aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* 464xlat: delete SNATed conntracks on interface teardownAlin Nastac2022-06-192-1/+4
| | | | | | | | | Existing conntracks will continue to be SNATed to 192.0.0.1 even after 464xlat interface gets teared down. To prevent this, matching conntracks must be killed. Signed-off-by: Alin Nastac <alin.nastac@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* failsafe: run on all consoles listed in /proc/cmdlineMark Mentovai2022-06-192-35/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On x86, when both CONFIG_GRUB_CONSOLE and CONFIG_GRUB_SERIAL are set (as they are by default), the kernel command line will have two console= entries, such as console=tty0 console=ttyS0,115200n8 Failsafe was only running a shell on the first defined console, the VGA console. This is a problem for devices like apu2, where there is only a serial console and it appears on ttyS0. Moreover, the console prompt to enter failsafe during boot was delivered to, and its input read from, the last console= on the kernel command line. So while the failsafe shell was on the first defined console, only the last defined console could be used to enter failsafe during boot. In contrast, the x86 bootloader (GRUB) operates on both the serial console and the VGA console by virtue of "terminal_{input,output} console serial". GRUB also provided an alternate means to enter failsafe from either console. The presence of two console= kernel command line parameters causes kernel messages to be delivered to both. Under normal operation (not failsafe), procd runs login in accordance with inittab, which on x86 specifies ttyS0, hvc0, and tty1, allowing login through any of serial, hypervisor, or VGA console. Thus, serial access was consistently available on x86 devices with serial consoles under normal operation, except for shell access in failsafe mode (without editing the kernel command line). By presenting the failsafe prompt, reading failsafe prompt input, and running failsafe shells on all consoles listed in /proc/cmdline, failsafe mode will work correctly on devices with a serial console (like apu2), and the same image without any need for reconfiguration can be shared by devices with the more traditional (for x86) VGA console. This improvement should benefit any system with multiple console= arguments, including x86 and bcm27xx (Raspberry Pi). Signed-off-by: Mark Mentovai <mark at moxienet.com>
* libusb: fix missing linkLeo Soares2022-06-191-1/+1
| | | | | | | | | adds `libusb-1.0.so` link on the target root again. Fixes: 43539a6aabbe ("libusb: make InstallDev explicit") Signed-off-by: Leo Soares <leo@hyper.ag> (added fixed tag, reworded commit) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ath10k: backport encapsulation offload supportZhijun You2022-06-1911-20/+520
| | | | | | | | This backports encap offload support from upstream. On some ath10k devices there can be about 10% improvement on tx throughput. Users can turn it on by setting frame_mode=2. Signed-off-by: Zhijun You <hujy652@gmail.com>
* ath79: add support for Netgear PGZNG1Chris Blake2022-06-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support for the Netgear PGZNG1, also known as the ADT Pulse Gateway. Hardware: CPU: Atheros AR9344 Memory: 256MB Storage: 256MB NAND Hynix H27U2G8F2CTR-BC USB: 1x USB 2.0 Ethernet: 2x 100Mb/s WiFi: Atheros AR9340 2.4GHz 2T2R Leds: 8 LEDs Button: 1x Reset Button UART: Header marked JPE1. Pinout is VCC, TX, RX, GND. The marked pin, closest to the JPE1 marking, is VCC. Note VCC isn't required to be connected for UART to work. Enable Stock Firmware Shell Access: 1. Interrupt u-boot and run the following commands setenv console_mode 1 saveenv reset This will enable a UART shell in the firmware. You can then login using the root password of `icontrol`. If that doesn't work, the device is running a firmware based on OpenWRT where you can drop into failsafe to mount the FS and then modify /etc/passwd. Installation Instructions: 1. Interupt u-boot and run the following commands setenv active_image 0 setenv stock_bootcmd nboot 0x81000000 0 \${kernel_offset} setenv openwrt_bootcmd nboot 0x82000000 0 \${kernel_offset} setenv bootcmd run openwrt_bootcmd saveenv 2. boot initramfs image via TFTP u-boot tftpboot 0x82000000 openwrt-ath79-nand-netgear_pgzng1-initramfs-kernel.bin; bootm 0x82000000 3. Once booted, use LuCI sysupgrade to flash openwrt-ath79-nand-netgear_pgzng1-squashfs-sysupgrade.bin MAC Table: WAN (eth0): xx:xa - caldata 0x0 LAN (eth1): xx:xb - caldata 0x6 WLAN (phy0): xx:xc - burned into ath9k caldata Not Working: Z-Wave RS422 Signed-off-by: Chris Blake <chrisrblake93@gmail.com> (added more hw-info, fixed file permissions) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: add kmod-leds-pca955xChris Blake2022-06-191-0/+19
| | | | | | | | | This patch adds support for the mainline kernel module for the PCA955x LED driver. Note this requires i2c and GPIO support. Also worth calling out this driver also enables GPIO support, depending on device tree configuration. Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
* uboot-rockchip: drop CONFIG_IDENT_STRINGJosef Schlehofer2022-06-191-1/+0
| | | | | | | | | | This row is no longer necessary as it was replaced by LOCALVERSION in uboot.mk, which explicitly sets OpenWrt version to all U-boot packages accross OpenWrt. [1] [1] https://github.com/openwrt/openwrt/commit/d6aa9d9e071d9f23ed26f5142991bc66aefe20f5 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* apm821xx: MBL: make mtd chip workChristian Lamparter2022-06-191-0/+4
| | | | | | | | | | | | | | | | The MBL has a 512KiB Microchip SST39VF040 chip for uboot and not much else. Thanks to Ewald who figured out that the "jedec-probe" vs. "jedec-flash" was the wrong binding. With this information and the jedec-probe support enabled => the chip works. | physmap-flash 4fff80000.nor_flash: physmap platform flash device: [mem 0x4fff80000-0x4ffffffff] | Found: SST 39LF040 | 4fff80000.nor_flash: Found 1 x8 devices at 0x0 in 8-bit bank Suggested-by: Ewald Comhaire <e.comhaire@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* netfilter: kmod-nft-xfrmFlorian Eckert2022-06-191-0/+11
| | | | | | Add kmod-nft-xfrm package. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* realtek: add support for D-Link DGS-1210-20Markus Stockhausen2022-06-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hardware specification ---------------------- * RTL8382M SoC, 1 MIPS 4KEc core @ 500MHz * 128MB DRAM * 32MB NOR Flash * 16 x 10/100/1000BASE-T ports - Internal PHY with 8 ports (RTL8218B) - External PHY with 8 ports (RTL8218B) * 4 x Gigabit RJ45/SFP Combo ports - External PHY with 4 SFP ports (RTL8214FC) * Power LED * Reset button on front panel * UART (115200 8N1) via unpopulated standard 0.1" pin header marked J6 UART pinout ----------- [o]ooo|J6 | ||`------ GND | |`------- RX | `-------- TX `---------- Vcc (3V3) Boot initramfs image from U-Boot -------------------------------- 1. Press Escape key during `Hit Esc key to stop autoboot` prompt 2. Press CTRL+C keys to get into real U-Boot prompt 3. Init network with `rtk network on` command 4. Load image with `tftpboot 0x8f000000 openwrt-realtek-rtl838x-d-link_dgs-1210-20-initramfs-kernel.bin` command 5. Boot the image with `bootm` command To install, upload the sysupgrade image to the OEM webpage or sysupgrade from the system running from initramfs image. It has been developed and tested on device with F1 revision. Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de> [correct initramfs image name] Signed-off-by: Sander Vanheule <sander@svanheule.net>
* hostapd: update to 2022-06-02David Bauer2022-06-182-3/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 4383528e0 P2P: Use weighted preferred channel list for channel selection f2c5c8d38 QCA vendor attribute to configure RX link speed threshold for roaming 94bc94b20 Add QCA vendor attribute for DO_ACS to allow using existing scan entries b9e2826b9 P2P: Filter 6 GHz channels if peer doesn't support them d5a9944b8 Reserve QCA vendor sub command id 206..212 ed63c286f Remove space before tab in QCA vendor commands e4015440a ProxyARP: Clear bridge parameters on deinit only if hostapd set them 02047e9c8 hs20-osu-client: Explicit checks for snprintf() result cd92f7f98 FIPS PRF: Avoid duplicate SHA1Init() functionality 5c87fcc15 OpenSSL: Use internal FIPS 186-2 PRF with OpenSSL 3.0 9e305878c SAE-PK: Fix build without AES-SIV c41004d86 OpenSSL: Convert more crypto_ec_key routines to new EVP API 667a2959c OpenSSL: crypto_ec_key_get_public_key() using new EVP_PKEY API 5b97395b3 OpenSSL: crypto_ec_key_get_private_key() using new EVP_PKEY API 177ebfe10 crypto: Convert crypto_ec_key_get_public_key() to return new ec_point 26780d92f crypto: Convert crypto_ec_key_get_private_key() to return new bignum c9c2c2d9c OpenSSL: Fix a memory leak on crypto_hash_init() error path 6d19dccf9 OpenSSL: Free OSSL_DECODER_CTX in tls_global_dh() 4f4479ef9 OpenSSL: crypto_ec_key_parse_{priv,pub}() without EC_KEY API b092d8ee6 tests: imsi_privacy_attr 563699174 EAP-SIM/AKA peer: IMSI privacy attribute 1004fb7ee tests: Testing functionality to discard DPP Public Action frames 355069616 tests: Add forgotten files for expired IMSI privacy cert tests b9a222cdd tests: sigma_dut and DPP curve-from-URI special functionality fa36e7ee4 tests: sigma_dut controlled STA and EAP-AKA parameters 99165cc4b Rename wpa_supplicant imsi_privacy_key configuration parameter dde7f90a4 tests: Update VM setup example to use Ubuntu 22.04 and UML 426932f06 tests: EAP-AKA and expired imsi_privacy_key 35eda6e70 EAP-SIM peer: Free imsi_privacy_key on an error path 1328cdeb1 Do not try to use network profile with invalid imsi_privacy_key d1652dc7c OpenSSL: Refuse to accept expired RSA certificate 866e7b745 OpenSSL: Include rsa.h for OpenSSL 3.0 bc99366f9 OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using TLS 1.0/1.1 39e662308 tests: Work around reentrant logging issues due to __del__ misuse 72641f924 tests: Clean up failed test list in parallel-vm.py e36a7c794 tests: Support pycryptodome a44744d3b tests: Set ECB mode for AES explicitly to work with cryptodome e90ea900a tests: sigma_dut DPP TCP Configurator as initiator with addr from URI ed325ff0f DPP: Allow TCP destination (address/port) to be used from peer URI e58dabbcf tests: DPP URI with host info 37bb4178b DPP: Host information in bootstrapping URI 1142b6e41 EHT: Do not check HE PHY capability info reserved fields 7173992b9 tests: Flush scan table in ap_wps_priority to make it more robust b9313e17e tests: Update ap_wpa2_psk_ext_delayed_ptk_rekey to match implementation bc3699179 Use Secure=1 in PTK rekeying EAPOL-Key msg 1/4 and 2/4 d2ce1b4d6 tests: Wait for request before responding in dscp_response Compile-tested: all versions / ath79-generic, ramips-mt7621 Run-tested: hostapd-wolfssl / ath79-generic, ramips-mt7621 Signed-off-by: David Bauer <mail@david-bauer.net>
* base-files: allow ignoring minor compat-version checkDavid Bauer2022-06-182-0/+5
| | | | | | | | | | | | Downstream projects might re-generate device-specific configuration based on OpenWrt's defaults on each upgrade, thus being unaffected by forward- as well as backwards-breaking configuration. Add a new sysupgrade parameter, which allows sysupgrades between minor compat-versions. Upgrades will still fail upon mismatching major compat versions. Signed-off-by: David Bauer <mail@david-bauer.net>
* Revert "mac80211: add airtime fairness rework/fixes"Felix Fietkau2022-06-183-986/+2
| | | | | | | This reverts commit 96012227e578a0d8dcfa86823db97345e98e2c8f. Needs some more work until it is ready Signed-off-by: Felix Fietkau <nbd@nbd.name>
* Revert "mac80211: sync airtime fairness fixes with updated upstream submission"Felix Fietkau2022-06-186-239/+90
| | | | | | | This reverts commit 958785508cc802de75698607670f9a236883d24d. Needs some more work until it is ready Signed-off-by: Felix Fietkau <nbd@nbd.name>
* firewall4: bump to git HEADStijn Tintel2022-06-171-3/+3
| | | | | | | | | | | | | | | | | | 11f5c7b fw4.uc: fix zone helper assignment b9d35ff fw4.uc: don't skip zone for unavailable helper e35e26b tests: add test for zone helpers a063317 ruleset: fix conntrack helpers e1cb763 ruleset: reuse zone-jump.uc template for notrack and helper chain jumps 11410b8 ruleset: reorder declarations & output tweaks 880dd31 fw4: fix skipping invalid IPv6 ipset entries 5994466 fw4: simplify `is_loopback_dev()` 53886e5 fw4: fix crash in parse_cthelper() if no helpers are present 11256ff fw4: add support for configurable includes 3b5a033 tests: add test coverage for firewall includes d79911c fw4: support sets with timeout capability but without default expiry 15c3831 fw4: add support for `option log` in rule and redirect sections Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* uboot-mediatek: update UniFi 6 LR board nameDaniel Golle2022-06-161-1/+1
| | | | | | | Select matching U-Boot for both v1 and v2 variants. Fixes: 15a02471bb ("mediatek: new target mt7622-ubnt-unifi-6-lr-v1") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: add owe_transition_ifnameDavid Bauer2022-06-161-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the owe_transition_ifname config option to wifi-ifaces. This allows to configure OWE transition VAPs without adding SSID / BSSID to the uci conifg but instead autodiscovering these parameters from other networks on the same PHY. The following configuration creates a OWE transition mode network constellation. config wifi-iface 'open0' option device 'radio0' option ifname 'open0' option network 'lan' option mode 'ap' option ssid 'FreeNet' option encryption 'none' option owe_transition_ifname 'owe0' config wifi-iface 'owe0' option device 'radio0' option ifname 'owe0' option network 'lan' option mode 'ap' option ssid 'owe_tm.FreeNet' option encryption 'owe' option hidden '1' option owe_transition_ifname 'open0' Signed-off-by: David Bauer <mail@david-bauer.net>
* mac80211: sync airtime fairness fixes with updated upstream submissionFelix Fietkau2022-06-156-90/+239
| | | | | | | | - fix ath10k latency issues - reject too large weight values - code cleanup Signed-off-by: Felix Fietkau <nbd@nbd.name>
* swconfig: parse "switch_vlan" before "switch_port"Rafał Miłecki2022-06-151-26/+33
| | | | | | | | | | | | | | | Before this change UCI sections of both types were parsed in order as specified in UCI. That didn't work well with all drivers (e.g. b53). It seems that VLAN setup can reset / overwrite previously set ports parameters. It resulted in "switch_port" options defined above "switch_vlan"s being silently ignored. Ideally swconfig & all drivers should be improved to handle that properly but it'd be a waste of time at this point as DSA replaces swconfig. Use this minor parsing change as a quick fix. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ramips: add support for MTS WG430223Mikhail Zhilkin2022-06-131-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MTS WG430223 is a wireless AC1300 (WiFi 5) router manufactured by Arcadyan company. It's very similar to Beeline Smartbox Flash (Arcadyan WG443223). Device specification -------------------- SoC Type: MediaTek MT7621AT RAM: 128 MiB Flash: 128 MiB (Winbond W29N01HV) Wireless 2.4 GHz (MT7615DN): b/g/n, 2x2 Wireless 5 GHz (MT7615DN): a/n/ac, 2x2 Ethernet: 3xGbE (WAN, LAN1, LAN2) USB ports: No Button: 1 (Reset/WPS) LEDs: 2 (Red, Green) Power: 12 VDC, 1 A Connector type: Barrel Bootloader: U-Boot (Ralink UBoot Version: 5.0.0.2) OEM: Arcadyan WG430223 Installation ------------ 1. Login to the router web interface (superadmin:serial number) 2. Navigate to Administration -> Miscellaneous -> Access control lists & enable telnet & enable "Remote control from any IP address" 3. Connect to the router using telnet (default admin:admin) 4. Place *factory.trx on any web server (192.168.1.2 in this example) 5. Connect to the router using telnet shell (no password required) 6. Save MAC adresses to U-Boot environment: uboot_env --set --name eth2macaddr --value $(ifconfig | grep eth2 | \ awk '{print $5}') uboot_env --set --name eth3macaddr --value $(ifconfig | grep eth3 | \ awk '{print $5}') uboot_env --set --name ra0macaddr --value $(ifconfig | grep ra0 | \ awk '{print $5}') uboot_env --set --name rax0macaddr --value $(ifconfig | grep rax0 | \ awk '{print $5}') 7. Ensure that MACs were saved correctly: uboot_env --get --name eth2macaddr uboot_env --get --name eth3macaddr uboot_env --get --name ra0macaddr uboot_env --get --name rax0macaddr 8. Download and write the OpenWrt images: cd /tmp wget http://192.168.1.2/factory.trx mtd_write erase /dev/mtd4 mtd_write write factory.trx /dev/mtd4 9. Set 1st boot partition and reboot: uboot_env --set --name bootpartition --value 0 Back to Stock ------------- 1. Run in the OpenWrt shell: fw_setenv bootpartition 1 reboot 2. Optional step. Upgrade the stock firmware with any version to overwrite the OpenWrt in Slot 1. MAC addresses ------------- +-----------+-------------------+----------------+ | Interface | MAC | Source | +-----------+-------------------+----------------+ | label | A4:xx:xx:51:xx:F4 | No MACs was | | LAN | A4:xx:xx:51:xx:F6 | found on Flash | | WAN | A4:xx:xx:51:xx:F4 | [1] | | WLAN_2g | A4:xx:xx:51:xx:F5 | | | WLAN_5g | A6:xx:xx:21:xx:F5 | | +-----------+-------------------+----------------+ [1]: a. Label wasb't found neither in factory nor in other places. b. MAC addresses are stored in encrypted partition "glbcfg". Encryption key hasn't known yet. To ensure the correct MACs in OpenWrt, a hack with saving of the MACs to u-boot-env during the installation was applied. c. Default Ralink ethernet MAC address (00:0C:43:28:80:A0) was found in "Factory" 0xfff0. It's the same for all MTS WG430223 devices. OEM firmware also uses this MAC when initialazes ethernet driver. In OpenWrt we use it only as internal GMAC (eth0), all other MACs are unique. Therefore, there is no any barriers to the operation of several MTS WG430223 devices even within the same broadcast domain. Stock firmware image format --------------------------- The same as Beeline Smartbox Flash but with another trx magic +--------------+---------------+----------------------------------------+ | Offset | | Description | +==============+===============+========================================+ | 0x0 | 31 52 48 53 | TRX magic "1RHS" | +--------------+---------------+----------------------------------------+ Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
* hostapd: fix feature detectionRobert Marko2022-06-121-1/+1
| | | | | | | | | | | Fix hostapd feature detection after the bump to 2022-05-08. getopt was not updated correctly after upstream added support for -q arg. This reenables feature detection so that LuCi can check for features like SAE, fast roaming etc. Fixes: c35ff1affe8f ("hostapd: update to 2022-05-08") Signed-off-by: Robert Marko <robimarko@gmail.com>
* wireless-regdb: bump to 2022.06.06Stijn Tintel2022-06-112-3/+3
| | | | | | | | | | | | | | | | | 902b321 wireless-regdb: Update regulatory rules for Israel (IL) 20f6f34 wireless-regdb: add missing spaces for US S1G rules 25652b6 wireless-regdb: Update regulatory rules for Australia (AU) 081873f wireless-regdb: update regulatory database based on preceding changes 166fbdd wireless-regdb: add db files missing from previous commit e3f03f9 Regulatory update for 6 GHz operation in Canada (CA) 888da5f Regulatory update for 6 GHz operation in United States (US) 647bcaa Regulatory update for 6 GHz operation in FI c6b079d wireless-regdb: update regulatory rules for Bulgaria (BG) on 6GHz 2ed39be wireless-regdb: Remove AUTO-BW from 6 GHz rules 7a6ad1a wireless-regdb: Unify 6 GHz rules for EU contries 68a8f2f wireless-regdb: update regulatory database based on preceding changes Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* iw: bump to 5.19Stijn Tintel2022-06-113-45/+462
| | | | | | | | | | | | | | | | | | | | | | | 7e06706 iw: event: report missing radar events 5909e73 iw: survey: add support for radio stats 64bf570 update nl80211.h 0900996 iw: print Radar background capability if supported 56c6077 iw: print out assoc comeback event a4e5418 iw: support 160MHz frequency command for 6GHz band 5a71b72 iw: Print local EHT capabilities e3287a1 station: print EHT rate information ff67fb2 iw: fix double tab in mesh path header 05a5267 iw: fix 'upto' -> 'up to' 00a2985 iw: handle VHT extended NSS 82e0bd1 update nl80211.h c95877c info: add missing extended features 0976378 info: refactor extended features 79f20cb bump version to 5.19 Sync nl80211.h with our version of mac80211 and remove parts of the iw code that are not supported by our version of mac80211. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* mac80211: sync nl80211.h with upstreamDavid Bauer2022-06-111-0/+22
| | | | | | | | | | | | Sync nl80211.h with upstream in order to maintain parity with nl80211_copy.h shipped with hostapd. This is necessary, as currently the enum value for NL80211_EXT_FEATURE_RADAR_BACKGROUND mismatches between hostapd and mac80211. This breaks background radar capability detection in hostapd. Reported-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: David Bauer <mail@david-bauer.net>
* wolfssl: make WOLFSSL_HAS_OPENVPN default to yEneas U de Queiroz2022-06-091-1/+1
| | | | | | | | | | | | | Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build the now non-shared package, openvpn will not be selected, and WolfSSL will be built without it. Then phase2 bots have CONFIG_ALL=y, which will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This changes the version hash, causing dependency failures, as shared packages expect the phase2 hash. Fixes: #9738 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* Revert "wolfssl: set nonshared flag global"Christian 'Ansuel' Marangi2022-06-091-9/+1
| | | | | | | This reverts commit e0cc5b9b3ae65113f0e0dd9249dae4776b65c503. A better and correct solution was found. Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* wolfssl: set nonshared flag globalChristian 'Ansuel' Marangi2022-06-091-1/+9
| | | | | | | | | | | | | | | | libwolfssl-benchmark should NOT be compiled as nonshared but currently there is a bug where, on buildbot stage2, the package is recompiled to build libwolfssl-benchmark and the dependency change to the new libwolfssl version. Each dependant package will now depend on the new wolfssl package instead of the one previously on stage1 that has a different package HASH. Set the nonshared PKGFLAGS global while this gets investigated and eventually fixed. Fixes: 0a2edc2714dc ("wolfssl: enable CPU crypto instructions") Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* hostapd: fix missing HS20 support for hostapd-fullDavid Bauer2022-06-081-1/+1
| | | | | | | | | | | | | | | commit c3a4cddaaf45 ("hostapd: remove hostapd-hs20 variant") as well as commit 9f1927173ac6 ("hostapd: wpas: add missing config symbols") indicate hostapd-full should support Hotspot 2.0 already, but only wpa_supplicant (and wpad) do. How this happened is not really clear, as no commit adding support for Hotspot 2.0 is in the history. Fix this and add Hotspot 2.0 capability to hostapd-full. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: ubus: add bss-color to get_statusDavid Bauer2022-06-081-0/+6
| | | | | | | | Add the current BSS color to hostapd get_status method. This field is set to -1 in case BSS color is not active for the BSS. Signed-off-by: David Bauer <mail@david-bauer.net> Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: randomize default BSS colorDavid Bauer2022-06-083-2/+28
| | | | | | | In case no specific BSS color is configured, set it to a random value. Signed-off-by: David Bauer <mail@david-bauer.net> Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update to 2022-05-08David Bauer2022-06-088-86/+94
| | | | | | | | | | Update hostapd to Git HEAD from 2022-05-08. This allows us to take advantage of background radar-detection as well as BSS color collision detection. Suggested-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: David Bauer <mail@david-bauer.net> Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: Radius based VLANs on AP with PSKBernd Naumann2022-06-081-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch allows the user to set `auth_server` and related settings on non WPA2 Enterprise AP modes in `/etc/config/wireless`, too, so the Radius Attributes for Dynamic VLAN Assignment can be fetched from Radius. Without this patch, `auth_server` and other needed options are only written to `hostapd-phy<n>.conf` when `option encryption wpa2` is set. `hostapd` however supports "Station MAC address -based authentication" for non WPA Enterprise Modes, too. A classic approch is to use `accept_mac_file` which contains MAC addr and VLAN-ID pairs. But, using `accept_mac_file` does not support VLAN assignment for unknown stations. This is a sample `freeradius3` config, where a known station ("7e:a6:a7:2a:93:d2") is assigned to VLAN `65` and unknown stations are assigned to VLAN `67`. ``` "7ea6a72a93d2" Cleartext-Password := "7ea6a72a93d2" Tunnel-Type = "VLAN", Tunnel-Medium-Type = "IEEE-802", Tunnel-Private-Group-Id = 65 DEFAULT Cleartext-Password := "%{User-Name}" Tunnel-Type = "VLAN", Tunnel-Medium-Type = "IEEE-802", Tunnel-Private-Group-Id = 67 ``` Other option is to configure known stations via `accept_mac_file` and using only Radius for unknown stations. I tested this patch only with `wpa_key_mgmt=WPA-PSK`, and assumed that it should work with other Encryption/Access Mode, too. Signed-off-by: Bernd Naumann <bernd.naumann@kr217.de>
* wolfssl: enable CPU crypto instructionsEneas U de Queiroz2022-06-072-0/+23
| | | | | | | | | | | | | | | | | | This enables AES & SHA CPU instructions for compatible armv8, and x86_64 architectures. Add this to the hardware acceleration choice, since they can't be enabled at the same time. The package was marked non-shared, since the arm CPUs may or may not have crypto extensions enabled based on licensing; bcm27xx does not enable them. There is no run-time detection of this for arm. NOTE: Should this be backported to a release branch, it must be done shortly before a new minor release, because the change to nonshared will remove libwolfssl from the shared packages, but the nonshared are only built in a subsequent release! Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: add benchmark utilityEneas U de Queiroz2022-06-071-3/+23
| | | | | | This packages the wolfssl benchmark utility. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: don't change ABI because of hw cryptoEneas U de Queiroz2022-06-071-10/+21
| | | | | | | | Enabling different hardware crypto acceleration should not change the library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash has been computed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* kernel: bump 5.10 to 5.10.119John Audia2022-06-062-43/+0
| | | | | | | | | | Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in. Patches automatically rebased. Build system: x86_64 Build-tested: ipq806x/R7800, x86/64 Signed-off-by: John Audia <therealgraysky@proton.me>
* realtek: add support for ZyXEL GS1900-24ERaylynn Knight2022-06-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ZyXEL GS1900-24E is a 24 port gigabit switch similar to other GS1900 switches. Specifications -------------- * Device: ZyXEL GS1900-24E * SoC: Realtek RTL8382M 500 MHz MIPS 4KEc * Flash: 16 MiB Macronix MX25L12835F * RAM: 128 MiB DDR2 SDRAM Nanya NT5TU128M8GE * Ethernet: 24x 10/100/1000 Mbps * LEDs: 1 PWR LED (green, not configurable) 1 SYS LED (green, configurable) 24 ethernet port link/activity LEDs (green, SoC controlled) * Buttons: 1 "RESET" button on front panel * Switch: 1 Power switch on rear of device * Power 120-240V AC C13 * UART: 1 serial header (JP2) with populated standard pin connector on the left side of the PCB. Pinout (front to back): + Pin 1 - VCC marked with white dot + Pin 2 - RX + Pin 3 - TX + PIn 4 - GND Serial connection parameters: 115200 8N1. Installation ------------ OEM upgrade method: * Log in to OEM management web interface * Navigate to Maintenance > Firmware * Select the HTTP radio button * Select the Active radio button * Use the browse button to locate the realtek-rtl838x-zyxel_gs1900-24e-initramfs-kernel.bin file and select open so File Path is updated with filename. * Select the Apply button. Screen will display "Prepare for firmware upgrade ...". *Wait until screen shows "Do you really want to reboot?" then select the OK button * Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it: > sysupgrade -n /tmp/realtek-rtl838x-zyxel_gs1900-24e-squashfs-sysupgrade.bin it may be necessary to restart the network (/etc/init.d/network restart) on the running initramfs image. U-Boot TFTP method: * Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10). * Set up a TFTP server on your client and make it serve the initramfs image. * Connect serial, power up the switch, interrupt U-boot by hitting the space bar, and enable the network: > rtk network on * Since the GS1900-24E is a dual-partition device, you want to keep the OEM firmware on the backup partition for the time being. OpenWrt can only boot from the first partition anyway (hardcoded in the DTS). To make sure we are manipulating the first partition, issue the following commands: > setsys bootpartition 0 > savesys * Download the image onto the device and boot from it: > tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-rtl838x-zyxel_gs1900-24e-initramfs-kernel.bin > bootm * Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it: > sysupgrade -n /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24e-squashfs-sysupgrade.bin it may be necessary to restart the network (/etc/init.d/network restart) on the running initramfs image. Signed-off-by: Raylynn Knight <rayknight@me.com>
* hostapd: drop wnm_disassoc_imminentStijn Tintel2022-06-061-45/+0
| | | | | | | | All known users of this ubus method have been updated to use the new bss_transition_request method instead. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: David Bauer <mail@david-bauer.net>
* ksmbd: update to 3.4.5Rosen Penev2022-06-052-101/+2
| | | | | | | | | | | Major changes are: Add support for smbd-direct multi-desctriptor. Add support for dkms. Add support for key exchange. Fix seveal bugs. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* ipq40xx: add support for Linksys WHW01 v1Peter Adkins2022-06-051-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds support for Linksys WHW01 v1 ("Velop") [FCC ID Q87-03331]. Specification ------------- SOC: Qualcomm IPQ4018 WiFi 1: Qualcomm QCA4019 IEEE 802.11b/g/n WiFi 2: Qualcomm QCA4019 IEEE 802.11a/n/ac Bluetooth: Qualcomm CSR8811 (A12U) Ethernet: Qualcomm QCA8072 (2-port) SPI Flash 1: Mactronix MX25L1605D (2MB) SPI Flash 2: Winbond W25M02GV (256MB) DRAM: Nanya NT5CC128M16IP-DI (256MB) LED Controller: NXP PCA963x (I2C) Buttons: Single reset button (GPIO). Notes ----- There does not appear to be a way to trigger TFTP recovery without entering U-Boot. The device must be opened to access the serial console in order to first flash OpenWrt onto a device from factory. The device has automatic recovery backed by a second set of partitions on the larger of the two SPI flash ICs. Both the primary and secondary must be flashed to prevent accidental rollback to "factory" after 3 failed boot attempts. Serial console -------------- A serial console is available on the following pins of the populated J2 connector on the device mainboard (115200 8n1). (<-- Top of PCB / Device) J2 [o o o o o o] | | | | | `-- GND | `---- TX `--------- RX Installation instructions ------------------------- 1. Setup TFTP server with server IP set to 192.168.1.236. 2. Copy compiled `...squashfs-factory.bin` to `nodes-jr.img` in tftp root. 3. Connect to console using pinout detailed in the serial console section. 4. Power on device and press enter when prompted to drop into U-Boot. 5. Flash first partition device via `run flashimg`. 6. Once complete, reset device and allow to power up completely. 7. Once comfortable with device upgrade reboot and drop back into U-Boot. 8. Flash the second partition (recovery) via `run flashimg2`. Revert to "factory" ------------------- 1. Download latest firmware update from vendor support site. 2. Copy extracted `.img` file to `nodes-jr.img` in tftp root. 3. Connect to console using pinout detailed in the serial console section. 4. Power on device and press enter when prompted to drop into U-Boot. 5. Flash first partition device via `run flashimg`. 6. Once complete, reset device and allow to power up completely. 7. Once comfortable with device upgrade reboot and drop back into U-Boot. 8. Flash the second partition (recovery) via `run flashimg2`. Link: https://github.com/openwrt/openwrt/pull/3682 Signed-off-by: Peter Adkins <peter@sunkenlab.com> (calibration from nvmem, updated to 5.10+5.15) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: modules: make ar8216/8327 modularizableChristian 'Ansuel' Marangi2022-06-051-0/+16
| | | | | | | Make ar8216/8327 swconfig driver modularizable and add entry to the netdevices.mk kernel modules file. Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* mac80211: add airtime fairness rework/fixesFelix Fietkau2022-06-043-2/+986
| | | | | | | latency and short-term fairness is improved by fixing the tx queue sorting so that it considers the pending AQL budget Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: crypto: add kmod-crypto-chacha20poly1305Xu Wang2022-06-031-0/+12
| | | | | | | | Needed by strongSwan IPsec VPN for strongswan-mod-chapoly. Not to be confused with kmod-crypto-LIB-chacha20poly1305, which is an 8-byte nonce version used by wireguard. Signed-off-by: Xu Wang <xwang1498@gmx.com>
* mt76: update to the latest versionFelix Fietkau2022-06-021-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 6da21a0b7280 linux-firmware: update firmware for MT7921 WiFi device 4876688c41dc linux-firmware: update firmware for MT7915 79b1b86040de linux-firmware: add firmware for MT7986 784c27b159b9 linux-firmware: add firmware for MT7922 079e41dc71a1 mt76: mt7915: configure soc clocks in mt7986_wmac_init 747c70fc6c89 mt76: connac: use skb_put_data instead of open coding e98f58815018 mt76: mt7915: update mt7986 patch in mt7986_wmac_adie_patch_7976() b7104b4b2f2d mt76: mt7915: fix twt table_mask to u16 in mt7915_dev d39368f336ee mt76: mt7915: reject duplicated twt flows 4718ed04a655 mt76: mt7915: limit minimum twt duration 84319691b742 mt76: mt7915: reowrk SER debugfs knob bac5f22365a2 mt76: mt7915: introduce mt7915_mac_severe_check() 81524067686c mt76: mt7915: move MT_INT_MASK_CSR to init.c 2b7f5e85290e mt76: mt7915: add support for 6G in-band discovery 31273183ea0a mt76: mt7615/mt7915: do reset_work with mt76's work queue bb54f5e1c115 mt76: mt7915: improve error handling for fw_debug knobs 838529da6470 mt76: mt7915: add more statistics from fw_util debugfs knobs 3a65deb93737 mt76: add gfp to mt76_mcu_msg_alloc signature 8e87669eefcf mt76: mt7921: add ipv6 NS offload support e1b2c18eee29 mt76: mt7915: fix endianness in mt7915_rf_regval_get 0742eaeafee2 mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg d299ad96d867 mt76: mt7915: fix endian bug in mt7915_rf_regval_set() 380eac6f31ec mt76: add 6 GHz band support in mt76_sar_freq_ranges 268ce38e9e36 mt76: mt7921: introduce ACPI SAR support 8c27300b4271 mt76: mt7921: introduce ACPI SAR config in tx power 54b6504a3ef8 mt76: mt7915: add more ethtool stats cdd66d642977 mt76: add DBDC rxq handlings into mac_reset_work b284684f5cba mt76: mt7921: add PATCH_FINISH_REQ cmd response handling f8b9be4287cc mt76: mt7921s: fix firmware download random fail 28b19d2cc53f mt76: mt7915: add missing bh-disable around tx napi enable/schedule 1d8af168e86f mt76: mt7615: add missing bh-disable around rx napi enable/schedule Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: add a bug fix for a rare crashFelix Fietkau2022-06-021-0/+38
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ipq40xx: add Aruba AP-365 specific BDFDavid Bauer2022-06-022-0/+2
| | | | | | | | | | | | | Aruba deploys a BDF in the root filesystem, however this matches the one used for the DK04 reference board. The board-specific BDFs are built into the kernel. The AP-365 shows sinificant degraded performance with increased range when used with the reference BDF. Replace the BDF with the one extracted from Arubas kernel. Signed-off-by: David Bauer <mail@david-bauer.net>
* fstools: update to git HEADDaniel Golle2022-06-021-3/+3
| | | | | | 93369be Revert "fstools: remove SELinux restorecon hack" Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ubus: update to git HEADDaniel Golle2022-06-011-4/+4
| | | | | | | 2f793a4 lua: add optional path filter to objects() method 2bebf93 ubusd: handle invoke on event object without data Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* netifd: update to git HEADDaniel Golle2022-06-011-3/+3
| | | | | | | 2e1fcf4 netifd: fix hwmode for 60g band 39ef9fe interface-ip: fix memory corruption bug when using jail network namespaces Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2022-06-011-3/+3
| | | | | | | 557c98e init: selinux: don't relabel virtual filesystems 7a00968 init: only relabel rootfs if started from initramfs Signed-off-by: Daniel Golle <daniel@makrotopia.org>