kernel: update FIT partition parser to new property name
The commit "uboot-mediatek: replace patch with accepted commit" changed the name of the boot configuration property from 'bootconf' to 'u-boot,bootconf'. Reflect this change in the FIT partition parser.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 690f715)
ath79: ZTE MF286R: add comgt-ncm to DEVICE_PACKAGES
When adding support to the router's built-in modem, this required package was omitted, because it was already enabled in the image configuration in use for testing, and this went unnoticed. In result, the modem still isn't fully supported in official images. As it is the primary WAN interface, add the missing package.
There are two versions which are identical apart from the enclosure: YunCore AX820: indoor ceiling mount AP with integrated antennas YunCore HWAP-AX820: outdoor enclosure with external (N) connectors
Flash instructions: The "OpenWRT support" version of the AX820 comes with a LEDE-based firmware with proprietary MTK drivers and a luci webinterface and ssh accessible under 192.168.1.1 on LAN; user root, no password. The sysupgrade.bin can be flashed using luci or sysupgrade via ssh, you will have to force the upgrade due to a different factory name. Remember: Do *not* preserve factory configuration!
MAC addresses as used by OEM firmware: use address source 2g 44:D1:FA:*:0b Factory 0x0004 (label) 5g 46:D1:FA:*:0b LAA of 2g lan 44:D1:FA:*:0c Factory 0xe000 wan 44:D1:FA:*:0d Factory 0xe000 + 1 The wan MAC can also be found in 0xe006 but is not used by OEM dtb.
Due to different MAC handling in mt76 the LAA derived from lan is used for 2g to prevent duplicate MACs when creating multiple interfaces.
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net> (commit: 4891b86)
TP-Link RE650 v2 is largely similar to v1 that is already supported by OpenWrt. Notable differences is differnt SPI Flash - 8 MB instead of 16 MB (from cFeon instead of Winbond) and a different configuration of PCIE connections to wifi chips. Otherwise it's largely the same product as v1
Hardware specification:
- SoC 880 MHz - MediaTek MT7621AT - 128 MB of DDR3 RAM - 8 MB - cFeon QH64A-104HIP - 4T4R 2.4 GHz - MediaTek MT7615E - 4T4R 5 GHz - MediaTek MT7615E - 1x 1 Gbps Ethernet - MT7621AT integrated - 7x LEDs (Power, 2G, 5G, WPS(x2), Lan(x2)) - 4x buttons (Reset, Power, WPS, LED) - UART pinout - GND, RX, TX, labeled in the middle of the PCB, requires soldering because they're not through holes.
Serial console @ 57600,8n1
Flash instructions:
Upload openwrt-ramips-mt7621-tplink_re650-v2-squashfs-factory.bin from the RE650 web interface.
TFTP recovery to stock firmware: I didn't try recovering back to the stock firmware, however, if there is such process for other RExxx devices, it seems like it could be similar here.
Signed-off-by: Marcin Gordziejewski <openwrt@flicksfix.com> (commit: 3979997)
mpc85xx: define reset-delay for WS-AP3825i eth PHY
The WS-AP3825i uses Atheros PHYs which according to the datasheet require the reset to be asserted for at least 1 ms.
This fixes broken eth1 upon soft-reboot. eth0 is no affected, as the ifup / ifdown cycle in preinit prevents this issue from happening when the system is ready.
Reported-by: Tom Herbers <freifunk@tomherbers.de> Signed-off-by: David Bauer <mail@david-bauer.net> (commit: 8b3c313)
The bootloader does seem to not correctly patch in the MAC address for eth0 / eth1 in some cases. While the root cause is not known, manually applying the MAC-Address in preinit does not hurt.
Reported-by: Tom Herbers <freifunk@tomherbers.de> Signed-off-by: David Bauer <mail@david-bauer.net> (commit: c6d5251)
95ca1c3 nat46-core: ignore IPv4 options when translating packets 39778c2 add a module argument to ignore TOS translate for IPv4 9a36ee1 add a module argument to ignore TOS translate for IPv4 79190a8 add a module argument to ignore TOS translate for IPv4
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (commit: 432a25d)
the OOB layout in MTK SNFI uses the 2nd byte, and anything using OOB will make the block a bad-block in spi-nand driver. Hack it for now. We need a proper solution upstream.
the SPI-NAND driver switch breaks dts compatibility. It's too much work to backport all ECC framework support to 5.10 so let's switch the target to 5.15 instead.
This commit is completely based on the work of adron-s: https://github.com/openwrt/openwrt/pull/4721#issuecomment-1101108651
The commit fixes the data corruption on TX packets. Packets are transmitted, but their contents are replaced with zeros. This error is caused by the lack of guard (50 ms) intervals between calibration phases. This error is treated by adding mdelay(50) to the calibration function code. In the original qca-ssda code [0], these mdelays were existing, but in the ar41xx.c they are gone.
Suggested-by: Serhii Serhieiev <adron@mstnt.com> Reviewed-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: ab7e53e)
Last attempt on this has a typo and doen't work. It seems that this is a common problem occurring on every kernel bump, so let's enforce arch timer support for mt7623 with a patch instead.
Fixes: 9a22943eb2 ("mediatek: 5.15: re-enable arch timer on MT7623 as well") Signed-off-by: Chuanhong Guo <gch981213@gmail.com> (commit: b2d802f)
kernel: don't parse FIT partition on NAND-backed mtdblock
ubiblock devices should be used on NAND flash to store the uImage.FIT in case the bootloader supports that -- otherwise only rootfs is stored in UBI while the uImage.FIT contains only the kernel and dtb. Hence there is no need to enable parsing partitions on NAND mtdblock devices, it is even responsible for the ugly warning on-opening of the mtdblock device now. Just don't do it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 2acf355)
Disable support for joysticks, micee and tablets. There's no actual driver selected in kconfig, and including kernel support is just a waste of space. Besides that, I believe nobody wants these on a router.
The config for LEDS_UBNT_LEDBAR doesn't stay in mt7629 kconfig because of its I2C dependency. Build it as a module and let buildroot handle this config option instead.
Fixes: db34b93331e9 (add a version that can be bumped to force toolchain/target rebuild) Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com> (commit: aeaa816)
In commit 7e614820a892 ("mpc85xx: add support for Extreme Networks WS-AP3825i"), we borrowed a recipe convention from apm821xx for device tree blob padding. Unfortunately, in the apm821xx target, the image recipes name the device tree blob differently, meaning that in mpc85xx, the padded dtb is never consumed.
Change the definition of `Build/dtb` so that it outputs the padded dtb to the correct location for it to be consumed.
Also, rename the recipe to `Build/pad-dtb`, so it is clear we are building and padding the device tree blob.
The Wavlink WL-WN533A8 is an AC3000 router with 5 gigabit ethernet ports and one USB 3.0 port. It's also known as Wavlink QUANTUM T8.
Hardware -------- SoC: Mediatek MT7621A RAM: 128MB (Nanya NT5CB64M16GP-EK) FLASH: 16MB NOR (GigaDevice GD25Q127CSIG3) ETH: - 5x 10/100/1000 Mbps Ethernet (4x LAN + 1x WAN) WIFI: - 1x MT7615DN (2x 2x2:2) 2.4GHz and 5GHz DBDC - 1x MT7615NE (4x4:4) 5GHz - 8 external antennas BTN: - 1x Reset button - 1x WPS button - 1x Turbo button - 1x Touchlink button - 1x ON/OFF switch LEDS: - 1x Red led (system status) - 1x Blue led (system status) - 7x Blue leds (wifi led + 5 ethernet ports + power) USB: - 1x USB 3.0 port UART: - 57600-8-N-1 J4
Everything works correctly.
Installation ------------ Flash the initramfs image in the OEM firmware interface (http://192.168.10.1/update.shtml). When Openwrt boots, flash the sysupgrade image otherwise you won't be able to keep configuration between reboots. (Procedure tested on fw M33A8.V5030.190716 and M33A8.V5030.201204)
Restore OEM Firmware -------------------- Flash the firmware update available online directly from LUCI. You can download it from: https://www.wavlink.com/en_us/firmware/details/f2d247ecba.html Warning: Remember to not keep settings! Warning2: Remember to force the flash.
Notes ----- 1) Router mac addresses: LAN XX:XX:XX:XX:XX:63 (factory @ 0xe006) WAN XX:XX:XX:XX:XX:64 (factory @ 0xe000) WIFI 2G/5G XX:XX:XX:XX:XX:65 (factory @ 0x04) WIFI 5G XX:XX:XX:XX:XX:66 (factory @ 0x8004)
LABEL XX:XX:XX:XX:XX:65
In OEM firmware the DBDC wifi interfaces have these mac addresses: 2G) 82:XX:XX:XX:XX:65 5G) 80:XX:XX:XX:XX:65
While in OpenWrt the addresses are: 2G) 80:XX:XX:XX:XX:65 5G) 02:XX:XX:XX:XX:65
2) radio0 will show as 2G/5G interface but only 2G is really usable.
3) There is just one wifi led for all wifi interfaces. It currently shows only the radio0 GHz wifi activity.
4) My unit was shipped with M33A8.V5030.190716 firmware which contains the http://192.168.10.1/webcmd.shtml page. Entering "telnetd" in the input box it will start the telnet daemon. Now you can access the telnet console on port 2323 with these credentials: username: admin2860 password: admin
5) The M33A8.V5030.201204 firmware version, doesn't contain anymore the webcmd.shtml page. If your router is shipped with a previous firmware version and you want to back it up, you can follow the back up procedure of the WS-WN583A6.
This commit adds support for the TP-Link Deco M4R (it can also be M4, TP-Link uses both names) v1 and v2. It is similar hardware-wise to the Archer C6 v2. Software-wise it is very different. V2 has a bit different layout from V1 but the chips are the same and the OEM firmware is the same for both versions.
The device's bootloader only accepts images that are signed using TP-Link's RSA key, therefore this way of flashing is not possible. The device has a web GUI that should be accessible after setting up the device using the app (it requires the app to set it up first because the web GUI asks for the TP-Link account password) but for unknown reasons, the web GUI also refuses custom images.
There is a debug firmware image that has been shared on the device's OpenWrt forum thread that has telnet unlocked, which the bootloader will accept because it is signed. It can be used to transfer an OpenWrt image file over to the device and then be used with mtd to flash the device.
Pre-requisites:
- Debug firmware. - A way of transferring the file to the router, you can use an FTP server as an example. - Set a static IP of 192.168.0.2/255.255.255.0 on your computer. - OpenWrt image.
Installation:
- Unplug your router and turn it upside down. Using a long and thin object like a SIM unlock tool, press and hold the reset button on the router and replug it. Keep holding it until the LED flashes yellow. - Open 192.168.0.1. You should see the bootloader recovery's webpage. Choose the debug firmware that you downloaded and flash it. Wait until the router reboots (at this stage you can remove the static IP).
- Open a terminal window and connect to the router via telnet (the primary router should have a 192.168.0.1 IP address, secondary routers are different). - Transfer the file over to the router, you can use curl to download it from the internet (use the insecure flag and make sure your source accepts insecure downloads) or from an FTP server. - The router's default mtd partition scheme has kernel and rootfs separated. We can use dd to split the OpenWrt image file and flash it with mtd:
- Once the images are ready, you have to flash the device using mtd (make sure to flash the correct partitions or you may be left with a hard bricked router):
Installation instruction: 0. Make sure you have latest original firmware (3.7.11.4) 1. Connect to the Serial Port with a Serial Cable RJ45 to DB9/RS232 (9600,8N1) screen /dev/ttyUSB0 9600,cs8,-parenb,-cstopb,-hupcl,-crtscts,clocal 2. Configure your IP-Address to 192.168.1.42 3. When device boots hit spacebar 3. Configure the device for tftpboot setenv ipaddr 192.168.1.1 setenv serverip 192.168.1.42 saveenv 4. Reset the device reset 5. Hit again the spacebar 6. Now load the image via tftp: tftpboot 0x81000000 INITRAMFS.bin 7. Boot the image: bootm 0x81000000 8. Copy the squashfs-image to the device. 9. Do a sysupgrade.
https://openwrt.org/toh/netgear/wndap360
The device should be converted from kmod-owl-loader to nvmem-cells in the future. Nvmem cells were not working. Maybe ATH9K_PCI_NO_EEPROM is missing. That is why this commit is still using kmod-owl-loader. In the future the device tree may look like this:
uboot-mvebu: add patch to enable setexpr for clearfog boards
Option CMD_SETEXPR is already default in U-boot [1], since this was disabled since initial version for this board, there is send this patch to U-boot mailing list to enable it.
It is required to use in OpenWrt bootscript for these boards [2].
We don't need to make sure that we want to have enabled CONFIG_CMD_SETEXPR by default, since this is already done in U-boot [1]. This was actually needed only for clearfog board [2], which was added in commit: da0005a6d08ae33d958a6d8a6c0c12dc07b5b2b8 ("uboot-mvebu: add patch to enable setexpr for clearfog boards) and send to U-boot to fix it properly. After a while, there was added support for Turris Omnia, which uses setexpr as well [3], but for this board, there are no fixes needed in U-boot and that's why we can remove this option here.
It is helpful with shell scripting. If some downstream distributions are using it, they should correct it in defconfig for related boards.
e30ca260 Release mdadm-4.2 8c80d305 Monitor: print message before quit for no array to monitor ced5fa8b mdadm: block creation with long names b71de056 Correct checking if file descriptors are valid b2e4f084 Incremental: Close unclosed mdfd in IncrementalScan() 195d1d76 imsm: assert if there is migration but prev_map doesn't exist 75f3ba25 imsm: free allocated memory in imsm_fix_size_mismatch bce0eab3 Release mdadm-4.2-rc3 4389ce73 imsm: introduce helpers to manage file descriptors 8e1a258e mdadm/Detail: Can't show container name correctly when unpluging disks a35aa68f mdadm/lib: Define a new helper function is_dev_alived 1c66260d Fix 2 dc stream buffer d64a37b9 Assemble: apply sysfs rules 5f6dedfb Fix potential overlap dest buffer a0422106 disallow create or grow clustered bitmap with writemostly set cf16a350 Fix buffer size warning for strcpy 60815698 Refactor parse_num and use it to parse optarg. f7889e51 Fix error message when creating raid 4, 5 and 10 54604768 mdadm: fix coredump of mdadm --monitor -r feeb2785 Utils: Change sprintf to snprintf b8bbf264 Release mdadm-4.2-rc2 e6878148 Assemble: skip devices that don't match uuid instead of aborting the assembly. 0663137c Add monitor delay parameter to mdadm.conf 2b2c5668 tests: Avoid passing chunk size when creating RAID 1 7d374a18 Fix memory leak after "mdadm --detail" 92a647c8 Assemble: start dirty and degraded array. 1c275381 imsm: fix num_data_stripes after raid0 takeover 5b30a34a Add error handling for chunk size in RAID1 3a85bf0e imsm: Fix possible memory leaks and refactor freeing struct dl ccd61ebf mdadm: Fix building errors 601ffa78 Don't associate spares with other arrays during RAID Examine 8d69bf14 Remove Spare drives line from details for external metadata 7d8935cb imsm: correct offset for 4k disks in --examine output dca80fcd Use dev_open in validate geometry container f421731c mdadm/super1: It needs to specify int32 for bitmap_offset 1f5d54a0 Manage: Call validate_geometry when adding drive to external container 8662f92d imsm: Limit support to the lowest namespace fcebeb77 imsm: add devpath_to_char method 7c798f87 imsm: add generic method to resolve "device" links 0530e2e0 Prevent user from using --stop with ambiguous args 83b3de77 Fix some building errors ff904202 imsm: change wrong size verification c11b1c3c Release mdadm-4.2-rc1 aec01630 super-intel.c: Handle errors from calls to get_dev_sector_size() 78c93b00 mdadm: fix growing containers af3396da Monitor: make libudev dependency optional f94df5cf imsm: support for third Sata controller d835518b imsm: nvme multipath support 4036e7ee imsm: extend curr_migr_unit to u64 bdbe7f81 Grow: Block reshape when external metadata and write-intent bitmap 848d71c9 Create: Block automatic enabling bitmap for external metadata 19ad203e imsm: Update-subarray for write-intent bitmap dc95f821 Add "bitmap" to allowed command-line values 69d40de4 imsm: Adding a spare to an existing array with bitmap fbc42556 imsm: Write-intent bitmap support b554ab5c Enable bitmap support for external metadata b090e910 Modify mdstat parsing for volumes with the bitmap db537788 It should be FAILED when raid has not enough active disks c7b8547c imsm: add verbose flag to compare_super 49b69533 mdmonitor: check if udev has finished events processing 0d583954 Document PPL in man md 2f86fda3 imsm: use saved fds during migration f7a6246b super1.c: avoid useless sync when bitmap switches from clustered to none e6561c4d super1: fix Floating point exception 8818d4e7 Grow: be careful of corrupt dev_roles list 4ae96c80 mdadm: fix reshape from RAID5 to RAID6 with backup file 1fe2e100 mdadm/bitmap: locate bitmap calcuate bitmap position wrongly 75562b57 Dump: get stat from a wrong metadata file when restoring metadata 69068584 Incremental: Remove redundant spare movement logic a64f1263 udev: start grow service automatically b4a5ad49 Make target to install binaries only 9c030dad mdadm/Detail: show correct state for clustered array ff6bb131 mdadm: Unify forks behaviour a8f3cfd5 imsm: limit support to first NVMe namespace ca4b156b Monitor: don't use default modes when creating a file b65c1f4a imsm: remove redundant calls to imsm_get_map 895ffd99 imsm: update num_data_stripes according to dev_size ce559078 Create.c: close mdfd and generate uevent c3129b39 Detail: fix segfault during IMSM raid creation 97b51a2c Super1: allow RAID0 layout setting to be removed. 7f3b2d1d Check if other Monitor instance running before fork. cab9c67d mdmonitor: set small delay once 007087d0 Monitor: stop notifing about containers. e2308733 Monitor: refresh mdstat fd after select 2ce09172 Don't create bitmap for raid5 with journal disk 64bf4dff Detail: show correct raid level when the array is inactive 5f418455 manual: update --examine-badblocks 5e592e1e mdadm/md.4: update path to in-kernel-tree documentation 138a9e9b Specify nodes number when updating cluster nodes 77b72fa8 mdadm/Grow: prevent md's fd from being occupied during delayed time bcf40dbb Update link to Intel page for IMSM 8e41153c Use more secure HTTPS URLs 2cf04330 Detect too-small device: error rather than underflow/crash 7758ada9 Block overwriting existing links while manual assembly d92cee7b restripe: fix ignoring return value of ‘read’ and lseek 7d90f760 Include count for \0 character when using strncpy to implement strdup. f4c8a605 uuid.c: split uuid stuffs from util.c 03ab9763 Makefile: add EXTRAVERSION support 3b7aae92 mdcheck: Log when done 7b99edab Assemble.c: respect force flag. ec7d7cee clean up meaning of small typo 5cfb79de Assemble: print error message if mdadm fails assembling with --uuid option 12724c01 Manage, imsm: Write metadata before add 1c294b5d Detail: adding sync status for cluster device 185ec439 Monitor: improve check_one_sharer() for checking duplicated process e1b92ee0 udev: Ignore change event for imsm ba1b3bc8 imsm: show Subarray and Volume ID in --examine output e48aed3c imsm: support the Array Creation Time field in metadata 9e449405 Detail: show correct bitmap info for cluster raid device 06a6101c imsm: Correct minimal device size. 45c43276 imsm: Remove --dump/--restore implementation 3364781b imsm: pass subarray id to kill_subarray function fd38b8ea Remove the legacy whitespace 2551061c mdadm.8: add note information for raid0 growing operation 1e93d0d1 imsm: fill working_disks according to metadata. 42e641ab Add support for Tebibytes 4431efeb imsm: Update grow manual. e1512e7b mdcheck service can't start succesfully because of syntax error 1a874930 Change warning message aced6fc9 Respect $(CROSS_COMPILE) when $(CC) is the default 027c099f Assemble: add support for RAID0 layouts. 329dfc28 Create: add support for RAID0 layouts. 6da53c0e imsm: Change the way of printing nvme drives in detail-platform. b771faef imsm: return correct uuid for volume in detail 4b31846f Remove unused code 9cf361f8 Fix up a few formatting issues 02af3793 Remove last traces of HOT_ADD_DISK 1cc3965d Manage: Remove the legacy code for md driver prior to 0.90.03 761e3bd9 super-intel: don't mark structs 'packed' unnecessarily 85b83a79 SUSE-mdadm_env.sh: handle MDADM_CHECK_DURATION 4ca799c5 mdcheck: use ${} to pass variable to mdcheck 6636788a mdcheck: when mdcheck_start is enabled, enable mdcheck_continue too. 1a1ced1e imsm: allow to specify second volume size b6180160 imsm: save current_vol number 7bd59e79 udev: allow for udev attribute reading bug. 61109314 Don't need to check recovery after re-add when no I/O writes to raid 8063fd0f Init devlist as an array e53cb968 mdadm/md.4: add the descriptions for bitmap sysfs nodes 2c2d9c48 mdadm: force a uuid swap on big endian 43ebc910 mdadm: Introduce new array state 'broken' for raid0/linear fd5b09c9 mdadm: check value returned by snprintf against errors 91c97c54 imsm: close removed drive fd. 1a52f1fc udev: add --no-devices option for calling 'mdadm --detail' d11abe4b mdadm: add --no-devices to avoid component devices detail information 452dc4d1 mdadm.h: include sysmacros.h unconditionally b0681598 mdadm: load default sysfs attributes after assemblation 486720e0 super-intel: Use put_unaligned in split_ull 7039d1f8 mdadm.h: Introduced unaligned {get,put}_unaligned{16,32}() a4f7290c super-intel: Fix issue with abs() being irrelevant 4ec389e3 Enable probe_roms to scan more than 6 roms. ae7d61e3 mdmon: fix wrong array state when disk fails during mdmon startup 3c9b46cf udev: Add udev rules to create by-partuuid for md device 22dc741f Create: Block rounding size to max 05501181 imsm: fix spare activation for old matrix arrays 227aeaa8 add missing units to --examine 2b57e4fe Assemble: Fix starting array with initial reshape checkpoint d2e11da4 mdmon: wait for previous mdmon to exit during takeover 69d08478 mdmon: don't attempt to manage new arrays when terminating 76b906d2 mdadm/tests: add one test case for failfast of raid1 cab114c5 Fix reshape for decreasing data offset e3615ecb Detail.c: do not skip first character when calling xstrdup in Detail() ebf3be99 Fix spelling typos. 9f421827 imsm: fix reshape for >2TB drives a4e96fd8 imsm: finish recovery when drive with rebuild fails 757e5543 policy.c: Fix for compiler error 467e6a1b policy.c: prevent NULL pointer referencing 76d505de Grow: report correct new chunk size. 085df422 Grow: avoid overflow in compute_backup_blocks() 563ac108 Assemble: mask FAILFAST and WRITEMOSTLY flags when finding the most recent device d7a1fda2 imsm: update metadata correctly while raid10 double degradation 7cd7e91a Monitor: add system timer to run --oneshot periodically 4199d3c6 mdcheck: add systemd unit files to run mdcheck. cd72f9d1 policy: support devices with multiple paths. 6b611284 Document PART-POLICY lines 0833f9c3 Assemble: keep MD_DISK_FAILFAST and MD_DISK_WRITEMOSTLY flag
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: ab4eafb)
ramips: zbt-wg2626: Add the reset gpio for PCIe port 1
The 2.4GHz interface doesn't come up properly with the log showing:
mt7621-pci 1e140000.pcie: pcie1 no card, disable it (RST & CLK)
As seen on other MT7621 boards this is caused by a missing reset GPIO. The MT7621 dtsi set GPIO 19 as PCIe reset GPIO, which on this board reset the 5GHz interface on port 0. Add GPIO 8 to the PCIe reset GPIO list to also reset the 2.4GHz interface on port 1.
Signed-off-by: Alban Bedel <albeu@free.fr> (commit: f953a1a)
Add 5.15 kernel as a testing kernel version in the Makefile.
Linksys EA6350v3/EA8300/MR8300 will not build with buildbot settings and should be disabled when the target is switched, unless the image size is reduced again.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> Reviewed-by: Robert Marko <robert.marko@sartura.hr> [add comment for increased kernel size] Signed-off-by: Sungbo Eo <mans0n@gorani.run> (commit: 17b7756)
this adds the new dts-binding "mediatek,led_source" currently for MT7628AN and MT7688 built-in switches, which is documented as a 3-bit field configuring the switch LEDs for various control schemes from 0 to 3.
Normally this is not needed, but e.g. for Asus RT-AC1200-V2 it is a must to set it to the anyway undocumented value of 4, to have the switch LEDs react correctly on link/act events. This is an MT7628DAN device, but I doubt this is a speciality of this particular SoC.
Also added the RT305X_ESW_LED_OFF value to LED states. Did also rename the register RT5350_EWS_REG_LED_POLARITY to RT5350_EWS_REG_LED_CONTROL, which is the correct name. Also making use of defines for some hardcoded values.
Commit ecbcc0b59551 bricks devices on which the raw kernel and UBI mtd partitions overlap.
This is the case of the ZyXEL NR7101 for example. Its OEM bootloader has no UBI support. OpenWrt splits the stock kernel mtd partition into a raw kernel part used by the bootloader and a UBI part used to store rootfs and rootfs_data. Running mtd erase on the complete partition during sysupgrade erases the UBI part and results in a soft brick.
Arguably the best solution would be to fix the partition layouts so that kernel and UBI partitions do not overlap, also including a stock_kernel partition to help reverting to stock firmware. This would have the added benefit of protecting UBI from kernel images that are excessively large.
ipq40xx: fix BDF file for pcie wifi chip on the GL.Inet GL-B2200
After the switch to pre-calibration, ath10k would fail to initialize the PCIE Wi-Fi on the GL-B200 as follows:
ath10k_pci 0000:01:00.0: enabling device (0140 -> 0142) ath10k_pci 0000:01:00.0: qca9888 hw2.0 target 0x01000000 chip_id 0x00000000 sub 0000:0000 [...] ath10k_pci 0000:01:00.0: failed to fetch board data for bus=pci,bmi-chip-id=0,bmi-board-id=16,variant=GL-B2200 from ath10k/QCA9888/hw2.0/board-2.bin ath10k_pci 0000:01:00.0: failed to fetch board-2.bin or board.bin from ath10k/QCA9888/hw2.0 ath10k_pci 0000:01:00.0: failed to fetch board file: -12 ath10k_pci 0000:01:00.0: could not probe fw (-12)
Repackage the BDF file after renaming relevant fields and files to allow for the Wi-Fi interface to start again.
Fixes: 80d34d9d593 ("ipq40xx: document pcie wifi chip on the GL.Inet GL-B2200") CC: Christian Lamparter <chunkeey@gmail.com> CC: Robert Marko <robimarko@gmail.com> Reviewed-by: Robert Marko <robert.marko@sartura.hr> Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com> (commit: e3f9af4)
try to clean up some labeling inconsistencies iwinfo loose ends ucode loose ends Makefile: adjust mintesttgt (adds blockmount/blockd) nftables: reads inherited netifd pipe ucode: reads inherited netifd pipes mountroot: fowner sandbox: writes inherited dropbear pipes unbound related to /tmp/etc/ssl unbound loose ends adds a sslconftmpfile for /tmp/etc/ssl README: maintain a wish list in the README iwinfo: netifd forgot write gptfdisk loose ends iwinfo: netifd wpad reads/writes inherited netifd fifo files netifd (mac80211.sh) executes iwinfo luci: executes wireguard luci-cgi: audits xtables execute access rcuhttpd: lists ssl certfile dirs iwinfo, wifi,nftables usage of ttyd pty if available urandomseed: seedrng needs cap_sys_admin iwinfo iwinfo, nftables and some chronyd rules related to ntp nts server nftables, wifi and adds iwinfo skel nftables, rpcd, ucode nftables, ucode and seedrng ucode, fw3/nftables, luci adds ucode skel and some fw3/nftables related urandomseed: some seedrng rules fw3 adds some support for fw4 urandomseed: /etc/seedrng is for seed.credit hotplugcal: runs ucode which is interpreter like adds a nftables skeleton and makes xtables optional agent: allow all agents to write inherited dropbear pipes urandomseed: this seems to be replaced by seedrng kmodloader: label /etc/modules.conf kmodloader.conffile Revert "shelexecfile: remove auditallow rule" Makefile: sort the modules to process by secilc Moves back to git.defensec.nl unbound odhcpd (ip) reads net proc tcp dump shelexecfile: remove auditallow rule rrd.cil: fixes indent Target rddtool from cgi-io instead of runnit it without transition rrd.cil related rrd, rpcd, cgiio clean ups related to luci-app-statistics Rules for rrd files and luci-statistics unboundcontrol ordering Several missing permissions blockmount, dnsmasq, hotplugcall, rpcd, unbound adds mctp_socket (linux 5.15) ip: forgot tc-tiny type transition to go along with the fc spec ip: adds a fc spec for tc-tiny (called by sqm) adds ttyACM fc spec and various assorted loose ends .gitattributes: do not export the github workflows workflow use selinux 3.3
project moved back to https://git.defensec.nl/selinux-policy.git
Remove forgotten redundant selinuxenabled call and skip the whole thing in case $IPKG_INSTROOT is set as labels are anyway applied only later on in fakeroot when squashfs is created.
Fixes: 6d7272852e ("base-files: add missing $IPKG_INSTROOT to restorecon call") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 7b07c3c)
Right now, both ltq-adsl-mei and ltq-vdsl-mei are always built, even when they aren't necessary for the selected variant. This can cause the build to fail, for example ltq-vdsl-mei doesn't build successfully here on xway target due to the vectoring callback.
Make these dependencies conditional on the specific package variants, so they are only built when actually needed.
Signed-off-by: Jan Hoffmann <jan@3e8.eu> Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> (commit: 2f484ae)
The driver maintains elapsed times by repeatedly accumulating the time since the previous update in a loop. For the elapsed showtime time, the time difference is truncated to seconds before adding it, leading to a sizable error over time.
Move the truncation to before calculation of the time difference in order to remove this error. Also maintain the total elapsed time in the same way in full seconds, to prevent the unsigned 32-bit counter from wrapping around after about 50 days.
Testing on a VR9 device shows that the reported line uptime now matches the actual elapsed wall time. The ADSL variant is only compile-tested, but it should also work as the relevant code is identical.
Signed-off-by: Jan Hoffmann <jan@3e8.eu> Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> (commit: db4bf4b)
Stop the connection when the control daemon is terminated. The code is a modified version of the termination routine in version 4.23.1 of the daemon (which doesn't support VR9 modems anymore).
This could also be implemented by calling the acos and acs commands via dsl_cpe_pipe.sh in the init script. However, doing it in the daemon itself has the advantage of also working if it is terminated in another way (for example during sysupgrade).
Signed-off-by: Jan Hoffmann <jan@3e8.eu> Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> (commit: 1daaef3)
firewall: config: remove restictions on DHCPv6 allow rule
Remove restrictions on source and destination addresses, which aren't specified on RFC8415, and for some reason in openwrt are configured to allow both link-local and ULA addresses. As cleared out in issue #5066 there are some ISPs that use Gloabal Unicast addresses, so fix this rule to allow them.
packages: nvram: add NVRAM quirks for bcm53xx target
Add NVRAM quirks script for the bcm53xx target. Split NVRAM quirks for the bcm47xx and bcm53xx targets. Move clear partialboot NVRAM quirk for Linksys EA9500 here. Add set wireless LED behaviour quirk for Asus RT-AC88U.
Use boot() instead of start() as nvram commands are meant to be executed only once, at boot.
Ethernet ports: 1x WAN: connected to eth2 4x LAN: connected via the switch to eth0 and eth1 (eth0 is disabled in OEM firmware)
MAC addresses (OEM and OpenWrt): fw_env @ 0x00 d4:ab:82:??:??:?a LAN (eth1) fw_env @ 0x06 d4:ab:82:??:??:?b WAN (eth2) fw_env @ 0x0c d4:ab:82:??:??:?c WLAN 2.4 GHz (ath1) fw_env @ 0x12 d4:ab:82:??:??:?d WLAN 5 GHz (ath0) fw_env @ 0x18 d4:ab:82:??:??:?e OEM usage unknown (eth0 in OpenWrt)
OID d4:ab:82 is registered to: ARRIS Group, Inc., 6450 Sequence Drive, San Diego CA 92121, US
More info: https://openwrt.org/inbox/toh/arris/tr4400_v2
IMPORTANT:
This port requires moving the 'fw_env' partition prior to first boot to consolidate 70% of the usable space in flash into a contiguous partition. 'fw_env' contains factory-programmed MAC addresses, SSIDs, and passwords. Its contents must be copied to 'rootfs_1' prior to booting via initramfs. Note that the stock 'fw_env' partition will be wiped during sysupgrade.
A writable 'stock_fw_env' partition pointing to the old, stock location is included in the port to help rolling back this change if desired.
Installation:
- Requires serial access and a TFTP server. - Fully boot stock, press ENTER, type in: mtd erase /dev/mtd21 dd if=/dev/mtd22 bs=128K count=1 | mtd write - /dev/mtd21 umount /config && ubidetach -m 23 && mtd erase /dev/mtd23 - Reboot and interrupt U-Boot by pressing a key, type in: set mtdids 'nand0=nand0' set mtdparts 'mtdparts=nand0:155M@0x6500000(mtd_ubi)' set bootcmd 'ubi part mtd_ubi && ubi read 0x44000000 kernel && bootm' env save - Setup TFTP server serving initramfs image as 'recovery.bin', type in: set ipaddr 192.168.1.1 set serverip 192.168.1.2 tftpboot recovery.bin && bootm - Use sysupgrade to install squashfs image.
This port is based on work done by AmadeusGhost <amadeus@jmu.edu.cn>.
Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com> [add 5.15 changes for 0069-arm-boot-add-dts-files.patch] Signed-off-by: Sungbo Eo <mans0n@gorani.run> (commit: f8b0010)
According wiki https://docs.gl-inet.com/en/2/hardware/mt300n-v2/ GL-MT300N-V2 have I2C interface on GPIO4, GPIO5. Adding I2C in device tree make possible using I2C on this device.
Also apply commit ab7e53e5cce7 ("ipq40xx: 5.10: fix ar40xx driver") to 5.15 driver.
The commit fixes the data corruption on TX packets. Packets are transmitted, but their contents are replaced with zeros. This error is caused by the lack of guard (50 ms) intervals between calibration phases. This error is treated by adding mdelay(50) to the calibration function code. In the original qca-ssda code, these mdelays were existing, but in the ar41xx.c they are gone.
Fixes: 87318eb17936 ("ipq40xx: 5:15: copy config and patch from 5.10")
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 1526cce)
Commit f4fb63d2ab4f ("ipq40xx: 5.10: move AR40xx to MDIO drivers") moved the ar40xx driver files to kernel version specific directories to place them in different subdirectory in kernel tree. But now kernel 5.4 is gone and there is no reason to keep them separate. Move them back to common files/ directory.
Signed-off-by: Sungbo Eo <mans0n@gorani.run> (commit: cb1dc49)
the Intel i6300esb is QEMU's default watchdog. And unlike the real "Intel i6300ESB I/O Controller hub" hardware, the i6300esb watchdog driver works on non-x86 targets like for ARM (armvirt 32bit) and potentially virtual PowerPC and MIPS targets (if there was any).
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: cb203ad)
armvirt: 64: enable driver for QEMU' supported watchdog
QEMU can emulate several watchdogs: aspeed SoC, i6300esb, ib700wdt, imx2, cmsdk-apb and sbsa_gwdt.
Out of these, the ARM SBSA Generic Watchdog (sbsa_gwdt) makes the most sense for the armvirt' 64 target. Both imx2 and aspeed are guarded by special vendor specific CONFIG_ in the upstream kernel.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: afcb6b1)
Grommish reported the dreaded build error that happend with 5.4 since the kernel didn't have the cgpio v2 interface. His reason for the removed 5.4 was that the octeon target had a memory leak issue, so he had to backport the removed 5.4 kernel for his tests.
Chen Minqiang chimed in and noted that no matter what (i.e. @TARGET_x86 in depends) didn't prevent the package from being build on other targets.
From what I can tell, the reason for this was that +nu801 meant that kmod-meraki-mx100 pulled in an unconditional dependency as part of to the kernel build.
change this by making the dependency conditional on the meraki-mx100 module itself. Note that the nu801 enables/sets the KCONFIG for the cgpio v2 interface itself, since the userspace program and not the kernel meraki-mx100 relies on it.
This patch copies over refreshed config and patches from 5.10 with the following changes:
- dropped superfluous tc654/tc655 variant detection patch (tc654 support will become available upstream starting with 5.17-rc7+).
- dropped xhci msi(x) workaround... as the broken MSI(X) is now gone.
- dropped dwc2 workaround since the driver was fixed and it works without it.
Please note: Netgear WNDAP660 & WNDAP620 users:
Due to the kernel's size increase, uboot will likely break because it is overwrite the kernel during decompression.
To fix this (and debrick affected devices, no reflash necessary), attach the RJ45-Serial-Console cable and enter the following in the uboot prompt during bootup:
setenv kernel_addr_r 1100000 saveenv run bootcmd
to restore the old/previous behavior:
setenv kernel_addr_r 600000 saveenv run bootcmd
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: b2c9c4d)
The ZyXEL GS1900-16 is a 16 port gigabit switch similar to other GS1900 switches.
Specifications -------------- * Device: ZyXEL GS1900-16 * SoC: Realtek RTL8382M 500 MHz MIPS 4KEc * Flash: 16 MiB Macronix MX25L12835F * RAM: 128 MiB DDR2 SDRAM Nanya NT5TU128M8HE * Ethernet: 16x 10/100/1000 Mbps * LEDs: 1 PWR LED (green, not configurable) 1 SYS LED (green, configurable) 16 ethernet port link/activity LEDs (green, SoC controlled) * Buttons: 1 "RESET" button on front panel * Power 120-240V AC C13 * UART: 1 serial header (J12) with populated standard pin connector on the right back of the PCB. Pinout (front to back): + Pin 1 - VCC marked with white dot + Pin 2 - RX + Pin 3 - TX + PIn 4 - GND
Serial connection parameters: 115200 8N1.
Installation ------------
OEM upgrade method:
* Log in to OEM management web interface * Navigate to Maintenance > Firmware * Select the HTTP radio button * Select the Active radio button * Use the browse button to locate the realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin file amd select open so File Path is update with filename. * Select the Apply button. Screen will display "Prepare for firmware upgrade ...". *Wait until screen shows "Do you really want to reboot?" then select the OK button * Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it: > sysupgrade -n /tmp/realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin it may be necessary to restart the network (/etc/init.d/network restart) on the running initramfs image.
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10). * Set up a TFTP server on your client and make it serve the initramfs image. * Connect serial, power up the switch, interrupt U-boot by hitting the space bar, and enable the network: > rtk network on * Since the GS1900-16 is a dual-partition device, you want to keep the OEM firmware on the backup partition for the time being. OpenWrt can only boot from the first partition anyway (hardcoded in the DTS). To make sure we are manipulating the first partition, issue the following commands: > setsys bootpartition 0 > savesys * Download the image onto the device and boot from it: > tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-16-initramfs-kernel.bin > bootm * Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it: > sysupgrade -n /tmp/openwrt-realtek-generic-zyxel_gs1900-16-squashfs-sysupgrade.bin it may be necessary to restart the network (/etc/init.d/network restart) on the running initramfs image.
SoC: MediaTek MT7621 RAM: 256 MB Flash: 32 MB WiFi: MediaTek MT7915E Switch: 1 WAN, 4 LAN (Gigabit) Ports: 1 USB 3.0 Buttons: Reset, WPS LEDs: Power, System, Wan, Lan 1-4, WiFi 2.4G, WiFi 5G, WPS, USB Power: DC 12V 1A tip positive Installation:
Download and flash the manufacturer's built OpenWRT image available at http://www.cudytech.com/openwrt_software_download Install the new OpenWRT image via luci (System -> Backup/Flash firmware) Be sure to NOT keep settings. The force upgrade may need to be checked due to differences in router naming conventions.
Recovery:
Loads only signed manufacture firmware due to bootloader RSA verification serve tftp-recovery image as /recovery.bin on 192.168.1.88/24 connect to any lan ethernet port power on the device while holding the reset button wait at least 8 seconds before releasing reset button for image to download
Do not reset the RTL930x SerDes on link changes, instead set up the SDS with internal PHYs for the SFP+ ports only. This fixes the 8 1GBit ports on the Zyxel XGS1250 which do not work without this patch.
A complete SerDes reset was performed on all SerDes links. For copper 1Gbit ports, this is commonly a single XGMII link to an RTL8218D. There is however no support for setting up the XGMII link on RTL9300/RTL9310, thereby wiping the (RX/TX) setup done by u-boot and breaking the 1GBit ports. No SerDes reset should be done for these links.
The handling of SGMII/HiSGMII, 1000BX or 10GR links is actually entirely different. All these modes need to be suitably RX calibrated and the pre- main and post- amplifiers set up properly for TX.
The 10GBit SFP+ fiber links are recalibrated instead of reset, which e.g. is necessary when someone pulls a module out and puts another in. This makes swapping out 10GBit fiber modules possible. 1GBit modules are not yet supported, nor any modules with an internal phy.
None of the devices supported by target xway are using Realtek RTL8366S, RTL8367A and RTL8367B switches. The switches mentioned earlier were enabled when bumping the kernel version to 3.7 in commit 3a948770cf46 ("add linux-v3.7").
Switches used by individual devices are listed below.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> (checkpatch.pl fixes) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 8b5d2a7)
ipq40xx: Lyra: update RGB LED-Controller node for 5.10+
Add the reg and color property to each channel node. This update is to accommodate the multicolor framework.
Refer to: <https://lore.kernel.org/all/20200622185919.2131-9-dmurphy@ti.com> <https://lore.kernel.org/all/20210818070209.1540451-1-michal.vokac@ysoft.com>
Note:
There is only a single extremely bright RGB-LED. The RGB-color channels (i.e.: blue-0, blue-1 and blue-2) are running in parallel to increase the current delivery beyond what a single PWM-output on the LED controller could do.
BugLink: https://github.com/openwrt/openwrt/issues/9851 Reported-By: Thomas Bøge <thomas@boegenielsen.dk> Tested-By: Thomas Bøge <thomas@boegenielsen.dk> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 834c9b3)
All Freescale processors used in this target are capable to detect error and correction. [1] It can not be used as kernel module. [2] This is helpful to report hardware errors.
It enables three kernel options:
- EDAC, which is a subsystem - EDAC_LEGACY_SYSFS, it enables sysfq nodes - MP85XX, support for Freescale MPC8349, MPC8560, MPC8540, MPC8548, T4240
EDAC is already enabled for following targets: qoriq, octeon, octeontx and zynq.
f2d6752901f2 blob: clear buf->head when freeing a buffer 45210ce14136 list.h: add container_of_safe macro cfa372ff8aed blobmsg: implicitly reserve space for 0-terminator in string buf alloc d2223ef9da71 blobmsg: work around false positive gcc -Warray-bounds warnings
Signed-off-by: Felix Fietkau <nbd@nbd.name> (commit: 3e300e7)
On GL-AR300M Series GPIO17 described as I2C SDA in Device Tree. Because of GPIO_OUT_FUNCTION4 register was not initialized on start, GPIO17 was uncontrollable, it always in high state. According to QCA9531 documentation, default setting of GPIO17 is SYS_RST_L. In order to make GPIO17 controllable, it should write value 0x00 on bits [15:8] of GPIO_OUT_FUNCTION4 register, located at 0x1804003C address.
ZTE MF286A and MF286R feature a "power switch override" GPIO in stock firmware as means to prevent power interruption during firmware update, especially when used with internal battery. To ensure that this GPIO is properly driven as in stock firmware, configure it with userspace GPIO switch.
It was observed that on some units, the modem would not be restarted together with the board itself on reboot, this should help with that as well.
IPQ4019: AVM FRITZ!Box 7530: Remove NAND ECC restrictions from DTS
Some revisions of the FRITZ!7530 use a Toshiba NAND with 8 bit ECC in contrast to the Macronix NAND with 4 bit ECC. This removes the hardcoded ECC strength and step size as set in qcom-ipq4019.dtsi, thus relying on the kernel NAND detection routines to correclty set up the ECC parameters.
Signed-off-by: Andreas Böhler <dev@aboehler.at> (commit: f167f4a)
This is mostly a bug fix release, including two that were already patched here: - 300-fix-SSL_get_verify_result-regression.patch - 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (commit: 73c1fe2)
The SERCOMM NA502s is a smart home gateway manufactured by SERCOMM and sold under different brands (among others, A1 Telekom Austria SmartHome Premium Gateway). It has multi-protocol radio support in addition to LAN and WiFi.
LAN MAC is read from the config partition, WiFi 2.4GHz is LAN+2 and matches the OEM firmware. WiFi 5GHz with LAN+1 is an educated guess since the OEM firmware does not enable 5GHz WiFi.
Installation ------------ Attach serial console, then boot the initramfs image via TFTP. Once inside OpenWrt, run sysupgrade -n with the sysupgrade file.
Attention: The device has a dual-firmware design. We overwrite kernel2, since kernel1 contains an automatic recovery image.
If you get NAND ECC errors and are stuck with bad eraseblocks, try to erase the mtd partition first with
mtd unlock ubi mtd erase ubi
This should only be needed once.
Signed-off-by: Andreas Böhler <dev@aboehler.at> (commit: 9ee6ac0)
This is enabled upstream for bcm2709, bcm2710 and bcm2711. https://github.com/raspberrypi/linux/blob/dff79e31c3b05a50f725442c1fc19a6194491523/arch/arm/configs/bcm2709_defconfig#L51 https://github.com/raspberrypi/linux/blob/dff79e31c3b05a50f725442c1fc19a6194491523/arch/arm/configs/bcm2711_defconfig#L51
When KERNEL_PERF_EVENTS is enabled in OpenWrt, the RPI_AXIPERF symbol is exposed. Add a build option for it to fix build failures with KERNEL_PERF_EVENTS enabled.
Fixes: 20ea6adbf199 ("bcm27xx: add support for linux v5.15") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (commit: efd9463)
The upcoming dwarves host package requires elfutils. As dependencies for tools must exist in tools, we need to move elfutils host build there.
As there is at least one package that depends on this, and there is no proper way to create such dependency in the build system, build it unconditionally when not building on macOS.
According to the GNU make manual, specifying library paths should be done in LDFLAGS rather than LDLIBS. Replace KBUILD_HOSTLDLIBS with KBUILD_HOSTLDFLAGS to pass the host lib directory.
dwarves is a set of tools that use the debugging information inserted in ELF binaries by compilers such as GCC. Utilities in the dwarves suite include pahole, which can be used to find alignment holes in structs and classes, and also extracts other information such as CPU cacheline alignment, helping pack those structures to achieve more cache hits.
These tools are also used to encode and read the BTF type information format used with the bpf syscall, making this a Linux build dependency when using kernel BTF information.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [bump to 1.23, add elfutils dep, drop host lib usage, drop cmake release target, use RM macro] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (commit: 02850d7)
We currently enable DEBUG_INFO_REDUCED for all targets via the generic kernel config. There is only one subtarget, layerscape/armv8_64b, that overrides this setting. As there is no explanation for this in the commit message that introduced this, and question to its author went unanswered, let's simply drop this symbol from the subtarget config. This way, we have consistency across the tree, and we do not have to introduce a special case when moving this symbol to an OpenWrt kernel config option.
Add DEBUG_INFO_REDUCED as a kernel config option and remove it from the kernel configs. This is in preparation of the upcoming option to enable BTF typeinfo, which is incompatible with DEBUG_INFO_REDUCED.
Generate BTF (BPF Type Format) information from DWARF debug info. This is embedded in the kernel and exported via sysfs as /sys/kernel/btf/vmlinux. BTF data enhances kernel portability and introspection for BPF programs.
Selecting this also enables the dwarves host package which provides the pahole tool used for BTF encoding.
Test using: "bpftool btf dump file /sys/kernel/btf/vmlinux format c"
This needs to depend on KERNEL_DEBUG_INFO_REDUCED not being set, otherwise we can enable both KERNEL_DEBUG_INFO_BTF and KERNEL_DEBUG_INFO_REDUCED, which will result in undefined behaviour.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [split DEBUG_INFO_REDUCED into separate commit, add dependency] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (commit: 531e039)
config: limit CONFIG_DEBUG_INFO to top-level generic configs
Remove redundant target-level entries, noting that these settings will be configured from "Kernel build options" of Kconfig.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [remove from new configs introduced after patch submission] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (commit: 76fae1d)
This is required to use BPF maps of type BPF_MAP_TYPE_PERF_EVENT_ARRAY for sending data from BPF programs to user-space for post-processing or logging.
Building all of the components results in strip being installed in staging_dir/host/bin. This strip binary will take precedence over binutils strip that is installed in the toolchain directory.
This will not work on host systems that do not have libdw installed, as we do not set HOST_LDFLAGS to override rpath to staging_dir/host/lib. However, rather than overriding rpath, we should just avoid using elfutils strip entirely.
Override the SUBDIRS variable in the Makefile to only build and install the libraries we require for dwarves and frr.
Fixes the following build failure in toolchain/gdb: strip: error while loading shared libraries: libdw.so.1: cannot open shared object file: No such file or directory
mac80211: ath10k: backport bus and device specific API 1 BDF selection
Some ath10k IPQ40xx devices like the MikroTik hAP ac2 and ac3 require the BDF-s to be extracted from the device storage instead of shipping packaged API 2 BDF-s.
This is required as MikroTik has started shipping boards that require BDF-s to be updated, as otherwise their WLAN performance really suffers. This is however impossible as the devices that require this are release under the same revision and its not possible to differentiate them from devices using the older BDF-s.
In OpenWrt we are extracting the calibration data during runtime and we are able to extract the BDF-s in the same manner, however we cannot package the BDF-s to API 2 format on the fly and can only use API 1 to provide BDF-s on the fly. This is an issue as the ath10k driver explicitly looks only for the board.bin file and not for something like board-bus-device.bin like it does for pre-cal data. Due to this we have no way of providing correct BDF-s on the fly, so lets extend the ath10k driver to first look for BDF-s in the board-bus-device.bin format, for example: board-ahb-a800000.wifi.bin If that fails, look for the default board file name as defined previously.
So, backport the upstream ath10k patch.
Signed-off-by: Robert Marko <robimarko@gmail.com> (commit: 3daf2d4)
Since we now can pass the API 1 BDF-s aka board.bin to the ath10k driver per radio lets use that to provide the BDF-s for MikroTik devices.
This also resolves the performance issues that happen as MikroTik changes the boards and ships them under the same revision but they actually ship with and require a different BDF.
Signed-off-by: Robert Marko <robimarko@gmail.com> (commit: 4d4462c)
ipq-wifi: remove packaged BDF-s for MikroTik devices
Since we now provide the BDF-s for MikroTik IPQ40xx devices on the fly, there is noneed to include package and ship them like we do now.
This also resolves the performance issues that happen as MikroTik changes the boards and ships them under the same revision but they actually ship with and require a different BDF.
Signed-off-by: Robert Marko <robimarko@gmail.com> (commit: ab141a6)
ipq40xx: mikrotik: dont include ath10k-board-qca4019 by default
Since MikroTik subtarget now uses dynamic BDF loading its crucial that it doesnt include the board-2.bin at all which is provided by the ath10k-board-qca4019 package.
So to resolve this dont include the ath10k-board-qca4019 package on the MikroTik subtarget.
Signed-off-by: Robert Marko <robimarko@gmail.com> (commit: 5eee67a)
- Use the same order for /etc/board.d/02_network and /lib/preinit/05_set_preinit_iface_brcm2708. - Add missing RPi 400 and CM4 to /lib/preinit/05_set_preinit_iface_brcm2708.
c22eeef fw4: support negative CIDR bit notation 628d791 hotplug: reliably handle interfaces with ubus zone hints d005293 fw4: store zone associations from ubus in statefile as well b268225 fw4: filter non hw-offload capable devices when resolving lower devices 57984e0 fw4: always resolve lower flowtable devices 7782017 tests: fix mocked `fd.read("line")` api 72b196d config: remove restictions on DHCPv6 allow rule f0cc317 fw4: refactor family selection for forwarding rules b0b8122 treewide: use modern syntax 05995f1 fw4: fix emitting device jump rules for family restricted zones b479815 fw4: fix family auto-selection for config nat rules 2816a82 ruleset: ensure that family-agnostic ICMP rules cover ICMPv6 as well 2379c3d tests: add test coverage for zone family selection logic
ath79: add support for MikroTik RouterBOARD hAP ac lite
The MikroTik RB952Ui-5ac2nD (sold as hAP ac lite) is an indoor 2.4Ghz and 5GHz AP/router with a 2 dBi integrated antenna.
See https://mikrotik.com/product/RB952Ui-5ac2nD for more details.
Specifications: - SoC: QCA9533 - RAM: 64MB - Storage: 16MB NOR - Wireless: QCA9533 802.11b/g/n 2x2 / QCA9887 802.11a/n/ac 2x2 - Ethernet: AR934X switch, 5x 10/100 ports, 10-28 V passive PoE in port 1, 500 mA PoE out on port 5 - 6 user-controllable LEDs: - 1x user (green) - 5x port status (green)
Flashing: TFTP boot initramfs image and then perform sysupgrade. The "Internet" port (port number 1) must be used to upload the TFTP image, then connect to any other port to access the OpenWRT system. Follow common MikroTik procedure as in https://openwrt.org/toh/mikrotik/common.
The MikroTik hAP (product code RB951Ui-2nD) is an indoor 2.4Ghz AP with a 2 dBi integrated antenna built around the Atheros QCA9531 SoC.
Specifications: - SoC: Atheros QCA9531 - RAM: 64 MB - Storage: 16 MB NOR - Winbond 25Q128FVSG - Wireless: Atheros QCA9530 (SoC) 802.11b/g/n 2x2 - Ethernet: Atheros AR934X switch, 5x 10/100 ports, 10-28 V passive PoE in port 1, 500 mA PoE out on port 5 - 8 user-controllable LEDs: · 1x power (green) · 1x user (green) · 4x LAN status (green) · 1x WAN status (green) · 1x PoE power status (red)
See https://mikrotik.com/product/RB951Ui-2nD for more details.
Notes: The device was already supported in the ar71xx target.
Flashing: TFTP boot initramfs image and then perform sysupgrade. Follow common MikroTik procedure as in https://openwrt.org/toh/mikrotik/common.
Signed-off-by: Maciej Krüger <mkg20001@gmail.com> (commit: 5ce64e0)
Ubiquiti NanoBeam M5 devices are CPE equipment for customer locations with one Ethernet port and a 5 GHz 300Mbps wireless interface.
Specificatons:
- Atheros AR9342 - 535 MHz CPU - 64 MB RAM - 8 MB Flash - 1x 10/100 Mbps Ethernet with passive PoE input (24 V) - 6 LEDs of which four are rssi - 1 reset button - UART (4-pin) header on PCB
Notes:
The device was supported by OpenWrt in ar71xx.
Flash instructions (web/ssh/tftp):
Loading the image via ssh vias a stock firmware prior "AirOS 5.6". Downgrading stock is possible.
* Flashing is possible via AirOS software update page: The "factory" ROM image is recognized as non-native and then installed correctly. AirOS warns to better be familiar with the recovery procedure.
* Flashing can be done via ssh, which is becoming difficult due to legacy keyexchange methods.
This is an exempary ssh-config: KexAlgorithms +diffie-hellman-group1-sha1 HostKeyAlgorithms ssh-rsa PubkeyAcceptedKeyTypes ssh-rsa User ubnt
The password is ubnt.
Connecting via IPv6 link local worked best for me.
1. scp the factory image to /tmp 2. fwupdate.real -m /tmp/firmware_image_file.bin -d
* Alternatively tftp is possible:
1. Configure PC with static IP 192.168.1.2/24. 2. Enter the rescue mode. Power off the device, push the reset button on the device (or the PoE) and keep it pressed. Power on the device, while still pushing the reset button. 3. When all the leds blink at the same time, release the reset button. 4. Upload the firmware image file via TFTP:
tftp 192.168.1.20 tftp> bin tftp> trace Packet tracing on. tftp> put firmware_image.bin
Update the name of for the Ubiquiti NanoBeam M5 to match the auto-generated one at runtime. Otherwise sysupgrade complains about mismatching device names.
86ca9c6 devstatus: prints to terminal 95de949 deal with /rom/dev/console label inconsistencies ab6b6ee uci: hack to deal with potentially mislabeled char files acf9172 dnsmasq this can't be right 021db5b luci-app-tinyproxy cf3a9c4 support/secmark: removes duplicate loopback rules eeb2610 dhcp servers: recv dhcp client packets d5a5fc3 more support/secmark "fixes" 35d8604 update support secmark 4c155c0 packets these were caused by labeling issues with loopback fad35a5 nftables reads routing table f9c5a04 umurmur: kill an mumur instance that does not run as root 10a10c6 mmc stordev make this consistent ab3ec5b Makefile: sort with LC_ALL=C b34eaa5 fwenv rules 8c2960f adds rfkill nodedev and some mmc partitions to stordev 5a9ffe9 rcboot runs fwenv with a transition 9954bf6 dnsmasq in case of tcp ab66468 dnsmasq try this 5bfcb88 dnsmasq stubby not sure why this is happening 863f549 luci not sure why it recv and send server packets d5cddb0 uhttpd sends sigkill luci cgi 44cc04d stubby: it does not maintain anything in there db730b4 Adds stubby ccbcf0e tor simplify network access a308065 tor basic a9c0163 znc loose ends 327a9af acme: allow acme_cleanup.sh to restart znc 4015614 basic znc 7ef14a2 support/secmark: clarify some things 3107afe README: todo qrencode 943035a README and secmark doc 4c90937 ttyd: fix that socket leak again 3239adf dnsmasq icmp packets and fix a tty leak issue b41d38f Makefile: optimize 95d05b1 sandbox dontaudit ttyd leak 0b7d670 rpcd: reads mtu e754bf1 opkg-lists try this 35fb530 opkg-lists: custom 4328754 opkg try to address mislabeled /tmp/opkg-lists 3e2385c rcnftqos 95eae2d ucode c86d366 luci diagnostics e10b443 rpcd packets and wireguard/luci a25e020 igmpproxt packets 0106f00 luci dcef79c nftqos related 3c9bc90 related to nft-qos and luci f8502d4 dnsmasq more related to /usr/lib/dnsmasq/dhcp-script.sh 29a4271 dnsmasq: related to /usr/lib/dnsmasq/dhcp-script.sh 0c5805a some nft-qos 1100b41 adds a label for /tmp/.ujailnoafile e141a83 initscript: i labeled ujail procd.execfile a3b0302 Makefile: adds a default target + packets target 6a3f8ef label usign as opkg and label fwtool and sysupgrade 04d1cc7 sysupgrade: i meant don't do the fc spec 763bec0 sysupgrade: dont do /tmp/sysupgrade.img af2306f adds a failsafe.tmpfile and labels validate_firmware_image 5b15760 fwenv: comment doesnt make sense 370ac3b fwenv: executes shell 67e3fcb fwenv: adds fw_setsys 544d211 adds procd execfile module to label procd related exec files 99d5f13 rclocalconffile: treat /etc/rc.button like /etc/rc.local 4dfd662 label uclient-fetch the same as wget 75d8212 osreleasemiscfile: adds /etc/device_info 0c1f116 adds a rcbuttonconffile for /etc/rc.button (base-files) ccd23f8 adds a syslog.conffile for /etc/syslog.conf (busybox) f790600 adds a libattr.conffile for /etc/xattr.conf fcc028e fwenv: adds fwsys 1255470 xtables: various iptables alternatives a7c4035 Revert "sqm: runs xtables, so also allow nftables" 0d331c3 sqm: runs xtables, so also allow nftables f34076b acme: will run nftables in the near future 6217046 allow ssl.read types to read /tmp/etc/ssl/engines.cnf d0deea3 fixes dns packets 8399efc Revert "sandbox: see if dontauditing this affects things" 73d716a sandbox: see if dontauditing this affects things b5ee097 sandbox: also allow readinherited dropbear pipes 12ee46b iwinfo traverses /tmp/run/wpa_supplicant 4a4d724 agent.cil: also reads inherited dropbear pipes d48013f support/secmark: i tightened my dns packet policy 645ad9e dns packets redone 4790b25 dnsnetpacket: fix obj macro template d9fafff redo dns packets 0a68498 ttyd: leaks a netlink route socket 1d2e6be .gitattributes: remove todo e1bb954 usbutil: reads bus sysfile symlinks d275a32 support/secmark: clean it up a little af5ce12 Makefile: exclude packet types in default make target 3caacdf support/secmark: document tunable/boolean e3dd3e6 invalidpacketselinuxbool: make it build-time again 54f0ccf odhcpd packet fix 4a864ba contrib/secmark: add a big FAT warning bead937 contrib/secmark: adds note about secmark support 146ae16 netpacket remove test 2ce9899 dns packets, odhcp6c raw packet, 4123 ntpnts for netnod 070a45f chrony and unbound packets eba894f rawip socket packets cannot be labeled 656ae0b adds isakmp (500), ipsec-nat-t (4500) and rawip packet types 35325db adds igmp packet type 5cf444c adds icmp packet type 2e41304 sandbox some more packet access for sandbox net 12caad6 packet accesses b8eb9a8 adds a trunkload of packet types a42a336 move rules related to invalid netpeers and ipsec associations a9e40e0 xtables/nftables allow relabelto all packet types aa5a52c README: adds item to wish list 3a96eec experiment: simple label based packet filtering 26d6f95 nftables reads/writes fw pipes
1. Boot WRC-X3200GST3 normally with "Router" mode 2. Access to "http://192.168.2.1/" and open firmware update page ("ファームウェア更新") 3. Select the OpenWrt factory image and click apply ("適用") button 4. Wait ~120 seconds to complete flashing
Patches to support the SoC's GPIO controller for RTL930x and RTL931x devices have been accepted upstream. Replace the current preliminary patch with the upstream ones, excluding devictree binding changes.
The updated patches add GPIO IRQ balancing support on RTL930x, but this cannot be used until these devices also support SMP.
Fixes an out of bounds issue, adds support for TP-Link safeloader images with non-default partition names, and adds image generation support for: - TP-Link Archer A6 v2 (EU) - TP-Link EAP225 v4 - TP-Link EAP225-Outdoor v3
365458e00ed7 tplink-safeloader: join EAP225-V3 compatible devices 0277810d353d tplink-safeloader: fix chunked support-list prints a64f89c66318 tplink-safeloader: Patch to handle partitions with alternate names. 07f78f071075 firmware-utils: tplink-safeloader: add support for Archer A6 v2 (EU) 49ea62160d21 tplink-safeloader: fix alphabetical order
Original patch: https://github.com/cifsd-team/ksmbd-tools/issues/227 adapted for ksmbd kernel module v3.4.3 by me. Fixes crash in v3.4.3 only. Use original patch when updating to v3.4.4 as this one will fail hunk #1.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro> (commit: f84b525)
ipq40xx: cut ath10k board file for mikrotik subtarget
Avoid shipping ath10k board file in Mikrotik initram images
Most will only ever need to use these initram images once—to initially load OpenWrt, but fix these images for more consistent Wi-Fi performance between the initram and installed squashfs images.
OpenWrt BUILDBOT config ignores -cut packages in the initram images build. This results in BUILDBOT initram images including the linux-firmware qca4019 board-2.bin, and (initram image booted) Mikrotik devices loading a generic BDF, rather than the intended BDF data loaded from NOR as an api 1 board_file.
Buidbots are currently choking on the following compile error:
In file included from tools/aisimage.c:9: include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory # include <openssl/evp.h> ^~~~~~~~~~~~~~~ compilation terminated.
This is caused by a complete overriding of make flags which are provided correctly in `UBOOT_MAKE_FLAGS` variable, but currently overriden instead of extended. This then leads to the usage of build host include dirs, which are not available.
Fix it by extending `UBOOT_MAKE_FLAGS` variable in all device recipes.
Signed-off-by: Petr Štetiar <ynezz@true.cz> (commit: 481339a)
Currently malta configures the first Ethernet device as WAN interface. If it finds a second one it will configure it as LAN.
This commit reverses it to match armvirt and x86. If there is only one network device it will be configured as LAN device now. If we find two network devices the 2. one will be WAN.
If no board.d network configuration is given it will be configured in package/base-files/files/etc/board.d/99-default_network
Add ieee80211_rx_check_bss_color_collision routine in order to introduce BSS color collision detection in mac80211 if it is not supported in HW/FW (e.g. for mt7915 chipset). Add IEEE80211_HW_DETECTS_COLOR_COLLISION flag to let the driver notify BSS color collision detection is supported in HW/FW. Set this for ath11k which apparently didn't need this code.
Tested-by: Peter Chiu <Chui-Hao.Chiu@mediatek.com> Co-developed-by: Ryder Lee <ryder.lee@mediatek.com> Signed-off-by: Ryder Lee <ryder.lee@mediatek.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Link: https://lore.kernel.org/r/a05eeeb1841a84560dc5aaec77894fcb69a54f27.1648204871.git.lorenzo@kernel.org [clarify commit message a bit, move flag to mac80211] Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: David Bauer <mail@david-bauer.net> (commit: 7191d64)
The UniFi 6 Lite as well as the Tenbay T-MB5EU do not have the third background-radar chain. For the Tenbay, the connector is present, however no antenna is connected to it.
Signed-off-by: David Bauer <mail@david-bauer.net> (commit: 275a76e)
On uniprocessor builds, for_each_cpu(cpu, mask) will assume 'mask' always contains exactly one CPU, and ignore the actual mask contents. This causes the loop to run, even when it shouldn't on an empty mask, and tries to access an uninitialised pointer.
Fix this by wrapping the loop in a cpumask_empty() check, to ensure it will not run on uniprocessor builds if the CPU mask is empty.
Fixes: af6cd37f42f3 ("realtek: replace RTL93xx GPIO patches") Reported-by: INAGAKI Hiroshi <musashino.open@gmail.com> Reported-by: Robert Marko <robimarko@gmail.com> Tested-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Sander Vanheule <sander@svanheule.net> (commit: bde6311)
generic: 5.15: fix panic on tcp_no_window_check set with interface up
The current reworked version cause kernel panic when the value is changes and an interface is up. Following the tcp_be_liberal impelementation, reimplement this to permit a safe change of this value without any panic. This has been tested with a QSDK package where tcp_no_window_check is used.
210991d fw4: prefer /dev/stdin if available 4e5e322 fw4: make `fw4 restart` behavior more robust 221040e ruleset: emit time ranges when both start and stop times are specified 30a7d47 fw4: fix datetime parsing fb9a6b2 ruleset: correct mangle_output chain type 6dd2617 fw4: fix logic flaw in testing hw flow offloading support c7c9c84 fw4: ensure that negative bitcounts are properly translated c4a78ed fw4: fix typo in emitted set types
Aruba deploys a BDF in the root filesystem, however this matches the one used for the DK04 reference board.
The board-specific BDFs are built into the kernel. The AP-365 shows sinificant degraded performance with increased range when used with the reference BDF.
Replace the BDF with the one extracted from Arubas kernel.
Signed-off-by: David Bauer <mail@david-bauer.net> (commit: b21b986)
Needed by strongSwan IPsec VPN for strongswan-mod-chapoly. Not to be confused with kmod-crypto-LIB-chacha20poly1305, which is an 8-byte nonce version used by wireguard.
Signed-off-by: Xu Wang <xwang1498@gmx.com> (commit: 197b672)
Using nvmem-cells to set the MAC address for a DBDC device results in both PHY devices using the same MAC address. This in turn will result in multiple BSSes using the same BSSID, which can cause various problems.
Use the hotplug script for the EAP615-Wall instead to avoid this.
Fixes: a1b8a4d7b3ff ("ramips: support TP-Link EAP615-Wall") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Tested-by: Stijn Segers <foss@volatilesystems.org> Tested-By: Andrew Powers-Holmes <aholmes@omnom.net> (commit: ce90ba1)
This enables arm64/neon version of AES, SHA256 and SHA512 algorithms in the kernel. bcm2710 does not support armv8 crypto extensions, so they are not included.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (commit: 38ebb21)
This enables arm64/neon version of AES, SHA256 and SHA512 algorithms in the kernel. bcm2711 does not support armv8 crypto extensions, so they are not included.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (commit: 7b6beb7)
mkimage limits the length of the file paths in can deal with to 256 characters. Turns out that in automated builds by asu we break this limit, so increase it to 1024 characters.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 3fbf968)
If you change SCAN_EXTRA variable with "-path target/linux/xxxx" in include/toplevel.mk for speed up scan, find will warn with:
find: warning: you have specified the global option -maxdepth after the argument -path, but global options are not positional, i.e., -maxdepth affects tests specified before it as well as those specified after it. Please specify global options before other arguments.
The find option -mindepth -maxdepth are global options and must be before any path option. Change order of $(SCAN_EXTRA) after -mindepth and -maxdepth to fix this.
Signed-off-by: Leo Chung <gewalalb@gmail.com> [capitalize Description, Author and Sob and minor description tweak] Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com> (commit: eb787b5)
generic: 5.15: fix wrong PACKET_MANGLE select in swconfig switch patch
In the rebase process of 5.15 hack patch the ETHERNET_PACKET_MANGLE got wrongly swapped from AR8216_PHY to PSB6970_PHY. Restore the ETHERNET_PACKET_MANGLE select to the right place.
Hannu Nyman wrote in openwrt's github issue #9962: |Based on forum discussion, the commit 0bc794a |"kernel: add support for Toshiba TC58NVG0S3HTA00 NAND flash" |causes flash memory chip misdetection for some other |Fritzbox devices, as the commit only defines a 4-byte flash |memory chip ID that matches several chips used in the devices. | |See discussion from this onward |<https://forum.openwrt.org/t/openwrt-22-03-0-rc1-first-release-candidate/126045/182> | |OpenWrt 22.03.0-rc2 and rc3 are causing on a Fritzbox 7412 |bootloops due to a misdetected flash chip. | |Yup, that patch is missing the 5th ID byte entirely - both chips |share the same first 4; | | TC58NVG0S3HTA00 = 0x98 0xf1 0x80 0x15 0x72 (digikey datasheet, page 35) | TC58BVG0S3HTA00 = 0x98 0xf1 0x80 0x15 0xf2 (digikey datasheet, page 28) | |The commit has also been backported to openwrt-22.03 after rc1, |so both rc2 and rc3 suffer from this bug."
Andreas' TC58NVG0S3H seems not to follow Toshibas/Kioxa's own datasheet. It only reports the first four bytes: "98 f1 80 15 00 00 00 00".
This patch changes the id_len in the entry to 8. This makes it so that Andreas' NAND is still detected. At the same time, this prevents other Toshiba NAND flash chips - that share the same four bytes - from being misdetected.
The issue has been reported upstream, since they also accepted the initial patch... so if not addressed, 5.19/5.20 will also break those affected devices again.
Reported-by: Peter-vdL Fixes: 0bc794a66845 ("kernel: add support for Toshiba TC58NVG0S3HTA00 NAND flash") Link: <https://github.com/openwrt/openwrt/issues/9962> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: b047ca1)
generic: remove patch to fix vlan setup on mv88e6xxx
This patch was present in Linux kernel [1] since version 5.11rc1, but it was superseded by another patch, which set configure_vlan_while_not_filtering to true by default since kernel v5.12-rc2 [2].
There does not appear to be a way to trigger TFTP recovery without entering U-Boot. The device must be opened to access the serial console in order to first flash OpenWrt onto a device from factory.
The device has automatic recovery backed by a second set of partitions on the larger of the two SPI flash ICs. Both the primary and secondary must be flashed to prevent accidental rollback to "factory" after 3 failed boot attempts.
Serial console --------------
A serial console is available on the following pins of the populated J2 connector on the device mainboard (115200 8n1).
(<-- Top of PCB / Device)
J2 [o o o o o o] | | | | | `-- GND | `---- TX `--------- RX
1. Setup TFTP server with server IP set to 192.168.1.236. 2. Copy compiled `...squashfs-factory.bin` to `nodes-jr.img` in tftp root. 3. Connect to console using pinout detailed in the serial console section. 4. Power on device and press enter when prompted to drop into U-Boot. 5. Flash first partition device via `run flashimg`. 6. Once complete, reset device and allow to power up completely. 7. Once comfortable with device upgrade reboot and drop back into U-Boot. 8. Flash the second partition (recovery) via `run flashimg2`.
Revert to "factory" -------------------
1. Download latest firmware update from vendor support site. 2. Copy extracted `.img` file to `nodes-jr.img` in tftp root. 3. Connect to console using pinout detailed in the serial console section. 4. Power on device and press enter when prompted to drop into U-Boot. 5. Flash first partition device via `run flashimg`. 6. Once complete, reset device and allow to power up completely. 7. Once comfortable with device upgrade reboot and drop back into U-Boot. 8. Flash the second partition (recovery) via `run flashimg2`.
Link: https://github.com/openwrt/openwrt/pull/3682 Signed-off-by: Peter Adkins <peter@sunkenlab.com> (calibration from nvmem, updated to 5.10+5.15) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: b4184c6)
The default configuration of pinctrl for GPIO19 set by U-boot was not a GPIO, but an alternate function, which prevented the GPIO hog from working. Set GPIO19 into GPIO mode to allow the hog to work, then the ath10k LED output can control the state of actual LED properly.
With the pinctrl configuration set properly by the previous commit, the LED stays lit regardless of status of 2.4GHz radio, even if 5GHz radio is disabled. Map GPIO19 as LED for ath9k, this way the LED will show activity for both bands, as it is bound by logical AND with output of ath10k-phy0 LED. This works well because during management traffic, phy*tpt triggers typically cause LEDs to blink in unison.
The ZyXEL GS1900-24E is a 24 port gigabit switch similar to other GS1900 switches.
Specifications -------------- * Device: ZyXEL GS1900-24E * SoC: Realtek RTL8382M 500 MHz MIPS 4KEc * Flash: 16 MiB Macronix MX25L12835F * RAM: 128 MiB DDR2 SDRAM Nanya NT5TU128M8GE * Ethernet: 24x 10/100/1000 Mbps * LEDs: 1 PWR LED (green, not configurable) 1 SYS LED (green, configurable) 24 ethernet port link/activity LEDs (green, SoC controlled) * Buttons: 1 "RESET" button on front panel * Switch: 1 Power switch on rear of device * Power 120-240V AC C13 * UART: 1 serial header (JP2) with populated standard pin connector on the left side of the PCB. Pinout (front to back): + Pin 1 - VCC marked with white dot + Pin 2 - RX + Pin 3 - TX + PIn 4 - GND
Serial connection parameters: 115200 8N1.
Installation ------------
OEM upgrade method:
* Log in to OEM management web interface * Navigate to Maintenance > Firmware * Select the HTTP radio button * Select the Active radio button * Use the browse button to locate the realtek-rtl838x-zyxel_gs1900-24e-initramfs-kernel.bin file and select open so File Path is updated with filename. * Select the Apply button. Screen will display "Prepare for firmware upgrade ...". *Wait until screen shows "Do you really want to reboot?" then select the OK button * Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it: > sysupgrade -n /tmp/realtek-rtl838x-zyxel_gs1900-24e-squashfs-sysupgrade.bin it may be necessary to restart the network (/etc/init.d/network restart) on the running initramfs image.
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10). * Set up a TFTP server on your client and make it serve the initramfs image. * Connect serial, power up the switch, interrupt U-boot by hitting the space bar, and enable the network: > rtk network on * Since the GS1900-24E is a dual-partition device, you want to keep the OEM firmware on the backup partition for the time being. OpenWrt can only boot from the first partition anyway (hardcoded in the DTS). To make sure we are manipulating the first partition, issue the following commands: > setsys bootpartition 0 > savesys * Download the image onto the device and boot from it: > tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-rtl838x-zyxel_gs1900-24e-initramfs-kernel.bin > bootm * Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it: > sysupgrade -n /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24e-squashfs-sysupgrade.bin it may be necessary to restart the network (/etc/init.d/network restart) on the running initramfs image.
Enabling different hardware crypto acceleration should not change the library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash has been computed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (commit: 677774d)
This enables AES & SHA CPU instructions for compatible armv8, and x86_64 architectures. Add this to the hardware acceleration choice, since they can't be enabled at the same time.
The package was marked non-shared, since the arm CPUs may or may not have crypto extensions enabled based on licensing; bcm27xx does not enable them. There is no run-time detection of this for arm.
NOTE: Should this be backported to a release branch, it must be done shortly before a new minor release, because the change to nonshared will remove libwolfssl from the shared packages, but the nonshared are only built in a subsequent release!
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (commit: 0a2edc2)
This patch allows the user to set `auth_server` and related settings on non WPA2 Enterprise AP modes in `/etc/config/wireless`, too, so the Radius Attributes for Dynamic VLAN Assignment can be fetched from Radius.
Without this patch, `auth_server` and other needed options are only written to `hostapd-phy<n>.conf` when `option encryption wpa2` is set.
`hostapd` however supports "Station MAC address -based authentication" for non WPA Enterprise Modes, too.
A classic approch is to use `accept_mac_file` which contains MAC addr and VLAN-ID pairs. But, using `accept_mac_file` does not support VLAN assignment for unknown stations.
This is a sample `freeradius3` config, where a known station ("7e:a6:a7:2a:93:d2") is assigned to VLAN `65` and unknown stations are assigned to VLAN `67`.
hostapd: fix missing HS20 support for hostapd-full
commit c3a4cddaaf45 ("hostapd: remove hostapd-hs20 variant") as well as commit 9f1927173ac6 ("hostapd: wpas: add missing config symbols") indicate hostapd-full should support Hotspot 2.0 already, but only wpa_supplicant (and wpad) do.
How this happened is not really clear, as no commit adding support for Hotspot 2.0 is in the history.
Fix this and add Hotspot 2.0 capability to hostapd-full.
Signed-off-by: David Bauer <mail@david-bauer.net> (commit: b72c7db)
libwolfssl-benchmark should NOT be compiled as nonshared but currently there is a bug where, on buildbot stage2, the package is recompiled to build libwolfssl-benchmark and the dependency change to the new libwolfssl version. Each dependant package will now depend on the new wolfssl package instead of the one previously on stage1 that has a different package HASH.
Set the nonshared PKGFLAGS global while this gets investigated and eventually fixed.
Fixes: 0a2edc2714dc ("wolfssl: enable CPU crypto instructions") Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com> (commit: e0cc5b9)
Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build the now non-shared package, openvpn will not be selected, and WolfSSL will be built without it. Then phase2 bots have CONFIG_ALL=y, which will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This changes the version hash, causing dependency failures, as shared packages expect the phase2 hash.
Fixes: #9738
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (commit: d55f12c)
With some OS (Guix) the git submodule command is wrapped in a script. Current logic parse the git submodule script directly. If it's wrapped the prereq check wrongly fails while 'git submodule --recursive' is actually available. Add an additional check that try to directly use the 'git submodule' command to check if the prereq is satisfied.
Fixes: #9986 Reported-by: Attila Lendvai <attila@lendvai.name> Suggested-by: Attila Lendvai <attila@lendvai.name> Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com> (commit: ab1f3a8)
Using the BOARD_NAME variable results for both er and erlite devices to identify themselfs as `er` and `erlite` (via `ubus call system board`).
This is problematic when devices search for firmware upgrades since the OpenWrt profile is actually called `ubnt_edgerouter` and `ubnt_edgerouter-lite`.
By adding the `SUPPORTED_DEVICE` a mapping is created to point devices called `er` or `erlite` to the corresponding profile.
FIXES: https://github.com/openwrt/asu/issues/348
Signed-off-by: Paul Spooren <mail@aparcar.org> (commit: 2a07270)
Sync nl80211.h with upstream in order to maintain parity with nl80211_copy.h shipped with hostapd.
This is necessary, as currently the enum value for NL80211_EXT_FEATURE_RADAR_BACKGROUND mismatches between hostapd and mac80211. This breaks background radar capability detection in hostapd.
Reported-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: David Bauer <mail@david-bauer.net> (commit: a10e0d7)
902b321 wireless-regdb: Update regulatory rules for Israel (IL) 20f6f34 wireless-regdb: add missing spaces for US S1G rules 25652b6 wireless-regdb: Update regulatory rules for Australia (AU) 081873f wireless-regdb: update regulatory database based on preceding changes 166fbdd wireless-regdb: add db files missing from previous commit e3f03f9 Regulatory update for 6 GHz operation in Canada (CA) 888da5f Regulatory update for 6 GHz operation in United States (US) 647bcaa Regulatory update for 6 GHz operation in FI c6b079d wireless-regdb: update regulatory rules for Bulgaria (BG) on 6GHz 2ed39be wireless-regdb: Remove AUTO-BW from 6 GHz rules 7a6ad1a wireless-regdb: Unify 6 GHz rules for EU contries 68a8f2f wireless-regdb: update regulatory database based on preceding changes
Based on current mt7622-ubnt-unifi-6-lr, this is a preparation for adding a v2 version of this target
* v1 - with led-bar * v2 - two simple GPIO connected LEDs (in later commits)
Signed-off-by: Daniel Golle <daniel@makrotopia.org> [added SUPPORTED_DEVICES for compatibility with existing setups] Signed-off-by: Henrik Riomar <henrik.riomar@gmail.com> (commit: 15a0247)
Signed-off-by: Daniel Golle <daniel@makrotopia.org> [added SUPPORTED_DEVICES for compatibility with existing setups] Signed-off-by: Henrik Riomar <henrik.riomar@gmail.com> (commit: 5c8d389)
ath79 has was bumped to 5.10. With this, as with every kernel change, the kernel has become larger. However, although the kernel gets bigger, there are still enough flash resources. But the RAM reaches its capacity limits. The tiny image comes with fewer kernel flags enabled and fewer daemons.
Improves: 15aa53d7ee65 ("ath79: switch to Kernel 5.10")
Tested-by: Robert Foss <me@robertfoss.se> Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: f4415f7)
Some K2P comes with the worse boards with GD25Q128 (may be A2), which only works with 50MHz frequency and less. Reduce spi frequency so that these routers can boot. remove m25p,fast-read because it isn't needed for 50MHz SPI.
This commit: 1. Renames beeline-trx recipe in mt7621.mk to arcadyan-trx. The recipe is necessary for: - MTS WG430223 (Arcadyan WG430223) - Beeline Smartbox Flash (Arcadyan WG443223) 2. Allows specify custom trx magic which is different for the routers mentined above.
Installation ------------ 1. Login to the router web interface (superadmin:serial number) 2. Navigate to Administration -> Miscellaneous -> Access control lists & enable telnet & enable "Remote control from any IP address" 3. Connect to the router using telnet (default admin:admin) 4. Place *factory.trx on any web server (192.168.1.2 in this example) 5. Connect to the router using telnet shell (no password required) 6. Save MAC adresses to U-Boot environment: uboot_env --set --name eth2macaddr --value $(ifconfig | grep eth2 | \ awk '{print $5}') uboot_env --set --name eth3macaddr --value $(ifconfig | grep eth3 | \ awk '{print $5}') uboot_env --set --name ra0macaddr --value $(ifconfig | grep ra0 | \ awk '{print $5}') uboot_env --set --name rax0macaddr --value $(ifconfig | grep rax0 | \ awk '{print $5}') 7. Ensure that MACs were saved correctly: uboot_env --get --name eth2macaddr uboot_env --get --name eth3macaddr uboot_env --get --name ra0macaddr uboot_env --get --name rax0macaddr 8. Download and write the OpenWrt images: cd /tmp wget http://192.168.1.2/factory.trx mtd_write erase /dev/mtd4 mtd_write write factory.trx /dev/mtd4 9. Set 1st boot partition and reboot: uboot_env --set --name bootpartition --value 0
Back to Stock ------------- 1. Run in the OpenWrt shell: fw_setenv bootpartition 1 reboot 2. Optional step. Upgrade the stock firmware with any version to overwrite the OpenWrt in Slot 1.
MAC addresses ------------- +-----------+-------------------+----------------+ | Interface | MAC | Source | +-----------+-------------------+----------------+ | label | A4:xx:xx:51:xx:F4 | No MACs was | | LAN | A4:xx:xx:51:xx:F6 | found on Flash | | WAN | A4:xx:xx:51:xx:F4 | [1] | | WLAN_2g | A4:xx:xx:51:xx:F5 | | | WLAN_5g | A6:xx:xx:21:xx:F5 | | +-----------+-------------------+----------------+ [1]: a. Label wasb't found neither in factory nor in other places. b. MAC addresses are stored in encrypted partition "glbcfg". Encryption key hasn't known yet. To ensure the correct MACs in OpenWrt, a hack with saving of the MACs to u-boot-env during the installation was applied. c. Default Ralink ethernet MAC address (00:0C:43:28:80:A0) was found in "Factory" 0xfff0. It's the same for all MTS WG430223 devices. OEM firmware also uses this MAC when initialazes ethernet driver. In OpenWrt we use it only as internal GMAC (eth0), all other MACs are unique. Therefore, there is no any barriers to the operation of several MTS WG430223 devices even within the same broadcast domain.
Stock firmware image format --------------------------- The same as Beeline Smartbox Flash but with another trx magic +--------------+---------------+----------------------------------------+ | Offset | | Description | +==============+===============+========================================+ | 0x0 | 31 52 48 53 | TRX magic "1RHS" | +--------------+---------------+----------------------------------------+
Trying to sysupgrade an image containing this change on an M300 already running OpenWrt will fail with the following error:
Tue Jun 14 12:06:21 EEST 2022 upgrade: The device is supported, but the config is incompatible to the new image (1.0->1.1). Please upgrade without keeping config (sysupgrade -n). Tue Jun 14 12:06:21 EEST 2022 upgrade: Kernel switched to FIT uImage. Update U-Boot environment. Tue Jun 14 12:06:21 EEST 2022 upgrade: Reading partition table from bootdisk... Tue Jun 14 12:06:21 EEST 2022 upgrade: Extract boot sector from the image Tue Jun 14 12:06:21 EEST 2022 upgrade: Reading partition table from image... Image check failed.
This is to prevent rendering your device unbootable. Make the U-Boot environment changes as instruced above, and then flash the image using sysupgrade -F. The config can be kept, there is no need to use -n.
After the new image booted successfully, you can increase the compat_version:
uci set system.@system[0].compat_version='1.1' uci commit
swconfig: parse "switch_vlan" before "switch_port"
Before this change UCI sections of both types were parsed in order as specified in UCI. That didn't work well with all drivers (e.g. b53).
It seems that VLAN setup can reset / overwrite previously set ports parameters. It resulted in "switch_port" options defined above "switch_vlan"s being silently ignored.
Ideally swconfig & all drivers should be improved to handle that properly but it'd be a waste of time at this point as DSA replaces swconfig. Use this minor parsing change as a quick fix.
The phy-mask property is read by the ag71xx-mdio driver to set the mii_bus's phy_mask field. On OF platforms, the devicetree is expected to provide all present ethernet phy-s however, so the phy_mask field is later set to all-ones. Having a devicetree override is of no use then, so let's drop it.
Cc: David Bauer <mail@david-bauer.net> Cc: John Crispin <john@phrozen.org> Signed-off-by: Sander Vanheule <sander@svanheule.net> Acked-by: David Bauer <mail@david-bauer.net> (commit: c8c96b2)
Add the owe_transition_ifname config option to wifi-ifaces.
This allows to configure OWE transition VAPs without adding SSID / BSSID to the uci conifg but instead autodiscovering these parameters from other networks on the same PHY.
The following configuration creates a OWE transition mode network constellation.
ath79: convert 1-port TP-Link EAP ath9k to nvmem-cells
Replace the mtd-cal-data phandle with an nvmem-cell reference for the 2.4GHz ath9k radio. This affects the following devices: - TP-Link EAP225 v1 - TP-Link EAP225 v3 - TP-Link EAP225-Outdoor v1 - TP-Link EAP245 v1
ath79: move ethernet phy node for TP-Link EAP devices
Move the ethernet phy definition from the eap2x5-1port include to the device-specific DTS files. This is to prepare for new devices that have a different ethernet phy, at another MDIO address.
11f5c7b fw4.uc: fix zone helper assignment b9d35ff fw4.uc: don't skip zone for unavailable helper e35e26b tests: add test for zone helpers a063317 ruleset: fix conntrack helpers e1cb763 ruleset: reuse zone-jump.uc template for notrack and helper chain jumps 11410b8 ruleset: reorder declarations & output tweaks 880dd31 fw4: fix skipping invalid IPv6 ipset entries 5994466 fw4: simplify `is_loopback_dev()` 53886e5 fw4: fix crash in parse_cthelper() if no helpers are present 11256ff fw4: add support for configurable includes 3b5a033 tests: add test coverage for firewall includes d79911c fw4: support sets with timeout capability but without default expiry 15c3831 fw4: add support for `option log` in rule and redirect sections
realtek: add support for power LED on Netgear GS308Tv1
The Netgear GS308Tv1 is already supported by OpenWrt, but is missing LED support. After OpenWrt installation, all LEDs are off which makes the installation quite confusing. This enables support for the green/amber power LED to give feedback about the current status.
Signed-off-by: Andreas Böhler <dev@aboehler.at> (commit: c492774)
ath79: D-Link DAP-2xxx (QCA955x): move art partition to DTSI
The art partition containing the radio calibration data is in the same location for all supported devices. Move the definition to the base file so the reference from the wmac node can refer to the same file.
Cc: Sebastian Schaper <openwrt@sebastianschaper.net> Signed-off-by: Sander Vanheule <sander@svanheule.net> (commit: 3a1eb93)
ath79: D-Link DAP-2xxx (QCA953x): move art partition to DTSI
The art partition containing the radio calibration data is in the same location for all supported devices. Move the definition to the base file so the reference from the wmac node can reference the same file.
Cc: Sebastian Schaper <openwrt@sebastianschaper.net> Signed-off-by: Sander Vanheule <sander@svanheule.net> (commit: b4e7b49)
There is not RTC battery connected to the SoC of the UniFi 6 LR board. Disable the RTC to prevent the system coming up with time set to 2000-01-01 00:00:00 after each reboot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 692d87a)
ath79: TP-Link EAP225-Outdoor v1: use pre-calibration nvmem-cell
Fixes errors in the form of: ath10k_pci 0000:00:00.0: failed to fetch board data for bus=pci, vendor=168c,device=0056,subsystem-vendor=0000,subsystem-device =0000 from ath10k/QCA9888/hw2.0/board-2.bin ath10k_pci 0000:00:00.0: failed to fetch board-2.bin or board.bin from ath10k/QCA9888/hw2.0 ath10k_pci 0000:00:00.0: failed to fetch board file: -12 ath10k_pci 0000:00:00.0: could not probe fw (-12)
As described already in 2d3321619b2b ("ath79: TP-Link EAP245 v3: use pre-calibration nvmem-cell"): Ath10k Wave-2 hardware requires an nvmem-cell called "pre-calibration" to load the device specific caldata, not "calibration".
Further rename the nvmem cell node and label to match the updated cell name.
Fixes: 23b904074500 ("ath79: TP-Link EAP225-Outdoor v1: convert ath10k to nvmem-cells") Suggested-by: Sander Vanheule <sander@svanheule.net> Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 0cb851c)
ath79: TP-Link EAP225-Wall v2: use pre-calibration nvmem-cell
ath10k Wave-2 hardware requires an nvmem-cell called "pre-calibration" to load the device specific caldata, not "calibration". Rename the nvmem cell node and label to match the updated cell name.
ath79: TP-Link EAP225 v3: use pre-calibration nvmem-cell
ath10k Wave-2 hardware requires an nvmem-cell called "pre-calibration" to load the device specific caldata, not "calibration". Rename the nvmem cell node and label to match the updated cell name.
base-files: allow ignoring minor compat-version check
Downstream projects might re-generate device-specific configuration based on OpenWrt's defaults on each upgrade, thus being unaffected by forward- as well as backwards-breaking configuration.
Add a new sysupgrade parameter, which allows sysupgrades between minor compat-versions. Upgrades will still fail upon mismatching major compat versions.
Signed-off-by: David Bauer <mail@david-bauer.net> (commit: 34437af)
4383528e0 P2P: Use weighted preferred channel list for channel selection f2c5c8d38 QCA vendor attribute to configure RX link speed threshold for roaming 94bc94b20 Add QCA vendor attribute for DO_ACS to allow using existing scan entries b9e2826b9 P2P: Filter 6 GHz channels if peer doesn't support them d5a9944b8 Reserve QCA vendor sub command id 206..212 ed63c286f Remove space before tab in QCA vendor commands e4015440a ProxyARP: Clear bridge parameters on deinit only if hostapd set them 02047e9c8 hs20-osu-client: Explicit checks for snprintf() result cd92f7f98 FIPS PRF: Avoid duplicate SHA1Init() functionality 5c87fcc15 OpenSSL: Use internal FIPS 186-2 PRF with OpenSSL 3.0 9e305878c SAE-PK: Fix build without AES-SIV c41004d86 OpenSSL: Convert more crypto_ec_key routines to new EVP API 667a2959c OpenSSL: crypto_ec_key_get_public_key() using new EVP_PKEY API 5b97395b3 OpenSSL: crypto_ec_key_get_private_key() using new EVP_PKEY API 177ebfe10 crypto: Convert crypto_ec_key_get_public_key() to return new ec_point 26780d92f crypto: Convert crypto_ec_key_get_private_key() to return new bignum c9c2c2d9c OpenSSL: Fix a memory leak on crypto_hash_init() error path 6d19dccf9 OpenSSL: Free OSSL_DECODER_CTX in tls_global_dh() 4f4479ef9 OpenSSL: crypto_ec_key_parse_{priv,pub}() without EC_KEY API b092d8ee6 tests: imsi_privacy_attr 563699174 EAP-SIM/AKA peer: IMSI privacy attribute 1004fb7ee tests: Testing functionality to discard DPP Public Action frames 355069616 tests: Add forgotten files for expired IMSI privacy cert tests b9a222cdd tests: sigma_dut and DPP curve-from-URI special functionality fa36e7ee4 tests: sigma_dut controlled STA and EAP-AKA parameters 99165cc4b Rename wpa_supplicant imsi_privacy_key configuration parameter dde7f90a4 tests: Update VM setup example to use Ubuntu 22.04 and UML 426932f06 tests: EAP-AKA and expired imsi_privacy_key 35eda6e70 EAP-SIM peer: Free imsi_privacy_key on an error path 1328cdeb1 Do not try to use network profile with invalid imsi_privacy_key d1652dc7c OpenSSL: Refuse to accept expired RSA certificate 866e7b745 OpenSSL: Include rsa.h for OpenSSL 3.0 bc99366f9 OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using TLS 1.0/1.1 39e662308 tests: Work around reentrant logging issues due to __del__ misuse 72641f924 tests: Clean up failed test list in parallel-vm.py e36a7c794 tests: Support pycryptodome a44744d3b tests: Set ECB mode for AES explicitly to work with cryptodome e90ea900a tests: sigma_dut DPP TCP Configurator as initiator with addr from URI ed325ff0f DPP: Allow TCP destination (address/port) to be used from peer URI e58dabbcf tests: DPP URI with host info 37bb4178b DPP: Host information in bootstrapping URI 1142b6e41 EHT: Do not check HE PHY capability info reserved fields 7173992b9 tests: Flush scan table in ap_wps_priority to make it more robust b9313e17e tests: Update ap_wpa2_psk_ext_delayed_ptk_rekey to match implementation bc3699179 Use Secure=1 in PTK rekeying EAPOL-Key msg 1/4 and 2/4 d2ce1b4d6 tests: Wait for request before responding in dscp_response
Boot initramfs image from U-Boot --------------------------------
1. Press Escape key during `Hit Esc key to stop autoboot` prompt 2. Press CTRL+C keys to get into real U-Boot prompt 3. Init network with `rtk network on` command 4. Load image with `tftpboot 0x8f000000 openwrt-realtek-rtl838x-d-link_dgs-1210-20-initramfs-kernel.bin` command 5. Boot the image with `bootm` command
To install, upload the sysupgrade image to the OEM webpage or sysupgrade from the system running from initramfs image.
It has been developed and tested on device with F1 revision.
realtek: add support for power LED on Netgear GS108Tv3
The Netgear GS108Tv3 is already supported by OpenWrt, but is missing LED support. After OpenWrt installation, all LEDs are off which makes the installation quite confusing. This enables support for the green/amber power LED to give feedback about the current status.
This is basically just a verbatim copy of commit c4927747d25a ("realtek: add support for power LED on Netgear GS308Tv1").
Please note that both LEDs are wired up in an anti-parallel fashion, which means that only one of both LEDs/colors can be switched on at the same time. If both LEDs/colors are switched on simultanously, the LED goes dark.
Tested-by: Pascal Ernster <git@hardfalcon.net> Signed-off-by: Pascal Ernster <git@hardfalcon.net> [add title to commit reference] Signed-off-by: Sander Vanheule <sander@svanheule.net> (commit: adbdfc9)
kernel: move Toshiba-TC58NVG0S3H patch to ipq40xx redux
Linux' upstream MTD-Maintainer Miquèl Raynal noted: |Reverting seems the safest option here, not knowing how many devices |have these damaged/counterfeit chips. If it is just a couple and only on |Fritzboxes, as suggested in the Github issue this patch could be |carried through OpenWrt and that would seem more future proof IMHO.
This patch follows up with the first patch. It actually moves the patches out of target/linux/generic/pending into the ipq40xx's patch heap and adds a little note what happend.
For more information, discussions or reports about bad TC58NVG0S3Hs, please visit the OpenWrt's Github Issue #9962: <https://github.com/openwrt/openwrt/issues/9962>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: ac2166b)
kernel: Backport mv88e6xxx patch to keep pvid at 0 if VLAN-unaware and remove hack
Keeping the pvid at 0 when VLAN-unaware makes it possible to drop the hack introduced in commit 920eaab1d817 ("kernel: DSA roaming fix for Marvell mv88e6xxx"). Dropping the hack makes it possible to use VLAN interfaces with VID 1 on DSA ports without problems with FDB.
Signed-off-by: Marek Behún <kabel@kernel.org> (cherry picked from commit 9caa6f0aa742253901c72f43eebecd2c8da5f127) Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> [drop kernel patch hack from Linux version 5.15, drop paragraph about backport patch, which is not necessary as it is included in kernel 5.15] (commit: 742926e)
In subtarget p2020, there wasn't enabled nand support, and because of that there weren't available tools from mtd-utils package, which has utilities for NAND flash memory even though reference board, which is the only currently supported device in p2020 subtarget has NAND [1].
All subtargets in mpc85xx has already enabled nand support, let's do it globally.
The MBL has a 512KiB Microchip SST39VF040 chip for uboot and not much else.
Thanks to Ewald who figured out that the "jedec-probe" vs. "jedec-flash" was the wrong binding. With this information and the jedec-probe support enabled => the chip works.
| physmap-flash 4fff80000.nor_flash: physmap platform flash device: [mem 0x4fff80000-0x4ffffffff] | Found: SST 39LF040 | 4fff80000.nor_flash: Found 1 x8 devices at 0x0 in 8-bit bank
Suggested-by: Ewald Comhaire <e.comhaire@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 5f7828f)
The Meraki MR74 is part of the "Insect" series. This device is essentially an outdoor variant of the MR33 with identical hardware, but requiring a config@3 DTS option to be set to allow booting with the stock u-boot.
The install procedure is replicated from the MR33, with the exception being that the MR74 sysupgrade image must be used.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com> (commit: 811538a)
This row is no longer necessary as it was replaced by LOCALVERSION in uboot.mk, which explicitly sets OpenWrt version to all U-boot packages accross OpenWrt. [1]
kernel: add upstream patches for pca955x led driver
These patches are to support the pca955x led with OpenWRT correctly via device tree on linux 5.10. Without these, the new LED function/color/reg features can not be used.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com> (commit: 78ecaeb)
This patch adds support for the mainline kernel module for the PCA955x LED driver. Note this requires i2c and GPIO support. Also worth calling out this driver also enables GPIO support, depending on device tree configuration.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com> (commit: 77a1479)
This adds support for the Netgear PGZNG1, also known as the ADT Pulse Gateway.
Hardware: CPU: Atheros AR9344 Memory: 256MB Storage: 256MB NAND Hynix H27U2G8F2CTR-BC USB: 1x USB 2.0 Ethernet: 2x 100Mb/s WiFi: Atheros AR9340 2.4GHz 2T2R Leds: 8 LEDs Button: 1x Reset Button UART: Header marked JPE1. Pinout is VCC, TX, RX, GND. The marked pin, closest to the JPE1 marking, is VCC. Note VCC isn't required to be connected for UART to work.
Enable Stock Firmware Shell Access: 1. Interrupt u-boot and run the following commands setenv console_mode 1 saveenv reset
This will enable a UART shell in the firmware. You can then login using the root password of `icontrol`. If that doesn't work, the device is running a firmware based on OpenWRT where you can drop into failsafe to mount the FS and then modify /etc/passwd.
Installation Instructions: 1. Interupt u-boot and run the following commands setenv active_image 0 setenv stock_bootcmd nboot 0x81000000 0 \${kernel_offset} setenv openwrt_bootcmd nboot 0x82000000 0 \${kernel_offset} setenv bootcmd run openwrt_bootcmd saveenv
This backports encap offload support from upstream. On some ath10k devices there can be about 10% improvement on tx throughput. Users can turn it on by setting frame_mode=2.
Signed-off-by: Zhijun You <hujy652@gmail.com> (commit: 00f64ed)
failsafe: run on all consoles listed in /proc/cmdline
On x86, when both CONFIG_GRUB_CONSOLE and CONFIG_GRUB_SERIAL are set (as they are by default), the kernel command line will have two console= entries, such as
console=tty0 console=ttyS0,115200n8
Failsafe was only running a shell on the first defined console, the VGA console. This is a problem for devices like apu2, where there is only a serial console and it appears on ttyS0.
Moreover, the console prompt to enter failsafe during boot was delivered to, and its input read from, the last console= on the kernel command line. So while the failsafe shell was on the first defined console, only the last defined console could be used to enter failsafe during boot.
In contrast, the x86 bootloader (GRUB) operates on both the serial console and the VGA console by virtue of "terminal_{input,output} console serial". GRUB also provided an alternate means to enter failsafe from either console. The presence of two console= kernel command line parameters causes kernel messages to be delivered to both. Under normal operation (not failsafe), procd runs login in accordance with inittab, which on x86 specifies ttyS0, hvc0, and tty1, allowing login through any of serial, hypervisor, or VGA console. Thus, serial access was consistently available on x86 devices with serial consoles under normal operation, except for shell access in failsafe mode (without editing the kernel command line).
By presenting the failsafe prompt, reading failsafe prompt input, and running failsafe shells on all consoles listed in /proc/cmdline, failsafe mode will work correctly on devices with a serial console (like apu2), and the same image without any need for reconfiguration can be shared by devices with the more traditional (for x86) VGA console. This improvement should benefit any system with multiple console= arguments, including x86 and bcm27xx (Raspberry Pi).
Signed-off-by: Mark Mentovai <mark at moxienet.com> (commit: c9725d4)
apm821xx: align gpio-keys node names with dt-schema
As per the series: <https://www.spinics.net/lists/devicetree/msg508906.html>
"Enforce specific naming pattern for children (keys) to narrow the pattern thus do not match other properties. This will require all children to be properly prefixed or suffixed (button, event, switch or key)."
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: cd1b4ea)
ClearFog GT 8K is device sold by SolidRun. It is marketed as a development board, not a consumer product. The device tree file for this board is upstream in kernel.org.
464xlat: delete SNATed conntracks on interface teardown
Existing conntracks will continue to be SNATed to 192.0.0.1 even after 464xlat interface gets teared down. To prevent this, matching conntracks must be killed.
lantiq: dts: fix reset controller reference on Danube and AR9
ar9.dtsi and danube.dtsi only have one reset controller and they are naming it "reset". This is equivalent to "reset0" in vr9.dtsi. Fix the references to the reset controller in the recently added PCI controller reset line.
Fixes: 087f2cba26faf0 ("lantiq: dts: Add the reset line for the PCI controller") Reported-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> (commit: a1354ac)
kernel: drop patch adding hardcoded kernel compilation flags
1. KCFLAGS should be used for custom flags 2. Optimization flags are arch / SoC specific 3. -fno-reorder-blocks may *worsen* network performace on some SoCs 4. Usage of flags was *reversed* since 5.4 and noone reported that
If we really need custom flags then CONFIG_KERNEL_CFLAGS should get default value adjusted properly (per target).
This adds a few fixes for compiling against Linux 5.10:
1. segment_eq() has been removed with upstream commit 428e2976a5bf7e7f5554286d7a5a33b8147b106a ("uaccess: remove segment_eq") and can use uaccess_kernel() instead 2. ioremap_nocache() is removed and is now an alias for ioremap() with upstream commit 4bdc0d676a643140bdf17dbf7eafedee3d496a3c ("remove ioremap_nocache and devm_ioremap_nocache")
bcm47xx: Add support for brcmnand controller on BCMA bus
Back port the patches being submitted upstream in order to make the NAND controller work on BCM47187/5358. This is a prerequisite for supporting devices like the Netgear WNR3500L V2.
Compiler option -no-plt will break kernel builds on some architectures eg. (x86) Filter this option from the recently introduced handling of KCFLAGS vs EXTRA_OPTIMISATION
Fixes: 1d42af720c6b ("kernel: use KCFLAGS for passing EXTRA_OPTIMIZATION flags")
Suggested-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (commit: 24e27be)
4554ee652caf mt76: mt7921: fix warning Using plain integer as NULL pointer a3f1d6ccf3ca mt76: mt7921: add missing bh-disable around rx napi schedule 9aeca2a5ce47 mt76: mt7921: get rid of mt7921_mcu_exit fee8a5911c76 mt76: connac: move shared fw structures in connac module db4d784ae7ba mt76: mt7921: move fw toggle in mt7921_load_firmware 16ab6bf49556 mt76: connac: move mt76_connac2_load_ram in connac module 29fd748801c6 mt76: connac: move mt76_connac2_load_patch in connac module 051c68d18214 mt76: mt7663: rely on mt76_connac2_fw_trailer d6ae3505ac6c mt76: enable the VHT extended NSS BW feature 488a5ccc9762 mt76: mt7921: rely on mt76_dev in mt7921_mac_write_txwi signature 934029bb93e2 mt76: mt7915: rely on mt76_dev in mt7915_mac_write_txwi signature ecefae4c7d72 mt76: connac: move mac connac2 defs in mt76_connac2_mac.h b5eecc841df8 mt76: connac: move connac2_mac_write_txwi in mt76_connac module 012e619a07b9 mt76: connac: move mt76_connac2_mac_add_txs_skb in connac module 1b492be795ea mt76: mt7921: not support beacon offload disable command f1f46d3b4b19 mt76: mt7921: fix command timeout in AP stop period cae61112ef1d mt76: connac: move HE radiotap parsing in connac module 487674062643 mt76: connac: move mt76_connac2_reverse_frag0_hdr_trans in mt76-connac module 649bdc4983c4 mt76: connac: move mt76_connac2_mac_fill_rx_rate in connac module cb75aaa39252 mt76: mt7921s: remove unnecessary goto in mt7921s_mcu_drv_pmctrl e0eaf66eaebb mt76: mt7615: do not update pm stats in case of error f8d125b4ea30 mt76: mt7921: do not update pm states in case of error 6329a834907e mt76: mt7921s: fix possible sdio deadlock in command fail 8a04f1b04662 mt76: mt7921: fix aggregation subframes setting to HE max e52283439094 mt76: mt7915: disable UL MU-MIMO for mt7915 fd3958970e3d mt76: mt7921: enlarge maximum VHT MPDU length to 11454 18df38fe77f7 mt76: mt7915: get rid of unnecessary new line in mt7915_mac_write_txwi 149e95f5d7a6 mt76: connac: move mt76_connac_fw_txp in common module 899d192e8a79 mt76: move mt7615_txp_ptr in mt76_connac module 7184f0a6f6a5 mt76: connac: move mt76_connac_tx_free in shared code c42d45278fa5 mt76: connac: move mt76_connac_tx_complete_skb in shared code 0993f4ef96f8 mt76: connac: move mt76_connac_write_hw_txp in shared code 467960fab791 mt76: connac: move mt7615_txp_skb_unmap in common code 2e758064b085 mt76: mt7915: rely on mt76_connac_tx_free 2065a7901671 mt76: move mcu_txd/mcu_rxd structures in shared code 576c1b7c472b mt76: move mt76_connac2_mcu_fill_message in mt76_connac module 7275f7758090 mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx
Signed-off-by: Felix Fietkau <nbd@nbd.name> (commit: a703f9e)
Flashing instructions: * ssh into target device with recent (>= v1.6.0) firmware * run `cliclientd stopcs` on target device * upload factory image via web interface
Debricking: To recover the device, you need access to the serial port. This requires fine soldering to test points, or the use of probe pins. * Open the case and solder wires to the test points: RXD, TXD and TPGND4 * Use a 3.3V UART, 115200 baud, 8n1 * Interrupt bootloader by holding ctrl+B during boot * upload initramfs via built-in tftp client and perform sysupgrade setenv ipaddr 192.168.1.1 # default, change as required setenv serverip 192.168.1.10 # default, change as required tftp 0x80800000 initramfs.bin bootelf $fileaddr
MAC addresses: MAC address (as on device label) is stored in device info partition at an offset of 8 bytes. ath9k device has same address as ethernet, ath10k uses address incremented by 1. From stock ifconfig:
ath0 Link encap:Ethernet HWaddr D8:...:2E ath10 Link encap:Ethernet HWaddr D8:...:2F br0 Link encap:Ethernet HWaddr D8:...:2E eth0 Link encap:Ethernet HWaddr D8:...:2E
Signed-off-by: Paul Maruhn <paulmaruhn@posteo.de> Co-developed-by: Philipp Rothmann <philipprothmann@posteo.de> Signed-off-by: Philipp Rothmann <philipprothmann@posteo.de> [Add pre-calibraton nvme-cells] Tested-by: Tido Klaassen <tido_ff@4gh.eu> Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 7e4de89)
realtek: make Netgear GS1xx u-boot env partition writable
Make the u-boot environment partition for the NETGEAR GS108T v3 and GS110TPP writable (they share a DTS), so the values can be manipulated from userspace.
See https://forum.openwrt.org/t/57875/1567 for a real world example.
realtek: make "u-boot-env" partition writable for Netgear 3xx series
The Netgear GS3xx devices do not properly initialise the port LEDs during startup unless the boot command in U-Boot is changed. Making the U-Boot env partition writable allows this modification to be done from within OpenWrt by calling "fw_setenv bootcmd rtk network on\; boota".
Signed-off-by: Andreas Böhler <dev@aboehler.at> (commit: d9e12c2)
An alternative to kernel change would be runtime setup but that requires ethtool and identifying relevant network interface and all related switch ports interfaces.
Packet steering can improve NAT masquarade performance on Northstar by 40-50%. It makes reaching 940-942 Mb/s possible on BCM4708 (and obviously BCM47094 too). Add scripts setting up the most optimal Northstar setup.
Below are testing results for running iperf TCP traffic from LAN to WAN. They were used to pick up golden values.
Above tests were performed with all eth0 interrupts handled by CPU0. Setting "echo 2 > /proc/irq/38/smp_affinity" was tested on BCM4708 but it didn't increased speeds (just required different steering):
ramips: mt7621-dts: fix claiming rgmii2 pin group for EdgeRouter X SFP
For a TX->TX connected external phy to transmit/receive data, the rgmii2 pin group needs to be claimed with gpio function, at least for EdgeRouter X SFP. We already claim the pin group under the pinctrl node with gpio function on the gpio node on mt7621_ubnt_edgerouter-x.dtsi.
However, we should claim a pin group under its consumer node. It's the ethernet node in this case, which we already claim the rgmii2 pin group under it on mt7621.dtsi. Therefore, set the function as gpio on the rgmii2 node for EdgeRouter X SFP and get rid of claiming the rgmii2 pin group under the pinctrl node. With this change, we also get to remove a definition from mt7621_ubnt_edgerouter-x.dtsi which is specific to EdgeRouter X SFP.
ramips: force ZyXEL NR7101 to boot from "Kernel" partition
Make sure BootingFlag points to the system partition we install to.
The BootingFlag variable selects which system partition the system boots from (0 => "Kernel", 1 => "Kernel2"). OpenWrt does not yet have device specific support for this dual image scheme, and can therefore only boot from "Kernel".
This has not been an issue until now, since all known OEM firmware versions have ignored "Kernel2" - leaving the BootingFlag fixed at 0. But the newest OEM firmware has a new upgrade procedure, installing to the "inactive" system partition and setting BootingFlag accordingly.
This workaround is needed until the dual image scheme is fully supported.
Add support for LEDs of the CZ.NIC Turris Omnia using the upstream driver.
There is no generic way to control the LEDs in UCI manner, however the kernel module is the first step to actually use the RGB LEDs in custom logic.
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de> (removed DMARC notice, added driver to Turris Omnia, moved module recipe to target/linux/mvebu/modules.mk) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: f8fa38c)
This updates prereq-build.mk to find a suitable realpath utility, and adds another place to look for a suitable getopt utility.
realpath has been used most notably by scripts/ipkg-build since commit bb95be9265a9 ("scripts,ipkg-build: use realpath for pkg_dir") and there are assorted other uses of it during a build. It is ordinarily provided by GNU coreutils. This adds a SetupHostCommand to locate it either under its own name or under grealpath, the name that it will be available as under MacPorts or Homebrew, which use --program-prefix=g.
Similarly, update the SetupHostCommand for getopt to be able to locate a util-linux getopt at the default path used by MacPorts, in the same fashion that commit cc16f5d73e77 ("build: try to find getopt in macOS homebrew's standard location")' did for Homebrew. As there is no standard alternative --program-prefix for util-linux utilities in the way that GNU packages often use a "g" prefix, this path-based approach is required in case a non-util-linux getopt (such as one provided by an OS) shadows the util-linux getopt in the PATH.
Signed-off-by: Mark Mentovai <mark@moxienet.com> (commit: f614332)
ath79: switch some RedBoot based devices to OKLI loader
After the kernel has switched version to 5.10, JA76PF2 and RouterStations lost the capability to sysupgrade the OpenWrt version. The cause is the lack of porting the patches responsible for partial flash erase block writing and these boards FIS directory and RedBoot config partitions share the same erase block. Because of that the FIS directory can't be updated to accommodate kernel/rootfs partition size changes. This could be remedied by bootloader update, but it is very intrusive and could potentially lead to non-trivial recovery procedure, if something went wrong. The less difficult option is to use OpenWrt kernel loader, which will let us use static partition sizes and employ mtd splitter to dynamically adjust kernel and rootfs partition sizes. On sysupgrade from ath79 19.07 or 21.02 image, which still let to modify FIS directory, the loader will be written to kernel partition, while the kernel+rootfs to rootfs partition.
The caveats are: * image format changes, no possible upgrade from ar71xx target images * downgrade to any older OpenWrt version will require TFTP recovery or usage of bootloader command line interface
To downgrade to 19.07 or 21.02, or to upgrade if one is already on OpenWrt with kernel 5.10, for RouterStations use TFTP recovery procedure. For JA76PF2 use instructions from this commit message: commit 0cc87b3bacee ("ath79: image: disable sysupgrade images for routerstations and ja76pf2"), replacing kernel image with loader (loader.bin suffix) and rootfs image with firmware (firmware.bin suffix).
Fixes: b10d6044599d ("kernel: add linux 5.10 support") Fixes: 15aa53d7ee65 ("ath79: switch to Kernel 5.10") Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com> (mkubntimage was moved to generic-ubnt.mk) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 5c142aa)
Don't comence the switch to RAMFS when the image format is wrong. This led to rebooting the device, which could lead to false impression that upgrade succeded. Being here, factor out the code responsible for upgrading RedBoot devices to separate file.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com> (commit: 5897c52)
ath79: ja76pf2: use nvmem cells to specify MAC addresses
The bootloader on this board hid the partition containig MAC addresses and prevented adding this space to FIS directory, therefore those had to be stored in RedBoot configuration as aliases to be able to assigne them to proper interfaces. Now that fixed partition size are used instead of redboot-fis parser, the partition containig MAC addresses could be specified, and with marking it as nvmem cell, we can assign them without userspace involvement.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com> (commit: b52719b)
This image is supposed to be written with help of bootloader to the flash, but as it stands, it's not aligned to block size and RedBoot will happily create non-aligned partition size in FIS directory. This could lead to kernel to mark the partition as read-only, therefore pad the image to block erase size boundary.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com> (commit: 9decd2a)
ath79: bsap18x0: specify FIS directory location in dts
The redboot-fis parser has option to specify the location of FIS directory, use that, instead of patching the parser to scan for it, and specifying location in kernel config.
Tested-by: Brian Gonyer <bgonyer@gmail.com> Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com> (commit: ecf936a)
87fdf683 build: Bump version to 1.0.3 c4ec825b nft: simplify chain lookup in do_list_chain 4f6724f1 intervals: fix compilation --with-mini-gmp 4c20fe95 json: update json output ordering to place rules after chains 57741350 netlink_delinearize: release last register on exit d6fdb0d8 sets_with_ifnames: add test case for concatenated range 88b2345a segtree: add pretty-print support for wildcard strings in concatenated sets 806ab081 netlink: swap byteorder for host-endian concat data c224aa6b intervals: deletion should adjust range not yet in the kernel ea1f1c9f optimize: memleak in statement matrix 0a6dbfce optimize: merge nat rules with same selectors into map 743b0e81 optimize: do not clone unsupported statement c8b35039 optimize: incorrect logic in verdict comparison fc4da141 src: fix always-true assertions d1289bff intervals: set on EXPR_F_KERNEL flag for new elements in set cache 721b9dec tests: add concat test case with integer base type subkey 22b750aa src: allow use of base integer types as set keys in concatenations 3ed9fada intervals: build list of elements to be added from cache e45b4939 intervals: fix deletion of multiple ranges with automerge 3b7b22ae intervals: add elements with EXPR_F_KERNEL to purge list only ea31855d netlink: remove unused argument from helper function 48204bd7 intervals: Simplify element sanity checks ab1b21be intervals: unset EXPR_F_KERNEL for adjusted elements e0beff27 src: restore interval sets work with string datatypes 3e8d934e intervals: support to partial deletion with automerge 7a6e1604 evaluate: allow for zero length ranges 3da9643f intervals: add support to automerge with kernel elements 7b061e63 mnl: update mnl_nft_setelem_del() to allow for more reuse fdb8e0ff src: remove rbtree datastructure 81e36530 src: replace interval segment tree overlap and automerge f1cc44ed src: add EXPR_F_KERNEL to identify expression in the kernel ad43b84e segtree: add support for get element with sets that contain ifnames 06db2308 segtree: use correct byte order for 'element get' 4c6681a7 tests: add testcases for interface names in sets 5e393ea1 segtree: add string "range" reversal support 2fb4d7ea src: make interval sets work with string datatypes 403936c1 evaluate: string prefix expression must retain original length ada50f84 segtree: split prefix and range creation to a helper function ae7d32fc evaluate: keep prefix expression length d2b23984 evaluate: make byteorder conversion on string base type a no-op c36ecfc2 tests: py: Add meta time tests without 'meta' keyword 6fa4ff56 tests: py: Don't colorize output if stderr is redirected f561a0cc tests: monitor: Hide temporary file names from error output 75fea8a5 tests: py: extend meta time coverage 4460b839 meta: fix compiler warning in date_type_parse() 02100978 meta: time: use uint64_t instead of time_t 4e0026dc include: add missing `#include` ab74fb5b examples: add .gitignore file bcad4761 tests: py: add inet/vmap tests 214494aa optimize: Restore optimization for raw payload expressions 82762ab6 src: allow to use integer type header fields via typeof set declaration 64bb3f43 src: allow to use typeof of raw expressions in set declaration ff0f30e3 expression: typeof verdict needs verdict datatype 60f5c107 src: copy field_count for anonymous object maps as well 4cf97abf rule: Avoid segfault with anonymous chains 4e718641 evaluate: init cmd pointer for new on-stack context 1ea71c23 optimize: do not assume log prefix 3f36cc6c optimize: do not merge unsupported statement expressions 19960c8d optimize: incorrect assert() for unexpected expression type 3de1dbd2 optimize: more robust statement merge with vmap 99eb4696 optimize: fix vmap with anonymous sets e8f0fa21 scanner: Fix for ipportmap nat statements 59d184be scanner: dup, fwd, tproxy: Move to own scopes 069a0450 scanner: meta: Move to own scope 2165324d scanner: at: Move to own scope a67fce7f scanner: nat: Move to own scope 578467c1 scanner: policy: move to own scope a1669709 scanner: flags: move to own scope 020372d9 scanner: reject: Move to own scope 543bf3c2 scanner: import, export: Move to own scopes 88105810 scanner: reset: move to own Scope 8a7e430a scanner: monitor: Move to own Scope e5547017 scanner: rt: Extend scope over rt0, rt2 and srh 04c95f14 scanner: type: Move to own scope 62a95698 scanner: dst, frag, hbh, mh: Move to own scopes a060d912 scanner: ah, esp: Move to own scopes 4e215fdf scanner: osf: Move to own scope 5166b298 scanner: dccp, th: Move to own scopes 3e04a6e2 scanner: udp{,lite}: Move to own scope bbdcfbfa scanner: comp: Move to own scope. 232f2c32 scanner: synproxy: Move to own scope 26b53653 scanner: tcp: Move to own scope f5722119 scanner: igmp: Move to own scope a7d8cca9 scanner: icmp{,v6}: Move to own scope 5d837d27 src: add tcp option reset support 1d507ce7 build: explicitly pass --version-script to linker e98a9b83 libnftables.map: export new nft_ctx_{get,set}_optimize API 9eb98b3b tests: add test case for flowtable with owner flag 18a08fb7 examples: compile with `make check' and add AM_CPPFLAGS
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 8704e75)
This is now built-in, enable so it won't propagate on target configs.
Link: https://lkml.org/lkml/2022/1/3/168 Fixes: 79e7a2552e89 ("kernel: bump 5.15 to 5.15.44") Fixes: 0ca93670693b ("kernel: bump 5.10 to 5.10.119") Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com> (Link to Kernel's commit taht made it built-in, CRYPTO_LIB_BLAKE2S[_ARM|_X86] as it's selectable, 5.10 backport) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 539e605)
mac80211: brcmfmac: allow setting MAC from NVMEM cells
The MAC can be stored in OTP memory or in flash memory, currently the driver could read it only from OTP. Backport the patch allowing setting the MAC address from flash. Some modules have the OTP programmed but the ODM/OEM decided to overwrite it with value stored in flash.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com> (commit: 946e42e)
It was observed that `rootfs_data` was sometimes not correctly erased after performing sysupgrade, resulting in previous settings to prevail.
Add call to `wrgg-pad-rootfs` in sysupgrade image recipe to ensure any previous jffs2 will be wiped, consistent with DAP-2610 from the ipq40xx target, which introduced the double-flashing procedure for these devices.
Signed-off-by: Sebastian Schaper <openwrt@sebastianschaper.net> (commit: f770c33)
1696f9eb8b40 mt76: mt7915: do not copy ieee80211_ops pointer in mt7915_mmio_probe a4db5869d660 mt76: mt7915: update mpdu density in 6g capability 500c18014d95 mt76: mt7915: add sta_rec with EXTRA_INFO_NEW for the first time only 3ef66fc7c714 mt76: do not check the ccmp pn for ONLY_MONITOR frame dd682eead016 mt76: mt7915: update the maximum size of beacon offload 4fb991f2c997 mt76: mt7615: add sta_rec with EXTRA_INFO_NEW for the first time only ba39ed3b44f1 mt76: mt76x02: improve reliability of the beacon hang check fd8211cf7c59 mt76: mt7921: sync with updated patch f2edd340ddb4 mt76: allow receiving frames with invalid CCMP PN via monitor interfaces b6e865e2cc70 mt76: mt7615: fix throughput regression on DFS channels
Signed-off-by: Felix Fietkau <nbd@nbd.name> (commit: 29ed58c)
Restore CONFIG_I8K + CONFIG_INTEL_INT0002_VGPIO that got removed when I refreshed the config. Each x86 target gets its own CONFIG_CRYPTO_BLAKE2S + LIB settings as only the x86_64 can use the accelerated x86 version.
Also remove two extra spaces that sneaked into geode's config.
Tim Small reported: | Viewing the 'Network' -> 'Switch' config page in LuCI: | | The LuCI LAN 1 port corresponds to the port physically | labelled 2 at the rear of the device. | [...] | | When a patch cord is attached to the port labelled 1 [...], | the LED labelled 2 illuminates. [...]
=> Ports, LuCI and LEDs are reversed/don't match.
Reported-by: Tim Small Fixes: #10111 Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 3648360)
Specifications: - Device: ASUS RT-AX53U - SoC: MT7621AT - Flash: 128MB - RAM: 256MB - Switch: 1 WAN, 3 LAN (10/100/1000 Mbps) - WiFi: MT7905 2x2 2.4G + MT7975 2x2 5G - Ports: USB 3.0 - LEDs: 1x POWER (blue, configurable) 3x LAN (blue, configurable) 1x WAN (blue, configurable) 1x USB (blue, not configurable) 1x 2.4G (blue, not configurable) 1x 5G (blue, not configurable)
Flash by U-Boot TFTP method: - Configure your PC with IP 192.168.1.2 - Set up TFTP server and put the factory.bin image on your PC - Connect serial port(rate:115200) and turn on AP, then interrupt "U-Boot Boot Menu" by hitting any key Select "2. Upgrade firmware" Press enter when show "Run firmware after upgrading? (Y/n):" Select 0 for TFTP method Input U-Boot's IP address: 192.168.1.1 Input TFTP server's IP address: 192.168.1.2 Input IP netmask: 255.255.255.0 Input file name: openwrt-ramips-mt7621-asus_rt-ax53u-squashfs-factory.bin - Restart AP aftre see the log "Firmware upgrade completed!"
Signed-off-by: Chuncheng Chen <ccchen1984@gmail.com> (replaced led label, added key-* prefix to buttons, added note about BBT) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 8c00fd9)
ramips: add support for Asus RT-N12+ B1 and RT-N300 B1
Asus RT-N12+ B1 and Asus RT-N300 B1 are the same device with a different name.
The OEM firmwares have the same MD5 with Asus RT-N11P B1.
Same instructions for Asus RT-N11P B1 see: commit c3dc52e39ac8 ("ramips: add support for Asus RT-N10P V3 / RT-N11P B1 / RT-N12 VP B1")
Signed-off-by: Semih Baskan <strstgs@gmail.com> (Added id from the PR review to commit message) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 530c0a2)
Add support for the Engenius EWS2910P PoE switch. This is an RTL8380 based switch with two SFP slots, and PoE 802.3af one every RJ-45 port.
The specs say 802.3af, but the vendor firmware configures the PSE for a budget of 31W, indicating 802.3at support.
Specifications: --------------- * SoC: Realtek RTL8380M * Flash: 32 MiB SPI flash Macronix MX25L25635E * RAM: 256 MiB (As reported by bootloader) * Ethernet: 16x 10/100/1000 Mbps with PoE 2x SFP slots * Buttons: 1 "Reset" button on front panel 1 "LED mode: button on front panel 1 "On/Off" Toggle switch on the back * Power: 48V-54V DC barrel jack * UART: 1 serial header (JP1) with populated 2.54mm pitch header Labeled GRTV for ground, rx, tx, and 3.3V respectively * PoE: 1 STM ST32F100 microcontroller 2 BCM59111 PSE chips Works: ------ - (8) RJ-45 ethernet ports - Switch functions - LEDs and buttons
Not yet enabled: ---------------- - SFP ports (will be enabled in a subsequent change) - Power-over-Ethernet (requires realtek-poe package)
Install via web interface: -------------------------
The factory firmware will accept and flash the initramfs image. It is recommended to flash to "Partition 0". Flashing to "Partition 1" is not supported at this point.
The factory web GUI will show the following warning:
" Warning: The firmware version is v0.00.00-c0.0.00 The firmware image you are uploading is older than the current firmware of the switch. The device will reset back to default settings. Are you sure you want to proceed?"
This is expected when flashing OpenWrt. After the initramfs image boots, flash the -sysupgrade using either the commandline or LuCI.
Install via serial console/tftp: --------------------------------
The u-boot firmware will not stop the boot, regardless of which key is pressed. To access the u-boot console, ground out the CLK (pin 16) of the ROM (U22) when u-boot is reading the linux image. If timed correctly, the image CRC will fail, and u-boot will drop to a shell: > rtk network on > setenv ipaddr <address of tftp server> > tftp $(freemem) <name-of-initramfs-image.bin> > bootm
Then flash the -sysupgrade using either the commandline or luci.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> [gpio-led node names, OpenWrt and LuCI capitalization in commit message] Signed-off-by: Sander Vanheule <sander@svanheule.net> (commit: 2cfaab4)
realtek: EnGenius EWS2910P: add support for SFP ports
The SFP cages 9F and 10F share the same SCL line. Currently, there isn't a good way to model this. Thus, only one SFP port can be fully supported.
Cage 10F is fully supported with an I2C bus and sfp handle. Linux automatically handles enabling or disabling the TX laser.
Cage 9F is only parially supported, without the sfp handle. The SDA line is hogged as an input, so that it remains high. SCL transitions sould not affect modules connected to this cage. The default value of the tx-disable line is high (active). It is exported as a gpio, but the laser is off by default. To enable the laser:
echo 0 > /sys/class/gpio/sff-p9-tx-disable/value
Thus, both modules can be used for networking, but only 10F will be able to detect and identify a plugged in SFP module.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> (commit: 4d1fc89)
This reverts the airtime scheduler back from the virtual-time based scheduler to the deficit round robin scheduler implementation. This reduces burstiness and improves fairness by improving interaction with AQL.
Signed-off-by: Felix Fietkau <nbd@nbd.name> (commit: 6d49a25)
Setting up DSA bond silently fails if mode is not 802.3ad. Add log message to fix it. As we are already here harmonize all logging messages in the add/delete functions.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de> (commit: 78b7be9)
WolfSSL is crashing with an illegal opcode in some x86_64 CPUs that have AES instructions but lack other extensions that are used by WolfSSL when AES-NI is enabled.
Disable the option by default for now until the issue is properly fixed. People can enable them in a custom build if they are sure it will work for them.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (commit: 0bd5367)
9eabf30 Release version 5.18. 2b3ddcb ethtool: fec: Change the prompt string to adapt to current situations d660dde pretty: add missing message descriptions for rings aaeb16a pretty: support u8 enumerated types 6b320b8 rings: add support to set/get cqe size 41fddc0 update UAPI header copies 42e6c28 help: fix alignment of rx-buf-len parameter e1d0a19 ethtool.8: Fix typo in man page 37f0586 Release version 5.17. 8c2984c strset: do not put a pointer to a local variable to nlctx 8fd02a2 ioctl: add the memory free operation after send_ioctl call fails b9f25ea ethtool: Add support for OSFP transceiver modules 6e79542 features: add --json support 5ed5ce5 Merge branch 'next' into master b90abbb man: document recently added parameters 51a9312 tunables: add support to get/set tx copybreak buf size a081c2a rings: add support to set/get rx buf len d699bab Merge branch 'master' into next 52db6b9 Merge branch 'review/module-extstate' into next 6407b52 monitor: add option for --show-module/--set-module 1f35786 ethtool: Add transceiver module extended state 2d4c5b7 ethtool: Add ability to control transceiver modules' power mode 005908b Update UAPI header copies
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: fe5d3a4)
lantiq,bus-clock, interrupt-map-mask and interrupt-map are already defined with these exact values in vr9.dtsi. Drop them from vr9_tplink_tdw8980.dts to just have one place where these are maintained.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> (commit: 9d06e5a)
Enable ath10k offload by default. This improves wireless performance without requiring user configuration. This adds ath10k_core to the AUTOLOAD section so that the frame_mode paramter can be added to /etc/modules.d and passed to the driver. The frame_mode 2 enables ethernet mode on the firmware/driver. This parameter is set by passing a different value to the frame_mode value on kmod insmod. Link to the original patchset: https://patchwork.kernel.org/project/linux-wireless/cover/20220516032519.29831-1-ryazanov.s.a@gmail.com/
The support-list partition for the EAP225-V3 board ID became larger than the allocated size, resulting in factory image generation for the EAP225-Outdoor v3 and EAP225 v3 to fail. The make directive Build/tplink-safeloader ignores this failure however, resulting in a seemingly successful build with empty factory images.
Included changes: e609c5d75186 tplink-safeloader: drop unqualified EAP225-V3 IDs
In Linux v5.14 an extra feature was introduced for the RTL8211F phy, allowing to disable a clock output from the phy. Part of that patch is to always (soft) reset the phy upon initialisation.
This phy reset is required to have a working ethernet on the TP-Link EAP225-Outdoor v3 and EAP225 v4 after a reboot. Otherwise the ethernet port will only function properly on cold boots.
Tested-by: Andre Klärner <kandre@ak-online.be> # EAP225-Outdoor v3 Tested-by: Sven Hauer <sven.hauer+github@uniku.de> # EAP225 v4 Signed-off-by: Sander Vanheule <sander@svanheule.net> (commit: 7bf73e2)
Multi Band Operation aka Agile Multiband introduces new Transition and Transition Rejection Reason Codes that should improve client steering. Add a config symbol to enable it, and enable it by default for the full variants.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: David Bauer <mail@david-bauer.net> (commit: 48c3210)
Introduce a new option background_radar to toggle hostapd's background radar feature. Enabling this allows DFS CAC to run on dedicated radio RF chains while the radio(s) are otherwise running normal AP activities on other channels.
As OpenWrt configures hostapd to use a channel list even when a single channel is configured, using this feature requires a list of channels in /etc/config/wireless. Alternatively, channel can be set to auto.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: David Bauer <mail@david-bauer.net> (commit: f2982bc)
When ACS or DFS end up selecting channel 144 or higher, some clients might no longer be able to communicate with the AP due to the TX power being limited to 13 dBm. Setting min_tx_power to 20 will result in hostapd not considering these channels during ACS or after a DFS event.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: David Bauer <mail@david-bauer.net> (commit: d2d5aab)
Flashing instructions: * ssh into target device and run `cliclientd stopcs` * Upgrade with factory image via web interface
Debricking: * Serial port can be soldered on PCB J4 (1: TXD, 2: RXD, 3: GND, 4: VCC) * Bridge unpopulated resistors R225 (TXD) and R237 (RXD). Do NOT bridge R230. * Use 3.3V, 115200 baud, 8n1 * Interrupt bootloader by holding CTRL+B during boot * tftp initramfs to flash via LuCI web interface setenv ipaddr 192.168.1.1 # default, change as required setenv serverip 192.168.1.10 # default, change as required tftp 0x80800000 initramfs.bin bootelf $fileaddr
MAC addresses: MAC address (as on device label) is stored in device info partition at an offset of 8 bytes. ath9k device has same address as ethernet, ath10k uses address incremented by 1.
Signed-off-by: Sven Hauer <sven.hauer+github@uniku.de> (commit: 7e21ce8)
Enabling mbo by default on 802.11ax devices breaks for encryption types that do not enable 802.11w by default. Disable mbo by default to fix this. Enabling mbo by default on 802.11ax devices was not explained in the commit message anyway.
The cameo header is a 0x40-byte header used by D-Link DGS 1210 switches and Apresia ApresiaLightGS series. cameo-imghdr.py is a clean-room reimplementation of imghdr present in the DGS-1210-28-GPL package.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> [fix board_version argument's help text] Signed-off-by: Sander Vanheule <sander@svanheule.net> (commit: 2fd66e0)
DGS-1210 switches support dual image, with each image composed of a kernel and a rootfs partition. For image1, kernel and rootfs are in sequence. The current OpenWrt image (written using a serial console), uses those partitions together as the firmware partition, ignoring the partition division. The current OEM u-boot fails to validate image1 but it will only trigger firmware recovery if both image1 and image2 fail, and it does not switch the boot image in case one of them fails the check.
The OEM factory image is composed of concatenated blocks of data, each one prefixed with a 0x40-byte cameo header. A normal OEM firmware will have two of these blocks (kernel, rootfs). The OEM firmware only checks the header before writing unconditionally the data (except the header) to the correspoding partition.
The OpenWrt factory image mimics the OEM image by cutting the kernel+rootfs firmware at the exact size of the OEM kernel partition and packing it as "the kernel partition" and the rest of the kernel and the rootfs as "the rootfs partition". It will only work if written to image1 because image2 has a sysinfo partition between kernel2 and rootfs2, cutting the kernel code in the middle.
Steps to install:
1) switch to image2 (containing an OEM image), using web or these CLI commands: - config firmware image_id 2 boot_up - reboot 2) flash the factory_image1.bin to image1. OEM web (v6.30.016) is crashing for any upload (ssh keys, firmware), even applying OEM firmwares. These CLI commands can upload a new firmware to the other image location (not used to boot): - download firmware_fromTFTP <tftpserver> factory_image1.bin - config firmware image_id 1 boot_up - reboot
To debrick the device, you'll need serial access. If you want to recover to an OpenWrt, you can replay the serial installation instructions. For returning to the original firmware, press ESC during the boot to trigger the emergency firmware recovery procedure. After that, use D-Link Network Assistant v2.0.2.4 to flash a new firmware.
The device documentation does describe that holding RESET for 12s trigger the firmware recovery. However, the latest shipped U-Boot "2011.12.(2.1.5.67086)-Candidate1" from "Aug 24 2021 - 17:33:09" cannot trigger that from a cold boot. In fact, any U-Boot procedure that relies on the RESET button, like reset settings, will only work if started from a running original firmware. That, in practice, cancels the benefit of having two images and a firmware recovery procedure (if you are not consider dual-booting OpenWrt).
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> (commit: 1005dc0)
This patch provides support for the Firebox M300 only user-controllable bi-color LED, and makes the green "shield" LED act as the typical OpenWrt status led.
OpenWrt now uses firewall4 (nft) by default, so iptables should also default to nftables backend.
When multiple packages provide the same virtual package, opkg pick the first one by alphabetical order, so we rename iptables-legacy to iptables-zz-legacy and add iptables-legacy in PROVIDES.
We also need to remove IPTABLES_NFTABLES config as this cause recursive dependencies.
MAC addresses as verified by OEM firmware: use address source Lan/W5G *:B0 factory 0x8004 (label) W2G *:B4 factory 0x0
Installation:
Asus windows recovery tool:
install the Asus firmware restoration utility unplug the router, hold the reset button while powering it on release when the power LED flashes slowly specify a static IP on your computer: IP address: 192.168.1.75 Subnet mask 255.255.255.0 Start the Asus firmware restoration utility, specify the factory image and press upload Do not power off the device after OpenWrt has booted until the LED flashing. TFTP Recovery method:
set computer to a static ip, 192.168.1.2 connect computer to the LAN 1 port of the router hold the reset button while powering on the router for a few seconds send firmware image using a tftp client; i.e from linux: $ tftp tftp> binary tftp> connect 192.168.1.1 tftp> put factory.bin tftp> quit
Since 4e0c54bc5bc8 ("kernel: add support for kernel 5.4"), the spi-nor limit 4k erasesize to spi-nor chips below a configured size patch has not functioned as intended.
For uniform erasesize SPI-NOR devices, both nor->erase_opcode & mtd->erasesize are used in erase operations. These are set before, and not modified by, this CONFIG_MTD_SPI_NOR_USE_4K_SECTORS_LIMIT patch. Thus, an SPI-NOR device with CONFIG_MTD_SPI_NOR_USE_4K_SECTORS will always use 4k erasesize (where the device supports it).
If this patch was fixed to function as intended, there would be cases where devices change from a 4K to a 64K erasesize.
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au> (commit: ef69ab7)
ipq40xx: mikrotik: make RouterBoot partition writeable
Linux MTD requires the parent partition be writable for a child partition to be allowed write permission. In order for soft_config to be writeable (and modifiable via sysfs), the parent RouterBoot partition must be writeable
The MikroTik mAP-2nd (sold as mAP) is an indoor 2.4Ghz AP with 802.3af/at PoE input and passive PoE passthrough.
See https://mikrotik.com/product/RBmAP2nD for more details.
Specifications: - SoC: QCA9533 - RAM: 64MB - Storage: 16MB NOR - Wireless: QCA9533 802.11b/g/n 2x2 - Ethernet: 2x 10/100 ports, 802.3af/at PoE in port 1, 500 mA passive PoE out on port 2 - 7 user-controllable LEDs
Note: the device is a tiny AP and does not distinguish between both ethernet ports roles, so they are both assigned to lan. With the current setup, ETH1 is connected to eth1 and ETH2 is connected to eth0 via the embedded switch port 2.
Flashing: TFTP boot initramfs image and then perform sysupgrade. The "ETH1" port must be used to upload the TFTP image. Follow common MikroTik procedure as in https://openwrt.org/toh/mikrotik/common.
Tested-By: Andrew Powers-Holmes <aholmes@omnom.net> Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> (commit: e1223db)
uDPU DTS has pending upstream fixups, so backport those as well as split the DTS into a DTSI and DTS in preparation for euroDPU support which uses uDPU as the base.
Ethernet aliases have not yet been sent upstream but will be soon in order for U-boot to set the correct MAC on both ethernet interfaces instead of just one.
Since U-boot environment now has its own partition, update the envtools config script to search for it instead.
Patch hardcoding PHY mode is also not applicable anymore, so drop it and set in the uDPU DTS directly.
Signed-off-by: Robert Marko <robert.marko@sartura.hr> (commit: 7f73aca)
Add support for Methode euroDPU which is based on uDPU but does not have a second SFP cage, instead of which a Maxlinear G.hn IC is used.
PHY mode is set to 1000Base-X despite Maxlinear IC being capable of 2500Base-X since until 5.15 support for mvebu is available trying to use 2500Base-X will cause buffer overruns for which the fix is not easily backportable.
Installation instructions: 1. Boot the FIT initramfs image (openwrt-mvebu-cortexa53-methode_edpu-initramfs.itb) 2. sysupgrade using the openwrt-mvebu-cortexa53-methode_edpu-firmware.tgz
Signed-off-by: Robert Marko <robert.marko@sartura.hr> (commit: 57a38c8)
mac80211: add patch for mwifiex to fix cryptic errors/warnings
In Turris MOX SDIO card [1], which uses Marvell 88W997 and its driver mwifiex, you might get cryptic messages, which are not helpful to use. @pali created patch, which improves messages by the driver and he will send this to Linux kernel soon.
MAC addresses as verified by OEM firmware: use address source Lan/Wan/PLC *:10 art 0x1002 (label) 2G *:10 art 0x1000 5G *:14 art 0x5000
Important notes:
the PLC firmware has to be provided and copied manually onto the device! The PLC here has no dedicated flash, thus the firmware file has to be uploaded to the PLC controller at every system start the PLC functionality is managed by the script /etc/init.d/plc_basic, a very basic script based on the the one from Netadair (netadair dot de) Installation:
Asus windows recovery tool:
have to have the latest Asus firmware flashed before continuing! install the Asus firmware restoration utility unplug the router, hold the reset button while powering it on release when the power LED flashes slowly specify a static IP on your computer: IP address: 192.168.1.75 Subnet mask 255.255.255.0 start the Asus firmware restoration utility, specify the factory image and press upload do NOT power off the device after OpenWrt has booted until the LED flashing TFTP Recovery method:
have to have the latest Asus firmware flashed before continuing! set computer to a static ip, 192.168.1.75 connect computer to the LAN 1 port of the router hold the reset button while powering on the router for a few seconds send firmware image using a tftp client; i.e from linux: $ tftp tftp> binary tftp> connect 192.168.1.1 tftp> put factory.bin tftp> quit do NOT power off the device after OpenWrt has booted until the LED flashing Additional notes:
the pairing buttons have to have pressed for at least half a second, it doesn't matter on which plc device (master or slave) first it is possible to pair the devices without the button-pairing requirement simply by pressing reset on the slave device. This will default to the firmware settings, which is also how the plc_basic script is setting up the master device, i.e. configuring it to firmware defaults the PL-E56P slave PLC has its dedicated 4MByte SPI, thus it is capable to store all firmware currently available. Note that some other slave devices are not guarantied to have the capacity for the newer ~1MByte firmware blobs! To have a good overlook about the slave device, here are its specs: same QCA7500 PLC controller, same w631gg6kb-15 128MB RAM, 25L3233F 4MB SPI-NOR and an AR8035-A 1000M-Transceiver
MAC addresses as verified by OEM firmware: use address source Lan/W2G *:C8 art 0x1002 (label) 5G *:CC art 0x5006
Installation:
Asus windows recovery tool:
install the Asus firmware restoration utility unplug the router, hold the reset button while powering it on release when the power LED flashes slowly specify a static IP on your computer: IP address: 192.168.1.75 Subnet mask 255.255.255.0 Start the Asus firmware restoration utility, specify the factory image and press upload Do not power off the device after OpenWrt has booted until the LED flashing. TFTP Recovery method:
set computer to a static ip, 192.168.1.10 connect computer to the LAN 1 port of the router hold the reset button while powering on the router for a few seconds send firmware image using a tftp client; i.e from linux: $ tftp tftp> binary tftp> connect 192.168.1.1 tftp> put factory.bin tftp> quit
Due to licensing uncertainty, we do not include the firmwares for the wireless chips used in the Raspberry Pi Zero 2 W. To have working wireless, follow the instructions below.
Now build the OpenWrt image as usual, and it will include the firmware files in the correct location.
For people using ext4 images:
Write the ext4 image to the sdcard, then mount the 2nd partition and put the firmware files from the links above in /lib/firmware/brcm relative from the mount point where the partition is mounted.
For people using squashfs images:
Write the squashfs image to the sdcard, place it in the Raspberry Pi Zero 2 W, boot it and wait for the overlay filesystem to be created. Find the offset of the overlay filesystem in sysfs:
Shut down the device, unplug the power and move the SD card to a Linux computer. Mount the 2nd partition of the sdcard as a loop device with the offset found earlier.
sudo mount /dev/sdh2 -o loop,offset=25755648 /mnt/temp
Put the firmware files from the links above in /upper/lib/firmware/brcm relative to the mount point where the loop device is mounted.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Tested-by: Peter van Dijk <peter@7bits.nl> (commit: e9f9cd1)
Enable PowerPC Book-E Watchdog Timer support. Having this enabled in-kernel will result in procd starting it during boot.
This effectively solves the problem of the WDT in the Winbond W83793 chip potentially resetting the system during sysupgrade, which could result in an unbootable device. While the driver is modular, resulting in procd not starting the WDT during boot (because that happens before kmod load), the WDT handover during sysupgrade results in the WDT being started. This normally shouldn't be a problem, but the W83793 WDT does not like procd's defaults, nor the handover happening during sysupgrade.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net> [ add more details to the commit description and fix title ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: 5c04efd)
At least two AX820 hardware variants are known to exist, but they cannot be distinguished (same hardware revision, no specific markings).
They appear to have the same LED hardware, but wired differently:
- One has a red system LED at GPIO 15, a green wlan2g LED at GPIO 14 and a blue wlan5g LED at GPIO 16; - The other only offers a green system LED at GPIO 15, with GPIO 14 and 16 being apparently not connected
Finally, a Yuncore datasheet says the canonical wiring should be: - Blue wlan2g GPIO 14, green system GPIO 15, red wlan5g GPIO 16
All GPIOs are tied to a single RGB LED which is exposed via lightpipe on the device front casing.
Considering the above, this patch exposes all three LEDs, preserves the common system LED (GPIO 15) as the openwrt status LED, and removes the color information from the LEDs names since it is not consistent across hardware. The LED naming is made consistent with other YunCore devices. A note is added in DTS to ensure this information is always available and prevent unwanted changes in the future.
Fixes: #10131 "YunCore AX820: GPIO LED not correct"
It looks like rtl8366rb is used only by tplink_tl-wr1043nd-v1 and buffalo_wzr-hp-g300nh-rb. There is no need to have it built-in as it works as a loadable module.
Tested both failsafe and normal boot on tl-wr1043nd-v1. buffalo_wzr-hp-g300nh-rb was not tested.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> (commit: 575ec7a)
Fix the wps button to prevent wrongly detected recovery procedures. In the official banana pi r64 git the wps button is set to GPIO_ACTIVE_LOW and not GPIO_ACTIVE_HIGH.
Import patch to fix on boot unwanted recovery entering:
Press the [f] key and hit [enter] to enter failsafe mode Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level - failsafe button wps was pressed - - failsafe -
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 6686194)
realtek: EnGenius EWS2910P: declare and hog the poe-enable GPIO
GPIO 1 on the RTL8231 is used to force the PoE MCU to disable power outputs. It is not used by any driver, but if accidentally set low, PoE outputs are disabled. This situation is hard to debug, and requires knowledge of the Broadcom PoE protocol used by the MCU.
To prevent this situation, hog it as an output high. This is consistent with the ZyXel GS1900 series handles it.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> (commit: 36acb3d)
bcm53xx: use -falign-functions=32 for kernel compilation
Northstar SoCs have pretty small CPU caches and their performance is heavily affected by cache hits & misses. It means that all kind of random code changes can affect performance as they often reorganize (change alignment & possibly reorder) kernel symbols.
It was discussed in ARM / net mailinglists: 1. ARM router NAT performance affected by random/unrelated commits [1] [2] 2. Optimizing kernel compilation / alignments for network performance [3] [4]
It seems that -falign-functions can be used as a partial workaround. It doesn't solve all cases (e.g. documented watchdog one [5]) but it surely helps with many of them.
A complete long term solution may be PGO (profile-guided optimization) but it isn't available at this point.
hostapd: enable compilation of OCV and add build feature discovery
Operating Channel Validation (OCV) is a security feature designed to prevent person-in-the-middle multi-channel attacks. Compile the -basic and -full variants of hostapd with this feature, and enable discovery of this feature for future luci integration. OCV can be configured by setting ocv equal to one of the following values in the wireless config:
0 = disabled (hostapd/wpa_supplicant default) 1 = enabled 2 = enabled in workaround mode - Allow STA that claims OCV capability to connect even if the STA doesn't send OCI or negotiate PMF.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com> (commit: f60628f)
Operating Channel Validation (OCV) is a security feature designed to prevent person-in-the-middle multi-channel attacks. Compile -basic and -full variants with support for OCV. This feature can be configured in the wireless config by setting ocv equal to one of the following values:
0 = disabled (hostapd/wpa_supplicant default) 1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the driver indicates support for operating channel validation.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com> (commit: 442708d)
Installation ----------------- 1. Downgrade stock (Beeline) firmware to v.1.0.02; 2. Give factory OpenWrt image a shorter name, e.g. 1001.img; 3. Upload and update the firmware via the original web interface.
Remark: You might need make the 3rd step twice if your running firmware is booted from the Slot 1 (Sercomm0 bootflag). The stock firmware reverses the bootflag (Sercomm0 / Sercomm1) on each firmware update.
Revert to stock --------------- 1. Change the bootflag to Sercomm1 in OpenWrt CLI and then reboot: printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3 2. Optional: Update with any stock (Beeline) firmware if you want to overwrite OpenWrt in Slot 0 completely.
MAC Addresses ------------- +-----+-----------+---------+ | use | address | example | +-----+-----------+---------+ | LAN | label | *:16 | | WAN | label + 1 | *:17 | | 2g | label + 4 | *:1a | | 5g | label + 5 | *:1b | +-----+-----------+---------+ The label MAC address was found in Factory 0x21000
Notes ----- 1. The following scripts are required for the build: sercomm-crypto.py - already exists in OpenWrt sercomm-partition-tag.py - already exists in OpenWrt sercomm-payload.py - already exists in OpenWrt sercomm-pid.py - new, the part of this pull request sercomm-kernel-header.py - new, the part of this pull request 2. This device (same as other Sercomm S2,S3-based devices) requires special LZMA and LOADADDR settings for successful boot: LZMA_TEXT_START=0x82800000 KERNEL_LOADADDR=0x81001000 LOADADDR=0x80001000 3. This device (same as several other Sercomm-based devices - Beeline, Netgear, Etisalat, Rostelecom) has partition map (mtd1) containing real partition offsets, which may differ from device to device depending on the number and location of bad blocks on NAND. "fixed-partitions" is used if the partition map is not found or corrupted. This behavour (it's the same as on stock firmware) is provided by MTD_SERCOMM_PARTS module.
cacaa5f libnl-3.6.0 release 855c02f route/mdb: merge branch 'troglobit:mdb-dump-fixes' 930fc11 route/mdb: add support for MAC multicast entries 2d68caf route/mdb: add missing detils and stats dump callbacks d9ed99b nl-monitor: support for setting libnl debug level 4c41e0d nl-monitor: add missing --help to long_opts[] 7e96356 Check validation type against end of enum 4e153bc route/link: add VLAN bridge binding flag b7256d3 github: build unit tests also with "clang" 8111933 route: assert that "rtnl_link_info_ops" refcount does not drop below zero 4f5c846 lib: merge branch 'th/object-clone-fixes' d23fb81 lib: make nl_object_clone() out-of-memory safe 7f7452c route: fix ref counting for l_info_ops and io_clone() 620d024 route: drop unnecessary oo_clone() implementation from netconf 93a02eb netfilter: make log-msg,queue-msg setters robust against ENOMEM 23902d0 xfrm/sa: clone user_offload in xfrm_sa_clone() 29e5092 xfrm/sa: style cleanup xfrm_sa_clone() 14a9ebc utils: add internal _nl_memdup() helper 2e0d7f8 lib: add rtnl_link_info_ops_get() and take lock for rtnl_link_info_ops's io_refcnt e884286 lib: include <netlink-private/utils.h> in <netlink-private/netlink.h> 7d43191 tests: merge branch 'th/tests-netns' a7bbdab tests: add unit test for nl_object_clone() and nl_object_diff() fdb0121 tests: add new "netns" test suite 9102872 tests: add fixture/teardown for tests to run in separate netns 9a42798 tests: cleanup creating test suites 1fc3e07 tests: refactor tests and add n-test-util helper library 7a3d6e2 netlink: add _NL_N_ELEMENTS() macro 3da4f7d netlink: add _nl_streq()/_nl_streq0() helper 1ad8555 netlink: add _nl_auto_nl_socket cleanup macro c8a5729 lib: add _nl_close() helper 80868e6 clang-format: add ".clang-format" from linux kernel 2782ed3 github: build tests with "-std=gnu11" af59b9a github: split tests in separate steps c8f7902 build: add "check-progs" make target to build unit tests 23b4d33 route/cls: add TCA_FLOWER_KEY_VLAN_ETH_TYPE to "flower_policy" policy 1f8dc89 route/cls: return -NLE_INVAL in case rtnl_tc_data_peek() fails ef5f3eb route/cls: merge branch 'westermo:cls-flower' c385c84 route/cls: no need to copy simple fields in flower_clone() 79217d8 route/cls: make output pointers in rtnl_flower_get_{src,dst}_mac() optional 64e0836 route/cls: adjust whitspace/indentation 5ac9ce3 route/cls: use SPDX-License-Identifier 1a1c4e5 route/cls: reorder fields in "struct rtnl_flower" and adjust indentation ef46de1 route/cls: add flower classifier f0aad20 route: merge branch 'pugo:master' d0cfecc route: make argument of rtnl_link_can_set_{bittiming,data_bittiming}() const 6a92268 route: add rtnl_link_can_set_data_bittiming_const() 841553b route: drop bitrate,sample-point getters/setters from can link 37998f7 route: rename rtnl_link_can_get_data_bt_const() to rtnl_link_can_get_data_bittiming_const() 96d3a6b route: fix adding rtnl_link_can_* symbols to symbol file 881e329 route: fix indentation 37c10ef route/link: add CAN FD support d56bf73 route/mdb: merge branch 'rubensfig:mdb' e0b2406 route/mdb: drop setting ifindex in mdb_clone() d78a6eb route/mdb: minor cleanup in "mdb.c" 57a6d51 route/mdb: drop extra MDB attributes and rework mdb_compare() 0b44562 route/mdb: hide rtnl_mdb_entry_alloc() from public API 1c65ff7 route/mdb: reorder fields in "rtnl_mdb_entry" for tighther packing 1ac5403 route/mdb: use nl_list_for_each_entry_safe() for destroying list in mdb_free_data() 92035e2 route/mdb: cleanup mdb.h header 6237621 build: sort file names in Makefile.am 0ec6c6c mdb: support bridge multicast database notification c980034 route/cls: merge branch 'westermo:classifier-api-extension' a694c33 route/cls: rename rtnl_cls_get{,_by_prio}() API to rtnl_cls_find_by{handle,prio}() 88a5138 route/cls: allow fetching of classifiers from cache 90577b5 route: merge branch 'TummyFish:master' 299f61a license: use SPDX license identifiers and drop license comments 05a540d ip6vti: Add fwmark API 41e4365 ip6gre: Add fwmark API ebc7df3 sit: Add fwmark API 8e1da8e ipip: Add fwmark API bda19be ip6_tnl: Add fwmark API cdc6c0f ipvti: Add fwmark API 2995710 ipgre: Add fwmark API d9dc6c2 ip6vti: Add IPv6 VTI support be86170 license: use SPDX license identifiers and drop license comments 919d9c6 route: merge branch 'westermo:fib-lookup' 1ff9b38 route/route: don't report failure when we receive a route in rtnl_route_lookup() 53bc27e route/route: support FIB lookups using rtnl ed76b9a build: sort files in Makefile.am 46b22c1 route/link: merge branch 'westermo:team-support' 586a6b6 build: fix new symbols in "libnl-route-3.sym" 831f125 route/link: add support for team device 6c59580 route/link: Move LINK_ATTR_IFNAME to a proper location f77cd25 route/netconf: full API export f59f443 build: add Libs.private field in libnl pkg-config file b3333e0 route/qdisc: allow fetching qdiscs by their kind 9a39188 netlink: merge branch 'michael-dev:feature/nflog-vlan-v3' a93fc5f nflog: add recent missing symbols to "libnl-nf-3.sym" 7b4df53 nflog: add missing symbols to "libnl-nf-3.sym" 8266436 nflog:add conntrack flag and enable flags for nflog 246904d nflog: add CT support 59fc1d7 nflog: add mac_header support c268c48 nflog: add vlan attribute 2548468 refresh linux/netfilter/nfnetlink_log.h with linux 5.4 4edffbd route/link: Add IPv6 GRE support 5d69587 route: add global sectin in "libnl-route-3.sym" d0cf3a9 neigh: support to add fdb entry 3bf0a9c cls:u32: fix u32_clone() function 3147d86 route:tc: fix rtnl_tc_clone() calling to_clone() and add comment c027e54 route:cls: fix dangling pointers in to_clone() implementations 47c04fb route:act: drop unnecessary implementations for to_clone() 79f7c9d tests: add test for cloning cls:u32 object b1caff8 github: run unit tests under valgrind 38b3be3 tests: cleanup tests and avoid leaks c2b94b9 lib: add more _nl_auto* cleanup macros 1f05e5a tests: replace libcheck's fail_if() macro by ck_assert*() 6341d89 log: fix typo in dumping msg bfee88b route: fix memory leak of l_info_ops in link_msg_parser() 431ba83 route: merge branch 'qbdwlr:mplsPR' cc680d4 route: add accessors for setting/getting ENCAP_MPLS attributes efe8aad route: remove incorrect nl_addr_valid() from rtnl_route_nh_set_newdst(), etc. 0688bc6 netfilter/ct: fix use of reply/orig for conntrack requests 5d92516 route: don't use internal bit mask constants in NLA_PUT in can_put_attrs() 6fe9418 lib: fix descriptions for nl_cache_pickup()/nl_cache_pickup_checkdup() d0d91c7 route: merge branch 't0mmmy90:check-if-nh-exists-while-updating-ipv6-multipath-route' 28a652b route: fix duplicate check for next hop for IPv6 multipath routes 03bfd2f route: check if nh exists while updating route 92c9237 ci: add github-actions 3d1fb00 tests/check-addr: replace deprecated fail_if() macro from libcheck with ck_assert_msg() d9cad53 xfrm: fix naming consistency in xfrmnl_sp_get_curlifetime() c0e82db cli: Add C++ linkage support 000a3bd yyerror: update to POSIX standard f865a99 xfrm: merge branch 'spellingmistake:master' 0306ae2 xfrm: fix libnl-xfrm-3.sym linker versioning 8950194 xfrm: ensure minlen in policy for XFRMA_OFFLOAD_DEV c8f33a4 xfrm: Add support for xfrm user offloading b6cc13d Supporting Hardware offload capability for MACsec 39944c6 route/link: check calloc() return value 12cc0aa zero stack allocated memory in xfrmnl_build_sa_delete_request 5f39502 merge branch 'bengal/coverity' 26f342d route/qdisc: handle error of calloc() d1a151e route/qdisc: fix memory leak in netem.c aa092d1 route/link: fix copy-paste error in geneve.c 30552e8 route/cls: fix cgroup's clone() function 764c30a route: let route/link join RTNLGRP_IPV6_IFINFO mcast group b24e833 doc: update link to mscgen-filter 0b5d17d addr: merge branch 'lcrestez-dn:dadfailed' 30924e7 tests: Add test for rtnl_addr_flags2str 5c05c75 addr: Add address flag `dadfailed` 2abeec8 xfrm: remove superfluous xfrm_userpolicy_id from dump request 5611487 lib/trivial: whitespace ab015e1 lib: merge branch 'th/object-identical-fix' 36b0894 lib: allow to compare incomplete objects in nl_object_identical() 5020077 lib: let nl_object_identical() declare the same object as identical 406ebc8 lib: fix using right compare mask in nl_object_diff64() 8637c70 lib/trivial fix indentation 4be6062 route/link: avoid cloning link policy in link_msg_parser() ba3c51c route/link: fix link_msg_parser() for using the af_ops of the link family f9d0181 lib: use proper int type for id attributes in nl_object_identical() 68b3431 lib: fix documentation of nl_cache_dump_filter to have @params optional 2375cde lib: fix spelling errors in "netlink/handlers.h" 3faf26c gitignore: fix ignoring check-direct build artifacts 47fb1c0 xfrm: remove superfluous xfrm_usersa_id from dump request 846d288 travis: install "check" in travis d64a0ec route: convert non-leading tabs to spaces in "include/netlink/route/link.h" aaefd92 route: add test for valid content of map_stat_id_from_IPSTATS_MIB_v2 array bab9e77 route/link: add RTNL_LINK_REASM_OVERLAPS stat bae11ec tests: add "check-direct" test 2d50b04 route: add "netlink-private/route/utils.h" header 9a52b3d gitignore: merge all gitignore files in top level directory 4c5f2d6 merge branch 'th/license-comment-cleanup' 2d3e690 license: update "doc/COPYING" license text 1389188 license: add SPDX license identifer to "configure.ac" files 503aa5e license: fix and add SPDX license identifiers and drop license comments 4333aef license: cleanup copyright comments 956635b license: fix SPDX license identifier for nl-auto.h 5614b4c lib: merge branch 'th/cleanup-errout' 17e09aa rtnl/route: use cleanup attribute in "lib/route/link.c" b50be8f rtnl/route: use cleanup attribute in "lib/route/route_obj.c" fca338b rtnl/route: fix NLE_NOMEM handling in parse_multipath() 2957d8f rtnl/link: fix leaking rtnl_link_af_ops in link_msg_parser() 77b4f68 rtnl/route: only consider negative error codes as error 6870ece lib: cleanup nla_parse() to return early on error a858a0b lib: use _nl_strncpy*() instead of plain strncpy() 018c694 lib: cleanup _nl_strncpy_assert() e97b990 lib: rename _nl_strncpy() to _nl_strncpy_assert() 5ffbc6f lib: add _NL_RETURN_*() helper macros abb7391 lib: add "include/netlink-private/nl-auto.h" header ecd15bc lib: add _nl_assert_not_reached() 9cc38dc lib/route: adjust coding style 01ea9a6 route/link: Check for null pointer in macvlan
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 3dbdfed)
64f2596 f2fs-tools: upgrade version 1.15.0 d9d5b11 f2fs-tools: build silently 299c0b5 fsck.f2fs: fix broken file_map output 3af62be f2fs-tools: show segment/section layout correctly 4d9c009 f2fs-tools: use android config only if there's no config.h 0b9b89f dump.f2fs: compress: fix dstlen of LZ4_compress_fast_extState() eee3969 mkfs.f2fs: check uuid library e5fe1a2 f2fs-tools: use fsync() in Android ea9921f f2fs-tools: support zoned device in Android a8fefc2 android_config.h: add missing liblz4 0c54cf7 libf2fs_io: add unused mactor to avoid build failure 6eebd13 ci: Enable -Wall, -Wextra and -Werror c491657 Fix PowerPC format string warnings 70e4139 Suppress a compiler warning about integer truncation 7a1206a Annotate switch/case fallthrough b964b79 Change #ifdef _WIN32 checks into #ifdef HAVE_.* 28de4d1 tools/f2fs_io: Fix the type of 'ret' fdff1ab fsck/segment.c: Remove dead code ede3bde fsck/main.c: Suppress a compiler warning 93c6483 tools/f2fscrypt.c: Fix build without uuid/uuid.h header file 559e60e fsck: Remove a superfluous include directive 98f7f56 mkfs/f2fs_format.c: Suppress a compiler warning ef011a4 configure.ac: Detect selinux/android.h 2e59ab8 configure.ac: Detect the sparse/sparse.h header 1790203 Fix the MinGW build ecd27dc Use %zu to format size_t 24663b6 Include <stddef.h> instead of defining offsetof() cdefef0 Move the be32_to_cpu() definition 1612bf9 Remove unnecessary __attribute__((packed)) annotations 7a5109f f2fs_fs.h: Use standard fixed width integer types e61203c Suppress a compiler warning 9425b47 Verify structure sizes at compile time 006bb13 Change one array member into a flexible array member cb4c5d6 ci: Build f2fstools upon push and pull requests f3033fb Change the ANDROID_WINDOWS_HOST macro into _WIN32 87d7a95 Switch from the u_int to the uint types c483354 configure.ac: Enable cross-compilation 3e97d07 configure.ac: Sort header file names alphabetically 91ba5e5 configure.ac: Enable the automake -Wall option ae65a15 configure.ac: Remove two prototype tests d24fd5c configure.ac: Stop using obsolete macros 6afcf64 libf2fs: don't allow mkfs / fsck on non power-of-2 zoned devices c7757ec man: update mkfs.f2fs to give the default android option 46e1b83 f2fs-tools: use proper 64bit types for PPC 97ce230 mkfs.f2fs: fix wrong indentation and clean up 0d3d26d mkfs.f2fs: set project quota by default for -g android for v4.14+ 1de1db8 f2fs-tools: add atomic write related options to f2fs_io write command 85cd72a mkfs.f2fs: set required quota types only 028af9f fsck.f2fs: Add progression feedback 972d710 fsck.f2fs: do not assert if i_size is missing i_blocks in symlink f63551b f2fs-tools: separate other bugs in fsck_verify ade81b9 f2fs-tools: remove false failure alarm when fixing quota 99bc497 f2fs-tools: fall back to the original version check when clock_gettime is not supported 1603a3d mkfs.f2fs: wipe other FS magics given -f 63d5004 fsck.f2fS: is_valid_summary(): check whether offset is out of bounds 3fd996c Avoid redefined ALIGN_UP 1edc138 fsck.f2fs: Update the usage about option of preen mode 49159df f2fs-tools: change fiemap print out format 8bcb58e f2fs_io: add rename w/ fsync option 9429e86 fsck.f2fs: add basic compress related check/fix 529967e f2fs-tools: make fiemap command in accordance with uapi 1228009 f2fs-tools: rebuild the quota inode if it is corrupted 9ee091e f2fs-tools: add periodic check in kernel version check 1bc7658 dump.f2fs: minor clean ups 69952e3 f2fs-tools: fix wrong value of reserve_new_block parameter in page_symlink 76d2a91 f2fs-tools: add extent cache for each file 8d464ee f2fs-tools: fix wrong file offset acd2518 fsck|dump.f2fs: add -M to get file map 027488e mkfs.f2fs: remove android features for RO e01ad31 f2fs-tools: fix metadata region overlap with zoned block device zones f3b93bf sload.f2fs: Reword "IMMUTABLE" in strings/comments 820b5e3 sload.f2fs: use F2FS_COMPRESS_RELEASED instead of IMMUTABLE bit 1d2683f f2fs-tools: support small RO partition a9594c6 fsck.f2fs: add "-l" to show the layout information 38e3115 f2fs_io: add to show immutable bit 6afd3e9 tools: Introduce f2fslabel 3218ff9 f2fs-tools: correct get kernel version logic 19d49b5 dump.f2fs: fix memory leak caused by dump_node_blk() 15d4d7b fsck.f2fs: fix memory leak caused by fsck_chk_orphan_node() 1900c22 mkfs.f2fs: fix memory leak in not enough segments error path 5cc365c resize.f2fs: fix memory leak caused by migrate_nat() 870915f f2fs_io: split definition check for crypto ioctl 91f9db2 fsck.f2fs: update kernel version in superblock on forced check 1531853 f2fs_io: Add get file name encryption mode 3bfcca8 f2fs-tool: increase debug level from 0 to 1 in migrate_block 5263ae2 resize.f2fs: fix to check free space before shrink 159752d resize.f2fs: fix wrong sit/nat bitmap during rebuild_checkpoint() 98e6463 resize.f2fs: add force option to rewrite broken calculation f056fbe resize.f2fs: fix wrong ovp calculation 80dba0f Add -P option to preserve file owner f0fda11 libf2fs: fix memory leak caused by get_rootdev() 5144f2f mkfs.f2fs: add VM disk files to hot data types 73c0871 libzoned: use blk_zone_v2 and blk_zone_report_v2 by default 9cb5150 f2fs-tools: fix wrong blk_zone_rep_v2 definition 15474db mkfs.f2fs: allocate zones together to avoid random access 316e128 mkfs.f2fs: adjust zone alignment when using multi-partitions cc57f2c fsck.f2fs: fix alignment on multi-partition support ff7172e f2fs-tools: Miscellaneous cleanup to README. 2b26417 mkfs.f2fs.8: Better document the -g argument. e05afe5 mkfs.f2fs.8: fix formatting for -l parameter in man page 747b74c f2fs-tools: Make sload.f2fs reproduce hard links b585244 f2fs-tools:sload.f2fs compression support 7b63f7b f2fs_io: add compress/decompress commands 457392a f2fs-tools: Added #ifdef WITH_func d322d47 f2fs-tools: fix a few spelling errors in f2fs-tools fcd5cd0 f2fs-tools: skipped to end on error syntax error 31d30f0 mkfs.f2fs: show a message when compression is enabled 1d4c7e7 f2fs_io: add get/set compression option 4bd7008 Fix ASSERT() macro with '%' in the expression ca0ed8a f2fs-toos: fsck.f2fs Fix bad return value c954e7c fsck.f2fs: do xnid sanity check only during fsck 1bfc173 f2fs_io: add erase option e59bb17 mkfs.f2fs.8: document the verity feature 8fd836f fsck: clear unexpected casefold flags 1a7415a mkfs.f2fs: add -h and --help 717d70d f2fs_io: change fibmap to fiemap
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 8b9e806)
Release Notes: - The libiconv library is now licensed under the LGPL version 2.1, instead of the LGPL version 2.0. The iconv program continues to be licensed under GPL version 3. - Added converters for many single-byte EBCDIC encodings: IBM-{037, 273,277,278,280,282,284,285,297,423,424,425,500,838,870,871,875}, IBM-{880,905,924,1025,1026,1047,1097,1112,1122,1123,1130,1132,1137, 1140}, IBM-{1141,1142,1143,1144,1145,1146,1147,1148,1149,1153,1154, 1155,1156,1157}, IBM-{1158,1160,1164,1165,1166,4971,12712,16804}. They are available through the configure option '--enable-extra-encodings'.
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 353d3ea)
Wednesday, June 9, 2021 by gharris Summary for 4.99.1 tcpdump release Source code: Squelch some compiler warnings ICMP: Update the snapend for some nested IP packets. MACsec: Update the snapend thus the ICV field is not payload for the caller. EIGRP: Fix packet header fields SMB: Disable printer by default in CMake builds OLSR: Print the protocol name even if the packet is invalid MSDP: Print ": " before the protocol name ESP: Remove padding, padding length and next header from the buffer DHCPv6: Update the snapend for nested DHCPv6 packets OpenFlow 1.0: Get snapend right for nested frames. TCP: Update the snapend before decoding a MPTCP option Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks ForCES: Refine SPARSEDATA-TLV length check. ASCII/hex: Use nd_trunc_longjmp() in truncation cases GeoNet: Add a ND_TCHECK_LEN() call Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES(). BGP: Fix overwrites of global 'astostr' temporary buffer ARP: fix overwrites of static buffer in q922_string(). Frame Relay: have q922_string() handle errors better. Building and testing: Rebuild configure script when building release Fix "make clean" for out-of-tree autotools builds CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH. Documentation: man: Update a reference as www.cifs.org is gone. [skip ci] man: Update DNS sections Solaris: Fix a compile error with Sun C
Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl. Summary for 4.99.0 tcpdump release CVE-2018-16301: For the -F option handle large input files safely. Improve the contents, wording and formatting of the man page. Print unsupported link-layer protocol packets in hex. Add support for new network protocols and DLTs: Arista, Autosar SOME/IP, Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand (IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS, ZigBee Encapsulation Protocol (ZEP). Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP, ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS, NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD, VXLAN-GPE. User interface: Make SLL2 the default for Linux "any" pseudo-device. Add --micro and --nano shorthands. Add --count to print a counter only instead of decoding. Add --print, to cause packet printing even with -w. Add support for remote capture if libpcap supports it. Display the "wireless" flag and connection status. Flush the output packet buffer on a SIGUSR2. Add the snapshot length to the "reading from file ..." message. Fix local time printing (DST offset in timestamps). Allow -C arguments > 2^31-1 GB if they can fit into a long. Handle very large -f files by rejecting them. Report periodic stats only when safe to do so. Print the number of packets captured only as often as necessary. With no -s, or with -s 0, don't specify the snapshot length with newer versions of libpcap. Improve version and usage message printing. Building and testing: Install into bindir, not sbindir. autoconf: replace --with-system-libpcap with --disable-local-libpcap. Require the compiler to support C99. Better detect and use various C compilers and their features. Add CMake as the second build system. Make out-of-tree builds more reliable. Use pkg-config to detect libpcap if available. Improve Windows support. Add more tests and improve the scripts that run them. Test both with "normal" and "x87" floating-point. Eliminate dependency on libdnet. FreeBSD: Print a proper error message about monitor mode VAP. Use libcasper if available. Fix failure to capture on RDMA device. Include the correct capsicum header. Source code: Start the transition to longjmp() for packet truncation handling. Introduce new helper functions, including GET_*(), nd_print_protocol(), nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others. Put integer signedness right in many cases. Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix alignment issues, especially on SPARC. Fix many C compiler, Coverity, UBSan and cppcheck warnings. Fix issues detected with AddressSanitizer. Remove many workarounds for older compilers and OSes. Add a sanity check on packet header length. Add and remove plenty of bounds checks. Clean up pcap_findalldevs() call to find the first interface. Use a short timeout, rather than immediate mode, for text output. Handle DLT_ENC files *not* written on the same OS and byte-order host. Add, and use, macros to do locale-independent case mapping. Use a table instead of getprotobynumber(). Get rid of ND_UNALIGNED and ND_TCHECK(). Make roundup2() generally available. Resync SMI list against Wireshark. Fix many typos.
Co-Developed-by: Ivan Pavlov <AuthorReflex@gmail.com> Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com> Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 86b0d3b)
ea4ea5e6 Document MacOS test workaround. b14fc902 Add missing file fat-arm64.c to tar file. 6720f433 Update config.guess and config.sub to latest versions. a2be57f0 NEWS entries for Nettle-3.8. bff9a605 Update version numbers, for nettle-3.8. 36386678 Fix comment typo e05fd5a9 Add ChangeLog entry for SM3 contribution. 8739faa8 Document cbc_aes128_encrypt, cbc_aes192_encrypt and cbc_aes256_encrypt. efb2ec7f Deleted the manual's incomplete and out of date list of authors. af38c91f New more accurate AUTHORS file. ba084efa Fix ChangeLog typo. 0fff3097 ChangeLog entries for s390x ghash update. 75b687a8 Fix comment typo. 5d0089ed Refactor s390x-specific code for new ghash organization 2aabd5e2 ppc: Update fat setup for new ghash organization. 8f5fddfb ppc: Update vpmsumd ghash to new organization. 1227381e Comment fix. 9939f866 arm64: Update fat setup for new ghash organization. ab62f731 Fix comment error b1645555 arm64: Update pclmul ghash to new organization. 6b80b889 Update fat setup for new ghash organization. d382fcc0 Delete _ghash_digest. d11c4cd9 x86_64: Update pclmul ghash to new organization. f79cc0c1 x86_64: Update table-based ghash to new organization. bdc2fc31 Move _ghash_digest. 1d438ad4 Refactor GCM C implementation. bdf820df New function block16_zero. d966ea0d Delete code for GCM_TABLE_BITS != 8. 60edc290 x86_64: Fat setup for GCM. be245313 Fix comment typo. f8fa4f1f x86_64: Initial implementation of gcm using the pclmulqdq instructions. 23f75f58 Rearrange gcm configuration defines, and add tests for internal functions. 483ccbc9 Add tests for edge cases in poly1305 digest folding. f3656a44 x86_64: Rewrite of poly1305 assembly. b7268727 ChangeLog entry for arm64 implementation of chacha. 1d4a985c ChangeLog entries for new ppc64 ecc files. 99be366f ecc: Add powerpc64 assembly for ecc_448_modp 53f7ae66 Move a comment. e643dcf1 ecc: Add powerpc64 assembly for ecc_25519_modp 741191d1 ecc: Add powerpc64 assembly for ecc_224_modp 4adcb4af Simplify poly1305-test, more use of tstring length. b48217c8 Add randomized tests of poly1305. dbf178c0 Arrange so that GMP or mini-gmp is always available for tests. 7d83510e ChangeLog entries for new ppc64 ecc files. 02bbf7d1 ecc: Add powerpc64 assembly for ecc_521_modp 2bc7dfad ecc: Add powerpc64 assembly for ecc_384_modp 9b6c0639 ecc: Add powerpc64 assembly for ecc_192_modp 39af7b2e [Arm64] Optimize Chacha20 c82876a5 [S390x] Alerting assembler of machine type 044d24b0 [S390x] Optimize Chacha20 94228f87 tests: Use inline function for dummy definition of test_randomize. 7926debe Share ecc point validation function in testutils.c. 25f73004 Whitespace cleanup 0ec184d8 ppc: Reduce number of registers used for ecc_secp256r1_redc. c7cf1939 ppc: New configure test for ELFV2_ABI f57640ea x86_64: Improved ecc_secp256r1_redc dd65a63e ChangeLog for previous change. ecd4eacf ppc: Add powerpc64 assembly for ecc_256_redc b2758f7c doc: documentation for SM3 hash 0ea74c02 Comment improvements for x86_64 ecc_secp256r1_redc 78aabc69 nettle-benchmark: bench SM3 hashes 7f77ccb4 hmac: add support for SM3 hash function e2edd9be testsuite: add test for SM3 hash function b72886e5 Add OSCCA SM3 hash algorithm d2e4e531 Delete function mpz_limbs_read_n. dd566239 Delete function mpz_limbs_cmp. 07d5e755 gitlab-ci: Enable randomized tests 64ce8c77 Randomize more tests a6f9bdeb Reduce allocation in modinv test 957482d9 Fix sqrt_ratio test for v = 0 case. 7f730943 Reduce allocation in sqrt tests 2c9a600d Move NETTLE_TEST_SEED logic to testutils.c. 48d61c28 Delete obsolete comment. ac95be13 Fix and test for sqrt(0) special case. ffe0f587 eccdata: Output ecc_sqrt_z and ECC_SQRT_E only when computed. 65c95c79 Fix comment typo. 8db66280 Let secp384r1 inverse and sqrt share most of the powering. 5b2758a3 eccdata: Delete generation of unused values ecc_sqrt_t and ECC_SQRT_T_BITS. b3abfac5 eccdata: Generate both redc and non-redc versions of ecc_sqrt_z. 2dbe065d Implement secp224r1 square root, based on patch by Wim Lewis. c8daa71c New function ecc_mod_equal_p, based on patch by Wim Lewis. 4be1725f New function ecc_mod_pow_127m1, used for ecc_secp224r1_inv. 4e987de3 Implement secp521r1 square root, based on patch by Wim Lewis. 2adc4268 Implement secp384r1 square root, based on patch by Wim Lewis. bc07754f Implement secp256r1 square root, based on patch by Wim Lewis. 35f12552 Implement secp192r1 square root, based on patch by Wim Lewis. c2726388 Renamed sqrt_itch --> sqrt_ratio_itch, and curve25519 and curve448 sqrt functions. 03421be1 Rename ecc sqrt --> sqrt_ratio. 652bdc79 New function ecc_mod_zero_p. 571d2cc2 [S390x] Improvements on documentation and instruction set usage for SHA3 permute 26b0f47b New function sec_zero_p. 259ec19a [S390x] Remove lgr instructions by using xgrk instead of xgr instruction 73722fb0 Rewrite of secp256r1 mod functions. 45028ff2 Extend ecc-mod-test, with improved coverage of corner cases. 806d6f6a [S390x] Optimize SHA3 permute using vector facility 78f44318 Change "signature on digest" --> "of digest". 0f90c076 Doc fixes. 52c86f94 Delete a few old FIXME comments 2b68ee47 Use @url and https consistently for references. Fix overlong lines. ea4b2e86 Use texi2pdf to generate the pdf manual 54bbc09b ChangeLog entries for doc structure improvements. cc92638c Divide Cipher section into menu and nodes, and some other minor fixes. 5e6af10b Delete explicit node pointers in nettle.texinfo 55584f4e Change CBC-AES interface 7a966ac3 Test AEAD encrypt/decrypt with message split into pieces. 686fd559 More checks for null pointers in test_aead, to silent static analyzer. 41a72c24 Fix checks of HAVE_NATIVE_cbc_aes*_encrypt d5b0b9cb Fix fat builds for x86_64 windows 419d7af5 x86_64: Fat setup for assembly CBC AES. 121290e0 x86_64: Assembly CBC AES aesni functions. 1f58b09c Add specialized functions for cbc-aes. 99dffa9c ChangeLog entries for recent contributions. 38092fde gitlab-ci: Use mini-gmp for big-endian powerpc64 cross build 4147279b gitlab-ci: Explicitly install cross libgmp-dev packages 8c2321d2 gitlab-ci: No-assembly cross-build for s390x, to test big-endian d4cd2965 gitlab-ci: Delete mips build 9765f8b9 [S390x] Optimize SHA256 and SHA512 compress functions 463553ae x86_64: New 2-way aesni loop also for aes256 c7391e5c x86_64: Refactor aesni assembly, with specific functions for each key size. 4ea2a1f8 [S390x] Optimize SHA1 compress a47813c2 [AArch64] Utilize AES 1-block macros in 4-block macros 5f7740a3 [AArch64] Load AES keys at function prologue 76c7418c ChangeLog entries for previous change. f7bc3e1b [AArch64] Move AES round macros to machine.m4 39d1e2a3 [AArch64] Optimize AES with fat build support b8054a1d [S390x] Optimize memxor3 using vector facility with fat support 422219fe [S390x] Optimize memxor 3900fe65 Add fat-s390x.c to OPT_SOURCES. c2f16582 Fix name of s390x/fat directory in make dist target. 4fc00c4d [S390x] add FAT_TEST_LIST variable to enable fat build testing 856c62ef [S390x] Replace inline assembly and fix fat filenames 3be3ff3e [S390x] Fat build support for AES and GHASH 9f9d4c4b arm64: Add sha2 to aarch64 fat tests. 774917ec ChangeLog entry for arm64 sha256.. 7b446327 [AArch64] Fat build support for SHA-256 compress 6c84092d [S390x] wipe parameter block content and leftover bytes of data from stack 7d301d93 [S390x] wipe hash subkey from stack once GHASH operation completed d1c8417f [AArch64] Optimize SHA-256 compress 33bfc509 [S390x] Use uppercase for macro names in machine.m4 and enhance the documentation for GHASH implementation 94be863c Add sha1 to aarch64 fat tests. 6c89ed3c ChangeLog entry for previous change. e5a9dbf4 arm64: Fat build support for SHA1 compress 530e4c8d [S390x] Update configure.ac and Makefile.in b0525367 [S390x] Implement alloc_stack and free_stack macros in machine.m4 72448928 [S390x] Optimize GHASH 20fedc01 Update Nettle-3.7.3 NEWS. c80961c6 Add input check to rsa_decrypt family of functions. cd6059ae Change _rsa_sec_compute_root_tr to take a fix input size. 401e0bdd Fix comment typos. fd6d9ba7 Add check that message length to _pkcs1_sec_decrypt is valid. e60d8367 ChangeLog entry for arm64 sha1. 47cafcf2 aarch64: Optimize SHA1 Compress a46a17e9 Fix C++-style comments 022e51a2 ChangeLog entries for aes keywrap. 0145efbc Implement aes key wrap and key unwrap (RFC 3394) 61bcbbf8 gitlab-ci: Explicitly pass --enable-s390x-msa to s390x build. 3b1bb7cb Fix comment typo. c23701f3 Reorder and indent asm_replace_list. c2a14fa3 ChangeLog entry for new s390x AES implementation. 1f38723e Append s390x-specific asm file names to asm_replace_list in configure.ac 71dafe91 [S390x] Basic AES-192 and AES-256 optimizations 8247fa21 ppc: Fix macro name SWAP_MASK to use all uppercase. b9f0ede2 Update config.guess and config.sub. 46515038 [S390x] Basic AES-128 optimization f4dc5f20 Split aes-encrypt.c and aes-decrypt.c into one file per key size. 0bff7a2b Initial config for s390x, contributed by Mamone Tarsha. 06d6ef33 nettle-benchmark: avoid -Wmaybe-uninitialized warnings dda3f4fd gitlab-ci: Fix only: variables: check, and quote variables. c2b56cd7 gitlab-ci: Use pipeline variable S390X_ACCOUNT c25774e2 gitlab-ci: Add remote tests for s390x. d5972ced Add forward declaration of struct aes_table. 085317d6 ChangeLog entries for arm64 fat build. 944881d7 ChangeLog entry for nettle-3.7.2 release f9e0e1f4 NEWS entries for 3.7.2. 1585f6ac [AArch64] Support fat build for GCM optimization 03b8ba39 [AArch64] Use m4 macros in gcm-hash.asm and add documentation comments 3f43c143 [AArch64] Update README to be on par with other architectures b30e0ca6 Fix canonical reduction in gostdsa_vko. d9b564e4 Similar fix for eddsa. fbaefb64 Analogous fix to ecc_gostdsa_verify. c24b3616 Ensure ecdsa_sign output is canonically reduced. 2397757b Fix bug in ecc_ecdsa_verify. 5b7608fd Use ecc_mod_mul_canonical for point comparison. 2bf497ba New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical. a471ae85 aarch64: Rename arm64/v8/ --> arm64/crypto/ 0489825e aarch64: Use .arch armv8-a+crypto directive. d32152f4 aarch64: Move m4 definitions after .file directive f3dda9f4 ChangeLog entries for arm64 gcm_hash. b098f19b arch64: Fix clang build fd9dd9d7 arch64: Fix copyright line and typos a3f91c0e aarch64: Adjust gcm-hash assembly for big-endian systems 09d77a10 aarch64: Implement GHASH using the crypto extension pmul instructions. 0c5429d3 aarch64: Add README dbd16501 Add an empty machine.m64 to make configure happy ebf9ae83 Recognize arm64 in configure
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: b32f165)
Deprecated and removed features: -------------------------------- * JSON_C_OBJECT_KEY_IS_CONSTANT is deprecated in favor of JSON_C_OBJECT_ADD_CONSTANT_KEY * Direct access to lh_table and lh_entry structure members is deprecated. Use access functions instead, lh_table_head(), lh_entry_next(), etc... * Drop REFCOUNT_DEBUG code.
New features ------------ * The 0.16 release introduces no new features
Build changes ------------- * Add a DISABLE_EXTRA_LIBS option to skip using libbsd * Add a DISABLE_JSON_POINTER option to skip compiling in json_pointer support.
Significant changes and bug fixes --------------------------------- * Cap string length at INT_MAX to avoid various issues with very long strings. * json_object_deep_copy: fix deep copy of strings containing '\0' * Fix read past end of buffer in the "json_parse" command * Avoid out of memory accesses in the locally provided vasprintf() function (for those platforms that use it) * Handle allocation failure in json_tokener_new_ex * Fix use-after-free in json_tokener_new_ex() in the event of printbuf_new() returning NULL * printbuf_memset(): set gaps to zero - areas within the print buffer which have not been initialized by using printbuf_memset * printbuf: return -1 on invalid arguments (len < 0 or total buffer > INT_MAX) * sprintbuf(): propagate printbuf_memappend errors back to the caller
Optimizations -------------- * Speed up parsing by replacing ctype functions with simplified, faster non-locale-sensitive ones in json_tokener and json_object_to_json_string. * Neither vertical tab nor formfeed are considered whitespace per the JSON spec * json_object: speed up creation of objects, calloc() -> malloc() + set fields * Avoid needless extra strlen() call in json_c_shallow_copy_default() and json_object_equal() when the object is known to be a json_type_string.
Other changes ------------- * Validate size arguments in arraylist functions. * Use getrandom() if available; with GRND_NONBLOCK to allow use of json-c very early during boot, such as part of cryptsetup. * Use arc4random() if it's available. * random_seed: on error, continue to next method instead of exiting the process * Close file when unable to read from /dev/urandom in get_dev_random_seed()
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: f3a1986)
Specifications: Chipset:MT7628DA+MT7612E Antenna : 2.4Ghz:2x5dbi Antenna + 5.8Ghz:2x5dbi Antenna Wireless Rate:2.4Ghz 300Mbps , 5.8Ghz 867Mbps Output Power :100mW(20dbm) Physical port:110/100Mbps RJ45 WAN Port , 310/100Mbps RJ45 LAN Port Flash: 8Mb DRam: 64Mb Flashing: default bootloader attempts to boot from tftp://192.168.1.10/firmware_auto.bin using 192.168.1.1
Known issues: mac-address-increment for 5GHZ doesnt work, i failed to figure out why. Original firmware using +1 from original value in factory partition.
Signed-off-by: Sergei Iudin <tsipa740@gmail.com> (commit: 4b0c433)
ramips: Add Xiaomi Mi Router 4A 100M International
The international version of Mi Router 4A 100M is physically identical to the non-international one, but appears to be using a different partitioning scheme with the "overlay" partition being 2MiB in size instead of 1MiB. This means the following "firmware" partition starts at a different address and the DTS needs to be adjusted for the firmware to work.
Signed-off-by: Nita Vesa <werecatf@outlook.com> (commit: 1a8c74d)
Improvements - Added 64-bit LoongArch architecture support. - Extended personality designation syntax of syscall specification expressions to support all@pers and %class@pers. - Enhanced rejection of invalid syscall numbers in syscall specification expressions. - Implemented decoding of set_mempolicy_home_node syscall, introduced in Linux 5.17. - Implemented decoding of IFLA_GRO_MAX_SIZE and TCA_ACT_IN_HW_COUNT netlink attributes. - Implemented decoding of PR_SET_VMA operation of prctl syscall. - Implemented decoding of siginfo_t.si_pkey field. - Implemented decoding of LIRC ioctl commands. - Updated lists of FAN_*, IORING_*, IOSQE_*, KEY_*, KVM_*, MODULE_INIT_*, TCA_ACT_*, and *_MAGIC constants. - Updated lists of ioctl commands from Linux 5.17.
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 36f3238)
Improvements - Added an interface of raising des Strausses awareness. - Added --tips option to print strace tips, tricks, and tweaks at the end of the tracing session. - Enhanced decoding of bpf and io_uring_register syscalls. - Implemented decoding of COUNTER_*, RTC_PARAM_GET, and RTC_PARAM_SET ioctl commands. - Updated lists of BPF_*, BR_*, BTRFS_*, IFA_*, IFLA_*, IORING_*, KEY_*, KVM_*, MADV_*, and UFFD_* constants. - Updated lists of ioctl commands from Linux 5.18.
Bug fixes - Fixed printing of the updated value of union bpf_attr.next_id on the exiting of bpf(BPF_*_GET_NEXT_ID) calls.
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 6d423ff)
ath79: ag71xx: reuse skbuff_head with napi skb api
napi_build_skb() reuses NAPI skbuff_head cache in order to save some cycles on freeing/allocating skbuff_heads on every new Rx or completed Tx. Use napi_consume_skb() to feed the cache with skbuff_heads of completed Tx so it's never empty.
Signed-off-by: Sieng Piaw Liew <liew.s.piaw@gmail.com> [ fixed commit title ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: 265f402)
xdp-tools - Library and utilities for use with the eXpress Data Path: Fast Programmable Packet Processing in the Operating System Kernel
* libxdp: library for attaching XDP programs and using AF_XDP sockets * xdp-filter: a simple XDP-powered packet filter * xdp-loader: an XDP program loader * xdpdump: tool for capturing packets at the XDP layer
Thanks to Nick @PolynomialDivision Hainke for testing and fixing!
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 6ad1bea)
mvebu: cortexa72: fix ImageBuilder for IEI Puzzle devices
The line trying to generate the standard sdcard.img.gz fails due to boot.scr not being generated. Remove the line in order to use the default sdcard.img.gz which is exactly the same but includes generating the boot.scr file.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 1d3b57d)
mediatek: mt7622: fix white dome LED of UniFi 6 LR
The recent differentiation between v1 and v2 of the UniFi 6 LR added support for the v2 version which has GPIO-controlled LEDs instead of using an additional microcontroller to drive an RGB led. The polarity of the white LED, however, was inverted and the default states didn't make a lot of sense after all. Fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: f58e562)
*) In addition to the c_rehash shell command injection identified in CVE-2022-1292, further bugs where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection have been fixed.
When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell.
This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. (CVE-2022-2068) [Daniel Fiala, Tomáš Mráz]
*) When OpenSSL TLS client is connecting without any supported elliptic curves and TLS-1.3 protocol is disabled the connection will no longer fail if a ciphersuite that does not use a key exchange based on elliptic curves can be negotiated. [Tomáš Mráz]
Signed-off-by: Andre Heider <a.heider@gmail.com> (commit: eb7d2ab)
From now on we will insert CAMEO tags into sysupgrade images for DGS-1210 devices. This will make the "OS:...FAILED" and "FS:...FAILED" messages go away.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de> (commit: e763c4c)
Some realtek boards have two u-boot-env partitions. However, in the DGS-1210 series, the mtdblock2 partition is not a valid u-boot env and simply contains the board/device name, followed by nulls.
The ImageBuilder does not need git or rsync since it only glues files together, packages are downloaded via wget and not rsync.
Signed-off-by: Paul Spooren <mail@aparcar.org> [ solve conflict with additional git prereq test ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: fd2f313)
Without this, WOLFSSL_HAS_DH can be disabled even if WOLFSSL_HAS_WPAS is enabled, resulting in an "Anonymous suite requires DH" error when trying to compile wolfssl.
Signed-off-by: Pascal Ernster <git@hardfalcon.net> Reviewed-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (commit: 21825af)
When building the mediatek/mt7629 target in OpenWrt 22.03 the kernel does not have a configuration option for CONFIG_CRYPTO_DEV_MEDIATEK. Add this option to the generic kernel configuration and also add two other configuration options which are removed when we refresh the mt7629 kernel configuration.
On the NanoPI R4S it takes an average of 3..5 seconds for the network devices to appear in '/proc/interrupts'. Wait up to 10 seconds to ensure that the distribution of the interrupts really happens.
libstdcxx-dual-abi needs to be enabled to actually support C++11 ABI. Enable the config flag to also permit support of .NET 6 development on OpenWrt.
Signed-off-by: Ivan Maslov <avenger_msoft@mail.ru> [ reword commit description and title ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: 3c06a34)
*) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation would not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed.
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. (CVE-2022-2097) [Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]
This option allows turning on CONFIG_DEBUG_VIRTUAL which is useful to debug incorrect uses of the virtual to physical and physical to virtual translations functions.
realtek: build factory images for all DGS-1210 models
Currently we build factory images only for DGS-1210-28 model. Relax that constraint and take care about all models. Tested on DGS-1210-20 and should work on other models too because of common flash layout.
Tested-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de> (commit: 2b49ec3)
realtek: build sane factory images for DGS-1210 models
During upload of firmware images the WebUI and CLI patch process extracts a version information from the uploaded file and stores it onto the jffs2 partition. To be precise it is written into the flash.txt or flash2.txt files depending on the selected target image. This data is not used anywhere else. The current OpenWrt factory image misses this label. Therefore version information shows only garbage. Fix this.
Before: DGS-1210-20> show firmware information IMAGE ONE: Version : xfo/QE~WQD"A\Scxq... Size : 5505185 Bytes
After: DGS-1210-20> show firmware information IMAGE ONE: Version : OpenWrt Size : 5505200 Bytes
Tested-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de> (commit: fae3ac3)
Not all devices using the gpio0/sys-led pin as a GPIO, configure the pinmux. Add the necessary pinctrl properties to these devices to ensure the pin is set up for use as GPIO.
The devicetree for the ZyXEL XGS1250-12 was missing the description of the front panel LED labeled "PWR SYS". Let's add it so it can be controlled by the user.
Add a pinctrl-single node to manage the sys-led mux and JTAG mux. This allows using the associated pins as GPIOs: - sys-led: GPIO0 - JTAG: GPIO6, GPIO7, others unknown (TDO, TDI, TMS, TCK /TRST)
setup.c unconditionally sets the sys-led mode (blinking rate) to a permanent high output. This may cause issues when a board expects this pin to toggle periodically, e.g. when hooked up to an external watchdog.
If the sys-led peripheral is used to control an LED, the mux should be configured to use the pin as GPIO0, allowing for better control as a GPIO LED.
Changes: 1bb4162 libnl-3.7.0 release 897ec9c route: act: Allow full set of actions on gact,skbedit,mirred 00e46f1 Use print() function in both Python 2 and Python 3 083c1b6 sriov: fix setting ce_mask when parsing VF stat counter 2e9a4f7 Fix typos and errors cc87ad2 changelog: update URL to git history bde0b4c changelog: fix typos in ChangeLog 44988e6 route: format recently added code with clang-format df6e38b route/act: add NAT action 7304c42 route: format recently added code with clang-format f8eb218 cls: flower: extend flower API e5dc111 flower: use correct attribute when filling out flags df6058c tests: merge branch 'th/test-link' 9772c1d tests: add unit tests for creating links 4713b76 github: run unit tests several times and directly 8025547 github: export NLTST_SEED_RAND= to randomize unit tests 7efeca2 tests: add test utils f6f4d36 tests: reformat unit test files with clang-format 135a706 utils: add _NL_AUTO_DEFINE_FCN_STRUCT() macro 0ea11be utils: add _nl_thread_local macro 9b04936 route: fix crash caused by parse_multipath() by wrong free() 2effffe route/link: Set the cache ops when cloning a link 5ecd56c route/link: add lock around rtnl_link_af_ops_put() e1a077a route/link: avoid accessing af_ops after af_free() in rtnl_link_set_family() 3f4f1dd xfrm/sa: fix reference counters of sa selector addresses d3c783f all: merge branch 'th/coverity-fixes' 23a75c5 xfrm: fix uninitalized variables in build_xfrm_ae_message() d52dbcb route: fix check for NULL in nh_encap_dump() 1f61096 route/qdisc/mqprio: fix bufferoverflow and argument checking in rtnl_qdisc_mqprio_set_*() f918c3a route/sriov: fix buffer overflow in rtnl_link_sriov_parse_vflist() d4c7972 all: fix "-Wformat" warnings for nl_dump*() 6b2f238 netlink/utils.h: mark nl_dump() with __attribute__((format(printf,a,b))) d3bd278 netlink/utils.h: add internal _nl_attribute_printf macro for public headers a30b26d socket: workaround undefined behavior coverity warning in generate_local_port() 8acf6d5 nl-pktloc-lookup: fix buffer overflow when printing alignment bf3585f route/link/sriov: fix initializing vlans in rtnl_link_sriov_clone() dd06d22 route/qdisc/netem: fix bogus "%" in format string netem_dump_details() f50a802 route/u32: fix u32_dump_details() to print data fa79ee3 link/vrf: avoid coverity warning in rtnl_link_vrf_set_tableid() about CONSTANT_EXPRESSION_RESULT 31380f8 utils: suppress coverity warning in nl_cli_load_module() about leaked handle aa398b5 route/ip6vti,ip6gre: fix printing invalid data in ip6{vti,gre}_dump_details() 40683cc netlink/private: add internal helper utils 6615dc0 route/link: workaround coverity warning about leak in rtnl_link_set_type() ff5ef61 all: avoid coverity warnings about assigning variable but not using it f58a3c0 route/mdb: check parser error in mdb_msg_parser() for nested MDBA_MDB attribute 46506d3 route/mdb: add and use rtnl_mdb_entry_free() internal helper method 46e85d2 route/mdb: fix leak in mdb_msg_parser() b0641dd route/mdb: add _nl_auto_rtnl_mdb cleanup macro d544105 route/mdb: fix buffer overflow in mdb_msg_parser() 4d12b63 tests: silently ignore EACCES for setting uid_map for test namespace ec712a4 tests: cleanup unshare_user() and use _nltst_fclose() 85e3c5d tests: add _assert_nltst_netns() helper 39e4d8d github: test out-of-tree build and "--disable-static" d63e473 github: build documentation in CI test fa7f97f build: avoid building check-direct with --disable-static 8c741a7 tools: fix aborting on failure in "tools/build_release.sh" script e2aa409 doc: fix markup error in "doc/route.txt" 4f3b4f9 doc: fix python2-ism in "doc/resolve-asciidoc-refs.py"
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 0af4a26)
Changes: - examples: add README with details to the various examples - examples: af_ieee802154_tx example - examples: af_ieee802154_rx example - examples: add af_packet_rx example - examples: af_inet6_rx example - examples: af_packet_tx example - examples: af_inet6_tx example - examples: add .gitignore file for examples directory - src/nl_extras.h: fix compatibility with libnl 3.3.0 - wpan-ping: add the support to set wpan-ping interval - wpan-ping: Add the filtering function for frame receiving
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 9194cee)
Changelog: 2022-01-31: v1.0.25 * Linux: Fix regression with some particular devices * Linux: Fix regression with libusb_handle_events_timeout_completed() * Linux: Fix regression with cpu usage in libusb_bulk_transfer * Darwin (macOS): Add support for detaching kernel drivers with authorization. * Darwin (macOS): Do not drop partial data on timeout. * Darwin (macOS): Silence pipe error in set_interface_alt_setting(). * Windows: Fix HID backend missing byte * Windows: Fix segfault with libusbk driver * Windows: Fix regression when using libusb0 driver * Windows: Support LIBUSB_TRANSFER_ADD_ZERO_PACKET on winusb * New NO_DEVICE_DISCOVERY option replaces WEAK_AUTHORITY option * Various other bug fixes and improvements
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: d858511)
Changelog: 2022-04-10: v1.0.26 * Fix regression with transfer free's after closing device * Fix regression with destroyed context if API is misused * Workaround for applications using missing default context * Fix hotplog enumeration regression * Fix Windows isochronous transfer regression since 1.0.24 * Fix macOS exit crash in some multi-context cases * Build fixes for various platforms and configurations * Fix Windows HID multi-interface product string retrieval * Update isochronous OUT packet actual lengths on Windows * Add interface bound checking for broken devices * Add umockdev tests on Linux
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: ccfb736)
Assembler: General: * Add support for the LoongArch architecture.
* Add an option to control how multibyte characters are handled in the assembler. Using the option warnings can be generated when such characters are encountered in symbol names, or anywhere in the input source file(s).
AArch64 and ARM: * Add support for more system registers. * Add support for Scalable Matrix Extension. * Add support for Cortex-R52+, Cortex-A510, Cortex-A710, Cortex-X2, Cortex-A710 cores. * Add support for 'v8.7-a', 'v8.8-a', 'v9-a', 'v9.1-a', 'armv9.2-a' and 'armv9.3-a' architecture extensions.
X86: * Add a command-line option to encode aligned vector move as unaligned vector move. * Add support for Intel AVX512_FP16 instructions. * The outputs of .ds.x directive and .tfloat directive with hex input have been reduced from 12 bytes to 10 bytes to match the output of .tfloat directive.
Linker: * Add support for the LoongArch architecture.
* Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF linker to pack relative relocations in the DT_RELR section.
* Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF linker to control canonical function pointers and copy relocation.
Other Binary Tools:
* elfedit: Add --output-abiversion option to update ABIVERSION.
* Tools which display symbols or strings (readelf, strings, nm, objdump) have a new command line option which controls how unicode characters are handled. By default they are treated as normal for the tool. Using --unicode=locale will display them according to the current locale. Using --unicode=hex will display them as hex byte values, whilst --unicode=escape will display them as escape sequences. In addition using --unicode=highlight will display them as unicode escape sequences highlighted in red (if supported by the output device).
* readelf -r dumps RELR relative relocations now.
* Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been added to objcopy in order to enable UEFI development using binutils.
* ar: Add --thin for creating thin archives. -T is a deprecated alias without diagnostics. In many ar implementations -T has a different meaning, as specified by X/Open System Interface.
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 820093d)
Fix patches: - 102-iptables-disable-modprobe.patch Fix warnings in the form of: xtables.c:475:14: warning: 'get_modprobe' defined but not used [-Wunused-function] 475 | static char *get_modprobe(void) | ^~~~~~~~~~~~
Remove from Makefile: $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
Changelog: fa0ccdbd configure: bump version for 1.8.8 release 8468fd4f nft: Fix EPERM handling for extensions without rev 0 ce9195c6 extensions: LOG: Document --log-macdecode in man page 404f304d man: *NAT: Review --random* option descriptions 0a538259 extensions: DNAT: Merge core printing functions a7c2b728 libxtables: Revert change to struct xtables_pprot fd64a587 libxtables: Drop xtables_globals 'optstring' field 3b8a6a6f xshared: Extend xtables_printhelp() for arptables 8ff84eaf xshared: Move arp_opcodes into shared space adbfec0b extensions: MARK: Drop extra newline at end of help 1dcfb81e nft: split gen_payload() to allocate register and initialize expression 7e38890c nft: prepare for dynamic register allocation 165cafec nft: pass handle to helper functions to build netlink payload 94309632 nft: native mark matching support aa92ec96 nft: pass struct nft_xt_ctx to parse_meta() 4c70c42f nft-shared: update context register for bitwise expression 18c96821 extensions: man: Document service name support in DNAT and REDIRECT 72d542b6 extensions: Merge REDIRECT into DNAT 14d77c8a extensions: Merge IPv4 and IPv6 DNAT targets 9621318b extensions: DNAT: Rename from libipt to libxt 2e0c9a40 extensions: ipt_DNAT: Combine xlate functions also 7adef314 extensions: ipt_DNAT: Merge v1/v2 print/save code 3f4f1cf0 extensions: ipt_DNAT: Merge v1 and v2 parsers 070a8626 Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified" 08c14fa6 man: DNAT: Describe shifted port range feature 24fff5d7 xlate-test: Fix for empty source line on failure ac4c84cc libxtables: Boost rule target checks by announcing chain names f58b0d74 libxtables: Implement notargets hash table b1aee6b2 nft: Reject standard targets as chain names when restoring b555bfed tests: shell: Fix 0004-return-codes_0 for static builds c293e116 nft: Review static extension loading 0836524f xtables: Call init_extensions{,a,b}() for static builds 6c689b63 Simplify static build extension loading 0c8e2535 libxtables: Fix for warning in xtables_ipmask_to_numeric 0c0cd434 nft: Don't pass command state opaque to family ops callbacks b6196c75 xshared: Prefer xtables_chain_protos lookup over getprotoent 07ee529f nft: Speed up immediate parsing b5f2faea nft: Simplify immediate parsing 17534cb1 Improve error messages for unsupported extensions 2dbb49d1 libxtables: Register only the highest revision extension 07e2107e xshared: Implement xtables lock timeout using signals a3980769 tests: NFLOG: enable `--nflog-range` tests b8e8ac27 tests: support explicit variant test result adb03c3f tests: add `NOMATCH` test result 7a006c7d tests: iptables-test: rename variable b7f15b42 iptables.8: Describe the effect of multiple -v flags 1407a9c4 tests: iptables-test: Support variant deviation fc8f7289 nft: cache: Dump rules if debugging 73b91292 nft: Add debug output to table creation 51d9d9e0 ebtables: Support verbose mode ad1ed75f nft: Set NFTNL_CHAIN_FAMILY in new chains 17ed253f iptables-restore: Support for extra debug output a761a026 nft: Use verbose flag to toggle debug output 98e69b7e nft: add support for native tcp flag matching 92808bd5 nft-shared: add tcp flag dissection 6aba94ef nft: prefer native expressions instead of tcp match c034cf31 nft: prefer native expressions instead of udp match 5489493e nft-shared: support native udp port delinearize 5795a1b5 nft-shared: support native tcp port range delinearize 250dce87 nft-shared: support native tcp port delinearize ea5d45dc extensions: libxt_NFLOG: fix typo 26ecdf53 xshared: Fix response to unprivileged users b32ae771 build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with `LT_INIT` 05286bab extensions: libxt_NFLOG: remove extra space when saving targets with prefixes f0d02998 extensions: libxt_NFLOG: fix `--nflog-prefix` Python test-cases f9df828a extensions: libxt_NFLOG: disable `--nflog-range` Python test-cases 62ad29e9 extensions: libxt_NFLOG: don't truncate log prefix on print/save db99f601 extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG 30b178b9 extensions: *NAT: Kill multiple IPv4 range support 7ee5b970 tests: iptables-test: correct misspelt variable 223f02ca nft: fix indentation error. 5c2c2eea ip6tables: Use the shared do_parse, too 9baf3bf0 iptables: Use xtables' do_parse() function e4f5185d nft: Move proto_parse and post_parse callbacks to xshared ded7b579 xshared: Store parsed wait and wait_interval in xtables_args 62c3c93d xshared: Move do_parse to shared space 3039a52c xtables: Do not pass nft_handle to do_parse() ece001c2 xtables: Pass xtables_args to check_inverse() 17abaeb1 xtables: Pass xtables_args to check_empty_interface() dc8d8fce xtables: Move struct nft_xt_cmd_parse to xshared.h 98a4462f xtables: Pull table validity check out of do_parse() d83371c7 xtables: Drop xtables' family on demand feature 49aa44ba nft-shared: set correct register value b129b1cf iptables-*-restore: Drop pointless line reference 316d8efb libxtables: Extend basic_exit_err() 4bff5aef xtables_globals: Embed variant name in .program_version 51e5d293 xshared: Share exit_tryhelp() 56ac0452 xshared: Share a common printhelp function 4149b5d8 xshared: Share print_match_save() between legacy ip*tables 273d88a7 extensions: tcpmss: add iptables-translate support 7213561d xshared: Make load_proto() static cf14b92b nft-shared: Drop unused function print_proto() 24f30842 xshared: Share print_header() with legacy iptables a323c283 xshared: Share print_fragment() with legacy 1d73cec0 xshared: Share print_rule_details() with legacy e5fb9f8e xshared: Share save_ipv{4,6}_addr() with legacy 22f2e1fc xshared: Share save_rule_details() with legacy 766e4872 xshared: Share print_iface() function b5881e7f nft: Change whitespace printing in save_rule callback 1189d830 xshared: Merge and share parse_chain() 1eab8e83 extensions: hashlimit: Fix tests with HZ=1000 afa525ee xlate-test: Print full path if testing all files b8d5271d Unbreak xtables-translate 0af80a91 nft: Merge xtables-arp-standalone.c into xtables-standalone.c 142cf724 xtables: arptables accepts empty interface names ab0a785a xtables: Derive xtables_globals from family 6cf3976e nft-shared: Make nft_check_xt_legacy() family agnostic 832a0e2b nft-arp: Introduce post_parse callback 0aea399d arptables: Use standard data structures when parsing fe83b12f libxtables: Introduce xtables_globals print_help callback 0687852d xtables-standalone: Drop version number from init errors dded8ff3 nft: Add family ops callbacks wrapping different nft_cmd_* functions 38e1fe58 xtables: Simplify addr_mask freeing cfdda180 nft-shared: Introduce init_cs family ops callback 65b150ae xshared: Store optstring in xtables_globals 2e6014c7 nft: Introduce builtin_tables_lookup() db90ff64 tests: shell: fix bashism 45d8f769 nft: Delete builtin chains compatibly e865a853 nft-chain: Introduce base_slot field f9b33967 nft: Check base-chain compatibility when adding to cache 43189612 nft: cache: Avoid double free of unrecognized base-chains 040a15f2 xtables-translate: add missing argument and option to usage 2ed6dc75 tests: iptables-test: Fix conditional colors on stderr 63ab4fe3 ebtables: Avoid dropping policy when flushing b714d45d iptables-test.py: print with color escapes only when stdout isatty 481626bb tests: shell: Return non-zero on error 7559af83 tests: iptables-test: Exit non-zero on error c057939d tests: xlate-test: Exit non-zero on error a8da7186 tests: iptables-test: Print errors to stderr 5166c445 tests: xlate-test: Print errors to stderr fa78ff15 tests: xlate-test: Don't skip any input after the first empty line fcbe454b tests: iptables-test: Fix missing chain case 61e85e31 iptables-nft: allow removal of empty builtin chains 544e7dc1 Fix a few doc typos e438b976 nft: Use xtables_{m,c}alloc() everywhere ca11c7b7 nft: Use xtables_malloc() in mnl_err_list_node_add() cf410aa6 extensions: libxt_mac: Fix for missing space in listing 7ae14dc1 iptables-test: Make netns spawning more robust bef9dc57 extensions: hashlimit: Fix tests with HZ=100 943fbf3e ip6tables: masquerade: use fully-random so that nft can understand the rule ef7781eb libxtables: exit if called by setuid executeable 8629c53f tests/shell: Assert non-verbose mode is silent 57d1422d nft: Fix for non-verbose check command 26318637 ebtables: Dump atomic waste 765bf04e doc: ebtables-nft.8: Adjust for missing atomic-options e727ccad xtables: Call init_extensions6() for static builds 9e1fffdf extensions: libxt_multiport: add translation for -m multiport --ports c8145139 extensions: libxt_conntrack: simplify translation using negation 1c934617 extensions: libxt_tcp: rework translation to use flags match representation bb01e33d extensions: libxt_connlimit: add translation 62828a6a tests: xlate-test: support multiline expectation ba863c4b libxtables: extend xlate infrastructure 68ed965b extensions: libxt_string: Avoid buffer size warning for strncpy() 9b85e1ab libxtables: Introduce xtables_strdup() and use it everywhere ca840c20 extensions: libebt_ip6: Use xtables_ip6parse_any() 084671d5 iptables-apply: Drop unused variable 0729ab37 nft: Avoid buffer size warnings copying iface names eab75ed3 nft: Avoid memleak in error path of nft_cmd_new() ffe88f8f libxtables: Fix memleak in xtopt_parse_hostmask() 8bb5bcae extensions: libebt_ip6: Drop unused variables 97fabae7 libxtables: Drop leftover variable in xtables_numeric_to_ip6addr() 5818be17 extensions: sctp: Translate --chunk-types option a61282ec extensions: sctp: Fix nftables translation 556f7044 Use proto_to_name() from xshared in more places eea68ca8 ebtables-translate: Use shared ebt_get_current_chain() function 9dc50b5b xshared: Merge invflags handling code 3664249f xshared: Eliminate iptables_command_state->invert f647f61f xtables: Make invflags 16bit wide 616800af extensions: SECMARK: Implement revision 1 1e984079 nft-arp: Make use of ipv4_addr_to_string() acac2dbe Eliminate inet_aton() and inet_ntoa() 9084ef29 extensions: sctp: Explain match types in man page a3e81c62 nft: Increase BATCH_PAGE_SIZE to support huge rulesets fdf64dcd nft: cache: Sort chains on demand only c5d9a723 fix build for missing ETH_ALEN definition 18d7535d extensions: libxt_conntrack: use bitops for status negation 18e334da extensions: libxt_conntrack: use bitops for state negation 831f57c7 libxtables: Simplify xtables_ipmask_to_cidr() a bit 46f9d3a9 xtables-translate: Fix translation of odd netmasks 330f5df0 nft: Fix bitwise expression avoidance detection 5f1fcace iptables-nft: fix -Z option c9441657 include: Drop libipulog.h 30c1d443 ebtables: Exit gracefully on invalid table names
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 436fad7)
Manual rebase by Marty Jones: bcm27xx/patches-5.15/950-0078-BCM2708-Add-core-Device-Tree-support.patch
All other patches automatically rebased.
Signed-off-by: John Audia <therealgraysky@proton.me> Signed-off-by: Marty Jones <mj8263788@gmail.com> [Apply same changes to new dts entry in modified file] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (commit: 552d76f)
Update uboot-at91 to linux4sam-2022.04. As linux4sam-2022.04 is based on U-Boot v2022.01 which contains commit 93b196532254 ("Makefile: Only build dtc if needed") removed also the DTC variable passed to MAKE to force the compilation of DTC.
The PICO-PI-IMX7D board is equipped with external LCD display with touchscreen. To allow displaying console on it, enable framebuffer, fbcon and DRM support at early boot.
Add package supporting Bluetooth HCI interfaces connected over SDIO.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com> [pepe2k@gmail.com: dropped rfkill dependency, other minor text fixes] Signed-off-by: Piotr Dymacz <pepe2k@gmail.com> (commit: fb75476)
linux-firmware: use upstream firmware for cypress-firmware-4339-sdio
Old firmware provided by 'cypress-firmware' suite is not sufficient for AP6335 module used in PICO-PI-IMX7D board to probe successfully. Use the upstream version from linux-firmware instead.
At the same time, drop the old firmware from 'cypress-firmware' package.
imx: decouple sdcard sysupgrade from Apalis boards
Sysupgrade procedure for i.MX 6 Apalis boards is suitable for most other i.MX boards booting from eMMC or SD card. Extract the common parts and decouple the procedure from "apalis" board name in sysupgrade TAR contents, so the procedure is reusable for i.MX 7 boards.
Ensure, that kernel update is performed atomically on filesystem, to reduce likelihood of failure if power-cut occurs during sysupgrade. If kernel update fails for whatever reason, skip updating rootfs as well.
imx: cortexa7: add support for TechNexion PICO-PI-IMX7D
TechNexion PICO-PI-IMX7D is a NXP i.MX 7Dual based development board in the well-known "Raspberry Pi" form factor, comprising of PICO-IMX7 SoM and the PICO-PI-IMX7D carrier board.
Usually bundled with a 5" 800x480 LVDS display with I2C touchscreen and an Omnivision OV5645 camera on a MIPI CSI bus, on a daughterboard. The board was previously used primarily with "Android Things" ecosystem, but the project was killed by Google.
This would not be possible, if not for the great tutorial of setting up Debian on this board, by Robert C. Nelson [1].
Hardware highlights:
CPU: NXP i.MX 7Dual SoC, dual-core Cortex-A7 at 1000 MHz RAM: 512 MiB DDR3 SDRAM Storage: 4 GB eMMC Networking: - built-in Gigabit Ethernet with Atheros AR8035 PHY, - Broadcom BCM4339 1x1 802.11ac Wi-Fi (over SDIO) + Bluetooth 4.1 (over SDIO + UART + IS2) combo, with Hirose u.FL connector on the board, - dual CAN interfaces on the 40-pin connector, Interfaces: - USB-C power input plus USB 2.0 OTG host/device port, - single USB-A host port, - serial console over built-in FT232BL USB-UART converter with micro-USB connector (configuration: 115200-8-N-1), - analog audio interface with TRRS connector in CTIA standard, - SPI, I2C and UART interfaces available on the 40-pin, - mikroBUS connector, - I2C connector for the optional touch panel, - parallel LCD output for the optional display, - MIPI CSI connector for the optional camera
Installation:
1. Connect the serial console to debug USB connector and the terminal of choice in another window, at 115200-8-N-1. Ensure you can switch to it quickly after next step.
2. Power-on the board from your PC. Ensure your PC can supply required current, the board can take more than 1 A in the peak load during booting and brownout will result in power-on reset loop. Preferably, use charging-capable USB port or connect through self-powered USB hub. If U-Boot is present already on the eMMC, interrupt the booting sequence by pressing any key and skip to point 7.
3. Ensure the boot mode jumpers J1 and J2 are in correct position for USB recovery:
If they are not, power-off the board, restore them and power-on the board again. Otherwise, if jumpers are set, just reset the board from U-Boot CLI:
=> reset
14. The installation is now complete and board should boot successfully.
Upgrading: just use sysupgrade image, as usual in OpenWrt.
Known issues/current limitations:
- OV5645 camera - not described in upstream device tree as of kernel 5.15. There are staging drivers present in upstream Linux tree for i.MX 7 CSI, MIPI-CSI and video mux, and the configuration is there in imx7s.dtsi - so this is expected to get supported eventually, - on-chip ADCs are disabled in upstream device tree, so the kernel driver remains disabled as well.
uboot-ramips: add support for MT7621, merge into uboot-mediatek
* Merge uboot-ramips into uboot-mediatek. * Port support for the RAVPower RP WD009 to U-Boot 2022.07. * Add support for MT7621 and add builds for the reference boards. * Add builds for MT7620 and MT7628 reference boards.
This should help to make development of U-Boot-level board support for all MediaTek targets much easier.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 2f7fb57)
Linux stable v5.15.51 brought commit 7a3a4683562e ("ARM: dts: bcm2711-rpi-400: Fix GPIO line names") which was already part of a local patch which then failed to apply. Remove the already applied and now failing hunk from the patch to fix the build.
Fixes: 552d76f2be ("kernel: bump 5.15 to 5.15.51") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: 7c02a4a)
ath79: tplink-archer-c6-v2-us: fix inverted LED colors
The amber and green wan led color was inverted in dts file, which ends up leaving the wan led amber when the connection is established, so, switch gpio led number (7 and 8) in qca9563_tplink_archer-c6-v2-us.dts.
Tip: the /etc/config/system file needs to be regenerated.
Signed-off-by: Rodrigo B. de Sousa Martins <rodrigo.sousa.577@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> [commit subject] (commit: ae07b9c)
uboot-imx: pico-pi-imx7d: fix wrong make flags overriding
Buidbots are currently choking on the following compile error:
In file included from tools/aisimage.c:9: include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory # include <openssl/evp.h> ^~~~~~~~~~~~~~~ compilation terminated.
This is caused by a complete overriding of make flags which are provided correctly in `UBOOT_MAKE_FLAGS` variable, but currently overriden instead of extended. This then leads to the usage of build host include dirs, which are not available.
Fix it by extending `UBOOT_MAKE_FLAGS` variable like it was done in commit 481339a04266 ("uboot-imx: fix wrong make flags overriding").
Fixes: 7094e6550336 ("uboot-imx: add support for TechNexion PICO-PI-IMX7D") Signed-off-by: Petr Štetiar <ynezz@true.cz> (commit: 64fb5ae)
Building U-Boot for the MT7621 SoC requires binman, a Python-based host tool to generate images. For now, binman cannot work inside the OpenWrt build system because it requires swig, so mark the MT7621 boards as borken to fix the ramips/mt7621 build until someone with knowledge about Python and swig fixes the underlaying issue.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: e760f06)
Buidbots are throwing the following compile error:
In file included from tools/aisimage.c:9: include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory ^~~~~~~~~~~~~~~ compilation terminated.
Fix it by passing `UBOOT_MAKE_FLAGS` variable to make.
Suggested-by: Petr Štetiar <ynezz@true.cz> Fixes: 6d5611af2813 ("uboot-at91: update to linux4sam-2022.04") Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com> (commit: 95a24b5)
swig has been installed on the buildbots a while a ago and Petr Štetiar got a fix for the pylibfdt error. Use that and re-enable the builds for mt7620 and mt7621. Refresh patches while at it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: e0e74d8)
For some reason, current coreutils version installed on x86 macOS via homebrew have a bug, where at least the cc1 binary from gcc gets corrupted during install to the staging dir. Using the install utility from tools/coreutils fixes this
Signed-off-by: Felix Fietkau <nbd@nbd.name> (commit: 9dc86d1)
generic: fix warning orphan section from module exports in aarch64
kernel linux now have 2 different export.h include, one from linux/export.h and one from asm-generic/export.h
While most of our target user linux/export.h, aarch64 based target use asm-generic/export.h that is not patched with the changes of 221-module_exports.
Patch also this additional header to fix multiple
aarch64-openwrt-linux-musl-ld: warning: orphan section `__ksymtab_strings' from `arch/arm64/kernel/head.o' being placed in section `__ksymtab_strings'
warning during kernel compilation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: 4b924fe)
ath79: fix Tx cleanup when NAPI poll budget is zero
NAPI poll() function may be passed a budget value of zero, i.e. during netpoll, which isn't NAPI context. Therefore, napi_consume_skb() must be given budget value instead of !flush to truly discern netpoll-like scenarios.
automake: always use correct path for aclocal.real
Before this commit, it was assumed that aclocal.real is in the PATH. While this was fine for the normal build workflow, this led to some issues if
make TOPDIR="$(pwd)" -C "$pkgdir" compile
was called manually. The command failed with:
/home/.../openwrt/staging_dir/host/bin/aclocal: line 2: aclocal.real: command not found autoreconf: /home/.../openwrt/staging_dir/host/bin/aclocal failed with exit status: 127
After the commit, the package is built sucessfully.
This PR allows a user to enable a private psk, where each station may have it's own psk or use a common psk if it is not defined. The private psk is defined using the sta's mac and a radius server is required.
ppsk option should be enabled in the wireless configuration along with radius server details. When using PPSK, the key is ignored, it will be retrieved from radius server. SAE is not yet supported (private sae) in hostapd.
If you want to use dynamic VLAN on PPSK also include: option dynamic_vlan '2' option vlan_tagged_interface 'eth0' option vlan_bridge 'br-vlan' option vlan_naming '0'
It works enabling mac address verification on radius server and requiring the tunnel-password (the private psk) from radius server.
In the radius server we need to configure the users. In case of freeradius: /etc/freeradius3/mods-config/files/authorize The user and Cleartext-Password should be the mac lower case using the format "aabbccddeeff"
If we want to have a default or shared psk, used when the mac is not found in the list, we need to add the following at the end of the radius authorize file:
And if using VLANs, for example VLAN6 for default users: DEFAULT Auth-Type := Accept Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = 6, Tunnel-Password = SharedPw
Signed-off-by: Manuel Giganto <mgigantoregistros@gmail.com> (commit: d12eb10)
ipq40xx: R619AC: replace space with - separator in variant string
Kalle: "I see that variant has a space in it, does that work it correctly? My original idea was that spaces would not be allowed, but didn't realise to add a check for that."
Is this an easy change? Because the original author (Tim Davis) noted: "You may substitute the & and space with something else saner if they prove to be problematic."
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 3b3eaf3)
gettext (libintl-stub) was removed in commit [1], so the libintl-stub lib and include directories aren't existing anymore. This commit cleans up the INTL flags for the BUILD_NLS=n case.
[1] e6f569406ffe1d9e35b9b9ea36f38cdd5837728d
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net> Reviewed-by: Rosen Penev <rosenp@gmail.com> (commit: 92f0b7d)
intel: ac640f0 linux-firmware: Update firmware file for Intel Bluetooth 9462 38dd3f2 linux-firmware: Update firmware file for Intel Bluetooth 9462 72e1216 linux-firmware: Update firmware file for Intel Bluetooth 9560 94c49b4 linux-firmware: Update firmware file for Intel Bluetooth 9560 e4971d1 linux-firmware: Update firmware file for Intel Bluetooth AX201 78c3731 linux-firmware: Update firmware file for Intel Bluetooth AX201 12564a2 linux-firmware: Update firmware file for Intel Bluetooth AX211 edc709e linux-firmware: Update firmware file for Intel Bluetooth AX211 9546d55 linux-firmware: Update firmware file for Intel Bluetooth AX210 111bd14 linux-firmware: Update firmware file for Intel Bluetooth AX200 ac67ec3 linux-firmware: Update firmware file for Intel Bluetooth AX201 99cb4b0 iwlwifi: add new FWs from core70-87 release 7073b8a iwlwifi: update 9000-family firmwares to core70-87 f9e0b9f iwlwifi: remove old unsupported 3160/7260/7265/8000/8265 firmware 7d118ce linux-firmware: Update firmware file for Intel Bluetooth 9462 30dcf82 linux-firmware: Update firmware file for Intel Bluetooth 9462 7d141a6 linux-firmware: Update firmware file for Intel Bluetooth 9560 741fee8 linux-firmware: Update firmware file for Intel Bluetooth 9560 e7214a2 linux-firmware: Update firmware file for Intel Bluetooth AX201 0e3e49a linux-firmware: Update firmware file for Intel Bluetooth AX201 46cfae6 linux-firmware: Update firmware file for Intel Bluetooth AX211 16c926e linux-firmware: Update firmware file for Intel Bluetooth AX211 f293900 linux-firmware: Update firmware file for Intel Bluetooth AX210 41386cc linux-firmware: Update firmware file for Intel Bluetooth AX200 62235c9 linux-firmware: Update firmware file for Intel Bluetooth AX201
realtek: 7eef50f rtw88: 8822c: Update normal firmware to v9.9.13 23b5428 rtw88: 8822c: Update normal firmware to v9.9.12
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: fffb8ca)
The spidev_test is build in phase2 even though it should be disabled. My best guess is that we hit the same issue that I had with nu801. The build-system thinks it's a tool that is necessary for building the kernel.
In this case, the same fix (adding a dependency on the presence of the module) could work in this case as well?
Fixes: bdaaf66e28bd ("utils/spidev_test: build package directly from Linux") Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: f0c1d26)
Meraki MR26 is an EOL wireless access point featuring a PoE ethernet port and two dual-band 3x3 MIMO 802.11n radios and 1x1 dual-band WIFI dedicated to scanning.
SERIAL: WARNING: The serial port needs a TTL/RS-232 3V3 level converter! The Serial setting is 115200-8-N-1. The board has a populated right angle 1x4 0.1" pinheader. The pinout is: VCC (next to J3, has little white arrow), RX, TX, GND.
This flashing procedure for the MR26 was tested with firmware: "22-143410M-gf25cbf5a-asa". U-Boot 2012.10-00063-g83f9fe4 (Jun 04 2014 - 21:22:39)
A guide how to open up the device is available on the wiki: <https://openwrt.org/toh/meraki/mr26>
Notes: - The WIFI do work to a degree. Limited to 802.11bg in the 2.4GHz band. - the WIFI macs are made up.
0. Create a separate Ethernet LAN which can't have access to the internet. Ideally use 192.168.1.2 for your PC. The new OpenWrt firmware will setup the network via DHCP Discovery, so make sure your PC is running a DHCP-Server (i.e.: dnsmasq) '# dnsmasq -i eth# -F 192.168.1.5,192.168.1.50 Download the openwrt-meraki-mr26 initramfs file from openwrt.org and rename it to something simple like mr26.bin. Then put it into the tftp's server directory.
1. Disassemble the MR26 device by removing all screws (4 screws are located under the 4 rubber feets!) and prying open the plastic covers without breaking the plastic retention clips. Once inside, remove the plastic back casing. Be careful, there some "hidden" retention clips on both sides of the LAN port, you need a light to see those. Next, you want to remove all the screws on the outer metal shielding to get to the PCB. It's not necessary to remove the antennas!
2. Connect the serial cable to the serial header and Ethernet patch cable to the device.
4. Before connecting the power, get ready flood the serial console program with the magic: xyzzy . This is necessary in order to get into the u-boot prompt. Once Ready: connect power cable.
5. If you don't get the "u-boot>" prompt within the first few seconds, you have to disconnect and reconnect the power cable and try again.
7. Once it booted use sysupgrade to permanently install OpenWrt. To do this: Download the latest sysupgrade.bin file and move it to the device. Then use sysupgrade *sysupgrade.bin to install it.
WARNING: DO NOT DELETE the "storage" ubi volume!
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: e37ba80)
This version fixes two vulnerabilities: -CVE-2022-34293[high]: Potential for DTLS DoS attack -[medium]: Ciphertext side channel attack on ECC and DH operations.
The patch fixing x86 aesni build has been merged upstream.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (commit: 9710fe7)
The flag to enable the outgoing port mask is in CPU header bit 43, with bit 0 being the leftmost bit of the header. This corresponds to BIT(4) in the third 16-bit value of the header.
Correctly set AS_DPM by fixing the off-by-one error.
The flag to enable L2 address learning on egress frames is in CPU header bit 40, with bit 0 being the leftmost bit of the header. This corresponds to BIT(7) in the third 16-bit value of the header.
Correctly set L2LEARNING by fixing the off-by-one error.
Priority values passed to the egress (TX) frame header initialiser are invalid when smaller than 0, and should not be assigned to the frame. Queue assignment is then left to the switch core logic.
Current code for RTL83xx forces the passed priority value to be positive, by always masking it to the lower bits, resulting in the priority always being set and enabled. RTL93xx code doesn't even check the value and unconditionally assigns the (32 bit) value to the (5 bit) QID field without masking.
Fix priority assignment by only setting the AS_QID/AS_PRI flag when a valid value is passed, and properly mask the value to not overflow the QID/PRI field.
For RTL839x, also assign the priority to the right part of the frame header. Counting from the leftmost bit, AS_PRI and PRI are in bits 36 and 37-39. The means they should be assigned to the third 16 bit value, containing bits 32-47.
Destination switch ports for outgoing frame can range from 0 to CPU_PORT-1.
Refactor the code to only generate egress frame CPU headers when a valid destination port number is available, and make the code a bit more consistent between different switch generations. Change the dest_port argument's type to 'unsigned int', since only positive values are valid.
This fixes the issue where egress frames on switch port 0 did not receive a VLAN tag, because they are sent out without a CPU header. Also fixes a potential issue with invalid (negative) egress port numbers on RTL93xx switches.
the tacked on @TARGET_bcm53xx causes warnings: tmp/.config-package.in:14027:warning: ignoring unsupported character '@' tmp/.config-package.in:26028:warning: ignoring unsupported character '@'
this was wrong.
Fixes: be1761fa1488 ("nu801: add MR26 to the table") Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: e0e6444)
The change of the PKG_VERSION caused the hash of the package to change. This is because the PKG_VERSION is present in the internal directory structure of the uboot-layerscape-21.08.tar.xz archive.
# tar tf uboot-layerscape-LSDK-21.08.tar.xz uboot-layerscape-LSDK-21.08/ uboot-layerscape-LSDK-21.08/.azure-pipelines.yml uboot-layerscape-LSDK-21.08/.checkpatch.conf uboot-layerscape-LSDK-21.08/.gitattributes uboot-layerscape-LSDK-21.08/.github/ [...]
the (file) content of both archives are otherwise the same.
The PKG_HASH was taken from the builder log: | Hash of the local file uboot-layerscape-21.08.tar.xz does not match |(file: 54909a98bdcc26c7f9b35b35fcae09b977ecbf044be7bffa6dad9306c47cccf6, |requested: 874e871755ef84ebbf3[...]) - deleting download.
without this update, the uboot-layerscape-21.08 package would always try to download (from git), repacked the archive and reupload to sources.openwrt.org (~14 MiB saved).
Fixes: 038d5bdab117 ("layerscape: use semantic versions for LSDK") Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: e879ccc)
kernel: netconsole: add network console logging support
Accessing the console on many devices is difficult. netconsole eases debugging on devices that crash after the network is up.
Reference to the netconsole documentation in upstream Linux: <https://www.kernel.org/doc/html/latest/networking/netconsole.html> | |netconsole=[+][src-port]@[src-ip]/[<dev>],[tgt-port]@<tgt-ip>/[tgt-macaddr] | | where | + if present, enable extended console support | src-port source for UDP packets (defaults to 6665) | src-ip source IP to use (interface address) | dev network interface (eth0) | tgt-port port for logging agent (6666) | tgt-ip IP address for logging agent | tgt-macaddr ethernet MAC address for logging agent (broadcast)
OpenWrt specific notes:
OpenWrt's device userspace scripts are attaching the network interface (i.e. eth0) to a (virtual) bridge (br-lan) device. This will cause netconsole to report: |network logging stopped on interface eth0 as it is joining a master device (and unfortunately the traffic/logs to stop at this point)
As a workaround, the netconsole module can be manually loaded again after the bridge has been setup with:
One way of catching errors before the handoff, try to append the /etc/modules.conf file with the following extra line: options netconsole netconsole=@/eth0,@192.168.1.x/MA:C...
and install the kmod-netconsole (=y) into the base image.
Signed-off-by: Catalin Toda <catalinii@yahoo.com> (Added commit message from PR, added links to documentation) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: 488b25f)
sdk: add spidev-test to the bundle of userspace sources
moves and extends the current facilities, which have been added some time ago for the the usbip utility, to support more utilites that are shipped with the Linux kernel tree to the SDK.
this allows to drop all the hand-waving and code for failed previous attempts to mitigate the SDK build failures.
Fixes: bdaaf66e28bd ("utils/spidev_test: build package directly from Linux") Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (commit: b479db9)
ipq40xx: add MikroTik wAP ac (RBwAPG-5HacD2HnD) support
The MikroTik wAP ac (RBwAPG-5HacD2HnD) is a dual-band dual-radio 802.11ac wireless access point with integrated antenna and two Ethernet ports in a weatherproof enclosure. See https://mikrotik.com/product/wap_ac for more information.
Important: this is the new ipq40xx-based wAP ac, not the older ath79-based wAP ac (RBwAPG-5HacT2HnD), already supported in OpenWrt.
Installation: Boot the initramfs image via TFTP, then flash the sysupgrade image using sysupgrade. Details at https://openwrt.org/toh/mikrotik/common.
Notes: This preserves the MAC addresses of the physical Ethernet ports: - eth0 corresponds to the physical port labeled ETH1 and has the base MAC address. This port can be used to power the device. - eth1 corresponds to the physical port labeled ETH2 and has a MAC address one greater than the base.
MAC addresses are set from /lib/preinit/05_set_iface_mac_ipq40xx.sh rather than /etc/board.d/02_network so that they are in effect for preinit. This should likely be done for other MikroTik devices and possibly other non-MikroTik devices as well.
As this device has 2 physical ports, they are each connected to their respective PHYs, allowing the link status to be visible to software. Since they are not marked on the case with any role (such as LAN or WAN), both are bridged to the lan network by default, although this can easily be changed if needed.
Signed-off-by: Mark Mentovai <mark@mentovai.com> (commit: 7f54bf6)
ramips: Add support command fw_setsys for Xiaomi routers
The system parameters are contained in the Bdata partition. To use the fw_setsys command, you need to create a file fw_sys.config. This file is created after calling the functions ubootenv_add_uci_sys_config and ubootenv_add_app_config.
Signed-off-by: Oleg S <remittor@gmail.com> [ wrapped commit description to 72 char ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: 6c7e337)
Netgear encrypted image is used in various devices including WAX202, WAX206, and EX6400v3. This image format also requires a dummy squashfs4 image which is added here as well.
References in WAX202 GPL source: https://www.downloads.netgear.com/files/GPL/WAX202_V1.0.5.1_Source.rar
* openwrt/bootloader/u-boot-mt7621-2018.09-gitb178829-20200526/board/ralink/common/dual_image.c Bootloader code that verifies the presence of a squashfs4 image, thus a dummy image is added here.
* openwrt/tools/imgencoder/src/gj_enc.c Contains code that generates the encrypted image. There is support for adding an RSA signature, but it does not look like the signature is verified by the stock firmware or bootloader.
* openwrt/tools/imgencoder/src/imagekey.h Contains the encryption key and IV. It appears the same key/IV is used for other Netgear devices including WAX206 and EX6400v3.
Installation: * Flash the factory image through the stock web interface, or TFTP to the bootloader. NMRP can be used to TFTP without opening the case. * Note that the bootloader accepts both encrypted and unencrypted images, while the stock web interface only accepts encrypted ones.
Revert to stock firmware: * Flash the stock firmware to the bootloader using TFTP/NMRP.
References in WAX202 GPL source: https://www.downloads.netgear.com/files/GPL/WAX202_V1.0.5.1_Source.rar
* openwrt/target/linux/ramips/dts/mt7621-ax-nand-wax202.dts DTS file for this device.
This adds a simple AES-128-CBC encryption/decryption program using either wolfSSL or OpenSSL as backend to decrypt Arcadyan WG4xx223 configuration partitions. The ipk size is 3,355 bytes.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (commit: bc43ad8)
wolfssl: Do not activate HW acceleration on armvirt by default
The armvirt target is also used to run OpenWrt in lxc on other targets like a Raspberry Pi. If we set WOLFSSL_HAS_CPU_CRYPTO by default the wolfssl binray is only working when the CPU supports the hardware crypto extension.
Some targets like the Raspberry Pi do not support the ARM CPU crypto extension, compile wolfssl without it by default. It is still possible to activate it in custom builds.
UART Console ------------ NWA50AX: Available below the rubber cover next to the ethernet port. NWA55AXE: Available on the board when disassembling the device.
Settings: 115200 8N1
Layout:
<12V> <LAN> GND-RX-TX-VCC
Logic-Level is 3V3. Don't connect VCC to your UART adapter!
Installation Web-UI ------------------- Upload the Factory image using the devices Web-Interface.
As the device uses a dual-image partition layout, OpenWrt can only installed on Slot A. This requires the current active image prior flashing the device to be on Slot B.
If the currently installed image is started from Slot A, the device will flash OpenWrt to Slot B. OpenWrt will panic upon first boot in this case and the device will return to the ZyXEL firmware upon next boot.
If this happens, first install a ZyXEL firmware upgrade of any version and install OpenWrt after that.
Installation TFTP ----------------- This installation routine is especially useful in case * unknown device password (NWA55AXE lacks reset button) * bricked device
Attach to the UART console header of the device. Interrupt the boot procedure by pressing Enter.
The bootloader has a reduced command-set available from CLI, but more commands can be executed by abusing the atns command.
Boot a OpenWrt initramfs image available on a TFTP server at 192.168.1.66. Rename the image to owrt.bin
The interrupt controller in the internal GPIO peripheral will sometimes generate spurious interrupts. If these are not properly acknowledged, the system will be held busy until reboot. These spurious interrupts are identified by the fact that there is no system IRQ number associated, since the interrupt line was never allocated. Although most prevalent on RTL839x, RTL838x SoCs have also displayed this behaviour.
The change of the PKG_VERSION caused the hash of the package to change. This is because the PKG_VERSION is present in the internal directory structure of the archive.
When using the OpenWrt toolchain as an external toolchain the build failed due to missing LTO support. By choosing the GCC wrappers of the tools this commit makes sure that the LTO-enabled executables are being used.
Signed-off-by: Vincent Wiemann <vincent.wiemann@ironai.com> [ wrap the commit description to 72 char ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: 2555ffb)
rules_mk: don't include wrapped bin with external toolchains
Don't add wrapped bin to the TARGET_PATH as it does cause compilation error.
cmake.mk will use the "command -v" and will use the wrapped bin instead of the external toolchain bin as they have the same name and command will select the first result.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: a90eabf)
scripts: ext-toolchain: fix wrong prefix in print_config generation
The parsed prefix in print_config is wrong and this produce broken generated .config that won't work with any external toolchain.
Currently the prefix from a CC of
'arm-openwrt-linux-muslgnueabi-gcc-12.1.0'
produce a prefix
'arm-openwrt-linux-muslgnueabi-gcc-'
This is wrong as the real prefix should be
'arm-openwrt-linux-muslgnueabi-'
This is probably caused by a change in how the toolchain is now handled that now append also the gcc version. Probably in ancient days the version wasn't part of the name and the prefix generation stripped the '-gcc' instead of the gcc version.
Fix this and correctly strip the gcc version and the gcc suffix to correctly call toolchain bins.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: 53c2932)
scripts: ext-toolchain: add option to overwrite config
It can be useful to overwrite an already generated config. Option are simply added at the end of the config and make defconfig will overwrite the relevant option with the new one.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: f4dd18c)
scripts: ext-toolchain: actually probe libc type on config generation
Currently we never call probe_cc before config generation, this cause the script to never actually detect the correct libc type. Call probe_cc before config generation to correctl set the .config file.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: ddeabc7)
Openwrt now supports only glibc and musl. Add support for musl and rework the libc check to handle the new config flags and correctly compile package basend on that.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: 7be01fe)
Run github actions insider buildbot docker container.
Signed-off-by: Paul Spooren <mail@aparcar.org> [ run container under buildbot user ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (commit: 8a77adb)
In theory we could have just 1 bootfs image for all devices as each device has its own entry in the "configurations" node. It doesn't work well with default configuration though.
If something goes wrong U-Boot SPL can be interrupted (by pressing A) to enter its minimalistic menu. It allows ignoring boardid. In such case bootfs default configuration is used.
For above reason each SoC family (BCM4908, BCM4912) should have its own bootfs built. It allows each of them to have working default configuration.
realtek: make DGS-1210 u-boot-env partition writeable
We are close to provide enduser friendly OpenWrt images for DGS-1210 switches that do not need serial console. Nevertheless a small bit is missing. We cannot switch back to the vendor partition or initiate a download of a vendor firmware image. To issue this from inside OpenWrt we need write access to U-Boot environment.
Case 1: Switch back to secondary (vendor) image > fw_setenv bootcmd run addargs\; bootm 0xb4e80000 > fw_setenv image /dev/mtdblock7 > reboot
Case 2: Issue D-Link Network Assistant based download on next reboot. This is a combination of some vendor specific protocol (DDP) and a TFTP download afterwards. > fw_setenv bootstop on > reboot
Allow these commands by opening up u-boot-env for write access. Tested on DGS-1210-20.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de> (commit: b2681e5)
Toggle power on the individual PHY instead of the package. Otherwise a media change always toggles power on the first port, and not the one that is being configured.
realtek: rtl83xx-phy: decouple RTL8214FC media change and power config
Move RTL8214FC power configuration to newly created suspend and resume methods. A media change now only results in power configuration if the PHY is not suspended, to avoid powering up a port when the interface is currently not up.
While at it, remove the rtl8380 prefix from function names, as this is actually not SoC-specific.
Tested-by: Birger Koblitz <mail@birger-koblitz.de> Signed-off-by: Jan Hoffmann <jan@3e8.eu> (commit: c6a7ea9)
Probe the SFP module during PHY initialization and implement insertion/removal handlers to automatically configure the media type of the respective port.
Don't use udelay to allow other kernel tasks to execute if the kernel has been built without preemption. Also determine the timeout based on jiffies instead of loop iterations.
This is especially important on devices containing a watchdog with a short timeout. Without this change, the watchdog is not serviced during PHY patching which can take multiple seconds.
Tested-by: Birger Koblitz <mail@birger-koblitz.de> Signed-off-by: Jan Hoffmann <jan@3e8.eu> (commit: 81e3017)
kernel: mtdsplit: add support for H3C VFS filesystem
The bootloader on some H3C devices (for example HPE 1920 switches) only supports booting from flash by reading an image from an "VFS" filesystem which spans most of the available flash. The filesystem size is hard- coded in the bootloader. However, as long as no write operations are performed in the bootloader menu, it is sufficient if the start of the partition contains a valid filesystem with the kernel image.
This mtdsplit parser reads the size and location of the kernel image and finds the location of the rootfs stored after it. It assumes that the filesystem image matches the layout of one generated by mkh3cvfs, with a filename of "openwrt-kernel.bin" for the kernel image.
Add the 7zr command line tool, which is a version of the 7z application that only supports 7z archives.
7z is one of the two compression formats supported in H3C firmware images (the alternative would be ARJ).
(Alternatively, the 7zr command line tool could also be built from a current version of the public-domain LZMA SDK. That would require repackaging the source package, as it is only provided in 7z format.)
- Common: - RJ45 RS232 port on front panel - 32 MiB NOR Flash - 128 MiB DDR3 DRAM - PT7A7514 watchdog
Booting initramfs image: ------------------------
- Prepare a FTP or TFTP server serving the OpenWrt initramfs image and connect the server to a switch port.
- Connect to the console port of the device and enter the extended boot menu by typing Ctrl+B when prompted.
- Choose the menu option "<3> Enter Ethernet SubMenu".
- Set network parameters via the option "<5> Modify Ethernet Parameter". Enter the FTP/TFTP filename as "Load File Name" ("Target File Name" can be left blank, it is not required for booting from RAM). Note that the configuration is saved on flash, so it only needs to be done once.
- Select "<1> Download Application Program To SDRAM And Run".
Initial installation: ---------------------
- Boot an initramfs image as described above, then use sysupgrade to install OpenWrt permanently. After initial installation, the bootloader needs to be configured to load the correct image file
- Enter the extended boot menu again and choose "<4> File Control", then select "<2> Set Application File type".
- Enter the number of the file "openwrt-kernel.bin" (should be 1), and use the option "<1> +Main" to select it as boot image.
- Choose "<0> Exit To Main Menu" and then "<1> Boot System".
NOTE: The bootloader on these devices can only boot from the VFS filesystem which normally spans most of the flash. With OpenWrt, only the first part of the firmware partition contains a valid filesystem, the rest is used for rootfs. As the bootloader does not know about this, you must not do any file operations in the bootloader, as this may corrupt the OpenWrt installation (selecting the boot image is an exception, as it only stores a flag in the bootloader data, but doesn't write to the filesystem).
Support for HPE 1920 images depends on two non-existent tools (mkh3cimg and mkh3cvfs) from the in the firmware-utils package. Revert commit f2f09bc00280 ("realtek: add support for HPE 1920 series") until support for these tools is merged and made available in OpenWrt.
Without packet steering NAT masquarade speed on BCM4908 /jumps/ between two speeds: 1. 826 Mb/s (±3 Mb/s) 2. 909 Mb/s (±8 Mb/s) and it never reaches ~940 Mb/s.
Proper packet steering can improve it. Below are testing results for running iperf TCP traffic from LAN to WAN. They were used to pick up golden values.
Disable the usage of target specific CPU crypto instructions by default to allow the package being shared again. Since WolfSSL does not offer a stable ABI or a long term support version suitable for OpenWrt release timeframes, we're forced to frequently update it which is greatly complicated by the package being nonshared.
People who want or need CPU crypto instruction support can enable it in menuconfig while building custom images for the few platforms that support them.
Targets which allow booting from NVMe (x86, maybe some mvebu boards come to mind) should have it built-in, so rootfs can be mounted from there. For targets without NVMe support in bootloader or BIOS/firmware it's sufficient to provide the kernel module package.
On targets having the NVMe driver built-in the resulting kmod package is an empty dummy. In any case, depending on or installing kmod-nvme results in driver support being available (either because it was already built-in or because the relevant kernel modules are added and loaded).
Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit: dbe5335)
Changes: 38cfa2e Up the release version to 2.64 7617af6 Avoid a deadlock in forked psx thread exit. fc029cb Include LIBCAP_{MAJOR,MINOR} #define's in sys/capability.h ceaa591 Clarify how the cap_get_pid() argument is interpreted. 15cacf2 Fix prctl return code/errno handling in libcap. aae9374 Be explicit about CGO_ENABLED=1 for compare-cap build. 66a8a14 psx: free allocated memory at exit.
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 97daddf)
Changes: a47d86d Up the release version to 2.65 fc99e56 Include more signatures in pgp.keys.asc. 52288cc Close out this comment in the go/Makefile eb0f1df Prevent 'capsh --user=xxx --' from generating a bash error. 9a95791 Improve documentation for cap_get_pid and cap_reset_ambient. 21d08b0 Fix syntax error in DEBUG protected setcap.c code. 9425048 More useful captree usage string and man page.
Signed-off-by: Nick Hainke <vincent@systemli.org> (commit: 7455457)
Version 22.00 of 7z causes build failures on systems using GCC 12 with the following error:
../../../../C/LzmaEnc.c: In function 'LzmaEnc_CodeOneMemBlock': ../../../../C/LzmaEnc.c:2996:19: error: storing the address of local variable 'outStream' in '*p.rc.outStream' [-Werror=dangling-pointer=] 2996 | p->rc.outStream = &outStream.vt; | ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~ ../../../../C/LzmaEnc.c:2979:28: note: 'outStream' declared here 2979 | CLzmaEnc_SeqOutStreamBuf outStream; | ^~~~~~~~~ ../../../../C/LzmaEnc.c:2979:28: note: 'pp' declared here
Upgrade to version 22.01 which contains the required fix.
Fixes: 5fcc6f0f1942 ("tools: add 7z host package") Suggested-by: Tomasz Maciej Nowak <tmn505@gmail.com> Signed-off-by: Sander Vanheule <sander@svanheule.net> (commit: 1011904)
Line up configure arguments for cleaner git diff and editing and grepping.
LibreSSL must be built with PIC, and has the flags for it already in CFLAGS. Add the configure option native to LibreSSL to use only PIC in objects, which further enforces that each object in the library has the PIC flag to prevent a mixture of PIC / non-PIC objects within it.
Ref: 96a940308 ("tools: libressl: always build as PIC") Signed-off-by: Michael Pratt <mcpratt@pm.me> (commit: b2e2dee)
tools/libressl: disable assembly code for all hosts
This SSL library is for hosts only and not shipped as a build product, therefore its performance quality (speed) is not critical.
Assembly code is broken in LibreSSL for some x86_64 hosts (part of git history) and for some RISC host archs like armv7l, aarch64, powerpc, ppc64, etc... so let's just disable it for all hosts.
For example, this fixes an instance on ARM hosts where the host Python 3 builds broken modules which link to LibreSSL, even with patches that enable LibreSSL support with the import error "unexpected reloc type 3".
Ref: a395563f6 ("build: fix libressl build on x32 (amd64ilp32) host ") Suggested-by: Andre Heider <a.heider@gmail.com> Signed-off-by: Michael Pratt <mcpratt@pm.me> (commit: 7012f2e)
arm-trusted-firmware-mvebu: bump mv-ddr-marvell to current version
6ff988f mv_ddr: a3700: Use the right size for memset to not overflow 0f3e893 mv_ddr: a38x: fix BYTE_HOMOGENEOUS_SPLIT_OUT decision 4bae770 mv_ddr: a38x: fix SPLIT_OUT_MIX state decision cdefd8b mv_ddr: a38x: Fix Synchronous vs Asynchronous mode determination 8c42ad9 mv_ddr_4_training: cast uint64_t to unsigned long long
Signed-off-by: Andre Heider <a.heider@gmail.com> (commit: b0bbd27)
ramips: add support for H3C TX1800 Plus / TX1801 Plus / TX1806
H3C TX180x series WiFi6 routers are customized by different carrier. While these three devices look different, they use the same motherboard inside. Another minor difference comes from the model name definition in the u-boot environment variable.
Specifications: SOC: MT7621 + MT7915 ROM: 128 MiB RAM: 256 MiB LED: status *2 Button: reset *1 + wps/mesh *1 Ethernet: lan *3 + wan *1 (10/100/1000Mbps) TTL Baudrate: 115200 TFTP server IP: 192.168.124.99
MAC Address: use address(sample 1) address(sample 2) source label 88:xx:xx:98:xx:12 88:xx:xx:a2:xx:a5 u-boot-env@ethaddr lan 88:xx:xx:98:xx:13 88:xx:xx:a2:xx:a6 $label +1 wan 88:xx:xx:98:xx:12 88:xx:xx:a2:xx:a5 $label WiFi4_2G 8a:xx:xx:58:xx:14 8a:xx:xx:52:xx:a7 (Compatibility mode) WiFi5_5G 8a:xx:xx:b8:xx:14 8a:xx:xx:b2:xx:a7 (Compatibility mode) WiFi6_2G 8a:xx:xx:18:xx:14 8a:xx:xx:12:xx:a7 WiFi6_5G 8a:xx:xx:78:xx:14 8a:xx:xx:72:xx:a7
Compatibility mode is used to guarantee the connection of old devices that only support WiFi4 or WiFi5.
TFTP + TTL Installation: Although a TTL connection is required for installation, we do not need to tear down it. We can find the TTL port from the cooling hole at the bottom. It is located below LAN3 and the pins are defined as follows: |LAN1|LAN2|LAN3|----|WAN| -------------------- |GND|TX|RX|VCC|
1. Set tftp server IP to 192.168.124.99 and put initramfs firmware in server's root directory, rename it to a simple name "initramfs.bin". 2. Plug in the power supply and wait for power on, connect the TTL cable and open a TTL session, enter "reboot", then enter "Y" to confirm. Finally push "0" to interruput boot while booting. 3. Execute command to install a initramfs system: # tftp 0x80010000 192.168.124.99:initramfs.bin # bootm 0x80010000 4. Backup nand flash by OpenWrt LuCI or dd instruction. We need those partitions if we want to back to stock firmwre due to official website does not provide download link. # dd if=/dev/mtd1 of=/tmp/u-boot-env.bin # dd if=/dev/mtd4 of=/tmp/firmware.bin 5. Edit u-boot env to ensure use default bootargs and first image slot: # fw_setenv bootargs # fw_setenv bootflag 0 6. Upgrade sysupgrade firmware. 7. About restore stock firmware: flash the "firmware" and "u-boot-env" partitions that we backed up in step 4. # mtd write /tmp/u-boot-env.bin u-boot-env # mtd write /tmp/firmware.bin firmware
Additional Info: The H3C stock firmware has a 160-byte firmware header that appears to use a non-standard CRC32 verification algorithm. For this part of the data, the u-boot does not check it so we can just directly replace it with a placeholder.
Signed-off-by: Shiji Yang <yangshiji66@qq.com> (commit: 1330816)
libmnl: fix build when bash is not located at /bin/bash
This fixes the libmnl build on macOS, which ships with an outdated bash at /bin/bash. During the OpenWrt build, a modern host bash is built and made available at staging_dir/host/bin/bash, which is present before /bin/bash in the build's PATH.
This is similar to 8f7ce3aa6dda, presently appearing at package/kernel/mac80211/patches/build/001-fix_build.patch.
Signed-off-by: Mark Mentovai <mark@mentovai.com> (commit: beeb497)
![[Jenkins]](/jenkins/static/c72b925d/images/svgs/logo.svg){kind=logo}
