git.openwrt.org Git - openwrt/openwrt.git/log

dnsmasq: add config option for connmark DNS filtering

This adds uci support to configure connmark based DNS filtering.

Signed-off-by: Etan Kissling <etan_kissling@apple.com>
(See https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/015151.html)
Signed-off-by: Etan Kissling <etan.kissling@gmail.com>

dnsmasq: Update to version 2.86test3

Need this version to add config option for connmark DNS filtering.

Summary of upstream CHANGELOG:
* Handle DHCPREBIND requests in the DHCPv6 server code.
* Fix bug which caused dnsmasq to lose track of processes forked.
* Major rewrite of the DNS server and domain handling code.
* Revise resource handling for number of concurrent DNS queries.
* Improve efficiency of DNSSEC.
* Connection track mark based DNS query filtering.

Signed-off-by: Etan Kissling <etan.kissling@gmail.com>

kernel: bump 5.4 to 5.4.128

Removed upstreamed:
mvebu/patches-5.4/002-PCI-aardvark-Don-t-rely-on-jiffies-while-holding-spi.patch

All other patches automatically rebased.

Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800

No dmesg regressions, everything functional

Signed-off-by: John Audia <graysky@archlinux.us>

kernel: bump 5.4 to 5.4.127

All patches automatically rebased.

Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800

No dmesg regressions, everything functional

Signed-off-by: John Audia <graysky@archlinux.us>

kernel: bump 5.4 to 5.4.126

Manually rebased:
bcm27xx/patches-5.4/950-0089-cgroup-Disable-cgroup-memory-by-default.patch

All other patches automatically rebased.

Signed-off-by: John Audia <graysky@archlinux.us>

kernel: bump 5.4 to 5.4.125

All patches automatically rebased.

Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800

Signed-off-by: John Audia <graysky@archlinux.us>

kernel: bump 5.10 to 5.10.46

Add the new symbol to the generic kconfig.

No deleted or manually refreshed patches.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>

ramips: ethernet: ralink: rewrite esw_rt3050 to support link states

Ensure the esw is initialized before the ethernet device is sending
packets. Further implement carrier detection similar to mt7620.
If any port has a link, the ethernet device will detect a carrier.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>

ramips: ethernet: ralink: allow to return EPROBE_DEFER on switch_init

For rt3050 the switch needs to be initialized before the ethernet start sending
packets. Allow switch_init to return -EPROBE_DEFER.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>

ramips: ethernet: ralink: move reset of the esw into the esw instead of fe

The esw reset should only done by the esw driver and not by the fe itself.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>

ramips: ethernet: ralink: use the reset controller api for esw & ephy

Instead of writing direct into the reset registers.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>

ramips: ethernet: ralink: add fe_reset_fe() to reset fe via reset controller

The dts defines the reset fe for all architectures. However
the soc code used direct register access of the reset controller.
Replace the custom soc reset with a generic fe_reset_fe().

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>

ramips: ethernet: ralink: add struct fe_priv as context to fe_reset()

The fe_reset function direct access the reset controller instead
using the reset controller api. In preparation to use the
reset controller.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>

base-files: fix /tmp/TZ when zoneinfo not installed

The zoneinfo packages are not installed per default so neither
/tmp/localtime nor /tmp/TZ is generated.

This patch mostly reverts the previous fix and instead incooperates a
solution suggested by Jo.

Fixes "base-files: fix zoneinfo support " 8af62ed

Signed-off-by: Paul Spooren <mail@aparcar.org>

zram-swap: robustify mkswap/swapon/swapoff invocation

Instead of assuming /sbin contains the correct BusyBox symlinks, directly invoke
the busybox executable. The required utilities are guaranteed to be present,
since the zram-swap package selects them. Additionally, don't assume busybox
resides in /bin, rely on PATH to find it.

While at it, update the copyright year, use SPDX and switch to AUTORELEASE.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>

hostapd: add support for providing vendor specific IE elements

They can be added as hex digit strings via the 'vendor_elements' option

Signed-off-by: Felix Fietkau <nbd@nbd.name>

ipq40xx: specify FritzBox 7530 LAN port label numbers

This helps managing LAN ports.

Ref: https://forum.openwrt.org/t/openwrt-21-02-0-second-release-candidate/98026/121
Fixes: 95b0c07a618f ("ipq40xx: add support for FritzBox 7530")
Cc: David Bauer <mail@david-bauer.net>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

hostapd: add default_disabled option to the supplicant

With the default configuration we generate, the supplicant starts
scanning and tries to connect to any open network when the interface
is enabled.

In some cases it can be desirable to prevent the supplicant from
scanning by itself. For example, if on the same radio an AP is
configured and an unconfigured STA is added (to be configured with
WPS), the AP might not be able to beacon until the STA stops
scanning.

In such a case, the STA configuration can still be required to set
specific settings (e.g. multi_ap_backhaul_sta) so it can't be set to
"disabled" in uci (because that would prevent the supplicant from
being run at all). The alternative is to add the "disabled" parameter
to the default network block in the supplicant configuration.

This patch adds a "default_disabled" setting in UCI which, when set,
adds the "disabled" parameter to the supplicant default network block.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>

base-files: fix zoneinfo support

The system init script currently sets /tmp/localinfo when zoneinfo is
populated. However, zoneinfo has spaces in it whereas the actual files
have _ instead of spaces. This made the if condition never return true.

Example failure when removing the if condition:

/tmp/localtime -> /usr/share/zoneinfo/America/Los Angeles

This file does not exist. America/Los_Angeles does.

Ran through shfmt -w -ci -bn -sr -s

Signed-off-by: Rosen Penev <rosenp@gmail.com>

ramips: fix software reboot failure on HILINK HLK-7628N

In the new kernel version 5.X,reboot will fail.

When SOC is reset, flash has not exited the 4-byte address mode,
which causes the operation mode mismatch of flash during boot.Add
broken-flash-reset to make flash exit 4-byte address mode before
SOC reset

Signed-off-by: Liu Yu <f78fk@live.com>

ramips: add missing "pinctrl-names" for Youku YK1

Without this definition ethernet led can work as usual, but it's better to
re-add it. Relying on default values may cause uncontrollable factors.

Fixes: 882a6116d3d6 ("ramips: improve pinctrl for Youku YK-L1")
Signed-off-by: Shiji Yang <yangshiji66@qq.com>

ramips: mt7620: disable SOC VLANs for external switches

These boards have AR8327 or QCA8337 external ethernet switch.
The SOC also has it's own internal switch
where VLAN is now enabled by default.

Changes to preinit caused all switches to have VLANs enabled by default
even if they are not configured with a topology in uci_defaults
(see commit f017f617aecbd47debd4d3a734dc0e471342db96)

When both internal and external switches have VLANs,
and the external switch has both LAN and WAN,
the TX traffic from the SOC cannot flow to the tagged port on the external switch
because the VLAN IDs are not matching.

So disable the internal switch VLANs by default on these boards.

Also, add a topology for the internal switch,
so that on LuCI there is not an "unknown topology" warning.

In theory, it may be possible to have LAN ports on both switches
through internal and external PHYs, but there are no known boards that have this.

Signed-off-by: Michael Pratt <mcpratt@pm.me>

ramips: mt7620: ethernet: use more macros and bump version

Define and use some missing macros,
and use them instead of BIT() or numbers for more readable code.

Add comment for a bit change that seems unrelated to ethernet
but is actually needed (PCIe Root Complex mode).

Remove unknown and unused macro RST_CTRL_MCM
(probably from MT7621 / MT7622)

This is the last of a series of fixes, so bump version.

Signed-off-by: Michael Pratt <mcpratt@pm.me>

ramips: mt7620: fix RGMII TXID PHY mode

the register bits for TX delay and RX delay are opposites:
when TX delay bit is set, delay is enabled
when RX delay bit is set, delay is disabled

So, when both bits are unset, it is RX delay
and when both bits are set, it is TX delay

Note: TXID is the default RGMII mode of the SOC

Fixes: 5410a8e2959a ("ramips: mt7620: add rgmii delays support")
Signed-off-by: Michael Pratt <mcpratt@pm.me>

ramips: mt7620: add ephy-disable option to switch driver

Add back the register write to disable internal PHYs
as a separate option in the code that can be set using a DTS property.

Set the option to true by default
when an external mt7530 switch is identified.

This makes the driver more in sync with original SDK code
while keeping the lines separated into different options
to accommodate any board with any PHY layout.

Signed-off-by: Michael Pratt <mcpratt@pm.me>

ramips: mt7620: move mt7620_mdio_mode() to ethernet driver

The function mt7620_mdio_mode is only called once
and both the function and mdio_mode block have been named incorrectly,
leading to confusion and useless commits.

These lines in the mdio_mode block of mt7620_hw_init
are only intended for boards with an external mt7530 switch.
(see commit 194ca6127ee18cd3a95da4d03f02e43b5428c0bb)

Therefore, move lines from mdio_mode to the place in soc_mt7620.c
where the type of mt7530 switch is identified,
and move lines from mt7620_mdio_mode to a main function.

mt7620_mdio_mode was called from mt7620_gsw_init
where the priv struct is available,
so the lines must stay in mt7620_gsw_init function.

In order to keep things as simple as possible,
keep the DTS property related function calls together,
by moving them from mt7620_gsw_probe to init.

Remove the now useless DTS properties and extra phy nodes.

Fixes: 5a6229a93df8 ("ramips: remove superfluous & confusing DT binding")
Fixes: b85fe43ec8c4 ("ramips: mt7620: add force use of mdio-mode")
Signed-off-by: Michael Pratt <mcpratt@pm.me>

ramips: mt7620: use DTS to set PHY base address for external PHYs

Set the PHY base address to 12 for mt7530 and 8 for others,
which is based on the default setting for some devices
from printing the register with the following command
after it is written to by uboot during the boot cycle.

`md 0x10117014 1`

PHY_BASE option only uses 5 bits of the register,
bits 16 to 20, so use 8-bit integer type.

Set the option using the DTS property mediatek,ephy-base
and create the gsw node if missing.

Also, added a kernel message to display the EPHY base address.

Note:
If anything is written to a PHY address that is greater than 1 hex char (greater than 0xf)
then there is adverse effects with Atheros switches.

Signed-off-by: Michael Pratt <mcpratt@pm.me>

ramips: mt7620: allow both internal and external PHYs

When the new variable ephy_base was introduced,
it was not applied to the if block for mdio_mode.

The first line in the mdio_mode if block
sets the EPHY base address to 12 in the SOC by writing a register,
but the corresponding variable in the driver
was still set to the default of 0.

This causes subsequent lines that write registers with the function
_mt7620_mii_write
to write to PHY addresses 0 through 4
while internal PHYs have been moved to addresses 12 through 16.

All of these lines are intended only for PHYs on the SOC internal switch,
however, they are being written to external ethernet switches
if they exist at those PHY addresses 0 through 4.
This causes some ethernet ports to be broken on boards with AR8327 or QCA8337 switch.

Other suggested fixes move those lines to the else block of mdio_mode,
but removing the else block completely also fixes it.

Therefore, move the lines to the mt7620_hw_init function main block,
and have only one instance of the function mtk_switch_w32
for writing the register with the EPHY base address.

In theory, this also allows for boards that have both external switches
and internal PHYs that lead to ethernet ports to be supported.

Fixes: 391df3782914 ("ramips: mt7620: add EPHY base mdio address changing possibility")
Signed-off-by: Michael Pratt <mcpratt@pm.me>

ramips: mt7620: fix ethernet driver GMAC port init

A workaround was added to the switch driver
to set SOC port 4 as an RGMII GMAC interface
based on the DTS property mediatek,port4-gmac.
(previously mediatek,port4)

However, the ethernet driver already does this,
but is being blocked by a return statement
whenever the phy-handle and fixed-link properties
are both missing from nodes that define the port properties.

Revert the workaround, so that both the switch driver
and ethernet driver are not doing the same thing
and move the phy-handle related lines down
so nothing is ending the function prematurely.

While at it, clean up kernel messages
and delete useless return statements.

Fixes: f6d81e2fa1f1 ("mt7620: gsw: make IntPHY and ExtPHY share mdio addr 4 possible")
Signed-off-by: Michael Pratt <mcpratt@pm.me>

ramips: mt7620: remove useless GMAC nodes

These nodes are used for configuring a GMAC interface
and for defining external PHYs to be accessed with MDIO.

None of this is possible on MT7620N, only MT7620A,
so remove them from all MT7620N DTS.

When the mdio-bus node is missing, the driver returns -NODEV
which causes the internal switch to not initialize.
Replace that return so that everything works without the DTS node.

Also, an extra kernel message to indicate for all error conditions
that mdio-bus is disabled.

Fixes: d482356322c9 ("ramips: mt7620n: add mdio node and disable port4 by default")
Fixes: aa5014dd1a58 ("ramips: mt7620n: enable port 4 as EPHY by default")
Signed-off-by: Michael Pratt <mcpratt@pm.me>

ramips: mt7620: simplify DTS properties for GMAC

There are only 2 options in the driver
for the function of mt7620 internal switch port 4:

EPHY mode (RJ-45, internal PHY)
GMAC mode (RGMII, external PHY)

Let the DTS property be boolean instead of string
where EPHY mode is the default.

Fix how the properties are written
for all DTS that use them,
and add missing nodes where applicable,
and remove useless nodes,
and minor DTS formatting.

Signed-off-by: Michael Pratt <mcpratt@pm.me>

base-files: bring up vlan interface too

Vlan subinterface was never brought up when using vlan-based preinit network.
Tested forcing ifname="" before preinit_ip() on a Tp-Link Archer C5v4.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>

realtek: Fix failsafe mode

The RTL8380-RTL9300 switches only forward packets when VLAN ID 1 is
configured. Do not use the standard failsafe configuration for DSA
accessing the default port directly, but configure a switch on the lan1
interface instead.

This will add the VLAN ID 1 configuration to the switch:
$ bridge vlan show
port              vlan-id
lan1              1 PVID Egress Untagged
switch            1 PVID Egress Untagged

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

base-files: failsafe: Remove the VLAN modifier from interface name

Some interfaces have a VLAN modifier like :t in lan1:t, this modifier
should be removed from the interface before calling preinit_ip_config().

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

base-files: failsafe: Fix IP configuration

Adapt the preinit_config_board() to the board.json network changes. It
now looks for the device and the ports variables to configure the LAN
network.

This works with swconfig configurations.

Fixes: FS#3866
Fixes: d42640e389a8 ("base-files: use "ports" array in board.json network for bridges")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Rafał Miłecki <rafal@milecki.pl>

kernel: Backport patch to automatically bring up DSA master when opening user port

Without this patch we have to manually bring up the CPU interface in
failsafe mode.

This was backported from kernel 5.12.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Rafał Miłecki <rafal@milecki.pl>

kernel-5.4: backport latest patches for wireguard

These are the latest patches that just landed upstream for 5.13, will be
backported by Greg into 5.10 (because of stable@), and are now in the
5.4 backport branch of wireguard: https://git.zx2c4.com/wireguard-linux/log/?h=backport-5.4.y

Cc: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Tested-by: Stijn Segers <foss@volatilesystems.org>

kernel: bump 5.10 to 5.10.44

Add the new symbol to the generic kconfig.

No deleted or manually refreshed patches.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>

kernel: crypto: limit crypto-hw-hifn-795x to devices with pci support

CONFIG_CRYPTO_DEV_HIFN_795X depends on PCI. This driver only makes sense on
devices with pci support.

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>

realtek: Fix buffer length calculation on RTL8380 with CRC offload

Fixes the buffer and packet length calculations for Ethernet TX on
the RTL8380 SoC when CRC calculation offload is enabled.
CRC-offload is always done by the SoC, but additional CRC
calculation was previously done also by the kernel.
It also fixes detection of the DSA tag for packets on RTL8390
SoCs for ports > 28.

v2 has correct whitespace

Signed-off-by: Birger Koblitz <mail@birger-koblitz.de>

hostapd: make wnm_sleep_mode_no_keys configurable

In the aftermath of the KRACK attacks, hostapd gained an AP-side workaround
against WNM-Sleep Mode GTK/IGTK reinstallation attacks. WNM Sleep Mode is not
enabled by default on OpenWrt, but it is configurable through the option
wnm_sleep_mode. Thus, make the AP-side workaround configurable as well by
exposing the option wnm_sleep_mode_no_keys. If you use the option
wpa_disable_eapol_key_retries and have wnm_sleep_mode enabled, you might
consider using this workaround.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>

base-files: fix enabled for services with only STOP

There are services that have only STOP value set. They are executed only
on shutdown and it is common to use them for system cleanup. There is
one such service shipped directly with base-files, it is 'umount'. Those
work the same way as those with START but enabled does not report them
as enabled although it should have as they can be enabled and disabled
as any other service.

This also changes check from check for executable to check for symbolic
link. The implementation depends on those being links to service file
and it is much cleaner and direct to check for them being links.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>

bcm63xx-cfe: update to the latest master

e5050f3 linksys: ea9500-v2: add cferam file

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

bcm4908: fix Ethernet broken state after interface restart

This fixes traffic stalls after ifdown & ifup.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

hostapd: fix handling of the channel utilization options

Commit 0a7657c ("hostapd: add channel utilization as config option") added the
two new uci options bss_load_update_period and chan_util_avg_period. However,
the corresponding "config_add_int" calls for these options weren't added, so
attempting to actually use these options and change their values is bound to
fail - they always stay at their defaults. Add the missing code to actually
make these options work.

Fixes: 0a7657c ("hostapd: add channel utilization as config option")
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>

hostapd: make country3 option configurable

The country3 option in hostapd.conf allows the third octet of the country
string to be set. It can be used e.g. to indicate indoor or outdoor use (see
hostapd.conf for further details). Make this option configurable but optional
in OpenWrt.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>

ustream-ssl: variants conflict with each other

This adds conflicts between variants of libustream pacakge.
They provide the same file and thus it should not be possible to install
them side by side.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>

ath79: add missing GPIO_LATCH symbol

Fixes commit 7b8931678c36 ("ath79: add gpio-latch driver for MikroTik RouterBOARDs")

Signed-off-by: David Bauer <mail@david-bauer.net>

grub2: update to 2.06

-300-CVE-2015-8370.patch is upstreamed with different code
(upstream id: 451d80e52d851432e109771bb8febafca7a5f1f2)

- fixup OpenWrts setup_root patch

compile tested: x86_64,i386
runtime tested: VM x86_64,VM i386

- booted fine
- grub-editenv worked

Signed-off-by: Dirk Neukirchen <plntyk.lede@plntyk.name>

kernel/modules: make sure igb loads at boot

Without loading the igb at boot, the recovery wouldn't have
network available. All network drivers should be loaded before
etc/board.d/02_network is called. Note that other network drivers
already have this set, such as tg3.

Fixes: 7e0e5110bc90 ("kernel: add igb kernel module")
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>

uci: add uci_revert function

Add missing uci_revert shell function wrapper.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>

ath10k-ct: fix typo in Makefile

Add forgotten colon to Makefile.

Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>

build: create profiles.json per default

The file is a info file just like config.buildinfo, feeds.buildinfo and
version.buildinfo. It bundles these and more information in a machine
readable way.

This commit enables the creation of profiles.json by default and not
only for buildbots. By doing so it follow the behaviour of the
ImageBuilder which always creates the file, lastly this increases the
files visibility for downstream projects.

Signed-off-by: Paul Spooren <mail@aparcar.org>

ath79: ar934x: fix mounting issues if subpage is not supported

Currently, the option to disable subpage writing is only set
when a HW ECC engine is used.

Some boards lack a HW ECC engine and use software for that.
In this case, this NAND option does not get set when the NAND chip
does not support it, resulting in mounting errors.

Move the setting of this option to a generic init location so it
gets set for all types where required.

While at it, also OR the option instead of just setting it
so we don't overwrite potential flags being set somewhere else.

Before:

[    1.681273] UBI: auto-attach mtd2
[    1.684669] ubi0: attaching mtd2
[    1.688877] ubi0 error: validate_ec_hdr: bad VID header offset 2048, expected 512
[    1.696469] ubi0 error: validate_ec_hdr: bad EC header
[    1.701712] Erase counter header dump:
[    1.705512]  magic          0x55424923
[    1.709322]  version        1
[    1.712330]  ec             1
[    1.715331]  vid_hdr_offset 2048
[    1.718610]  data_offset    4096
[    1.721880]  image_seq      1462320675
[    1.725680]  hdr_crc        0x12255a15

After:

    1.680917] UBI: auto-attach mtd2
[    1.684308] ubi0: attaching mtd2
[    2.954504] random: crng init done
[    3.142813] ubi0: scanning is finished
[    3.163455] ubi0: attached mtd2 (name "ubi", size 124 MiB)
[    3.169069] ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
[    3.176037] ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
[    3.182942] ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096
[    3.190013] ubi0: good PEBs: 992, bad PEBs: 0, corrupted PEBs: 0
[    3.196102] ubi0: user volume: 3, internal volumes: 1, max. volumes count: 128
[    3.203434] ubi0: max/mean erase counter: 2/0, WL threshold: 4096, image sequence number: 1462320675
[    3.212700] ubi0: available PEBs: 0, total reserved PEBs: 992, PEBs reserved for bad PEB handling: 20
[    3.222124] ubi0: background thread "ubi_bgt0d" started, PID 317
[    3.230246] block ubiblock0_1: created from ubi0:1(rootfs)
[    3.235819] ubiblock: device ubiblock0_1 (rootfs) set to be root filesystem
[    3.256830] VFS: Mounted root (squashfs filesystem) readonly on device 254:0.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

ath79: add support for MikroTik RouterBOARD 912UAG-2HPnD

This board has been supported in the ar71xx.

Links:
* https://mikrotik.com/product/RB912UAG-2HPnD
* https://openwrt.org/toh/hwdata/mikrotik/mikrotik_rb912uag-2hpnd

This also supports the 5GHz flavour of the board.

Hardware:
* SoC: Atheros AR9342,
* RAM: DDR 64MB,
* SPI NOR: 64KB,
* NAND: 128MB,
* Ethernet: x1 10/100/1000 port with passive POE in,
* Wi-Fi: 802.11 b/g/n,
* PCIe,
* USB: 2.0 EHCI controller, connected to mPCIe slot and a Type-A
  port -- both can be used for LTE modem, but only one can be
  used at any time.
* LEDs: 5 general purpose LEDs (led1..led5), power LED, user LED,
  Ethernet phy LED,
* Button,
* Beeper.

Not working:
* Button: it shares gpio line 15 with NAND ALE and NAND IO7,
  and current drivers doesn't easily support this configuration,
* Beeper: it is connected to bit 5 of a serial shift register
  (tested with sysfs led trigger timer). But kmod-gpio-beeper
  doesn't work -- we left this as is for now.

Flashing:
* Use the RouterBOARD Reset button to enable TFTP netboot,
boot kernel and initramfs and then perform sysupgrade.
* From ar71xx OpenWrt firmware run:
  $ sysupgrade -F /tmp/<sysupgrade.bin>
For more info see: https://openwrt.org/toh/mikrotik/common.

Co-Developed-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Reviewed-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Signed-off-by: Denis Kalashnikov <denis281089@gmail.com>

ath79: add NAND driver for MikroTik RB91xG series

Main part is copied from ar71xx original driver rb91x_nand
written by Gabor Juhos <juhosg@openwrt.org>.

What is done:
* Support of kernel 5.4 and 5.10,
* DTS support,
* New gpio API (gpiod_*) support.

Reviewed-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Signed-off-by: Denis Kalashnikov <denis281089@gmail.com>

ath79: add gpio-latch driver for MikroTik RouterBOARDs

This is a slighty modified version of ar71xx gpio-latch driver
written by Gabor Juhos <juhosg@openwrt.org>.

Changes:
* DTS support,
* New gpio API (gpiod_*).

Reviewed-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Signed-off-by: Denis Kalashnikov <denis281089@gmail.com>

build,json: fix generation with empty profiles

If the image generation doesn't add any profiles to the output the
*profile merge* will fail. To avoid that set an empty profile as
fallback.

Signed-off-by: Paul Spooren <mail@aparcar.org>

qos-scripts: add ifbN device before setting the link up

commit 50413e1ec83dedaea44558d5f37af5454156a46a replaced ifconfig
with ip. In order to set a link state to up, the interface needs
to be added first.

Fixes: FS#3754
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
[Add Fixes tag]
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>

bcm4908: add kmod-gpio-button-hotplug

All bcm4908 devices are expected to have GPIO buttons to make relevant
package selected by default.
This "fixes" triggering failsafe mode.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

tools/cmake: update to 3.20.3 + build with Ninja

Compile with Ninja. Ninja compiles faster and is more stable with
parallel builds. Routines copied from cmake.mk.

Speed improves from:

Executed in 127.47 secs fish external
usr time 17.02 mins 446.00 micros 17.02 mins
sys time 1.18 mins 40.00 micros 1.18 mins

to:

Executed in 118.91 secs fish external
usr time 17.28 mins 499.00 micros 17.28 mins
sys time 1.13 mins 45.00 micros 1.13 mins

Signed-off-by: Rosen Penev <rosenp@gmail.com>

tools/squashfskit4: fix compilation under big endian

The macro used is for the wrong struct. Just byte swap manually.

Refreshed patches.

Tested on sparc64.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

tools/e2fsprogs: update to 1.46.2

Fix wrong FPIC flag to fix compilation under sparc64

Signed-off-by: Rosen Penev <rosenp@gmail.com>

hostapd: add support for setting sae_pwe

Make it possible to specify the SAE mechanism for PWE derivation. The
following values are possible:

0 = hunting-and-pecking loop only
1 = hash-to-element only
2 = both hunting-and-pecking loop and hash-to-element enabled

hostapd currently defaults to hunting-and-pecking loop only.

Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>

tools/libressl: update to 3.3.3

Fix wrong FPIC variable usage. Fixes compilation under sparc64 host.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

base-files: redirect kill ouptut for ash, telnetd and dropbear

If one of the programmes is not running, then we see the following
output in the logs.

`killall: telnetd: no process killed`

To ensure that the log is clean, redirect the output to /dev/null

Signed-off-by: Florian Eckert <fe@dev.tdt.de>

base-files: remove unused vn and _vn function

The remaining vn calls have been ported to v.
Therefore, these functions are no longer needed and will be removed.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>

base-files: change logging for upgrade on stage2

Remove vn call in favour of v call. This commit serves as preparation
for removing the vn function call.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>

base-files: add syslog logging for v function

The logging output should not only be displayed in the calling shell
session but also in the syslog. A sysupgrade and a configuration
import, export can thus be traced in the syslog.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>

base-files: upgrade: use zcat command provided by busybox

Calling `switch_to_ramfs()` will not copy the gzip executable
(/bin/gzip) to ramfs, but `/bin/zcat` will call `/bin/gzip` when
package gzip is installed, instead of the busybox-supplied zcat.
This will cause `zcat` to fail to find `gzip`, then cause the
sysupgrade to fail. Adding the `busybox` prefix here will solve
the problem.

Signed-off-by: Chuck Fan <fanck0605@qq.com>

busybox: disable bzip2

bzip2 adds about 8kb of size. For tiny builds it's often disabled.
It's not directly used by stock OpenWrt programs.
Kernel images compressed with bzip2 are also not fully supported.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
[fix \ indention]
Signed-off-by: Paul Spooren <mail@aparcar.org>

hostapd: stop advertising 11w feature

This is a follow up of 1a9b896d ("treewide: nuke DRIVER_11W_SUPPORT").
LuCI commit ab010406 ("luci-mod-network: skip check for 802.11w feature")
skips check of the 11w feature [1]. Now advertising it in hostapd is
superfluous so stop doing it.

[1]: https://github.com/openwrt/luci/pull/4689

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
[remove outdated PKG_RELEASE bump and update to SPDX]
Signed-off-by: Paul Spooren <mail@aparcar.org>

uhttpd: make organization (O=) of the cert configurable via uci

Make the organization (O=) of the cert configurable via uci. If not
configured, use a combination of "OpenWrt" and an unique id like it was
done before.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>

grub2: pass compilation parameters more accurately

In order for the grub2 boot-related code to compile normally, we have
made many adjustments to the compilation parameters. These adjustments
are not necessary for tools-related code. We apply these parameter
adjustments only to the boot-related code.

Signed-off-by: 李国 <uxgood.org@gmail.com>

grub2: make grub2 tools built in a separate variant

grub2 boot-related code and tools-related code may require different
compilation parameters. We split them into different variants for
compilation, so that we can accurately pass the required parameters and
avoid causing problems.

Signed-off-by: 李国 <uxgood.org@gmail.com>

grub2: make grub2-bios-setup as a separate package

The grub2 and grub2-efi packages should only contain boot-related code.
grub-bios-setup is the same as grub-editenv, they are both grub2 tools
and should be placed in a separate package.

Signed-off-by: 李国 <uxgood.org@gmail.com>
[use AUTORELEASE and update to SPDX]
Signed-off-by: Paul Spooren <mail@aparcar.org>

ramips: clean up dlink_dir-8xx-r1 recipe

* only add factory.bin when it's defined
* fix check-size vs. append-metadata
* whitespace/line break cleanup

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>

ramips: reorganize DTSI files for D-Link DIR-8xx

* Remove micro-DTSI mt7621_dlink_dir-882-x1.dtsi to ease reading
   config without too much inheritance
* Use "separate" partitioning DTSIs so we can use the partitioning
   without a complete match on the other settings (i.e. without the
   former parent DTSI)
* Rename files to express the new organization

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>

treewide: remove PKG_INSTALL from CMake packages

It's already default with cmake.mk

Found with:

git grep PKG_INSTALL\: | cut -d ':' -f 1 | sort -u > ins
git grep cmake.mk | cut -d ':' -f 1 > cmake
comm -1 -2 ins cmake

Signed-off-by: Rosen Penev <rosenp@gmail.com>

treewide: remove BUILD_PARALLEL from CMake packages

It's already default. The only exception is mt76 which has Ninja
disabled.

Found with:

git grep BUILD_PARALLEL | cut -d ':' -f 1 | sort -u > par
git grep cmake.mk | cut -d ':' -f 1 > cmake
comm -1 -2 par cmake

Signed-off-by: Rosen Penev <rosenp@gmail.com>

firmware-utils: tplink-safeloader: support Archer A6 v3 CA

The Canadian edition of the TP-Link Archer A6 v3 uses a different header, but
otherwise it's identical to the already supported EU/US editions.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Brian Lee <dev@leebrian.me>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>

build: Config-images: fix unit of partition sizes

The code interprets these config values as Mebibytes rather than
Megabytes so modify the description accordingly.

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
[fix commit title prefix]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>

tools/ccache: update to 4.3

Remove BUILD_PARALLEL as it's default now.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

mac80211: fix an issue with wds links on 802.11ax devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>

kernel: disable CONFIG_PCIE_BUS_PERFORMANCE

The option was added in 5.9 and for some reason, it is causing performance
issues at least on an APU2 board with the igb device.
Switch CONFIG_PCIE_BUS_DEFAULT to fix the performance issues and match the
older kernel's behavior

Signed-off-by: Felix Fietkau <nbd@nbd.name>

mac80211: remove extra patch accidentally added during rebase

Signed-off-by: Felix Fietkau <nbd@nbd.name>

kernel: make cryptoapi support needed by mac80211 built-in

This reduces the flash space impact, since built-in code is much smaller
than a bunch of kernel modules on squashfs

Signed-off-by: Felix Fietkau <nbd@nbd.name>

mac80211: remove patches stripping down crypto support

Use of WPA3 and things like FILS is getting much more common, and platforms
that can't affort the extra kilobytes for this code are fading away.
Let's not hold back modern authentication methods any longer

Signed-off-by: Felix Fietkau <nbd@nbd.name>

mac80211: system hang caused by deferring calls into minstrel to dequeue

Move the aggregation check to mac80211

Signed-off-by: Felix Fietkau <nbd@nbd.name>

mac80211: fix minstrel sample time check

We need to skip sampling if the next sample time is after jiffies, not before.
This patch fixes an issue where in some cases only very little sampling (or none
at all) is performed, leading to really bad data rates

Signed-off-by: Felix Fietkau <nbd@nbd.name>

mac80211: select iwinfo

Since iwinfo is now used in the core scripts, it needs to be present on the system

Signed-off-by: Felix Fietkau <nbd@nbd.name>

mac80211: fix processing HE capabilities (FS#3871)

Use the right argument to fix setting unsupported capabilities to 0

Signed-off-by: Felix Fietkau <nbd@nbd.name>

build: preserve profiles.json between builds

Keep other profiles.json content if the data belongs to the current
build version.

Also useful for the ImageBuilder, which builds for a single model each
time. Without this commit the profiles.json would only contain the
latest build profile information.

Signed-off-by: Moritz Warning <moritzwarning@web.de>
[improve commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>

ugps: start also in case device is absent

Don't bail out from init script in case the GPS device is missing.
Some modems take time to come up, and some people may use things like
'kplex' to feed ugpsd. Hence it is better to always start ugpsd
unconditionally and let procd's respawn take care of retrying.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

build: ensure that dash isn't prepended twice to abi version suffix

The ABIV_$(pkgname) variable already is formatted so return it as-is from
the GetABISuffix macro and only filter through FormatABISuffix if we read
the raw ABI version value from a version stamp file.

This ensures that binary intra-package dependencies on ABI versioned
libraries are properly formatted.

Ref: https://github.com/openwrt/packages/issues/15871
Fixes: f6a03bff5b ("build: prepend ABI suffixes with a dash if package name ends with digit")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

base-files: fix typo in config_generate MAC check

Fixes: 8d8eb9d13fc6 ("base-files: set MAC for bridge ports (devices) instead of bridge itself")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

base-files: set MAC for bridge ports (devices) instead of bridge itself

This restores the original config_generate behaviour. With MAC set for
bridged devices the bridge automatically gets its MAC adjusted (it picks
the lowest MAC of bridged devices).

This fixes confusing interfaces setup (bridge ports not having custom
MAC assigned).

Reported-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Fixes: e002179a6d2e ("base-files: simplify setting device MAC")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

build: prepend ABI suffixes with a dash if package name ends with digit

Ensure that ABI suffixes are separated with a dash from the package name if
the name happens to end with a digit. This implementation detail got lost
during the recent refactoring of the ABI_VERSION handling in buildroot.

Ref: https://github.com/openwrt/packages/pull/14237#issuecomment-860473585
Fixes: c921650382 ("build: drop ABI version from metadata")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

kernel: bump 5.10 to 5.10.43

No deleted or manually refreshed patches.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>

ramips: refresh at803x patch

This patch failed to apply, breaking builds for the ramips target.

Fixes commit c44cefceb3ad ("generic: kernel 5.4: fix probe error for AR803x PHYs")

Signed-off-by: David Bauer <mail@david-bauer.net>