Andre Heider [Sat, 12 Nov 2022 08:50:36 +0000 (09:50 +0100)]
scripts: fix dl_cleanup.py argument handling
The -w|--whitelist and -D|--download-dir arguments pass an additional value,
properly evaluate that.
Also allow to pass the download directory without -D|--download-dir, just as
the usage describes.
Finally fix spitting out the wrong error messages about those args.
Ruckus ZoneFlex 7025 is a single 2.4GHz radio 802.11n 1x1 enterprise
access point with built-in Ethernet switch, in an electrical outlet form factor.
Hardware highligts:
- CPU: Atheros AR7240 SoC at 400 MHz
- RAM: 64MB DDR2
- Flash: 16MB SPI-NOR
- Wi-Fi: AR9285 built-in 2.4GHz 1x1 radio
- Ethernet: single Fast Ethernet port inside the electrical enclosure,
coupled with internal LSA connector for direct wiring,
four external Fast Ethernet ports on the lower side of the device.
- PoE: 802.3af PD input inside the electrical box.
802.3af PSE output on the LAN4 port, capable of sourcing
class 0 or class 2 devices, depending on power supply capacity.
- External 8P8C pass-through connectors on the back and right side of the device
- Standalone 48V power input on the side, through 2/1mm micro DC barrel jack
Serial console: 115200-8-N-1 on internal JP1 header.
Pinout:
---------- JP1
|5|4|3|2|1|
----------
Pin 1 is near the "H1" marking.
1 - RX
2 - n/c
3 - VCC (3.3V)
4 - GND
5 - TX
Installation:
There are two methods of installation:
- Using serial console [1] - requires some disassembly, 3.3V USB-Serial
adapter, TFTP server, and removing a single T10 screw,
but with much less manual steps, and is generally recommended, being
safer.
- Using stock firmware root shell exploit, SSH and TFTP [2]. Does not
work on some rare versions of stock firmware. A more involved, and
requires installing `mkenvimage` from u-boot-tools package if you
choose to rebuild your own environment, but can be used without
disassembly or removal from installation point, if you have the
credentials.
If for some reason, size of your sysupgrade image exceeds 13312kB,
proceed with method [1]. For official images this is not likely to
happen ever.
[1] Using serial console:
0. Connect serial console to H1 header. Ensure the serial converter
does not back-power the board, otherwise it will fail to boot.
1. Power-on the board. Then quickly connect serial converter to PC and
hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
you'll enter U-boot shell. Then skip to point 3.
Connection parameters are 115200-8-N-1.
2. Allow the board to boot. Press the reset button, so the board
reboots into U-boot again and go back to point 1.
3. Set the "bootcmd" variable to disable the dual-boot feature of the
system and ensure that uImage is loaded. This is critical step, and
needs to be done only on initial installation.
> setenv bootcmd "bootm 0x9f040000"
> saveenv
4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed:
[2] Using stock root shell:
0. Reset the device to factory defaullts. Power-on the device and after
it boots, hold the reset button near Ethernet connectors for 5
seconds.
1. Connect the device to the network. It will acquire address over DHCP,
so either find its address using list of DHCP leases by looking for
label MAC address, or try finding it by scanning for SSH port:
$ nmap 10.42.0.0/24 -p22
From now on, we assume your computer has address 10.42.0.1 and the device
has address 10.42.0.254.
2. Set up a TFTP server on your computer. We assume that TFTP server
root is at /srv/tftp.
3. Obtain root shell. Connect to the device over SSH. The SSHD ond the
frmware is pretty ancient and requires enabling HMAC-MD5.
Locate partitions for primary and secondary firmware image.
NEVER blindly copy over MTD nodes, because MTD indices change
depending on the currently active firmware, and all partitions are
writable!
# grep rcks_wlan /proc/mtd
Copy over both images using TFTP, this will be useful in case you'd
like to return to stock FW in future. Make sure to backup both, as
OpenWrt uses bot firmwre partitions for storage!
When the command finishes, copy over the dump to a safe place for
storage.
$ cp /srv/tftp/ruckus_zf7025_firmware{1,2}.bin ~/
5. Ensure the system is running from the BACKUP image, i.e. from
rcks_wlan.bkup partition or "image 2". Otherwise the installation
WILL fail, and you will need to access mtd0 device to write image
which risks overwriting the bootloader, and so is not covered here
and not supported.
Switching to backup firmware can be achieved by executing a few
consecutive reboots of the device, or by updating the stock firmware. The
system will boot from the image it was not running from previously.
Stock firmware available to update was conveniently dumped in point 4 :-)
6. Prepare U-boot environment image.
Install u-boot-tools package. Alternatively, if you build your own
images, OpenWrt provides mkenvimage in host staging directory as well.
It is recommended to extract environment from the device, and modify
it, rather then relying on defaults:
Now, write the images in place. Write U-boot environment last, so
unit still can boot from backup image, should power failure occur during
this. Replace MTD placeholders with real MTD nodes:
Finally, reboot the device. The device should directly boot into
OpenWrt. Look for the characteristic power LED blinking pattern.
# reboot -f
After unit boots, it should be available at the usual 192.168.1.1/24.
Return to factory firmware:
1. Boot into OpenWrt initramfs as for initial installation. To do that
without disassembly, you can write an initramfs image to the device
using 'sysupgrade -F' first.
2. Unset the "bootcmd" variable:
fw_setenv bootcmd ""
3. Concatenate the firmware backups, if you took them during installation using method 2:
3. Write factory images downloaded from manufacturer website into
fwconcat0 and fwconcat1 MTD partitions, or restore backup you took
before installation:
# mtd write ruckus_zf7025_backup.bin /dev/mtd1
4. Reboot the system, it should load into factory firmware again.
Quirks and known issues:
- Flash layout is changed from the factory, to use both firmware image
partitions for storage using mtd-concat, and uImage format is used to
actually boot the system, which rules out the dual-boot capability.
- The 2.4 GHz radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
OpenWrt by choice.
It is controlled by data in the top 64kB of RAM which is unmapped,
to avoid the interference in the boot process and accidental
switch to the inactive image, although boot script presence in
form of "bootcmd" variable should prevent this entirely.
- On some versions of stock firmware, it is possible to obtain root shell,
however not much is available in terms of debugging facitilies.
1. Login to the rkscli
2. Execute hidden command "Ruckus"
3. Copy and paste ";/bin/sh;" including quotes. This is required only
once, the payload will be stored in writable filesystem.
4. Execute hidden command "!v54!". Press Enter leaving empty reply for
"What's your chow?" prompt.
5. Busybox shell shall open.
Source: https://alephsecurity.com/vulns/aleph-2019014
Lech Perczak [Mon, 10 Aug 2020 19:40:37 +0000 (21:40 +0200)]
uboot-envtools: ath79: add support for Ubiquiti XM devices
Inspired by commit 9565c5726a34da7c9c953d2293b70fdbfef0e0be, and by
facts that all Ubiquiti XM devices share flash layout, and images are
mostly compatible between all of them - enable uboot-envtools support for
whole XM line.
Flash instructions:
OpenWrt can be installed via D-Link Recovery GUI:
Push and hold reset button (on the bottom of the device) until power led starts flashing (about 10 secs or so) while plugging in the power cable.
Give it ~30 seconds, to boot the recovery mode GUI
Connect your client computer to LAN1 of the device
Set your client IP address manually to 192.168.0.2 / 255.255.255.0.
Call the recovery page for the device at http://192.168.0.1/
Use the provided emergency web GUI to upload and flash a new firmware to the device
Daniel Fuchs [Tue, 25 Oct 2022 01:13:30 +0000 (01:13 +0000)]
ramips: add support for Amped Wireless B1200EX
This device is almost identical to the already supported Edimax
EW-7476RP5, the only differences are:
- There is no mode selection slider switch on this device
- The two wireless LEDs are green instead of blue
- Model name in the CSYS header is RN10
Additional changes:
- Moved WiFi LEDs and the slider switch to the individual dt files
- Added ieee80211-freq-limit to the mt7612e radio to properly disable
2.4GHz band on this radio
Device specifications:
SoC: MediaTek MT7620a @ 580MHz
RAM: 64M (Winbond W9751G6KB-25)
FLASH: 8MB (Macronix)
WiFi: SoC-integrated: MediaTek MT7620a bgn
WiFi: MediaTek MT7612EN nac
GbE: 1x (RTL8211E)
BTN: WPS/RESET
LED: - WiFi 5G (green)
- WiFi 2.4G (green)
- Signal Strength (green)
- Power (green)
- WPS (green)
- LAN (green)
UART: UART is present as Pads with throughholes on the PCB. They are
located next to the WPS button
3.3V - RX - GND - TX / 57600-8N1
3.3V is the square pad
Installation:
Upload the sysupgrade image via the default web interface
Signed-off-by: Daniel Fuchs <software@sagacioussuricata.com>
Installation
-----------------
1. Remove dots from the OpenWrt factory image filename
2. Login to the router web interface
3. Update firmware using web interface with the OpenWrt factory image
4. If OpenWrt is booted, then no further steps are required. Enjoy!
Otherwise (Stock firmware has booted again) proceed to the next step.
5. Update firmware using web interface with any version of the Stock
firmware
6. Update firmware using web interface with the OpenWrt factory image
Revert to stock
---------------
Change bootflag to Sercomm1 in OpenWrt CLI and then reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
Recovery
--------
Use sercomm-recovery tool. Link: https://github.com/danitool/sercomm-recovery
MAC Addresses
-------------
+-----+------------+------------+
| use | address | example |
+-----+------------+------------+
| LAN | label | *:72, *:d2 |
| WAN | label + 11 | *:7d, *:dd |
| 2g | label + 2 | *:74, *:d4 |
| 5g | label + 3 | *:75, *:d5 |
+-----+------------+------------+
The label MAC address was found in Factory 0x21000
Andrew Ammerlaan [Sun, 30 Oct 2022 14:56:14 +0000 (15:56 +0100)]
procd: service: pass all arguments to service
Passing all arguments to /etc/init.d/$service restores the
behaviour of openwrt 21.02. This is relevant for services
such as etherwake which take more then one argument, e.g.:
"service etherwake start <list of devices to wake>"
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
Lech Perczak [Thu, 6 Oct 2022 22:56:00 +0000 (00:56 +0200)]
ipq40xx: dts: remove leftover nodes after DSA conversion
Remove ess-psgmii@98000, edma@c080000 and ess-switch@c000000 nodes.
These nodes are not used after the DSA conversion, but were left over
in a few devices added recently.
ZTE MF289F is omitted on purpose, as for it, these nodes will be removed
together with DSA conversion.
Build tested only, as I only have MF286D from those devices.
Reviewed-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Sven Eckelmann [Mon, 24 Oct 2022 16:55:44 +0000 (18:55 +0200)]
ipq40xx: Convert plasmacloud,pa2200 to DSA
* ethernet1:
- physical port label "Ethernet 1"
- its mac address is printed on the device label
* ethernet2:
- physical port label "Ethernet 2"
- can be used to power the device
Both ports are not marked by there role (because the vendor firmware
automatically detects roles) but the "Ethernet 2" port was used in the past
for "WAN" functionality in OpenWrt.
Tested-by: Michaël BILCOT <michael.bilcot@gmail.com> Signed-off-by: Sven Eckelmann <sven@narfation.org>
Sven Eckelmann [Tue, 25 Oct 2022 07:12:16 +0000 (09:12 +0200)]
ipq40xx: utilize nvmem-cells for plasmacloud,pa2200
The calibration data and mac addresses on this device are stored in the
0:ART partition. It is therefore possible to move the code to handle them
directly to the devicetree instead of the various scripts.
But the actual relevant information about the partition layout is provided
by the bootloader via bootargs (mtdparts) and not via the devicetree
itself. Instead of using a fixed-partition template, the mtd dynamic
partitions support from the upstream kernel is used.
Reported-by: Robert Marko <robert.marko@sartura.hr> Tested-by: Michaël BILCOT <michael.bilcot@gmail.com> Signed-off-by: Sven Eckelmann <sven@narfation.org>
Sven Eckelmann [Mon, 24 Oct 2022 16:55:44 +0000 (18:55 +0200)]
ipq40xx: Convert plasmacloud,pa1200 to DSA
* ethernet1:
- physical port label "Ethernet 1"
- its mac address is printed on the device label
* ethernet2:
- physical port label "Ethernet 2"
- can be used to power the device
Both ports are not marked by there role (because the vendor firmware
automatically detects roles) but the "Ethernet 2" port was used in the past
for "WAN" functionality in OpenWrt.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Sven Eckelmann [Tue, 25 Oct 2022 07:12:16 +0000 (09:12 +0200)]
ipq40xx: utilize nvmem-cells for plasmacloud,pa1200
The calibration data and mac addresses on this device are stored in the
0:ART partition. It is therefore possible to move the code to handle them
directly to the devicetree instead of the various scripts.
But the actual relevant information about the partition layout is provided
by the bootloader via bootargs (mtdparts) and not via the devicetree
itself. Instead of using a fixed-partition template, the mtd dynamic
partitions support from the upstream kernel is used.
Reported-by: Robert Marko <robert.marko@sartura.hr> Signed-off-by: Sven Eckelmann <sven@narfation.org>
Sven Eckelmann [Tue, 25 Oct 2022 07:12:16 +0000 (09:12 +0200)]
ipq40xx: utilize nvmem-cells for openmesh,a62
The calibration data and mac addresses on this device are stored in the
0:ART partition. It is therefore possible to move the code to handle them
directly to the devicetree instead of the various scripts.
But the actual relevant information about the partition layout is provided
by the bootloader via bootargs (mtdparts) and not via the devicetree
itself. Instead of using a fixed-partition template, the mtd dynamic
partitions support from the upstream kernel is used.
Reported-by: Robert Marko <robert.marko@sartura.hr> Reviewed-by: Robert Marko <robimarko@gmail.com> Tested-by: Michaël BILCOT <michael.bilcot@gmail.com> Signed-off-by: Sven Eckelmann <sven@narfation.org>
Sven Eckelmann [Tue, 25 Oct 2022 07:12:16 +0000 (09:12 +0200)]
ipq40xx: utilize nvmem-cells for openmesh,a42
The calibration data and mac addresses on this device are stored in the
0:ART partition. It is therefore possible to move the code to handle them
directly to the devicetree instead of the various scripts.
But the actual relevant information about the partition layout is provided
by the bootloader via bootargs (mtdparts) and not via the devicetree
itself. Instead of using a fixed-partition template, the mtd dynamic
partitions support from the upstream kernel is used.
Reported-by: Robert Marko <robert.marko@sartura.hr> Reviewed-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Sven Eckelmann <sven@narfation.org>
Sven Eckelmann [Mon, 24 Oct 2022 16:55:44 +0000 (18:55 +0200)]
ipq40xx: Convert openmesh,a62 to DSA
* ethernet1:
- physical port label "Ethernet 1"
- can be used to power the device
- its mac address is printed on the device label
* ethernet2:
- physical port label "Ethernet 2"
Both ports are not marked by there role (because the vendor firmware
automatically detects roles) but the "Ethernet 1" port was used in the past
for "WAN" functionality in OpenWrt.
Reviewed-by: Robert Marko <robimarko@gmail.com> Tested-by: Michaël BILCOT <michael.bilcot@gmail.com> Signed-off-by: Sven Eckelmann <sven@narfation.org>
Sven Eckelmann [Mon, 24 Oct 2022 16:55:44 +0000 (18:55 +0200)]
ipq40xx: Convert openmesh,a42 to DSA
* ethernet1:
- physical port label "Ethernet 1"
- can be used to power the device
- its mac address is printed on the device label
* ethernet2:
- physical port label "Ethernet 2"
Both ports are not marked by there role (because the vendor firmware
automatically detects roles) but the "Ethernet 1" port was used in the past
for "WAN" functionality in OpenWrt.
Reviewed-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Sven Eckelmann <sven@narfation.org>
Download and flash the manufacturer's built OpenWRT image available at
http://www.cudytech.com/openwrt_software_download
Install the new OpenWRT image via luci (System -> Backup/Flash firmware)
Be sure to NOT keep settings. The force upgrade may need to be checked
due to differences in router naming conventions.
Recovery:
- Loads only signed manufacture firmware due to bootloader RSA verification
- serve tftp-recovery image as /recovery.bin on 192.168.1.88/24
- connect to any lan ethernet port
- power on the device while holding the reset button
- wait at least 8 seconds before releasing reset button for image to
download
- See http://www.cudytech.com/newsinfo/547425.html
Signed-off-by: Óscar García Amor <ogarcia@connectical.com>
ramips: mt7621: use seama-lzma-loader for D-Link DIR-860L B1
Fix the LZMA ERROR 1 with a single line of recipe instead of duplicating
"uimage-lzma-loader".
While reviewing my original submission of commit ce1957100411 David
suggested to use $(Device/uimage-lzma-loader), but due to the specific
needs of the vendor bootloader that simple oneliner didn't work.
The new $(Device/seama-lzma-loader) is for those SEAMA capable
bootloaders.
ramips: rt3883: use seama-lzma-loader for D-Link DIR-645
In the support topic [0] of the GitHub issue #10634 it was found out
(based on boot logs) that the uimage-lzma-loader (commit 09faa73c53bd)
never worked, as an earlier workaround (commit 6fba88de1913) negated
the recipe:
3: System Boot system code via Flash.
## Booting image at bc050000 ...
raspi_read: from:50000 len:40
.raspi_read: from:50000 len:c
.raspi_read: from:50000 len:1fa000
................................We have SEAMA, Image Size = 2072512
Verifying Checksum ...
Uncompressing SEAMA linux.lzma ... OK
## Transferring control to Linux (at address 80000000) ...
## Giving linux memsize in MB, 64
Starting kernel ...
[ 0.000000] Linux version 5.4.188 (builder@buildhost) (gcc version 8.4.0 (OpenWrt GCC 8.4.0 r16554-1d4dea6d4f)) #0 Sat Apr 16 12:59:34 2022
[ 0.000000] SoC Type: Ralink RT3883 ver:1 eco:5
[ 0.000000] printk: bootconsolde [early0] enabled
[ 0.000000] CPU0 revision is: 0001974c (MIPS 74Kc)
[ 0.000000] MIPS: machine is D-Link DIR-645
[ 0.000000] Initrd not found or empty - disabling initrd
Using the new seama-lzma-loader it's able to boot OpenWrt 22.03
and OpenWrt SNAPSHOT too:
3: System Boot system code via Flash.
## Booting image at bc050000 ...
raspi_read: from:50000 len:40
.raspi_read: from:50000 len:c
.raspi_read: from:50000 len:48b004
.........................................................................We have SEAMA, Image Size = 4763588
Verifying Checksum ...
Uncompressing SEAMA linux.lzma ... OK
## Transferring control to Linux (at address 80000000) ...
## Giving linux memsize in MB, 64
Starting kernel ...
OpenWrt kernel loader for MIPS based SoC
Copyright (C) 2011 Gabor Juhos <juhosg@openwrt.org>
Decompressing kernel... done!
Starting kernel at 80000000...
[ 0.000000] Linux version 5.10.144 (xabolcs@ut2004) (mipsel-openwrt-linux-musl-gcc (OpenWrt GCC 11.3.0 r20774+2-b71affaf8b) 11.3.0, GNU ld (GNU Binutils) 2.37) #0 Tue Sep 27 23:02:30 2022
[ 0.000000] SoC Type: Ralink RT3883 ver:1 eco:5
[ 0.000000] printk: bootconsole [early0] enabled
[ 0.000000] CPU0 revision is: 0001974c (MIPS 74Kc)
[ 0.000000] MIPS: machine is D-Link DIR-645
[ 0.000000] Initrd not found or empty - disabling initrd
[ 0.000000] Primary instruction cache 64kB, VIPT, 4-way, linesize 32 bytes.
[ 0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[ 0.000000] Zone ranges:
[ 0.000000] Normal [mem 0x0000000000000000-0x0000000003ffffff]
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x0000000000000000-0x0000000003ffffff]
[ 0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x0000000003ffffff]
[ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 16256
[ 0.000000] Kernel command line: console=ttyS0,57600 rootfstype=squashfs,jffs2
The OKLI Loader is unable to read the flash on this SoC:
Looking for OpenWrt image... not found! ('0xddbaddba' at 0xbc051000)
0: https://forum.openwrt.org/t/136435
Fixes: GitHub issue #10634 ("V22.03.0 release currently does not work on D-Link DIR-645") Fixes: 09faa73c53bd ("ramips: rt3883: use lzma-loader for DIR-645") Tested-by: Glenn Fowler <gfowler1@outlook.com> Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
ramips: define lzma-loader recipe for SEAMA devices
Define "Device/seama-lzma-loader" recipe for SEAMA devices to help
contributors avoid doing recipe mistakes.
In a forum topic [0] I was under the impression that the good old
uimage-lzma-loader didn't fix the LZMA ERROR 1 for a device.
It was found out, that the uimage-lzma-loader never worked because the
KERNEL variable was overriden earlier (also an LZMA ERROR 1 related
commit, 6fba88de1913), and the "use lzma-loader" fix (commit 09faa73c53bd) didn't catch that to include the "loader-kernel" part.
I contributed an LZMA ERROR 1 fix (commit ce1957100411) for the SEAMA
device D-Link DIR-860L B1, where I had to duplicate the whole
uimage-lzma-loader recipe because of the special needs of the vendor
bootloader.
This new recipe reuse most of uimage-lzma-loader's KERNEL definiton to
avoid duplication.
It uses "relocate-kernel" as it needed for D-Link DIR-860L B1 to
boot from flash, and it's compatible with D-Link DIR-645 too.
It repacks lzma-loader with lzma for kernel (without uImage), because
these weird hacked vendor bootloaders accepts only LZMA compressed
kernels from flash:
We have SEAMA, Image Size = 4759794
Verifying Checksum ...
Uncompressing SEAMA linux.lzma ... OK
It uses uImage header for initramfs kernel to be little bit verbose.
Arne Zachlod [Sat, 6 Aug 2022 13:35:15 +0000 (15:35 +0200)]
ramips: add support for Mikrotik LtAP-2HnD
Mikrotik LtAP-2HnD is a outdoor/automotive WLAN 4 router with integrated GPS
receiver and two mPCIe slots.
Specifications:
* SoC: MT7621A
* RAM: 128 MiB Nanya NT5CC64M16GP-DI
* Flash: 16 MiB winbond W25Q128JV
* WLAN:
* Atheros AR9382 with power amplifier SKY 85330 (2x2 internal antennas,
with RF switches for external connectors)
* Ethernet: 1 Gbps, single port
* USB Host: USB 2.0 Speeds
* Serial: 115200 baud
* LEDs: Power, System, GPS, 5* RSSI
* mPCIe:
* miniPCIe slot 1: PCIe and USB 2.0 Host (via switch shared with USB Host)
* miniPCIe slot 2: USB 2.0 and 3.0
* SIM Cards:
* Slot 1 Connected to mPCIe slot 1
* Slot 2 and 3 connected to mPCIe slot 2 via switch
* GPS: MTK 3333 on serial port 2 (/dev/ttyS1), 115200 baud and PPS on gpio 14
gpios are exposed to /sys/class/gpio:
* usb-select: swithes USB 2.0 interface between external port and internal
mPCIe slot 1 default is the external USB interface
* gps-reset: resets the GPS interface chip
* sim-select: switches between sim slot 2 and 3 connected to mPCIe slot 2
* gps-ant-select: switches GPS antenna between internal antenna and SMA
connected antenna
* lte-reset: resets mPCIe slot 2
Flashing:
TFTP boot initramfs image and then perform sysupgrade. Follow common
MikroTik procedure as in https://openwrt.org/toh/mikrotik/common.
Will Moss [Wed, 3 Aug 2022 11:37:47 +0000 (11:37 +0000)]
ath79: fix MAC address assignment for TP-Link ar7241 devices
On TP-Link ar7241 devices LAN and WAN interfaces are swapped. Keeping
that in mind fix MAC address assignment as used in vendor firmware:
LAN MAC - main MAC stored in u-boot and printed on label
WAN MAC - LAN MAC + 1
Quintin Hill [Sun, 23 Oct 2022 08:22:37 +0000 (09:22 +0100)]
kernel: backport RTL8761B FW name change to v5.10
Make the firmware filenames referenced by the module consistent for
v5.10 and v5.15 kernels. Backport two upstream patches a cleanup commit
and the commit making the change, the former is required for the latter
to apply cleanly.
Quintin Hill [Sat, 22 Oct 2022 07:14:42 +0000 (08:14 +0100)]
kernel: support for Realtek USB bluetooth devices
USB adaptors with the RTL8761B chipset are cheap and readily available
but so far support is missing in Openwrt. Enable the relevant kernel
options and add a module to the kmod-bluetooth package. Increases size
of kmod-bluetooth ipk from 279140 bytes to 285320 bytes on my ath79 build.
Changes: 712460c linux-firmware: Update firmware file for Intel Bluetooth 9462 90d5f7e linux-firmware: Update firmware file for Intel Bluetooth 9462 48954ba linux-firmware: Update firmware file for Intel Bluetooth 9560 0e205fd linux-firmware: Update firmware file for Intel Bluetooth 9560 06b941e linux-firmware: Update firmware file for Intel Bluetooth AX201 ba958ff linux-firmware: Update firmware file for Intel Bluetooth AX201 02bdea2 linux-firmware: Update firmware file for Intel Bluetooth AX211 7044d46 linux-firmware: Update firmware file for Intel Bluetooth AX211 1b99bcd linux-firmware: Update firmware file for Intel Bluetooth AX210 4668ae9 linux-firmware: Update firmware file for Intel Bluetooth AX200 5bdfdba linux-firmware: Update firmware file for Intel Bluetooth AX201 b0f995c amdgpu: update DMCUB firmware for DCN 3.1.6 d991031 rtl_bt: Update RTL8822C BT UART firmware to 0xFFB8_ABD6 fd62f01 rtl_bt: Update RTL8822C BT USB firmware to 0xFFB8_ABD3 b15fc21 WHENCE: mrvl: prestera: Add WHENCE entries for newly updated 4.1 FW images bf5a337 mrvl: prestera: Update Marvell Prestera Switchdev FW to v4.1 4a733c2 iwlwifi: add new FWs from core74_pv-60 release 7d2bb50 qcom: drop split a530_zap firmware file 7d56713 qcom/vpu-1.0: drop split firmware in favour of the mbn file 1431496 qcom/venus-4.2: drop split firmware in favour of the mbn file cf95783 qcom/venus-4.2: replace split firmware with the mbn file 1fe6f49 qcom/venus-1.8: replace split firmware with the mbn file abc0302 linux-firmware: Add firmware for Cirrus CS35L41 on new ASUS Laptop 20d9516 iwlwifi: add new PNVM binaries from core74-44 release 06dbfbc iwlwifi: add new FWs from core69-81 release 05df8e6 qcom: update venus firmware files for VPU-2.0 cd6fcdb qcom: remove split SC7280 venus firmware images 1612706 qcom: update venus firmware file for v5.4 ad9fdba qcom: replace split SC7180 venus firmware images with symlink dae5d46 rtw89: 8852b: update fw to v0.27.32.1 a8e86ec rtlwifi: update firmware for rtl8192eu to v35.7 9aa8db1 rtlwifi: Add firmware v4.0 for RTL8188FU 8f86b5a i915: Add HuC 7.10.3 for DG2 48407ff cnm: update chips&media wave521c firmware. bd31846 brcm: add symlink for Pi Zero 2 W NVRAM file 771968c linux-firmware: Add firmware for Cirrus CS35L41 on ASUS Laptops 6f9620e linux-firmware: Add firmware for Cirrus CS35L41 on Lenovo Laptops 1d18cb9 linux-firmware: Add firmware for Cirrus CS35L41 on HP Laptops e497757 rtw89: 8852b: add initial fw v0.27.32.0 98b5577 iwlwifi: add new FWs from core72-129 release 604026c iwlwifi: update 9000-family firmwares to core72-129
Daniel Golle [Thu, 10 Nov 2022 14:16:32 +0000 (14:16 +0000)]
ath79: add support for Teltonika RUT300
Add support for the Teltonika RUT300 rugged industrial Ethernet router
Hardware
--------
SoC: Qualcomm Atheros QCA9531
RAM: 64M DDR2 (EtronTech EM68B16CWQK-25IH)
FLASH: 16M SPI-NOR (Winbond W25Q128)
ETH: 4x 100M LAN (QCA9533 internal AR8229 switch, eth0)
1x 100M WAN (QCA9533 internal PHY, eth1)
UART: 115200 8n1, same debug port as other Teltonika devices
USB: 1 single USB 2.0 host port
BUTTON: Reset
LED: 1x green power LED (always on)
5x yellow Ethernet port LED (controlled by Linux)
WAN port LED is used as boot status and upgrade indicator as
the power LED cannot be controlled in software.
Use the *-factory.bin file to intially flash the device using the
vendor firmware's Web-UI.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rafał Miłecki [Tue, 8 Nov 2022 11:22:51 +0000 (12:22 +0100)]
kernel: support "linux,rootfs" DT property for splitting rootfs
OpenWrt's support for splitting rootfs (to create an extra "rootfs_data"
partition) is limited to partitions called "rootfs". Upstream kernel
allows any name partition to be rootfs if it has "linux,rootfs" property
set. Add split support to such partitions in OpenWrt code.
Weiping Yang [Mon, 19 Sep 2022 09:47:40 +0000 (05:47 -0400)]
ipq40xx: add support for GL.iNet GL-A1300
Specifications:
SOC: Qualcomm IPQ4018 (DAKOTA) ARM Quad-Core
RAM: 256 MiB
FLASH1: 4 MiB NOR
FLASH2: 128 MiB NAND
ETH: Qualcomm QCA8075
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11b/g/n 2x2
WLAN2: Qualcomm Atheros QCA4018 5G 802.11n/ac W2 2x2
USB: 1 x USB 3.0 port
Button: 1 x Reset button
Switch: 1 x Mode switch
LED: 1 x Blue LED + 1 x White LED
Felix Fietkau [Wed, 12 Oct 2022 10:54:30 +0000 (12:54 +0200)]
mac80211: remove old legacy legacy drivers
Get rid of drivers that are either limited to 802.11b/g or don't even support
cfg80211/mac80211. Most of these are either limited to boards that we don't even
support anymore because of firmware size, or were only used for custom hacks by
a really small number of users in the past.
Let's get rid of those to reduce the maintenance effort and the number of useless
packages
- implement multiqueue via qdma hardware shaper to deal with ports with different speeds
- implement hardware DSA untagging
- add NETIF_F_ALL_TSO to reduce unnecessary segmentation
Rafał Miłecki [Mon, 7 Nov 2022 18:24:48 +0000 (19:24 +0100)]
kernel: backport support for "linux,rootfs" in DT
This DT property allows marking flash partition that Linux should use as
a root device. It's useful for devices that don't use U-Boot and cmdline
parser for partitioning. It may be used with "fixed-partitions" or some
dynamic partitioning based on flash content.
Rafał Miłecki [Mon, 7 Nov 2022 22:39:52 +0000 (23:39 +0100)]
kernel: split out mtd hack for CONFIG_FIT_PARTITION + rootfs
This is some hack on top of our old hack. Use separated patch for it so
it's easier to understand and actually possible to describe. We should
ideally get rid of this (and we actually did with kernels 5.15+).
Michael Lyle [Sun, 30 Oct 2022 04:00:41 +0000 (21:00 -0700)]
ramips: gl-mt1300: downclock SPI to 50MHz
The SPI max frequency was set to 80MHz, considerably higher than the
vendor clocks it in their firmware (10MHz). Multiple users reported
jffs2 corruption/instability in GitHub issue #10461.
My unit has a W25Q256; datasheet specifies maximum SPI frequency for
read command of 50MHz.
Thanks to @DragonBlueP for suggesting to eliminate m25p,fast-read;
and @MPannen1979 for identifying the problem.
Fixes: #10461 Signed-off-by: Michael Lyle <mlyle@lyle.org>
Add build option for nftables sets. By default disable iptables ipset
support. By default enable nftable nftset support since this is what
fw4 uses.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
dnsmasq: nftset: serve from ipset config
Use existing ipset configs as source for nftsets to be compatible with
existing configs. As the OS can either have iptables XOR nftables
support, it's fine to provide both to dnsmasq. dnsmasq will silently
fail for the present one. Depending on the dnsmasq compile time options,
the ipsets or nftsets option will not be added to the dnsmasq config
file.
dnsmasq will try to add the IP addresses to all sets, regardless of the
IP version defined for the set. Adding an IPv6 to an IPv4 set and vice
versa will silently fail.
Signed-off-by: Mathias Kresin <dev@kresin.me>
dnsmasq: support populating nftsets in addition to ipsets
Tell dnsmasq to populate nftsets instead of ipsets, if firewall4 is present in
the system. Keep the same configuration syntax in /etc/config/dhcp, for
compatibility purposes.
Huge thanks to Jo-Philipp Wich for basically writing the function.
Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
dnsmasq: obtain nftset ip family from nft
Unfortunately dnsmasq nft is noisy if an attempt to add a mismatched ip address
family to an nft set is made.
Heuristic to guess which ip family a nft set might belong by inferring
from the set name.
In order of preference:
If setname ends with standalone '4' or '6' use that, else
if setname has '4' or '6' delimited by '-' or '_' use that (eg
foo-4-bar) else
If setname begins with '4' or '6' standalone use that.
By standalone I mean not as part of a larger number eg. 24
If the above fails then use the existing nft set query mechanism and if
that fails, well you're stuffed!
With-thanks-to: Jo-Philipp Wich <jo@mein.io> who improved my regexp
knowledge.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
dnsmasq: specify firewall table for nftset
Permit ipsets to specify an nftables table for the set. New config
parameter is 'table'. If not specified the default of 'fw4' is used.
config ipset
list name 'BK_4,BK_6'
option table 'dscpclassify'
option table_family 'ip'
option family '4'
list domain 'ms-acdc.office.com'
list domain 'windowsupdate.com'
list domain 'update.microsoft.com'
list domain 'graph.microsoft.com'
list domain '1drv.ms'
list domain '1drv.com'
The table family can also be specified, usually 'ip' or 'ip6' else the
default 'inet' capable of both ipv4 & ipv6 is used.
If the table family is not specified then finally a family option is
available to specify either '4' or '6' for ipv4 or ipv6 respectively.
This is all in addition to the existing heuristic that will look in the
nftset name for an ip family clue, or in total desperation, query the
value from the nftset itself.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Mathias Kresin [Wed, 4 May 2022 19:50:41 +0000 (21:50 +0200)]
dnsmasq: add uci-defaults script for ipset migration
When running sysupgrade from an existing configuration, move existing
ipset definitions to a dedicated config section. Later on, it will allow
to serve ipset as well as nftable sets from the same configuration.
Kuan-Yi Li [Fri, 4 Nov 2022 16:16:36 +0000 (00:16 +0800)]
sdk: use git-src-full to allow Git versioning
$(AUTORELEASE) uses Git log to determine releases and package timestamps.
Base feed is shallow cloned by default in generated SDK, resulting in
an incomplete Git log and therefore different local package versions than
offered upstream.
This patch complements commit 7fae1e5677 by setting the base feed to use
`src-git-full` to solve that.
Korey Caro [Sun, 13 Mar 2022 04:36:30 +0000 (23:36 -0500)]
ath79: add support to TrendNet TEW-673GRU
Add support for the TrendNet TEW-673GRU to ath79.
This device was supported in 19.07.9 but was deprecated with ar71xx.
This is mostly a copy of D-Link DIR-825 B1.
Updates have been completed to enable factory.bin and sysupgrade.bin both.
Code improvements to DTS file and makefile.
OEM firmware configuration:
54:af:97:xx:xx:7b : 2.4G
54:af:97:xx:xx:7a : 5G
54:af:97:xx:xx:7c : LTE
54:af:97:xx:xx:7b : LAN (label)
54:af:97:xx:xx:7c : WAN
- Installation:
1. Download the OpenWrt initramfs-image.
Place it into a TFTP server root directory and rename it to openwrt.img
Configure the TFTP server to listen at 192.168.0.5/24.
3. Connect to the serial console.
Attach power and interrupt the boot procedure when prompted (type `tpl`).
Credentials are admin / 1234
4. Configure U-Boot for booting OpenWrt from ram
$ tftpboot
$ bootm
5. Transfer the OpenWrt sysupgrade image to the device.
- LTE:
In order to setup the wwan0 interface:
1. Add a `qmi` proto interface under `/etc/config/network`, e.g.:
```
config interface 'wwan0'
option device '/dev/cdc-wdm0'
option proto 'qmi'
option pincode 'XXXX'
option apn 'your_isp_apn'
```
2. Add `wwan0` interface to the `wan` firewall zone
3. `/etc/init.d/network restart`
Shiji Yang [Thu, 15 Sep 2022 17:10:52 +0000 (01:10 +0800)]
ramips: add support for SIM SIMAX1800T and Haier HAR-20S2U1
SIM AX18T and Haier HAR-20S2U1 Wi-Fi6 AX1800 routers are designed based
on Tenbay WR1800K. They have the same hardware circuits and u-boot.
SIM AX18T has three carrier customized models: SIMAX1800M (China Mobile),
SIMAX1800T (China Telecom) and SIMAX1800U (China Unicom). All of these
models run the same firmware.
Specifications:
SOC: MT7621 + MT7905 + MT7975
ROM: 128 MiB
RAM: 256 MiB
LED: status *3 R/G/B
Button: reset *1 + wps/mesh *1
Ethernet: lan *3 + wan *1 (10/100/1000Mbps)
TTL Baudrate: 115200
TFTP Server: 192.168.1.254
TFTP IP: 192.168.1.28 or 192.168.1.160 (when envs is broken)
MAC Address:
use address source
label 30:xx:xx:xx:xx:62 wan
lan 30:xx:xx:xx:xx:65 factory.0x8004
wan 30:xx:xx:xx:xx:62 factory.0x8004 -3
wlan2g 30:xx:xx:xx:xx:64 factory.0x0004
wlan5g 32:xx:xx:xx:xx:64 factory.0x0004 set 7th bit
TFTP Installation (initramfs image only & recommend):
1. Set local tftp server IP: 192.168.1.254 and NetMask: 255.255.255.0
2. Rename initramfs-kernel.bin to "factory.bin" and put it in the root
directory of the tftp server. (tftpd64 is a good choice for Windows)
3. Start the TFTP server, plug in the power supply, and wait for the
system to boot.
4. Backup "firmware" partition and rename it to "firmware.bin", we need
it to back to stock firmware.
5. Use "fw_printenv" command to list envs.
If "firmware_select=2" is observed then set u-boot enviroment:
/# fw_setenv firmware_select 1
6. Apply sysupgrade.bin in OpenWrt LuCI.
Web UI Installation:
1. Apply update by uploading initramfs-factory.bin to the web UI.
2. Use "fw_printenv" command to list envs.
If "firmware_select=2" is observed then set u-boot enviroment:
/# fw_setenv firmware_select 1
3. Apply squashfs-sysupgrade.bin in OpenWrt LuCI.
Recovery to stock firmware:
a. Upload "firmware.bin" to OpenWrt /tmp, then execute:
/# mtd -r write /tmp/firmware.bin firmware
b. We can also write factory image "UploadBrush-bin.img" to firmware
partition to recovery. Upload image file to /tmp, then execute:
/# mtd erase firmware
/# mtd -r write /tmp/UploadBrush-bin.img firmware
How to extract stock firmware image:
Download stock firmware, then use openssl:
openssl aes-256-cbc -d -salt -in [Downloaded_Firmware] \
-out "firmware.tar.tgz" -k QiLunSmartWL
Signed-off-by: Chen Minqiang <ptpt52@gmail.com> Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Hauke Mehrtens [Tue, 1 Nov 2022 14:23:17 +0000 (15:23 +0100)]
busybox: awk: fix use after free (CVE-2022-30065)
This backports a commit which fixes a use after free bug in awk.
CVE-2022-30065 description:
A use-after-free in Busybox 1.35-x's awk applet leads to denial of
service and possibly code execution when processing a crafted awk
pattern in the copyvar function.
Hauke Mehrtens [Tue, 1 Nov 2022 14:17:03 +0000 (15:17 +0100)]
dnsmasq: Backport DHCPv6 server fix (CVE-2022-0934)
This backports a commit from upstream dnsmasq to fix CVE-2022-0934.
CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.
projects / thirdparty / openwrt.git / log
