Update to the latest version of iproute2; see https://lwn.net/Articles/756991/
for a full overview of the changes in 4.17.
Remove upstream patch 002-json_print-fix-hidden-64-bit-type-promotion.
Backport upstream patch 001-rdma-sync-some-IP-headers-with-glibc fixing
rdma compile issue.
At the same time re-organize patch numbering so the OpenWRT specific
patches start at 100.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
345bba0 dhcpv4: improve error checking in handle_dhcpv4()
c0f6390 odhcpd: Check if open the ioctl socket failed
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* change mx6qsabresd to mx6qsabres to match defconfig name
* merge wanboard profiles since there is only one defconfig for the target device
* move wanboard options from wandboard.h to defconfig
* remove legacy patches
Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
Most of the implementations behind cfg80211_get_station will not initialize
sinfo to zero before manipulating it. For example, the member "filled",
which indicates the filled in parts of this struct, is often only modified
by enabling certain bits in the bitfield while keeping the remaining bits
in their original state. A caller without a preinitialized sinfo.filled can
then no longer decide which parts of sinfo were filled in by
cfg80211_get_station (or actually the underlying implementations).
cfg80211_get_station must therefore take care that sinfo is initialized to
zero. Otherwise, the caller may tries to read information which was not
filled in and which must therefore also be considered uninitialized. In
batadv_v_elp_get_throughput's case, an invalid "random" expected throughput
may be stored for this neighbor and thus the B.A.T.M.A.N V algorithm may
switch to non-optimal neighbors for certain destinations.
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Board Data File (BDF) is loaded upon driver boot-up procedure. The right
board data file is identified on QCA4019 using bus, bmi-chip-id and
bmi-board-id.
The problem, however, can occur when the (default) board data file cannot
fulfill the vendor requirements and it is necessary to use a different
board data file.
This problem was solved for SMBIOS by adding a special SMBIOS type 0xF8.
Something similar has to be provided for systems without SMBIOS but with
device trees. No solution was specified by QCA and therefore a new one has
to be found for ath10k.
The device tree requires addition strings to define the variant name
wifi@a000000 {
status = "okay";
qcom,ath10k-calibration-variant = "RT-AC58U";
};
wifi@a800000 {
status = "okay";
qcom,ath10k-calibration-variant = "RT-AC58U";
};
This would create the boarddata identifiers for the board-2.bin search
* bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=RT-AC58U
* bus=ahb,bmi-chip-id=0,bmi-board-id=17,variant=RT-AC58U
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
With deterministic ECDSA the value k needed for the ECDSA signature is
not randomly generated any more, but generated from a hash over the
private key and the message to sign. If the value k used in a ECDSA
signature or the relationship between the two values k used in two
different ECDSA signatures over the same content is know to an attacker
he can derive the private key pretty easily. Using deterministic ECDSA
as defined in the RFC6979 removes this problem by deriving the value k
deterministically from the private key and the content which gets
signed.
The resulting signature is still compatible to signatures generated not
deterministic.
This increases the size of the ipk on mips 24Kc by about 2 KByte.
old:
166.240 libmbedtls_2.11.0-1_mips_24kc.ipk
new:
167.811 libmbedtls_2.11.0-1_mips_24kc.ipk
This does not change the ECDSA performance in a measurable way.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Disable MBEDTLS_SHA256_SMALLER implementation, not enabled by default in
upstream and reduces performance by quite a bit.
Source: include/mbedtls/config.h
Enable an implementation of SHA-256 that has lower ROM footprint but also
lower performance.
The default implementation is meant to be a reasonnable compromise between
performance and size. This version optimizes more aggressively for size at
the expense of performance. Eg on Cortex-M4 it reduces the size of
mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of
about 30%.
The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
164.382 Bytes
ipkg for mips_24kc after:
166.240 Bytes
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Update mbed TLS to 2.11.0
Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
The soVersion of mbedtls changed, bump PKG_RELEASE for packages that use mbedTLS
This is to avoid having a mismatch between packages when upgrading.
The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.846 Bytes
ipkg for mips_24kc after:
164.382 Bytes
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem. This change is
needed for wget-ssl and possibly others to work seamlessly with fresh
ca-bundle installation
Fixesopenwrt/packages#6152
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* New microcode update packages from AMD upstream:
+ New Microcodes:
sig 0x00800f12, patch id 0x08001227, 2018-02-09
+ Updated Microcodes:
sig 0x00600f12, patch id 0x0600063e, 2018-02-07
sig 0x00600f20, patch id 0x06000852, 2018-02-06
* Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
plus other unspecified fixes/updates.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Fixes a potential infinite loop bug when in unlimited (ie not using
built in shaper) mode.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
- Removed hacks to use standalone argp as upstream now detects it nicely.
- As we are already installing files, use files from PKG_INSTALL_DIR and
not PKG_BUILD_DIR
- Only changes Makefile.am as PKG_FIXUP:=autoreconf is in use
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Refresh patches and backport upstream to current HEAD:
a997ca0 Fix sometimes missing DNSSEC RRs when DNSSEC validation not enabled.
51e4eee Fix address-dependent domains for IPv6.
05ff659 Fix stupid infinite loop introduced by preceding commit.
db0f488 Handle some corner cases in RA contructed interfaces with addresses changing interface.
7dcca6c Warn about the impact of cache-size on performance.
090856c Allow zone transfer in authoritative mode whenever auth-peer is specified.
cc5cc8f Sane error message when pcap file header is wrong.
c488b68 Handle standard and contructed dhcp-ranges on the same interface.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This bumps to the latest & possibly greatest cake, sadly it's still
inedible but from an SQM point of view quite tasty :-)
Main tweaks since previous bump, improved ack_filter, some extra stats,
support for 64bit netlink parameters (higher rates/byte counters)
0520a6c Fix NAT option handling
8da93e1 Make sure we always call qdisc_watchdog_init() in cake_init()
f65daf6 Fix mismatched parenthesis
51d4ab3 Change flag handling to be safe even when mixing with non-eligible ACKs
f2ea091 ack_filter: protect DCTCP with stricter filtering of ECE marks
28b4560 ACK filter: Handle wrapping sequence numbers and DSACKs
73f62d9 Use the right PAD attribute for options
5969c14 Use 32 for tin backlog
e289f31 Move all the u64 netlink attributes together
36180a0 Check ACK seqno before parsing SACKs
91bbc01 Merge branch 'mine' into cobalt
58c55ec Rework SACK check to compare the ranges of two SACKs
9a5d593 ack_filter: Add proper handling of SACKs
eca95d4 ack_filter: short-circuit TCP flag check
d50a246 compat: backport some ktime functions
7b7ad11 compat: define tcpopt_fastopen for pre-4.1 kernels
ca54cdb Fix ktime compare
9d7dcc0 ack filter: Parse TCP options and only drop safe ones
b119882 Return EOPNOTSUPP on NAT option if conntrack is not available
842d7f0 Don't try to pad stats with tin_stats padding
bd46dc2 Use 64-bit divide helper
8e41bf0 Make sure we never drop SACKs when filtering ACKs
66e5d60 Avoid comparing ktime_t to scalar values
7fab017 Actually commit the ktime_t changes
fca6d13 Switch to ktime_t and get rid of cobalt.h
6f7e5af Can't use do_div with 64-bit divisors
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Bump iproute2/tc support of cake.
Add support for cake's change to u64 attribute passing for certain
attributes (rate & byte counts)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
48cff25 build: drop install -o/-g root
53d7e7a extensions: ebt_string: take action if snprintf discards data
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This was causing issues recently as samba36 is not API compatible with the
libtdb in the packages repo. It shouldn't be using it anyway. Nor tevent.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The return value of the function isn't used anywhere.
Fixes missing return value, CID 1329717.
Found-by: Coverity
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
The previous callback code was fragile, dependent on some UCI callback
bugs and side-effects now fixed in master commit 73d8a6ab.
Update scripts to use callbacks where appropriate and necessary, while
using normal UCI config parsing for all else. This results in smaller,
simpler, more robust code. Use callbacks in generate.sh to only process
'interface' defaults and the varying entries for 'reclassify', 'default'
and 'classify' sections. Also switch qos-stat to use non-callback UCI
handling.
The current changes work independently of 73d8a6ab (i.e. both before and
after), and are consistent with UCI config parsing documentation.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
With current uboot default configuration the bootloader will
fail to start the OpenWrt firmware with the following error:
-----
unexpected character 'b' at the end of partition
Error initializing mtdparts!
incorrect device type in ubi
Partition ubi not found!
Error, no UBI device/partition selected!
Wrong Image Format for bootm command
Error occured, error code = 112
-----
If the uboot configuration is examined with printenv
I can see that mdtparts line (on a nsa310) is wrong:
-----
mtdparts=mtdparts=orion_nand:0x0c0000(uboot),
0x80000(uboot_env),0x7ec0000(ubi)bootargs_root=
----
The "bootargs_root=" that was appended to it should not be there.
Fix the issue by adding a \0 line terminator at the end of affected lines,
mimicking what is also done by uboot upstream.
This issue was detected and confirmed on a nsa310, nsa325 and
a pogoplug v4, but it's not hardware-specific, so apply the same fix
to other devices as well.
Note that the issue is with the uboot's integrated boot configuration,
which is not used unless the uboot configuration in flash is unavailable
(erased or corrupted), which happens only on first time installation,
or if the user deletes the uboot configuration when upgrading uboot.
People just upgrading from an older uboot without erasing their previous
uboot configuration stored in flash would not have noticed this issue.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Add a menuconfig option to set the HOME_URL exposed in
/usr/lib/os-release independent from the
LEDE_DEVICE_MANUFACTURER_URL.
Fixes: FS#1123
Signed-off-by: Mathias Kresin <dev@kresin.me>
dfd9827 version: bump snapshot
88729f0 wg-quick: android: prevent outgoing handshake packets from being dropped
1bb9daf compat: more robust ktime backport
68441fb global: use fast boottime instead of normal boottime
d0bd6dc global: use ktime boottime instead of jiffies
18822b8 tools: fix misspelling of strchrnul in comment
0f8718b manpages: eliminate whitespace at the end of the line
590c410 global: fix a few typos
bb76804 simd: add missing header
7e88174 poly1305: give linker the correct constant data section size
fd8dfd3 main: test poly1305 before chacha20poly1305
c754c59 receive: don't toggle bh
Compile-tested-for: ath79 Archer C7 v2
Run-tested-on: ath79 Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
After a very enlightening but unfortunately far too short exchange with Jes
we mutually agreed to drop the patches. They are unfortunately not ready
yet.
Acked-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: John Crispin <john@phrozen.org>
This patch adds support for ZyXEL NBG6617
Hardware highlights:
SOC: IPQ4018 / QCA Dakota
CPU: Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM: 256 MiB DDR3L-1600/1866 Nanya NT5CC128M16IP-DI @ 537 MHz
NOR: 32 MiB Macronix MX25L25635F
ETH: Qualcomm Atheros QCA8075 Gigabit Switch (4 x LAN, 1 x WAN)
USB: 1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2: Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT: RESET Button, WIFI/Rfkill Togglebutton, WPS Button
LEDS: Power, WAN, LAN 1-4, WLAN 2.4GHz, WLAN 5GHz, USB, WPS
Serial:
WARNING: The serial port needs a TTL/RS-232 3.3v level converter!
The Serial setting is 115200-8-N-1. The 1x4 .1" header comes
pre-soldered. Pinout:
1. 3v3 (Label printed on the PCB), 2. RX, 3. GND, 4. TX
first install / debricking / restore stock:
0. Have a PC running a tftp-server @ 192.168.1.99/24
1. connect the PC to any LAN-Ports
2. put the openwrt...-factory.bin (or V1.00(ABCT.X).bin for stock) file
into the tftp-server root directory and rename it to just "ras.bin".
3. power-cycle the router and hold down the the WPS button (for 30sek)
4. Wait (for a long time - the serial console provides some progress
reports. The u-boot says it best: "Please be patient".
5. Once the power LED starts to flashes slowly and the USB + WPS LEDs
flashes fast at the same time. You have to reboot the device and
it should then come right up.
Installation via Web-UI:
0. Connect a PC to the powered-on router. It will assign your PC a
IP-address via DHCP
1. Access the Web-UI at 192.168.1.1 (Default Passwort: 1234)
2. Go to the "Expert Mode"
3. Under "Maintenance", select "Firmware-Upgrade"
4. Upload the OpenWRT factory image
5. Wait for the Device to finish.
It will reboot into OpenWRT without any additional actions needed.
To open the ZyXEL NBG6617:
0. remove the four rubber feet glued on the backside
1. remove the four philips screws and pry open the top cover
(by applying force between the plastic top housing from the
backside/lan-port side)
Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:
| Hit any key to stop autoboot: 3
The user is then dropped to a locked shell.
|NBG6617> HELP
|ATEN x[,y] set BootExtension Debug Flag (y=password)
|ATSE x show the seed of password generator
|ATSH dump manufacturer related data in ROM
|ATRT [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO boot up whole system
|ATUR x upgrade RAS image (filename)
|NBG6617>
In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!
First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.
|NBG6617> ATSE NBG6617
|012345678901
This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):
- tool.sh -
ror32() {
echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -
|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711
copy and paste the result into the shell to unlock zloader.
|NBG6617> ATEN 1,0046B0017430
If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.
|NBG6617> ATGU
|NBG6617#
Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter.
Match using Linux Socket Filter. Expects a BPF program in decimal
format. This is the format generated by the nfbpf_compile utility.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Commit 61d57a2f88 adds ath10k LED
support, but doesn't add an option to actually enable it.
After enabling this option, a LED named ath10k-phy0 appears in sysfs,
and a trigger can be assigned to it. Since 60deb3cdef the default set
trigger is the tpt one.
Enable it by default, as most devices using ath10k chips shouldn't be
severely space-constrained. There are likely many devices that can
benefit from having it enabled, like my testing device.
Before:
text data bss dec hex filename
245311 8899 16 254226 3e112 ath10k_core.ko
After:
text data bss dec hex filename
245979 8899 16 254894 3e3ae ath10k_core.ko
Tested on a D-Link DAP-2695-A1 (ar71xx).
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Use the tpt LED trigger for each created phy led. Ths way LEDs attached
to the ath10k GPIO pins are indicating the phy status and blink on
traffic.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Includes specific support for PH8(1e2d-0053) / ELS61(1e2d-005b) modules.
Note for ELS61, the serial driver changes from serial option(ttyUSB) to usb-cdc (ttyACM).
Two additional fixes in this commit resolve issues with ttyACM devices: -
* wwan.sh - sys-fs has a subdirectory indirection (*/tty/ttyACMx) which was not handled properly
* wwan.usb - dependent scripts were not included, so this never actually called proto_set_available for example (and relied on inadvertent call for ttyUSB case)
Signed-off-by: David Thornley <david.thornley@touchstargroup.com>
Replace 204-udhcpc_no_msg_dontroute patch by the upstream busybox fix
which removes the code which requires the server ID to be on local
network
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Enabling CONFIG_ATH10K_THERMAL on targets that don't have CONFIG_THERMAL
enabled in their kernel config causes build to fail due to missing
symbol THERMAL_EMERGENCY_POWEROFF_DELAY_MS. Add it to kmod-thermal.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The package is not being generated otherwise, which is fatal because
it is part of the subtargets default package set...
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
0bc4230 version: bump snapshot
ed04799 poly1305: add missing string.h header
cbd4e34 compat: use stabler lkml links
caa718c ratelimiter: do not allow concurrent init and uninit
894ddae ratelimiter: mitigate reference underflow
0a8a62c receive: drop handshake packets if rng is not initialized
cad9e52 noise: wait for crng before taking locks
83c0690 netlink: maintain static_identity lock over entire private key update
0913f1c noise: take locks for ss precomputation
073f31a qemu: bump default kernel
bec4c48 wg-quick: android: don't forget to free compiled regexes
7ce2ef3 wg-quick: android: disable roaming to v6 networks when v4 is specified
9132be4 dns-hatchet: apply resolv.conf's selinux context to new resolv.conf
41a5747 simd: no need to restore fpu state when no preemption
6d7f0b0 simd: encapsulate fpu amortization into nice functions
f8b57d5 queueing: re-enable preemption periodically to lower latency
b7b193f queueing: remove useless spinlocks on sc
5bb62fe tools: getentropy requires 10.12
4e9f120 chacha20poly1305: use slow crypto on -rt kernels on arm too
Compiled-for: ar71xx, lantiq
Run-tested-on: ar71xx Archer C7 v2 & lantiq HH5a
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested on 8devices Jalapeno(ipq40xx)
Introduces following changes
* Fix: In ethtool.8, remove superfluous and incorrect \
* Fix: fix uninitialized return value
* Fix: fix RING_VF assignment
* Fix: remove unused global variable
* Fix: several fixes in do_gregs()
* Fix: correctly free hkey when get_stringset() fails
* Fix: remove unreachable code
* Fix: fix stack clash in do_get_phy_tunable and do_set_phy_tunable
* Feature: Add register dump support for MICROCHIP LAN78xx
Signed-off-by: Robert Marko <robimarko@gmail.com>
Commit ecd954d530 installs specific interface triggers which rewrites the dnsmasq config
file and restarts dnsmasq if the network interface becomes active for which a trigger
has been installed.
In case no dhcp sections are specified or ignore is set to 1 dnsmasq will not be started
at startup which breaks DNS resolving.
Fix this by ditching the BOOT check in start_service and always start dnsmasq at startup.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This new package was missing the dependency to kmod-random-core which
caused some build errors.
Fixes: 163ab9135a ("kernel/modules: add chaoskey module, hardware TRNG")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Package the driver for Chaoskey, a USB dongle that provides a
True Random Number Generator (TRNG) and feeds entropy to kernel.
Chaoskey driver is included the upstream Linux sources, so
only packaging it is needed.
Run-tested with ipq806x/R7800 and mvebu/WRT3200ACM.
(Requires CONFIG_HW_RANDOM kernel option.)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Specifications:
SOC: Qualcomm IPQ4018 (DAKOTA) ARM Quad-Core
RAM: 128 MB Nanya NT5CC64M16GP-DI
FLASH: 16 MiB Macronix MX25L12845EMI-12G
ETH: Qualcomm QCA8072
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11b/g/n 2x2
WLAN2: Qualcomm Atheros QCA4018 5GHz 802.11n/ac W2 2x2
INPUT: WPS, Mode-toggle-switch
LED: Power, WLAN 2.4GHz, WLAN 5GHz, LAN, WPS
(LAN not controllable by software)
(WLAN each green / red)
SERIAL: Header next to eth-phy.
VCC, TX, GND, RX (Square hole is VCC)
The Serial setting is 115200-8-N-1.
Tested and working:
- Ethernet (Correct MAC-address)
- 2.4 GHz WiFi (Correct MAC-address)
- 5 GHz WiFi (Correct MAC-address)
- Factory installation from tftp
- OpenWRT sysupgrade
- LEDs
- WPS Button
Not Working:
- Mode-toggle-switch
Install via TFTP:
Connect to the devices serial. Hit Enter-Key in bootloader to stop
autobooting. Command `tftpboot` will pull an initramfs image named
`C0A86302.img` from a tftp server at `192.168.99.08/24`.
After successfull transfer, boot the image with `bootm`.
To persistently write the firmware, flash an openwrt sysupgrade image
from inside the initramfs, for example transfer
via `scp <sysupgrade> root@192.168.1.1:/tmp` and flash on the device
with `sysupgrade -n /tmp/<sysupgrade>`.
append-cmdline patch taken from chunkeeys work on the NBG6617.
Signed-off-by: Magnus Frühling <skorpy@frankfurt.ccc.de>
Co-authored-by: David Bauer <mail@david-bauer.net>
Co-authored-by: Christian Lamparter <chunkeey@googlemail.com>
While support for the FLOWOFFLOAD target is available in the firmware
images, it is still missing in some of the binary packages on
downloads.openwrt.org, e.g. for the mipsel_mips32 architecture.
Increment PKG_RELEASE to force an update of these packages.
Also adjust the package description to include the FLOWOFFLOAD target.
Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
The device tree files are now matching the kernel 4.17 and this will be
send also for integration into mainline U-Boot.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch 220-add-sunxi50i-nanopi-neo-plus2.patch was merged upstream.
The u-boot-sunxi-with-spl.bin is now also created for the ARM64 sunxi
boards by U-Boot itself, no need to do it manually any more.
This was tested on a H2+ Orange Pi R1 and a H5 Orange Pi Zero Plus.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update the link to the current section in the documentaion wiki.
This fixes https://github.com/openwrt/packages/issues/6282
Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
It was described by Arend as:
> This series is intended for 4.17 and includes following:
>
> * rework bus layer attach code.
> * remove duplicate variable declaration.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
9090f9c mt76x2: fix threshold for gain adjustment
2cbaa57 mt76x2: fix swapped values for RXO-18 in gain control
a39ab70 mt76x2: adjust AGC control register 26 based on gain for VHT80
4936c0c mt76x2: clear false CCA counters after changing gain settings
1528fe7 mt76x2: fix variable gain adjustment range
f3522e1 mt76x2: add a debugfs file to dump agc calibration information
65e161b mt76x2: fix tracking rssi for dynamic gain adjustment
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Use vectoring firmware downloaded via vdsl_fw_install.sh from
ltq-vdsl-fw package for annex B and annex J.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Recent Speedport firmware downloads only work over HTTPS, so the user
either needs to provide the already downloaded file or install
ustream-ssl-* as well as ca-certificates or ca-bundle.
So to get VDSL2 with vectoring on xRX200, simply run
vdsl_fw_install.sh
on the target and either provide the downloaded file as instructed or
make sure the device is connected to the Internet and can download that
HTTPS url itself.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ucert is a wrapper around usign to allow delegation and revocation of
public keys for future use in sysupgrade.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)
Ship EEPROM blobs for specific supported board only and don't have them
lurking around in our source tree but rather download them from
@github/RPi-Distro/firmware-nonfree upstream.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
On bcm53xx and brcm47xx, commands are passed to default_do_upgrade that
expect the image to be passed on stdin, rather than as an argument.
Fixes: 30f61a34b4 ("base-files: always use staged sysupgrade")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fix condir option processing allowing to use the format
"<directory>[,<file-extension>......]," as documented on the dnsmasq man
page which previously resulted into bogus dir being created.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
On some targets this module depends on kmod-of-mdio.
This is similar to the fixes done in:
dc629d9cf5 ("kernel: fix kmod-switch-rtl8366-smi dependency")
56bd23cf52 ("kernel: let kmod-rtl8366-smi conditionally depend on kmod-of-mdio")
Fixes: 32f32398af ("kernel/modules: add kmod-mdio-gpio module")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some ath10k firmware versions allow to access the chip internal a
temperature sensor and allow to reduce the amount of the time when the card
is allowed to send. The latter is required on devices which tend to
overheat.
An userspace service has to read
/sys/class/ieee80211/phy*/device/hwmon/hwmon*/temp1_input regularly and
then decide how much the device has to be throttled. This can be done by
writing to /sys/class/ieee80211/phy*/device/cooling_device/cur_state. By
default it is not throttled (0) but it can be throttled up to 100(%).
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Without this change, ifx_mei_atm_showtime_check() will always return
"showtime" after one call of MEI_InternalXtmSwhowtimeEntrySignal()
was done, even if MEI_InternalXtmSwhowtimeExitSignal() was called
in the meantime.
The ifx_mei_atm_showtime_check() function is used by the ltq-atm and
ltq-ptm driver.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Some of the ubi-tools in the upstream mtd-utils have been
broken by a bad patch upstream. It causes major breakage
during sysupgrade when the kernel, rootfs, ... volumes
are deleted in the wrong order.
This patch therefore reverts the faulty upstream commit which
fixes the bug.
linux-mtd mailing-list thread:
<http://lists.infradead.org/pipermail/linux-mtd/2018-June/081562.html>
Cc: John Crispin <john@phrozen.org>
Reported-by: L. Wayne Leach <LLeachii@aol.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This reverts a change made in Sep 2017 [1] which introduced
MSG_DONTROUTE flag to prevent udhcpc from reaching out to servers on a
different subnet. That change violates RFC2131 by forcing fully
configured clients, who got their configurations through an offer
relayed by a DHCP relay, from renewing through a unicast request
directly to the DHCP server, resulting in the client resorting to
boradcasting lease extension requests instead of unicasting them,
further breaking RFC2131.
The problem with MSG_DONTROUTE appears when talking to a properly
configured DHCP server that rejects non-compliant requests. Such server
will reject lease extension attempts sent via broadcast rather than
unicast, as is the case with Finnish ISPs Telia and DNA as well as
Estonian ISP Starman. Once the lease expires without renewal, udhcpc
enters init mode, taking down the interfaces with it, and thus causing
interruption on every lease expiry. On some ISPs (such as the ones
mentioned above) that can be once every 10-20 minutes. The interruptions
appear in the logs as such:
----
udhcpc: sending renew to x.x.x.x
udhcpc: send: Network unreachable
udhcpc: sending renew to 0.0.0.0
udhcpc: sending renew to 0.0.0.0
...
udhcpc: lease lost, entering init state
Interface 'wan' has lost the connection
Interface 'wan' is now down
Network alias 'eth0' link is down
udhcpc: sending select for y.y.y.y
udhcpc: lease of y.y.y.y obtained, lease time 1200
Network alias 'eth0' link is up
Interface 'wan' is now up
----
During lease extension, a fully configured client should be able to
reach out to the server from which it recieved the lease for extension,
regardless in which network it is; that's up to the gateway to find. [2]
This patch ensures that.
[1]
http://lists.busybox.net/pipermail/busybox-cvs/2017-September/037402.html
[2]
https://www.netmanias.com/en/post/techdocs/6000/dhcp-network-protocol/
understanding-dhcp-relay-agents
Signed-off-by: Adi Shammout <adi.shammout@outlook.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
If log_file is specified, make sure its directory exists.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
This commit adds support for the OCEDO Koala
SOC: Qualcomm QCA9558 (Scorpion)
RAM: 128MB
FLASH: 16MiB
WLAN1: QCA9558 2.4 GHz 802.11bgn 3x3
WLAN2: QCA9880 5 GHz 802.11nac 3x3
INPUT: RESET button
LED: Power, LAN, WiFi 2.4, WiFi 5, SYS
Serial: Header Next to Black metal shield
Pinout is 3.3V - GND - TX - RX (Arrow Pad is 3.3V)
The Serial setting is 115200-8-N-1.
Tested and working:
- Ethernet
- 2.4 GHz WiFi
- 5 GHz WiFi
- TFTP boot from ramdisk image
- Installation via ramdisk image
- OpenWRT sysupgrade
- Buttons
- LEDs
Installation seems to be possible only through booting an OpenWRT
ramdisk image.
Hold down the reset button while powering on the device. It will load a
ramdisk image named 'koala-uImage-initramfs-lzma.bin' from 192.168.100.8.
Note: depending on the present software, the device might also try to
pull a file called 'koala-uimage-factory'. Only the name differs, it
is still used as a ramdisk image.
Wait for the ramdisk image to boot. OpenWRT can be written to the flash
via sysupgrade or mtd.
Due to the flip-flop bootloader which we not (yet) support, you need to
set the partition the bootloader is selecting. It is possible from the
initramfs image with
> fw_setenv bootcmd run bootcmd_1
Afterwards you can reboot the device.
Signed-off-by: David Bauer <mail@david-bauer.net>
SourceForge is deprecated according to upstream, so switch to main site
for downloads.
Tested on Turris Omnia (mvebu).
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Problem - rapsberry pi 3 b/b+ does not boot with bcm2710 images!
How Raspberry Pi boots Actualy?
When Raspberry is switched on GPU is activated.
1. GPU execute First stage bootloader from ROM.
First stage bootloader mount the FAT boot partition on the SD card
and execute second stage bootloader (bootcode.bin).
2. Second stage bootloader (bootcode.bin) activate SDRAM.
Load the GPU firmware (start.elf).
3. GPU firmware (start.elf)
a) display Rainbow splash.
b) read firmware configuration file config.txt and
split the RAM using fixup.dat.
c) loads a cmdline.txt
d) enables the CPU.
e) loads the kernel image configurable via config.txt
In your target/linux/brcm2708/image/config.txt
493 ## kernel (string)
494 ## Alternative name to use when loading kernel.
495 ##
496 #kernel=""
it is not configured!
But in your target/linux/brcm2708/image/Makefile
75 KERNEL_IMG := kernel8.img
76 DEVICE_TITLE := Raspberry Pi 3B/3B+
you have kernel8.img
GPU Firmware search order by default for a PI 3 is:
kernel8.img if found boot in 64 bit mode
kernel8-32.img if found boot in 32 bit mode
kernel7.img if found boot in 32 bit mode
kernel.img if found boot in 32 bit mode
But a PI 2 will start the search from kernel7.img and
a PI 1 only looks for kernel.img.
Оbviously the kernel has been found.
But something goes wrong and the device is restarted.
In your package/kernel/brcm2708-gpu-fw/Makefile
11 PKG_NAME:=brcm2708-gpu-fw
12 PKG_VERSION:=2017-08-08
13 PKG_RELEASE:=e7ba7ab135f5a68b2c00a919ea9ac8d5528a5d5b
boot loader is 10 monts old.
In conclusion, the best way to solve the problem is
to update the boot loader!
Fixup_cd.dat and start_cd.elf files are not necessary.
These are used when GPU memory is set to 16 MB, which disables
some GPU features.
I did not remove them just in case!
cheers
Signed-off-by: Christo Nedev <christo.nedev@gmail.com>
5699354 extensions: fix build failure on fc28
e6359ee build: update ebtables.h from kernel and drop local unused copy
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
There are several long-standing issues present in the UCI shell API as
documented in https://wiki.openwrt.org/doc/devel/config-scripting. They
relate both to high-level, user-defined callback functions used to
process UCI config files, and also to low-level functions used within
scripts generally.
The related problems have been encountered now and in the past, e.g.
https://forum.openwrt.org/viewtopic.php?id=54295, and include:
a) UCI parsing option() function and user-defined option_cb() callbacks
being erroneously called during processing of "list" config file entries;
b) normal usage of the low-level config_set() unexpectedy calling any
defined option_cb() if present; and
c) handling of the list_cb() not respecting the NO_CALLBACK variable.
Root causes include a function stack "inversion", where the low-level
config_set() function incorrectly calls the high-level option() function,
intended only for processing the "option" keyword of UCI config files.
This change addresses the inversion and other issues, making the option
handling code more consistent and smaller, and simplifying developers'
usage of UCI callbacks.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
20c0766 mt7603: adjust rx hang watchdog for MT7628
664e321 mt7603: add extra PSE hang check signature for MT7628
f24b56f update MT7628 firmware to the latest version
d87e4b0 mt7603: clear PSE reset bit if PSE reset fails
0ef26ef mt76: only stop tx queues on offchannel, not during the entire scan
f399da3 mt76: prevent tx scheduling during channel change
21c1e1e mt76: move ieee80211_hw allocation to common core
730c292 mt76: wait for pending tx to complete before switching channel
fcbb49e mt76x2: use udelay instead of usleep_range in mt76x2_mac_stop
792dbe0 mt7603: do not hold dev->mutex while flushing dev->mac_work
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501.
Setting the uci parameter encaplimit to ignore; allows to disable the insertion
of the destination option header in the map-e packets.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit uci parameter accordingly.
If no encaplimit value is specified the default value is 4 as before.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501 for dynamic created ds-lite/map
interfaces.
Setting the uci parameter encaplimit_dslite/map to ignore; allows to disable the insertion
of the destination option header for the dynamic created ds-lite/map interface.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit_dslite/map uci parameter accordingly.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501.
Setting the uci parameter encaplimit to ignore; allows to disable the insertion
of the destination option header in the ds-lite packets.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit uci parameter accordingly.
If no encaplimit value is specified the default value is 4 as before.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Reboot the oxnas target based on Linux 4.14 by rebasing our support on
top of the now-existing upstream kernel support.
This commit brings oxnas support to the level of v4.17 having upstream
drivers for Ethernet, Serial and NAND flash.
Botch up OpenWrt's local drivers for EHCI, SATA and PCIe based on the
new platform code and device-tree.
Re-introduce base-files from old oxnas target which works for now but
needs further clean-up towards generic board support.
Functional issues:
* PCIe won't come up (hence no USB3 on Shuttle KD20)
* I2C bus of Akitio myCloud device is likely not to work (missing
debounce support in new pinctrl driver)
Code-style issues:
* plla/pllb needs further cleanup -- currently their users or writing
into the syscon regmap after acquireling the clk instead of using
defined clk_*_*() functions to setup multipliers and dividors.
* PCIe phy needs its own little driver.
* SATA driver is a monster and should be split into an mfd having
a raidctrl regmap, sata controller, sata ports and sata phy.
Tested on MitraStar STG-212 aka. Medion Akoya MD86xxx and Shuttle KD20.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Do not set device runtime property on interfaces in the hotplug handler
and in fixup_interfaces(). This property conflicts with device option
in several proto handlers (mainly QMI and other WWAN/3G protos) and does
not seem to be used anywhere.
Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
3.4 is mainly a bug fix/maintenance release.
3KB increase in ipk lib size on mips.
Compile tested for: ar71xx, ramips
Run tested on: ar71xx Archer C7 v2, ramips mir3g
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The mtd tool is built with different configurations depending on the
target. For example, brcm47xx adds the fixtrx subcommand, without which
an image fails when booting the second time.
Mark the mtd package as nonshared to really fix FS#484.
Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
This version bump was made upstream mostly for OpenWRT, and should fix
an issue with a null dst when on the flow offloading path.
While we're at it, Kevin and I are the only people actually taking care
of this package, so trim the maintainer list a bit.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Clean up conflicts/provides/depends hell and add PROVIDES for
eapol-test variants while at it.
Update mesh-DFS patchset from Peter Oh to v5 (with local fixes) which
allows to drop two revert-patches for upstream commits which previously
were necessary to un-break mesh-DFS support.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Implicetely selecting the required options via Kconfig snippet from
hostapd worked fine in local builds when using menuconfig but confused
the buildbots which (in phase1) may build wpad-mini and hence already
come with CONFIG_WPA_WOLFSSL being defined as unset which then won't
trigger changing the defaults of wolfssl.
Work around by explicitely reflecting wpa_supplicant's needs in
wolfssl's default settings to make buildbots happy.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
While building, curl complains that the path specified is missing.
Also, without ca-bundle, something like 'curl https://www.google.com'
does not work due to a certificate verify error.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
It simplifies the Makefile a bit. In addition, using ca-bundle
saves some space as well.
It also fixes an issue with at least transmission, which has a dependency
on ca-bundle, but currently libcurl with OpenSSL or GnuTLS cause it not
to work.
This has been tested on mt7621 with OpenSSL and GnuTLS just by running
'curl https://www.google.com' and seeing if there's a verify error.
The rest are already using ca-bundle and therefore work fine.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Import a revert-commit from Stanislaw Gruszka which significantly
improves WiFi performance on rt2x00 based hardware.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Currently when installing the firmware, a bunch of files and directories
that the ath10k driver does not look for are created.
The package now installs firmware for both hw 2.1 and 3.0 devices.
2.1 is abandonware but may be useful to keep.
3.0 firmware was tested on a Killer 1535 to be relatively stable with
802.11w disabled. 802.11w causes multiple firmware crashes but that's true
of other ath10k firmwares as well.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This change will trigger rebuild on buildbots in case of changed config
symbols, like in the case of hostapd selecting some wolfssl symbols
lately.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Instead of selecting the SSL provider at compile time, build package
variants for each option so users can select the binary package without
having to build it themselves.
Most likely not all variants have actually ever been user by anyone.
We should reduce the selection to the reasonable and most used
combinations at some point in future. For now, build them all.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
dd02dad fstools: allow the mounting with full access time accounting
242248c fstools: allow to compress the filesystem
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The previous refactoring of ucidef_set_interface() removed the protocol
selection heuristic which breaks the networking defaults for the majority
of boards.
Re-add the protocol selection and rename two bad "proto" references to
the expected "protocol" value.
Fixes: 85048a9c1f ("base-files: rework _ucidef_set_interface to be more generic")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Support for building wpa_supplicant/hostapd against wolfssl has been
added upstream recently, add build option to allow users using it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use download from github archive corresponding to v3.14.4 tag because
the project's website apparently only offers 3.14.0-stable release
downloads.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
commit 39a6ce205d (ustream-ssl: Enable ECDHE with OpenSSL.) broke
build against wolfSSL because wolfSSL doesn't (yet) support
SSL_CTX_set_ecdh_auto() of the OpenSSL API.
Fix this in ustream-ssl:
189cd38b41 don't use SSL_CTX_set_ecdh_auto with wolfSSL
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Mounting using the zlib compression and mounting with
full access accounting are now available in the
menuconfig.
Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
This reverts commit a03035dad1
as it has several issues:
-Host file is located in a directory which is not unique per dnsmasq instance
-odhcpd writes host info into the same directory but still sends a SIGHUP to dnsmasq
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This is a rework of previously submitted patch reworking
ucidef_set_interface_raw [1]. Here, keep the idea but instead
make _ucidef_set_interface more generic and use it instead of
ucidef_set_interface_raw.
Also change the users like ucidef_set_interface_lan and others.
[1] https://patchwork.ozlabs.org/patch/844961/
Signed-off-by: Roman Yeryomin <roman@advem.lv>
1.) "addn-hosts" per default point to a file (but it supports directory)
2.) "hostsdir" only support directory with the additional benefit: New or changed files are read automatically.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
The uboot-mvebu package incorrectly used the host pkg-config for the tool
build parts, which broke the build on systems lacking pkg-config and only
worked by accident on those that have it installed.
Export the host-build specific environment variables for the uboot build
to redirect pkg-config invocations to our staged host build pkg-config in
buildroot.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The uboot-mvebu package incorrectly used the host pkg-config for the tool
build parts, which broke the build on systems lacking pkg-config and only
worked by accident on those that have it installed.
Export the host-build specific environment variables for the uboot build
to redirect pkg-config invocations to our staged host build pkg-config in
buildroot.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The uboot-mvebu package incorrectly used the host pkg-config for the tool
build parts, which broke the build on systems lacking pkg-config and only
worked by accident on those that have it installed.
Export the host-build specific environment variables for the uboot build
to redirect pkg-config invocations to our staged host build pkg-config in
buildroot.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This makes mbedtls use the POSIX API directly and not use the own
abstraction layer.
The size of the ipkg decreased by about 100 bytes.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This make sit possible to store informations about a session and reuse
it later. When used by a server it increases the time to create a new
TLS session from about 1 second to less than 0.1 seconds.
The size of the ipkg file increased by about 800 Bytes.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The soversion was changed in this version again and is now aligned with
the 2.7.2 version.
The size of the ipkg file stayed mostly the same.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
As of commit in kernel:
6104c37094 fbcon: Make fbcon a built-time depency for fbdev
framebuffer console is build in into framebuffer module and there's no
standalone fbcon module. Therefore drop the kmod-fbcon and enable
console in kmod-fb. The only targets which use these modules are imx6
and geode, both are on kernel 4.14 so no fallback for other kernels is
introduced.
Being at that this commit also fixes autoload of fbdev for x86.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
This now matches what was generated locally on my PC and the file on the
mirror server.
Fixes: 349fe46103 ("ath10k-firmware: Update QCA988X firmware to the latest version")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* chacha20poly1305: add mips32 implementation
"The OpenWRT Commit" - this significantly speeds up performance on cheap
plastic MIPS routers, and presumably the remaining MIPS32r2 super computers
out there.
* timers: reinitialize state on init
* timers: round up instead of down in slack_time
* timers: remove slack_time
* timers: clear send_keepalive timer on sending handshake response
* timers: no need to clear keepalive in persistent keepalive
Andrew He and I have helped simplify the timers and remove some old warts,
making the whole system a bit easier to analyze.
* tools: fix errno propagation and messages
Error messages are now more coherent.
* device: remove allowedips before individual peers
This avoids an O(n^2) traversal in favor of an O(n) one. Before systems with
many peers would grind when deleting the interface.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Use ft_psk_generate_local=1 by default, as it makes everything else fairly
trivial. All of the r0kh/r1kh and key management stuff goes away and hostapd
fairly much does it all for us.
We do need to provide nas_identifier, which can be derived from the BSSID,
and we need to generate a mobility_domain, for which we default to the first
four chars of the md5sum of the SSID.
The complex manual setup should also still work, but the defaults also
now work easily out of the box. Verified by manually running hostapd
(with the autogenerated config) and watching the debug output:
wlan2: STA ac:37:43:a0:a6:ae WPA: FT authentication already completed - do not start 4-way handshake
This was previous submitted to LEDE in
https://github.com/lede-project/source/pull/1382
[dwmw2: Rewrote commit message]
Signed-off-by: Gospod Nassa <devianca@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
e59f925 hardware: add device ids for QCA9984, 88W8887 and 88W8964 radios
2a82f87 nl80211: back out early when receiving FAIL-BUSY reply
77c32f0 nl80211: fix code calculating average signal and rate
Signed-off-by: John Crispin <john@phrozen.org>
Drop package/network/services/wireguard/patches/100-portability.patch
Instead pass 'PLATFORM=linux' to make since we are always building FOR
linux.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Add needed firmware for newer QCA Rome Bluetooth family.
This enables use of bluetooth with ath3k driver on QCA9377/9378 devices.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This patch updates the QCA988X firmware to the latest revision
firmware-5.bin_10.2.4-1.0-00037
found in the ath10k-firmware and linux-firmware repositories.
Tested on TP-Link Archer C7 v2 (ar71xx).
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
During handshake we are highjack and reset a LED to the configured trigger
afterwards. ltq-xdsl-app need to start after the LED init script, to
ensure that the LED init script doesn't re-highjack the LED we are
currently using for handshake indication.
Drop the comment about the atm dependency. The dependency was fixed quite
some time ago by using hotplug scripts for br2684ctl.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Refresh patches; remove 320-mbedtls_dont_use_deprecated_sha256_function
patch as upstream fixed
For changes in version 2.60 see https://curl.haxx.se/changes.html#7_60_0
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Following changes as part of the kernel
upstreaming attempts. And fix a slight fsck up
when calculating overheads for GSO packets.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
b2ecc52 mt76x2: fix avg_rssi estimation
fd58b28 mt76x2: add a polling delay in mt76x2_mac_stop routine
a78673d mt76: fix sending encrypted broadcast packets for secondary interfaces
e87f925 mt76x2: apply coverage class on slot time too
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This makes it easier to distribute prefixes over a wireguard tunnel
interface, by simply setting the ip6prefix option in uci (just like with
other protocols).
Obviously, routing etc needs to be setup properly for things to work; this
just adds the config option so the prefix can be assigned to other
interfaces.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Refactor mesh initialization into a separate function, do some cleaning
on the way to make the code more readable.
Changes:
* Move iw mesh setup to new mac80211_setup_mesh()
* fallback on 'ssid' parameter in case 'mesh_id' isn't set
* move setting of freq variable to shared code as it is needed for
both, the wpa_supplicant and the iw based setup.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The max_oper_chwidth settings was parsed incorrectly for big endian system.
This prevented the system to switch to VHT80 (or VHT160). Instead they were
mapped to:
* HT20: 20MHz
* VHT20: 20MHz
* HT40: 40MHz
* VHT40: 40MHz
* VHT80: 40MHz
* VHT160: 40MHz
This happened because each max_oper_chwidth setting in the config file was
parsed as "0" instead of the actual value.
Fixes: a4322eba2b ("hostapd: fix encrypted mesh channel settings")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
The commit 574e4377fa ("mac80211: properly setup mesh interface") uses
the variable $wpa to decide whether encrypted meshpoint is requested by the
user or not. But the variable $wpa will only be set correctly after the
function wireless_vif_parse_encryption is called.
Fixes: 574e4377fa ("mac80211: properly setup mesh interface")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Linksys WRT32X (Venom) is identical in hardware to the WRT3200ACM
with a different flash layout and boots zImage rather than uImage.
Specification:
- Marvell Armada 385 88F6820 (2x 1.8GHz)
- 256MB of Flash
- 512MB of RAM
- 2.4GHz (bgn) and 5GHz (an+ac wave 2)
- 4x 1Gbps LAN + 1x 1Gbps WAN
- 1x USB 3.0 and 1x USB 2.0/eSATA (combo port)
Flash instruction:
Apply factory image via web-gui.
Signed-off-by: Michael Gray <michael.gray@lantisproject.com>
b45e162 helpers: fix the set_helper in the rule structure
f742ba7 helpers.conf: support also tcp in the CT sip helper
08b2c61 helpers: make the proto field as a list rather than one option
Signed-off-by: John Crispin <john@phrozen.org>
Setup wpa_supplicant for encrypted mesh or when using DFS channels and
adjust interface setup to pass fixed frequency for mesh mode.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fix encrypted (or DFS) AP+MESH interface combination in a way similar
to how it's done for AP+STA and fix netifd shell script.
Refresh patches while at it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
8206219 uci: fix memory leak in rpc_uci_replace_savedir()
10f7878 exec: close stdout and stderr streams on child signal
92d0d75 uci: use correct sort index when reordering sections
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6b4a340 version: bump snapshot
faa2103 compat: don't clear header bits on RHEL
4014532 compat: handle RHEL 7.5's recent backports
66589bc queueing: preserve pfmemalloc header bit
37f114a chacha20poly1305: make gcc 8.1 happy
926caae socket: use skb_put_data
724d979 wg-quick: preliminary support for go implementation
c454c26 allowedips: simplify arithmetic
71d44be allowedips: produce better assembly with unsigned arithmetic
5e3532e allowedips: use native endian on lookup
856f105 allowedips: add selftest for allowedips_walk_by_peer
41df6d2 embeddable-wg-library: zero attribute padding
9a1bea6 keygen-html: add zip file example
f182b1a qemu: retry on 404 in wget for kernel.org race
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
We cannot depend on CONFIG_OF in the module definition context as this symbol
is not defined for OpenWrt menuconfig. Depend on the targets that appear to
need the kmod-of-mdio module instead.
The target dependency list may not be complete, it is based on the build
failures encountered by the build bots.
Fixes: dc629d9cf5 ("kernel: fix kmod-switch-rtl8366-smi dependency")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Refresh patches and backport upstream to current HEAD:
1f1873a Log warning on very large cachesize config, instead of truncating it.
0a496f0 Do unsolicited RAs for interfaces which appear after dnsmasq startup.
e27825b Fix logging in previous.
1f60a18 Retry SERVFAIL DNSSEC queries to a different server, if possible.
a0088e8 Handle query retry on REFUSED or SERVFAIL for DNSSEC-generated queries.
34e26e1 Retry query to other servers on receipt of SERVFAIL rcode.
6b17335 Add packet-dump debugging facility.
07ed585 Add logging for DNS error returns from upstream and local configuration.
0669ee7 Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip are set.
f84e674 Be persistent with broken-upstream-DNSSEC warnings.
Compile & run tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Right now interface.update events are sent out by netifd upon interface state,
route, address (lifetime), prefix lifetime changes.
Dnsmasq is only interested in interface state changes and currently adds an
interface trigger for all the "interface.*" events.
In combination with commit 23bba9cb33, which triggers a SIGHUP signal to dnsmasq,
IPv6 address/prefix lifetime changes on the wan will trigger dnsmasq reloads which
can become frequent in case of shorter lifetimes.
To avoid frequent dnsmasq reload, this patch adds specific interface triggers.
During dnsmasq init it loops dhcp uci section; if the value of the ignore option
is set to 0, then the corresponding interface trigger is not installed.
Otherwise, if the ignore option value is 1, then procd_add_interface_trigger is
called which adds the interface trigger.
Signed-off-by: hux <xinxing.huchn@gmail.com>
572735e4 Update manual pages
e8d693c3 Bump up version number to 1.32.0, LT revision to 30:2:16
f44dfcd9 Update AUTHORS
1f1b0d93 Update manual pages
ce8c749b Merge pull request #1173 from nghttp2/asio-client-sni
3e4f257b asio: Support client side SNI
86fab997 Upgrade neverbleed to the latest master
c3ecd445 Merge pull request #1171 from nghttp2/h2load-rate-and-duration
c65ca20a h2load: -r and --duration are mutually exclusive
a5c408c5 Ignore all input after calling session_terminate_session
06379b28 Fix treatment of padding
e04de48e Merge pull request #1162 from nghttp2/libressl
00964642 Use LIBRESSL_IN_USE instead of defined(LIBRESSL_VERSION_NUMBER)
8d0b4544 libressl 2.7 has X509_VERIFY_PARAM_*
d8a34131 libressl 2.7 has SSL_CTX_get0_certificate
5db17d0a Compile with libressl 2.7.2
1bf69b56 Define LIBRESSL_LEGACY_API and LIBRESSL_2_7_API
3febaef1 Bump up LT revision to 30:1:16 due to v1.31.1 release
b1bd6035 Fix frame handling
b48bcb21 examples: Use C style comment in .c files
6f3ce2c7 examples: Remove unused lambda capture
2f9121cf Merge branch 'Sp1l-Sp1l/allow-no-npn'
e65e7711 Add comment on #endif
636ef51b Fix compile error with -Wunused-function
400934e5 [PATCH] Allow building without NPN
4c3a3acf Merge pull request #1146 from vszakats/cmakestaticlib
9aa6002c Merge pull request #1144 from hellojaewon/master
f342260b cmake: add ENABLE_STATIC_LIB option to build static lib
a6dd4970 Fix typo
842509da Don't allow 101 HTTP status code because HTTP/2 removes HTTP Upgrade
4add618a Bump up version number to 1.32.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
No functional change. Code tidy ups.
735eaf2 Make sure we don't reallocate q->tins (we didn't anyway but his
really makes sure)
6c5ad6e Get rid of __GFP_NOWARN flag for memory allocation
2a37333 Don't need the wrapper for kvfree, and no need to check before calling it
2b1c631 Whitespace fix
7fe6e28 compat tidyup (for older kernel versions <4.4)
93b805c pedant tidy up superfluous semicolons on switch statements
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Point at github which is new, maintained location for igmpproxy.
Remove all patches as all have been upstreamed.
Closes FS#1456
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The init sccript for igmpproxy uses the option 'network' both as an interface name for fetching the l3_device name and for creating the firewall rules. This only works if the name of the network and firewall zone are identical.
This commit introduces a new option 'zone' for configuring the upstream and downstream firewall zones in order for the init script to create the required firewall rules automatically. When no such options are given, the init script falls back to not creating the firewall rules and the user can opt to create these manually.
Signed-off-by: Jaap Buurman <jaapbuurman@gmail.com>
fixed build error when external kernel is selected from menuconfig.
The patches present in target/linux/generic does not gets applied
to external kernel and build fails while compiling mac82011 &
regmap-core kernel modules. as a fix added check in Makefile for
CONFIG_EXTERNAL_KERNEL_TREE present or not.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Cake is bearing fruits of kernel upstreaming efforts.
diffserv-llt dropped. DSCP mapping paper died and no one using it.
ack-filter re-written & simplified
tc userspace & cake kmod netlink interface usage changed in non
backwards compatible way, thus this once requires tc & cake to be
in-step. Change due to upstream requirements.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Bearing fruits of the latest upstreaming efforts on cake.
Changes: diffserv-llt dropped. The paper describing this DSCP
allocation has gone stale and doesn't appear used.
The userspace to kernel netlink messages for cake have been reworked in
a backwards incompatible way, so tc & cake must be bumped together this
once.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
print_uint() will silently promote its variable type to uint64_t, but there
is nothing that ensures that the format string specifier passed along with
it fits (and the function name suggest to pass "%u").
Fix this by changing print_uint() to use a native 'unsigned int' type, and
introduce a separate print_u64() function for printing 64-bit values. All
call sites that were actually printing 64-bit values using print_uint() are
converted to use print_u64() instead.
Since print_int() was already using native int types, just add a
print_s64() to match, but don't convert any call sites.
Fixes wonkyness in some stats from some qdiscs under tc
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This target aims to replace ar71xx mid-term. The big part that is still
missing is making the MMIO/AHB wifi work using OF. NAND and mikrotik
subtargets will follow.
Signed-off-by: John Crispin <john@phrozen.org>
These modules usually require some special arguments to customize the
emulated device and they should be loaded manually by users.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Add target device as at91-sama5d2_ptc_ek in SAMA5D2 subtarget and
build images for SAMA5D2 PTC Ek board.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
reorganizing at91 subtargets based on sama5 soc features and this fix
below problems.
1. able to set neon flags to sama5d2 & sama5d4 subtargets.
2. fix the make clean which removes all the subtargets in bin folder.
3. able to configure kernel specific to subtarget.
4. able to set vfpu4 flags to samad3 subtargets.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
fixed DTC command not found error while compling uboot-at91. The fix
is to set DTC PATH in uboot-at91 MAKE command.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Add support for SAMA5D27 SOM1 with target device as at91-sama5d27_som1_ek
in SAMA5 subtarget and build images for SAMA5D27 SOM1 Ek board.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
fetching uboot src from linux4sam/u-boot-at91 github for all at91
target.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
updating to new version v3.8.10 and copying at91bootstrap.bin to bin folder.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Add hotplug handle script for storage devices,
this will add corresponding option in the
/etc/config/samba file automatically.
Signed-off-by: Rosy Song <rosysong@rosinson.com>
Update to latest version of iproute2, refresh patches.
See https://lkml.org/lkml/2018/4/2/349 for a full overview of the
changes in 4.16.
Build and tested on AR7xxx against musl
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Currently, the build system uses an openwrt mirror which does not currently
work and FTP can be unreliable under several circumstances. This change
implicitly allows using all the mirrors to download.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Some options' default values have been changed upstream, others were
accidentally inverted (CONFIG_WOLFSSL_HAS_DES3). Also add options
needed to build hostapd/wpa_supplicant against wolfssl.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
There is no usecase for not protecting symlinks that I know of in OpenWrt.
Not even on desktop systems where you have multiple users with a shell.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
527e700 ustream-ssl: Remove RC4 from ciphersuite in server mode.
39a6ce2 ustream-ssl: Enable ECDHE with OpenSSL.
45ac930 remove polarssl support
Signed-off-by: John Crispin <john@phrozen.org>
Without this patch the extra LDFLAGS of objects were selected based on the
name of the extension being built, which breaks for aggregate so builds.
Signed-off-by: John Crispin <john@phrozen.org>
Switched download from SourceForge to GitHub. It seems the author migrated to that.
Also fixed the website URL as the SourceForge link is dead.
Compile tested on ar71xx and mvebu. Small size decrease on ar71xx: 30444 vs. 30099 bytes.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
When libressl was linked the libpthread was missing, add it in addition.
Fixes: 2c192b6916 ("tools/libressl: update to version 2.7.2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
When libressl was linked the libpthread was missing, add it in addition.
Also make the mxsimage tool to use the OpenSSL 1.1 API for the recent
libressl version.
Fixes: 2c192b6916 ("tools/libressl: update to version 2.7.2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
When libressl was linked the libpthread was missing, add it in addition.
Fixes: 2c192b6916 ("tools/libressl: update to version 2.7.2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
010-fix-rpmatch.patch is upstream, removed from our patchset
The file structure is changed, modify patch accordingly
use CONFIGURE_ARGS to disable tests, xattr and lzo
Compile and run tested on mvebu and x86_64
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This allows us to link the other tools against our libz and we do not
need the system zlib any more.
Only the static linked library is copied to the staging directory so we
have a statically linked library on all systems and not only on Linux.
This also adds the new dependencies of the packages which are depending
on zlib.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Choose first running interface, rather than first "up" interface (Redhat #1403025)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Added for convenience. These boards can be used as dev boards running
various operating systems from different media, and this simplifies work
with U-Boot environment.
Signed-off-by: Damir Samardzic <damir.samardzic@sartura.hr>
* QCA IPQ4019
* 256 MB of RAM
* 32 MB of SPI NOR flash (s25fl256s1)
- 2x 15 MB available; but one of the 15 MB regions is the recovery image
* 2T2R 2.4 GHz
- QCA4019 hw1.0 (SoC)
- requires special BDF in QCA4019/hw1.0/board-2.bin with
bus=ahb,bmi-chip-id=0,bmi-board-id=20,variant=OM-A62
* 2T2R 5 GHz (channel 36-64)
- QCA9888 hw2.0 (PCI)
- requires special BDF in QCA9888/hw2.0/board-2.bin
bus=pci,bmi-chip-id=0,bmi-board-id=16,variant=OM-A62
* 2T2R 5 GHz (channel 100-165)
- QCA4019 hw1.0 (SoC)
- requires special BDF in QCA4019/hw1.0/board-2.bin with
bus=ahb,bmi-chip-id=0,bmi-board-id=21,variant=OM-A62
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x button (reset; kmod-input-gpio-keys compatible)
* external watchdog
- triggered GPIO
* 1x USB (xHCI)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x gigabit ethernet
- phy@mdio3:
+ Label: Ethernet 1
+ gmac0 (ethaddr) in original firmware
+ 802.3at POE+
- phy@mdio4:
+ Label: Ethernet 2
+ gmac1 (eth1addr) in original firmware
+ 18-24V passive POE (mode B)
* powered only via POE
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.
The initramfs image can be started using
setenv bootargs 'loglevel=8 earlycon=msm_serial_dm,0x78af000 console=ttyMSM0,115200 mtdparts=spi0.0:256k(0:SBL1),128k(0:MIBIB),384k(0:QSEE),64k(0:CDT),64k(0:DDRPARAMS),64k(0:APPSBLENV),512k(0:APPSBL),64k(0:ART),64k(0:custom),64k(0:KEYS),15552k(inactive),15552k(inactive2)'
tftpboot 0x84000000 openwrt-ipq40xx-openmesh_a62-initramfs-fit-uImage.itb
set fdt_high 0x85000000
bootm 0x84000000
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
The BDFs for all boards were upstreamed to the ath10k-firmware
repository and are now part of ath10k-firmware 2018-04-19.
We switched to the upstream board-2.bin, hence the files can be removed
here.
Keep the ipq-wifi package in case new boards are added. It might take
some time till board-2.bins send upstream are merged.
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
4136529 dhcpv6-ia: keep tentative assignments alive for a short time
200cc8f dhcpv6-ia: make assignment lookup more strict
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This patch was revised upstream before being merged, and OpenWrt's copy
was never updated to reflect the revision.
Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
[refreshed patches]
Signed-off-by: Mathias Kresin <dev@kresin.me>
7cc2668 version: bump snapshot
860c7c7 poly1305: do not place constants in different sections
5f1e4ca compat: remove unused dev_recursion_level backport
7e4b991 blake2s: remove unused helper
13225fc send: simplify skb_padding with nice macro
a1525bf send: account for route-based MTU
bbb2fde wg-quick: account for specified fwmark in auto routing mode
c452105 qemu: bump default version
dbe5223 version: bump snapshot
1d3ef31 chacha20poly1305: put magic constant behind macro
cdc164c chacha20poly1305: add self tests from wycheproof
1060e54 curve25519: add self tests from wycheproof
0e1e127 wg-quick.8: fix typo
2b06b8e curve25519: precomp const correctness
8102664 curve25519: memzero in batches
1f54c43 curve25519: use cmov instead of xor for cswap
fa5326f curve25519: use precomp implementation instead of sandy2x
9b19328 compat: support OpenSUSE 15
3102d28 compat: silence warning on frankenkernels
8f64c61 compat: stable kernels are now receiving b87b619
62127f9 wg-quick: hide errors on save
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Import two patches from Peter Oh to allow setting channel
bandwidth in the way it already works for managed interfaces.
This fixes mesh interfaces on 802.11ac devices always coming up in
VHT80 mode.
Add a patch to allow HT40 also on 2.4GHz if noscan option is set, which
also skips secondary channel scan just like noscan works in AP mode.
This time also make sure to add all files to the patch before
committing it...
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When a partition offset is given, it is used in an lseek call, which
affects write, but not erase. Add it to the offset for erase calls as
well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Import two patches from Peter Oh to allow setting channel
bandwidth in the way it already works for managed interfaces.
This fixes mesh interfaces on 802.11ac devices always coming up in
VHT80 mode.
Add a patch to allow HT40 also on 2.4GHz if noscan option is set, which
also skips secondary channel scan just like noscan works in AP mode.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Before this commit, devices supporting both 2.4GHz and 5GHz would be
configured for 2.4GHz by default - unless they have VHT capabilities.
With this commit, channel 36 is only set when the frequency is supported.
VHT isn't checked unless that is the case.
Signed-off-by: Leon M. George <leon@georgemail.eu>
Pipe uqmi output from qmi_wds_stop function into /dev/null.
This will supress the following output in proto teardown.
netifd: wwan (x): "No effect"
netifd: wwan (x): Command failed: Permission denied
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Several changes has been made:
+ AES support has been removed by
upstream commit c6831c7 (2017-11-14)
[remove patch "200-fw_env_no_aes.patch"]
+ Support for UBI volumes has beed added by
upstream commit 34255b9 (2017-11-15)
[remove patch "300-support-env-in-ubivol-chardev.patch"]
+ A command line argument has beed added ("-c") to manually indicate
the location of the environment configuration file
Also, patch "400-u-boot-2015.10-stdint.patch" is no longer
necessary, and the config option to enable UBI support has
been removed.
Size comparisons:
fw_printenv size:
Target Before After
ar71xx 15,189 bytes 18,133 bytes (+2,944 bytes)
ipq40xx 20,873 bytes 20,987 bytes (+114 bytes)
mvebu 20,881 bytes 20,991 bytes (+110 bytes)
ramips 15,128 bytes 18,072 bytes (+2,944 bytes)
OPKG package size:
Target Before After
ar71xx 11,309 bytes 12,875 bytes (+1,566 bytes)
ipq40xx 11,772 bytes 13,299 bytes (+1,527 bytes)
mvebu 11,609 bytes 13,114 bytes (+1,505 bytes)
ramips 10,975 bytes 12,503 bytes (+1,528 bytes)
Compile tested: ipq40xx (musl, glibc, gcc5-musl), ar71xx, mvebu, ramips
Run tested: ipq40xx (ASUS RT-AC58U)
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
mbedtls changed in version 2.7.0 the soversion of the libmbedcrypto.so
library, all applications using this shared library have to be
recompiled to be able to load the new library.
Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.
Fixes: 75c5ab4ca ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
bughost.org hasn't existed for 6-8 years, add a couple of current
mirrors to avoid the fallback to http://mirror2.openwrt.org/sources/.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
bughost.org hasn't existed for 6-8 years, add a couple of current
mirrors to avoid the fallback to http://mirror2.openwrt.org/sources/.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
The missing dependency causes build problems on systems without PCI
support.
The ath10k_pci kernel module depends on PCI support so this dependency
should be added. ath10k now also supported the ahb interface on the
IPQ4019 SoC, but this SoC also has PCI support so this extra dependency
is not as problem.
Fixes: d0f3dd5b9f ("ath10k-ct: update to latest version, enable AHB.")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Merge upstream patch from Sathishkumar Muruganandam
<murugana@codeaurora.org> for OpenWrt's backports package:
https://lkml.kernel.org/r/<1522049641-19521-1-git-send-email-murugana@codeaurora.org>
Commit-ID: 606204bb863fa3b0bb54929d79b4dc46338f9180
* FW has Smart Logging feature enabled by default for detecting failures
* and processing FATAL_CONDITION_EVENTID (36925 - 0x903D) back to host.
*
* Since ath10k doesn't implement the Smart Logging and FATAL CONDITION
* EVENT processing yet, suppressing the unknown event ID warning by moving
* this under ATH10K_DBG_WMI.
*
* Simulated the same issue by having associated STA powered off when
* ping flood was running from AP backbone. This triggerd STA KICKOUT
* in AP followed by FATAL CONDITION event 36925.
*
* Issue was reproduced and verified in below DUT
* ------------------------------------------------
* AP mode of OpenWRT QCA9984 running 6.0.8 with FW ver 10.4-3.5.3-00053
*
* Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
When CONFIG_PM was not set rsi_sdio_reinit_device() was not compiled
into the driver but referenced.
This is a backport form the mainline Linux kernel.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
RedPine RS9113 wireless module requires rsi91x driver to be built
and linux-firmware/rsi/rs9113_wlan_qspi.rps to be installed.
Also we add patch for successful compilation of rsi91x driver.
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: John Crispin <john@phrozen.org>
For unencrypted mesh networks our scripts take care of setting
the various mesh_param values. wpa_supplicant changes somes of them
when being used for SAE encrypted mesh and previously didn't allow
configuring any of them. Add support for setting mesh_fwding (which
has to be set to 0 when using other routing protocols on top of
802.11s) and update our script to pass the value to wpa_supplicant.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This reverts commit 1356a66f94.
The change breaks wpa_supplicant.conf generation, more work is needed
to fix mesh+AP.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Our commands setting accept_ra to 0 on all interfaces got lost in the
transition to procd. This remained unnoticed for a long time, as we also
enable forwarding on all interfaces, which prevents RA handling by default.
Restore the commands, while also fixing a possible race condition in the
old version.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
e243683 libfstools: move mount points when switching to JFFS2
3782b59 libfstools: add "const" to char pointer arguments in mount_move()
79721f0 libfstools: fix foreachdir() to pass dir with a trailing slash
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
513eb27 system-linux: check ioctl return value in system_vlan()
df1625d system-linux: check ioctl return value in system_if_flags()
209c508 system-linux: fix segfault on alloc failure in system_if_check()
4a8e20e system-linux: fix segfault on error in system_add_ip6_tunnel()
36e4700 handler: fix resource leak on error in netifd_init_script_handlers()
86a0e7c system-linux: remove unnecessary open call in system_if_dump_info()
1e2cf67 system-linux: fix memory leak on error in system_add_vxlan()
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
1d23142 mt76: add led active low to debugfs
549f43b mt7603: ensure that the ACK flag is set for A-MPDUs with any acked subframe
df9f9f6 mt7603: always try tx rate1 first
9c52f36 mt7603: pull the final rate index from the status descriptor
f36f308 mt7603: improve validation of rx frames
9a23989 mt7603: remove warning on rx with invalid channel info
7a31731 mt76: check for pending reset before attempting to schedule tx
873a7c9 mt7603: call mt76_txq_schedule_all as a barrier to prevent tx during reset
d9e5da3 mt76: add rcu locking in tid reorder function
a8e8921 mt7603: add more checks to avoid dereferencing invalid pointers in wcid lookup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Let's use /etc/sysctl.d for package-provided snippets and leave
/etc/sysctl.conf to the admin. Don't backup /etc/sysctl.d on upgrades, so
old defaults get replaced properly.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
We can use /etc/sysctl.d/* for package-supplied sysctl snippets, giving
admins the option to use /etc/sysctl.conf to override settings.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
11_migrate-sysctl has not been updated with new file hashes since 2012.
Let's get rid of it.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This firmware has only small changes from the last commit, but
it does have an important fix for at least some PTK rekey logic.
The old firmware would have issues if the driver managed to set
a clear key while encryption was 'enabled'. This new firmware for
both wave-1 and wave-2 should not be susceptible to this type of
bug any more.
And remove mesh-bcast IE flag from wave-2, still need more work before
we can enable that flag in ath10k-ct firmware it seems.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Don't select the firmware with the board file, it prevents an easy use
of the -ct ath10k firmware. Select the firmware within the default
packages instead.
Remove the per device selection of the firmware now that it the
firmware is selected by default.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Specifications:
SOC: Qualcomm IPQ4018 (DAKOTA) ARM Quad-Core
RAM: 256 MB Winbond W632GU6KB12J
FLASH: 16 MiB Macronix MX25L12805D
ETH: Qualcomm QCA8072
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11b/g/n/ac 2x2
WLAN2: Qualcomm Atheros QCA4018 5GHz 802.11n/ac
1x1 (EX6100)
2x2 (EX6150)
INPUT: Power, WPS, reset button
AP / Range-extender toggle
LED: Power, Router, Extender (dual), WPS, Left-/Right-arrow
SERIAL: Header next to QCA8072 chip.
VCC, TX, RX, GND (Square hole is VCC)
WARNING: The serial port needs a TTL/RS-232 v3.3 level converter!
The Serial setting is 115200-8-N-1.
Tested and working:
- Ethernet
- 2.4 GHz WiFi (Correct MAC-address)
- 5 GHz WiFi (Correct MAC-address)
- Factory installation from WebIF
- Factory installation from tftp
- OpenWRT sysupgrade (Preserving and non-preserving)
- LEDs
- Buttons
Not Working:
- AP/Extender toggle-switch
Untested:
- Support on EX6100v2. They share the same GPL-Code and vendor-images.
The 6100v2 seems to lack one 5GHz stream and differs in the 5GHz
board-blob. I only own a EX6150v2, therefore i am only able to verify
functionality on this device.
Install via Web-Interface:
Upload the factory image to the device to the Netgear Web-Interface.
The device might asks you to confirm the update a second time due to
detecting the OpenWRT firmware as older. The device will automatically
reboot after the image is written to flash.
Install via TFTP:
Connect to the devices serial. Hit Enter-Key in bootloader to stop
autobooting. Command "fw_recovery" will start a tftp server, waiting for
a DNI image to be pushed.
Assign your computer the IP-address 192.168.1.10/24. Push image with
tftp -4 -v -m binary 192.168.1.1 -c put <OPENWRT_FACTORY>
Device will erase factory-partition first, then writes the pushed image
to flash and reboots.
Parts of this commit are based on Thomas Hebb's work on the
openwrt-devel mailinglist.
See https://lists.openwrt.org/pipermail/openwrt-devel/2018-January/043418.html
Signed-off-by: David Bauer <mail@david-bauer.net>
Unlike when operating in Ad-Hoc mode, we apparently need to pass the
hostapd control socket interface to wpa_supplicant when using 802.11s
mesh mode.
There also seems to still be something wrong with the logic setting
channel and (v)htmode parameters...
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
And import patchset to allow 802.11s mesh on DFS channels, see also
http://lists.infradead.org/pipermail/hostap/2018-April/038418.html
Fix sae_password for encryption mesh (sent upstream as well).
Also refreshed existing patches and fixed 463-add-mcast_rate-to-11s.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2e783b227766 ebt_ip: add support for matching IGMP type
b5fbb8d786c9 ebt_ip: add support for matching ICMP type and code
c5e5b784fd1a Move ICMP type handling functions from ebt_ip6 to useful_functions.c
11da52177196 include: sync linux/netfilter_bridge/ebt_ip.h with kernel
Note: the new features require at least kernel 4.17 or backported patches.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The serial was working before, but not when doing copy&pasting longer
commands in a short time.
Fixes: a4def18f29 ("uboot-omap: Update to u-boot v2017.01")
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Split physdev match out of ipt-extra to allow installing ipt-extra without
pulling in br-netfilter.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
While ebtables can be combined with br-netfilter, there is no good reason
to make it a dependency.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
kmod-br-netfilter is not only a support module, but can be useful on its
own, using the net.bridge.bridge-nf-call-* sysctls.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Non-selecting dependencies easily lead to Kconfig failures due to recursive
dependencies. We hit such an issue in Gluon; the easiest fix is to make
the dependency selecting.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
RFC6771 does not exclude the forwarding of the example domain as it
states : "Caching DNS servers SHOULD NOT recognize example names as
special and SHOULD resolve them normally."
Example domains cannot be assigned to any user or person by DNS
registrars as they're registered in perpetuity to IANA meaning
they can be resolved; therefore let's remove the example domains
from the rfc6761.conf file.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
42a8ecd jshn: fix format string for int64 type
92009b7 utils: ensure that byte-order conversion functions evaluate the argument only once
ace6489 switch from typeof to the more portable __typeof__
Signed-off-by: Felix Fietkau <nbd@nbd.name>
42a8ecd jshn: fix format string for int64 type
92009b7 utils: ensure that byte-order conversion functions evaluate the argument only once
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Bug fix release. 1.28.3 has fixes for
* ash and hush (do not leave stray open file destriptors in children),
* cpio (fix for symlink extraction),
* grep ("grep -Fw a" was matching "aa").
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
74b5a3 script: fix possible negative delay
473f248 dhcpv6: always trigger script update in case of IA updates
ea18935 ra: rework route information option handling
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Some packages are already using $(1)/var on package install.
On multiuser systems this breaks the build when multiple
users build OpenWrt.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
This reverts commit 4fb684a755.
The compile fixes are still required for host systems using GCC 5.x,
such as Ubuntu 16.04 LTS.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
It's intentional that some boards within a target don't have all LEDs
which are tried to be setup in a common script. Don't show a warning in
such cases.
Fixes: 4f4fc993db ("base-files: add more name source to get_dt_led helper function")
Signed-off-by: Mathias Kresin <dev@kresin.me>
It seems both issues (GCC5 and Musl) were fixed at some point. Thus, they can be dropped.
Did not bump version as there is no change in functionality or size.
Compile-tested on ar71xx and mvebu, both with musl.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
flash_erase utility allows to erase MTD partitions on NAND flash.
Useful when you want to clean or write an MTD partition from scratch.
e.g., before using kobs-ng to flashing SPL images it's recommended
to erase the MTD partition to ensure it's empty.
Signed-off-by: Adrià Llaudet <adria.llaudet@gmail.com>
Update busybox to 1.28.2, refresh patches and default config.
* modify 230-add_nslookup_lede.patch as opt_complementary was removed
Also move nslookup_longopts variable declaration to be inside
the same conditional as the function itself.
* modify 250-date-k-flag.patch to match upstream (opt_complementary)
* remove 600-cve-2017-16544.patch that is upstreamed
Notes about config changes:
* Some applet-specific LONG_OPTIONS config options were removed
* Config help text indentation changed, caused lots of
text formatting changes for convert_menuconfig.pl
* convert_defaults.pl moved lots of defaults around, summary of
actual changes below
New applets/features:
---------------------
ARCH
HEXEDIT
MINIPS
NETCAT
NUKE
RESUME
RUN_INIT
SETFATTR
New options:
------------
FEATURE_CATN
FEATURE_CROND_SPECIAL_TIMES
FEATURE_LIBBUSYBOX_STATIC
FEATURE_SETPRIV_CAPABILITIES
FEATURE_SETPRIV_CAPABILITY_NAMES
FEATURE_SETPRIV_DUMP
FEATURE_SH_READ_FRAC
FEATURE_SWAPONOFF_LABEL
FEATURE_VOLUMEID_MINIX
FEATURE_XARGS_SUPPORT_ARGS_FILE
FEATURE_XARGS_SUPPORT_PARALLEL
HUSH_GETOPTS
HUSH_READONLY
HUSH_TIMES
Removed:
--------
FEATURE_HAVE_RPC
MSH
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This Adds fixes for the following security problems based on debians patches:
CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms
CVE-2017-12163: Server memory information leak over SMB1
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should
CVE-2018-1050: Denial of Service Attack on external print server.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These functions are not declared in any header file and only used in
same compile unit, mark them as static to remove one gcc warning and
make it easier for the compiler to optimize them out.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes some minor security problems.
Old size:
162262 bin/packages/mips_24kc/base/libmbedtls_2.7.0-1_mips_24kc.ipk
New size:
163162 bin/packages/mips_24kc/base/libmbedtls_2.8.0-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This release brings various improvements to clearfog support, such as distro-boot.
Obsoletes:
0002-clearfog-reset-usom-onboard-1512-phy.patch
0003-clearfog-enable-distro-boot-code.patch
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
CONFIG_* variables can easily be set by overriding Build/Configure.
so set NET_RANDOM_ETHADDR=y and CMD_SETEXPR=y here.
This replaces the following patches:
0001-clearfog-generate-random-MAC-address.patch
0004-clearfog-enable-setexpr-command-by-default.patch
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Wave-1 firmware has a fix for 'addba' not finding the peer. Thanks to Hauke
for finding and reporting this.
Wave-2 firmware has a fix for leaking a peer multicast key when a monitor device
is created.
And I re-ordered the '4019' firmware images in the Makefile to match the order
of the others. No functional change for that reorder.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
This reverts commit 745d0e7f4b.
It looks like upstream don't want the patch so let's revert it here too.
I hope a fix from upstream is forthcoming.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Fix psidlen becomes negative in case embedded address bit lenght is smaller than
IPv4 suffix length.
While at it improve parameter checking making the code more logical and
easier to read.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
opkg currently has some issues with Provides and this change makes the
image builder fail because of that. Revert the change for now until opkg
is fixed
This reverts commit 092d75aa3e.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Changes since last version
dfb68f8 service: initialize supplementary group ids
3db4e6d service: add func for string config change check
c3faabe procd: get rid of putenv usage.
The supplementary group id change fixes FS#988
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The following patches were merged upstream:
000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
replaced by commit 0e3bd7ac6
001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
replaced by commit cb5132bb3
002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
replaced by commit 87e2db16b
003-Prevent-installation-of-an-all-zero-TK.patch
replaced by commit 53bb18cc8
004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
replaced by commit 0adc9b28b
005-TDLS-Reject-TPK-TK-reconfiguration.patch
replaced by commit ff89af96e
006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
replaced by commit adae51f8b
007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
replaced by commit 2a9c5217b
008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
replaced by commit a00e946c1
009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
replaced by commit b488a1294
010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
replaced by commit 6f234c1e2
011-Additional-consistentcy-checks-for-PTK-component-len.patch
replaced by commit a6ea66530
012-Clear-BSSID-information-in-supplicant-state-machine-.patch
replaced by commit c0fe5f125
013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
replaced by commit 114f2830d
Some patches had to be modified to work with changed upstream source:
380-disable_ctrl_iface_mib.patch (adding more ifdef'ery)
plus some minor knits needed for other patches to apply which are not
worth being explicitely listed here.
For SAE key management in mesh mode, use the newly introduce
sae_password parameter instead of the psk parameter to also support
SAE keys which would fail the checks applied on the psk field (ie.
length and such). This fixes compatibility issues for users migrating
from authsae.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5d2bf09 uci: fix a potential use-after-free in uci_set()
3b3d63e list: only record ordering deltas if element position changed
4c4d343 cmake: Fix cli shared linking against ubox
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Improve portability of init script by declaring resolvfile as local
in dnsmasq_stop function.
Fixes resolvfile being set for older busybox versions in dnsmasq_start
in a multi dnsmasq instance config when doing restart; this happens when
the last instance has a resolvfile configured while the first instance
being started has noresolv set to 1.
Base on a patch by "Phil"
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Cake in kernel space now splits stats structure handling across netlink
messages to reduce stack usage issue flagged by upstream kernel checks.
Update user space (tc) qdisc handling to understand this new regime.
Cake also reports packet overheads & compensation in a different way so
add display code for this. e.g.
'tc -s qdisc show dev eth0' reports this extra detail:
min/max transport layer size: 28 / 1500
min/max overhead-adjusted size: 65 / 1550
average transport hdr offset: 14
Cake also supports output in JSON format.
Patch is bulkier than before because a (slightly out of date - see above
stats) man page is included for reference. Better than nothing!
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Relevant changes:
0afc1be Fixes for kernel 4.16
d2d6780 Reinitialise overhead compensation stats when reconfiguring.
a3bab9d Export overhead compensation stats to userspace.
9cd2fa8 Split tin stats to its own structure to decrease size of tc_cake_xstats
71c7b44 Gather more statistics about packet length transformations.
0517357 Rework overhead compensation to use dynamic transport header offset instead of (inaccurate) static one.
c1a0c8e Refactor length handling code to better centralise overhead calculations
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
PKG_EXTMOD_SUBDIRS should be set to the sub directory where the kernel
module gets build in, for the ath10k-ct driver this changed in commit
3888e77c1c from ath10k to ath10k-4.13. Without this fix the depends
line of the ath10*.ko modules is empty and the kernel module load system
will not automatically load the depended modules like mac80211.
Fixes: 3888e77c1c ("ath10k-ct driver: use dma_alloc_coherent, 4.13 based driver")
Fixes: 23a388fe41 ("ath10k-ct: Force loading mac80211 and ath modules.")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The HTT-MGT variants transport management frames over the
normal HTT tx path, just like data frames. This saves
limitted WMI buffers which can become depleted if lots of
management frames become stuck in TX queues due to peer
that went away.
In addition, at least for the wave-1 firmware, htt-mgt is
required in order for 802.11r (fast roaming) authentication
to function properly.
The htt-mgt firmware requires the use of the ath10k-ct
driver. Normal non-htt-mgt ath10k-ct firmware should work
with stock drivers.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This updates to latest ath10k-ct firmware. Hopefully we are
at the end of the development cycle for this firmware release,
so these should be stable.
wave-1 changes since last release:
Release 20
* Allow flushing peer when deleting. Hopefully this will allow the
peer delete command to happen in a reasonable amount of time even
if the RF environment is busy (or peer has died).
To enable this, set the high flag in the mac-addr second word in the
ath10k driver near end of the ath10k_wmi_op_gen_peer_delete method:
cmd->peer_macaddr.word1 |= __cpu_to_le32(0x80000000);
* Attempt to fix crash seen in resmgr-ocs, appearantly due to list corruption.
Use a temporary list instead of trying to rely on for-each-safe.
* Add flag to tx-descriptor to allow driver to request no-ack on data
frames. This is bit 15 on the flag1 field (previously un-used).
* Add option to support specifying the tx-rate-code and retry count on
a per-packet basis. Only a single series is supported at this time.
Useful mainly for radiotap monitor-tx type testing at this point.
* Fix crash on startup when chip is at -40 deg C and calibration fails. Instead
of asserting, just keep retrying calibration, which appears to start working
after a few minutes (when the chip warms up).
* Allow reporting per-chain rssi for management frames. We pack the values into
empty space in the mgt-frame wmi header. This will only be enabled if the driver
requests it, since otherwise the driver is assumed to not understand the new API.
ath10k-ct drivers that support this feature will automatically enable it.
* A customer reports a case that appears to be the hardware not properly detecting
end of AMPDU, so frames were being mis-delivered to the wrong peer. Attempt to
work around this, and in doing so, clean up a bunch of void* abuse in the block-ack
reordering code (could not ever confirm there was a problem in this area).
* Re-work the rx-mem logic to be less complicated and to use less memory.
* Attempt to fix crash that appearanty happens because the driver can sometimes
delete a vdev in 'up' state.
* Attempt to fix hung scan state machine issues.
* Fix crash in tx path due to un-initialized memory.
wave-2 changes since last release:
Release 10
* Fix an assert related to tx scheduling. This hopefully fixes
what appears to be a regression that I added some time back.
* Enable CSI reporting for 9984, and maybe 9888/9886. Only in
non-trimmed builds.
* Other stability improvements, including regression fixes from
some tricky bugs introduced in earlier releases.
* Allow compiling for IPQ4019 chipset.
* Firmware will now send txbf frames to the host (driver) if the
TXBF (0xF00000001) set-special feature is enabled, or when the radio
is in monitor mode. But, if the frame is consumed by the txbf_cv
logic, then the pkt cannot be delivered to the host in this manner. Instead,
a WMI event will be sent and host can find the txbf_cv data in shared
memory. See ath10k_wmi_event_txbf_cv_mesg() in ath10k-ct driver.
* Support rx-all-mgt option. When enabled, the firmware will deliver all
management frames that it can to the host. No RX filters are changed
when this option is enabled.
* Fix at least some problems with sending tx-beamforming frames to SU-MIMO
peers. Looks like this was a regression in my code.
* Fix a crash in rate-ctrl due to nss mismatch. This was something I introduced
while trying to fix other bugs in rate-ctrl some time back.
* Attempt to fix a sw-peer-key object leak in IBSS mode. The peer key code
is very complex, and shares some pointers as union members. I think I fixed
at least some of the issues, but would not be surprised if more exist.
* Improve ath10k user guide to document CT firmware features:
https://www.candelatech.com/ath10k-ug.php
* Add ct-special option to configure the txbf sounding time. See ath10k-ug.php
* Fix and allow the driver to tell the firmware to send sounding frames. See ath10k-ug.php
In further testing, this seems to fail much of the time, and I am not sure why.
Disabling this in diet (trimmed) builds.
* Fix crashes related to deleting peers while they are in power-save mode. Reported
by LEDE user on r7800 with 9984 NIC.
* Make rate-ctrl txbf probe work better. If enabled, the rate-ctrl logic will periodically
send out probes at an NSS that can to txbf. Previously, txbf probes would not reliably happen
if both AP and peer had the same nss (ie, 2x2 talking to 2x2). To enable this feature, you
need to enable the fwtest-cmdid number 20.
* Report rx-timeout error counters. These were previously un-reported, though the
field existed in the wmi struct already.
* txbf: Ignore frames not destined for us. If NIC is in promisc mode, it
could acquire and process NDPA frames that were not destined for it. Check
the dest-MAC and ignore frames not for us (pass them up the stack for monitor
mode instead of save them in the peer's rate-ctrl logic.)
* Port ping-pong crash handling and othe related features to IPQ4019 target. It should
now act similar to 9984 in this regard.
* Fix a few asserts related to txbf and tx-seq logic.
* Add custom-stats support, for rx-reorder-stats. Similar to what I did for wave-1.
* Disable AMSDU for IBSS. This now matches what I did for peregrine. It seems to
work better this way, though I did not debug it in detail.
* Enable the set-special command to re-enable AMSDU for IBSS if user wants to experiment.
* Fix bug where dbglog did not disable IRQs, so if you made dbglog messages from the IRQ
handler, it could cause corruption that could crash the firmware and/or corrupt the log
message buffers.
* Don't assert if there are no buffer descriptors for RX of non-data frame.
* Retry any stuck block-ack sessions every 20 seconds instead of just disabling BA for
ever when we get too many failures.
* Fix SGI flag when reporting tx-rate info. The flag moved since wave-1 days, and
I did not notice that when I ported my changes forward to wave-2.
* Allow disabling special CCA handling for IBSS txqs. Earlier testing indicated this
might improve throughput in some testing on 9984 chips in IBSS mode, but subsequent
testing looks about the same without it. Since I do not really understand what this
setting exists for, leave it at upstream defaults. A new set-special API command (0x12)
can be used to enable this hack for testing. Setting 0x1 bit disables special CCA handling
for non-beacon IBSS txqs, setting 0x2 bit disables it for beacon queues as well.
* Add MCAST-BCAST feature flag. This tells driver we do not need a monitor interface
to do MESH.
* When calculating the rx-address filter (affects ACK & BLOCK-ACK, among other things),
to not add in monitor interfaces if other interfaces are up. There is no need for
a monitor device to ACK frames.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Among other things, this will check for an htt-mgt variant of
ath10k-ct firmware before loading 'normal' firmware, and it disables
verbose printing of firmware DBGLOG messages by default.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Update DEPENDS and PROVIDES so that ath10k-ct firmware
and drivers can be used to replace stock firmware
and drivers. The -htt firmware variant, which requires
ath10k-ct driver now selects ath10k-ct driver when the
firmware is selected.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Drop providing the virtual package ip by busybox which was added in commit
1cec4d4ef0.
Letting busybox provide the virtual package ip is not optimal for the
following reasons :
- Applications depending on ip expect either the ip-full or
ip-tiny package to be enabled.
- Busybox ip applet cannot be added or removed at runtime
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The driver updates include:
ath10k driver backport to fix WPA 'pn' related security bugs
(4.13 based driver only currently),
a fix for off-channel TX for CT wave-1 firmware, a likely
fix for napi related crashes, and a backport of the firmware fetch
patch.
AHB is needed for the IPQ4019 platform radios.
Signed-off-by: Ben Greear <greearb@candelatech.com>
[use common subject format]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
We use the dtc from the kernel and that does not have all the options
which u-boot would like to use now. make these parameters optional.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[wigyori@uid0.hu: renamed to 221-compatible-old-dtc.patch from 220-]
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
U-Boot now requires GCC > 5
Catch up with upstream and move some configuration options from
the header files to the corresponding defconfig files.
Also move some options of patch 010 affecting the whole platform
to 010's device only.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
print_int used 'int' type internally, whereas print_uint used 'uint64_t'
These helper functions eventually call vfprintf(fp, fmt, args) which is
a variable argument list function and is dependent upon 'fmt' containing
correct information about the length of the passed arguments.
Unfortunately print_int v print_uint offered no clue to the programmer
that internally passed ints to print_uint were being promoted to 64bits,
thus the format passed in 'fmt' string vs the actual passed integer
could be different lengths. This is even more interesting on big endian
architectures where 'vfprintf' would be looking in the middle of an
int64 type. Symptoms of this included tc qdisc showing bizarre values
for a variety of fields across a variety of qdiscs (e.g. refcnt, flows,
quantum)
print_u/int now stick with native int size.
A similar patch has been sent upstream.
Fixes FS#1425
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
94b6878 Tidy crypto.c of old library compat. Now need libnettle 3.
8b96552 Fix compiler warning.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This callback should have one parameter less, this parameter is not used
so this was not a so big problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Use the UBOOT_MAKE_FLAGS defined in include/u-boot.mk and do not
overwrite them to compile the host tools against the shipped LibreSSL.
In addition add a patch to fix a compile problem when compiling the
tools against LibreSSL caused by differences in the API between OpenSSL
1.1 and LibreSSL.
This should fix the compile problems seen in build bot from time to time
by not depending on the host libssl-dev package any more but using the
LibreSSL version from OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
mwlwifi was updated to a new stable. Included in this stable release are the
followin benefits:
- Fixed compiling for kernel 4.14
- Fixed crash on 88W8864 binary
Compiled and tested on: WRT3200ACM and WRT1900AC
Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>
Option --client-cert-not-required DEPRECATED is deprecated in v2.4 and removed in OpenVPN 2.5.
Replaced by param --verify-client-cert none|optional|require in v2.4 see
https://community.openvpn.net/openvpn/wiki/ DeprecatedOptions#a--client-cert-not-required
Signed-off-by: Christian Bayer <cave@cavebeat.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_ RELEASE increase]
This patch adds support for Cisco Meraki MR33
hardware highlights:
SOC: IPQ4029 Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM: 256 MiB DDR3L-1600 @ 627 MHz Micron MT41K128M16JT-125IT
NAND: 128 MiB SLC NAND Spansion S34ML01G200TFV00 (106 MiB usable)
ETH: Qualcomm Atheros AR8035 Gigabit PHY (1 x LAN/WAN) + PoE
WLAN1: QCA9887 (168c:0050) PCIe 1x1:1 802.11abgn ac Dualband VHT80
WLAN2: Qualcomm Atheros QCA4029 2.4GHz 802.11bgn 2:2x2
WLAN3: Qualcomm Atheros QCA4029 5GHz 802.11a/n/ac 2:2x2 VHT80
LEDS: 1 x Programmable RGB+White Status LED (driven by Ti LP5562 on i2c-1)
1 x Orange LED Fault Indicator (shared with LP5562)
2 x LAN Activity / Speed LEDs (On the RJ45 Port)
BUTTON: one Reset button
MISC: Bluetooth LE Ti cc2650 PG2.3 4x4mm - BL_CONFIG at 0x0001FFD8
AT24C64 8KiB EEPROM
Kensington Lock
Serial:
WARNING: The serial port needs a TTL/RS-232 3V3 level converter!
The Serial setting is 115200-8-N-1. The board has a populated
1x4 0.1" header with half-height/low profile pins.
The pinout is: VCC (little white arrow), RX, TX, GND.
Flashing needs a serial adaptor, as well as patched ubootwrite utility
(needs Little-Endian support). And a modified u-boot (enabled Ethernet).
Meraki's original u-boot source can be found in:
<https://github.com/riptidewave93/meraki-uboot/tree/mr33-20170427>
Add images to do an installation via bootloader:
0. open up the MR33 and connect the serial console.
1. start the 2nd stage bootloader transfer from client pc:
# ubootwrite.py --write=mr33-uboot.bin
(The ubootwrite tool will interrupt the boot-process and hence
it needs to listen for cues. If the connection is bad (due to
the low-profile pins), the tool can fail multiple times and in
weird ways. If you are not sure, just use a terminal program
and see what the device is doing there.
2. power on the MR33 (with ethernet + serial cables attached)
Warning: Make sure you do this in a private LAN that has
no connection to the internet.
- let it upload the u-boot this can take 250-300 seconds -
3. use a tftp client (in binary mode!) on your PC to upload the sysupgrade.bin
(the u-boot is listening on 192.168.1.1)
# tftp 192.168.1.1
binary
put openwrt-ipq40xx-meraki_mr33-squashfs-sysupgrade.bin
4. wait for it to reboot
5. connect to your MR33 via ssh on 192.168.1.1
For more detailed instructions, please take a look at the:
"Flashing Instructions for the MR33" PDF. This can be found
on the wiki: <https://openwrt.org/toh/meraki/mr33>
(A link to the mr33-uboot.bin + the modified ubootwrite is
also there)
Thanks to Jerome C. for sending an MR33 to Chris.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Not all LED driver are using the label devicetree property for the led
name. Add support for the TI/National Semiconductor LP55xx Led Drivers,
which are using the chan-name property for the led name, as fallback.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Add a fucntion to get the a binary mac address from file. Use the new
function for mtd_get_mac_binary() to limit duplicate code.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This patch adds support for ASUS RT-AC58U/RT-ACRH13.
hardware highlights:
SOC: IPQ4018 / QCA Dakota
CPU: Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM: 128 MiB DDR3L-1066 @ 537 MHz (1074?) NT5CC64M16GP-DI
NOR: 2 MiB Macronix MX25L1606E (for boot, QSEE)
NAND: 128 MiB Winbond W25NO1GVZE1G (cal + kernel + root, UBI)
ETH: Qualcomm Atheros QCA8075 Gigabit Switch (4 x LAN, 1 x WAN)
USB: 1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2: Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT: one Reset and one WPS button
LEDS: Status, WAN, WIFI1/2, USB and LAN (one blue LED for each)
Serial:
WARNING: The serial port needs a TTL/RS-232 3V3 level converter!
The Serial setting is 115200-8-N-1. The board has an unpopulated
1x4 0.1" header. The pinout (VDD, RX, GND, TX) is printed on the
PCB right next to the connector.
U-Boot Note: The ethernet driver isn't always reliable and can sometime
time out... Don't worry, just retry.
Access via the serial console is required. As well as a working
TFTP-server setup and the initramfs image. (If not provided, it
has to be built from the OpenWrt source. Make sure to enable
LZMA as the compression for the INITRAMFS!)
To install the image permanently, you have to do the following
steps in the listed order.
1. Open up the router.
There are four phillips screws hiding behind the four plastic
feets on the underside.
2. Connect the serial cable (See notes above)
3. Connect your router via one of the four LAN-ports (yellow)
to a PC which can set the IP-Address and ssh and scp from.
If possible set your PC's IPv4 Address to 192.168.1.70
(As this is the IP-Address the Router's bootloader expects
for the tftp server)
4. power up the router and enter the u-boot
choose option 1 to upload the initramfs image. And follow
through the ipv4 setup.
Wait for your router's status LED to stop blinking rapidly and
glow just blue. (The LAN LED should also be glowing blue).
3. Connect to the OpenWrt running in RAM
The default IPv4-Address of your router will be 192.168.1.1.
1. Copy over the openwrt-sysupgrade.bin image to your router's
temporary directory
# scp openwrt-sysupgrade.bin root@192.168.1.1:/tmp
2. ssh from your PC into your router as root.
# ssh root@192.168.1.1
The default OpenWrt-Image won't ask for a password. Simply hit the Enter-Key.
Once connected...: run the following commands on your temporary installation
3. delete the "jffs2" ubi partition to make room for your new root partition
# ubirmvol /dev/ubi0 --name=jffs2
4. install OpenWrt on the NAND Flash.
# sysupgrade -v /tmp/openwrt-sysupgrade.bin
- This will will automatically reboot the router -
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch adds the patch that was posted to ath10k-devel ML:
<https://patchwork.kernel.org/patch/10233491/>
|From: Thomas Hebb <tommyhebb@gmail.com>
|Subject: [PATCH] ath10k: search all IEs for variant before falling back
|Date: Wed, 21 Feb 2018 11:43:39 -0500
|[...]
|This patch fixes the issue by first searching the entire file for the ID
|with variant, and searching for the fallback ID only if that search
|fails. It also includes some code cleanup in the area, as
|ath10k_core_fetch_board_data_api_n() no longer does its own string
|mangling to remove the variant from an ID, instead leaving that job to a
|new flag passed to ath10k_core_create_board_name().
|
|I've tested this patch on a QCA4019 and verified that the driver behaves
|correctly for 1) both fallback and variant BDFs present, 2) only fallback
|BDF present, and 3) no matching BDFs present.
|
|Fixes: 1657b8f84ed9 ("ath10k: search SMBIOS for OEM board file extension")
|Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
Note: 937-ath10k-calibration-variant.patch has been reassigned a new 081
number, as it now ships with upstream.... But also because this patch
requires the change in ath10k_core_create_board_name().
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
libext2fs breaks krb5 by always installing its own copies of libcom_err.so
and libss.so.
Move the libraries into separate libcomerr and libss packages respectively
and add a host build recipe to stage the required compile_et and mk_cmds
utilities for use by other packages.
This allows the krb5 package to be fixed to use the system wide libcomerr
and libss libraries.
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
[rename libcom_err to libcomerr, make compile_et and mk_cmds relocatable,
cleanup makefile, add dependency on host build, reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Backport the compiler support patches from upstream u-boot to this older
version to make it compile with GCC 7.
This was found by build bot.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Support configuration in the form...
list ip6prefix 2001:db8:1234::/64
list ip6prefix 2001:db8:5678::/64
... to allow specifying multiple routed IPv6 prefixes.
Implements feature request FS#1361.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
1f5a29c ip: do not add local routes for host dependencies
c06f842 device: add support for setting the isolate options for bridge ports
69aeaab interface-ip: fix route selection for host dependencies
Signed-off-by: Felix Fietkau <nbd@nbd.name>
busybox tries to be smart and passes a number of additional flags to the
compiler. Unfortunately, the i386-specific flags break ABI compatiblity
with libc.
Fixes busybox crashes observed on x86-generic with GCC 7.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Adds support for the Turris Omnia and builds an eMMC sysupgrade image in
the same format as the SolidRun ClearFog.
An initramfs image in the simple yet Omnia-specific 'medkit' image format
is also built in order to ease the initial flashing process.
Notable hardware support omissions are support for switching between SFP
cage and copper PHY, and RGB LED control.
Due to a current limitation of DSA, only 1/2 CPU switch uplinks are used.
Specifications:
- Marvell Armada 385 1.6GHz dual-core ARMv7 CPU
- 1GB DDR3 RAM
- 8GB eMMC Flash
- 5x Gigabit LAN via Marvell 88E6176 Switch (2x RGMII CPU ports)
- 1x switchable RJ45 (88E1514 PHY) / SFP SGMII WAN
- 2x USB 3.0
- 12x dimmable RGB LEDs controlled by independent MCU
- 3x Mini PCIe slots
- Optional Compex WLE200N2 Mini PCIe AR9287 2x2 802.11b/g/n (2.4GHz)
- Optional Compex WLE900VX Mini PCIe QCA9880 3x3 802.11ac (2.4 / 5GHz)
- Optional Quectel EC20 Mini PCIe LTE modem
Flash instructions:
If the U-Boot environment has been modified previously (likely manually via
serial console), first use serial to reset the default environment.
=> env default -a
=> saveenv
Method 1 - USB 'medkit' image w/o serial
- Copy openwrt-mvebu-turris-omnia-sysupgrade.img.gz and
omnia-medkit-openwrt-mvebu-turris-omnia-initramfs.tar.gz to the root of a
USB flash drive formatted with FAT32 / ext2/3/4 / btrfs / XFS.
Note that the medkit MUST be named omnia-medkit*.tar.gz
- Disconnect other USB devices from the Omnia and connect the flash drive
to either USB port.
- Power on the Omnia and hold down the rear reset button until 4 LEDs are
illuminated, then release.
- Wait approximately 2 minutes for the Turris Omnia to flash itself with
the temporary image, during which LEDs will change multiple times.
- Connect a computer to a LAN port of the Turris Omnia with a DHCP client
- (if necessary) ssh-keygen -R 192.168.1.1
- ssh root@192.168.1.1
$ mount /dev/sda1 /mnt
$ sysupgrade /mnt/openwrt-mvebu-turris-omnia-sysupgrade.img.gz
- Wait another minute for the final OpenWrt image to be flashed. The Turris
Omnia will reboot itself and you can remove the flash drive.
Method 2 - TFTP w/ serial
- Extract omnia-medkit-openwrt-mvebu-turris-omnia-initramfs.tar.gz and copy
dtb + zImage to your TFTP server (rename if desired)
- Connect Turris Omnia WAN port to DHCP-enabled network with TFTP server
- Connect serial console and interrupt U-Boot
=> dhcp
=> setenv serverip <tftp_server_ip_here>
=> tftpboot 0x01000000 zImage
=> tftpboot 0x02000000 dtb
=> bootz 0x01000000 - 0x02000000
- OpenWrt will now boot from ramdisk
- Download openwrt-mvebu-turris-omnia-sysupgrade.img.gz to /tmp/
$ sysupgrade /tmp/openwrt-mvebu-turris-omnia-sysupgrade.img.gz
- Wait another minute for the final OpenWrt image to be flashed. The Turris
Omnia will reboot itself.
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.5.3-00053 firmware for the QCA9984.
The update fixes "ath10k_pci 0001:01:00.0: Invalid VHT mcs 15 peer
stats" spamming the kernel ring buffer at very high frequencies, but
introduces the new "ath10k_pci 0001:01:00.0: Unknown eventid: 36925".
This new warning doesn't appear to cause problems in practice and is
only emitted relatively rarely, not causing dmesg to overflow within
minutes.
Tested on the ZyXEL NBG6817; early feedback also suggests this firmware
to work well (with the same fixes and caveats) on the Netgear r7800 as
well.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
This patch updates ath10k-firmware to last commit and use the
firmware-5.bin_10.4-3.5.3-00053 firmware for the QCA9888.
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
392811a ubus: let fw3_ubus_address() return the number of resolved addresses
359adcf options: emit an empty address item when resolving networks fails
503db4a zones: disable masq when resolving of all masq_src or masq_dest items failed
f50a524 helpers: implement explicit CT helper assignment support
a3ef503 zones: allow per-table log control
8ef12cb iptables: fix possible NULL pointer access on constructing rule masks
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The default fragment low/high thresholds are 3 and 4 MB. On devices with
only 32MB RAM, these settings may lead to OOM when many fragments that
cannot be reassembled are received. Decrease fragment low/high thresholds
to 384 and 512 kB on devices with less than 64 MB RAM.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
In addition to removing redundant code, this fixes various issues in
IB-generated images that have been fixed in prepare_rootfs before,
including better handling of CONFIG_CLEAN_IPKG and enabling of initscripts
from FILES.
We also reuse the opkg macro and remove --force-... flags that have been
removed from rootfs.mk as well.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Many packages use the opkg conffiles field to list configuration files that
are to be retained on upgrades. Make this work on systems without opkg.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The package still leaks some user space linker options into the kernel
space. This breaks the build when ASLR is activated, deactivate it for
now.
Signed-off-by: Mathias Kresin <dev@kresin.me>
7c0d711 version: bump snapshot
b6a5cc0 contrib: add extract-handshakes kprobe example
37dc953 wg-quick: if resolvconf/run/iface exists, use it
1f9be19 wg-quick: if resolvconf/interface-order exists, use it
4d2d395 noise: align static_identity keys
14395d2 compat: use correct -include path
38c6d8f noise: fix function prototype
302d0c0 global: in gnu code, use un-underscored asm
ff4e06b messages: MESSAGE_TOTAL is unused
ea81962 crypto: read only after init
e35f409 Kconfig: require DST_CACHE explicitly
9d5baf7 Revert "contrib: keygen-html: rewrite in pure javascript"
6e09a46 contrib: keygen-html: rewrite in pure javascript
e0af0f4 compat: workaround netlink refcount bug
ec65415 contrib: embedded-wg-library: add key generation functions
06099b8 allowedips: fix comment style
ce04251 contrib: embedded-wg-library: add ability to add and del interfaces
7403191 queueing: skb_reset: mark as xnet
Changes:
* queueing: skb_reset: mark as xnet
This allows cgroups to classify packets.
* contrib: embedded-wg-library: add ability to add and del interfaces
* contrib: embedded-wg-library: add key generation functions
The embeddable library gains a few extra tricks, for people implementing
plugins for various network managers.
* crypto: read only after init
* allowedips: fix comment style
* messages: MESSAGE_TOTAL is unused
* global: in gnu code, use un-underscored asm
* noise: fix function prototype
Small cleanups.
* compat: workaround netlink refcount bug
An upstream refcounting bug meant that in certain situations it became
impossible to unload the module. So, we work around it in the compat code. The
problem has been fixed in 4.16.
* contrib: keygen-html: rewrite in pure javascript
* Revert "contrib: keygen-html: rewrite in pure javascript"
We nearly moved away from emscripten'ing the fiat32 code, but the resultant
floating point javascript was just too terrifying.
* Kconfig: require DST_CACHE explicitly
Required for certain frankenkernels.
* compat: use correct -include path
Fixes certain out-of-tree build systems.
* noise: align static_identity keys
Gives us better alignment of private keys.
* wg-quick: if resolvconf/interface-order exists, use it
* wg-quick: if resolvconf/run/iface exists, use it
Better compatibility with Debian's resolvconf.
* contrib: add extract-handshakes kprobe example
Small utility for extracting ephemeral key data from the kernel's memory.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (git log --oneline description)
6e744662 Update bash_completion
478eac09 Update manual pages
88e2029e Bump up version number to 1.31.0, LT revision to 30:0:16
45d76cf5 nghttpx: Close listening socket on graceful shutdown
54573f28 Merge pull request #1137 from nghttp2/session-set-user-data
17793e99 Add nghttp2_session_set_user_data() public API function
5eac3c90 Update manual pages
e70195ae nghttpx: Update doc
fe51e7fa Merge pull request #1130 from nghttp2/avoid-inet_pton-macro
eb951c2c src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro
39f0ce7c Merge pull request #1126 from nghttp2/nghttpx-expired-client-cert
65157811 Merge pull request #1123 from nghttp2/mruby-client-cert-not-before-after
e8af7afc nghttpx: Add an option to accept expired client certificate
38abfd18 nghttpx: Add mruby tls_client_not_before, and tls_client_not_after
ff3edc09 nghttpx: Fix potential memory leak
0bb15406 Bump up version number to 1.31.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The lantiq components still leak some user space linker options into the
kernel space. This breaks with build when ASLR is activated, deactivate
it for now on these packages.
Fixes: FS#1391
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.
This decreases the size of the ipk file from 87589 bytes to 81267 bytes.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not force to build with O3 optimization any more, but take what was
selected by the OpenWrt build system.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The build process does not leak the user space cflags into the kernel
build process any more, this allows to activate MIPS16 builds.
This was fixed with some update of ifxos.
This decreases size of the libifxos.a and the ltq-vdsl-app
old:
78320 libifxos.a
44383 ltq-vdsl-app_4.17.18.6-2_mips_24kc.ipk
new:
66852 libifxos.a
43506 ltq-vdsl-app_4.17.18.6-2_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The split-up into packages gre, grev4 and grev6 causes confusion for the
users as reported in FS#1399.
As IPv4 and IPv6 are considered now as bundled; squash the grev4 and grev6
packages into the gre package and let gre provide both grev4 and grev6.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Fixes the assumption the busybox udhcpc applet is always enabled; in case
the symbolic link check fails the DHCP shell handler script will exit and
as result the DHCP protocol handler will not be registered in netifd.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This is to simplify maintenance. It's easy to say now which patches need
some extra work and/or sending upstream. Updating to newer backports
should be also simpler with this.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This reverts commit 79a768a90f.
Some devices can go over their power limits with this commit, so this
needs to be handled on a case by case basis instead
Signed-off-by: Felix Fietkau <nbd@nbd.name>
There was a mismatch between indicating factory reset and code actually
starting it. After 5 seconds status LED started blinking rapidly letting
user know it's ready to release reset button. In practice button had to
stay pressed for another second in order to relly start the process.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>