aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* qosify: update to the latest versionFelix Fietkau2022-02-101-3/+3
| | | | | | | | e230e71e0a12 map: fix copy-paste error in codepoints map 580d2ccf89f3 bpf: declare tcp_ports/udp_ports without typedef 8d6c19a81f3f ubus: fix a use-after-free bug Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ucode: update to latest Git HEADJo-Philipp Wich2022-02-081-4/+4
| | | | | | a317c17 compiler: fix incorrect loop break targets Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wireguard-tools: allow generating private_keyLeonardo Mörlein2022-02-081-0/+19
| | | | | | | | | | When the uci configuration is created automatically during a very early stage, where no entropy daemon is set up, generating the key directly is not an option. Therefore we allow to set the private_key to "generate" and generate the private key directly before the interface is taken up. Signed-off-by: Leonardo Mörlein <me@irrelefant.net> Tested-by: Jan-Niklas Burfeind <git@aiyionpri.me>
* hostapd: refresh patchesDavid Bauer2022-02-0830-132/+132
| | | | | | Refresh patches after updating to hostapd v2.10. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: update to v2.10David Bauer2022-02-089-447/+57
| | | | | | | | | | | | | | | | | | Upstreamed patches: 020-mesh-make-forwarding-configurable.patch e6db1bc5da3fd7d5f4dba24aa102543b4749912f 550-WNM-allow-specifying-dialog-token.patch 979f19716539362f8ce60a77bf1b88fdcf5ba8e5 720-ACS-fix-channel-100-frequency.patch 2341585c349231af00cdef8d51458df01bc6965f 741-proxyarp-fix-compilation-with-Hotspot-2.0-disabled.patch 08bdf4f90de61a84ed8f4dd918272dd9d36e2e1f Compile-tested: wpad-wolfssl hostapd-openssl Run-tested: ath79-generic Signed-off-by: David Bauer <mail@david-bauer.net> Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-02-071-3/+3
| | | | | | | a0518b6 fw4: gracefully handle unsupported hardware offloading ac99eba init: fix boot action in init script Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: automatically calculate channel center freq on chan_switchFelix Fietkau2022-02-071-0/+34
| | | | | | Simplifies switching to different channels when on >= VHT80 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* rpcd: update to latest Git HEADJo-Philipp Wich2022-02-071-5/+6
| | | | | | | | | 909f2a0 ucode: adjust to latest ucode api 4c532bf ucode: add ucode interpreter plugin 9c6ba38 treewide: adjust ubus object type names 75a96dc build: honour CMake install prefix in hardcoded paths Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: update to latest Git HEADJo-Philipp Wich2022-02-073-9/+56
| | | | | | | | | | | | | 2f8b136 main: fix leaking -p/-s argument values 881fd3b ucode: adjust to latest ucode api 8b2868e file: specify UTF-8 as charset for dirlists, add option to override 3a5bd84 main: add ucode options to help text 16aa142 examples: add ucode handler example 3ceccd0 ucode: add ucode plugin support f0f1406 examples: add example Lua handler script 9e87095 listen: avoid invalid memory access Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-02-071-3/+3
| | | | | | | | | | | | | b54f462 fw4: parse traffic rules before forwarding rules 4d5af8b fw4: consolidate helper code 300c737 fw4: fix applying zone family restrictions to forwardings eb9c25a tests: implement fs.opendir() mock interface d30ff48 tests: fix mocked fs.popen() trace log 52831a0 fw4: improve flowtable handling 7cb10c8 fw4: disable "flow_offloading_hw" option for now b2241a1 fw4: fix enabling NAT reflection rules for DNATs without explicit family Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucode: update to latest Git HEADJo-Philipp Wich2022-02-071-3/+3
| | | | | | | | | | | | | | | | | | | | | 11adf0c source: convert source objects into proper uc_value_t type 3a49192 treewide: rework function memory model 7edad5c tests: add functional tests for builtin functions d5003fd lib: fix leaking tokener in uc_json() on parse exception 5d0ecd9 lib: fix infinite loop on empty regexp matches in uc_replace() 3ad57f1 lib: fix infinite loop on empty regexp matches in uc_match() 32d596d lib: fix infinite loop on empty regexp matches in uc_split() 3e3f38d vm: ensure consistent trace output between gcc and clang compiled ucode 3600ded vm: fix leaking function value on call exception 3059295 vm: NULL-initialize pointer to make cppcheck happy 98e59bf source: zero-initialize conversion union to make cppcheck happy 7a65c14 run_tests.sh: change workdir to testcase directory during execution afec8d7 run_tests.sh: support placing supplemental testcase files 3ada6e0 run_tests.sh: always treat outputs as text data 2cb627f program: rename bytecode load/write functions, track path of executed file 1094ffa lib: fix memory leak in uc_require_ucode() Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to latest Git HEADJo-Philipp Wich2022-02-071-3/+3
| | | | | | | | | fd4c9e1 system-linux: expose hw-tc-offload ethtool feature in device status dump 3d76f2e system-linux: add wrapper function for creating link config messages 88af2f1 system-linux: delete bridge devices using netlink 85c3548 system-linux: create bridge devices using netlink Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ramips: add support for Xiaomi Mi Router CR660x seriesRaymond Wang2022-02-071-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Xiaomi Mi Router CR6606 is a Wi-Fi6 AX1800 Router with 4 GbE Ports. Alongside the general model, it has three carrier customized models: CR6606 (China Unicom), CR6608 (China Mobile), CR6609 (China Telecom) Specifications: - SoC: MediaTek MT7621AT - RAM: 256MB DDR3 (ESMT M15T2G16128A) - Flash: 128MB NAND (ESMT F59L1G81MB) - Ethernet: 1000Base-T x4 (MT7530 SoC) - WLAN: 2x2 2.4GHz 574Mbps + 2x2 5GHz 1201Mbps (MT7905DAN + MT7975DN) - LEDs: System (Blue, Yellow), Internet (Blue, Yellow) - Buttons: Reset, WPS - UART: through-hole on PCB ([VCC 3.3v](RX)(GND)(TX) 115200, 8n1) - Power: 12VDC, 1A Jailbreak Notes: 1. Get shell access. 1.1. Get yourself a wireless router that runs OpenWrt already. 1.2. On the OpenWrt router: 1.2.1. Access its console. 1.2.2. Create and edit /usr/lib/lua/luci/controller/admin/xqsystem.lua with the following code (exclude backquotes and line no.): ``` 1 module("luci.controller.admin.xqsystem", package.seeall) 2 3 function index() 4 local page = node("api") 5 page.target = firstchild() 6 page.title = ("") 7 page.order = 100 8 page.index = true 9 page = node("api","xqsystem") 10 page.target = firstchild() 11 page.title = ("") 12 page.order = 100 13 page.index = true 14 entry({"api", "xqsystem", "token"}, call("getToken"), (""), 103, 0x08) 15 end 16 17 local LuciHttp = require("luci.http") 18 19 function getToken() 20 local result = {} 21 result["code"] = 0 22 result["token"] = "; nvram set ssh_en=1; nvram commit; sed -i 's/channel=.*/channel=\"debug\"/g' /etc/init.d/dropbear; /etc/init.d/drop bear start;" 23 LuciHttp.write_json(result) 24 end ``` 1.2.3. Browse http://{OWRT_ADDR}/cgi-bin/luci/api/xqsystem/token It should give you a respond like this: {"code":0,"token":"; nvram set ssh_en=1; nvram commit; ..."} If so, continue; Otherwise, check the file, reboot the rout- er, try again. 1.2.4. Set wireless network interface's IP to 169.254.31.1, turn off DHCP of wireless interface's zone. 1.2.5. Connect to the router wirelessly, manually set your access device's IP to 169.254.31.3, make sure http://169.254.31.1/cgi-bin/luci/api/xqsystem/token still have a similar result as 1.2.3 shows. 1.3. On the Xiaomi CR660x: 1.3.1. Login to the web interface. Your would be directed to a page with URL like this: http://{ROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/web/home#r- outer 1.3.2. Browse this URL with {STOK} from 1.3.1, {WIFI_NAME} {PASSWORD} be your OpenWrt router's SSID and password: http://{MIROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/api/misy- stem/extendwifi_connect?ssid={WIFI_NAME}&password={PASSWO- RD} It should return 0. 1.3.3. Browse this URL with {STOK} from 1.3.1: http://{MIROUTER_ADDR}/cgi-bin/luci/;stok={STOK}/api/xqsy- stem/oneclick_get_remote_token?username=xxx&password=xxx&- nonce=xxx 1.4. Before rebooting, you can now access your CR660x via SSH. For CR6606, you can calculate your root password by this project: https://github.com/wfjsw/xiaoqiang-root-password, or at https://www.oxygen7.cn/miwifi. The root password for carrier-specific models should be the admi- nistration password or the default login password on the label. It is also feasible to change the root password at the same time by modifying the script from step 1.2.2. You can treat OpenWrt Router however you like from this point as long as you don't mind go through this again if you have to expl- oit it again. If you do have to and left your OpenWrt router unt- ouched, start from 1.3. 2. There's no official binary firmware available, and if you lose the content of your flash, no one except Xiaomi can help you. Dump these partitions in case you need them: "Bootloader" "Nvram" "Bdata" "crash" "crash_log" "firmware" "firmware1" "overlay" "obr" Find the corespond block device from /proc/mtd Read from read-only block device to avoid misoperation. It's recommended to use /tmp/syslogbackup/ as destination, since files would be available at http://{ROUTER_ADDR}/backup/log/YOUR_DUMP Keep an eye on memory usage though. 3. Since UART access is locked ootb, you should get UART access by modify uboot env. Otherwise, your router may become bricked. Excute these in stock firmware shell: a. nvram set boot_wait=on b. nvram set bootdelay=3 c. nvram commit Or in OpenWrt: a. opkg update && opkg install kmod-mtd-rw b. insmod mtd-rw i_want_a_brick=1 c. fw_setenv boot_wait on d. fw_setenv bootdelay 3 e. rmmod mtd-rw Migrate to OpenWrt: 1. Transfer squashfs-firmware.bin to the router. 2. nvram set flag_try_sys1_failed=0 3. nvram set flag_try_sys2_failed=1 4. nvram commit 5. mtd -r write /path/to/image/squashfs-firmware.bin firmware Additional Info: 1. CR660x series routers has a different nand layout compared to other Xiaomi nand devices. 2. This router has a relatively fresh uboot (2018.09) compared to other Xiaomi devices, and it is capable of booting fit image firmware. Unfortunately, no successful attempt of booting OpenWrt fit image were made so far. The cause is still yet to be known. For now, we use legacy image instead. Signed-off-by: Raymond Wang <infiwang@pm.me>
* ath79: add partial support for Netgear EX7300v2Wenli Looi2022-02-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hardware -------- SoC: QCN5502 Flash: 16 MiB RAM: 128 MiB Ethernet: 1 gigabit port Wireless No1: QCN5502 on-chip 2.4GHz 4x4 Wireless No2: QCA9984 pcie 5GHz 4x4 USB: none Installation ------------ Flash the factory image using the stock web interface or TFTP the factory image to the bootloader. What works ---------- - LEDs - Ethernet port - 5GHz wifi (QCA9984 pcie) What doesn't work ----------------- - 2.4GHz wifi (QCN5502 on-chip) (I was not able to make this work, probably because ath9k requires some changes to support QCN5502.) Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
* base-files: replace fgrep with grep -FRosen Penev2022-02-061-1/+1
| | | | | | | fgrep is deprecated and replaced by grep -F. The latter is used throughout the tree whereas this is the only usage of the former. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* kernel: bpf-headers: fix build error when testing kernel is usedAnsuel Smith2022-02-061-0/+3
| | | | | | | | | | | | Now that we have separate files for each kernel version, only the version/hash for the target kernel are available. This cause a missing hash error (and wrong kernel version) for bpf-headers when a testing kernel version is used for the current target. Fix this error by manually including the kernel version/hash file for the specific kernel version requested. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* util-linux: package ipcs commandStijn Tintel2022-02-051-0/+18
| | | | | | | Add a package for util-linux' ipcs command, to show information about System V inter-process communication facilities. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ath79: support ZTE MF286Lech Perczak2022-02-051-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ZTE MF286 is an indoor LTE category 6 CPE router with simultaneous dual-band 802.11ac plus 802.11n Wi-Fi radios and quad-port gigabit Ethernet switch, FXS and external USB 2.0 port. Hardware highlights: - CPU: QCA9563 SoC at 775MHz, - RAM: 128MB DDR2, - NOR Flash: MX25L1606E 2MB SPI Flash, for U-boot only, - NAND Flash: GD5F1G04UBYIG 128MB SPI NAND-Flash, for all other data, - Wi-Fi 5GHz: QCA9882 2x2 MIMO 802.11ac radio, - WI-Fi 2.4GHz: QCA9563 3x3 MIMO 802.11n radio, - Switch: QCA8337v2 4-port gigabit Ethernet, with single SGMII CPU port, - WWAN: MDM9230-based category 6 internal LTE modem in extended mini-PCIE form factor, with 3 internal antennas and 2 external antenna connections, single mini-SIM slot. Modem model identified as MF270, - FXS: one external ATA port (handled entirely by modem part) with two physical connections in parallel, - USB: Single external USB 2.0 port, - Switches: power switch, WPS, Wi-Fi and reset buttons, - LEDs: Wi-Fi, Test (internal). Rest of LEDs (Phone, WWAN, Battery, Signal state) handled entirely by modem. 4 link status LEDs handled by the switch on the backside. - Battery: 3Ah 1-cell Li-Ion replaceable battery, with charging and monitoring handled by modem. - Label MAC device: eth0 Console connection: connector X2 is the console port, with the following pinout, starting from pin 1, which is the topmost pin when the board is upright: - VCC (3.3V). Do not use unless you need to source power for the converer from it. - TX - RX - GND Default port configuration in U-boot as well as in stock firmware is 115200-8-N-1. Installation: Due to different flash layout from stock firmware, sysupgrade from within stock firmware is impossible, despite it's based on QSDK which itself is based on OpenWrt. STEP 0: Stock firmware update: As installing OpenWrt cuts you off from official firmware updates for the modem part, it is recommended to update the stock firmware to latest version before installation, to have built-in modem at the latest firmware version. STEP 1: gaining root shell: Method 1: This works if busybox has telnetd compiled in the binary. If this does not work, try method 2. Using well-known exploit to start telnetd on your router - works only if Busybox on stock firmware has telnetd included: - Open stock firmware web interface - Navigate to "URL filtering" section by going to "Advanced settings", then "Firewall" and finally "URL filter". - Add an entry ending with "&&telnetd&&", for example "http://hostname/&&telnetd&&". - telnetd will immediately listen on port 4719. - After connecting to telnetd use "admin/admin" as credentials. Method 2: This works if busybox does not have telnetd compiled in. Notably, this is the case in DNA.fi firmware. If this does not work, try method 3. - Set IP of your computer to 192.168.1.22. - Have a TFTP server running at that address - Download MIPS build of busybox including telnetd, for example from: https://busybox.net/downloads/binaries/1.21.1/busybox-mips and put it in it's root directory. Rename it as "telnetd". - As previously, login to router's web UI and navigate to "URL filtering" - Using "Inspect" feature, extend "maxlength" property of the input field named "addURLFilter", so it looks like this: <input type="text" name="addURLFilter" id="addURLFilter" maxlength="332" class="required form-control"> - Stay on the page - do not navigate anywhere - Enter "http://aa&zte_debug.sh 192.168.1.22 telnetd" as a filter. - Save the settings. This will download the telnetd binary over tftp and execute it. You should be able to log in at port 23, using "admin/admin" as credentials. Method 3: If the above doesn't work, use the serial console - it exposes root shell directly without need for login. Some stock firmwares, notably one from finnish DNA operator lack telnetd in their builds. STEP 2: Backing up original software: As the stock firmware may be customized by the carrier and is not officially available in the Internet, IT IS IMPERATIVE to back up the stock firmware, if you ever plan to returning to stock firmware. Method 1: after booting OpenWrt initramfs image via TFTP: PLEASE NOTE: YOU CANNOT DO THIS IF USING INTERMEDIATE FIRMWARE FOR INSTALLATION. - Dump stock firmware located on stock kernel and ubi partitions: ssh root@192.168.1.1: cat /dev/mtd4 > mtd4_kernel.bin ssh root@192.168.1.1: cat /dev/mtd8 > mtd8_ubi.bin And keep them in a safe place, should a restore be needed in future. Method 2: using stock firmware: - Connect an external USB drive formatted with FAT or ext4 to the USB port. - The drive will be auto-mounted to /var/usb_disk - Check the flash layout of the device: cat /proc/mtd It should show the following: mtd0: 00080000 00010000 "uboot" mtd1: 00020000 00010000 "uboot-env" mtd2: 00140000 00020000 "fota-flag" mtd3: 00140000 00020000 "caldata" mtd4: 00140000 00020000 "mac" mtd5: 00600000 00020000 "cfg-param" mtd6: 00140000 00020000 "oops" mtd7: 00800000 00020000 "web" mtd8: 00300000 00020000 "kernel" mtd9: 01f00000 00020000 "rootfs" mtd10: 01900000 00020000 "data" mtd11: 03200000 00020000 "fota" Differences might indicate that this is NOT a vanilla MF286 device but one of its later derivatives. - Copy over all MTD partitions, for example by executing the following: for i in 0 1 2 3 4 5 6 7 8 9 10 11; do cat /dev/mtd$i > \ /var/usb_disk/mtd$i; done - If the count of MTD partitions is different, this might indicate that this is not a standard MF286 device, but one of its later derivatives. - (optionally) rename the files according to MTD partition names from /proc/mtd - Unmount the filesystem: umount /var/usb_disk; sync and then remove the drive. - Store the files in safe place if you ever plan to return to stock firmware. This is especially important, because stock firmware for this device is not available officially, and is usually customized by the mobile providers. STEP 3: Booting initramfs image: Method 1: using serial console (RECOMMENDED): - Have TFTP server running, exposing the OpenWrt initramfs image, and set your computer's IP address as 192.168.1.22. This is the default expected by U-boot. You may wish to change that, and alter later commands accordingly. - Connect the serial console if you haven't done so already, - Interrupt boot sequence by pressing any key in U-boot when prompted - Use the following commands to boot OpenWrt initramfs through TFTP: setenv serverip 192.168.1.22 setenv ipaddr 192.168.1.1 tftpboot 0x81000000 openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin bootm 0x81000000 (Replace server IP and router IP as needed). There is no emergency TFTP boot sequence triggered by buttons, contrary to MF283+. - When OpenWrt initramfs finishes booting, proceed to actual installation. Method 2: using initramfs image as temporary boot kernel This exploits the fact, that kernel and rootfs MTD devices are consecutive on NAND flash, so from within stock image, an initramfs can be written to this area and booted by U-boot on next reboot, because it uses "nboot" command which isn't limited by kernel partition size. - Download the initramfs-kernel.bin image - Split the image into two parts on 3MB partition size boundary, which is the size of kernel partition. Pad the output of second file to eraseblock size: dd if=openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin \ bs=128k count=24 \ of=openwrt-ath79-zte_mf286-intermediate-kernel.bin dd if=openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin \ bs=128k skip=24 conv=sync \ of=openwrt-ath79-zte_mf286-intermediate-rootfs.bin - Copy over /usr/bin/flash_eraseall and /usr/bin/nandwrite utilities to /tmp. This is CRITICAL for installation, as erasing rootfs will cut you off from those tools on flash! - After backing up the previous MTD contents, write the images to the respective MTD devices: /tmp/flash_eraseall /dev/<kernel-mtd> /tmp/nandwrite /dev/<kernel-mtd> \ /var/usb_disk/openwrt-ath79-zte_mf286-intermediate-kernel.bin /tmp/flash_eraseall /dev/<kernel-mtd> /tmp/nandwrite /dev/<rootfs-mtd> \ /var/usb_disk/openwrt-ath79-zte_mf286-intermediate-rootfs.bin - Ensure that no bad blocks were present on the devices while writing. If they were present, you may need to vary the split between kernel and rootfs parts, so U-boot reads a valid uImage after skipping the bad blocks. If it fails, you will be left with method 3 (below). - If write is OK, reboot the device, it will reboot to OpenWrt initramfs: reboot -f - After rebooting, SSH into the device and use sysupgrade to perform proper installation. Method 3: using built-in TFTP recovery (LAST RESORT): - With that method, ensure you have complete backup of system's NAND flash first. It involves deliberately erasing the kernel. - Download "-initramfs-kernel.bin" image for the device. - Prepare the recovery image by prepending 8MB of zeroes to the image, and name it root_uImage: dd if=/dev/zero of=padding.bin bs=8M count=1 cat padding.bin openwrt-ath79-nand-zte_mf286-initramfs-kernel.bin > root_uImage - Set up a TFTP server at 192.0.0.1/8. Router will use random address from that range. - Put the previously generated "root_uImage" into TFTP server root directory. - Deliberately erase "kernel" partition" using stock firmware after taking backup. THIS IS POINT OF NO RETURN. - Restart the device. U-boot will attempt flashing the recovery initramfs image, which will let you perform actual installation using sysupgrade. This might take a considerable time, sometimes the router doesn't establish Ethernet link properly right after booting. Be patient. - After U-boot finishes flashing, the LEDs of switch ports will all light up. At this moment, perform power-on reset, and wait for OpenWrt initramfs to finish booting. Then proceed to actual installation. STEP 4: Actual installation: - scp the sysupgrade image to the device: scp openwrt-ath79-nand-zte_mf286-squashfs-sysupgrade.bin \ root@192.168.1.1:/tmp/ - ssh into the device and execute sysupgrade: sysupgrade -n /tmp/openwrt-ath79-nand-zte_mf286-squashfs-sysupgrade.bin - Wait for router to reboot to full OpenWrt. STEP 5: WAN connection establishment Since the router is equipped with LTE modem as its main WAN interface, it might be useful to connect to the Internet right away after installation. To do so, please put the following entries in /etc/config/network, replacing the specific configuration entries with one needed for your ISP: config interface 'wan' option proto 'qmi' option device '/dev/cdc-wdm0' option auth '<auth>' # As required, usually 'none' option pincode '<pin>' # If required by SIM option apn '<apn>' # As required by ISP option pdptype '<pdp>' # Typically 'ipv4', or 'ipv4v6' or 'ipv6' For example, the following works for most polish ISPs config interface 'wan' option proto 'qmi' option device '/dev/cdc-wdm0' option auth 'none' option apn 'internet' option pdptype 'ipv4' If you have build with LuCI, installing luci-proto-qmi helps with this task. Restoring the stock firmware: Preparation: If you took your backup using stock firmware, you will need to reassemble the partitions into images to be restored onto the flash. The layout might differ from ISP to ISP, this example is based on generic stock firmware. The only partitions you really care about are "web", "kernel", and "rootfs". For easy padding and possibly restoring configuration, you can concatenate most of them into images written into "ubi" meta-partition in OpenWrt. To do so, execute something like: cat mtd5_cfg-param.bin mtd6-oops.bin mtd7-web.bin mtd9-rootfs.bin > \ mtd8-ubi_restore.bin You can skip the "fota" partition altogether, it is used only for stock firmware update purposes and can be overwritten safely anyway. The same is true for "data" partition which on my device was found to be unused at all. Restoring mtd5_cfg-param.bin will restore the stock firmware configuration you had before. Method 1: Using initramfs: - Boot to initramfs as in step 3: - Completely detach ubi0 partition using ubidetach /dev/ubi0_0 - Look up the kernel and ubi partitions in /proc/mtd - Copy over the stock kernel image using scp to /tmp - Erase kernel and restore stock kernel: (scp mtd4_kernel.bin root@192.168.1.1:/tmp/) mtd write <kernel_mtd> mtd4_kernel.bin rm mtd4_kernel.bin - Copy over the stock partition backups one-by-one using scp to /tmp, and restore them individually. Otherwise you might run out of space in tmpfs: (scp mtd3_ubiconcat0.bin root@192.168.1.1:/tmp/) mtd write <ubiconcat0_mtd> mtd3_ubiconcat0.bin rm mtd3_ubiconcat0.bin (scp mtd5_ubiconcat1.bin root@192.168.1.1:/tmp/) mtd write <ubiconcat1_mtd> mtd5_ubiconcat1.bin rm mtd5_ubiconcat1.bin - If the write was correct, force a device reboot with reboot -f Method 2: Using live OpenWrt system (NOT RECOMMENDED): - Prepare a USB flash drive contatining MTD backup files - Ensure you have kmod-usb-storage and filesystem driver installed for your drive - Mount your flash drive mkdir /tmp/usb mount /dev/sda1 /tmp/usb - Remount your UBI volume at /overlay to R/O mount -o remount,ro /overlay - Write back the kernel and ubi partitions from USB drive cd /tmp/usb mtd write mtd4_kernel.bin /dev/<kernel_mtd> mtd write mtd8_ubi.bin /dev/<kernel_ubi> - If everything went well, force a device reboot with reboot -f Last image may be truncated a bit due to lack of space in RAM, but this will happen over "fota" MTD partition which may be safely erased after reboot anyway. Method 3: using built-in TFTP recovery (LAST RESORT): - Assemble a recovery rootfs image from backup of stock partitions by concatenating "web", "kernel", "rootfs" images dumped from the device, as "root_uImage" - Use it in place of "root_uImage" recovery initramfs image as in the TFTP pre-installation method. Quirks and known issues - Kernel partition size is increased to 4MB compared to stock 3MB, to accomodate future kernel updates - at this moment OpenWrt 5.10 kernel image is at 2.5MB which is dangerously close to the limit. This has no effect on booting the system - but keep that in mind when reassembling an image to restore stock firmware. - uqmi seems to be unable to change APN manually, so please use the one you used before in stock firmware first. If you need to change it, please use protocok '3g' to establish connection once, or use the following command to change APN (and optionally IP type) manually: echo -ne 'AT+CGDCONT=1,"IP","<apn>' > /dev/ttyUSB0 - The only usable LED as a "system LED" is the green debug LED hidden inside the case. All other LEDs are controlled by modem, on which the router part has some influence only on Wi-Fi LED. - Wi-Fi LED currently doesn't work while under OpenWrt, despite having correct GPIO mapping. All other LEDs are controlled by modem, including this one in stock firmware. GPIO19, mapped there only acts as a gate, while the actual signal source seems to be 5GHz Wi-Fi radio, however it seems it is not the LED exposed by ath10k as ath10k-phy0. - GPIO5 used for modem reset is a suicide switch, causing a hardware reset of whole board, not only the modem. It is attached to gpio-restart driver, to restart the modem on reboot as well, to ensure QMI connectivity after reboot, which tends to fail otherwise. - Modem, as in MF283+, exposes root shell over ADB - while not needed for OpenWrt operation at all - have fun lurking around. - MAC address shift for 5GHz Wi-Fi used in stock firmware is 0x320000000000, which is impossible to encode in the device tree, so I took the liberty of using MAC address increment of 1 for it, to ensure different BSSID for both Wi-Fi interfaces. Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
* ipq40xx: add support for ZTE MF286DPawel Dembicki2022-02-052-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ZTE MF286D is a LTE router with four gigabit ethernet ports and integrated QMI mPCIE modem. Hardware specification: - CPU: IPQ4019 - RAM: 256MB - Flash: NAND 128MB + NOR 2MB - WLAN1: Qualcomm Atheros QCA4019 2.4GHz 802.11bgn 2x2:2 - WLAN2: Qualcomm Atheros QCA4019 5GHz 802.11anac 2x2:2 - LTE: mPCIe cat 12 card (Modem chipset MDM9250) - LAN: 4 Gigabit Ports - USB: 1x USB2.0 (regular port). 1x USB3.0 (mpcie - used by the modem) - Serial console: X8 connector 115200 8n1 Known issues: - Many LEDs are driven by the modem. Only internal LEDs and wifi LEDs are driven by cpu. - Wifi LED is triggered by phy0tpt only - No VoIP support - LAN1/WAN port is configured as WAN - ZTE gives only one MAC per device. Use +1/+2/+3 increment for WAN and WLAN0/1 Opening the case: 1. Take of battery lid (no battery support for this model, battery cage is dummy). 2. Unscrew screw placed behind battery lid. 3. Take off back cover. It attached with multiple plastic clamps. 4. Unscrew four more screws hidden behind back case. 5. Remove front panel from blue chassis. There are more plastic clamps. 6. Unscrew two boards, which secures the PCB in the chassis. 7. Extract board from blue chassis. Console connection (X8 connector): 1. Parameters: 115200 8N1 2. Pin description: (from closest pin to X8 descriptor to farthest) - VCC (3.3V) - TX - RX - GND Install Instructions: Serial + initramfs: 1. Place OpenWrt initramfs image for the device on a TFTP in the server's root. This example uses Server IP: 192.168.1.3 2. Connect serial console (115200,8n1) to X8 connector. 3. Connect TFTP server to RJ-45 port. 4. Stop in u-Boot and run u-Boot commands: setenv serverip 192.168.1.3 setenv ipaddr 192.168.1.72 set fdt_high 0x85000000 tftp openwrt-ipq40xx-generic-zte_mf286d-initramfs-fit-zImage.itb bootm $loadaddr 5. Please make backup of original partitions, if you think about revert to stock. 6. Login via ssh or serial and remove stock partitions: ubiattach -m 9 ubirmvol /dev/ubi0 -N ubi_rootfs ubirmvol /dev/ubi0 -N ubi_rootfs_data 7. Install image via "sysupgrade -n". Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com> (cosmetic changes to the commit message) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* linux-firmware: qca99x0 update packageChristian Lamparter2022-02-052-42/+5
| | | | | | | | | | | | Kalle Valo ath10k-firmware repository no longer provides the legacy board.bin files for the qca99x0 chips. Instead he copied over the codeaurora version and add more board files. In the future, this board-2.bin should find its way to linux-firmware.git, which would allow us to remove the extra download code completely. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: usb: remove left-over LINUX_5_10 dependency symbolChristian Lamparter2022-02-041-1/+1
| | | | | | | | this should have been removed together with linux 5.4 APM821XX support. Currently, this didn't hurt or broke something. But it will in the next stable kernel release. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* bpf-headers: fix build error from within the SDKFelix Fietkau2022-02-041-0/+1
| | | | | | | | The SDK does not ship the generic platform files. Use relative path for GENERIC_PLATFORM_DIR to make it work. This points it at the files from the feed directory instead of the base SDK path Signed-off-by: Felix Fietkau <nbd@nbd.name>
* om-watchdog: Drop unused packageSven Eckelmann2022-02-033-87/+0
| | | | | | | All devices which used this package migrated to the kernel GPIO-line watchdog driver and configure it over their DT. Signed-off-by: Sven Eckelmann <sven@narfation.org>
* uboot-mvebu: backport two patches for Marvell A38xJosef Schlehofer2022-02-032-0/+214
| | | | | | | | | | | This solves issue with DDR training on Turris Omnia. Log: ******** DRAM initialization Failed (res 0x1) ******** DDR3 Training Sequence - FAILED ERROR ### Please RESET the board ### Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* uboot-mvebu: Add U-boot for Turris OmniaJosef Schlehofer2022-02-031-0/+9
| | | | | | * Add U-boot support for Turris Omnia Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* uboot-mvebu: update to version 2022.01Josef Schlehofer2022-02-031-2/+2
| | | | | Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> Tested-by: Andre Heider <a.heider@gmail.com> # ESPRESSObin
* mt76: update to the latest versionFelix Fietkau2022-02-031-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 833b9d7fcf7f mt76: allow drivers to drop rx packets early f703084f31cb mt76: mt7915: process txfree and txstatus without allocating skbs 047b9a9e78b3 mt76: mt7615: in debugfs queue stats, skip wmm index 3 on mt7663 fea36e02075c mt76: only kick tx queue if frames were queued 8381e54ebfb5 linux-firmware: update firmware for MT7921 WiFi device d57dadb8c861 Revert "mt76: only kick tx queue if frames were queued" 3a21d6e2153b mt76: mt7663: disable 4addr capability f1d66cf7a6c5 mt76: connac: fix possible NULL pointer dereference in mt76_connac_get_phy_mode_v2 c9a4146404d4 sync with upstream 4ed8c910b94e mt76: mt7921: fix possible resume failure bf105aa6cd2f mt76: mt7921: fix network buffer leak by txs missing e2b454b6fb30 mt76: connac: introduce MCU_EXT macros 5a87f5497c9b mt76: connac: align MCU_EXT definitions with 7915 driver 720ddc32507d mt76: connac: remove MCU_FW_PREFIX bit da5128a59eda mt76: connac: introduce MCU_UNI_CMD macro 116109bee7cb mt76: connac: introduce MCU_CE_CMD macro f96fbdf038d5 mt76: connac: rely on MCU_CMD macro 922f0d408413 mt76: mt7915: rely on mt76_connac definitions b4ae1da1d1e0 mt76: mt7921: reduce log severity levels for informative messages db105a722b87 mt76: mt7921s: make pm->suspended usage consistent e2cc063238c0 mt76: mt7921s: fix suspend error with enlarging mcu timeout value 812b73f2f1e0 mt76: mt7915: introduce mt76_vif in mt7915_vif b041a8a30055 mt76: mt7915: add mu-mimo and ofdma debugfs knobs b851a3e7839d mt76: mt7921: remove dead definitions 266c7a9f2994 mt76: connac: rely on le16_add_cpu in mt76_connac_mcu_add_nested_tlv 19cc7d83190c mt76: mt7921: clear pm->suspended in mt7921_mac_reset_work 928c4550e413 mt76: mt7921s: make pm->suspended usage consistent [update] 8d6c68a7d0d1 mt76: mt7921: fix possible resume failure [update] 26fb105e538c mt76: mt7921s: fix cmd timeout in throughput test 9db482264389 mt76: mt7921: fix build regression 3edb87cdf138 mt7915: formatting change to sync with upstream 5cad38ba247d mt76: mt7915: add mt7915_mmio_probe() as a common probing function 15f9f88b362a mt76: mt7915: refine register definition de49cf43ef34 mt76: add MT_RXQ_MAIN_WA for mt7916 6032c35f1306 mt76: mt7915: rework dma.c to adapt mt7916 changes 074d7c5381ed mt76: mt7915: add firmware support for mt7916 27b3253318e7 mt76: mt7915: rework eeprom.c to adapt mt7916 changes 030540246088 mt76: mt7915: enlarge wcid size to 544 400129c69f91 mt76: mt7915: add txfree event v3 cbbb3f65fcd0 mt76: mt7915: update rx rate reporting for mt7916 eb51c4deef0e mt76: mt7915: update mt7915_chan_mib_offs for mt7916 fb4709222028 mt76: mt7915: add mt7916 calibrated data support e758feeaf1d6 mt76: mt7915: add device id for mt7916 115ea27a5cab mt76: connac: fix sta_rec_wtbl tag len b3f922266685 mt76: mt7915: rely on mt76_connac_mcu_alloc_sta_req bac5eda1f5b2 mt76: mt7915: rely on mt76_connac_mcu_alloc_wtbl_req b44485d5c8ac mt76: mt7915: rely on mt76_connac_mcu_add_tlv routine 9cc58e254d53 mt76: connac: move mt76_connac_mcu_get_cipher in common code 60dcd9f09ff6 mt76: connac: move mt76_connac_chan_bw in common code a8d0b7d0cc60 mt76: mt7915: rely on mt76_connac_get_phy utilities 4441db30c1c1 mt76: connac: move mt76_connac_mcu_add_key in connac module 794b6f18d0fb mt76: mt7915: fix code defect 9d2a01b6cb60 mt76: set wlan_idx_hi on mt7916 2c89977b32c2 mt76: mt7915: fix kernel build warning 6c4874839830 mt76: make mt76_sar_capa static 215fdcc7ca6c mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode bc254718b40e mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv 22fcff5ff21a mt76: sdio: lock sdio when it is needed 4669882aa595 mt76: mt7921s: clear MT76_STATE_MCU_RUNNING immediately after reset 944545855e0f mt76: mt7921s: update mt7921s_wfsys_reset sequence 854c8d076a34 mt76: mt7915: move pci specific code back to pci.c a77da27796f2 mt76: mt7915: fix warning: variable 'base' is used uninitialized 7b5e69961c71 mt76: mt7915: fix warning: variable 'flags' set but not used b5138e7b89f9 mt76: mt7921: fix a possible race enabling/disabling runtime-pm af218fbe2500 linux-firmware: update firmware for MT7921 WiFi device 31c19c467950 mt76: mt7915: remove duplicated defs in mcu.h 9198eca1b16f mt76: connac: move mt76_connac_mcu_bss_omac_tlv in connac module 829d87a93a51 mt76: connac: move mt76_connac_mcu_bss_ext_tlv in connac module 50956cf17901 mt76: connac: move mt76_connac_mcu_bss_basic_tlv in connac module bda40f4e1d5e mt76: mt7915: rely on mt76_connac_mcu_sta_ba_tlv 4728939c1d48 mt76: mt7915: rely on mt76_connac_mcu_wtbl_ba_tlv e3ae1828068b mt76: mt7915: rely on mt76_connac_mcu_sta_ba d9e9989eca07 mt76: mt7915: rely on mt76_connac_mcu_wtbl_generic_tlv 168713595fff mt76: mt7915: rely on mt76_connac_mcu_sta_basic_tlv 60394d3e3504 mt76: mt7915: rely on mt76_connac_mcu_sta_uapsd 3a79454d078d mt76: mt7915: rely on mt76_connac_mcu_wtbl_smps_tlv 9ae9aa6c1aea mt76: mt7915: rely on mt76_connac_mcu_wtbl_ht_tlv fd8cdfab91e4 mt76: mt7915: rely on mt76_connac_mcu_wtbl_hdr_trans_tlv a92024c5a5b5 mt76: connac: move mt76_connac_mcu_wtbl_update_hdr_trans in connac module 6dc585a3a274 mt76: connac: introduce is_connac_v1 utility routine 0f29d2aa5a72 mt76: connac: move mt76_connac_mcu_set_pm in connac module dcf408ff8a5e mt76: mt7921: get rid of mt7921_mcu_get_eeprom 77b2a8601fc1 mt76: mt7915: rely on mt76_connac_mcu_start_firmware 65f78dee243a mt76: connac: move mt76_connac_mcu_restart in common module 5adf5b14040b mt76: mt7915: rely on mt76_connac_mcu_patch_sem_ctrl/mt76_connac_mcu_start_patch 69bf1dabe78f mt76: mt7915: rely on mt76_connac_mcu_init_download 951b1ddd370e mt76: connac: move mt76_connac_mcu_gen_dl_mode in mt76-connac module 0826b3992238 mt76: mt7915: rely on mt76_connac_mcu_set_rts_thresh 058de6d36fa9 mt76: connac: move mt76_connac_mcu_rdd_cmd in mt76-connac module aafda86aed2b mt76: mt7921e: make dev->fw_assert usage consistent def12bef91a3 mt76: mt7921: forbid the doze mode when coredump is in progress 009414d27d37 mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error 3c5856eca223 mt76: mt7921: set EDCA parameters with the MCU CE command 01a3d73b452e mt76: mt7615: fix a possible race enabling/disabling runtime-pm 123ed864d1ae mt76: mt7921e: process txfree and txstatus without allocating skbs 018f98abba68 mt76: connac: add support for passing the cipher field in bss_info 288e7443e35c mt76: mt7615: update bss_info with cipher after setting the group key 36e1577cb3d3 mt76: mt7915: update bss_info with cipher after setting the group key d42590d8fcc8 mt76: make cipher in struct mt76_vif u8 instead of enum 11602b8505c6 mt76: mt7615e: process txfree and txstatus without allocating skbs 2ef775c10bd3 linux-firmware: add firmware for MT7916 976ea3879730 mt76: mt7915: add support for passing chip/firmware debug data to user space d11bd7bd83f4 tools: add support for sending firmware debug data via udp dc8e2e8dcd34 mt76: mt7921: do not always disable fw runtime-pm 7063127f852b mt76: mt7921: fix a leftover race in runtime-pm f78f4334b0b2 mt76: mt7615: fix a leftover race in runtime-pm f1f94d19c160 mt76: mt7915: fix ht mcs in mt7915_mac_add_txs_skb() c2ff2f0d6d19 mt76: mt7921: fix ht mcs in mt7921_mac_add_txs_skb() 3e7954a0b32e mt76: mt7921s: fix mt7921s_mcu_[fw|drv]_pmctrl 3c2cc9034376 mt76: mt7921e: fix possible probe failure after reboot f7f6c6dcc6eb mt76: mt7921: fix crash when startup fails. 8656198c925b mt76: sdio: disable interrupt in mt76s_sdio_irq 6204d61ab821 mt76: mt7921: fix endianness issues in mt7921_mcu_set_tx() 68c5aa56f5f2 mt76: mt7921: toggle runtime-pm adding a monitor vif 541e4e8d3c3e mt76: mt7915: set bssinfo/starec command when adding interface 78770f741af9 mt76: mt7915: introduce mt7915_set_radar_background routine 93c03778f92e mt76: mt7915: enable radar trigger on rdd2 4c76a6c3a1f2 mt76: mt7915: introduce rdd_monitor debugfs node 5b94045f927e mt76: mt7915: report radar pattern if detected by rdd2 22094b27ff6a mt76: mt7915: enable radar background detection 4282ca57a143 mt76: connac: move mt76_connac_lmac_mapping in mt76-connac module 0f16c67657a2 mt76: mt7915: add missing DATA4_TB_SPTL_REUSE1 to mt7915_mac_decode_he_radiotap 9a16d33311a7 mt76: mt7921: remove duplicated code in mt7921_mac_decode_he_radiotap 639b55fdc95e mt76: mt7615: add support for LG LGSBWAC02 (MT7663BUN) ebbd2717a16e mt76: mt7663s: flush runtime-pm queue after waking up the device 37c3bf2256de mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update 96959bd15eef mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update 4e42e55ce636 mt76: stop the radar detector after leaving dfs channel 8b32439d5a86 mt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta b4e6f0d6f15a mt76: mt7921s: fix a possible memory leak in mt7921_load_patch 15398f1e8385 mt76: mt7915: fix mcs_map in mt7915_mcu_set_sta_he_mcs() 607eda6eb032 mt76: mt7915: update max_mpdu_size in mt7915_mcu_sta_amsdu_tlv() 69d20f2e6cb0 mt76: mt7915: fix the nss setting in bitrates c3ffa536249a mt76: sdio: honor the largest Tx buffer the hardware can support e3e3562f8fa0 mt76: mt7921s: run sleep mode by default 553200cf63fd firmware: update mt7662 firmware to version 2.3 20d1fed838b9 mt76x02: improve mac error check/reset reliability 9b2ac62d6f31 mt76: mt76x02: improve tx hang detection fae295af31eb mt76: mt7915: fix/rewrite the dfs state handling logic e0f9479bf893 mt76: mt7615: fix/rewrite the dfs state handling logic 822e1135e7e1 mt76: mt76x02: use mt76_phy_dfs_state to determine radar detector state f8c0ed1e6bdf mt76: do not always copy ethhdr in reverse_frag0_hdr_trans ab9b8078427a mt76: dma: initialize skip_unmap in mt76_dma_rx_fill Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: backport support for background radar detectionFelix Fietkau2022-02-039-12/+1627
| | | | | | Will be used in an upcoming mt76 update Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: backport MBSSID/EMA support patchesFelix Fietkau2022-02-034-114/+803
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: reorganize patchesFelix Fietkau2022-02-0312-0/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: backport support for ndo_fill_forward_pathFelix Fietkau2022-02-031-0/+172
| | | | | | Will be used in an upcoming mt76 update Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iptables: add ip{,6}tables-legacy{,-restore,-save} symlinksEtienne Champetier2022-02-031-0/+2
| | | | | | | Now that we can have both legacy and nft iptables variants installed at the same time, install the legacy symlinks Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iptables: use ALTERNATIVES for ip(6)tables(-nft)Etienne Champetier2022-02-031-2/+16
| | | | | | | | | As nftables is now the default, ip(6)tables-nft gets higher priority The removed symlinks ("$(CP)" line) will now be installed by the ALTERNATIVES mechanism Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iptables: rework ip(6)tables-nft dependenciesEtienne Champetier2022-02-031-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | according to iptables-nft man page, "These tools use the libxtables framework extensions and hook to the nf_tables kernel subsystem using the nft_compat module." This means that to work, iptables-nft needs the same modules as iptables legacy except the ip(6)table-{filter,mangle,nat,raw} ip_tables, ip6tables. When those modules are loaded iptables-nft-save output contains "# Warning: iptables-legacy tables present, use iptables-legacy-save to see them" But as long as it's empty it should not be a problem. To have nft properly display the rules created by ip(6)tables-nft we need all iptables targets and matches to be built as extension and not built-in (/usr/lib/iptables/libip(6)t_*.so) When switching a package to iptables-nft, you need to keep the iptables-mod-* dependencies This patch does minimal changes: - remove the direct iptables-nft -> iptables dependency - and more important add nft-compat dependency The rule iptables-nft -A OUTPUT -d 8.8.8.8 -m comment --comment "aaa" -j REJECT becomes table ip filter { chain OUTPUT { type filter hook output priority filter; policy accept; ip daddr 8.8.8.8 # xt_comment counter packets 0 bytes 0 # xt_REJECT } } Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* netfilter: add kmod-nft-compatEtienne Champetier2022-02-021-0/+11
| | | | | | This modules is required by iptables-nft Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iptables: fix ip6tables-nft descriptionEtienne Champetier2022-02-021-5/+5
| | | | | | ip6tables-nft packages ip6tables* utils not iptables* Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iptables: fix ip6tables-extra descriptionEtienne Champetier2022-02-021-1/+1
| | | | | | The define was referencing ip6tables-mod-extra instead of ip6tables-extra Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* uqmi: update to git HEADDaniel Golle2022-02-021-3/+3
| | | | | | f254fc5 uqmi: add support for get operating mode Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ipq40xx: add MikroTik cAP ac supportAlar Aun2022-02-012-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support for the MikroTik RouterBOARD RBcAPGi-5acD2nD (cAP ac), a indoor dual band, dual-radio 802.11ac wireless AP, two 10/100/1000 Mbps Ethernet ports. See https://mikrotik.com/product/cap_ac for more info. Specifications: - SoC: Qualcomm Atheros IPQ4018 - RAM: 128 MB - Storage: 16 MB NOR - Wireless: · Built-in IPQ4018 (SoC) 802.11b/g/n 2x2:2, 2.5 dBi antennae · Built-in IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 2.5 dBi antennae - Ethernet: Built-in IPQ4018 (SoC, QCA8075) , 2x 1000/100/10 port, PoE in and passive PoE out Unsupported: - PoE out Installation: Boot the initramfs image via TFTP and then flash the sysupgrade image using "sysupgrade -n" Signed-off-by: Alar Aun <alar.aun@gmail.com>
* wolfssl: update to 5.1.1-stableSergey V. Lobanov2022-02-015-144/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | Bump from 4.8.1-stable to 5.1.1-stable Detailed release notes: https://github.com/wolfSSL/wolfssl/releases Upstreamed patches: 001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch - https://github.com/wolfSSL/wolfssl/commit/fa8f23284d4689c2a737204b337b58d966dcbd8c 002-Update-macro-guard-on-SHA256-transform-call.patch - https://github.com/wolfSSL/wolfssl/commit/f447e4c1fa4c932c0286fa0331966756e243db81 Refreshed patches: 100-disable-hardening-check.patch 200-ecc-rng.patch CFLAG -DWOLFSSL_ALT_CERT_CHAINS replaced to --enable-altcertchains configure option The size of the ipk changed on aarch64 like this: 491341 libwolfssl4.8.1.31258522_4.8.1-stable-7_aarch64_cortex-a53.ipk 520322 libwolfssl5.1.1.31258522_5.1.1-stable-1_aarch64_cortex-a53.ipk Tested-by: Alozxy <alozxy@users.noreply.github.com> Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* kernel: add kmod-vrfMarek Behún2022-02-011-0/+17
| | | | | | | | | | | Add option to compile kmod-vrf, support for Virtual Routing and Forwarding (Lite). This module depends on NET_L3_MASTER_DEV, which is a boolean kernel option, so we need to create a configuration option also for this, and make kmod-vrf depend on it. Signed-off-by: Marek Behún <kabel@kernel.org>
* kernel: Make kmod-usb-net-lan78xx depend on kmod-of-mdioHauke Mehrtens2022-02-011-1/+1
| | | | | | | kmod-usb-net-lan78xx depends on kmod-of-mdio when this package is activated. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uboot-envtools: Update to version 2022.01Hauke Mehrtens2022-02-011-2/+2
| | | | | | | | The sizes of the ipk changed on MIPS 24Kc like this: 13281 uboot-envtools_2021.01-54_mips_24kc.ipk 13308 uboot-envtools_2022.01-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libcap: Update to version 2.63Hauke Mehrtens2022-02-012-3/+5
| | | | | | | | | | | The sizes of the ipk changed on MIPS 24Kc like this: 11248 libcap_2.51-1_mips_24kc.ipk 14461 libcap_2.63-1_mips_24kc.ipk 18864 libcap-bin_2.51-1_mips_24kc.ipk 20576 libcap-bin_2.63-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* e2fsprogs: Update to version 1.46.5Hauke Mehrtens2022-02-013-32/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The sizes of the ipk changed on MIPS 24Kc like this: 8788 badblocks_1.45.6-2_mips_24kc.ipk 8861 badblocks_1.46.5-1_mips_24kc.ipk 3652 chattr_1.45.6-2_mips_24kc.ipk 3657 chattr_1.46.5-1_mips_24kc.ipk 58128 debugfs_1.45.6-2_mips_24kc.ipk 60279 debugfs_1.46.5-1_mips_24kc.ipk 8551 dumpe2fs_1.45.6-2_mips_24kc.ipk 8567 dumpe2fs_1.46.5-1_mips_24kc.ipk 4797 e2freefrag_1.45.6-2_mips_24kc.ipk 4791 e2freefrag_1.46.5-1_mips_24kc.ipk 159790 e2fsprogs_1.45.6-2_mips_24kc.ipk 168212 e2fsprogs_1.46.5-1_mips_24kc.ipk 7083 e4crypt_1.45.6-2_mips_24kc.ipk 7134 e4crypt_1.46.5-1_mips_24kc.ipk 5749 filefrag_1.45.6-2_mips_24kc.ipk 6233 filefrag_1.46.5-1_mips_24kc.ipk 4361 libcomerr0_1.45.6-2_mips_24kc.ipk 4355 libcomerr0_1.46.5-1_mips_24kc.ipk 168040 libext2fs2_1.45.6-2_mips_24kc.ipk 174209 libext2fs2_1.46.5-1_mips_24kc.ipk 8514 libss2_1.45.6-2_mips_24kc.ipk 8613 libss2_1.46.5-1_mips_24kc.ipk 3148 lsattr_1.45.6-2_mips_24kc.ipk 3227 lsattr_1.46.5-1_mips_24kc.ipk 22530 resize2fs_1.45.6-2_mips_24kc.ipk 22909 resize2fs_1.46.5-1_mips_24kc.ipk 33315 tune2fs_1.45.6-2_mips_24kc.ipk 34511 tune2fs_1.46.5-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* util-linux: Update to version 2.37.3Hauke Mehrtens2022-02-011-2/+2
| | | | | | | | | | | | | | | This release fixes two security mount(8) and umount(8) issues: CVE-2021-3996 Improper UID check in libmount allows an unprivileged user to unmount FUSE filesystems of users with similar UID. CVE-2021-3995 This issue is related to parsing the /proc/self/mountinfo file allows an unprivileged user to unmount other user's filesystems that are either world-writable themselves or mounted in a world-writable directory. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* util-linux: Do not build raw any more.Hauke Mehrtens2022-02-011-0/+1
| | | | | | | | | | | | | The man page of the raw tool does not build because the disk-utils/raw.8 file is missing. It looks like it should be in the tar.xz file we download, but it is missing. We do not package the raw tool, so this is not a problem. This fixes the following build error: No rule to make target 'disk-utils/raw.8', needed by 'all-am'. Stop. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* strace: Update to version 5.16Hauke Mehrtens2022-02-011-2/+2
| | | | | | | | The sizes of the ipk changed on MIPS 24Kc like this: 289764 strace_5.14-1_mips_24kc.ipk 310899 strace_5.16-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ethtool: Update to version 5.16Hauke Mehrtens2022-02-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 795f420 cmis: Rename CMIS parsing functions 369b43a cmis: Initialize CMIS memory map da16288 cmis: Use memory map during parsing 6acaeb9 cmis: Consolidate code between IOCTL and netlink paths d7d15f7 sff-8636: Rename SFF-8636 parsing functions 4230597 sff-8636: Initialize SFF-8636 memory map b74c040 sff-8636: Use memory map during parsing 799572f sff-8636: Consolidate code between IOCTL and netlink paths 9fdf45c sff-8079: Split SFF-8079 parsing function 2ccda25 netlink: eeprom: Export a function to request an EEPROM page 86792db cmis: Request specific pages for parsing in netlink path 6e2b32a sff-8636: Request specific pages for parsing in netlink path c2170d4 sff-8079: Request specific pages for parsing in netlink path 9538f38 netlink: eeprom: Defer page requests to individual parsers 664586e Merge branch 'review/next/module-mem-map' into master 50fdaec ethtool: Set mask correctly for dumping advertised FEC modes c5e7133 cable-test: Fix premature process termination 73091cd sff-8636: Use an SFF-8636 specific define for maximum number of channels 837c166 sff-common: Move OFFSET_TO_U16_PTR() to common header file 8658852 cmis: Initialize Page 02h in memory map 27b42a9 cmis: Initialize Banked Page 11h in memory map 340d88e cmis: Parse and print diagnostic information eae6a99 cmis: Print Module State and Fault Cause 82012f2 cmis: Print Module-Level Controls d7b1007 sff-8636: Print Power set and Power override bits 429f2fc Merge branch 'review/cmis-diag' into master 32457a9 monitor: do not show duplicate options in help text c01963e Release version 5.16. The sizes of the ipk changed on MIPS 24Kc like this: 34317 ethtool_5.15-1_mips_24kc.ipk 34311 ethtool_5.16-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Update to version 2.16.12Hauke Mehrtens2022-02-011-2/+2
| | | | | | | | | | | | | | | | | | | | This fixes the following security problems: * Zeroize several intermediate variables used to calculate the expected value when verifying a MAC or AEAD tag. This hardens the library in case the value leaks through a memory disclosure vulnerability. For example, a memory disclosure vulnerability could have allowed a man-in-the-middle to inject fake ciphertext into a DTLS connection. * Fix a double-free that happened after mbedtls_ssl_set_session() or mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED (out of memory). After that, calling mbedtls_ssl_session_free() and mbedtls_ssl_free() would cause an internal session buffer to be free()'d twice. CVE-2021-44732 The sizes of the ipk changed on MIPS 24Kc like this: 182454 libmbedtls12_2.16.11-2_mips_24kc.ipk 182742 libmbedtls12_2.16.12-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>