aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* binutils: update to version 2.34Felix Fietkau2020-08-063-1329/+19
| | | | | | Fixes perf on aarch64 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mt76: update to 2020-07-22Felix Fietkau2020-08-061-5/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7bc58ca2b375 mt76: add missing lock configuring coverage class 43febd452110 mt76: mt7615: fix lmac queue debugsfs entry 0b9975254694 mt76: mt7615: fix hw queue mapping 4058595e146e mt76: overwrite qid for non-bufferable mgmt frames 49c7131dd0c5 mt76: mt76x02: do not access uninitialized NAPI structs f185d90ec51c update mt7915 firmware to the latest version 0ed6a335ebc2 mt76: mt7615: re-enable offloading of sequence number assignment 2a52eabbddc5 mt76: usb: rely on mt76_for_each_q_rx 90fc1d8614e1 mt76: mt7663: introduce ARP filter offload b57223dd01b9 mt76: mt7615: fix up typo in Kconfig for MT7663U ec4057d685c0 mt76: add script for generating single-sku device tree data 769b030de636 mt76: add functions for parsing rate power limits from DT 1d2aedb248d0 mt76: extend DT rate power limits to support 11ax devices a3e17ff8e624 mt76: mt7615: implement support for using DT rate power limits a48a4ae32d48 mt76: allow more channels, allowed in ETSI domain 869ba618ef54 mt76: fix include in pci.h b1ddec840aa4 mt76: rely on register macros d6d9a7ea428d mt76: add U-APSD support on AP side ee13b78367db mt76: mt7615: fix EEPROM buffer size 82a94173b162 mt76: mt7915: add missing CONFIG_MAC80211_DEBUGFS c0dbbd930d32 mt76: mt7615: add .set_tsf callback 84d54df76996 mt76: mt7915: add a fixed AC queue mapping dacc2d29672d mt76: mt7915: add MU-MIMO support 1ce4660a0ea3 mt76: mt7915: use ieee80211_tx_queue_params to avoid open coded 53891242a682 mt76: mt7915: add support for DT rate power limits b3a4d78914f6 mt76: mt7915: rework the flow of txpower setting c6ea163c019b mt76: mt7915: directly read per-rate tx power from registers 8ae83adc73a8 mt76: mt7915: overwrite qid for non-bufferable mgmt frames 740b0bfdf279 mt76: mt76x2e: rename routines in pci.c b5eee1b52234 mt76: mt7615: schedule tx tasklet and sta poll on mac tx free 72f34107248e mt76: mt7615: add support for accessing mapped registers via bus ops 46bc8a0b5347 mt76: mt7615: add support for accessing RF registers via MCU 882cec420609 mt76: mt7615: use full on-chip memory address for WF_PHY registers b1ddb8e35ca2 mt76: vif_mask to struct mt76_phy 3a1ea7287eb2 mt76: add API for testmode support d7467bc018e5 mt76: mt7615: implement testmode support 3ea5da1639fe add utility for using testmode support 6789a2db7246 mt7615: fix getting wideband RSSI in test mode 7941217ffe46 mt76: mt7915: remove unused parameters in mt7915_puts_rate_txpower() 13ab1d648684 mt76: mt7915: update HE capabilities 3f0e66dc25de mt76: mt76x2: fix pci suspend/resume on mt7612e c605f2b6940b mt76: mt76x2u: enable HC-M7662BU1 ca2b797ee52d mt76: mt7915: avoid memcpy in rxv operation dad3f93e8f6a mt76: mt7615: avoid polling in fw_own for mt7663 ec303bfad299 mt76: move mt76 workqueue in common code 0bf82270568a mt76: mt7615: add mt7615_pm_wake utility routine 091e9b5df6af mt76: mt7615: introduce mt7615_mutex_{acquire,release} utilities e3850966d74c mt76: mt7615: wake device before accessing regmap in debugfs e6dcb71d7992 mt76: mt7615: wake device before configuring hw keys 050f8cd9cbe7 mt76: mt7615: introduce pm_power_save delayed work 56779a6c7dec mt76: mt7615: wake device in mt7615_update_channel before access regmap b0bcdd66ccaa mt76: mt7615: acquire driver_own before configuring device for suspend 58369fdce235 mt76: mt7615: wake device before performing freq scan 2c188db1f7c7 mt76: mt7615: add missing lock in mt7615_regd_notifier 6fdb20a025eb mt76: mt7615: run mt7615_mcu_set_wmm holding mt76 mutex 36a789c00e4f mt76: mt7615: run mt7615_mcu_set_roc holding mt76 mutex b8cdce45c131 mt76: mt7615: wake device before pulling packets from mac80211 queues 82e8e0525d6c mt76: mt7615: wake device before pushing frames in mt7615_tx 65ccc40c14e1 mt76: mt7615: run mt7615_pm_wake in mt7615_mac_sta_{add,remove} 2107caf92e71 mt76: mt7615: check MT76_STATE_PM flag before accessing the device 28a2f5fa6eed mt76: mt7615: do not request {driver,fw}_own if already granted 94519eac69c3 mt76: mt7615: add runtime-pm knob in mt7615 debugfs ccc90dafea66 mt76: mt7615: enable beacon hw filter for runtime-pm 29f2bebe1a1e mt76: mt7615: add idle-timeout knob in mt7615 debugfs 58057d1f232b mt76: mt7615: improve mt7615_driver_own reliability a873b7c8e3de mt76: mt7663u: sync probe sampling with rate configuration b469c59c616c mt76: mt7615: avoid scheduling runtime-pm during hw scan f1ff52acb6a7 mt76: mt7615: reschedule ps work according to last activity 1f670a534451 mt76: mt7663u: fix memory leak in set key afff00ad2b60 mt76: mt7663u: fix potential memory leak in mcu message handler 4c9309f47ddf mt76: mt7615: fix potential memory leak in mcu message handler 379445b4aa7f mt76: mt7915: potential array overflow in mt7915_mcu_tx_rate_report() 750797b61ba8 mt76: fix copy&paste error in mt76_testmode_cmd f9a7a2f7dbc2 testmode: fix setting tx_power 1641aa201682 mt76: mt7615: fix mt7615_mcu_set_test_param set non-bool parameters 6838d002f9de mt76: mt7615: fix tx_frames setup 8c0a25d6a38c mt76: mt7615: take into account sdio bus configuring txwi c0cbef79eb45 mt76: mt76u: add mt76_skb_adjust_pad utility routine 98412356c959 mt76: mt7615: sdio code must access rate/key regs in preocess context fa16627d7e3a mt76: mt7615: introduce mt7663-usb-sdio-common module bf88e70c7a68 mt76: introduce mt76_sdio module aa97be8e02de mt76: mt7615: introduce mt7663s support 1eb8b7d689a3 mt76: testmode: fix tx_done accounting on enqueue failures 632ce698e8ee mt76: mt7615: fix antenna settings for test mode 4d2f622190b6 mt76: mt76s: move queue accounting in mt76s_tx_queue_skb 9a3723c8febc mt76: mt7915: fix potential memory leak in mcu message handler 88fa973f59c2 mt76: mt7615: fix possible memory leak in mt7615_mcu_wtbl_sta_add 2fff7d77befd mt76: mt76u: add missing release on skb in __mt76x02u_mcu_send_msg b5df0fbb1847 mt7615: update firmware to version 20200629 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: make cfg80211 testmode support optional (and disabled by default)Felix Fietkau2020-08-061-1/+16
| | | | | | | Testmode commands are typically only used for manufacturing or vendor specific debugging features, so they should not be in the default image Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openvpn: fix arguments passing to wrapped up and down scriptsJo-Philipp Wich2020-08-062-2/+3
| | | | | | | | | | | | | With the introduction of the generic OpenVPN hotplug mechanism, wrapped --up and --down scripts got the wrong amount and order of arguments passed, breaking existing configurations and functionality. Fix this issue by passing the same amount of arguments in the same expected order as if the scripts were executed by the OpenVPN daemon directly. Ref: https://github.com/openwrt/openwrt/pull/1596#issuecomment-668935156 Fixes: 8fe9940db6 ("openvpn: add generic hotplug mechanism") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* add vfconfigJo-Philipp Wich2020-08-064-0/+292
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dsaconfig: introduce package for UCI configuration of VLAN filter rulesJo-Philipp Wich2020-08-064-0/+364
| | | | | | | | | | | | | | This package provides the necessary files to translate `config dsa_vlan` and `config dsa_port` sections of `/etc/config/network` into appropriate bridge vlan filter rules. The approach of the configuration is to bridge all DSA ports into a logical bridge device, called "switch0" by default, and to set VLAN port membership, tagging state and PVID as specified by UCI on each port and on the switch bridge device itself, allowing logical interfaces to reference port VLAN groups by using "switch0.N" as ifname, where N denotes the VLAN ID. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: update to the latest masterRafał Miłecki2020-08-051-3/+3
| | | | | | | | | | 212f836 ubus: rename JSON-RPC format related functions 628341f ubus: use local "blob_buf" in uh_ubus_handle_request_object() 9d663e7 ubus: use BLOBMSG_TYPE_UNSPEC for "params" JSON attribute 77d345e ubus: drop unused "obj" arguments 8d9e1fc ubus: parse "call" method params only for relevant call Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* wireguard: bump to 1.0.20200729Jason A. Donenfeld2020-08-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | * compat: rhel 8.3 beta removed nf_nat_core.h * compat: ipv6_dst_lookup_flow was ported to rhel 7.9 beta This compat tag adds support for RHEL 8.3 beta and RHEL 7.9 beta, in addition to RHEL 8.2 and RHEL 7.8. It also marks the first time that <https://www.wireguard.com/build-status/> is all green for all RHEL kernels. After quite a bit of trickery, we've finally got the RHEL kernels building automatically. * compat: allow override of depmod basedir When building in an environment with a different modules install path, it's not possible to override the depmod basedir flag by setting the DEPMODBASEDIR environment variable. * compat: add missing headers for ip_tunnel_parse_protocol This fixes compilation with some unusual configurations. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* package: replace remaining occurrences of ifconfig with ipAdrian Schmutzler2020-08-032-4/+4
| | | | | | | | ifconfig is effectively deprecated for quite some time now. Let's replace the remaining occurrences for packages by the corresponding ip commands now. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* openvpn: revise sample configurationMagnus Kroken2020-08-011-8/+75
| | | | | | | | | | | | | | Update the openvpn sample configurations to use modern options in favor of deprecated ones, suggest more sane default settings and add some warnings. * Add tls_crypt and ncp_disable to the sample configuration * Replace nsCertType with remote_cert_tls in client sample configuration * Comment out "option compress", compression should not be preferred * Advise 2048-bit Diffie-Hellman parameters by default * Add warnings about compression and use of Blowfish (BF-CBC) Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* uboot-envtools: ath79: add support for the Nanostation M (XM)Rui Salvaterra2020-08-011-0/+1
| | | | | | Tested on an AirGrid M2 (AG‑HP‑2G16). Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* wireguard-tools: allow compiling with MIPS16 instructionsRui Salvaterra2020-08-011-1/+0
| | | | | | | | | | | | | | | The wg utility compiles and runs without issues in MIPS16 mode, despite setting PKG_USE_MIPS16:=0 in the makefile. Let's remove this, allowing for a substantial size reduction of the wg executable. Since wg is a just a configuration utility, it shouldn't be performance-critical, as the crypto heavy-lifting is done on the kernel side. wg sizes for both modes: MIPS32: 64309 bytes MIPS16: 42501 bytes Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* exfat: add out of tree moduleRosen Penev2020-08-012-0/+77
| | | | | | | | | | | | | | | | | | | | | | | | | >From an email conversation with the person responsible for upstreaming the exFAT driver, it seems the staging one in kernel 5.4 is not so good. Excerpts below. Namjae Jeon: Hm... exfat in 5.4 kernel that we did crap shit long time ago is contributed by someone who we don't know. This version is unstable and low quality code. We have been improving it continuously. and staging version exfat is removed from linux 5.7 kernel. linux exfat oot version is a backport of exfat in linux 5.7 kernel to support lower version kernel, and it is a real. You can see the patch history fro linux-exfat-oot. this version support timezone and boot sector verification feature newly. and better filesystem structure and much clean code quality that reviewed by high profile kernel developers. and add many bug fixes. And this version is officially maintained by me and kernel guys. I would not recommend to use staging exfat version. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* staging: remove staging exfat driverRosen Penev2020-08-011-24/+0
| | | | | | This will be replaced with the driver found in newer kernels. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* mac80211: don't kill wireless daemon on teardownDavid Bauer2020-07-311-2/+0
| | | | | | | | Don't kill the wireless daemon on teardown. hostapd as well as wpa_supplicant are managed by procd which would detect the shutdown of either process as a crash loop. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: fix incorrect service nameDavid Bauer2020-07-312-2/+2
| | | | | | | | | | | | | | When retrieving the PID for hostapd and wpa_supplicant via ubus the wrong service name is currently used. This leads to the following error in the log: netifd: radio0 (1409): WARNING (wireless_add_process): executable path /usr/sbin/wpad does not match process path (/proc/exe) Fixing the service name retrieves the correct PID and therefore the warning won't occur. Signed-off-by: David Bauer <mail@david-bauer.net>
* kirkwood: use real model names for Linksys devicesAdrian Schmutzler2020-07-311-2/+3
| | | | | | | | | | | | This replaces the internal device names "Audi" and "Viper" with the real model names, which a user would look for. This makes the Linksys devices on this target consistent with the names recently changed for mvebu based on the same idea. As a consequence, the "viper" device definition is split into two separate definitions with the correct names for both real models. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* base-files: mount bpffs at bootTony Ambardar2020-07-312-1/+2
| | | | | | | | | | Explicitly mount the BPF filesystem if available. This is used for pinning eBPF programs and maps, making them accessible to other eBPF programs or from userspace with the help of libbpf or bpftool. Signed-off-by: Tony Ambardar <itugrok@yahoo.com> [daniel@makrotopia.org: bumped PKG_RELEASE] Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: reorganize config selection hierarchy for WPA3Adrian Schmutzler2020-07-311-16/+18
| | | | | | | | | | | | | | | | | | The current selection of DRIVER_MAKEOPTS and TARGET_LDFLAGS is exceptionally hard to read. This tries to make things a little easier by inverting the hierarchy of the conditions, so SSL_VARIANT is checked first and LOCAL_VARIANT is checked second. This exploits the fact that some of the previous conditions were unnecessary, e.g. there is no hostapd-mesh*, so we don't need to exclude this combination. It also should make it a little easier to see which options are actually switched by SSL_VARIANT and which by LOCAL_VARIANT. The patch is supposed to be cosmetic. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* base-files: fwtool: make compat_version backward compatibleAdrian Schmutzler2020-07-311-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So far, the compatibility mechanism only works if both device and image are already updated to the new routines. This patch extends the sysupgrade metadata and fwtool_check_image() to account for "older" images as well: The basic mechanism for older devices to check for image compatibility is the supported_devices entry. This can be exploited by putting a custom message into this variable of the metadata, so older FW will produce a mismatch and print the message as it thinks it's the list of supported devices. So, we have two cases: device 1.0, image 1.0: The metadata will just contain supported_devices as before. device 1.0, image 1.1: The metadata will contain: "new_supported_devices":["device_string1", "device_string2", ...], "supported_devices":["Image version 1.1 incompatible to device: ..."] If the device is "legacy", i.e. does not have the updated fwtool.sh, it will just fail with image check and print the content of supported_devices. If DEVICE_COMPAT_MESSAGE is set, this will be printed on old devices as well through the same mechanism. Otherwise a generic "Please check documentation ..." is appended. Upgrade can still be performed with -F like when SUPPORTED_DEVICES has been removed to prevent bricking. If the device has updated fwtool.sh (but is 1.0), it will just use the new_supported_devices instead, and work as intended (flashing with -n will work, flashing without will print the appropriate warning). This mechanism should provide a fair tradeoff between simplicity and functionality. Since we touched a lot of fields in metadata, this also bumps metadata_version to 1.1. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* base-files: fwtool: implement compatibility check for imagesAdrian Schmutzler2020-07-311-1/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We regularly encounter the situation that devices are subject to changes that will make them incompatible to previous versions. Removing SUPPORTED_DEVICES will not really be helpful in most of these cases, as this only helps after a rename. To solve this situation, this patchset introduces a compatibility version for devices. In this patch, the actual checks are implemented into fwtool_check_image(): If an incompatible change is introduced, one can increase either the minor version (1.0->1.1) or the major version (1.0->2.0). Minor version increment: This will still allow sysupgrade, but require to reset config (-n or SAVE_CONFIG=0). If sysupgrade is called without -n, a corresponding message will be printed. If sysupgrade is called with -n, it will just pass, with supported devices being checked as usual. (Which will allow us to add back SUPPORTED_DEVICES for many cases.) Major version increment: This is meant for potential (rare) cases where sysupgrade is not possible at all, because it would break the device. In this case, a warning will be printed, and -n won't help. If image check fails because of one of the versions parts not matching, the content of DEVICE_COMPAT_MESSAGE is printed in addition to the generic message (if set). For both cases, upgrade can still be forced with -F as usual. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* base-files: add support for compat_version on deviceAdrian Schmutzler2020-07-312-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We regularly encounter the situation that devices are subject to changes that will make them incompatible to previous versions. Removing SUPPORTED_DEVICES will not really be helpful in most of these cases, as this only helps after a rename. To solve this situation, this patchset introduces a compatibility version for devices. To complement the DEVICE_COMPAT_VERSION set for the image to be flashed, this implements a compat_version on the device, so it will have something to compare with the image. The only viable way to achieve this seems to be via board.d files, i.e. this is technically adding a compat version for the device's config. Like for the network setup, this will set up a command ucidef_set_compat_version to set the compat_version in board.d. This will then add a string to /etc/board.json, which will be translated into uci system config by bin/config_generate. By this, the compat_version, being a version of the config, will also be exposed to the user. As with DEVICE_COMPAT_VERSION, missing uci entry will be assumed as compat_version "1.0", so we only need to add this if a device needs to be bumped, e.g. ucidef_set_compat_version "1.1" Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* procd: update to git HEADDaniel Golle2020-07-301-3/+3
| | | | | | | 28be011 instance: make sure values are not inherited from previous runs 2ae5cbc uxc: remove debugging left-over Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: improve TITLE for packagesAdrian Schmutzler2020-07-301-27/+33
| | | | | | | | | | | | | | For a few packages, the current TITLE is too long, so it is not displayed at all when running make menuconfig. Despite, there is no indication of OpenSSL vs. wolfSSL in the titles. Thus, this patch adjusts titles to be generally shorter, and adds the SSL variant to it. While at it, make things easier by creating a shared definition for eapol-test like it's done already for all the other flavors. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* hostapd: update mesh DFS patches and add mesh HE supportDaniel Golle2020-07-3034-190/+1440
| | | | | | | | | | | | | | | | Drop outdated and by now broken patchset originally supplied by Peter Oh in August 2018 but never merged upstream. Instead add the more promissing rework recently submitted by Markus Theil who picked up Peter's patchset, fixed and completed it and added support for HE (802.11ax) in mesh mode. This is only compile tested and needs some real-life testing. Fixes: FS#3214 Fixes: 167028b750 ("hostapd: Update to version 2.9 (2019-08-08)") Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed") Fixes: 017320ead3 ("hostapd: bring back mesh patches") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2020-07-291-3/+3
| | | | | | | | | | | c3ca99f jail: serialize hook execution 8ff8970 jail: add some remaining OCI features 9d5fa0a uxc: behave more like a compliant OCI run-time 1274033 uxc: fix create operation 2d811a4 jail: add 'kill' method to container.%s object 08133b8 uxc: use new container.%s kill ubus API Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: add function for generating random MACDavid Bauer2020-07-282-1/+13
| | | | | | | | | | This adds a function for generating a valid random MAC address (unset MC bit / set locally administered bit). It is necessary for devices which do not have a MAC address programmed by the manufacturer. Signed-off-by: David Bauer <mail@david-bauer.net>
* uboot-rockchip: add NanoPi R2S supportDavid Bauer2020-07-285-2/+812
| | | | | | Add support for the FriendlyARM NanoPi R2S. Signed-off-by: David Bauer <mail@david-bauer.net>
* uboot-rockchip: update to v2020.07David Bauer2020-07-282-3/+26
| | | | | | | | | Update the U-Boot to version v2020.07. Also replace the Makefile rewrite with a proper patch, explaining why this hack is needed. Run-tested: FriendlyARM NanoPi R2S Signed-off-by: David Bauer <mail@david-bauer.net>
* atf-rockchip: update to 2.3Lucian Cristian2020-07-282-4/+4
| | | | | | | | also install the firmware for all the supported boards Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com> [fix ATF blob path in uboot-rockchip] Signed-off-by: David Bauer <mail@david-bauer.net>
* imx6: use device-tree compatible for board nameAdrian Schmutzler2020-07-271-5/+31
| | | | | | | | | | | | | | In imx6, we currently use the model from DTS to derive a board name manually in /lib/imx6.sh. However, if we have individual DTS files anyway, we can exploit generic 02_sysinfo and use the compatible as board name directly. While at it, remove the wildcards from /lib/upgrade/platform.sh as these might make code shorter, but are quite unpleasant when grepping for a specific device. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* layerscape: harmonize device stringsAdrian Schmutzler2020-07-2719-123/+108
| | | | | | | | | | | | | | | | | | | | OpenWrt lately has harmonized device (definition) names to the pattern vendor_model to improve overall consistency, also with other values like the DTS compatible. This patch applies that scheme to the layerscape target. Since this (intentionally) creates a bigger overlap between DTS names, compatible, and device definition name, it also moves DEVICE_DTS and SUPPORTED_DEVICES definitions to the Device/Default blocks. Apart from that, it also modifies several packages to use consistent naming in order to keep the $(1) file references working. While at it, remove one layer of complexity for the setup in tfa-layerscape package. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* firewall: bump to version 2020-07-05Yousong Zhou2020-07-261-3/+3
| | | | | | | | | | | | | | | Changes since last source version e9b90df zones: apply tcp mss clamping also on ingress path 050816a redirects: fix segmentation fault f62a52b treewide: replace unsafe string functions 23cc543 improve reload logic 9d7f49d redurects: add support to define multiple zones for dnat reflection rules f87d0b0 firewall3: defaults: fix uci flow_offloading option fe9602c rules: fix typo 7cc2a84 defaults: robustify flow table detection. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* mediatek: add U-Boot build for UniElec U7623David Woodhouse2020-07-264-7/+391
| | | | | | | | | Patches submitted upstream at https://patchwork.ozlabs.org/project/uboot/list/?series=189178 Tested on Banana Pi R2 and U7623-06. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
* mac80211: util: don't warn on missing sband iftype dataDavid Bauer2020-07-251-0/+28
| | | | | | | | | | | The kernel currently floods the ringbuffer with warnings when adding a mesh interface for a device not support HE 6GHz modes. Return without warning in this case, as mesh_add_he_6ghz_cap_ie calls ieee80211_ie_build_he_6ghz_cap regardless of the supported interface modes. Signed-off-by: David Bauer <mail@david-bauer.net>
* procd: jail: fix build on glibc and uclibcDaniel Golle2020-07-251-3/+3
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEADDaniel Golle2020-07-251-3/+3
| | | | | | | | 48777de rcS: cast format string to int64_t a4df90f jail: fix wrong format for 32-bit c482c5d jail: add support for referencing existing namespaces Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* cake-oot: update to latest HEADKevin Darbyshire-Bryant2020-07-241-3/+3
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* mac80211: Update to version 5.8-rc2-1Hauke Mehrtens2020-07-2341-410/+687
| | | | | | | | | | | | | | | | | | | | | | | | The following patches: * 972-ath10k_fix-crash-due-to-wrong-handling-of-peer_bw_rxnss_override-parameter.patch * 973-ath10k_fix-band_center_freq-handling-for-VHT160-in-recent-firmwares.patch are replaced by this commit in the upstream kernel: * 3db24065c2c8 ("ath10k: enable VHT160 and VHT80+80 modes") The following patches were applied upstream: * 001-rt2800-enable-MFP-support-unconditionally.patch * 090-wireless-Use-linux-stddef.h-instead-of-stddef.h.patch The rtw88 driver is now split into multiple kernel modules, just put it all into one OpenWrt kernel package. rtl8812au-ct was patched to compile against the mac80211 from kernel 5.8, but not runtime tested. Add a patch which fixes ath10k on IPQ40XX, this patch was send upstream and fixes a crash when loading ath10k on this SoC. Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq40xx/ map-ac2200] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Update to version 5.7.5-1Hauke Mehrtens2020-07-2312-23/+23
| | | | | | The b43 and b43legacy driver now support DRIVER_11W_SUPPORT. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uboot-mediatek: remove swig requirementRosen Penev2020-07-232-1/+26
| | | | | | | | | Ever since this package was introduced, the SDK for mt7629 failed to build as it started failing on this package. Fixed by porting Hauke's similar patch for uboot-sunxi to uboot-mediatek. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openvpn: Allow override of interface nameMichal Hrusecky2020-07-232-2/+37
| | | | | | | | | | | If using a configuration file for OpenVPN, allow overriding name of the interface. The reason is that then people could use configuration file provided by VPN provider directly and override the name of the interface to include it in correct firewall zone without need to alter the configuration file. Signed-off-by: Michal Hrusecky <michal@hrusecky.net> (cherry picked from commit c93667358515ec078ef4ac96393623ac084e5c9e)
* openpvn: Split out config parsing code for reuseMichal Hrusecky2020-07-233-13/+23
| | | | | | | | Split out code that parses openvpn configuration file into separate file that can be later included in various scripts and reused. Signed-off-by: Michal Hrusecky <michal@hrusecky.net> (cherry picked from commit 86d8467c8ab792c79809a08c223dd9d40da6da2e)
* kmod-sched-cake-oot: fix PKG_MIRROR_HASHKevin Darbyshire-Bryant2020-07-221-1/+1
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* umdns: fix compiling using gcc 10Kevin Darbyshire-Bryant2020-07-221-3/+3
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: enter DFS state if no available channel is foundDavid Bauer2020-07-201-0/+37
| | | | | | | | | | | Previously hostapd would not stop transmitting when a DFS event was detected and no available channel to switch to was available. Disable and re-enable the interface to enter DFS state. This way, TX does not happen until the kernel notifies hostapd about the NOP expiring. Signed-off-by: David Bauer <mail@david-bauer.net>
* mac80211: create channel list for fixed channel operationDavid Bauer2020-07-201-0/+3
| | | | | | | | | | | | Currently a device which has a DFS channel selected using the UCI channel setting might switch to a non-DFS channel in case no chanlist is provided (UCI setting "channels") when the radio detects a DFS event. Automatically add a chanlist consisting of the configured channel when the device does not operate in auto-channel mode and no chanlist set to circumvent this issue. Signed-off-by: David Bauer <mail@david-bauer.net>
* vxlan: add capability for multiple fdb entriesJohannes Kimmel2020-07-202-2/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Similar to wireguard, vxlan can configure multiple peers or add specific entries to the fdb for a single mac address. While you can still use peeraddr/peer6addr option within the proto vxlan/vxlan6 section to not break existing configurations, this patch allows to add multiple sections that conigure fdb entries via the bridge command. As such, the bridge command is now a dependency of the vxlan package. (To be honest without the bridge command available, vxlan isn't very much fun to use or debug at all) Field names are taken direclty from the bridge command. Example with all supported parameters, since this hasn't been documented so far: config interface 'vx0' option proto 'vxlan6' # use vxlan over ipv6 # main options option ip6addr '2001:db8::1' # listen address option tunlink 'wan6' # optional if listen address given option peer6addr '2001:db8::2' # now optional option port '8472' # this is the standard port under linux option vid '42' # VXLAN Network Identifier to use option mtu '1430' # vxlan6 has 70 bytes overhead # extra options option rxcsum '0' # allow receiving packets without checksum option txcsum '0' # send packets without checksum option ttl '16' # specifies the TTL value for outgoing packets option tos '0' # specifies the TOS value for outgoing packets option macaddr '11:22:33:44:55:66' # optional, manually specify mac # default is a random address Single peer with head-end replication. Corresponds to the following call to bridge: $ bridge fdb append 00:00:00:00:00:00 dev vx0 dst 2001:db8::3 config vxlan_peer option vxlan 'vx0' option dst '2001:db8::3' # always required For multiple peers, this section can be repeated for each dst address. It's possible to specify a multicast address as destination. Useful when multicast routing is available or within one lan segment: config vxlan_peer option vxlan 'vx0' option dst 'ff02::1337' # multicast group to join. # all bum traffic will be send there option via 'eth1' # for multicast, an outgoing interface needs # to be specified All available peer options for completeness: config vxlan_peer option vxlan 'vx0' # the interface to configure option lladdr 'aa:bb:cc:dd:ee:ff' # specific mac, option dst '2001:db8::4' # connected to this peer option via 'eth0.1' # use this interface only option port '4789' # use different port for this peer option vni '23' # override vni for this peer option src_vni '123' # see man 3 bridge Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
* vxlan: remove mandatory peeraddrJohannes Kimmel2020-07-201-12/+0
| | | | | | | | | | vxlan can be configured without a peer address. This is used to prepare an interface and add peers later. Fixes: FS#2743 Signed-off-by: Johannes Kimmel <fff@bareminimum.eu> Acked-by: Matthias Schiffer <mschiffer@universe-factory.net>
* dnsmasq: bump to 2.82Kevin Darbyshire-Bryant2020-07-202-13/+13
| | | | | | | | | This fixes a nasty problem introduced in 2.81 which causes random crashes on systems where there's significant DNS activity over TCP. It also fixes DNSSEC validation problems with zero-TTL DNSKEY and DS records. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>