WPA-EAP supports several phase2 (=inner) authentication methods when
using EAP-TTLS, EAP-PEAP or EAP-FAST (the latter is added as a first
step towards the UCI model supporting EAP-FAST by this commit)
The value of the auth config variable was previously expected to be
directly parseable as the content of the 'phase2' option of
wpa_supplicant.
This exposed wpa_supplicant's internals, leaving it to view-level to
set the value properly. Unfortunately, this is currently not the case,
as LuCI currently allows values like 'PAP', 'CHAP', 'MSCHAPV2'.
Users thus probably diverged and set auth to values like
'auth=MSCHAPV2' as a work-around.
This behaviour isn't explicitely documented anywhere and is not quite
intuitive...
The phase2-string is now generated according to $eap_type and $auth,
following the scheme also found in hostap's test-cases:
http://w1.fi/cgit/hostap/tree/tests/hwsim/test_ap_eap.py
The old behaviour is also still supported for the sake of not breaking
existing, working configurations.
Examples:
eap_type auth
'ttls' 'EAP-MSCHAPV2' -> phase2="autheap=MSCHAPV2"
'ttls' 'MSCHAPV2' -> phase2="auth=MSCHAPV2"
'peap' 'EAP-GTC' -> phase2="auth=GTC"
Deprecated syntax supported for compatibility:
'ttls' 'autheap=MSCHAPV2' -> phase2="autheap=MSCHAPV2"
I will suggest a patch to LuCI adding EAP-MSCHAPV2, EAP-GTC, ... to
the list of Authentication methods available.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 48309
Remove the "DEU test manager" code which has not been used for more than
two years (as the kernel module is not installed anymore since r38731).
This fixes compilation on kernel 4.3, which removes
aead_request_set_assoc (and newer kernels).
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48308
The following patches were dropped because they are already applied
upstream:
- 0038-MIPS-lantiq-fpi-on-ar9.patch
- 0039-MIPS-lantiq-initialize-usb-on-boot.patch
- 0042-USB-DWC2-big-endian-support.patch
- 0043-gpio-stp-xway-fix-phy-mask.patch
All other patches were simply refreshed, except the following:
- 0001-MIPS-lantiq-add-pcie-driver.patch
Changes to arch/mips/lantiq/xway/sysctrl.c (these changes disabled
some PMU gates for the vrx200 / VR9 SoCs) were removed since the
upstream kernel disables unused PMU gates automatically (since
95135bfa7ead1becc2879230f72583dde2b71a0c
"MIPS: Lantiq: Deactivate most of the devices by default").
- 0025-NET-MIPS-lantiq-adds-xrx200-net.patch
Since OpenWrt commit 55ba20afcc2fe785146316e5be2c2473cb329885 drivers
should use of_get_mac_address(). of_get_mac_address_mtd is not
available for drivers anymore since it's called automatically within
of_get_mac_address().
- 0028-NET-lantiq-various-etop-fixes.patch
Same changes as in 0025-NET-MIPS-lantiq-adds-xrx200-net.patch
While refreshing the kernel configuration SPI support had to be moved to
config-4.4 because otherwise M25P80 was disabled.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48307
AP148 uses lowercase name as boardname, so we need to use this in
platform.sh as well.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 48304
Overwriting static strings is never a good idea, especially expecting
identical strings to be stored in different memory locations.
This caused the lookups to always return the second chip's name. Fix
this by just initializing the lookup with the right values, so we
don't need to modify the strings at all.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 48303
BCM531x5 has two pontential cpu ports, and header mode can be enabled
independently on both.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 48302
Currently libiconv-stub and libiconv-full use different names
for functions iconv, iconv_open, and iconv_close.
This may lead to failures when building modules, e.g. with
apr-util when NLS is not activated.
The two modules libiconv-stub and libiconv-full should be
interchangeable, so we need the same function names.
cf.
http://git.savannah.gnu.org/cgit/libiconv.git/tree/include/iconv.h.in
After applying this patch execute
make distclean
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
SVN-Revision: 48301
This was generating a conffiles list that included the binary
and CONTROL/ files.
Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
SVN-Revision: 48296
Re-defining the compatible property is not required since the correct
value is inherited from vr9.dtsi.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48295
Compared to the "old" driver:
- Each device must assign a pinctrl setting to the SPI node to allow the
new SPI driver to configure the SPI pins.
While here we are also using separate input and output settings so we
are independent of whether the bootloader configures the pins correctly.
- We use the new "compatible" strings to make the driver choose the
correct number of chip-selects for each SoC.
- The new driver starts counting the chip-selects at 1 (instead of 0, like
the old one did). Thus we have to adjust the devices accordingly.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48293
The new driver provides a few improvements over the old one:
- Separate compatible strings per SoC type (this allows removing some
hardcoded of_device_is_compatible() checks)
- It does not rely upon spi-bitbang anymore
- chip-selects are numbered as in the datasheet (= starting at 1 instead
of 0)
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48292
All devices are now using the HW SPI driver, so this is not necessary
anymore.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48291
This allows devices to use SPI without having to re-define (and thus
duplicating) the whole SPI node.
By default SPI is disabled (as before) because only few devices need it.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48286
After the latest pinctrl backports there are only 50 (instead of 56 as
before) GPIOs/pins exported (thus the first GPIO on VRX200 SoCs is now
462, before it was 456). This means that any hardcoded GPIOs have to be
adjusted.
This broke the PCIe driver (which seems to be the only driver which uses
hardcoded GPIO numbers), it only reports:
ifx_pcie_wait_phy_link_up timeout
ifx_pcie_wait_phy_link_up timeout
ifx_pcie_wait_phy_link_up timeout
ifx_pcie_wait_phy_link_up timeout
ifx_pcie_wait_phy_link_up timeout
pcie_rc_initialize link up failed!!!!!
To prevent more of these issues in the future we remove the hardcoded
PCIe reset GPIO definition and simply pass it via device-tree (like the
PCI driver does).
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48285
These were introduced in upstream commit
be14811c03cf "pinctrl/lantiq: introduce new dedicated devicetree
bindings" and finally allow us to use the individual pins within our dts
(for example spi_clk, etc.).
Please note that this changes the number of GPIOs which are available for
some SoCs. VRX200 SoCs for example only have 50 pins, but previously 56
pins were exposed. This means that all places which are using hardcoded
GPIO numbers (which are not passed via device-tree) need to be adjusted
(because the first GPIO number is now 462, instead of 456).
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48284
Upstream commit be14811c03cf2 "pinctrl/lantiq: introduce new dedicated
devicetree bindings" allows us to use each pin in the pinmux. This is
useful for example in the "spi" group which contains some pins which
are inputs, and some which are outputs.
These can only be used once the new compatible strings for the pinctrl
node are used.
Additionally 0150-lantiq-pinctrl-xway.patch and the "GPIO PORT3 fix"
(which was part of 0012-pinctrl-lantiq-fix-up-pinmux.patch) were
replaced with their upstream variants which are also in 4.5.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48283
Upstream linux 4.2 commit 84be456f883c4685680fba8e5154b5f72e92957e
"remove <asm/scatterlist.h>" requires us to include linux/scatterlist.h
instead. This also works with older kernels (at least 4.1, thanks to
Hauke Mehrtens for testing).
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48282
A previous change to sysupgrade moved the overlay files into upper/
The -c switch generates a list of files to backup, but the sed
calls did not take this into consideration.
Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
SVN-Revision: 48281
According to the calling convention of the o32 ABI the caller
function must reserve stack space for $a0-$a3 registers in case
the callee needs to save its arguments.
The assembly code of the loader does not reserve stack space for
these registers thus when the 'loader_main' function needs to save
its arguments, those will be stored in the 'workspace' area instead
of the stack.
Because the workspace area is also used by other part of the code, the
saved register values gets overwritten and this often leads to failed
kernel boots.
Fix the code to reserve stack space for the registers to avoid this
error.
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 48279
Change MTD on WNDR4300 and WNDR3700v4 to fully utilize the 128MB flash.
Credit to @Tuochenlyu on GitHub.
Signed-off-by: Chris Marchesi <chrism@vancluevertech.com>
SVN-Revision: 48276
PTP requires at least one timer to be 1PPS so describe it.
For testing, load kernel module gianfar_ptp and use ptp4l
from linuxptp.
Copied from FSL P1010RDB reference design.
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
SVN-Revision: 48275
This adds support for configuring VTI interfaces within /etc/config/network.
VTI interfaces are used to create IPsec tunnel interfaces. These interfaces
may be used for routing and other purposes.
Example config:
config interface 'vti1'
option proto 'vti'
option mtu '1500'
option tunlink 'wan'
option peeraddr '192.168.5.16'
option zone 'VPN'
option ikey 2
option okey 2
config interface 'vti1_static'
option proto 'static'
option ifname '@vti1'
option ipaddr '192.168.7.2/24'
The options ikey and okey correspond to the fwmark value of a ipsec policy.
The may be null if you do not want fwmarks.
Also peeraddr may be 0.0.0 if you want all ESP packets go through the
interface.
Example strongswan config:
conn vti
left=%any
leftcert=peer2.test.der
leftid=@peer2.test
right=192.168.5.16
rightid=@peer3.test
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
mark=2
auto=route
Signed-off-by: André Valentin <avalentin@marcant.net>
SVN-Revision: 48274
- update to latest version 20160104
- remove cpu dependency (PKGARCH:=all)
- set myself as package maintainer
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 48271
The Apache Software Foundation offers diverse download mirros.
For packaging Apache software a new alias @APACHE is defined.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
SVN-Revision: 48270
The old signature only worked because brnboot ignores the leading "5" in
the signature. We can see the correct signature when flashing a brnImage
via recovery web-interface, in this case brnboot reports:
[CGI-Signature Check] buf:[BRNDA6431], sigInFlash:[BRNDA6431]
Thanks to Mathias Kresin for reporting this.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 48269