Flash instruction:
1. Upload lede-ar71xx-generic-archer-c7-v4-squashfs-factory.bin via Web interface
Flash instruction using TFTP recovery:
1. Set PC to fixed ip address 192.168.0.66
2. Download lede-ar71xx-generic-archer-c7-v4-squashfs-factory.bin
and rename it to ArcherC7v4_tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.
Hauke Mehrtens [Wed, 18 Oct 2017 19:53:31 +0000 (21:53 +0200)]
brcm47xx: use kernel 4.9 by default
Kernel 4.9 is now working on the brcm47xx boards, we just recently fixed
the problem that some boards did not boot at all, by changing the memory
regions used to relocate the kernel to in the loader.
Felix Fietkau [Wed, 18 Oct 2017 20:46:29 +0000 (22:46 +0200)]
kernel: fix ftrace support on 4.9
When porting the kernel patches from 4.4 to 4.9, they were missing a
small chunk that ensures that ftrace sections are kept in the vmlinux
image, even when linked with --gc-sections
Hauke Mehrtens [Sun, 15 Oct 2017 19:43:59 +0000 (21:43 +0200)]
omap: Add support for kernel 4.9
This adds support for kernel 4.9 and replaces the kernel 4.4 support.
These are lynxis test results:
panda-board a3 - works, but no network, but master/4.4 doesn't have network either.
panda-board-a4 - u-boot SPL refuse to boot.
beaglebone-black - works
beagle-board - usb attached network doesn't come up and I doesn't have a serial around.
beagle-board-xm - ToDo: image code is missing.
Kernel 4.4 does not look better, so we merge this anyway.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Alexander Couzens <lynxis@fe80.eu>
Stijn Tintel [Wed, 18 Oct 2017 10:01:23 +0000 (13:01 +0300)]
hostapd: bump PKG_RELEASE
The previous commit did not adjust PKG_RELEASE, therefore the
hostapd/wpad/wpa_supplicant packages containing the AP-side workaround
for KRACK do not appear as opkg update.
Bump the PKG_RELEASE to signify upgrades to downstream users.
* noise: handshake constants can be read-only after init
* noise: no need to take the RCU lock if we're not dereferencing
* send: improve dead packet control flow
* receive: improve control flow
* socket: eliminate dead code
* device: our use of queues means this check is worthless
* device: no need to take lock for integer comparison
* blake2s: modernize API and have faster _final
* compat: support READ_ONCE
* compat: just make ro_after_init read_mostly
Assorted cleanups to the module, including nice things like marking our
precomputations as const.
* Makefile: even prettier output
* Makefile: do not clean before cloc
* selftest: better test index for rate limiter
* netns: disable accept_dad for all interfaces
Fixes in our testing and build infrastructure. Now works on the 4.14 rc
series.
* qemu: add build-only target
* qemu: work on ubuntu toolchain
* qemu: add more debugging options to main makefile
* qemu: simplify shutdown
* qemu: open /dev/console if we're started early
* qemu: phase out bitbanging
* qemu: always create directory before untarring
* qemu: newer packages
* qemu: put hvc directive into configuration
This is the beginning of working out a cross building test suite, so we do
several tricks to be less platform independent.
* tools: encoding: be more paranoid
* tools: retry resolution except when fatal
* tools: don't insist on having a private key
* tools: add pass example to wg-quick man page
* tools: style
* tools: newline after warning
* tools: account for padding being in zero attribute
Several important tools fixes, one of which suppresses a needless warning.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Stijn Tintel [Tue, 17 Oct 2017 13:35:03 +0000 (16:35 +0300)]
hostapd: add wpa_disable_eapol_key_retries option
Commit 2127425434046ae2b9f02fdbbdd37cac447af19c introduced an AP-side
workaround for key reinstallation attacks. This option can be used to
mitigate KRACK on the station side, in case those stations cannot be
updated. Since many devices are out there will not receive an update
anytime soon (if at all), it makes sense to include this workaround.
Unfortunately this can cause interoperability issues and reduced
robustness of key negotiation, so disable the workaround by default, and
add an option to allow the user to enable it if he deems necessary.
Stijn Tintel [Tue, 17 Oct 2017 13:24:14 +0000 (16:24 +0300)]
hostapd: backport extra changes related to KRACK
While these changes are not included in the advisory, upstream
encourages users to merge them.
See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html
Felix Fietkau [Tue, 17 Oct 2017 13:52:08 +0000 (15:52 +0200)]
Revert "ar71xx: Add GRO support to ag71xx"
This reverts commit 13e5e473699b92f171205e0f5c57c9ebe7922492.
This commit causes a severe regression in LAN->WAN routing performance
for several devices. This appears to be caused by the extra requirement
to validate the SKB checksum early in the rx path, which the ethernet
hardware does not do
Hauke Mehrtens [Mon, 16 Oct 2017 19:36:17 +0000 (21:36 +0200)]
at91: fix legacy build
The build system took the DTB_SIZE definition from Default and not from
production-dtb under some conditions. Move the size definitions to
Default now as it is only used in production-dtb anyway.
Move wireguard from openwrt/packages to base a package.
This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving
experimental kernel module that many find essential and useful. The
other is a VPN client. Both are inside of core. When you combine the two
characteristics, you get WireGuard. Generally speaking, because of the
extremely lightweight nature and "stateless" configuration of WireGuard,
many view it as a core and essential utility, initiated at boot time
and immediately configured by netifd, much like the use of things like
GRE tunnels.
WireGuard has a backwards and forwards compatible Netlink API, which
means the userspace tools should work with both newer and older kernels
as things change. There should be no versioning requirements, therefore,
between kernel bumps and userspace package bumps.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Acked-by: Jo-Philipp Wich <jo@mein.io> Acked-by: Felix Fietkau <nbd@nbd.name>
Hauke Mehrtens [Sun, 15 Oct 2017 12:33:56 +0000 (14:33 +0200)]
malta: activate some more standard kernel features
These options where deactivated in the malta kernel, take the default
options form the generic kernel configuration now to better match the
other targets.
Martin Schiller [Mon, 9 Oct 2017 06:26:01 +0000 (08:26 +0200)]
lantiq: xrx200: rename nas0/ptm0 to dsl0
This change makes it possible to configure the wan/dsl ppp interface
settings independantly from the used TC-Layer (ATM/PTM).
Now you can move a device from an ADSL/ATM port to an VDSL/PTM port
without any configuration changes for example.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[use the dsl0 interface name for the default netdev trigger in 01_led,
add ip dependency] Signed-off-by: Mathias Kresin <dev@kresin.me>
MACsec/IEEE 802.1AE is useful to secure communication to and
from endpoints at Layer 2.
Starting with 4.6, the linux kernel provides a universal
macsec driver for authentication and encryption of traffic
in a LAN, typically with GCM-AES-128, and optional replay
protection.
Note:
LEDE can utilize MACsec with a static connectivity association
key (static PSK) with the ip-full package installed.
<http://man7.org/linux/man-pages/man8/ip-macsec.8.html>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Daniel Engberg [Sat, 13 May 2017 14:38:56 +0000 (16:38 +0200)]
libs/libnl: Update to 3.3.0
Update libnl to 3.3.0
Import patches to fix compilation
Source: https://git.busybox.net/buildroot/tree/package/libnl
Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287
Use more automatic toolchain logic
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Ben Whitten [Mon, 18 Sep 2017 12:09:21 +0000 (13:09 +0100)]
at91: refresh kernel config, enable UBI block and DMA
The platform generates squashfs images in a UBI block but misses the
kernel module to be able to mount the block.
DMA is also enabled to allow systems which include them in the DTS to
use it.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Robert Marko [Thu, 5 Oct 2017 12:26:23 +0000 (14:26 +0200)]
ar71xx: add support for Mikrotik RB750P-PBr2
Specifications:
- SoC: Qualcomm QCA9531 (650MHz)
- RAM: 64MB
- Storage: 16MB NOR SPI flash
- Ethernet: 5x100M (1 PoE in, 4 PoE out)
- Outdoor use ready
This ethernet router is based on the same platform as the hEX PoE lite.
Installation
1. login to the Mikrotik WebUI to backup your licence keys
2. setup a DHCP/BOOTP Server with:
* DHCP-Option 66 (TFTP server name) pointing to a local TFTP
Server within the same subnet of the DHCP range
* DHCP-Option 67 (Bootfile-Name) matching the initramfs filename
of the to be booted image
3. connect the port labled internet to your local network
4. keep the reset button pushed down and power on the board
The board should load and start the initramfs image from the TFTP
Server. Login as root/without password to the started LEDE via ssh
listing on IPv4 address 192.168.1.1. Use sysupgrade to install LEDE.
Revert to RouterOS
Use the "rbcfg" package on in LEDE:
* rbcfg set boot_protocol bootp
* rbcfg set boot_device ethnand
* rbcfg apply
Open Netinstall and reboot routerboard. Now netinstall sees routerboard
and you can install RouterOS. If NetInstall gets stuck on Sending offer
just wait for it to timeout and then close and open Netinstall again.
Click on install again.
In order for RouterOS to function properly, you need to restore license
for the device. You can do that by including license in NetInstall
- MT7620A CPU
- 64 MB of RAM
- 16 MB of FLASH
- 802.11bgn WiFi
- 1x 10/100 Mbps Ethernet
- USB 2.0 Host
- UART for serial console
Flash instruction:
1. Download lede-ramips-mt7620-u25awf-h1-squashfs-sysupgrade.bin
2. Open webinterface a upgrade
3. After boot connect via ethernet to ip 192.168.1.1
Signed-off-by: Daniel Kucera <daniel.kucera@gmail.com>
[fix reset button gpio, don't add a lan/wan vlan config for single
port board, add -H1 suffix do make sure that this revision of the
board is supported/tested] Signed-off-by: Mathias Kresin <dev@kresin.me>
Flashing:
1. Hook into UART (9600 baud) and enter U-Boot. You may need to enter a
password of administrator or AhNf?d@ta06 if prompted.
2. Once in U-Boot, tftp boot the initramfs image:
dhcp;
tftpboot 0x1000000 192.168.1.101:lede-
mpc85xx-p1020-hiveap-330-initramfs.zImage;
tftpboot 0x6000000 192.168.1.101:lede-mpc85xx-p1020-hiveap-330.fdt;
bootm 0x1000000 - 0x6000000;
3. Once booted, scp over the sysupgrade file and sysupgrade the device
to flash LEDE to the NAND.
sysupgrade /tmp/lede-mpc85xx-p1020-hiveap-330-sysupgrade.img
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Chris Blake [Sat, 30 Sep 2017 16:14:20 +0000 (11:14 -0500)]
mpc85xx: Add cmdline override patch
This patch adds a new kernel option called CONFIG_CMDLINE_OVERRIDE. This
setting is for devices with locked down u-boot environments, where users
are unable to change the default bootargs. When set, the fdt driver will
propagate the cmdline for the kernel from chosen/bootargs-override
instead of chosen/bootargs as long as it exists within the DTB.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Added sama5 to BUILD_SUBTARGET variable.This will populate at91bootstrap
menu options in bootloader menu only when SAMA5 devices are selected as
SUBTARGET and to avoid showing up this menu when legacy device is
selected as SUBTARGET and fixed typo mistake: sama5d3 -> sama5d2.
Hauke Mehrtens [Fri, 13 Oct 2017 21:40:03 +0000 (23:40 +0200)]
uboot-at91: multiple build fixes
This fixes the following problems:
* Add BUILD_DEVICES for legacy subtarget
* Use features from u-boot.mk for sama5 subtarget This is mainly done
by changing the prefix from uboot to U-Boot. This makes them depend
on the sama5 subtarget and not selectable for the legacy subtarget
any more
This patch adds a parser for the uci representation of
dnsmasq's "-a | --listen-address" option.
In summary, this option forces dnsmasq to listen on the
given IP address(es). Both interface and listen-address
options may be given, in which case the set of both
interfaces and addresses is used.
Note that if no interface option is given, but listen_address is,
dnsmasq will not automatically listen on the loopback interface.
To achieve this, the loopback IP addresses, 127.0.0.1 and/or ::1
must be explicitly added.
This option is useful for ujailed dnsmasq instances, that would
otherwise fail to work properly, because listening to the
"This host on this network" address (aka 0.0.0.0 see rfc1700 page 4)
may not be allowed.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
Hauke Mehrtens [Thu, 12 Oct 2017 20:44:06 +0000 (22:44 +0200)]
ath10k-ct: activate user space firmware loading again
This backports a patch from kernel 4.14 to the ath10k-ct version based
on kernel 4.13.
Some devices are using a user space script to load the calibration data
from the flash and this was not trigged any more.
Ben Greear [Tue, 3 Oct 2017 22:45:37 +0000 (15:45 -0700)]
ath10k-ct driver: use dma_alloc_coherent, 4.13 based driver
This should help ath10k work on systems with little or no IOMMU
memory. apu2 can boot two 9888 NICs now, for instance. From
upstream patch by Adrian Chadd.
And, start building the 4.13 based CT ath10k driver.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Ben Greear [Mon, 2 Oct 2017 19:57:59 +0000 (12:57 -0700)]
ath10k-ct firmware: Tx-hang and EAPOL handling fixes for wave-2 firmware.
Changes since last LEDE release include:
* Fix key-setting bug that broke sending the EAPOL 2/4 in some cases. This was a
bug I introduced some time back while trying to fix .11r and simplify the key
handling logic. (Patch to wpa_supplicant fixed the race with sending the 4/4
and setting the key...un-patched supplicant will still have this race and the 4-way
auth will not work as reliably.)
* Increase amount of active-tids that can be scheduled. This fixes a tx-stall
seen with many station vdevs.
* Fix bug in upstream code that would cause the maximum peer to never be scheduled
for tx.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Yangbo Lu [Tue, 10 Oct 2017 11:17:37 +0000 (19:17 +0800)]
layerscape: only support 64-bit for ls1088ardb/ls2088ardb
This is no requirement and plan to support 32-bit for ls1088ardb
and ls2088ardb. Current 32-bit firmware for them couldn't work,
so only keep 64-bit support for these two boards in menuconfig.
Yangbo Lu [Tue, 10 Oct 2017 08:25:22 +0000 (16:25 +0800)]
layerscape: fix compile issue for usb ehci-fsl driver
When build firmware for layerscape target with CONFIG_ALL_NONSHARED=y,
there would be a compile issue of usb ehci-fsl driver. Actually this
driver was for PPC platforms initially and was not ready for non-PPC
now, but a kernel kconfig patch removed PPC dependency for it. So that
kernel patch should be reverted.
Hauke Mehrtens [Tue, 3 Oct 2017 16:02:59 +0000 (18:02 +0200)]
ar71xx: Add kernel 4.9 support
This add support for kernel 4.9 to the ar71xx target.
It was compile tested with the generic, NAND and mikrotik subtarget.
Multiple members of the community tested it on their boards and did not
report any major problem so far.
Especially the NAND part received some changes to adapt to the new
kernel APIs. The serial driver hack used for the Arduino Yun was not
ported because the kernel changed there a lot.
Hauke Mehrtens [Sun, 8 Oct 2017 16:31:03 +0000 (18:31 +0200)]
brcm47xx: relocate the stack in loader
By default we are reusing the stack provided by CFE, like it is intended
by CFE. On my WRT54GS it is located at 0x8043BF30, so a big kernel image
could overwrite it. Relocate it to a different memory region which is
still under the 8MB RAM, but in the higher area. We only need this
memory region for the stack of the loader, Linux will set up this
for its own.
Hauke Mehrtens [Sun, 8 Oct 2017 14:52:28 +0000 (16:52 +0200)]
brcm47xx: relocate loader to higher address
The boot process on a WRT54GL works the following way:
1. CFE gets loaded by the boot rom from flash
2. CFE loads the loader from the flash and gzip uncompresses it
3. CFE starts the loader
4. The loader stores the FW arguments and relocates itself to
BZ_TEXT_START (now 0x80600000)
5. The loader reads the Linux image from flash
6. The loader lzma decompresses the Linux image to LOADADDR (0x80001000)
7. The loader executes the uncompress Linux image at LOADADDR
The BZ_TEXT_START was set to 0x80400000 before. When the kernel gets
uncompressed and is bigger than BZ_TEXT_START - LOADADDR it overwrote
the loader which was currently uncompressing it and made the board
crash. Increase the BZ_TEXT_START my 2 MB to have more space for the
kernel. Even on 16MB RAM devices the memory goes till 0x80FFFFFF so this
should not be a problem.
ramips/mt76x8: add initramfs support for tplink 841n v13
The tplink 841n v13 requires an tplink v2 image header in
front of an initramfs image.
To boot an initramfs image:
- break the uboot by holding the '4' key
- setup your tftp server 192.168.0.255
- tftp 81000000 lede-ramips-mt76x8-tl-wr841n-v13-initramfs-kernel.bin
- bootm
net: uqmi: fix blocking in endless loops when unplugging device
If you unplug a QMI device, the /dev/cdc-wdmX device
disappears but uqmi will continue to poll it endlessly.
Then, when you plug it back, you have 2 uqmi processes,
and that's bad, because 2 processes talking QMI to the
same device [and the same time] doesn't seem to work well.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
There have been a number of interesting fixes in conntrack-tools since
the current latest release. Most notable is that this fixes IPv6
conntrack table syncing when cross-compiling conntrack-tools.
7e7748d src/main: refresh help message fe32043 conntrackd.8: refresh file 47a4dda conntrackd.8: add reference to systemd 0cfe7ff doc/manual: include some bits about init systems 74a418b conntrackd: cthelper: ftp: Set match offset/len for PORT mangling d833bed conntrackd: cthelper: ftp: Fix debug print dd4b5a1 conntrackd: cthelper: Add new mdns helper 498d698 Link nfct and helper modules with `-z lazy` 9e94e85 sync-mode: print errno message on failure ab81c35 log: print messages to stdout/sderr if running in console mode 631d92b log: introduce a mechanism to know if log was initialized ccb1c8b conntrackd: replace error reporting in the config parser with dlog() bee121e conntrackd: replace fprintf calls with dlog() 5a51b04 conntrack-tools: update Arturo Borrero Gonzalez email address abb9984 helper: remove copy and paste from uapi kernel header a91a004 src: add log message when resync is requested by other node c2d8be1 systemd: fix missing log.h include f6ca216 config: drop old/obsolete/deprecated conntrackd.conf config options 8b83771 conntrack: send mark filter to kernel iff set 1ba5e76 conntrackd: cthelper: Don't leak nat_tuple 832166d conntrackd: cthelper: Free pktb after use ff843bc conntrackd: config: Do not strdup() tokens b61c454 conntrackd: cthelper: ssdp: Track UPnP eventing 8ea394e conntrackd: Remove obsolete rule to catch ambiguous Checksum option 39398cd conntrackd: CommitTimeout breaks DisableExternalCache set On 29b390a conntrack: Support IPv6 NAT 381827a conntrackd: factorice tx_queue functions 131df89 conntrackd: factorize resync operations d31bacc conntrackd: consolidate more code to use resync_send() 3d98496 conntrackd: request resync at startup ef410bf conntrackd: remove use of HAVE_INET_PTON_IPV6 9d38445 conntrackd: evaluate configuration earlier 6feded7 conntrackd: cleanup if failed forking dbfdea7 conntrackd: deprecate unix backlog configuration 210f542 conntrackd: make the daemon run in RT mode by default 37cc7f0 conntrackd: remove warning for -S d2849d1 conntrack: Show multiple CPUs stats from proc bc0b49a conntrackd: cthelper: ssdp: fix build with musl 0c77a25 tests: don't fail on modprobe since the driver might be built-in eefe649 conntrack.8: refresh manpage
In order to build conntrack-tools from git, a newer version of
libnetfilter_conntrack is required. As 1.0.6 is currently the latest
release, switch to git.
b0a7cf7 include: expose a copy of nf_conntrack_common.h f68f7b3 conntrack: fix missing break in setobjopt_undo_dnat() 79dac5a conntrack: revert getobjopt_is_nat() condition b266523 libnetfilter_conntrack: bump version to 1.0.7 e870432 labels: don't crash on NULL labelmap
Stijn Tintel [Sun, 8 Oct 2017 18:46:44 +0000 (21:46 +0300)]
libnetfilter_queue: bump to git HEAD
b39cac7 src: Correct typo in the location of internal.h in #include 58cb066 src: Declare the define visibility attribute together e84b559 Revert "src: Declare the define visibility attribute together" 003c2b1 examples: set dummy connmark value to show use of NFQA_CT nested attribute 63973da doc: extend the doxygen section about NFQA_CFG_F_GSO d7f74c7 build: bump version to 1.0.3 3f9eb57 build: bump library release version too 601abd1 doc: Add information about retrieving UID/GID/SECCTX fields
The lantiq patch 0028-NET-lantiq-various-etop-fixes.patch and sunxi
patch 0051-stmmac-form-4-11.patch no longer applied after applying the
the "generalize napi_complete_done()" patch.
Update them so they apply, and refresh patches while at it.
Stijn Tintel [Sun, 8 Oct 2017 11:58:59 +0000 (14:58 +0300)]
kernel: split 82574L patch into multiple files
When refreshing patches that cointain multiple patches including headers
in a single file, quilt will remove the headers from all but the first
patch. This makes it difficult to review commits that refresh patches.
Next to that, if only a few of the patch series are accepted in -stable,
the patch needs to be manually modified. With each patch in a separate
file, it's just a matter of git rm.
Hauke Mehrtens [Sun, 8 Oct 2017 10:40:26 +0000 (12:40 +0200)]
kernel: Add some more generic config options
These options are deactivating some kernel modules for IP blocks not
uses on this SoC. I saw the same when working with the ARM64 Marvell
board so it is better to move them to generic.
projects / thirdparty / openwrt.git / log
