aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mpc85xx: convert TL-WDR4900 v1 to simpleImageChristian Lamparter2019-06-108-212/+165
| | | | | | | | | | | | | | | | | Converts the TP-Link WDR4900 v1 to use the simpleImage in the hopes of prolonging the life of the device. While at it, the patch makes the fdt.bin an ARTIFACT and sets the KERNEL_SIZE to 2684 KiB as a precaution since the stock u-boot is using a fixed kernel size. Note: Give the image some time, it will take much longer to extract and boot. [tested for 4.14/4.19] Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Co-authored-by: Pawel Dembicki <paweldembicki@gmail.com> Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
* config: add xfrm interface support scriptsAndré Valentin2019-06-102-0/+103
| | | | | | | | | | | | | | | | | | | | | | | | This package adds scripts for xfrm interfaces support. Example configuration via /etc/config/network: config interface 'xfrm0' option proto 'xfrm' option mtu '1300' option zone 'VPN' option tunlink 'wan' option ifid 30 config interface 'xfrm0_static' option proto 'static' option ifname '@xfrm0' option ip6addr 'fe80::1/64' option ipaddr '10.0.0.1/30' Now set in strongswan IPsec policy: if_id_in = 30 if_id_out = 30 Signed-off-by: André Valentin <avalentin@marcant.net>
* curl: update to 7.65.1Hans Dedecker2019-06-101-2/+2
| | | | | | For changes in 7.65.1; see https://curl.haxx.se/changes.html#7_65_1 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netsupport: add xfrmi interface supportAndré Valentin2019-06-091-0/+16
| | | | | | | | Add support for xfrm interfaces in kernel. XFRM interfaces are used by the IPsec stack for tunneling. XFRM interfaces are available since linux 4.19. Signed-off-by: André Valentin <avalentin@marcant.net>
* kirkwood: image: fix unwanted 2nd inclusion of kernelPetr Štetiar2019-06-091-5/+5
| | | | | | | | | | | | | | | | | | | In commit d2e18dae2892 ("kirkwood: cleanup image build code") the image build code was refactored, setting KERNEL_IN_UBI=0 which doesn't work as the KERNEL_IN_UBI needs to be unset in order to make it working as intended, which leads to factory images with two kernels in them: binwalk --keep-going openwrt-kirkwood-cisco_on100-squashfs-factory.bin MD5 Checksum: c33e3d1eb0cb632bf0a4dc287592eb70 DECIMAL HEX DESCRIPTION ------------------------------------------------------------------------------- 0 0x0 uImage header [...] "ARM OpenWrt Linux-4.14.123" 5769216 0x580800 uImage header [...] "ARM OpenWrt Linux-4.14.123" Cc: Mathias Kresin <dev@kresin.me> Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2285 Fixes: d2e18dae2892 ("kirkwood: cleanup image build code") Signed-off-by: Petr Štetiar <ynezz@true.cz>
* gpio-button-hotplug: gpio-keys: fix always missing first eventPetr Štetiar2019-06-091-9/+2
| | | | | | | | | | | | | Commit afc056d7dc83 ("gpio-button-hotplug: support interrupt properties") changed the gpio-keys interrupt handling logic in a way, that it always misses first event, which causes issues with rc.button scripts, so this patch restores the previous behaviour. Fixes: afc056d7dc83 ("gpio-button-hotplug: support interrupt properties") Reported-by: Kristian Evensen <kristian.evensen@gmail.com> Tested-by: Kuan-Yi Li <kyli.tw@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [drop state check]
* gpio-button-hotplug: fix wrong initial seen valuePetr Štetiar2019-06-091-0/+3
| | | | | | | | | | | | | | | Currently the generated event contains wrong seen value, when the button is pressed for the first time: rmmod gpio_button_hotplug; modprobe gpio_button_hotplug [ pressing the wps key immediately after modprobe ] gpio-keys: create event, name=wps, seen=1088, pressed=1 So this patch adds a check for this corner case and makes seen=0 if the button is pressed for the first time. Tested-by: Kuan-Yi Li <kyli.tw@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* gpio-button-hotplug: use pr_debug and pr_errPetr Štetiar2019-06-091-17/+6
| | | | | | | pr_debug can be used with dynamic debugging. Tested-by: Kuan-Yi Li <kyli.tw@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* dnsmasq: skip options that are not compiled inYousong Zhou2019-06-092-3/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is to make life easier for users with customized build of dnsmasq-full variant. Currently dnsmasq config generated by current service script will be rejected by dnsmasq build lacking DHCP feature - Options like --dhcp-leasefile have default values. Deleting them from uci config or setting them to empty value will make them take on default value in the end - Options like --dhcp-broadcast are output unconditionally Tackle this by - Check availablility of features from output of "dnsmasq --version" - Make a list of options guarded by HAVE_xx macros in src/options.c of dnsmasq source code - Ignore these options in xappend() Two things to note in this implementation - The option list is not exhaustive. Supposedly only those options that may cause dnsmasq to reject with "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)" are taken into account here - This provides a way out but users' cooperation is still needed. E.g. option dnssec needs to be turned off, otherwise the service script will try to add --conf-file pointing to dnssec specific anchor file which dnsmasq lacking dnssec support will reject Resolves FS#2281 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netifd: xfrm tunnel supportHans Dedecker2019-06-081-3/+3
| | | | | | 8c6358b netifd: add xfrm tunnel interface support Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* busybox: add ALTERNATIVES for brctlKonstantin Demin2019-06-081-1/+2
| | | | | | | | Busybox brctl applet conflicts with the version from bridge-utils. Fix this by using ALTERNATIVE support for brctl in busybox. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* tools/ccache: update to 3.7.1Deng Qingfang2019-06-082-3/+3
| | | | | | | | | Update ccache to 3.7.1 Release notes: https://ccache.dev/releasenotes.html#_ccache_3_7_1 Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* kernel: re-add bridge allow reception on disabled portChen Minqiang2019-06-073-9/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The "bridge allow reception on disabled port" implementation was broken after these commits: 08802d93e2c1 ("kernel: bump 4.19 to 4.19.37") b765f4be407c ("kernel: bump 4.14 to 4.14.114") 456f486b53a7 ("kernel: bump 4.9 to 4.9.171") This leads to issues when for example WDS is used, tied to a bridge: [ 96.503771] wlan1: send auth to d4:5f:25:eb:09:82 (try 1/3) [ 96.517956] wlan1: authenticated [ 96.526209] wlan1: associate with d4:5f:25:eb:09:82 (try 1/3) [ 97.086156] wlan1: associate with d4:5f:25:eb:09:82 (try 2/3) [ 97.200919] wlan1: RX AssocResp from d4:5f:25:eb:09:82 (capab=0x11 status=0 aid=1) [ 97.208706] wlan1: associated [ 101.312913] wlan1: deauthenticated from d4:5f:25:eb:09:82 (Reason: 2=PREV_AUTH_NOT_VALID) It seems upstream introduced a new patch, [1] so we have to reimplement these patches properly: target/linux/generic/pending-4.9/150-bridge_allow_receiption_on_disabled_port.patch target/linux/generic/pending-4.14/150-bridge_allow_receiption_on_disabled_port.patch target/linux/generic/pending-4.19/150-bridge_allow_receiption_on_disabled_port.patch [1] https://lkml.org/lkml/2019/4/24/1228 Fixes: 08802d93e2c1 ("kernel: bump 4.19 to 4.19.37") Fixes: b765f4be407c ("kernel: bump 4.14 to 4.14.114") Fixes: 456f486b53a7 ("kernel: bump 4.9 to 4.9.171") Signed-off-by: Chen Minqiang <ptpt52@gmail.com> [updated commit message and title] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* iproute2: add tc action ctinfo supportKevin Darbyshire-Bryant2019-06-072-1/+595
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the userspace control portion of the backported kernelspace act_ctinfo. ctinfo is a tc action restoring data stored in conntrack marks to various fields. At present it has two independent modes of operation, restoration of DSCP into IPv4/v6 diffserv and restoration of conntrack marks into packet skb marks. It understands a number of parameters specific to this action in additional to the usual action syntax. Each operating mode is independent of the other so all options are optional, however not specifying at least one mode is a bit pointless. Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE] [CONTROL] [index <INDEX>] DSCP mode dscp enables copying of a DSCP stored in the conntrack mark into the ipv4/v6 diffserv field. The mask is a 32bit field and specifies where in the conntrack mark the DSCP value is located. It must be 6 contiguous bits long. eg. 0xfc000000 would restore the DSCP from the upper 6 bits of the conntrack mark. The DSCP copying may be optionally controlled by a statemask. The statemask is a 32bit field, usually with a single bit set and must not overlap the dscp mask. The DSCP restore operation will only take place if the corresponding bit/s in conntrack mark ANDed with the statemask yield a non zero result. eg. dscp 0xfc000000 0x01000000 would retrieve the DSCP from the top 6 bits, whilst using bit 25 as a flag to do so. Bit 26 is unused in this example. CPMARK mode cpmark enables copying of the conntrack mark to the packet skb mark. In this mode it is completely equivalent to the existing act_connmark action. Additional functionality is provided by the optional mask parameter, whereby the stored conntrack mark is logically ANDed with the cpmark mask before being stored into skb mark. This allows shared usage of the conntrack mark between applications. eg. cpmark 0x00ffffff would restore only the lower 24 bits of the conntrack mark, thus may be useful in the event that the upper 8 bits are used by the DSCP function. Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE] [CONTROL] [index <INDEX>] where : dscp MASK is the bitmask to restore DSCP STATEMASK is the bitmask to determine conditional restoring cpmark MASK mask applied to restored packet mark ZONE is the conntrack zone CONTROL := reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX> Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: backport act_ctinfoKevin Darbyshire-Bryant2019-06-063-2/+1211
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ctinfo is a new tc filter action module. It is designed to restore information contained in firewall conntrack marks to other packet fields and is typically used on packet ingress paths. At present it has two independent sub-functions or operating modes, DSCP restoration mode & skb mark restoration mode. The DSCP restore mode: This mode copies DSCP values that have been placed in the firewall conntrack mark back into the IPv4/v6 diffserv fields of relevant packets. The DSCP restoration is intended for use and has been found useful for restoring ingress classifications based on egress classifications across links that bleach or otherwise change DSCP, typically home ISP Internet links. Restoring DSCP on ingress on the WAN link allows qdiscs such as but by no means limited to CAKE to shape inbound packets according to policies that are easier to set & mark on egress. Ingress classification is traditionally a challenging task since iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT lookups, hence are unable to see internal IPv4 addresses as used on the typical home masquerading gateway. Thus marking the connection in some manner on egress for later restoration of classification on ingress is easier to implement. Parameters related to DSCP restore mode: dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the conntrack mark field contain the DSCP value to be restored. statemask - a 32 bit mask of (usually) 1 bit length, outside the area specified by dscpmask. This represents a conditional operation flag whereby the DSCP is only restored if the flag is set. This is useful to implement a 'one shot' iptables based classification where the 'complicated' iptables rules are only run once to classify the connection on initial (egress) packet and subsequent packets are all marked/restored with the same DSCP. A mask of zero disables the conditional behaviour ie. the conntrack mark DSCP bits are always restored to the ip diffserv field (assuming the conntrack entry is found & the skb is an ipv4/ipv6 type) e.g. dscpmask 0xfc000000 statemask 0x01000000 |----0xFC----conntrack mark----000000---| | Bits 31-26 | bit 25 | bit24 |~~~ Bit 0| | DSCP | unused | flag |unused | |-----------------------0x01---000000---| | | | | ---| Conditional flag v only restore if set |-ip diffserv-| | 6 bits | |-------------| The skb mark restore mode (cpmark): This mode copies the firewall conntrack mark to the skb's mark field. It is completely the functional equivalent of the existing act_connmark action with the additional feature of being able to apply a mask to the restored value. Parameters related to skb mark restore mode: mask - a 32 bit mask applied to the firewall conntrack mark to mask out bits unwanted for restoration. This can be useful where the conntrack mark is being used for different purposes by different applications. If not specified and by default the whole mark field is copied (i.e. default mask of 0xffffffff) e.g. mask 0x00ffffff to mask out the top 8 bits being used by the aforementioned DSCP restore mode. |----0x00----conntrack mark----ffffff---| | Bits 31-24 | | | DSCP & flag| some value here | |---------------------------------------| | | v |------------skb mark-------------------| | | | | zeroed | | |---------------------------------------| Overall parameters: zone - conntrack zone control - action related control (reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX>) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Make suitable adjustments for backporting to 4.14 & 4.19 and add to SCHED_MODULES_FILTER Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* layerscape: update patches-4.14 to LSDK 19.03Biwen Li2019-06-0638-6688/+28071
| | | | | | | | | | | | | | | | | | | | All patches of LSDK 19.03 were ported to Openwrt kernel. We still used an all-in-one patch for each IP/feature for OpenWrt. Below are the changes this patch introduced. - Updated original IP/feature patches to LSDK 19.03. - Added new IP/feature patches for eTSEC/PTP/TMU. - Squashed scattered patches into IP/feature patches. - Updated config-4.14 correspondingly. - Refreshed all patches. More info about LSDK and the kernel: - https://lsdk.github.io/components.html - https://source.codeaurora.org/external/qoriq/qoriq-components/linux Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: fix u-boot bootcmdBiwen Li2019-06-063-0/+84
| | | | | | | | | | | Current latest LSDK-19.03 u-boot had a bug that bootcmd environment was always been reset when u-boot started up. This was found on boards with spi NOR boot. Before the proper fix-up is applied, we have to use a workaround to hard code the bootcmd for OpenWrt booting for now. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: drop ppa packageYangbo Lu2019-06-061-84/+0
| | | | | | Drop ppa package since TF-A is used instead. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: convert to use TF-A for firmwareBiwen Li2019-06-068-69/+59
| | | | | | | | | | This patch is to convert to use TF-A for firmware. - Use un-swapped rcw since swapping will be done in TF-A. - Use u-boot with TF-A defconfig. - Rework memory map for TF-A introduction. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: add ARM Trusted Firmware packageBiwen Li2019-06-061-0/+140
| | | | | | | Add TF-A packages for Layerscape to implement trusted firmware. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: add rcw packages for ls1043ardb/ls1046ardb SD bootBiwen Li2019-06-061-0/+12
| | | | | | | Add rcw packages for ls1043ardb/ls1046ardb SD boot. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: drop armv8_32b supportYangbo Lu2019-06-067-1155/+1
| | | | | | | NXP LSDK has decided to drop armv8_32b support considering few users are using it. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: update restool to LSDK 19.03Yangbo Lu2019-06-061-3/+3
| | | | | | Update restool to LSDK 19.03. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: update u-boot to LSDK 19.03Biwen Li2019-06-061-3/+3
| | | | | | | Update u-boot to LSDK 19.03. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: update ppfe-firmware to LSDK 19.03Biwen Li2019-06-061-3/+3
| | | | | | | Update ppfe-firmware to LSDK 19.03. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: update ls-rcw to LSDK 19.03Biwen Li2019-06-061-3/+3
| | | | | | | Update ls-rcw to LSDK 19.03. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: update ls-mc to LSDK 19.03Biwen Li2019-06-061-5/+5
| | | | | | | Update to ls-mc to LSDK 19.03. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: update ls-dpl to LSDK 19.03Biwen Li2019-06-061-3/+3
| | | | | | | Update ls-dpl to LSDK 19.03. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: update fman-ucode to LSDK 19.03Biwen Li2019-06-061-2/+2
| | | | | | | The source code was same from lsdk-1806 to lsdk-1903. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: remove POSIX_MQUEUE configsYangbo Lu2019-06-063-6/+0
| | | | | | | The POSIX_MQUEUE configs had been handled by OpenWrt configuration. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* kernel: handle CFQ_GROUP_IOSCHED/CGROUP_HUGETLB in config-4.14Yangbo Lu2019-06-061-0/+2
| | | | | | | | The generic config-4.14 should handle below configs. - CONFIG_CFQ_GROUP_IOSCHED - CONFIG_CGROUP_HUGETLB Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* kernel: add package for atusb wpan moduleSebastian Meiling2019-06-061-0/+11
| | | | | | | | This adds a new package for the kernel module of the ATUSB WPAN driver. Signed-off-by: Sebastian Meiling <s@mlng.net> [fixed SoB: and From: mismatch] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* brcm63xx: DVA-G3810BN/TL: Fix the WAN ethernet portDaniel Gonzalez Cabanelas2019-06-0638-98/+96
| | | | | | | | | | | The WAN port has the wrong configuration in the kernel for the DVA-G3810BN/TL The WAN port uses the internal phy, but it isn't enabled at the kernel board data. Fix it. Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com> Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* build: fix external module symbol collection if build_dir is a symlinkRoman Yeryomin2019-06-061-1/+4
| | | | | | | | | | | | | | | | e26ffb31dfa30d498b963a86d231835e3af7d3df fixed only embedded modules symbol collection. If we are building external modules, like broadcom-wl or lantiq dsl stuff then modules which do EXPORT_SYMBOL have unresolved paths in Module.symvers and external module which depend on other external modules will have empty dependencies, leading to broken module loading. This was discussed on IRC with Jonas some time ago. Fix this by handling both resolved and unresolved paths. Fixes: e26ffb31dfa3 ("build: fix module symbol collection if build_dir is a symlink") Signed-off-by: Roman Yeryomin <roman@advem.lv> [jonas.gorski@gmail.com: add appropriate fixes tag] Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* Revert "kernel: backport act_ctinfo"Kevin Darbyshire-Bryant2019-06-063-1210/+1
| | | | | | | | | | This reverts commit 7c50182e0cdce0366715082872a2afbcf208bbf8. Produces build error: Package kmod-sched is missing dependencies for the following libraries: nf_conntrack.ko Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* rpcd: fix init script reload actionJo-Philipp Wich2019-06-062-6/+3
| | | | | | | Drop the legacy start() and stop() procedures and define a proper reload signal action instead. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: backport act_ctinfoKevin Darbyshire-Bryant2019-06-063-1/+1210
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ctinfo is a new tc filter action module. It is designed to restore information contained in firewall conntrack marks to other packet fields and is typically used on packet ingress paths. At present it has two independent sub-functions or operating modes, DSCP restoration mode & skb mark restoration mode. The DSCP restore mode: This mode copies DSCP values that have been placed in the firewall conntrack mark back into the IPv4/v6 diffserv fields of relevant packets. The DSCP restoration is intended for use and has been found useful for restoring ingress classifications based on egress classifications across links that bleach or otherwise change DSCP, typically home ISP Internet links. Restoring DSCP on ingress on the WAN link allows qdiscs such as but by no means limited to CAKE to shape inbound packets according to policies that are easier to set & mark on egress. Ingress classification is traditionally a challenging task since iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT lookups, hence are unable to see internal IPv4 addresses as used on the typical home masquerading gateway. Thus marking the connection in some manner on egress for later restoration of classification on ingress is easier to implement. Parameters related to DSCP restore mode: dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the conntrack mark field contain the DSCP value to be restored. statemask - a 32 bit mask of (usually) 1 bit length, outside the area specified by dscpmask. This represents a conditional operation flag whereby the DSCP is only restored if the flag is set. This is useful to implement a 'one shot' iptables based classification where the 'complicated' iptables rules are only run once to classify the connection on initial (egress) packet and subsequent packets are all marked/restored with the same DSCP. A mask of zero disables the conditional behaviour ie. the conntrack mark DSCP bits are always restored to the ip diffserv field (assuming the conntrack entry is found & the skb is an ipv4/ipv6 type) e.g. dscpmask 0xfc000000 statemask 0x01000000 |----0xFC----conntrack mark----000000---| | Bits 31-26 | bit 25 | bit24 |~~~ Bit 0| | DSCP | unused | flag |unused | |-----------------------0x01---000000---| | | | | ---| Conditional flag v only restore if set |-ip diffserv-| | 6 bits | |-------------| The skb mark restore mode (cpmark): This mode copies the firewall conntrack mark to the skb's mark field. It is completely the functional equivalent of the existing act_connmark action with the additional feature of being able to apply a mask to the restored value. Parameters related to skb mark restore mode: mask - a 32 bit mask applied to the firewall conntrack mark to mask out bits unwanted for restoration. This can be useful where the conntrack mark is being used for different purposes by different applications. If not specified and by default the whole mark field is copied (i.e. default mask of 0xffffffff) e.g. mask 0x00ffffff to mask out the top 8 bits being used by the aforementioned DSCP restore mode. |----0x00----conntrack mark----ffffff---| | Bits 31-24 | | | DSCP & flag| some value here | |---------------------------------------| | | v |------------skb mark-------------------| | | | | zeroed | | |---------------------------------------| Overall parameters: zone - conntrack zone control - action related control (reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX>) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Make suitable adjustments for backporting to 4.14 & 4.19 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* rpcd: update to the latest git headPetr Štetiar2019-06-061-3/+3
| | | | | | | 89bfaa424606 Fix possible linker errors by using CMake find_library macro 569284a119f9 session: handle NULL return values of crypt() Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: bump 4.19 to 4.19.48Koen Vandeputte2019-06-0510-19/+19
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: generic: make kernel-debug.tar.bz2 usable againPetr Štetiar2019-06-053-72/+0
| | | | | | | | | | | This patch removes 202-reduce_module_size.patch which is causing missing debug symbols in kernel modules, leading to unusable kernel-debug.tar.bz2 on all platforms, making debugging of release kernel crashes difficult. Cc: Felix Fietkau <nbd@nbd.name> Acked-by: Jonas Gorski <jonas.gorski@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ramips: add support for TOTOLINK LR1200Chuanhong Guo2019-06-053-0/+165
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specifications: - SoC: MT7628DAN (MT7628AN with 64MB built-in RAM) - Flash: 8M SPI NOR - Ethernet: 5x 10/100Mbps - WiFi: 2.4G: MT7628 built-in 5G: MT7612E - 1x miniPCIe slot for LTE modem (only USB pins connected) - 1x SIM slot Flash instruction: U-boot has a builtin web recovery page: 1. Hold the reset button while powering it up 2. Connect to the ethernet and set an IP in 192.168.1.0/24 range 3. Open your browser and upload firmware through http://192.168.1.1 Note about the LTE modem: If your router comes with an EC25 module and it doesn't show up as a QMI device, you should do the following to switch it to QMI mode: 1. Install kmod-usb-serial-option and a terminal software (e.g. minicom or screen). All 4 serial ports of the modem should be available now. 2. Open /dev/ttyUSB3 with the terminal software and type this AT command: AT+QCFG="usbnet",0 3. Power-cycle the router. You should now get a QMI device recognized. Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* ath79: add support for 8devices Carambola2 development boardRytis Zigmantavičius2019-06-053-0/+148
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specifications: - Atheros AR9331 (400 MHz) - 64 MB of RAM (DDR2) - 16 MB of Flash (SPI) - 1T1R 2.4 Wlan (AR9331) - 2x 10/100 Mbps Ethernet - 3x LEDs, 1x gpio button - 1x USB 2.0, 5V - UART over usb, 115200n8 Upgrading from ar71xx target: - Put image into board: scp openwrt-ath79-generic-8dev_carambola2-squashfs-sysupgrade.bin \ root@192.168.1.1/tmp/ - Run sysupgrade sysupgrade /tmp/sysupgrade.bin Upgrading from u-boot: - Set up tftp server with sysupgrade.bin image - Go to u-boot (reboot and press ESC when prompted) - Set TFTP server IP setenv serverip 192.168.1.254 - Set device ip from same subnet setenv ipaddr 192.168.1.1 - Copy new firmware to board tftpboot 0x81000000 sysupgrade.bin - erase flash erase 0x9f050000 +${filesize} - flash firmware cp.b 0x81000000 0x9f050000 ${filesize} - Reset board reset Signed-off-by: Rytis Zigmantavičius <rytis.z@8devices.com> [wrapped long line in commit description, whitespace and art address fix in DTS, keep default lan/wan setup, removed -n in sysupgrade] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ath79: Add support for ZBT-WD323Kristian Evensen2019-06-055-0/+186
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ZBT-WD323 is a dual-LTE router based on AR9344. The detailed specifications are: * AR9344 560MHz/450MHz/225MHz (CPU/DDR/AHN). * 128 MB RAM * 16MB of flash(SPI-NOR, 22MHz) * 1x 2.4GHz wifi (Atheros AR9340) * 3x 10/100Mbos Ethernet (AR8229) * 1x USB2.0 port * 2x miniPCIe-slots (USB2.0 only) * 2x SIM slots (standard size) * 4x LEDs (1 gpio controlled) * 1x reset button * 1x 10 pin terminal block (RS232, RS485, 4x GPIO) * 2x CP210x UART bridge controllers (used for RS232 and RS485) * 1x 2 pin 5mm industrial interface (input voltage 12V~36V) * 1x DC jack * 1x RTC (PCF8563) Tested: - Ethernet switch - Wifi - USB port - MiniPCIe-slots (+ SIM slots) - Sysupgrade - Reset button - RS232 Intallation and recovery: The board ships with OpenWRT, but sysupgrade does not work as a different firmware format than what is expected is generated. The easiest way to install (and recover) the router, is to use the web-interface provided by the bootloader (Breed). While the interface is in Chinese, it is easy to use. First, in order to access the interface, you need to hold down the reset button for around five seconds. Then, go to 192.168.1.1 in your browser. Click on the second item in the list on the left to access the recovery page. The second item on the next page is where you select the firmware. Select the menu item containing "Atheros SDK" and "16MB" in the dropdown close to the buttom, and click on the button at the bottom to start installation/recovery. Notes: * RS232 is available on /dev/ttyUSB0 and RS485 on /dev/ttyUSB1 Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com> [removed unused poll-interval from gpio-keys, i2c-gpio 4.19 compat] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ath79: fix default config for devices with eth0/eth1 swappedChuanhong Guo2019-06-052-70/+56
| | | | | | | | | | | | | | | | also fix the following problems in this commit: glinet,gl-ar150: This router uses an uncommon order of setting up gmacs in ar71xx. gmac0 is preferred to be wan port because of the additional link status info available. So this router will have eth0/eth1 swapped comparing to ar71xx. tplink,tl-wr710n-v1: same as gl-ar150 embeddedwireless,dorin: eth0 is used as switch port, which was incorrect. It's correct now, so keep this one untouched. tplink,tl-wr842n-v1: we don't swap PHYs on ar7241 so the original port order is incorrect. reorder archer-a7-v5 entry. Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* ath79: dts: drop "simple-mfd" for gmacs in SoC dtsiChuanhong Guo2019-06-057-10/+10
| | | | | | | | | | | | With a proper probe deferring for ag71xx we don't need to explicitly probe mdio1 before gmac0. Drop all "simple-mfd" in SoC dtsi so that gmac orders can be the same as ar71xx. This makes eth0/eth1 order the same as those in ar71xx, which means we don't need a migration script for this anymore and we can merge incorrectly split gmac/mdio driver back together. Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* ath79: ag71xx: defer probe if of_phy_connect failedChuanhong Guo2019-06-051-2/+2
| | | | | | | | | gmac0 may need a phy on builtin switch, which can be unavailable if gmac0 is probed before builtin switch. Return -EPROBE_DEFER in this case so that gmac0 can be probed later. Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* ath79: rework LED configurations for tplink,archer-d50-v1Chuanhong Guo2019-06-051-3/+3
| | | | | | | | | | | | The original one has the following problem: 1. Port mask of lan led includes wan port. 2. By using netdev trigger with vlan port, the link led is always on. This commits fixes the above problems by correcting port mask for lan led and use swconfig trigger for wan leds. Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* ramips: mt7620: fix 5GHz WiFi LED on DWR-118-A1Pawel Dembicki2019-06-051-0/+5
| | | | | | | | | Support for D-Link DWR-118 A1 was added before LEDs feature in mt76x0e driver. This fixes the 5GHz WiFi LED which was previously inverted. Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
* ar71xx: ag71xx: update ethtool supportPetr Štetiar2019-06-051-34/+14
| | | | | | | | | | Remove references to broken and mostly deprecated phy_ethtool_ioctl, use new {s,g}et_link_ksettings and add nway_reset which was previously handled in phy_ethtool_ioctl. Cc: John Crispin <john@phrozen.org> Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1982 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ath79: ag71xx: update ethtool supportPetr Štetiar2019-06-051-26/+14
| | | | | | | | | | | | ethtool doesn't work currently as phy_ethtool_ioctl expects user space pointer, but it's being passed kernel one. Fixing it doesn't make sense as {s,g}et_settings were deprecated anyway. So let's rather remove phy_ethtool_ioctl and use new {s,g}et_link_ksettings instead. While at it, update nway_reset as well. Cc: John Crispin <john@phrozen.org> Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1982 Signed-off-by: Petr Štetiar <ynezz@true.cz>