aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ramips: drop support for ALLNET ALL0239-3G and Sitecom WL-341 v3Mathias Kresin2018-12-128-449/+0
| | | | | | | | | | | | Beside one exception, no one took care of these two remaining boards still using the legacy image build code during the last two years. Since OpenWrt 14.07 the ALLNET ALL0239-3G image building is broken. The Sitecom WL-341 v3 image build code looks pretty hackish and broken. It's questionable if the legacy image works as all. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: use new image build code for D-Link DCS-930 familyMathias Kresin2018-12-124-73/+16
| | | | | | | | | | | | Drop the factory images and the firmware tool to create them. They don't work any more, since the factory image has an uImage header covering the whole kernel + rootfs. This way the uImage splitter will not be able to find the rootfs and the kernel will panic later on. The factory images were most likely added at a time the board had distinct partitions for kernel and rootfs. Signed-off-by: Mathias Kresin <dev@kresin.me>
* elfutils: install library files for pkg-configTony Ambardar2018-12-121-0/+3
| | | | | | | Support other packages using pkg-config to query existence and details of libelf and libdw libraries at build time. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* hostapd: add support for WPS pushbutton stationDaniel Golle2018-12-1210-14/+467
| | | | | | | | | | | | | | | | | | | | | | similar to hostapd, also add a ubus interface for wpa_supplicant which will allow handling WPS push-button just as it works for hostapd. In order to have wpa_supplicant running without any network configuration (so you can use it to retrieve credentials via WPS), configure wifi-iface in /etc/config/wireless: config wifi-iface 'default_radio0' option device 'radio0' option network 'wwan' option mode 'sta' option encryption 'wps' This section will automatically be edited if credentials have successfully been acquired via WPS. Size difference (mips_24kc): roughly +4kb for the 'full' variants of wpa_supplicant and wpad which do support WPS. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-fritz4040: update package to 2018-12-09Christian Lamparter2018-12-114-353/+5
| | | | | | | | | | | | | | | | | This patch updates the uboot-fritz4040 package to the latest version. The portability and private-libgcc patches, as well as the upload-to-f4040.sh script have been added to the upstream repository. Furthermore, the upload-to-f4040 has been updated to take the first parameter as the file it is supposed to flash, otherwise it defaults to the previous "uboot-fritz4040.bin". Furthermore the error messages have been improved and ftp will now dump some "progress information" to the user's console. Also included is support for gcc 8+ and a fix for the obnoxous error that currently breaks the builders: | fritz/src/lzma2eva.c:23:30: fatal error: zlib.h: No such file or directory Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* brcm63xx: HG655b: fix the imagetag at dtsDaniel Gonzalez Cabanelas2018-12-111-1/+1
| | | | | | | | | | | | | Fix the imagetag on the HG655b to allow a correct partition detection at boot time. It turns out that it was defined at the wrong partition. Just move the imagetag to the linux firmware partition. The bug is present since the 18.06 release. Without this fix, the board won't boot. Fixes: a27d59bb4274 ("brcm63xx: switch to new partition layout specification") Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com> Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* brcm63xx: fix ethernet switch core reset mask for BCM6368Jonas Gorski2018-12-112-0/+52
| | | | | | | The reset mask for the bcm6368 switch core was left at 0 due to a copy & paste error. Fix this by setting it to the correct value. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* brcm63xx: drop legacy profile for SR102Jonas Gorski2018-12-111-16/+0
| | | | | | | | | | | Remove the sky.mk causing a duplicate device profile to be added in image builder. The generic device code already generates a profile for the device. Fixes FS#1780. Fixes: d59126040701 ("brcm63xx: initial support for Sky SR102 router") Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* kernel: add missing symbol in some 4.9 subtargetsKoen Vandeputte2018-12-113-0/+3
| | | | | | | Buildbot revealed some subtargets are still missing the new symbol. Fixes: dfbf836a52e4 ("kernel: bump 4.9 to 4.9.143") Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.87Koen Vandeputte2018-12-104-34/+5
| | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 0008-MIPS-ralink-Fix-mt7620-nd_sd-pinmux.patch Compile-tested: cns3xxx, imx6 Runtime-tested: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.144Koen Vandeputte2018-12-103-49/+4
| | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 014-Kbuild-suppress-packed-not-aligned-warning-for-defau.patch Compile-tested: ar7, brcm2708 Runtime-tested: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.86Koen Vandeputte2018-12-1024-85/+74
| | | | | | | | | | | | Refreshed all patches. Altered patches: - 180-usb-xhci-add-support-for-performing-fake-doorbell.patch Compile-tested on: ar71xx, cns3xxx, imx6 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.143Koen Vandeputte2018-12-1016-40/+45
| | | | | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 950-0063-Improve-__copy_to_user-and-__copy_from_user-performa.patch - 201-extra_optimization.patch New symbol: - CONFIG_HARDEN_BRANCH_PREDICTOR Compile-tested on: ar7, at91, brcm2708, ixp4xx, layerscape, orion Runtime-tested on: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> [fix brcm2708/950-0149-Update-vfpmodule.c.patch] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* kernel: bump 3.18 to 3.18.128Koen Vandeputte2018-12-104-22/+22
| | | | | | | | | | | | Refreshed all patches. Altered patches: - 002-phy_drivers_backport.patch Compile-tested on: adm5120 Runtime-tested on: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* dnsmasq: follow upstream dnsmasq pre-v2.81 v2Kevin Darbyshire-Bryant2018-12-1014-3/+4550
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Backport upstream commits. Most interesting 122392e which changes how SERVFAIL is handled especially in event of genuine server down/failure scenarios with multiple servers. a799ca0 also interesting in that answered received via TCP are now cached, DNSSEC typically using TCP meant until now answers weren't cached, hence reducing performance. 59e4703 Free config file values on parsing errors. 48d12f1 Remove the NO_FORK compile-time option, and support for uclinux. 122392e Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e 3a5a84c Fix Makefile lines generating UBUS linker config. 24b8760 Do not rely on dead code elimination, use array instead. Make options bits derived from size and count. Use size of option bits and last supported bit in computation. No new change would be required when new options are added. Just change OPT_LAST constant. 6f7812d Fix spurious AD flags in some DNS replies from local config. cbb5b17 Fix logging in cf5984367bc6a949e3803a576512c5a7bc48ebab cf59843 Don't forward *.bind/*.server queries upstream ee87504 Remove ability to compile without IPv6 support. a220545 Ensure that AD bit is reset on answers from --address=/<domain>/<address>. a799ca0 Impove cache behaviour for TCP connections. Along with an additional patch to fix compilation without DHCPv6, sent upstream. I've been running this for aaaages without obvious issue hence brave step of opening to wider openwrt community. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* Revert "dnsmasq: follow upstream dnsmasq pre-v2.81"Kevin Darbyshire-Bryant2018-12-1013-4523/+3
| | | | | | | | | | | | | This reverts commit a6a8fe0be5cd2edb1560bfc3f3094c3d34f2d2b0. buildbot found an error option.c: In function 'dhcp_context_free': option.c:1042:15: error: 'struct dhcp_context' has no member named 'template_interface' free(ctx->template_interface); revert for the moment Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: follow upstream dnsmasq pre-v2.81Kevin Darbyshire-Bryant2018-12-1013-3/+4523
| | | | | | | | | | | | | | | | | | | | | | | | | Backport upstream commits. Most interesting 122392e which changes how SERVFAIL is handled especially in event of genuine server down/failure scenarios with multiple servers. a799ca0 also interesting in that answered received via TCP are now cached, DNSSEC typically using TCP meant until now answers weren't cached, hence reducing performance. 59e4703 Free config file values on parsing errors. 48d12f1 Remove the NO_FORK compile-time option, and support for uclinux. 122392e Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e 3a5a84c Fix Makefile lines generating UBUS linker config. 24b8760 Do not rely on dead code elimination, use array instead. Make options bits derived from size and count. Use size of option bits and last supported bit in computation. No new change would be required when new options are added. Just change OPT_LAST constant. 6f7812d Fix spurious AD flags in some DNS replies from local config. cbb5b17 Fix logging in cf5984367bc6a949e3803a576512c5a7bc48ebab cf59843 Don't forward *.bind/*.server queries upstream ee87504 Remove ability to compile without IPv6 support. a220545 Ensure that AD bit is reset on answers from --address=/<domain>/<address>. a799ca0 Impove cache behaviour for TCP connections. I've been running this for aaaages without obvious issue hence brave step of opening to wider openwrt community. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: drop dnssec timestamp file patchKevin Darbyshire-Bryant2018-12-102-48/+1
| | | | | | | | | | | | Openwrt no longer uses and has not used since 5acfe55d71 Jun 2016 the timestamp file (/etc/dnsmasq.time) method of resolving the dnssec/ntp dnslookup chicken/egg problem, having used signals from ntp since that change. Drop the 'dnssec-improve-timestamp-heuristic' patch since it is neither used nor sent upstream. One less thing to refresh & maintain. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* nettle: bump to 3.4.1Nikos Mavrogiannopoulos2018-12-091-2/+2
| | | | | | | | This is a security fix adding safer APIs for RSA use. Compile tested for: ar71xx Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* base-files: add sysupgrade -k to save list of pkgsLuiz Angelo Daros de Luca2018-12-091-1/+35
| | | | | | | | | | | | | | When '-k' is used, sysupgrade inserts into backup a new file /etc/backup/installed_packages.txt which contains pkgname and origin (rom, overlay, unknown) without touching rootfs. It's mainly used to reinstall all extra packages: # opkg update # grep "\toverlay" /etc/backup/installed_packages.txt | cut -f1 | xargs -r opkg install # rm /etc/backup/installed_packages.txt Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* base-files: add sysupgrade -o to save all overlay filesLuiz Angelo Daros de Luca2018-12-091-4/+48
| | | | | | | | | | | Add sysupgrade '-o' option in order to include all overlay files in backup, except for those that are from packages but including files listed in conffiles, sysupgrade.conf or /lib/upgrade/keep.d. With '-u' option, it will skip files equals to /rom and conffiles that were not changed. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* base-files: add sysupgrade -u to skip unchanged filesLuiz Angelo Daros de Luca2018-12-091-8/+19
| | | | | | | | | | | With '-u', for a file /aaa/bbb/ccc enlisted for backup, it will only get into backup if /rom/aaa/bbb/ccc does not exist or /aaa/bbb/ccc is different from /rom/aaa/bbb/ccc. It also works with '-c', but only effective for files touched but not modified. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* base-files: minor cleanups on sysupgradeLuiz Angelo Daros de Luca2018-12-091-16/+17
| | | | | | | | | | | | | Renamed add_uci_conffiles to add_conffiles as it includes any conffiles listed, not only UCI ones. Make do_save_conffiles arg mandatory Allow other options after -l (like -c) Do not use stdout for error messages (fixes backup to stdout) Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* firewall: update to latest git HEADHans Dedecker2018-12-091-3/+3
| | | | | | 14589c8 redirects: properly handle src_dport in SNAT rules Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* apm821xx: WNDAP620: remove bad semicolon in dts after #includeChristian Lamparter2018-12-091-1/+1
| | | | | | | | | This patch fixes a build warning triggered by a semicolon in the dts after the #include directive. netgear-wndap620.dts:11:33: warning: extra tokens at end of #include directive Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* apm821xx: move fifo-entry-size property to WNDR4700Christian Lamparter2018-12-092-1/+1
| | | | | | | | | This property (and value) came from Netgear's WNDR4700 stock firmware dts. However, other devices do not set it and the EMAC default is 16, which matches that of the programming notes of the APM82181 spec. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ath10k-firmware: Fix mirror hash sum (FS#1983)Christian Lamparter2018-12-091-1/+1
| | | | | | | | This now matches what was generated locally on my PC and the file on the mirror server. Fixes: 575d0240f9593 ("ath10k-firmware: update board-2.bin for community firmwares") Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: add DT binding support to the TRX and minor parsersRafał Miłecki2018-12-092-0/+26
| | | | | | It allows specifying those parsers directly in the DT. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* iptables: fix ebtables vlan compile issue (FS#1990)Ansuel Smith2018-12-082-1/+42
| | | | | | | Backport an upstream patch which fixes an userspace/kernel headers collison Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* ramips: fix firmware compatible string for dir860l-b1Russell Senior2018-12-081-1/+1
| | | | | | | | In commit d70ec3008d4cd0540a9f6c88fb7e786107f1679a, a firmware compatible string of "denx,uimage" was added for the Dlink DIR-860L-B1. Unfortunately, this was the wrong string. It needs "seama" instead. Signed-off-by: Russell Senior <russell@personaltelco.net>
* iptables: bump to 1.8.2Ansuel Smith2018-12-089-116/+204
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream Added patches : 001-extensions_format-security_fixes_in_libip.patch 002-include_fix_build_with_kernel_headers_before_4_2.patch 101-remove-register-check.patch The first and the second patch are upsteam fixes for compilation errors. The third patch remove check if one target lib is already registred; this is caused by shared libs that are loaded before the iptables execution. Iptables changelog: bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release 61d6c38 xtables: add 'printf' attribute to xlate_add 5edb249 libxtables: xlate: init buffer to zero 9afd2a6 tests: shell: fix expected arptables-save output 6387941 arptables: fix --version info d703c1f arptables: ignore --table argument. d5754e3 arptables: make uni/multicast mac masks static 1b63e66 arptables: add test cases 5aecb2d arptables: pre-init hlen and ethertype 9677ed1 arptables: fix src/dst mac handling ab0b6d5 arptables: fix target ip offset c0c75ce arptables: fix -s/-d handling for negation and mask 3ac65af arptables: add basic test infra for arptables-nft e31564f arptables: fix rule deletion/compare 2345ff6 arptables: remove code that is also commented-out in original arptables 50c2397 arptables-save: add -c option, like xtables-save d9a518e arptables: use ->save for arptables-save, like xtables 5a52e6a extensions: test protocol and interface negation 85d7df9 xtables: Fix error return code in nft_chain_user_rename() 3ccb443 xtables: Clarify error message when deleting by index 95db364 xtables: Fix typo in do_command() error message 5f508b7 ebtables: use extrapositioned negation consistently 583b27e ebtables-save: add -c option, using xtables-style counters e6723ab nft: add NFT_TABLE_* enumeration 21ec111 nft: replace nft_chain_dump() by nft_chain_list_get() 05947c8 iptables-nft: fix -f fragment option 7bd9feb libxtables: add and use mac print helpers a10eb88 extensions: libebt_ip: fix tos negation 9b127b7 extensions: libebt_ip6: fix ip6-dport negation c59ba1b xtables-nft: make -Z option work 1bf4a13 nft: add missing error string a9f9377 iptables-tests: add % to run iptables commands b81c8da iptables-tests: do not append xtables-multi to external commands edf2b7c ebtables-nft: add arpreply target 2d1372e ebtables: add redirect test case c3e8dbd ebtables: add test cases cd90cef ebtables: relax -t table restriction, add snat/dnat test cases fd95f1f ebtables: fix -j CONTINUE handling for add/delete fb747f8 tests: add basic ebtables test support d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr 9ff9915 iptables-test: fix netns test 8c918db xtables: Fix for matching rules with wildcard interfaces b2fc2a3 extensions: limit: unbreak build without libnftnl 682f39a xtables: Fix for spurious errors from iptables-translate 90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release 0123183 iptables-test: add -N option to exercise netns removal path abae556 libxtables: expose new etherdb lookup function through libxtables API c2d9ed9 libxtables: prefix exported new functions for etherdb lookups 5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota" 2673faf xtables: Remove target_maxnamelen field 8ca3436 extensions: cgroup: fix option parsing for v2 0a8f2bc extensions: libxt_quota: Allow setting the remaining quota b373a91 nft-shared: Use xtables_calloc() 5a40961 arptables: Use the shared nft_ipv46_parse_target() 9f07503 Combine parse_target() and command_jump() implementations 7373297 Combine command_match() implementations a76ba54 libiptc: NULL-terminate errorname a3716cc libxtables: Check extension real_name length 0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts 671e40a xtables: Drop pointless check 7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find() 11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload() d95c1e8 libxtables: Use posix_spawn() instead of vfork() 7e50eba Fix a few cases of pointless assignments f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking 47fb86c nft-arp: Drop ineffective conditional 80aae9b iptables: Use print_ifaces() from xtables 8da04ff Share print_ipv{4,6}_addr() from xtables b686594 iptables-apply: Replace signal numbers by names f175dee iptables-apply: Quote strings passed to echo 52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query() 61ebf3f libxtables: Don't read garbage in xtables_strtoui() ab639f2 libxtables: Avoid calling memcpy() with NULL source 22ef371 libiptc: Simplify alloc_handle() function signature 6b7145f libxt_time: Drop initialization of variable 'year' 749d3c2 libxt_ipvs: Avoid potential buffer overrun 8e798e0 libxt_conntrack: Avoid potential buffer overrun 74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id 23ef6f0 xtables: Remove unused variable in nft_is_table_compatible() 4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' 1788f54 Mark fall through cases in switch() statements 31f1434 libxtables: Integrate getethertype.c from xtables core 7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush() 8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr() 6fc7762 libxt_string: Fix array out of bounds check 2a68be1 xtables-save: Ignore uninteresting tables f9efc8c extensions: add cgroup revision 2 9b8cb16 extensions: REJECT: Merge reject tables 56d7ab4 libxt_string: Avoid potential array out of bounds access bfd41c8 ebtables: Fix for potential array boundary overstep e6f9867 libiptc: Avoid side-effect in memset() calls 4144571 libxtables: Fix potential array overrun in xtables_option_parse() 9242b5d xtables: Accept --wait in iptables-nft-restore c9f4f04 xtables: Don't check all rules for being compatible 15606f2 doc: Improve layout of u32 instructions 7345037 xtables-restore: Fix flushing referenced custom chains 7df11d1 xtables: Drop use of IP6T_F_PROTO b6a06c1 xtables: Align return codes with legacy iptables 3bb497c xtables: Fix for deleting rules with comment 0800d9b ip6tables-translate: Fix libip6t_mh.txlate test 4cf650c ebtables-translate: Fix for libebt_limit.txlate 783e9c2 xtables: Add missing deinitialization 9771d06 ebtables: Review match/target lookup once more 85ed1ab extensions: libebt_mark: Drop mark_supplied check 6a46ca0 xtables: Add a few missing exit calls acde6be ebtables-translate: Fix segfault while parsing extension options 2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more 9f5b28a xlate-test: Fix for calling wrong command name 1a878a7 extensions: AUDIT: Provide translation 5ee03e6 xtables: Use meta l4proto for -p match 37b68b2 xtables: Fix for segfault when registering hashlimit extension 92f7b04 xtables: Fix for segfault in iptables-nft 294f9ef ebtables: Fix entries count in chain listing 6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero 7bccf30 ebtables: Fix for listing of non-existent chains 3d9a13d xtables: Fix for no output in iptables-nft -S a33c6fd arptables: Drop extensions/libxt_mangle.c 02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c 5de8dcf xtables: Use native nftables limit expression 514de48 ebtables: Remove flags misinterpretations 528cbf9 xtables: Fix for wrong counter format in -S output 9ca32c4 xtables: Don't pass full invflags to add_compat() e055aeb xtables: Improve xtables-monitor first impression b925733 tests: Fix skipping for recent nft-only tests 277f374 xtables: Spelling fixes in xtables-monitor a9d9f64 xtables: Fix potential segfault in nft_rule_append() fbf0bf7 tests: Add ebtables-{save,restore} testcases f1d8508 tests: Add arptables-{save,restore} testcases 63c3dae xtables: Implement arptables-{save,restore} aa7fb04 ebtables: Review match/target lookup 3f123dc ebtables-restore: Use xtables_restore_parse() 295d5a8 xtables-restore: Make COMMIT support configurable 1679b2c xtables-restore: Improve user-defined chain detection 2ce9f65 xtables: Match verbose ip{,6}tables output with legacy cd79556 xtables: Reserve space for 'opt' column in ip6tables output 0357254 xtables: Print error when listing non-existent chains 206033e xtables: Fix for no output on first iptables-nft invocation a0698de xtables: Do not count rules as chain references d11b6b8 arptables: Fix jumps into user-defined chains 3f27955 arptables: Fix opcode printing in numeric output f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore} 3319c61 ebtables: Support --init-table command 3ec8aac arptables: Print policy only for base chains 83bc189 arptables: Fix for trailing spaces in output aaed1b6 arptables: Fix memleaks in do_commandarp() d67d85d ebtables: Print non-standard target parameters 2e478e9 ebtables: Fix match_list insertion a192f03 ebtables: Fix for wrong program name in error messages a2ed880 xshared: Consolidate argv construction routines 1cc0918 xshared: Consolidate parse_counters() 78b9d43 Consolidate DEBUGP macros 14ad525 xtables: Fix program name in xtables_error() f7bbdb0 xtables: Use correct built-in chain count ae574b2 xtables: Fix compilation with NLDEBUG defined 82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs 89d3443 xtables: Fix for nft_rule_flush() returning garbage c259447 xtables: Allocate rule cache just once ed30b93 nft: don't print rule counters unless verbose 31e4b59 iptables-restore: free the table lock when skipping a table f8e29a1 xtables: avoid bogus 'is incompatible' warning 6ea7579 nft: decode meta l4proto 922508e xtables: implement ebtables-{save,restore} 25ef908 xtables: introduce nft_init_eb() de8574a xtables: parameter to add_argv() may be const 6f60f22 xtables: pass format to nft_rule_save() f3b772c xtables: introduce save_chain callback fa1681f xtables: rename {print,save}_rule functions 444d581 xtables: get rid of nft_ipv{4,6}_save_counters() 34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find() de782e8 xtables: merge nft_ipv{4,6}_parse_target() ae8eece xtables: get rid of nft_ipv{4,6}_print_header() 2687794 xtables: arp: make rule_to_cs callback private 1bf73c4 xtables: Use new callbacks in nft_rule_print_save() 1866625 xtables: introduce rule_to_cs/clear_cs callbacks 0589457 xtables: simplify struct nft_xt_ctx d9c6a5d xtables: merge {ip,arp}tables_command_state structs 87b5b9e iptables: replace memset by c99-style initializers 907da5c xtables: fix crash if nft_rule_list_get() fails 565a223 xtables: Support nft suffix for arptables and ebtables c468f01 tests: check iptables retval, not echo 47d1484 iptables: tests: add test for iptables-save and iptables-restore e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled 17c66a5 iptables: tests: shell: Add README 6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency 7b66fc2 man: clarify translate tools do not modify any state f7fec51 xtables-monitor: add --version option b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy 2028e54 xtables: display legacy/nf_tables flavor in error messages, too fd8d7d7 ebtables-nft: add stp match f15639b tests: add script that mimics firewalld startup 27f7db2 tests: fix variable name to multi-binary 2a89ec5 tests: add a few simple tests for list/new/delete 37d9d5b ebtables-nft: make -L, -X CHAINNAME work 816bd1f ebtables-nft: remove exec_style b81708f ebtables-nft: don't crash on ebtables -X de02a75 doc: fix some spellos and the dash escape dcf4529 tests: add firewalld default ruleset from fedora 27 f23abd5 tests: add another ipv4 only ruleset ed9cfe1 tests: add initial save/restore test cases 9933dc5 tests: adapt test suite to run with legacy+nftables based binaries be70918 xtables: rename xt-multi binaries to -nft, -legacy d49ba50 xtables-restore: init table before processing policies 344c6eb doc: Fix spelling error in hashlimit section e063873 tests: make duplicate test work d26c538 xtables: add xtables-monitor db84371 xtables: translate nft meta trace set 1 to -j TRACE 20eac2a xtables: warn in case old-style (set/getsockopt) tables exist c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings e5fed16 iptables8.in: Update coreteam names 672accf include: update kernel netfilter header files 856a875 xtables: silence two compiler warnings ae6e159 xtables: remove dead code inherited from ebtables 107b7eb configure: add -Wlogical-op warning to cflags bc7f49d ebtables-translate: remove --change-counters code 38b4166 iptables: tests: shell: add shell test-suite 1e6427a xtables-compat: skip invalid tables cb368b6 xtables: more error printing fixes b1b828f xtables: homogenize error message 4caa559 xtables: initialize basechains for rule flush command too 9b89622 xtables: rework rule cache logic 01e25e2 xtables: add chain cache 8d190e9 xtables: initialize basechains only once on ruleset restore 0a86351 xtables-compat: ignore '+' interface name 125d1ce xtables-compat: append all errors into single line 437746c xtables: extended error reporting d1c79cd xtables: allocate struct xt_comment_info for comments 4e20209 xtables: use libnftnl batch API 49709e2 xtables-compat: remove nft_is_ruleset_compatible 03e1377 xtables: allow dumping of chains in specific table 94fd83d xtables: inconsistent error reporting for -X and no empty chain c4f1622 ebtables-compat: add arp match extension 24ce746 ebtables-compat: add redirect match extension 84c04e3 ebtables-compat: add nat match extensions 14ec998 xtables-compat: ebtables: prefer snprintf to strncpy 5e2b473 xtables-compat: extend generic tests for masks and wildcards 1a696c9 libxtables: store all requested match types bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks 6454d7d ebtables-translate: suppress redundant protocols 07f4ca9 xtables-compat: ebtables: allow checking for zero-mac 0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses 3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct 20e2758 xtables-compat: ebtables: fix logical interface negation 2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names 564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall 0ae81d0 xtables-compat: ebtables: kill ebtables_command_state 651cfee xtables-compat: pass correct table skeleton 652b98e xtables-compat: fix wildcard detection 49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid 429143b extensions: libxt_CONNMARK: incorrect translation after v2 db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark 155e1c0 extensions: libip6t_srh: support matching previous, next and last SID f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range 6a9ffb1 xtables-compat-restore: flush table and its content with no -n 07ae37c xtables-compat: fix bogus error with -X and no user-defined chains df3d92b xtables-compat-restore: flush user-defined chains with -n ca16584 xtables-compat-restore: flush rules and delete user-defined chains ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2 e25d99a xtables-compat: pass larger socket buffer 838746e xtables-compat: xtables-save: don't return 1 2211679 xtables-compat: ebtables: support concurrent option a77a7d8 iptables-test: fix bug with rateest de87405 xtables-compat: fix ipv4 frag (-f) c7b2fd6 xtables-compat: also check tg2->userspacesize 5685938 xtables-compat: avoid unneeded bitwise ops b9d7b49 xtables-compat: restore: sync options with iptables-restore c0ef861 extensions: add xlate test for ipables -f d79a7f1 xtables-compat: output -s,d first during save, just like iptables d1eb4d5 iptables-compat: chains are purge out already from table flush 09f0d47 iptables-compat: do not fail on restore if user chain exists 8798eb8 iptables-compat: remove non-batching routines b633ef9 xtables.conf: fix hook skeletons 7af2178 xtables-compat: fall back to comment match in case name is too long e9aeecf xlate-test: use locally installed xlate tools 0ab58e3 xtables-compat: ebtables: handle mac masks properly 734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds fb7ae9f xtables-compat: truncate comments to 254 bytes 36976c4 extensions: libipt_DNAT: support shifted portmap ranges d7ac61b iptables-test: add nft switch and test binaries from git 992e17d xtables-compat: only fetch revisions for ip/ip6 12a52ff xtables: Fix rules print/save after iptables update 1197c5e xtables: Register all match/target revisions supported by us and kernel e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time 3b2530c xtables: Do not register matches/targets with incompatible revision d3f1437 xtables: Introduce and use common function to print val[/mask] arguments 29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments 56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension 79c2da9 extensions: ULOG: remove test a0956ce ebtables-translate: turn off useless compat queries 9840869 nft: arptables: remove obsolete forward hook definition 7a37d14 iptables-compat: statify nft_restart() a3aac1d iptables-compat: handle netlink dump EINTR errors a567dc3 ebtables-compat: add 'vlan' match extension 7564bba ebtables-compat: add 'pkttype' match extension 4d40904 ebtables-translate: update table name on -t 5c8ce9c ebtables-compat: add 'ip6' match extension 8a85a14 libebt_ip: fix translations for tos and icmp b6f0bec libebt_ip: add icmp support f38ed1e xt-translate: quote interface names in translated output 71a6e37 icmp: split icmp type printing to header file e67c088 ebtables-translate: add initial test cases 207dd5e xt-compat: add ebtables-translate d988274 xlate-translate: split common parts into helper 1650806 xtables-eb: export 3 functions 6b2041c nft-bridge: add eb-translate backend functions 3063c37 nft-bridge: fix mac address printing 394a400 nft: fix crash when getprotobynumber() returns 0 6a1dbdf ebtables-compat: support intra-positioned negations 3e94f0a nft-bridge: add forward declaration for struct nftnl_rule 5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs' ce3c780 nft: make nft_init self-contained cb151d5 xtables-translate: rm duplicate includes 69c089b xt-compat: constify a few struct members 03ecffe ebtables-compat: add initial translations 57af67d iptables: constify option struct 88231c4 ebtables-compat: load mark target 6b4e167 ebtables-compat: don't make failing extension load fatal 24110b5 libxt_comment: silence truncation warning 98fc8ce xtables-compat: only validate the xtables builtin tables 9d9b724 xtables-compat: skip unsupported tables 59d15cf xtables-compat: also validate priorities and hook points match expected values eb35854 xtables-compat: fix snprintf truncation warnings fc04c8a extensions: CLUSTERIP: do not allow --local-node 0 eb2c052 extensions: CLUSTERIP: add tests ca3c397 iptables: add xtables-translate.8 manpage 5beb158 extensions: libxt_bpf: Fix build with old kernel versions 147a891 extenstions: ecn: add tcp ecn/cwr translation ed928a8 extensions: add tests for comp match options 632ace7 xtables-compat-multi.c: Allow symlink of ebtables d7ccc68 iptables: add xtables-compat.8 manpage 043da5b extensions: connmark: remove non-working translation a93b502 extensions: prefer plain 'set' over 'set mark and' 577b7e2 xtables-compat-restore: use correct hook priorities Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* Add support for TL-WA801ND v4Romain MARIADASSOU2018-12-072-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | This add support for TP-Link TL-WA801ND v4 (same as TL-WA801ND v3) : Specification: - System-On-Chip: Qualcomm Atheros QCA9533 - CPU/Speed: 650 MHz - Flash-Chip: Winbond W25Q32BVSIG - Flash size: 4096 KiB - RAM: 32 MiB - Wireless No1: SoC-integrated: QCA9533 2.4GHz 802.11bgn Flash instructions: 1) To flash the image, rename the file openwrt-ar71xx-generic-tl-wa801nd-v4-squashfs-factory.bin to firmware.bin 2) Connect your device to the LAN port, then upload the firmware through web interface. It will try to download the image and flash it. It can take up to 2-3 minutes to finish. When it reaches 100%, the router will reboot itself. Signed-off-by: Romain MARIADASSOU <roms2000@free.fr>
* ath79: dts: Use PowerCloud CAP324 bicolor status LEDDaniel F. Dickinson2018-12-061-3/+3
| | | | | | | | | PowerCloud Systems CAP324 has a bicolor power LED and OpenWrt DTS files / base files support using both colours to better inform user of state and to better match stock firmware, so use green power to indicate normal operation. Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
* ath79: add support for I-O DATA WN-AG300DGRINAGAKI Hiroshi2018-12-065-2/+245
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I-O DATA WN-AG300DGR is a 2T2R 2.4/5 GHz 11n router, based on Atheros AR1022. WN-AG300DGR does not have an LED to indicates power or system status, I set "router" LED as OpenWrt status LED. There is no eeprom data for 5 GHz wlan in "art" partition. Specification: - Atheros AR1022 - 64 MB of RAM (DDR2) - 8 MB of Flash (SPI-NOR) - 2T2R 2.4/5GHz wifi - 2.4 GHz: SoC internal - 5 GHz: Atheros AR93x2 - 5x 10/100/1000 Mbps Ethernet - 6x LEDs, 6x keys (4x buttons, 1x slide switch) - 1x USB 2.0 Type-A - UART through-hole on PCB - Vcc, GND, TX, RX from ethernet port side - 115200n8 Flash instruction using factory image: 1. Connect the computer to the LAN port on WN-AG300DGR 2. Connect power cable to WN-AG300DGR and turn it 3. Access to "http://192.168.0.1/" and open firmware update page ("ファームウェア") 4. Select the OpenWrt factory image and click update ("更新") button 5. Wait ~150 seconds to complete flashing Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
* ath79: add support for Winchannel WB2000Chuanhong Guo2018-12-064-2/+235
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WB2000 is a dual-band 11N AP using AR9344. The factory firmware used the original DB120 partition table with a small kernel partition at the end of firmware and the kernel will easily get oversized in the future. Since it has to be flashed using UART I also swapped kernel/rootfs and changed the default load address. Specification: - SoC: Atheros AR9344 - RAM: 128 MB - Flash: 16 MB - Ethernet: 10/100/1000 Mbps (Atheros AR8035) - 2x USB 2.0 - WIFI: AR9344(2G) + AR9382(5G) - RTC: DS1338 Known issue: 5G ath9k led doesn't work due to commit ccab68f. Flash instruction: Set up a TFTP server on your computer and configure static IP. Connect UART (J11 TX/GND/RX) and press any key to enter U-boot shell. 1. Change the default boot command: setenv bootcmd 'bootm 0x9f050000 || bootm 0x9fd50000' saveenv 2. Set your router ipaddr and server ipaddr. e.g.: setenv ipaddr 192.168.1.1 setenv serverip 192.168.1.50 3. Load and flash the firmware: tftp 0x80060000 fw.bin erase 0x9f050000 +$filesize cp.b $fileaddr 0x9f050000 $filesize 4. Reset your router: reset Signed-off-by: Chuanhong Guo <gch981213@gmail.com> [Drop the i2c node unit address. Move the ath9k-leds node out of the spi node, it doesn't belong there. Add the #gpio-cells property to the pci wifi node. All fix dtc compiler warnings] Signed-off-by: Mathias Kresin <dev@kresin.me> merge
* ath79: fix ethernet configurations for I-O DATA ETG3-RINAGAKI Hiroshi2018-12-061-1/+13
| | | | | | | | | | | | This commit fixes several issues in eth0 on ETG3-R, and solve slowdown in NA(P)T speed. - add gmac-config with correct configurations - fix pll-data value And I added ref clock-frequency. Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
* ath79: drop unused mtd splitterMathias Kresin2018-12-061-2/+0
| | | | | | | Neither the seama nor the wrgg splitter are used at the moment. Drop them for now to not bloat the target from the beginning. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ath79: remove duplicate image build variablesMathias Kresin2018-12-066-19/+9
| | | | | | | Remove image build variables which are set to the same value as the default image build recipe. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ath79: fix GL.iNet GL-AR300M sysupgradeMathias Kresin2018-12-065-7/+14
| | | | | | | | | | | The userspace boardname derived from the dts compatible was out of sync with the expected board added to the image metadata. This way a sysupgrade is refused. Sync the userspace boardname and the baordname used in the image metdata to allow a seamless sasupgrade. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ath79: add SoC or family compatibleMathias Kresin2018-12-0626-30/+24
| | | | | | | Add missing SoC specific compatibles and/or inherit the family compatibles like "ubnt,xm". Signed-off-by: Mathias Kresin <dev@kresin.me>
* ath79: add AVM EVA firmware partition compatibleDavid Bauer2018-12-062-0/+2
| | | | | | | | | | This commit adds firmware partition compatible for the AVM FRITZ!Box 4020 and AVM FRITZ!WLAN Repeater 300E. This allows to select the correct mtdsplit parser instead of trying all available ones one by one. Signed-off-by: David Bauer <mail@david-bauer.net>
* ath79: Define firmware partition format to all boards where applicablePetr Štetiar2018-12-0637-0/+37
| | | | | | | | | | Parsing "firmware" partition (to create kernel + rootfs) was implemented using OpenWrt downstream code enabled by CONFIG_MTD_SPLIT_FIRMWARE. With recent upstream mtd changes we can do it in a more clean way for DTS targets. It just requires adding a proper "compatible" string to the "firmware" partition node. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ramips: fix dtc compiler warningsMathias Kresin2018-12-0611-38/+38
| | | | | | | | | | | | | | | | | The latest dtc compiler considers nodes named i2c or spi as the respective bus: /pinctrl/i2c: incorrect #address-cells for I2C bus /pinctrl/spi: incorrect #address-cells for SPI bus Rename the node to fix the false positives. Fix the spi node unit address for the DWR-512-B and UBNT-ER-e50 to get rid of the following warning: SPI bus unit address format error, expected "n" Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: mt76x8: select only the matching mt76 driverChen Minqiang2018-12-062-3/+9
| | | | | | | | | | | | | | | | | | | | | Select the matching mt76 driver for the PCI wireless of the following devices: - HiWiFi HC5861B - Mercury MAC1200R v2.0 - Netgear AC1200 R6120 - Buffalo WCR-1166DS - ZyXEL Keenetic Extra II - Wavlink WL-WN575A3 Because every device has selected the corresponding mt76 driver, we can include kmod-mt7603 instead of the mt76 metapackage, which used for the wireless of the mt7628 and mt7688 WiSoC. Signed-off-by: Chen Minqiang <ptpt52@gmail.com> [select kmod-mt7603 as target default package, add wireless driver for WL-WN575A3] Signed-off-by: Mathias Kresin <dev@kresin.me>
* ath79: rename qca9533.dtsi to qca953x.dtsiChuanhong Guo2018-12-068-11/+11
| | | | | | | | | qca9533 is a costdown version of qca9531 which doesn't have USB and PCIE. Rename the misleading dtsi names and fix the SoC type of gl-ar300m. Signed-off-by: Chuanhong Guo <gch981213@gmail.com> [apply the changes for the gl-x750 as well] Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: disable sdhc for HC5661AChuanhong Guo2018-12-062-5/+0
| | | | | | | | | | | | | Currently OpenWrt doesn't support switching MT7628 into AP mode (which is done by writing some undocumented registers in MTK SDK) Without doing so, enabling SD breaks 4 FE ports and the SD controller doesn't work since SD pins aren't configured correctly. Disable SDHC on HC5661A to recover the 4 FE ports. Signed-off-by: Chuanhong Guo <gch981213@gmail.com> [drop the sdhci node completely] Signed-off-by: Mathias Kresin <dev@kresin.me>
* glibc: update to latest 2.27 commit (BZ #23927)Hans Dedecker2018-12-061-2/+2
| | | | | | 9f433fc791 CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927] Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* apm821xx, ath79, ipq40xx, ipq806x, lantiq, ramips: base-files: Use generic ↵Petr Štetiar2018-12-066-273/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | diag.sh I wanted to add status LEDs support to my imx6 based board and have found out, that I could use diag.sh script found in ramips platform, which seems to be also shared in a few other platforms: 4801276bc2078c5bcf03003c831e3b0a target/linux/ramips/base-files/etc/diag.sh 4801276bc2078c5bcf03003c831e3b0a target/linux/ipq40xx/base-files/etc/diag.sh 4801276bc2078c5bcf03003c831e3b0a target/linux/ath79/base-files/etc/diag.sh And @chunkeey suggested to me, that I can also add lantiq, ipq806x and apm821xx to the list of platforms which could share this generic diag.sh. I've extended the base diag.sh in a way, that if it detects any of the DTS LED aliases, then it would use the generic DTS set_led_state code. The code in platform's diag.sh has moved to base-files package in this commit: base-files: diag.sh: Make it more generic towards DTS so it could be reused Signed-off-by: Petr Štetiar <ynezz@true.cz> Tested-by: Christian Lamparter <chunkeey@gmail.com> (apm821xx and ipq40xx)
* base-files: diag.sh: Make it more generic towards DTS so it could be reusedPetr Štetiar2018-12-061-2/+48
| | | | | | | | | | | | | | | | I wanted to add status LEDs support to my imx6 based board and have found out, that I could use diag.sh script found in ramips platform, which seems to be also shared in a few other platforms: 4801276bc2078c5bcf03003c831e3b0a target/linux/ramips/base-files/etc/diag.sh 4801276bc2078c5bcf03003c831e3b0a target/linux/ipq40xx/base-files/etc/diag.sh 4801276bc2078c5bcf03003c831e3b0a target/linux/ath79/base-files/etc/diag.sh So I've extended the base diag.sh in a way, that if it detects any of the DTS LED aliases, then it would use the generic DTS set_led_state code. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: add DT binding support to AVM EVA parserDavid Bauer2018-12-061-0/+6
| | | | | | | It allows selecting split-firmware parser directly by specifying image-format in the device-tree. Signed-off-by: David Bauer <mail@david-bauer.net>