aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* uboot-envtools: add support for Bananapi BPi-R3Daniel Golle2022-08-301-0/+45
| | | | | | | Create new mediatek_filogic file and add entries for environment on MMC, UBI and NOR for the Bananapi BPi-R3. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: add support for Bananapi BPi-R3Daniel Golle2022-08-302-3/+1428
| | | | | | | | | | | | | | | The Bananapi BPi-R3 board can boot from eMMC, SD card, SPI-NAND and SPI-NOR, depending on the position of switches controlling the BOOTSEL bootstrap pins as we as hard-wired chip-select lines. The position of the chip-select switch SW6 decides whether either SD card or eMMC can be accessed, SW5 selects either SPI-NAND or SPI-NOR. Generate U-Boot for all 4 boot options. The SD card version allows installation to SPI-NAND and SPI-NOR (eMMC cannot be accessed simultanously with the SD card), the SPI-NAND version allows installation to eMMC. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mac80211: disable ft-over-ds by defaultFelix Fietkau2022-08-301-1/+1
| | | | | | | | Testing has shown it to be very unreliable in variety of configurations. It is not mandatory, so let's disable it by default until we have a better solution. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* update: update to latest Git HEADJo-Philipp Wich2022-08-301-3/+3
| | | | | | | 344fa9e lib: extend render() to support function values 89452b2 lib: improve getenv() and split() implementations Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* unetd: update to the latest version, makes VXLAN/eBPF optionalFelix Fietkau2022-08-291-8/+22
| | | | | | | | | | b75791a6db25 scripts/update-cmd.pl: reorder add/remove calls to better deal with dynamic changes c29e1ad045d0 scripts/update-cmd.pl: set device up before adding routes/addresses 5ad35ce4beea scripts/update-cmd.pl: run update two times 5d79b88f00c1 add support for overriding peer-exchange-port for individual hosts 0041fcacb624 add support for disabling VXLAN/eBPF support Signed-off-by: Felix Fietkau <nbd@nbd.name>
* unetd: update to the latest versionFelix Fietkau2022-08-281-3/+3
| | | | | | | | 5cbd55f60346 unet-cli: fix formatting of help text 59b97448b636 build.sh: force use of -fPIC on static libraries to fix build error 74a14c00abb0 pex-msg: fix siphash key initializer Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: Rebuild when libwolfssl-benchmark gets changesHauke Mehrtens2022-08-281-0/+1
| | | | | | | | | | This forces a rebuild of the wolfssl package when the libwolfssl-benchmark OpenWrt package gets activated or deactivated. Without this change the wolfssl build will fail when it compiled without libwolfssl-benchmark before and it gets activated for the next build. Fixes: 18fd12edb810 ("wolfssl: add benchmark utility") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: enable inside secure driver for MediaTek platformsDaniel Golle2022-08-281-2/+3
| | | | | | | | Older MT7623 ARMv7 SoC as well as new Filogic platforms come with inside-secure,safexcel-eip97 units. Enable them in DTS and select the driver kernel module by default on those platforms. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mt76: add mt7986 wmac supportFelix Fietkau2022-08-281-0/+24
| | | | | | Add firmware package for MT7986 and enable WMAC support in the driver Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uboot-mediatek: no compression means IH_COMP_NONEDaniel Golle2022-08-283-1/+120
| | | | | | | | | | Treat missing compression node in FIT image as IH_COMP_NONE. This is implicentely already happening in most places, but for now was still triggering an annoying warning about initramfs compression being obsolete despite compression note being absent. Fix this. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: mt7986: add generic reset button supportDaniel Golle2022-08-281-0/+40
| | | | | | | Allow resetting environment to default values when defined button exists in device tree. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: mt7986: support PSTORE/ramoopsDaniel Golle2022-08-281-0/+38
| | | | | | Assign reserved memory for PSTORE/ramoops for the MT7986 SoC. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: additions from MTK SDKDaniel Golle2022-08-2845-276/+10562
| | | | | | | | | | | | | | | * updated SNAND/SNFI driver brings support for MT7981 * add support for MediaTek NAND Memory bad Block Management (NMBM) (not used for any boards atm, but could be useful in future) * wire up NMBM support for MT7622, MT7629, MT7981 and MT7986 * replace some local patches with updated version from SDK * bring some legacy precompiler symbols which haven't been converted into Kconfig symbols in U-Boot 2022.07, remove when bumbping to U-Boot 2022.10: 100-28-include-configs-mt7986-h-from-SDK.patch Source: https://github.com/mtk-openwrt/u-boot Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: add support for MT798x platformsDaniel Golle2022-08-2836-6/+12173
| | | | | | Import pending patches to support the upcoming Filogic platforms. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: add support for compressed BL3/FIP imageDaniel Golle2022-08-282-13/+7
| | | | | | | MediaTek's ARM Trusted Firmware v2.7+ allows the images inside a FIP structure to be compressed. Make use of that for boards with NOR flash. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: fix factory reset on UBIDaniel Golle2022-08-282-2/+2
| | | | | | | Truncating a UBI volume using `ubi write 0x0 volname 0x0` results in segfault on newer U-Boot. Write 1MB of 0s instead. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* arm-trusted-firmware-mediatek: update to v2.7+ from MediaTekDaniel Golle2022-08-284-50/+192
| | | | | | | | | | | | | | | | | | | | The updated sources bring support for the MT798x Filogic SoC family. Add builds for MT7986 with most supported storage types, each for DDR3 and DDR4 configurations. A better solution for skipping bad blocks on SPI-NAND connected via the SNFI interface has been implemented upstream, so drop local patch. Add pending patches [1] and [2] to fix boot on existing MT7622 boards. Tested on BananaPi BPi-R64 (SDMMC, eMMC, SPI-NAND), Linksys E8450 and Ubiquiti UniFi 6 LR as well as upcoming Bananapi BPi-R3 board for which support will be added in future patches. [1]: https://github.com/mtk-openwrt/arm-trusted-firmware/pulls/#3 [2]: https://github.com/mtk-openwrt/arm-trusted-firmware/pulls/#4 Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* trusted-firmware-a.mk: pass DTC path similar to u-boot.mkDaniel Golle2022-08-284-0/+4
| | | | | | | | | Instead of relying on dtc being provided by the build host use the dtc from $(LINUX_DIR) similar to how it's done also in u-boot.mk. For this to work kernel.mk now needs to be included before trusted-firmware-a.mk, add this include to all affected packages. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* popt: update to 1.18Nick Hainke2022-08-281-8/+5
| | | | | | | | | | | | | | | | | | | | Changes from popt 1.16: - fix an ugly and ancient security issue with popt failing to drop privileges on alias exec from a SUID/SGID program - perform rudimentary sanity checks when reading in popt config files - collect accumulated misc fixes (memleaks etc) from distros - convert translations to utf-8 encoding - convert old postscript documentation to pdf - dust off ten years worth of autotools sediment - reorganize and clean up the source tree for clarity - remove the obnoxious splint annotations from the sources Switch to new mirror: http://ftp.rpm.org/popt/releases/ Switch URL to: https://github.com/rpm-software-management/popt Signed-off-by: Nick Hainke <vincent@systemli.org>
* nftables: update to 1.0.5Nick Hainke2022-08-282-52/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove upstreamed patch: - 0001-meta-don-t-use-non-POSIX-formats-in-strptime.patch Changes: 13248670 build: Bump version to 1.0.5 3432eebd tests/py: disable arp family for queue statement 180ce4d7 meta: don't use non-POSIX formats in strptime() c1c223f1 src: allow anon set concatenation with ether and vlan 87c3041b evaluate: search stacked header list for matching payload dep b1e3ed03 netlink_delinearize: also postprocess OP_AND in set element context f680055c tests: add a test case for ether and vlan listing dbd5f348 debug: dump the l2 protocol stack 0d9daa04 proto: track full stack of seen l2 protocols, not just cumulative offset 89688c94 netlink_delinearize: postprocess binary ands in concatenations 0542a431 netlink_delinearize: allow postprocessing on concatenated elements 8efab552 parser_json: fix device parsing in netdev family 76fae8f5 src: proto: support DF, LE PHB, VA for DSCP 446e76db doc: Document limitations of ipsec expression with xfrm_interface a2ddb38f cache: report an error message if cache initialization fails 649b8ce3 cache: validate handle string length 64c74ba5 cache: prepare nft_cache_evaluate() to return error 46980cdd rule: crash when uncollapsing command with unexisting table or set 8a6cdfaf cache: release pending rules when chain binding lookup fails e17337df evaluate: report missing interval flag when using prefix/range in concatenation 45c097c6 scanner: allow prefix in ip6 scope 6c23bfa5 segtree: fix map listing with interface wildcard 8623772a scanner: don't pop active flex scanner scope 994bf500 parser: add missing synproxy scope closure ed2426bc tests/py: Add a test for failing ipsec after counter 27107b49 evaluate: fix segfault when adding elements to invalid set 0f82b07f mnl: store netlink error location for set elements 15b3be2e src: remove NFT_NLATTR_LOC_MAX limit for netlink location error reporting f56e901a parser_bison: fix error location for set elements 6d1ee926 intervals: check for EXPR_F_REMOVE in case of element mismatch 5357cb7b intervals: fix crash when trying to remove element in empty set d54510f8 netlink_delinearize: memleak when parsing concatenation data 12a223ce libnftables: release top level scope b91bbf88 optimize: limit statement is not supported yet 45a61a75 optimize: assume verdict is same when rules have no verdict fa409176 optimize: only merge OP_IMPLICIT and OP_EQ relational 29e62111 tests: shell: run -c -o on ruleset 887405df optimize: add unsupported statement 8f61a69e optimize: add hash expression support ca8fd77a optimize: add numgen expression support 721efd64 optimize: add binop expression support f7e901a2 optimize: add fib expression support 54b1e49f optimize: add xfrm expression support 0beaea37 optimize: add osf expression support d07fe8e8 optimize: fix verdict map merging 38d48fe5 optimize: fix reject statement f9939f89 optimize: remove comment after merging 8f10f33a optimize: do not print stateful information 3ac932e9 optimize: do not merge rules with set reference in rhs 64ebb03a optimize: do not compare relational expression rhs when collecting statements 59e3a592 intervals: Do not sort cached set elements over and over again d434de8b intervals: do not empty cache for maps 87ba510f intervals: do not report exact overlaps for new elements 498a5f0c rule: collapse set element commands 8fafe4e6 tests: shell: runtime set element automerge 638af0ce Revert "scanner: flags: move to own scope" Signed-off-by: Nick Hainke <vincent@systemli.org>
* libnftnl: update to 1.2.3Nick Hainke2022-08-281-2/+2
| | | | | | | | Changes: 817c8b6 build: libnftnl 1.2.3 release 84d12cf build: fix clang+glibc snprintf substitution error Signed-off-by: Nick Hainke <vincent@systemli.org>
* iproute2: replace musl-compilation-fix with upstream fixNick Hainke2022-08-282-27/+23
| | | | | | | | | | | | | Instead of defining the MIN version it is enough to include "#include <sys/param.h>". Delete patch: - 105-ipstats-Define-MIN-function-to-fix-undefined-referen.patch Add patch: - 010-ipstats-Add-param.h-for-musl.patch Signed-off-by: Nick Hainke <vincent@systemli.org>
* wireguard-tools: update to v1.0.20210914Nick Hainke2022-08-281-2/+2
| | | | | | Update to latest version. Signed-off-by: Nick Hainke <vincent@systemli.org>
* ethtool: update to 5.19Nick Hainke2022-08-281-2/+2
| | | | | | | Release Notes: https://lore.kernel.org/netdev/20220821234539.f7nslwyd53bsftsy@lion.mk-sys.cz/T/ Signed-off-by: Nick Hainke <vincent@systemli.org>
* strace: update to 5.19Nick Hainke2022-08-281-3/+3
| | | | | | | Release Notes: https://strace.io/files/5.19/ Signed-off-by: Nick Hainke <vincent@systemli.org>
* uboot-envtools: mt7622: use 4k sectors for UniFi 6 LR (ubootmod)Daniel Golle2022-08-281-1/+1
| | | | | | | | Use 4k sectors when accessing the U-Boot environment on the 64MiB SPI-NOR flash chip found in the UniFi 6 LR. The speeds up environment write access as only 4kB instead of 64kB have to be written. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: fix Ubiquiti UniFi 6 LR U-Boot modDaniel Golle2022-08-281-20/+8
| | | | | | | Image names as well as the calculation of the padded image size did not work as intended. Fix that. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mbedtls: update to version 2.28.1Hauke Mehrtens2022-08-283-24/+46
| | | | | | | | | | | Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1 This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. The build problem was reported upstream: https://github.com/Mbed-TLS/mbedtls/issues/6243 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iptables: default to ip(6)tables-nft when using buildrootEtienne Champetier2022-08-271-2/+2
| | | | | | | | 35fec487e30f05c81bd135326a993dad7f861812 fixed opkg usage, but when using buildroot we were still defaulting to ip(6)tables-legacy Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* unetd: add WireGuard based VPN connection manager for OpenWrtFelix Fietkau2022-08-273-0/+187
| | | | | | | | | | | | This package simplifies setting up wireguard networks on OpenWrt by a wireguard network as a JSON file, which can be shared across all participating nodes. It can be signed with an authentication key and automatically kept in sync. unetd also supports deterministically generating ipv6 addresses for each host based on the public key and storing those in a hosts file that can be used with dnsmasq. It also supports automatically creating VXLAN tunnels between multiple endpoints. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ltq-vdsl-fw: fix firmware installerDaniel Golle2022-08-262-2/+2
| | | | | | | The downloaded filename was wrong in multiple places. Fix that. Fixes: 2f95dd8ff0 ("ltq-vdsl-fw: update w921v firmware download URL") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mt76: update to the latest versionFelix Fietkau2022-08-261-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | 9485e3b47066 mt76: remove q->qid e5674c4aa402 mt76: mt7921: enable HW beacon filter not depending on PM flag 7fd299e3c921 mt76: mt7921: enable HW beacon filter in the initialization stage d5459efaaf14 mt76: mt7921: make mt7921_pci_driver static b8304b456e23 mt76: connac: move tx initialization/cleanup in mt76_connac module 6e0d7077486c mt76: mt7921: reduce log severity levels for informative messages cb80da974fe6 mt76: mt7921: reduce the mutex lock scope during reset a2d61f4f4063 mt76: mt7915 add ht mpdu density 08ea730c1130 mt76: add len parameter to __mt76_mcu_msg_alloc signature 60ef85fa352c mt76: introduce MT_RXQ_BAND2 and MT_RXQ_BAND2_WA in mt76_rxq_id 8ccbb38ca6e6 mt76: add phy_idx in mt76_rx_status eb19ac83c07e mt76: introduce phys array in mt76_dev structure 30887591e3ab mt76: add phy_idx to mt76_wcid 4bf8c20a9524 mt76: convert MT_TX_HW_QUEUE_EXT_PHY to MT_TX_HW_QUEUE_PHY e6c6bf8cee09 mt76: get rid of mt76_wcid_hw routine 120f73ad992a mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() 111e92cf8c22 mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() 13bedd62ff4a mt76: connac: introduce mt76_connac_reg_map structure 5ec78e1ec43d wifi: mt76: fix reading current per-tid starting sequence number for aggregation Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest versionFelix Fietkau2022-08-251-3/+3
| | | | | | 76d2d41b7355 interface: fix use-after-free bug when rewriting resolv.conf Signed-off-by: Felix Fietkau <nbd@nbd.name>
* rpcd: bump version to 2022-08-24Petr Štetiar2022-08-251-3/+3
| | | | | | | | | | | | | | | | | | | | | | | gcc 10 with -O2 reports following: In function ‘strncpy’, inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:244:4: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function ‘strncpy’, inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:227:4: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Since it is not possible to avoid truncation by strncpy, it is necessary to make sure the result of strncpy is properly NUL-terminated and the NUL must be inserted explicitly, after strncpy has returned. References: #10442 Reported-by: Alexey Smirnov <s.alexey@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-08-241-3/+3
| | | | | | | | | a4484d4 fw4: support automatic includes ca7e3a1 fw4: honour enabled option of include sections 5a02f74 tests: add missing fs.stat) mock data for `nf_conntrack_dummy` 111a7f7 fw4: don't inherit zone family from ct helpers Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* rpcd: update to latest Git HEADJo-Philipp Wich2022-08-241-3/+3
| | | | | | ae5afea ucode: parse ucode plugin scripts in raw mode, init search path Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: update to latest Git HEADJo-Philipp Wich2022-08-241-3/+3
| | | | | | | | | | | | e3395cd ucode: initialize search path before VM init 8cb3f85 ucode: initialize default library search path 188dea2 utils: accept '?' as path terminator in uh_path_match() c5eac5d file: support using dynamic script handlers as error pages 290ff88 relay: trigger close if in header read state with pending data f9db538 ucode: ignore exit exceptions 8ba0b64 cmake: use variables and find_library for dependency Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucode: update to latest Git HEADJo-Philipp Wich2022-08-241-4/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bcdd2cb examples: add module search path initialization and freeing ee1946f ubus: fix GCC strncpy() truncation warning 131d99c lib: introduce three new functions call(), loadstring() and loadfile() 8e8dae0 lib: introduce helper function for indenting error messages 476f02b lib: simplify include_path() d84b53a source: avoid null pointer access in uc_source_runpath_set() c43a54f types: gracefully handle unpatched upvalues in ucv_free() e2fb11a README.md: document gc() function b41cb2d main: introduce -g flag to allow enabling periodic gc from cli 85d7885 lib: implement gc() 47528f0 vm: support automatic periodic GC runs 381cc75 types: treat vm->exports as GC roots fcc49e6 compiler: add import statement support for dynamic extensions c9442f1 vm: introduce new I_DYNLOAD opcode b6fd8a2 lib: internally expose new uc_require_library() helper a486adc vm: don't treat offset 0 special for exceptions 41ccd19 compiler: don't treat offset 0 special at syntax errors b4a3f68 compiler: improve formatting of nested syntax error messages 5d5dadc program: remove now unused uc_program_export_lookup() 304995b compiler: rework export index allocation 506cc37 compiler: fix deriving module path from source runpath 54b7fac compiler: enforce stricter module compilation rules d62e372 vm: don't initialize upvalues for module functions b856602 program: add serialization and deserialization for module function flag d7d1bde compiler: add a flag denoting module functions 156d584 treewide: unexport libucode internal functions 10e056d compiler: add support for import/export statements 862e49d compiler: resolve predeclared upvalues 78dfb08 compiler: require a name in function declarations afd78c1 compiler: fix reported source position in inc/dec operator error e1c3db0 tests: run_tests.sh: substitute dynamic test directory path in output 3c168b5 vm, cli: move search path into global configuration structure d85bc71 vm: introduce import and export opcodes 365782e vm: honor constant flag of objects and arrays 6becc64 vm: transparently resolve upvalue references 3418967 vm: gracefully handle unresolved upvalues 50cf572 program: add function to globally lookup exported name c441f65 program: add infrastructure to handle multiple sources per program 2322468 program: fix reporting source position of first instruction 9c9a9ec program: fix en/decoding debuginfo upvalue slots in precompiled bytecode 41114a0 source: add tracking of exported symbols 70ae304 lib: honor constant flag of arrays 3c104f5 types: resolve upvalue references on stringification 3a6f9cb types: add ability to mark array and object values as constant b738f3a lexer: recognize module related keywords 03c8e4b lexer: rewrite token scanner fd433aa lexer: fix parsing with disabled block left stripping 557577a rtnl: fix parsing/creation of IFLA_AF_SPEC RTA for the AF_BRIDGE family 35c6b73 compiler: fix stack mismatch on continue statements nested in switches f673096 uloop: end uloop on exceptions in managed code 2e5426c ubus: end uloop on exceptions in managed code c024270 rtnl: expose IFLA_STATS64 contents d3c58c0 rtnl: expose ifinfomsg.ifi_change member c4dde50 rtnl: update NETLINK_GET_STRICT_CHK socket flag with every request 7ef0d02 nl80211: fix NL80211_SURVEY_INFO_NOISE datatype 9a2e592 compiler: fix stack mismatch on nonmatching switch statements with locals 03c8ca5 nl80211: recognize further NL80211_STA_INFO_* NLAs a1ed566 struct: add optional offset argument to `unpack()` 230e595 rtnl: fix segmentation fault on parsing linkinfo RTA without data 523566d rtnl: zero request message headers 56be30d rtnl: fix premature netlink reply receive abort 1347440 rtnl: avoid stray "netlink: %d bytes leftover after parsing attributes." 44b0a3b struct: fix packing `*` format after other repeated formats Also package uloop binding module which has been introduced by a previous ucode update and introduce a host build with the basic set of modules. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: fix WPA3 enterprise keys and ciphersJoerg Werner2022-08-201-3/+10
| | | | | | | | WPA3 enterprise requires group_mgmt_cipher=BIP-GMAC-256 and if 802.11r is active also wpa_key_mgmt FT-EAP-SHA384. This commit also requires corresponding changes in netifd. Signed-off-by: Joerg Werner <schreibubi@gmail.com>
* netifd: update to git HEADHauke Mehrtens2022-08-201-3/+3
| | | | | | | 87fbefd interface: support "zone" config option bfa039c netifd: fix WPA3 enterprise ciphers Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iwinfo: update to latest HEADHauke Mehrtens2022-08-201-3/+3
| | | | | | 0dad3e6 Add support for CCMP-256 and GCMP-256 ciphers Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: parse the correct set of HE capabilities for AP modeSultan Alsawaf2022-08-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | It is common for 802.11ax NICs to support more than just AP mode, which results in there being a distinct set of HE capabilities for each mode. As (bad) luck would have it, iw prints out info for each HE mode in sequential order according to `enum nl80211_iftype`, and AP mode isn't always first. As a result, the wrong set of HE capabilities can be parsed if an AP NIC supports station (managed) mode or any other mode preceding AP mode, since only the first set of HE capabilities printed by iw is parsed from awk's output. This has a noticeable impact on beamforming for example, since managed mode usually doesn't have beamformer capabilities enabled, while AP mode does. Hostapd won't be set up with the configs to enable beamformer capabilities in this scenario, causing hostapd to disable beamforming to HE stations even when it's supported by the AP. Always parse the correct set of HE capabilities for AP mode to fix this. This is achieved by trimming all of iw's output prior to the AP mode capabilities, which ensures that the first set of HE capabilities are always for AP mode. Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
* realtek: d-link: add support for dgs-1210-10mpDaniel Groth2022-08-201-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | General hardware info: ------------------------------------------------------------------------------- D-Link DGS-1210-10MP is a switch with 8 ethernet ports and 2 SFP ports, all ports Gbit capable. It is based on a RTL8380 SoC @ 500MHz, DRAM 128MB and 32MB flash. All ethernet ports are 802.3af/at PoE capable with a total PoE power budget of 130W. File info: ------------------------------------------------------------------------------- The dgs-1210-10mp is very similar to dgs-1210-10p so I used that as a start. rtl838x.mk: - Removed lua-rs232 package since it was a leftover from the old rtl83xx-poe package. - Updated the soc to 8380. - Specified device variant: F. - Installed the new realtek-poe package. rtl8380_d-link_dgs-1210-10mp.dts: - Moved dgs-1210 family common parts and non PoE related ports on rtl8231 to the new device tree dtsi files. Serial connection: ------------------------------------------------------------------------------- The UART for the SoC (115200 8N1) is available close to the front panel next to the LED/key card connector via unpopulated standard 0.1" pin header marked j4. Pin1 is marked with arrow and square. Pin 1: Vcc 3,3V Pin 2: Tx Pin 3: Rx Pin 4: Gnd Installation with TFTP from u-boot ------------------------------------------------------------------------------- I originally used the install procedure: 'OpenWrt installation using the TFTP method and serial console access' found in the device wiki for the dgs-1210-16. < https://openwrt.org/toh/d-link/dgs-1210-16_g1#openwrt_installation_using _the_tftp_method_and_serial_console_access > About the realtek-poe package ------------------------------------------------------------------------------- The realtek-poe package is installed but there isn't any automatic PoE config setting at this time so for now the PoE config must be edited manually. Original OEM hardware/firmware data at first installation ------------------------------------------------------------------------------- It has been installed, developed, and tested on a device with these OEM hardware and firmware versions. - U-boot: 2011.12.(2.1.5.67086)-Candidate1 (Jun 22 2020 - 15:03:58) - Boot version: 1.01.001 - Firmware version: 6.20.007 - Hardware version: F1 Things to be done when support are developed ------------------------------------------------------------------------------- - realtek-poe has been included in OpenWrt but the automatic config handling has not been solved yet so in the future there will probably be some minor updates for this device to handle the poe config. - LED link_act and poe are per function supposed to be connected to the PoE system. But some software development is also needed to make this LED work and shift the LED array between act and poe indication and to shift the mode lights with mode key. - LED poe_max should probably be used as straight forward error output from the realtek-poe package error handling. But no code has been written for this. - SFP is currently not hot pluggable. Development is under progress to get working I2C communication with SFP and have them hot pluggable. When any device in the dgs-1210 family gets this working, I expect it should be possible to implement the same solution in this device. Signed-off-by: Daniel Groth <flygarn12@gmail.com> [Capitalisation of abbreviations, DEVICE_VARIANT and update filenames, device compatibles on single line] Signed-off-by: Sander Vanheule <sander@svanheule.net>
* uencrypt: support all available ciphersNick French2022-08-192-18/+52
| | | | | | | | | | | | | Modify uencrypt to support any cipher provided by ssl library. Original tool supported only AES-128-CBC to decrypt the config mtd of Arcadyan WG430223/WG443223. TP-Link Deco S4 has mtd configuration encrypted with DES-ECB, so make the cipher generic to support both routers. Signed-off-by: Nick French <nickfrench@gmail.com> Reviewed-by: Eneas U de Queiroz >cotequeiroz@gmail.com>
* base-files: add mtd_get_mac_encrypted_arcadyan functionMikhail Zhilkin2022-08-191-0/+31
| | | | | | | | | Some Arcadyan devices (e.g. MTS WG430223) keep their config in encrypted mtd. This adds mtd_get_mac_encrypted_arcadyan() function to get the MAC address from the encrypted partition. Function uses uencrypt utility for decryption (and openssl if the uencrypt wasn't found). Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
* iproute2: Fix KERNEL_INCLUDE in SDKHauke Mehrtens2022-08-181-1/+1
| | | | | | | | | | | | | | | | | In the SDK the folder $(LINUX_DIR)/user_headers/include does not exist, but it more or less contains the same content as $(LINUX_DIR)/include/uapi which also exists in the SDK. Since iproute2 commit 1d819dcc741e ("configure: fix parsing issue on include_dir option") it checks if this folder exists and aborts the build if it does not exists. https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1d819dcc741e25958190e31f8186c940713fa0a8 With this commit the KERNEL_INCLUDE variable points to a valid folder with the kernel include headers. I am not sure if they are actually needed because the build worked before even with an invalid path. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: add mbo flag to get_clients ubus methodStijn Tintel2022-08-151-0/+4
| | | | | | | | | There is no WLAN_STA_MBO flag, but according to the hostapd source code, when an STA does not support MBO, cell_capa will be 0. Use this to indicate MBO support in the get_clients ubus method. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: David Bauer <mail@david-bauer.net>
* kernel: extract kmod-sched-act-ipt from kmod-schedStijn Tintel2022-08-151-3/+18
| | | | | | | | | | There is only one module in kmod-sched that depends on iptables. Move it to its own kmod package so we can drop the kmod-ipt-core dependency from kmod-sched. This makes it possible to disable all kmod-ipt-* packages without having to disable kmod-sched. Since we now default to firewall4 and nftables, we should avoid iptables dependencies where we can. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* Revert "binutils: update to 2.39"Hauke Mehrtens2022-08-141-2/+2
| | | | | | | | | | | | | | | This reverts commit cc24c4ed5eae66c061e5787bb172fd2a91861f25. binutils does not compile with glibc: Package binutils is missing dependencies for the following libraries: libgprofng.so.0 libmsgpackc.so.2 libstdc++.so.6 libbpf does not compile against binutils 2.39 any more, see: https://github.com/libbpf/bpftool/issues/30 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* fstools: update to git HEADHauke Mehrtens2022-08-131-3/+3
| | | | | | | 8c213b0 libfstools: Rename move_mount() function to ovl_move_mount() for glibc 2.36 81785c1 block: Do not include linux/fs.h any more Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>