aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* firmware-utils: fix possible memory leak and resource leakAndrea Dalla Costa2020-01-141-0/+3
| | | | | | | | | | Add missing calls to `free` for variable `buffer`. This could lead to a memory leak. Add missing call to `close` for file pointer `fdin`. This could lead to a resource leak. Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
* firmware-utils/dgfirmare: fix possible resource leakAndrea Dalla Costa2020-01-141-0/+6
| | | | | | | | Add missing calls to `fclose` in functions `write_img`, `write_rootfs` and `write_kernel`. The not-closed files could lead to resource leaks. Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
* hostapd: add support for subject validationDavid Lam2020-01-142-1/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The wpa_supplicant supports certificate subject validation via the subject match(2) and altsubject_match(2) fields. domain_match(2) and domain_suffix_match(2) fields are also supported for advanced matches. This validation is especially important when connecting to access points that use PAP as the Phase 2 authentication type. Without proper validation, the user's password can be transmitted to a rogue access point in plaintext without the user's knowledge. Most organizations already require these attributes to be included to ensure that the connection from the STA and the AP is secure. Includes LuCI changes via openwrt/luci#3444. From the documentation: subject_match - Constraint for server certificate subject. This substring is matched against the subject of the authentication server certificate. If this string is set, the server sertificate is only accepted if it contains this string in the subject. The subject string is in following format: /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as .example.com subject_match2 - Constraint for server certificate subject. This field is like subject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. altsubject_match - Constraint for server certificate alt. subject. Semicolon separated string of entries to be matched against the alternative subject name of the authentication server certificate. If this string is set, the server sertificate is only accepted if it contains one of the entries in an alternative subject name extension. altSubjectName string is in following format: TYPE:VALUE Example: EMAIL:server@example.com Example: DNS:server.example.com;DNS:server2.example.com Following types are supported: EMAIL, DNS, URI altsubject_match2 - Constraint for server certificate alt. subject. This field is like altsubject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. domain_match - Constraint for server domain name. If set, this FQDN is used as a full match requirement for the server certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same full match comparison. This behavior is similar to domain_suffix_match, but has the requirement of a full match, i.e., no subdomains or wildcard matches are allowed. Case-insensitive comparison is used, so "Example.com" matches "example.com", but would not match "test.Example.com". More than one match string can be provided by using semicolons to separate the strings (e.g., example.org;example.com). When multiple strings are specified, a match with any one of the values is considered a sufficient match for the certificate, i.e., the conditions are ORed together. domain_match2 - Constraint for server domain name. This field is like domain_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. domain_suffix_match - Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for the AAA server certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same suffix match comparison. Suffix match here means that the host/domain name is compared one label at a time starting from the top-level domain and all the labels in domain_suffix_match shall be included in the certificate. The certificate may include additional sub-level labels in addition to the required labels. More than one match string can be provided by using semicolons to separate the strings (e.g., example.org;example.com). When multiple strings are specified, a match with any one of the values is considered a sufficient match for the certificate, i.e., the conditions are ORed together. For example, domain_suffix_match=example.com would match test.example.com but would not match test-example.com. This field is like domain_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. domain_suffix_match2 - Constraint for server domain name. This field is like domain_suffix_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Signed-off-by: David Lam <david@thedavid.net>
* netfilter: package required kmods for nftablesJo-Philipp Wich2020-01-141-13/+15
| | | | | | | | | | | | | Package new kmods "nf_tables_set" and "nft_objref" which got introduced with kernel 4.18 and restrict the old "nft_set_rbtree" and "nft_set_hash" modules to sub-4.18 versions. Also reorder the nftables related netfilter.mk entries alphabetically while touching this code section. Fixes: FS#2699 Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2699#comment7450 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mac80211: fix list_phy_interfaces for multiple wiphys on the same deviceFelix Fietkau2020-01-141-1/+10
| | | | | | | Network interfaces are looked up based on the device behind a phy, so the phy needs to be checked separately Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix a page refcounting issue leading to leaks/crashes in rx A-MSDU ↵Felix Fietkau2020-01-141-0/+25
| | | | | | decap Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix sta TID stats leak on a few nl80211 callsFelix Fietkau2020-01-142-0/+43
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: renumber subsys patches accepted upstreamFelix Fietkau2020-01-144-0/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mediatek: split base-files into subtargetsAdrian Schmutzler2020-01-146-27/+81
| | | | | | | | | | | | | | | This splits some base-files across subtargets, as done previously on ath79 and ramips and also introduced for mt7629 subtarget here already. Most of the existing base-files content is specific to mt7623. While at it, apply the following fixes: - Remove lots of trailing whitespaces - Remove wildcard on unielec,u7623-02-emmc-512m - Remove inconsistent quotation marks in cases Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Acked-by: John Crispin <john@phrozen.org>
* ipq40xx: add support for Aruba AP-303HDavid Bauer2020-01-146-3/+443
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Aruba AP-303H is the hospitality version of the Aruba AP-303 with a POE-passthrough enabled ethernet switch instead of a sigle PHY. Hardware -------- SoC: Qualcomm IPQ4029 RAM: 512M DDR3 FLASH: - 128MB SPI-NAND (Macronix) - 4MB SPI-NOR (Macronix MX25R3235F) TPM: Atmel AT97SC3203 BLE: Texas Instruments CC2540T attached to ttyMSM1 ETH: Qualcomm QCA8075 LED: WiFi (amber / green) System (red / green /amber) PSE (green) BTN: Reset USB: USB 2.0 To connect to the serial console, you can solder to the labled pads next to the USB port or use your Aruba supplied UARt adapter. Do NOT plug a standard USB cable into the Console labled USB-port! Aruba/HPE simply put UART on the micro-USB pins. You can solder yourself an adapter cable: VCC - NC D+ - TX D- - RX GND - GND The console setting in bootloader and OS is 9600 8N1. Voltage level is 3.3V. To enable a full list of commands in the U-Boot "help" command, execute the literal "diag" command. Installation ------------ 1. Get the OpenWrt initramfs image. Rename it to ipq40xx.ari and put it into the TFTP server root directory. Configure the TFTP server to be reachable at 192.168.1.75/24. Connect the machine running the TFTP server to the E0 (!) ethernet port of the access point, as it only tries to pull from the WAN port. 2. Connect to the serial console. Interrupt autobooting by pressing Enter when prompted. 3. Configure the bootargs and bootcmd for OpenWrt. $ setenv bootargs_openwrt "setenv bootargs console=ttyMSM0,9600n8" $ setenv nandboot_openwrt "run bootargs_openwrt; ubi part aos1; ubi read 0x85000000 kernel; set fdt_high 0x87000000; bootm 0x85000000" $ setenv ramboot_openwrt "run bootargs_openwrt; setenv ipaddr 192.168.1.105; setenv serverip 192.168.1.75; netget; set fdt_high 0x87000000; bootm" $ setenv bootcmd "run nandboot_openwrt" $ saveenv 4. Load OpenWrt into RAM: $ run ramboot_openwrt 5. After OpenWrt booted, transfer the OpenWrt sysupgrade image to the /tmp folder on the device. You will need to plug into E1-E3 ports of the access point to reach OpenWrt, as E0 is the WAN port of the device. 6. Flash OpenWrt: $ ubidetach -p /dev/mtd16 $ ubiformat /dev/mtd16 $ sysupgrade -n /tmp/openwrt-sysupgrade.bin To go back to the stock firmware, simply reset the bootcmd in the bootloader to the original value: $ setenv bootcmd "boot" $ saveenv Signed-off-by: David Bauer <mail@david-bauer.net>
* ath79: add support for Ubiquiti EdgeSwitch/ToughSwitch 5XPTobias Schramm2020-01-143-0/+88
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Ubiquiti ToughSwitch 5XP is a 5-port PoE Gigabit switch with a single Fast-Ethernet management port. It supports both 24V passive PoE out on all five ports. Flash: 8 MB RAM: 64 MB SoC: AR7242 Switch: ar8327 USB: 1x USB 2.0 Ethernet: 5x GbE, 1x FE Installation of the firmware is possible either via serial + tftpboot or the factory firmware update function via webinterface. By default the single Fast-Ethernet port labeled "MGMT" is configured as the WAN port. Thus access to the device is only possible via the five switch ports. Serial: 3v3 115200 8n1 The serial header is located in the lower left corner of the switches PCB: ``` | | | | o | o RX | o TX | o GND | | ++ +-++-+ ++ ++ + +--+ ++ +--++--++--+ ``` Signed-off-by: Tobias Schramm <tobleminer@gmail.com> [remove ubnt,sw compatible - fix spelling - wrap commit message - remove superfluous phy-mode property] Signed-off-by: David Bauer <mail@david-bauer.net>
* ath79: add generic dtsi for Ubiquiti SW boardsTobias Schramm2020-01-142-133/+143
| | | | | | Signed-off-by: Tobias Schramm <tobleminer@gmail.com> [remove ubnt,sw compatible] Signed-off-by: David Bauer <mail@david-bauer.net>
* ramips: mt7621: disable images for gehua_ghl-r-001Petr Štetiar2020-01-141-0/+1
| | | | | | | | | | This device OOPs during the boot due to broken flash. It can be probably fixed with `broken-flash-reset` once ramips is on 4.19 kernel. So disable images for this device until its fixed. Ref: FS#2695, PR#2483 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* base-files: use jshn lib for ubus sysupgrade argument generationFlorian Eckert2020-01-141-14/+11
| | | | | | | | With this change the well known jshn library will be used, to build the json arguments for the ubus sysupgrade method. This is also used in all other shell program that uses JSON. This commit unifies that. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* rpcd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | This activates PIE ASLR support by default when the regular option is selected. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* odhcpd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: odhcpd-ipv6only Installed-Size: 36821 -> 38216 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: procd Installed-Size: 44931 -> 47362 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ubus: activate PIE ASLR by defaultPetr Štetiar2020-01-141-1/+2
| | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: ubus Installed-Size: 5602 -> 5950 ubusd Installed-Size: 11643 -> 12119 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* uhttpd: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 39% uncompressed and 21% compressed on MIPS BE. old: 33,189 /usr/sbin/uhttpd 23,016 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk new: 46,212 /usr/sbin/uhttpd 27,979 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* hostapd: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 26% uncompressed and 16% compressed on MIPS BE. old: 460,933 /usr/sbin/wpad 283,891 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk new: 584,508 /usr/sbin/wpad 330,281 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* dropbear: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 18% uncompressed and 17% compressed on MIPS BE. old: 164,261 /usr/sbin/dropbear 85,648 dropbear_2019.78-2_mips_24kc.ipk new: 194,492 /usr/sbin/dropbear 100,309 dropbear_2019.78-2_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* dnsmasq: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 37% uncompressed and 18% compressed on MIPS BE. old: 146,933 /usr/sbin/dnsmasq 101,837 dnsmasq_2.80-14_mips_24kc.ipk new: 202,020 /usr/sbin/dnsmasq 120,577 dnsmasq_2.80-14_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* buildsystem: Make PIE ASLR option tristateHauke Mehrtens2020-01-132-5/+26
| | | | | | | | | | | | | | | | | | | | | | | | This tristate choose allows to select to build only some applications with PIE enabled. On MIPS binaries are getting about 30% bigger when PIE is activated for the, which is a huge increase. Network exposed applications like dnsmasq should then be build with PIE enabled, but some applications which are normally not parsing data from the network do not have it activated. The regular option should give a good trade off between extra flash and RAM memory usage and security. This changes the default from building no applications with PIE to build some specifically marked applications with PIE enabled. This option is only activated for targets with bigger flash and RAM to not consume extra memory on the very small targets. On SDK builds the Regular option should always be selected, because some tiny targets share the applications with big targets and only the images for the tiny targets should contain the none PIE applications, but the images for the normal targets should use PIE. The shared packages should always use PIE when it should be normally activated. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* ethtool: bump to 5.4Hans Dedecker2020-01-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7dc0af7 Release version 5.4. 914912e ethtool: add 0x16 and 0x1c extended compliance codes 600b779 ethtool: mark 10G Base-ER as SFF-8472 revision 10.4 onwards 696565d ethtool: correctly interpret bitrate of 255 2941970 fix unused parameter warning in e1000_get_mac_type() 5e814f2 fix unused parameter warning in fjes_dump_regs() b1a5279 fix unused parameter warning in ixgb_dump_regs() 6608751 fix unused parameter warning in ibm_emac_dump_regs() 1c30119 fix unused parameter warning in et131x_dump_regs() a56aba4 fix unused parameter warning in amd8111e_dump_regs() f40d32d fix unused parameter warning in fec_dump_regs() 8b84f1a fix unused parameter warning in at76c50x_usb_dump_regs() f725f5a fix unused parameter warning in smsc911x_dump_regs() a12cd66 fix unused parameter warning in e1000_dump_regs() e058656 fix unused parameter warning in igb_dump_regs() debac02 fix unused parameter warning in de2104[01]_dump_regs() d434eea fix unused parameter warning in e100_dump_regs() 8df12f3 fix unused parameter warning in vioc_dump_regs() 92d716b fix unused parameter warning in tg3_dump_{eeprom, regs}() 211c99e fix unused parameter warning in fec_8xx_dump_regs() 362fb8b fix unused parameter warning in ixgbevf_dump_regs() 87903c2 fix unused parameter warning in st_{mac100, gmac}_dump_regs() c1eaddf fix unused parameter warning in vmxnet3_dump_regs() 313c9f8 fix unused parameter warning in dsa_dump_regs() 183e8a2 fix unused parameter warning in {skge, sky2}_dump_regs() 7f84c13 fix unused parameter warning in lan78xx_dump_regs() 02d0aaa fix unused parameter warning in realtek_dump_regs() 726d607 fix unused parameter warning in ixgbe_dump_regs() 967177c fix unused parameter warning in netsemi_dump_eeprom() 710a414 fix unused parameter warning in natsemi_dump_regs() 283398a fix unused parameter warning in print_simple_table() 0404267 fix unused parameter warning in sfc_dump_regs() 57c7298 fix unused parameter warning in altera_tse_dump_regs() 302e91a fix unused parameter warning in dump_eeprom() 2054a8c fix unused parameter warning in find_option() d5432a9 fix unused parameter warnings in do_version() and show_usage() c430e75 fix arithmetic on pointer to void is a GNU extension warning e568431 ethtool: implement support for Energy Detect Power Down e391f4c ethtool: sync ethtool-copy.h: adds support for EDPD Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netfilter: add back nft_hashDavid Bauer2020-01-121-0/+1
| | | | | | | | | | | nft_hash hash falsely removed in commit 97940f876616 ("kernel: remove obsolete kernel version switches"). Add the module back, as otherwise the build fails. Fixes: 97940f876616 ("kernel: remove obsolete kernel version switches") Signed-off-by: David Bauer <mail@david-bauer.net>
* kernel: remove obsolete kernel version switchesAdrian Schmutzler2020-01-1218-113/+69
| | | | | | | | | After kernel 4.9 has been removed, this removes all (now obsolete) kernel version switches that deal with versions before 4.14. Package kmod-crypto-iv is empty now and thus removed entirely. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* generic: update config-4.14David Bauer2020-01-121-0/+3
| | | | | | | | Builds for kenrel 4.14 targetswere failing because of missing symbols for the B53 swconfig driver. Fixes: 313bde53ce944 ("generic: update config-4.19") Signed-off-by: David Bauer <mail@david-bauer.net>
* ipq40xx: add support for EZVIZ CS-W3-WD1200G EUPTom Brouwer2020-01-129-1/+277
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hardware: SOC: Qualcomm IPQ4018 RAM: 128 MB Nanya NT5CC64M16GP-DI FLASH: 16 MB Macronix MX25L12805D ETH: Qualcomm QCA8075 (4 Gigabit ports, 3xLAN, 1xWAN) WLAN: Qualcomm IPQ4018 (2.4 & 5 Ghz) BUTTON: Shared WPS/Reset button LED: RGB Status/Power LED SERIAL: Header J8 (UART, Left side of board). Numbered from top to bottom: (1) GND, (2) TX, (3) RX, (4) VCC (White triangle next to it). 3.3v, 115200, 8N1 Tested/Working: * Ethernet * WiFi (2.4 and 5GHz) * Status LED * Reset Button (See note below) Implementation notes: * The shared WPS/Reset button is implemented as a Reset button * I could not find a original firmware image to reverse engineer, meaning currently it's not possible to flash OpenWrt through the Web GUI. Installation (Through Serial console & TFTP): 1. Set your PC to fixed IP 192.168.1.12, Netmask 255.255.255.0, and connect to one of the LAN ports 2. Rename the initramfs image to 'C0A8010B.img' and enable a TFTP server on your pc, to serve the image 2. Connect to the router through serial (See connection properties above) 3. Hit a key during startup, to pause startup 4. type `setenv serverip 192.168.1.12`, to set the tftp server address 5. type `tftpboot`, to load the image from the laptop through tftp 6. type `bootm` to run the loaded image from memory 6. (If you want to return to stock firmware later, create an full MTD backup, e.g. using instructions here https://openwrt.org/docs/guide-user/installation/generic.backup#create_full_mtd_backup) 7. Transfer the 'sysupgrade' OpenWrt firmware image from PC to router, e.g.: `scp xxx-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/upgrade.bin` 8. Run sysupgrade to permanently install OpenWrt to flash: `sysupgrade -n /tmp/upgrade.bin` Revert to stock: To revert to stock, you need the MTD backup from step 6 above: 1. Unpack the MTD backup archive 2. Transfer the 'firmware' partition image to the router (e.g. mtd8_firmware.backup) 3. On the router, do `mtd write mtd8_firmware.backup firmware` Signed-off-by: Tom Brouwer <tombrouwer@outlook.com> [removed BOARD_NAME, OpenWRT->OpenWrt, changed LED device name to board name] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ipq40xx: fix usbport trigger on the RT-AC58U with USB 2.0 devicesChristian Lamparter2020-01-122-2/+12
| | | | | | | | | | This patch partially reverts "ipq40xx: remove unnecessary usb nodes in DTS for ASUS RT-AC58U" as the change removed the usb2 port-trigger, so the LED would no longer light-up when a USB 2.0 was inserted into the USB port. Fixes: d0efb1ba95f3 ("ipq40xx: remove unnecessary usb nodes in DTS for ASUS RT-AC58U") Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ath79: add support for Ubiquiti ToughSwitch/EdgeSwitch 8XPTobias Schramm2020-01-123-0/+334
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Flash: 8 MB RAM: 64 MB SoC: AR7242 Switch: bcm53128 USB: 1x USB 2.0 Ethernet: 8x GbE, 1x FE The Ubiquiti ToughSwitch 8XP is a 8-port PoE Gigabit switch with a single Fast-Ethernet management port. It supports both 24V passive PoE and 48V 802.11af/at PoE out on all eight ports. By default the single Fast-Ethernet port labeled "MGMT" is configured as the WAN port. Thus access to the device is only possible via the eight switch ports. Installation of the firware is possible either via serial + tftpboot or the factory firmware update function via webinterface. Serial: 3v3 115200 8n1 The serial header is located in the lower left corner of the switches PCB: | | | | o | o RX | o TX | o GND | | ++ +-++-+ ++ ++ + +--+ ++ +--++--++--+ Signed-off-by: Tobias Schramm <tobleminer@gmail.com> [fix whitespace issue] Signed-off-by: David Bauer <mail@david-bauer.net>
* generic: update config-4.19Tobias Schramm2020-01-121-0/+3
| | | | | | config was missing some SWCONFIG_B53 options Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
* kernel: add kmod packages for Broadcom bcm53xxx switch supportTobias Schramm2020-01-121-0/+30
| | | | Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
* ath79: add support for Ubiquiti SW devicesTobias Schramm2020-01-121-0/+12
| | | | | | | SW devices are Ubiquit ToughSwitch and EdgeSwitch series devices. Hardware-wise they are very similar to the XM device series. Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
* firmware-utils: mkfwimage: add support for Ubiquiti SW devicesTobias Schramm2020-01-121-0/+9
| | | | | | | | This commit adds support for Ubiquiti ToughSwitch XP (and probably also EdgeSwitch XP) devices. They are mostly based on the same hardware as MX devices. Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
* swconfig: fix Broadcom b53 supportTobias Schramm2020-01-122-0/+33
| | | | | | | | | This commit fixes a bug in the main swconfig patch where a function needed by the b53 driver is not exported. Additionally it adds OF support to the b53_mdio driver for devicetree- based probing Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
* kmod-sched-cake: bump to 20200110Kevin Darbyshire-Bryant2020-01-111-2/+2
| | | | | | | | | | | | | | | | | Keep up with a small amount of churn in the upstream repository. Upstream now represents the version of CAKE as found in the linux kernel from 4.19 onwards but with some compatibility stubs to allow building on <4.19. After a diversion related to an experimental ECN implementation which has now been reverted, the important and relevant changes for us are: 8a8946b sch_cake: avoid possible divide by zero in cake_enqueue() 183b320 RFC 8622 diffserv3, 4 & 8 LE PHB support 6ff4561 sch_cake: Make sure we can write the IP header before changing DSCP bits 9fba602 sch_cake: Use tc_skb_protocol for getting packet protocol Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* ath79: gl-ar750s: reduce kernel size to 2M in image MakefileChuanhong Guo2020-01-111-1/+1
| | | | | | | | | | | | | | | | u-boot splits nand factory firmware at 2M offset, flash the first part as kernel into spi nor and the other part as ubi into nand flash. With previous commit increasing kernel size to 4M, generated factory firmware is broken because ubi is at 4M offset. This commit reduces kernel size definition to 2M in image Makefile, producing proper factory image. Partition size in dts is kept unchanged so that sysupgrade to a firmware with 2M+ kernel still works. Fixes: b496a2294c ("ath79: GL-AR750S: provide NAND support; increase kernel to 4 MB") Reported-by: Jeff Kletsky <git-commits@allycomm.com> Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* wireguard-tools: bump to 1.0.20200102Jason A. Donenfeld2020-01-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * systemd: update documentation URL * global: bump copyright Usual house keeping. * Makefile: DEBUG_TOOLS -> DEBUG and document * Makefile: port static analysis check * dns-hatchet: adjust path for new repo layout * Makefile: rework automatic version.h mangling These are some important-ish cleanups for downstream package maintainers that should make packaging this a lot smoother. * man: add documentation about removing explicit listen-port Documentation improvement. * wg-quick: linux: quote ifname for nft This should fix issues with weirdly named ifnames and odd versions of nft(8). * fuzz: find bugs in the config syntax parser * fuzz: find bugs when parsing uapi input These are two fuzzers that have been laying around without a repo for a while. Perhaps somebody with enough compute power will find bugs with them. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard: bump to 0.0.20200105Jason A. Donenfeld2020-01-091-2/+2
| | | | | | | | | | | | | | | | | | | * socket: mark skbs as not on list when receiving via gro Certain drivers will pass gro skbs to udp, at which point the udp driver simply iterates through them and passes them off to encap_rcv, which is where we pick up. At the moment, we're not attempting to coalesce these into bundles, but we also don't want to wind up having cascaded lists of skbs treated separately. The right behavior here, then, is to just mark each incoming one as not on a list. This can be seen in practice, for example, with Qualcomm's rmnet_perf driver. This lead to crashes on OnePlus devices and possibly other Qualcomm 4.14 devices. But I fear that it could lead to issues on other drivers on weird OpenWRT routers. This commit is upstream in net-next as: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=736775d06bac60d7a353e405398b48b2bd8b1e54 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ramips: add support for TP-Link Archer C20 v5Maxim Anisimov2020-01-095-1/+118
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TP-Link Archer C20 v5 is a router with 5-port FE switch and non-detachable antennas. It's based on MediaTek MT7628N+MT7610EN. Specification: - MediaTek MT7628N/N (580 Mhz) - 64 MB of RAM - 8 MB of FLASH - 2T2R 2.4 GHz and 1T1R 5 GHz - 5x 10/100 Mbps Ethernet - 3x external, non-detachable antennas - UART (J1) header on PCB (115200 8n1) - 7x LED (GPIO-controlled*), 2x button, power input switch * WAN LED in this devices is a dual-color, dual-leads type which isn't (fully) supported by gpio-leds driver. This type of LED requires both GPIOs state change at the same time to select color or turn it off. For now, we support/use only the green part of the LED. Create Factory image -------------------- As all installation methods require a U-Boot to be integrated into the Image (and we do not ship one with the image) we are not able to create an image in the OpenWRT build-process. Download a TP-Link image from their Website and a OpenWRT sysupgrade image for the device and build yourself a factory image like following: TP-Link image: tpl.bin OpenWRT sysupgrade image: owrt.bin > dd if=tpl.bin of=boot.bin bs=131584 count=1 > cat owrt.bin >> boot.bin Installing via Web-UI --------------------- Upload the boot.bin via TP-Links firmware upgrade tool in the web-interface. Installing via Recovery ----------------------- Activate Web-Recovery by beginning the upgrade Process with a Firmware-Image from TP-Link. After starting the Firmware Upgrade, wait ~3 seconds (When update status is switching to 0%), then disconnect the power supply from the device. Upgrade flag (which activates Web-Recovery) is written before the OS-image is touched and removed after write is succesfull, so this procedure should be safe. Plug the power back in. It will come up in Recovery-Mode on 192.168.0.1. When active, all LEDs but the WPS LED are off. Remeber to assign yourself a static IP-address as DHCP is not active in this mode. The boot.bin can now be uploaded and flashed using the web-recovery. Installing via TFTP ------------------- Prepare an image like following (Filenames from factory image steps apply here) > dd if=/dev/zero of=tp_recovery.bin bs=196608 count=1 > dd if=tpl.bin of=tmp.bin bs=131584 count=1 > dd if=tmp.bin of=boot.bin bs=512 skip=1 > cat boot.bin >> tp_recovery.bin > cat owrt.bin >> tp_recovery.bin Place tp_recovery.bin in root directory of TFTP server and listen on 192.168.0.66/24. Connect router LAN ports with your computer and power up the router while pressing the reset button. The router will download the image via tftp and after ~1 Minute reboot into OpenWRT. U-Boot CLI ---------- U-Boot CLI can be activated by holding down '4' on bootup. Dual U-Boot ----------- This is TP-Link MediaTek device with a split-uboot feature design like a TP-Link Archer C50 v4. The first (factory-uboot) provides recovery via TFTP and HTTP, jumping straight into the second (firmware-uboot) if no recovery needs to be performed. The firmware-uboot unpacks and executed the kernel. Web-Recovery ------------ TP-Link integrated a new Web-Recovery like the one on the Archer C7v4 / TL-WR1043v5 / Archer C50v4. Stock-firmware sets a flag in the "romfile" partition before beginning to write and removes it afterwards. If the router boots with this flag set, bootloader will automatically start Web-recovery and listens on 192.168.0.1. This way, the vendor-firmware or an OpenWRT factory image can be written. By doing the same while performing sysupgrade, we can take advantage of the Web-recovery in OpenWRT. It is important to note that Web-Recovery is only based on this flag. It can't detect e.g. a crashing kernel or other means. Once activated it won't boot the OS before a recovery action (either via TFTP or HTTP) is performed. This recovery-mode is indicated by an illuminated WPS-LED on boot. Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com> [adjust some node names for LEDs in DTS] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ramips: fix leds for TP-Link Archer C20 v4Maxim Anisimov2020-01-092-2/+3
| | | | | | | | | | - add "gpio" group for wan_orange led - use tpt triggers for wifi led indication - add wifi 5 GHz led support Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com> [slight commit message adjustment] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* dnsmasq: add uci-defaults script for config migrationDaniel Golle2020-01-092-1/+9
| | | | | | | | | When running sysupgrade from an existing configuration, UCI option dhcp.@dnsmasq[0].resolvfile needs to be modified in case it has not been changed from it's original value. Accomplish that using a uci-defaults script. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ramips: disable image build for HiWiFi HC5962David Bauer2020-01-091-0/+2
| | | | | | | | Image builds for the ramips-mt7621 target currently fail with: > WARNING: Image file ./hiwifi_hc5962-kernel.bin is too big Disable this board for now. It can still be built using the SDK. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: disable ft_psk_generate_local for non-PSK networksDavid Bauer2020-01-091-1/+9
| | | | | | | | | | | | Without this commit, ft_psk_generate_local is enabled for non-PSK networks by default. This breaks 802.11r for EAP networks. Disable ft_psk_generate_local by default for non-PSK networks resolves this misbehavior. Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net> Signed-off-by: David Bauer <mail@david-bauer.net> Tested-by: Martin Weinelt <martin@darmstadt.freifunk.net>
* kernel: remove support for kernel 4.9Adrian Schmutzler2020-01-08224-36557/+0
| | | | | | No target uses kernel 4.9 anymore. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ixp4xx: remove unmaintained targetAdrian Schmutzler2020-01-0873-11031/+0
| | | | | | | | | | | This target is still on kernel 4.9, and it looks like there is no active maintainer for this target anymore. Remove the code and all the packages which are only used by this target. To add this target to OpenWrt again port it to a recent and supported kernel version. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* orion: remove unmaintained targetAdrian Schmutzler2020-01-0818-1552/+0
| | | | | | | | | | | This target seems to have been unmaintained for quite a while, and not a single tester for the (now outdated) kernel 4.14 patches has been found. Remove the code and all the packages which are only used by this target. To add this target to OpenWrt again port it to a recent and supported kernel version. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ar7: remove unmaintained targetAdrian Schmutzler2020-01-0868-11820/+1
| | | | | | | | | | | This target seems to have been unmaintained for quite a while, and not a single tester for the (now outdated) kernel 4.14 patches has been found. Remove the code and all the packages which are only used by this target. To add this target to OpenWrt again port it to a recent and supported kernel version. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* orion: update kernel to version 4.14Hauke Mehrtens2020-01-089-42/+59
| | | | | | | | | | | | | This adds support for kernel 4.14 to the target and directly make it the default kernel version to use. This patch is build-tested only, but has never been device-tested. It is only added to preserve the changes in Git history prior to removing this target. Use it with care. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> [rebased and extended commit message, refreshed patches for 4.14.162] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* orion: refresh kernel configurationHauke Mehrtens2020-01-082-22/+41
| | | | | | | The configuration of the generic subtarget was used as the default configuration and then the subtarget configurations were adapted. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>