Disable MBEDTLS_SHA256_SMALLER implementation, not enabled by default in
upstream and reduces performance by quite a bit.
Source: include/mbedtls/config.h
Enable an implementation of SHA-256 that has lower ROM footprint but also
lower performance.
The default implementation is meant to be a reasonnable compromise between
performance and size. This version optimizes more aggressively for size at
the expense of performance. Eg on Cortex-M4 it reduces the size of
mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of
about 30%.
The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
164.382 Bytes
ipkg for mips_24kc after:
166.240 Bytes
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Update mbed TLS to 2.11.0
Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
The soVersion of mbedtls changed, bump PKG_RELEASE for packages that use mbedTLS
This is to avoid having a mismatch between packages when upgrading.
The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.846 Bytes
ipkg for mips_24kc after:
164.382 Bytes
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
USB storage support is however SCSI Disk block device support isn't
meaning that connected devices wont enumerate.
Enable CONFIG_BLK_DEV_SD by default to fix it.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
BusyBox's `tar` command does not support the `--directory` directive, which
is essentially `-C` in short-form option.
BusyBox's `tar` command supports `-C`.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
These options are handled by generic configuration
Targets that need these options should select KERNEL_DEVMEM
and/or KERNEL_DEVKMEM options on OpenWRT's config
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
The WDR4900v1 uses the P1040 SoC, so the device tree pulls in the
definition for the related P1010 SoC. However, the P1040 lacks the
CAAM/SEC4 hardware crypto accelerator which the P1010 device tree
defines. If left defined, this causes the CAAM drivers (if present) to
attempt to use the non-existent device, making various crypto-related
operations (e.g. macsec and ipsec) fail.
This commit overrides the incorrect dt node definition in the included
file.
See also:
- https://bugs.openwrt.org/index.php?do=details&task_id=1262
- https://community.nxp.com/thread/338432#comment-474107
Signed-off-by: Tim Small <tim@seoss.co.uk>
OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem. This change is
needed for wget-ssl and possibly others to work seamlessly with fresh
ca-bundle installation
Fixesopenwrt/packages#6152
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Add two patches submitted for upstream review that significantly improve
the dwc2 driver on openwrt from kernel stability and performance
perspectives.
Fixes: FS#1367
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
* New microcode update packages from AMD upstream:
+ New Microcodes:
sig 0x00800f12, patch id 0x08001227, 2018-02-09
+ Updated Microcodes:
sig 0x00600f12, patch id 0x0600063e, 2018-02-07
sig 0x00600f20, patch id 0x06000852, 2018-02-06
* Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
plus other unspecified fixes/updates.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Fixes a potential infinite loop bug when in unlimited (ie not using
built in shaper) mode.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Packages libx264 and ffmpeg are built with ASM options on x86 platforms.
The current libx264 version no longer builds with YASM and requires NASM.
ffmpeg 3.x can be built with either YASM or NASM however, furture 4.x versions
will require NASM.
Signed-off-by: Ted Hess <thess@kitschensync.net>
Acked-by: Rosen Penev <rosenp@gmail.com>
- Make the code more GitHub-specific
- Requires mirror hash to work with .gitattributes
- Use different API depending on whether PKG_SOURCE_VERSION is a
complete commit id or other ref types like tags
- Fix removing symbolic link
- pre-clean dir_untar for possible leftovers from previous run
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- Removed hacks to use standalone argp as upstream now detects it nicely.
- As we are already installing files, use files from PKG_INSTALL_DIR and
not PKG_BUILD_DIR
- Only changes Makefile.am as PKG_FIXUP:=autoreconf is in use
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
TP-Link Archer C7 v2 USB port LED and GPIO names are in incorrect order,
i.e. in order to match actual user visible labels, usb1 should be usb2,
and vice versa.
This patch swaps LED and GPIO power control node names.
Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
Due do a missing KCONFIG isn't selectable nor enabled in the target
kernel config. Drop it for now and enable/add the driver at the time it
is required.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Netgear R7800 switch LAN ports are numbered backwards in LuCI,
i.e. numbering is not corresponding to the actual physical port labels,
patch fixes that.
Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
[merged with existing board using the same config]
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Specification:
- System-On-Chip: MediaTek MT7628NN
- CPU/Speed: 580 MHz
- Flash-Chip: ELM Technology GD25Q64
- Flash size: 8192 KiB
- RAM: 64 MiB
- Wireless No1: SoC-integrated: MT7628N 2.4GHz 802.11bgn
Currently the only method to install openwrt for the first time is via
TFTP recovery. After first install you can use regular updates.
Flash instructions:
1) To flash the recovery image, start a TFTP server with IP address
192.168.0.66 and serve the recovery image named tp_recovery.bin.
2) Connect your device to the LAN port, then press the WPS and Reset
button and power it up. Keep pressing the WPS/Reset button for
10 seconds or until the lock LED is lighting up.
It will try to download the recovery image and flash it.
It can take up to 2-3 minutes to finish. When it reaches 100%, the
router will reboot itself.
Signed-off-by: Romain MARIADASSOU <roms2000@free.fr>
Specification:
- System-On-Chip: MT7628N/N
- CPU/Speed: 580 MHz
- Flash-Chip: Winbond w25q256
- Flash size: 32768 KiB
- RAM: 128 MiB
- 5x 10/100 Mbps Ethernet
- 4x external, non-detachable antennas
- UART (J1) header on PCB (57600 8n1)
- Wireless No1 (2T2R): SoC-integrated: MT7628N 2.4GHz 802.11bgn
- Wireless No2 (2T2R): On-board chip: MT7612EN 5GHz 802.11ac
- USB: Yes 1 x 2.0
- 4x LED, 3x button
The device supports dual boot mode. So we use only first half of flash.
Flash instruction:
The only way to flash OpenWrt image is to use
tftp recovery mode in U-Boot:
1. Configure PC with static IP 192.168.1.2/24 and tftp server.
2. Rename "openwrt-ramips-mt76x8-zyxel_keenetic-extra-ii-squashfs-factory.bin"
to "kextra2_recovery.bin" and place it in tftp server directory.
3. Connect PC with one of LAN ports, press the reset button, power up
the router and keep button pressed until power led start blinking.
4. Router will download file from server, write it to flash and reboot.
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
This commit adds support for the MikroTik RouterBOARD RBM11g.
=Hardware=
The RBM11g is a mt7621 based device featuring one GbE port and one
miniPCIe slot with a sim card socket and USB 2.0.
==Switch==
The single onboard Ethernet port is connected the CPU directly.
The internal switch of the mt7621 SoC is disabled.
==Flash==
The device has one spi nor flash chip. It is a 128 Mbit winbond 25Q128FVS
connected to CS0.
==PCIe==
The board features a single miniPCIe slot. It has a dedicated mini SIM
socket and a USB 2.0 port. Power to the miniPCIe slot is controlled via
GPIO9.
==USB==
There are no external USB ports.
==Power==
The board can accept both, passive PoE and external power via a 2.1 mm
barrel jack (center-positive). The input voltage range is 11-32 V.
==Serial port==
The device does have an onboard UART on an unpopulated header next to the
flash chip:
GND: pin 2
TX: pin 7
RX: pin 6
Settings: 115200, 8N1
See below illustration for positioning of the header.
0 = screw hole
* = some pin
T = TX pin
R = RX pin
G = GND pin
Pinout:
+---------------
|O
| __
| / \
| \__/
|
|
|
| +---+
| |RAM|
| +--+ | |
| |**| <- unpopulated header with UART
| |*T| +---+
| |R*| +--------+
| |**| | |
| |G*| | CPU |
| +--+ | |
| +--+ | |
| | | +--------+
| +--+ <- flash chip
|O
| +-----+
| | |
|+--+ | |
|| | | |
+---------------------
=Installation=
To install an OpenWRT image to the device two components must be built:
1. A openwrt initramfs image
2. A openwrt sysupgrade image
===initramfs & sysupgrade image===
Select target devices "Mikrotik RBM11G" in
openwrt menuconfig and build the images. This will create the images
"openwrt-ramips-mt7621-mikrotik_rbm11g-initramfs-kernel.bin" and
"openwrt-ramips-mt7621-mikrotik_rbm11g-squashfs-sysupgrade.bin" in the
output directory.
==Installing==
**Make sure to back up your RouterOS license in case you do ever want to
go back to RouterOS using "/system license output" and back up the
created license file.**
When rebooted the board will try booting via ethernet first. If your
board does not boot via ethernet automatically you will have to attach
to the serial port and set ethernet as boot device within RouterBOOT.
1. Set up a dhcp server that points the bootfile to tftp server serving
the "openwrt-ramips-mt7621-mikrotik_rbm11g-initramfs-kernel.bin"
initramfs image
2. Connect to ethernet port on board
3. Power on the board
4. Wait for OpenWrt to boot
Right now OpenWrt will be running with a SSH server listening. Now
OpenWrt must be flashed to the devices flash:
1. Copy "openwrt-ramips-mt7621-mikrotik_rbm11g-squashfs-sysupgrade.bin"
to the device using scp.
2. Write openwrt to flash using "sysupgrade
openwrt-ramips-mt7621-mikrotik_rbm11g-squashfs-sysupgrade.bin"
Once the flashing completes the board will reboot. Disconnect from the
devices ethernet port or stop the DHCP/TFTP server to prevent the device
from booting via ethernet again.
The device should now boot straight to OpenWrt.
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
Increase the available flash memory size in AVM Fritz!Box 3370 by
incorporating the unused extra partitions located after the ubi partition.
Note that users upgrading from a previous OpenWRT version need to
re-install from the boot loader to pick up the new partition layout.
Available flash space for rootfs+overlay increases from 48MB to 124MB.
Reverting to the OEM firmware is still possible (via the recovery utility
provided by AVM) as the OEM firmware appears to reformat the config and
nand-filesystem partitions upon first boot if necessary. The
reserved-kernel and reserved-filesystem partitions are overwritten by the
OEM firmware when installing an update, so their contents do not matter.
Boot loader and device-specific information (MAC addresses, calibration
data, etc.) are not located in NAND flash and remain unharmed by this
changed.
Tested with OEM firmware 06.54 on device with HWRevision 5 and Micron
flash chip.
Signed-off-by: Michael Kuron <m.kuron@gmx.de>
To keep the status of a LED connected to the stp during boot, the get
callback is required. If the callback is missing and the LED default
state is set to keep in the devicetree, the gpio led driver errors out
during load.
Fixes: FS#1620
Signed-off-by: Mathias Kresin <dev@kresin.me>
Don't mask bit 4 of the AT8022 phy id. If bit 4 of the AT8022 phy id
(0x004dd023) is masked, it will match the phy id of the AR8327 switch
(0x004dd033) as well.
It results in applied at803x driver settings/callbacks, which will at
least limit the AR8327 phys to 100MBit operation instead of the possible
1000MBit.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The GDB Text User Interface (TUI) is a terminal interface
which uses the curses library to show the source file,
the assembly output, the program registers and GDB
commands in separate text windows.
In other words it's a friendlier interface for idiots like me!
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Refresh patches and backport upstream to current HEAD:
a997ca0 Fix sometimes missing DNSSEC RRs when DNSSEC validation not enabled.
51e4eee Fix address-dependent domains for IPv6.
05ff659 Fix stupid infinite loop introduced by preceding commit.
db0f488 Handle some corner cases in RA contructed interfaces with addresses changing interface.
7dcca6c Warn about the impact of cache-size on performance.
090856c Allow zone transfer in authoritative mode whenever auth-peer is specified.
cc5cc8f Sane error message when pcap file header is wrong.
c488b68 Handle standard and contructed dhcp-ranges on the same interface.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This bumps to the latest & possibly greatest cake, sadly it's still
inedible but from an SQM point of view quite tasty :-)
Main tweaks since previous bump, improved ack_filter, some extra stats,
support for 64bit netlink parameters (higher rates/byte counters)
0520a6c Fix NAT option handling
8da93e1 Make sure we always call qdisc_watchdog_init() in cake_init()
f65daf6 Fix mismatched parenthesis
51d4ab3 Change flag handling to be safe even when mixing with non-eligible ACKs
f2ea091 ack_filter: protect DCTCP with stricter filtering of ECE marks
28b4560 ACK filter: Handle wrapping sequence numbers and DSACKs
73f62d9 Use the right PAD attribute for options
5969c14 Use 32 for tin backlog
e289f31 Move all the u64 netlink attributes together
36180a0 Check ACK seqno before parsing SACKs
91bbc01 Merge branch 'mine' into cobalt
58c55ec Rework SACK check to compare the ranges of two SACKs
9a5d593 ack_filter: Add proper handling of SACKs
eca95d4 ack_filter: short-circuit TCP flag check
d50a246 compat: backport some ktime functions
7b7ad11 compat: define tcpopt_fastopen for pre-4.1 kernels
ca54cdb Fix ktime compare
9d7dcc0 ack filter: Parse TCP options and only drop safe ones
b119882 Return EOPNOTSUPP on NAT option if conntrack is not available
842d7f0 Don't try to pad stats with tin_stats padding
bd46dc2 Use 64-bit divide helper
8e41bf0 Make sure we never drop SACKs when filtering ACKs
66e5d60 Avoid comparing ktime_t to scalar values
7fab017 Actually commit the ktime_t changes
fca6d13 Switch to ktime_t and get rid of cobalt.h
6f7e5af Can't use do_div with 64-bit divisors
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Bump iproute2/tc support of cake.
Add support for cake's change to u64 attribute passing for certain
attributes (rate & byte counts)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Backport hot off the press upstream netlink patch. Fixes stats display
from CAKE qdisc on MIPS allowing us to bump CAKE to latest version.
The gen_stats facility will add a header for the toplevel nlattr of type
TCA_STATS2 that contains all stats added by qdisc callbacks. A reference
to this header is stored in the gnet_dump struct, and when all the
per-qdisc callbacks have finished adding their stats, the length of the
containing header will be adjusted to the right value.
However, on architectures that need padding (i.e., that don't set
CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS), the padding nlattr is added
before the stats, which means that the stored pointer will point to the
padding, and so when the header is fixed up, the result is just a very
big padding nlattr. Because most qdiscs also supply the legacy TCA_STATS
struct, this problem has been mostly invisible, but we exposed it with
the netlink attribute-based statistics in CAKE.
Fix the issue by fixing up the stored pointer if it points to a padding
nlattr.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
In some cases, recent builds fail to boot from flash with at least some
MT7621 based devices. The error message is:
"LZMA ERROR 1 - must RESET board to recover"
Booting the same kernel via TFTP works for some reason.
Through testing I figured out that limiting the LZMA dictionary size
seems to prevent these errors
Signed-off-by: Felix Fietkau <nbd@nbd.name>
48cff25 build: drop install -o/-g root
53d7e7a extensions: ebt_string: take action if snprintf discards data
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
74d16a57a3 Check length of ifname before copying it into to ifreq structure.
3aaf8bda00 getifaddrs: Don't return ifa entries with NULL names [BZ #21812]
f958b45d52 Use _STRUCT_TIMESPEC as guard in <bits/types/struct_timespec.h> [BZ #23349]
81b994bd83 Fix parameter type in C++ version of iseqsig (bug 23171)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Move SCAN_DEPS to scan.mk to eliminate redundancy with scripts/feeds
Add image/*.mk to SCAN_DEPS for targets to pick up newly added devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>