The following patches were merged upstream:
000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
replaced by commit 0e3bd7ac6
001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
replaced by commit cb5132bb3
002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
replaced by commit 87e2db16b
003-Prevent-installation-of-an-all-zero-TK.patch
replaced by commit 53bb18cc8
004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
replaced by commit 0adc9b28b
005-TDLS-Reject-TPK-TK-reconfiguration.patch
replaced by commit ff89af96e
006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
replaced by commit adae51f8b
007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
replaced by commit 2a9c5217b
008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
replaced by commit a00e946c1
009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
replaced by commit b488a1294
010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
replaced by commit 6f234c1e2
011-Additional-consistentcy-checks-for-PTK-component-len.patch
replaced by commit a6ea66530
012-Clear-BSSID-information-in-supplicant-state-machine-.patch
replaced by commit c0fe5f125
013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
replaced by commit 114f2830d
Some patches had to be modified to work with changed upstream source:
380-disable_ctrl_iface_mib.patch (adding more ifdef'ery)
plus some minor knits needed for other patches to apply which are not
worth being explicitely listed here.
For SAE key management in mesh mode, use the newly introduce
sae_password parameter instead of the psk parameter to also support
SAE keys which would fail the checks applied on the psk field (ie.
length and such). This fixes compatibility issues for users migrating
from authsae.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5d2bf09 uci: fix a potential use-after-free in uci_set()
3b3d63e list: only record ordering deltas if element position changed
4c4d343 cmake: Fix cli shared linking against ubox
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Improve portability of init script by declaring resolvfile as local
in dnsmasq_stop function.
Fixes resolvfile being set for older busybox versions in dnsmasq_start
in a multi dnsmasq instance config when doing restart; this happens when
the last instance has a resolvfile configured while the first instance
being started has noresolv set to 1.
Base on a patch by "Phil"
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Cake in kernel space now splits stats structure handling across netlink
messages to reduce stack usage issue flagged by upstream kernel checks.
Update user space (tc) qdisc handling to understand this new regime.
Cake also reports packet overheads & compensation in a different way so
add display code for this. e.g.
'tc -s qdisc show dev eth0' reports this extra detail:
min/max transport layer size: 28 / 1500
min/max overhead-adjusted size: 65 / 1550
average transport hdr offset: 14
Cake also supports output in JSON format.
Patch is bulkier than before because a (slightly out of date - see above
stats) man page is included for reference. Better than nothing!
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Relevant changes:
0afc1be Fixes for kernel 4.16
d2d6780 Reinitialise overhead compensation stats when reconfiguring.
a3bab9d Export overhead compensation stats to userspace.
9cd2fa8 Split tin stats to its own structure to decrease size of tc_cake_xstats
71c7b44 Gather more statistics about packet length transformations.
0517357 Rework overhead compensation to use dynamic transport header offset instead of (inaccurate) static one.
c1a0c8e Refactor length handling code to better centralise overhead calculations
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
PKG_EXTMOD_SUBDIRS should be set to the sub directory where the kernel
module gets build in, for the ath10k-ct driver this changed in commit
3888e77c1c from ath10k to ath10k-4.13. Without this fix the depends
line of the ath10*.ko modules is empty and the kernel module load system
will not automatically load the depended modules like mac80211.
Fixes: 3888e77c1c ("ath10k-ct driver: use dma_alloc_coherent, 4.13 based driver")
Fixes: 23a388fe41 ("ath10k-ct: Force loading mac80211 and ath modules.")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The HTT-MGT variants transport management frames over the
normal HTT tx path, just like data frames. This saves
limitted WMI buffers which can become depleted if lots of
management frames become stuck in TX queues due to peer
that went away.
In addition, at least for the wave-1 firmware, htt-mgt is
required in order for 802.11r (fast roaming) authentication
to function properly.
The htt-mgt firmware requires the use of the ath10k-ct
driver. Normal non-htt-mgt ath10k-ct firmware should work
with stock drivers.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This updates to latest ath10k-ct firmware. Hopefully we are
at the end of the development cycle for this firmware release,
so these should be stable.
wave-1 changes since last release:
Release 20
* Allow flushing peer when deleting. Hopefully this will allow the
peer delete command to happen in a reasonable amount of time even
if the RF environment is busy (or peer has died).
To enable this, set the high flag in the mac-addr second word in the
ath10k driver near end of the ath10k_wmi_op_gen_peer_delete method:
cmd->peer_macaddr.word1 |= __cpu_to_le32(0x80000000);
* Attempt to fix crash seen in resmgr-ocs, appearantly due to list corruption.
Use a temporary list instead of trying to rely on for-each-safe.
* Add flag to tx-descriptor to allow driver to request no-ack on data
frames. This is bit 15 on the flag1 field (previously un-used).
* Add option to support specifying the tx-rate-code and retry count on
a per-packet basis. Only a single series is supported at this time.
Useful mainly for radiotap monitor-tx type testing at this point.
* Fix crash on startup when chip is at -40 deg C and calibration fails. Instead
of asserting, just keep retrying calibration, which appears to start working
after a few minutes (when the chip warms up).
* Allow reporting per-chain rssi for management frames. We pack the values into
empty space in the mgt-frame wmi header. This will only be enabled if the driver
requests it, since otherwise the driver is assumed to not understand the new API.
ath10k-ct drivers that support this feature will automatically enable it.
* A customer reports a case that appears to be the hardware not properly detecting
end of AMPDU, so frames were being mis-delivered to the wrong peer. Attempt to
work around this, and in doing so, clean up a bunch of void* abuse in the block-ack
reordering code (could not ever confirm there was a problem in this area).
* Re-work the rx-mem logic to be less complicated and to use less memory.
* Attempt to fix crash that appearanty happens because the driver can sometimes
delete a vdev in 'up' state.
* Attempt to fix hung scan state machine issues.
* Fix crash in tx path due to un-initialized memory.
wave-2 changes since last release:
Release 10
* Fix an assert related to tx scheduling. This hopefully fixes
what appears to be a regression that I added some time back.
* Enable CSI reporting for 9984, and maybe 9888/9886. Only in
non-trimmed builds.
* Other stability improvements, including regression fixes from
some tricky bugs introduced in earlier releases.
* Allow compiling for IPQ4019 chipset.
* Firmware will now send txbf frames to the host (driver) if the
TXBF (0xF00000001) set-special feature is enabled, or when the radio
is in monitor mode. But, if the frame is consumed by the txbf_cv
logic, then the pkt cannot be delivered to the host in this manner. Instead,
a WMI event will be sent and host can find the txbf_cv data in shared
memory. See ath10k_wmi_event_txbf_cv_mesg() in ath10k-ct driver.
* Support rx-all-mgt option. When enabled, the firmware will deliver all
management frames that it can to the host. No RX filters are changed
when this option is enabled.
* Fix at least some problems with sending tx-beamforming frames to SU-MIMO
peers. Looks like this was a regression in my code.
* Fix a crash in rate-ctrl due to nss mismatch. This was something I introduced
while trying to fix other bugs in rate-ctrl some time back.
* Attempt to fix a sw-peer-key object leak in IBSS mode. The peer key code
is very complex, and shares some pointers as union members. I think I fixed
at least some of the issues, but would not be surprised if more exist.
* Improve ath10k user guide to document CT firmware features:
https://www.candelatech.com/ath10k-ug.php
* Add ct-special option to configure the txbf sounding time. See ath10k-ug.php
* Fix and allow the driver to tell the firmware to send sounding frames. See ath10k-ug.php
In further testing, this seems to fail much of the time, and I am not sure why.
Disabling this in diet (trimmed) builds.
* Fix crashes related to deleting peers while they are in power-save mode. Reported
by LEDE user on r7800 with 9984 NIC.
* Make rate-ctrl txbf probe work better. If enabled, the rate-ctrl logic will periodically
send out probes at an NSS that can to txbf. Previously, txbf probes would not reliably happen
if both AP and peer had the same nss (ie, 2x2 talking to 2x2). To enable this feature, you
need to enable the fwtest-cmdid number 20.
* Report rx-timeout error counters. These were previously un-reported, though the
field existed in the wmi struct already.
* txbf: Ignore frames not destined for us. If NIC is in promisc mode, it
could acquire and process NDPA frames that were not destined for it. Check
the dest-MAC and ignore frames not for us (pass them up the stack for monitor
mode instead of save them in the peer's rate-ctrl logic.)
* Port ping-pong crash handling and othe related features to IPQ4019 target. It should
now act similar to 9984 in this regard.
* Fix a few asserts related to txbf and tx-seq logic.
* Add custom-stats support, for rx-reorder-stats. Similar to what I did for wave-1.
* Disable AMSDU for IBSS. This now matches what I did for peregrine. It seems to
work better this way, though I did not debug it in detail.
* Enable the set-special command to re-enable AMSDU for IBSS if user wants to experiment.
* Fix bug where dbglog did not disable IRQs, so if you made dbglog messages from the IRQ
handler, it could cause corruption that could crash the firmware and/or corrupt the log
message buffers.
* Don't assert if there are no buffer descriptors for RX of non-data frame.
* Retry any stuck block-ack sessions every 20 seconds instead of just disabling BA for
ever when we get too many failures.
* Fix SGI flag when reporting tx-rate info. The flag moved since wave-1 days, and
I did not notice that when I ported my changes forward to wave-2.
* Allow disabling special CCA handling for IBSS txqs. Earlier testing indicated this
might improve throughput in some testing on 9984 chips in IBSS mode, but subsequent
testing looks about the same without it. Since I do not really understand what this
setting exists for, leave it at upstream defaults. A new set-special API command (0x12)
can be used to enable this hack for testing. Setting 0x1 bit disables special CCA handling
for non-beacon IBSS txqs, setting 0x2 bit disables it for beacon queues as well.
* Add MCAST-BCAST feature flag. This tells driver we do not need a monitor interface
to do MESH.
* When calculating the rx-address filter (affects ACK & BLOCK-ACK, among other things),
to not add in monitor interfaces if other interfaces are up. There is no need for
a monitor device to ACK frames.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Among other things, this will check for an htt-mgt variant of
ath10k-ct firmware before loading 'normal' firmware, and it disables
verbose printing of firmware DBGLOG messages by default.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Update DEPENDS and PROVIDES so that ath10k-ct firmware
and drivers can be used to replace stock firmware
and drivers. The -htt firmware variant, which requires
ath10k-ct driver now selects ath10k-ct driver when the
firmware is selected.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Drop providing the virtual package ip by busybox which was added in commit
1cec4d4ef0.
Letting busybox provide the virtual package ip is not optimal for the
following reasons :
- Applications depending on ip expect either the ip-full or
ip-tiny package to be enabled.
- Busybox ip applet cannot be added or removed at runtime
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The driver updates include:
ath10k driver backport to fix WPA 'pn' related security bugs
(4.13 based driver only currently),
a fix for off-channel TX for CT wave-1 firmware, a likely
fix for napi related crashes, and a backport of the firmware fetch
patch.
AHB is needed for the IPQ4019 platform radios.
Signed-off-by: Ben Greear <greearb@candelatech.com>
[use common subject format]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
We use the dtc from the kernel and that does not have all the options
which u-boot would like to use now. make these parameters optional.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[wigyori@uid0.hu: renamed to 221-compatible-old-dtc.patch from 220-]
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
U-Boot now requires GCC > 5
Catch up with upstream and move some configuration options from
the header files to the corresponding defconfig files.
Also move some options of patch 010 affecting the whole platform
to 010's device only.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
print_int used 'int' type internally, whereas print_uint used 'uint64_t'
These helper functions eventually call vfprintf(fp, fmt, args) which is
a variable argument list function and is dependent upon 'fmt' containing
correct information about the length of the passed arguments.
Unfortunately print_int v print_uint offered no clue to the programmer
that internally passed ints to print_uint were being promoted to 64bits,
thus the format passed in 'fmt' string vs the actual passed integer
could be different lengths. This is even more interesting on big endian
architectures where 'vfprintf' would be looking in the middle of an
int64 type. Symptoms of this included tc qdisc showing bizarre values
for a variety of fields across a variety of qdiscs (e.g. refcnt, flows,
quantum)
print_u/int now stick with native int size.
A similar patch has been sent upstream.
Fixes FS#1425
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
94b6878 Tidy crypto.c of old library compat. Now need libnettle 3.
8b96552 Fix compiler warning.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This callback should have one parameter less, this parameter is not used
so this was not a so big problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Use the UBOOT_MAKE_FLAGS defined in include/u-boot.mk and do not
overwrite them to compile the host tools against the shipped LibreSSL.
In addition add a patch to fix a compile problem when compiling the
tools against LibreSSL caused by differences in the API between OpenSSL
1.1 and LibreSSL.
This should fix the compile problems seen in build bot from time to time
by not depending on the host libssl-dev package any more but using the
LibreSSL version from OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
mwlwifi was updated to a new stable. Included in this stable release are the
followin benefits:
- Fixed compiling for kernel 4.14
- Fixed crash on 88W8864 binary
Compiled and tested on: WRT3200ACM and WRT1900AC
Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>
Option --client-cert-not-required DEPRECATED is deprecated in v2.4 and removed in OpenVPN 2.5.
Replaced by param --verify-client-cert none|optional|require in v2.4 see
https://community.openvpn.net/openvpn/wiki/ DeprecatedOptions#a--client-cert-not-required
Signed-off-by: Christian Bayer <cave@cavebeat.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_ RELEASE increase]
This patch adds support for Cisco Meraki MR33
hardware highlights:
SOC: IPQ4029 Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM: 256 MiB DDR3L-1600 @ 627 MHz Micron MT41K128M16JT-125IT
NAND: 128 MiB SLC NAND Spansion S34ML01G200TFV00 (106 MiB usable)
ETH: Qualcomm Atheros AR8035 Gigabit PHY (1 x LAN/WAN) + PoE
WLAN1: QCA9887 (168c:0050) PCIe 1x1:1 802.11abgn ac Dualband VHT80
WLAN2: Qualcomm Atheros QCA4029 2.4GHz 802.11bgn 2:2x2
WLAN3: Qualcomm Atheros QCA4029 5GHz 802.11a/n/ac 2:2x2 VHT80
LEDS: 1 x Programmable RGB+White Status LED (driven by Ti LP5562 on i2c-1)
1 x Orange LED Fault Indicator (shared with LP5562)
2 x LAN Activity / Speed LEDs (On the RJ45 Port)
BUTTON: one Reset button
MISC: Bluetooth LE Ti cc2650 PG2.3 4x4mm - BL_CONFIG at 0x0001FFD8
AT24C64 8KiB EEPROM
Kensington Lock
Serial:
WARNING: The serial port needs a TTL/RS-232 3V3 level converter!
The Serial setting is 115200-8-N-1. The board has a populated
1x4 0.1" header with half-height/low profile pins.
The pinout is: VCC (little white arrow), RX, TX, GND.
Flashing needs a serial adaptor, as well as patched ubootwrite utility
(needs Little-Endian support). And a modified u-boot (enabled Ethernet).
Meraki's original u-boot source can be found in:
<https://github.com/riptidewave93/meraki-uboot/tree/mr33-20170427>
Add images to do an installation via bootloader:
0. open up the MR33 and connect the serial console.
1. start the 2nd stage bootloader transfer from client pc:
# ubootwrite.py --write=mr33-uboot.bin
(The ubootwrite tool will interrupt the boot-process and hence
it needs to listen for cues. If the connection is bad (due to
the low-profile pins), the tool can fail multiple times and in
weird ways. If you are not sure, just use a terminal program
and see what the device is doing there.
2. power on the MR33 (with ethernet + serial cables attached)
Warning: Make sure you do this in a private LAN that has
no connection to the internet.
- let it upload the u-boot this can take 250-300 seconds -
3. use a tftp client (in binary mode!) on your PC to upload the sysupgrade.bin
(the u-boot is listening on 192.168.1.1)
# tftp 192.168.1.1
binary
put openwrt-ipq40xx-meraki_mr33-squashfs-sysupgrade.bin
4. wait for it to reboot
5. connect to your MR33 via ssh on 192.168.1.1
For more detailed instructions, please take a look at the:
"Flashing Instructions for the MR33" PDF. This can be found
on the wiki: <https://openwrt.org/toh/meraki/mr33>
(A link to the mr33-uboot.bin + the modified ubootwrite is
also there)
Thanks to Jerome C. for sending an MR33 to Chris.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Not all LED driver are using the label devicetree property for the led
name. Add support for the TI/National Semiconductor LP55xx Led Drivers,
which are using the chan-name property for the led name, as fallback.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Add a fucntion to get the a binary mac address from file. Use the new
function for mtd_get_mac_binary() to limit duplicate code.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This patch adds support for ASUS RT-AC58U/RT-ACRH13.
hardware highlights:
SOC: IPQ4018 / QCA Dakota
CPU: Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM: 128 MiB DDR3L-1066 @ 537 MHz (1074?) NT5CC64M16GP-DI
NOR: 2 MiB Macronix MX25L1606E (for boot, QSEE)
NAND: 128 MiB Winbond W25NO1GVZE1G (cal + kernel + root, UBI)
ETH: Qualcomm Atheros QCA8075 Gigabit Switch (4 x LAN, 1 x WAN)
USB: 1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2: Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT: one Reset and one WPS button
LEDS: Status, WAN, WIFI1/2, USB and LAN (one blue LED for each)
Serial:
WARNING: The serial port needs a TTL/RS-232 3V3 level converter!
The Serial setting is 115200-8-N-1. The board has an unpopulated
1x4 0.1" header. The pinout (VDD, RX, GND, TX) is printed on the
PCB right next to the connector.
U-Boot Note: The ethernet driver isn't always reliable and can sometime
time out... Don't worry, just retry.
Access via the serial console is required. As well as a working
TFTP-server setup and the initramfs image. (If not provided, it
has to be built from the OpenWrt source. Make sure to enable
LZMA as the compression for the INITRAMFS!)
To install the image permanently, you have to do the following
steps in the listed order.
1. Open up the router.
There are four phillips screws hiding behind the four plastic
feets on the underside.
2. Connect the serial cable (See notes above)
3. Connect your router via one of the four LAN-ports (yellow)
to a PC which can set the IP-Address and ssh and scp from.
If possible set your PC's IPv4 Address to 192.168.1.70
(As this is the IP-Address the Router's bootloader expects
for the tftp server)
4. power up the router and enter the u-boot
choose option 1 to upload the initramfs image. And follow
through the ipv4 setup.
Wait for your router's status LED to stop blinking rapidly and
glow just blue. (The LAN LED should also be glowing blue).
3. Connect to the OpenWrt running in RAM
The default IPv4-Address of your router will be 192.168.1.1.
1. Copy over the openwrt-sysupgrade.bin image to your router's
temporary directory
# scp openwrt-sysupgrade.bin root@192.168.1.1:/tmp
2. ssh from your PC into your router as root.
# ssh root@192.168.1.1
The default OpenWrt-Image won't ask for a password. Simply hit the Enter-Key.
Once connected...: run the following commands on your temporary installation
3. delete the "jffs2" ubi partition to make room for your new root partition
# ubirmvol /dev/ubi0 --name=jffs2
4. install OpenWrt on the NAND Flash.
# sysupgrade -v /tmp/openwrt-sysupgrade.bin
- This will will automatically reboot the router -
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch adds the patch that was posted to ath10k-devel ML:
<https://patchwork.kernel.org/patch/10233491/>
|From: Thomas Hebb <tommyhebb@gmail.com>
|Subject: [PATCH] ath10k: search all IEs for variant before falling back
|Date: Wed, 21 Feb 2018 11:43:39 -0500
|[...]
|This patch fixes the issue by first searching the entire file for the ID
|with variant, and searching for the fallback ID only if that search
|fails. It also includes some code cleanup in the area, as
|ath10k_core_fetch_board_data_api_n() no longer does its own string
|mangling to remove the variant from an ID, instead leaving that job to a
|new flag passed to ath10k_core_create_board_name().
|
|I've tested this patch on a QCA4019 and verified that the driver behaves
|correctly for 1) both fallback and variant BDFs present, 2) only fallback
|BDF present, and 3) no matching BDFs present.
|
|Fixes: 1657b8f84ed9 ("ath10k: search SMBIOS for OEM board file extension")
|Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
Note: 937-ath10k-calibration-variant.patch has been reassigned a new 081
number, as it now ships with upstream.... But also because this patch
requires the change in ath10k_core_create_board_name().
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
libext2fs breaks krb5 by always installing its own copies of libcom_err.so
and libss.so.
Move the libraries into separate libcomerr and libss packages respectively
and add a host build recipe to stage the required compile_et and mk_cmds
utilities for use by other packages.
This allows the krb5 package to be fixed to use the system wide libcomerr
and libss libraries.
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
[rename libcom_err to libcomerr, make compile_et and mk_cmds relocatable,
cleanup makefile, add dependency on host build, reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Backport the compiler support patches from upstream u-boot to this older
version to make it compile with GCC 7.
This was found by build bot.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Support configuration in the form...
list ip6prefix 2001:db8:1234::/64
list ip6prefix 2001:db8:5678::/64
... to allow specifying multiple routed IPv6 prefixes.
Implements feature request FS#1361.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
1f5a29c ip: do not add local routes for host dependencies
c06f842 device: add support for setting the isolate options for bridge ports
69aeaab interface-ip: fix route selection for host dependencies
Signed-off-by: Felix Fietkau <nbd@nbd.name>
busybox tries to be smart and passes a number of additional flags to the
compiler. Unfortunately, the i386-specific flags break ABI compatiblity
with libc.
Fixes busybox crashes observed on x86-generic with GCC 7.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Adds support for the Turris Omnia and builds an eMMC sysupgrade image in
the same format as the SolidRun ClearFog.
An initramfs image in the simple yet Omnia-specific 'medkit' image format
is also built in order to ease the initial flashing process.
Notable hardware support omissions are support for switching between SFP
cage and copper PHY, and RGB LED control.
Due to a current limitation of DSA, only 1/2 CPU switch uplinks are used.
Specifications:
- Marvell Armada 385 1.6GHz dual-core ARMv7 CPU
- 1GB DDR3 RAM
- 8GB eMMC Flash
- 5x Gigabit LAN via Marvell 88E6176 Switch (2x RGMII CPU ports)
- 1x switchable RJ45 (88E1514 PHY) / SFP SGMII WAN
- 2x USB 3.0
- 12x dimmable RGB LEDs controlled by independent MCU
- 3x Mini PCIe slots
- Optional Compex WLE200N2 Mini PCIe AR9287 2x2 802.11b/g/n (2.4GHz)
- Optional Compex WLE900VX Mini PCIe QCA9880 3x3 802.11ac (2.4 / 5GHz)
- Optional Quectel EC20 Mini PCIe LTE modem
Flash instructions:
If the U-Boot environment has been modified previously (likely manually via
serial console), first use serial to reset the default environment.
=> env default -a
=> saveenv
Method 1 - USB 'medkit' image w/o serial
- Copy openwrt-mvebu-turris-omnia-sysupgrade.img.gz and
omnia-medkit-openwrt-mvebu-turris-omnia-initramfs.tar.gz to the root of a
USB flash drive formatted with FAT32 / ext2/3/4 / btrfs / XFS.
Note that the medkit MUST be named omnia-medkit*.tar.gz
- Disconnect other USB devices from the Omnia and connect the flash drive
to either USB port.
- Power on the Omnia and hold down the rear reset button until 4 LEDs are
illuminated, then release.
- Wait approximately 2 minutes for the Turris Omnia to flash itself with
the temporary image, during which LEDs will change multiple times.
- Connect a computer to a LAN port of the Turris Omnia with a DHCP client
- (if necessary) ssh-keygen -R 192.168.1.1
- ssh root@192.168.1.1
$ mount /dev/sda1 /mnt
$ sysupgrade /mnt/openwrt-mvebu-turris-omnia-sysupgrade.img.gz
- Wait another minute for the final OpenWrt image to be flashed. The Turris
Omnia will reboot itself and you can remove the flash drive.
Method 2 - TFTP w/ serial
- Extract omnia-medkit-openwrt-mvebu-turris-omnia-initramfs.tar.gz and copy
dtb + zImage to your TFTP server (rename if desired)
- Connect Turris Omnia WAN port to DHCP-enabled network with TFTP server
- Connect serial console and interrupt U-Boot
=> dhcp
=> setenv serverip <tftp_server_ip_here>
=> tftpboot 0x01000000 zImage
=> tftpboot 0x02000000 dtb
=> bootz 0x01000000 - 0x02000000
- OpenWrt will now boot from ramdisk
- Download openwrt-mvebu-turris-omnia-sysupgrade.img.gz to /tmp/
$ sysupgrade /tmp/openwrt-mvebu-turris-omnia-sysupgrade.img.gz
- Wait another minute for the final OpenWrt image to be flashed. The Turris
Omnia will reboot itself.
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.5.3-00053 firmware for the QCA9984.
The update fixes "ath10k_pci 0001:01:00.0: Invalid VHT mcs 15 peer
stats" spamming the kernel ring buffer at very high frequencies, but
introduces the new "ath10k_pci 0001:01:00.0: Unknown eventid: 36925".
This new warning doesn't appear to cause problems in practice and is
only emitted relatively rarely, not causing dmesg to overflow within
minutes.
Tested on the ZyXEL NBG6817; early feedback also suggests this firmware
to work well (with the same fixes and caveats) on the Netgear r7800 as
well.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
This patch updates ath10k-firmware to last commit and use the
firmware-5.bin_10.4-3.5.3-00053 firmware for the QCA9888.
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
392811a ubus: let fw3_ubus_address() return the number of resolved addresses
359adcf options: emit an empty address item when resolving networks fails
503db4a zones: disable masq when resolving of all masq_src or masq_dest items failed
f50a524 helpers: implement explicit CT helper assignment support
a3ef503 zones: allow per-table log control
8ef12cb iptables: fix possible NULL pointer access on constructing rule masks
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The default fragment low/high thresholds are 3 and 4 MB. On devices with
only 32MB RAM, these settings may lead to OOM when many fragments that
cannot be reassembled are received. Decrease fragment low/high thresholds
to 384 and 512 kB on devices with less than 64 MB RAM.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
In addition to removing redundant code, this fixes various issues in
IB-generated images that have been fixed in prepare_rootfs before,
including better handling of CONFIG_CLEAN_IPKG and enabling of initscripts
from FILES.
We also reuse the opkg macro and remove --force-... flags that have been
removed from rootfs.mk as well.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Many packages use the opkg conffiles field to list configuration files that
are to be retained on upgrades. Make this work on systems without opkg.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The package still leaks some user space linker options into the kernel
space. This breaks the build when ASLR is activated, deactivate it for
now.
Signed-off-by: Mathias Kresin <dev@kresin.me>
7c0d711 version: bump snapshot
b6a5cc0 contrib: add extract-handshakes kprobe example
37dc953 wg-quick: if resolvconf/run/iface exists, use it
1f9be19 wg-quick: if resolvconf/interface-order exists, use it
4d2d395 noise: align static_identity keys
14395d2 compat: use correct -include path
38c6d8f noise: fix function prototype
302d0c0 global: in gnu code, use un-underscored asm
ff4e06b messages: MESSAGE_TOTAL is unused
ea81962 crypto: read only after init
e35f409 Kconfig: require DST_CACHE explicitly
9d5baf7 Revert "contrib: keygen-html: rewrite in pure javascript"
6e09a46 contrib: keygen-html: rewrite in pure javascript
e0af0f4 compat: workaround netlink refcount bug
ec65415 contrib: embedded-wg-library: add key generation functions
06099b8 allowedips: fix comment style
ce04251 contrib: embedded-wg-library: add ability to add and del interfaces
7403191 queueing: skb_reset: mark as xnet
Changes:
* queueing: skb_reset: mark as xnet
This allows cgroups to classify packets.
* contrib: embedded-wg-library: add ability to add and del interfaces
* contrib: embedded-wg-library: add key generation functions
The embeddable library gains a few extra tricks, for people implementing
plugins for various network managers.
* crypto: read only after init
* allowedips: fix comment style
* messages: MESSAGE_TOTAL is unused
* global: in gnu code, use un-underscored asm
* noise: fix function prototype
Small cleanups.
* compat: workaround netlink refcount bug
An upstream refcounting bug meant that in certain situations it became
impossible to unload the module. So, we work around it in the compat code. The
problem has been fixed in 4.16.
* contrib: keygen-html: rewrite in pure javascript
* Revert "contrib: keygen-html: rewrite in pure javascript"
We nearly moved away from emscripten'ing the fiat32 code, but the resultant
floating point javascript was just too terrifying.
* Kconfig: require DST_CACHE explicitly
Required for certain frankenkernels.
* compat: use correct -include path
Fixes certain out-of-tree build systems.
* noise: align static_identity keys
Gives us better alignment of private keys.
* wg-quick: if resolvconf/interface-order exists, use it
* wg-quick: if resolvconf/run/iface exists, use it
Better compatibility with Debian's resolvconf.
* contrib: add extract-handshakes kprobe example
Small utility for extracting ephemeral key data from the kernel's memory.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (git log --oneline description)
6e744662 Update bash_completion
478eac09 Update manual pages
88e2029e Bump up version number to 1.31.0, LT revision to 30:0:16
45d76cf5 nghttpx: Close listening socket on graceful shutdown
54573f28 Merge pull request #1137 from nghttp2/session-set-user-data
17793e99 Add nghttp2_session_set_user_data() public API function
5eac3c90 Update manual pages
e70195ae nghttpx: Update doc
fe51e7fa Merge pull request #1130 from nghttp2/avoid-inet_pton-macro
eb951c2c src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro
39f0ce7c Merge pull request #1126 from nghttp2/nghttpx-expired-client-cert
65157811 Merge pull request #1123 from nghttp2/mruby-client-cert-not-before-after
e8af7afc nghttpx: Add an option to accept expired client certificate
38abfd18 nghttpx: Add mruby tls_client_not_before, and tls_client_not_after
ff3edc09 nghttpx: Fix potential memory leak
0bb15406 Bump up version number to 1.31.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The lantiq components still leak some user space linker options into the
kernel space. This breaks with build when ASLR is activated, deactivate
it for now on these packages.
Fixes: FS#1391
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.
This decreases the size of the ipk file from 87589 bytes to 81267 bytes.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Do not force to build with O3 optimization any more, but take what was
selected by the OpenWrt build system.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The build process does not leak the user space cflags into the kernel
build process any more, this allows to activate MIPS16 builds.
This was fixed with some update of ifxos.
This decreases size of the libifxos.a and the ltq-vdsl-app
old:
78320 libifxos.a
44383 ltq-vdsl-app_4.17.18.6-2_mips_24kc.ipk
new:
66852 libifxos.a
43506 ltq-vdsl-app_4.17.18.6-2_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The split-up into packages gre, grev4 and grev6 causes confusion for the
users as reported in FS#1399.
As IPv4 and IPv6 are considered now as bundled; squash the grev4 and grev6
packages into the gre package and let gre provide both grev4 and grev6.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Fixes the assumption the busybox udhcpc applet is always enabled; in case
the symbolic link check fails the DHCP shell handler script will exit and
as result the DHCP protocol handler will not be registered in netifd.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This is to simplify maintenance. It's easy to say now which patches need
some extra work and/or sending upstream. Updating to newer backports
should be also simpler with this.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This reverts commit 79a768a90f.
Some devices can go over their power limits with this commit, so this
needs to be handled on a case by case basis instead
Signed-off-by: Felix Fietkau <nbd@nbd.name>
There was a mismatch between indicating factory reset and code actually
starting it. After 5 seconds status LED started blinking rapidly letting
user know it's ready to release reset button. In practice button had to
stay pressed for another second in order to relly start the process.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Remove RPS/XPS support from netifd core, move the logic to a hotplug
script that uses a different policy which provides better performance
and more fairness across flows
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Support config in the form of ....
add_list sendopts=router:10.10.10.2
add_list sendopts=nissrv:20.20.20.2
add_list sendopts=0x7D:abba
This allows to configure sendopts having white spaces as option value
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
With this, `mount -t efivarfs` is available and tools such as efitools
and efibootmgr will be usable.
Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
[daniel@makrotopia.org: some whitespace fixes, match From: with SoB]
As each mvebu device only uses one of the firmwares provided by mwlwifi
package, it makes sense to put them in separate packages and only install
the one that is needed.
Current mwlwifi version's firmware sizes and usages by devices:
88W8864.bin 118776 caiman, mamba, cobra, shelby
88W8897.bin 489932 (none)
88W8964.bin 449420 rango
Changes by this commit:
* indicate in title that mwlwifi also is driver for 88W8897 and 88W8964
* remove mwlwifi package's firmware installation rules
* add 3 new individual firmware packages (all depends on kmod-mwlwifi):
- mwlwifi-firmware-88w8864
- mwlwifi-firmware-88w8897
- mwlwifi-firmware-88w8964
* add firmware package to mvebu devices' DEVICE_PACKAGES accordingly
Signed-off-by: Johnny S. Lee <_@jsl.io>
[Add the used FW files to the PACKAGES of default image]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Allow building perf on uncommon targets again.
Depending on the kernel version, not all of these archs will actually use
libunwind in perf. Still, it seems simpler and less error-prone to use the
same list that is defined in the libunwind package.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Works around two incompatiblities between glibc and (POSIX-compliant) musl:
- missing register definitions from asm/ptrace.h
- non-POSIX-compliant ucontext_t on PPC32 with glibc
Compile tested on mpc85xx.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Support configuration in the form...
list ip6prefix 2001:db8:1234::/64
list ip6prefix 2001:db8:5678::/64
... to allow specifying multiple additional IPv6 prefixes.
Implements feature request FS#1361.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
As indicated in #5574 samba fails to build with linker error due to lack
of talloc_* functions when the packet libtalloc also gets build.
According to Makefile it is compiled with "--without-libtalloc" option.
Running ./configure --help shows that there is another option connected
to libtalloc: --enable/disable-external-libtalloc.
Adding this option fixes build.
Signed-off-by: Jakub Tymejczyk <jakub@tymejczyk.pl>
Remove this old patch which prevents showing the xfrm ports for SCTP
This was added in commit 60c1f0f64d ("finally move buildroot-ng to trunk")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
62d52e9 mt76: set RX_FLAG_DUP_VALIDATED for A-MPDU reordered packets
5ba5995 mt76x2: rework tx power handling
Signed-off-by: Felix Fietkau <nbd@nbd.name>
459b6932 policy: add nft translation for simple policy none/strict use case
255e55b7 tests: xlate-test: no need to require superuser privileges
6990bbc5 extensions: hashlimit: remove space before burst in translation to nft
13ecaeb0 extensions: hashlimit: Rename 'flow table' keyword to meter
c252a2b0 extensions: Add test for cluster nft translation
bda1daa4 extensions: ip6t_{S,D}NAT: add more tests
88fa4543 extensions: ip6t_{S,D}NAT: multiple to-dst/to-src arguments not reported
64a0e098 extensions: libxt_cluster: Add translation to nft
6067208f extensions: add support for 'srh' match
0f387b07 extensions: hashlimit: fix incorrect burst in translations
1ffe6a74 extensions: libxt_hashlimit: Do not print default timeout and burst
27de281d extensions: Add macro _DEFAULT_SOURCE.
75364151 iptables: Remove const qualifier from struct option.
8b0da213 iptables: masquerade: add randomize-full support
e64db006 iptables: patch to correct linker flag sequence
033eac81 extensions: libxt_tcpmss: Add test case for invalid ranges.
505bfa11 iptables: xtables-eb: Remove const qualifier from struct option
a6d6821a iptables: extensions: Fix MARK target help
71de414c libxt_sctp: fix array out of range in print_chunk
1a32381a extensions: add tests for ipcomp protocol
4bd51770 tests: xlate: print output in same way as nft-test.py
d0e3d95f libxt_recent: Remove ineffective checks for info->name
23e6ed71 libxt_TOS: add tests for translation infrastructure
9564595e Update .gitignore
bebce197 iptables: iptables-compat translation for TCPMSS
dbbab0aa extensions: libxt_tcpmss: Detect invalid ranges
0e958281 iptables-translate: add test file for TCPMSS extension
de3c68b6 iptables-compat: do not allow to delete populated user define chains
f4b80ce7 iptables: change large file support handling
f5b46c2f iptables: Constify option struct
21ba5b38 ip{,6}tables-restore: Don't accept wait-interval without wait
60e0ffd3 ip{,6}tables-restore: Don't ignore missing wait-interval value
af468b6e utils: Add a man page for nfnl_osf
1773dcaa utils: nfnl_osf: Fix synopsis in help text
895ce096 extensions: libxt_bpf: fix missing __NR_bpf declaration
3c633296 xtables-compat-restore: fix translation of mangle's OUTPUT
1c32e560 netfilter: xt_hashlimit: add rate match mode
b5331f88 xtables-compat: fix memory leak when listing
91ae12e3 xtables-compat-restore: fix several memory leaks
79e1edd1 iptables-xml: Fix segfault on jump without a target
c49a93f1 xtables-translate: fix double space before comment
79fa7cc2 libip6t_icmp6: xlate: remove leftover space
8e62f572 tests: xlate: generalize owner
8d994bcf iptables: Add file output option to iptables-save
f8e5ebc5 iptables: Fix crash on malformed iptables-restore
80d8bfaa iptables: insist that the lock is held.
c29d99c8 libxtables: Display weird character warning for wildcards
1fe96cfb tests: xlate: check if it is being run as root
3f92b259 tests: xlate: remove python 3.5 dependency
d89dc47a iptables-restore/save: exit when given an unknown option
65801d02 iptables-restore.8: document -w/-W options
9cd3adbe iptables-restore/ip6tables-restore: add --version/-V argument
1ec1fb7a extensions: libxt_hashlimit: fix 64-bit printf formats
27f69f4a iptables: extensions: Remove typedef in struct.
340105fa tests: add regression tests for xtables-translate
b669e184 extensions: libxt_TOS: Add translation to nft
b2a84476 iptables: Remove unnecessary braces.
2963a8df iptables: Remove explicit static variables initalization.
1cf4ba6f iptables: Constify option struct
999eaa24 iptables-restore: support acquiring the lock.
6e2e169e iptables: remove duplicated argument parsing code
836846f0 iptables: move XT_LOCK_NAME from CFLAGS to config.h.
b91af533 iptables: set the path of the lock file via a configure option.
0e94eb2e iptables-translate: print nft iff there are more expanded rules to print
48ad179b libxtables: abolish AI_CANONNAME
9f50bbdf libxtables: remove unnecessary nesting from host_to_ip(6)addr
c6df55d6 iptables-translate: print nft command for each expand rules via dns names
82dacbb8 xtables-translate: Avoid querying the kernel
9f972f45 extensions: libxt_addrtype: Add translation to nft
2c8e251e utils: nfsynproxy: fix build with musl libc
9b8cb756 libiptc: don't set_changed() when checking rules with module jumps
eb66632d extensions: libxt_hashlimit: Add translation to nft
72bb3dbf xshared: using the blocking file lock request when we wait indefinitely
24f81746 xshared: do not lock again and again if "-w" option is not specified
fc3c3b4e libxt_hashlimit: add new unit test to catch kernel bug
516d9191 iptables: update pf.os
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
This makes it possible to add an iptables rule that offloads routing/NAT
packet processing to a software fast path. This fast path is much
quicker than running packets through the regular tables/chains.
Requires Linux 4.14
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This only works with nftables for now, iptables support will be added
later. Includes a number of related upstream nftables improvements to
simplify backporting follow-up changes
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
If the auth or assoc request was denied the reason
was always WLAN_STATUS_UNSPECIFIED_FAILURE.
That's why for example the wpa supplicant was always
trying to reconnect to the AP.
Now it's possible to give reasoncodes why the auth
or assoc was denied.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add Wireless Network Management (IEEE 802.11v)
support to:
- hostapd-full
- wpa_supplicant-full
It must be enabled at runtime via UCI with:
- option ieee80211v '1'
Add UCI support for:
- time_advertisement
- time_zone
- wnm_sleep_mode
- bss_transition
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Neighbor reports are enabled implicitly on use, beacon reports and BSS
transition management need to be enabled explicitly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This is fixing multiple compile problems with kernel 4.14 and updates the
code to take care of changes introduced between kernel 4.9 and 4.14.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Mathias Kresin <dev@kresin.me>