This patch introduces support for Netgear WNDR4500v3. Router
is very similar to WNDR4300v2 and is based on the same PCB.
Information gathered from various Internet sources (including
https://patchwork.ozlabs.org/patch/809227/) shows following
differences to WNDR4300v2:
* two USB 2.0 ports with separate LEDs
* USB LEDs soldered to secondary pads
* WPS and RFKILL buttons soldered to secondary pads
* described as N900 device with 3x3:3 MIMO for 2.4GHz radio
* power supply requirement is DC 12V 2.5A
* vendor HW ID suffix differs in one digit
* bigger chassis
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
This patch introduces support for Netgear WNDR4300v2.
Specification
=============
* Description: Netgear WNDR4300 v2
* Loader: U-boot
* SOC: Qualcomm Atheros QCA9563 (775 MHz)
* RAM: 128 MiB
* Flash: 2 MiB SPI-NOR + 128 MiB SPI-NAND
- NOR: U-boot binary: 256 KiB
- NOR: U-boot environment: 64 KiB
- NOR: ART Backup: 64 KiB
- NOR: Config: 64 KiB
- NOR: Traffic Meter: 64 KiB
- NOR: POT: 64 KiB
- NOR: Reserved: 1408 KiB
- NOR: ART: 64 KiB
- NAND: Firmware: 25600 KiB (see notes for OpenWrt)
- NAND: Language: 2048 KiB
- NAND: mtdoops Crash Dump: 128 KiB
- NAND: Reserved: 103296 KiB
* Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8337)
* Wireless:
- 2.4 GHz b/g/n (internal)
- 5 GHz a/n (AR9580)
* USB: yes, 1 x USB 2.0
* Buttons:
- Reset
- WiFi (rfkill)
- WPS
* LEDs:
- Power (amber/green)
- WAN (amber/green)
- WLAN 2G (green)
- WLAN 5G (blue)
- 4 x LAN (amber/green)
- USB (green)
- WPS (green)
* UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1
* Power supply: DC 12V 1.5A
* MAC addresses: LAN=WLAN2G on case label, WAN +1, WLAN5G +2
Important Notes
===============
0. NOR Flash (2 MiB) is not touched by OpenWrt installation.
1. NAND Flash (128 MiB) layout under OpenWrt is changed as follows:
all space is split between 4 MiB kernel and 124 MiB UBI areas;
vendor partitions (language and mtdoops) are removed; kernel space
size can be further expanded if needed; maximum image size is set
to 25600k for compatibility reasons and can also be increased.
2. CPU clock is 775 MHz, not 750 MHz.
3. 5 GHz wireless radio chip is Atheros AR9580-AR1A with bogus PCI
device ID 0xabcd. For ath9k driver to load successfully, this is
overriden in DTS with correct value for this chip, 0x0033.
4. RFKILL button is wired to AR9580 pin 9 which is normally disabled
by chip definition in ath9k code (0x0000F4FF gpio mask). Therefore
'qca,gpio-mask=<0xf6ff>' hack must be used for button to work
properly.
5. USB port is always on, no GPIO for 5V power control has been
identified.
Installation
============
* TFTP recovery
* TFTP via U-boot prompt
* sysupgrade
* Web interface
Test build configuration
========================
CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_nand=y
CONFIG_TARGET_ath79_nand_DEVICE_netgear_wndr4300-v2=y
CONFIG_ALL_KMODS=y
CONFIG_DEVEL=y
CONFIG_CCACHE=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_IMAGEOPT=y
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
This patch adds 'qca,gpio-mask=<u32>' device tree property to ath9k node.
This optional setting is a hack and should only be used in very special
(and rare) cases when a button or LED is wired to a GPIO pin normally
masked out (due to being one-way etc). Netgear WNDR4300 v2 is one such
example - it uses GPI9 for RFKILL.
See ath9k/reg.h *_GPIO_MASK constants.
Use with caution and expect to see stream of kernel warnings if wrong
mask value is provided.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
If zram-backed swap is added after an existing swap, it gets a lower
priority. Assiming that usually all other swaps are slower, there should
be a way to assign a higher priority to zram swap.
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
This commit adds support for the D-Link DIR-505, previously supported in
ar71xx.
Hardware
--------
SoC: Atheros AR9330
FLASH: 8M SPI-NOR
RAM: 64M
WIFI: 1T1R 1SS Atheros AR9330
LED: Power green, Status red
BTN: WPS, Reset
Installation
------------
Currently, installation is only possible by sysupgrading from an earlier
OpenWrt version, U-Boot TFTP or a modded U-Boot. I do not have the
original bootloader from D-Link on my device anymore, so i cannot test
the factory image.
Signed-off-by: David Bauer <mail@david-bauer.net>
The depends are totally wrong. libunwind does not work with powerpc and
i386 as it needs glibc.
Instead of duplicating the platforms, just change the dependency.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
With this change it is now possible to switch off single instances of
the uhttpd config. Until now it was only possible to switch all
instances of uhttpd on or off.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Rekey GTK on STA disassociate
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Allows dtim_period to be configurable, the default is from hostapd.
Adds additional regulatory tunables for power constraint and spectrum
managment.
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
The present U-Boot for GL-AR750S has a limit of 2 MB for kernel size.
While sysupgrade can manage kernels up to the present limit of 4 MB,
directly flashing a factory.img with a kernel size greater than 2 MB
through U-Boot will result in an unbootable device.
This commit uses the newly-introduced check-kernel-size build
operation to prevent the output of factory.img when the kernel
exceeds 2 MB in size, yet permits output of sysupgrade.img
as long as the kernel is within KERNEL_SIZE := 4096k
Cc: Chuanhong Guo <gch981213@gmail.com>
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Certain boards have limitations on U-Boot that prevent flashing
of images where the kernel size exceeds a threshold, yet
sysupgrade can sucessfully manage larger kernels. The current
check-size will remove the target artifact if its total size
exceeds the threshold. If applied after append-kernel,
it will remove the kernel, but the remaining image-assembly
steps will continue, resulting in an image without a kernel
that is likely unbootable.
By defining check-kernel-size, it is now possible to prevent release
of such unbootable images through a construct similar to:
IMAGE/factory.img := append-kernel | pad-to $$$$(GL_UBOOT_UBI_OFFSET) | \
append-ubi | check-kernel-size $$$$(GL_UBOOT_UBI_OFFSET)
Cc: Chuanhong Guo <gch981213@gmail.com>
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Failsafe code of dropbear should be in the dropbear package not the
base-files package.
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
NAS devices certainly need to have hdparm to configure
things like spin-down time or their disks will be
constantly spinning. Just catenate CONFIG_HDPARM=y
on these configs.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
The memory hacks got removed from ath10k with 1e27bef ("mac80211: remove
ath10k_pci memory hacks"). As this device has low amount of RAM, switch
to ath-10k-ct small buffers variant, to avoid the OOM Reaper.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
The 'DEFAULT:=m if ALL' line prevents the phase1 buildbots from building
the package, and users from downloading it, since they use 'ALL_KMODS=y'
but 'ALL' is not set.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This reorganizes 02_network board.d files based on what's done for
ath79 and ramips: Instead of putting all settings into a single big
case, the interface/dsl/MAC address setup is put into separate
functions with a specific switch case for each of them. This makes
grouping of devices much easier and should be easier to read, too.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
DSL setup consists of the same commands for all subtargets, so move it
into a helper function.
While at it, remove shebang from library file.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This splits the device-dependent base-files into subtarget directories,
like done recently for ath79 and ramips. While this increases the
overall lines of codes, it will make the code per subtarget smaller
and easier to keep track of features and devices.
While at it, several variables at the top of 02_network are removed,
as they were never changed. The values are put directly into the
function calls where they are used.
Remove unneeded LED setup from 01_leds, and remove 01_leds entirely
for falcon subtarget (as it is not used there).
Applies alphabetic reordering to device cases in base-files.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Implement the suggestions laid out in README_PACKAGERS, mainly by preventing
the stripping of the internal vgpreload*.so libraries.
Also retain the symbol information of valgrind's private helper executables
and enable LTO as suggested in the packagers readme.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Setting CONFIG_IPK_FILES_CHECKSUMS=y causes sha256 checksum files to be
included with the packages to check for corruption. This commit fixes two
issues:
- /sbin/pkg_check was being removed incorrectly if IPK_FILES_CHECKSUMS=y
- checksums were being saved in the wrong file
Signed-off-by: Xu Wang <xwang1498@gmx.com>
Add missing calls to `free` for variable `mem`.
Add missing call to `fclose` for variable `f`.
The same changes were made in both `mkfwimage.c` and `mkfwimage2.c`.
Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
Add missing `fclose` calls for file pointers `kern_fp`, `fs_fp`
and `out_fp`.
Not closing files could lead to resource leaks.
Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
Add missing calls to `free` for variable `buffer`.
This could lead to a memory leak.
Add missing call to `close` for file pointer `fdin`.
This could lead to a resource leak.
Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
Add missing calls to `fclose` in functions `write_img`, `write_rootfs`
and `write_kernel`.
The not-closed files could lead to resource leaks.
Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
The wpa_supplicant supports certificate subject validation via the
subject match(2) and altsubject_match(2) fields. domain_match(2) and
domain_suffix_match(2) fields are also supported for advanced matches.
This validation is especially important when connecting to access
points that use PAP as the Phase 2 authentication type. Without proper
validation, the user's password can be transmitted to a rogue access
point in plaintext without the user's knowledge. Most organizations
already require these attributes to be included to ensure that the
connection from the STA and the AP is secure. Includes LuCI changes via
openwrt/luci#3444.
From the documentation:
subject_match - Constraint for server certificate subject. This substring
is matched against the subject of the authentication server certificate.
If this string is set, the server sertificate is only accepted if it
contains this string in the subject. The subject string is in following
format: /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as
.example.com
subject_match2 - Constraint for server certificate subject. This field is
like subject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST
tunnel) authentication.
altsubject_match - Constraint for server certificate alt. subject.
Semicolon separated string of entries to be matched against the
alternative subject name of the authentication server certificate. If
this string is set, the server sertificate is only accepted if it
contains one of the entries in an alternative subject name extension.
altSubjectName string is in following format: TYPE:VALUE Example:
EMAIL:server@example.com Example:
DNS:server.example.com;DNS:server2.example.com Following types are
supported: EMAIL, DNS, URI
altsubject_match2 - Constraint for server certificate alt. subject. This
field is like altsubject_match, but used for phase 2 (inside
EAP-TTLS/PEAP/FAST tunnel) authentication.
domain_match - Constraint for server domain name. If set, this FQDN is
used as a full match requirement for the
server certificate in SubjectAltName dNSName element(s). If a
matching dNSName is found, this constraint is met. If no dNSName
values are present, this constraint is matched against SubjectName CN
using same full match comparison. This behavior is similar to
domain_suffix_match, but has the requirement of a full match, i.e.,
no subdomains or wildcard matches are allowed. Case-insensitive
comparison is used, so "Example.com" matches "example.com", but would
not match "test.Example.com". More than one match string can be
provided by using semicolons to
separate the strings (e.g., example.org;example.com). When multiple
strings are specified, a match with any one of the values is considered
a sufficient match for the certificate, i.e., the conditions are ORed
together.
domain_match2 - Constraint for server domain name. This field is like
domain_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel)
authentication.
domain_suffix_match - Constraint for server domain name. If set, this
FQDN is used as a suffix match requirement for the AAA server
certificate in SubjectAltName dNSName element(s). If a matching dNSName
is found, this constraint is met. If no dNSName values are present,
this constraint is matched against SubjectName CN using same suffix
match comparison. Suffix match here means that the host/domain name is
compared one label at a time starting from the top-level domain and all
the labels in domain_suffix_match shall be included in the certificate.
The certificate may include additional sub-level labels in addition to
the required labels. More than one match string can be provided by using
semicolons to separate the strings (e.g., example.org;example.com).
When multiple strings are specified, a match with any one of the values
is considered a sufficient match for the certificate, i.e., the
conditions are ORed together. For example,
domain_suffix_match=example.com would match test.example.com but would
not match test-example.com. This field is like domain_match, but used
for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication.
domain_suffix_match2 - Constraint for server domain name. This field is
like domain_suffix_match, but used for phase 2 (inside
EAP-TTLS/PEAP/FAST tunnel) authentication.
Signed-off-by: David Lam <david@thedavid.net>
Package new kmods "nf_tables_set" and "nft_objref" which got introduced
with kernel 4.18 and restrict the old "nft_set_rbtree" and "nft_set_hash"
modules to sub-4.18 versions.
Also reorder the nftables related netfilter.mk entries alphabetically
while touching this code section.
Fixes: FS#2699
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2699#comment7450
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Network interfaces are looked up based on the device behind a phy, so the
phy needs to be checked separately
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This splits some base-files across subtargets, as done previously
on ath79 and ramips and also introduced for mt7629 subtarget here
already. Most of the existing base-files content is specific to
mt7623.
While at it, apply the following fixes:
- Remove lots of trailing whitespaces
- Remove wildcard on unielec,u7623-02-emmc-512m
- Remove inconsistent quotation marks in cases
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: John Crispin <john@phrozen.org>
The Aruba AP-303H is the hospitality version of the Aruba AP-303 with a
POE-passthrough enabled ethernet switch instead of a sigle PHY.
Hardware
--------
SoC: Qualcomm IPQ4029
RAM: 512M DDR3
FLASH: - 128MB SPI-NAND (Macronix)
- 4MB SPI-NOR (Macronix MX25R3235F)
TPM: Atmel AT97SC3203
BLE: Texas Instruments CC2540T
attached to ttyMSM1
ETH: Qualcomm QCA8075
LED: WiFi (amber / green)
System (red / green /amber)
PSE (green)
BTN: Reset
USB: USB 2.0
To connect to the serial console, you can solder to the labled pads next
to the USB port or use your Aruba supplied UARt adapter.
Do NOT plug a standard USB cable into the Console labled USB-port!
Aruba/HPE simply put UART on the micro-USB pins. You can solder yourself
an adapter cable:
VCC - NC
D+ - TX
D- - RX
GND - GND
The console setting in bootloader and OS is 9600 8N1. Voltage level is
3.3V.
To enable a full list of commands in the U-Boot "help" command, execute
the literal "diag" command.
Installation
------------
1. Get the OpenWrt initramfs image. Rename it to ipq40xx.ari and put it
into the TFTP server root directory. Configure the TFTP server to
be reachable at 192.168.1.75/24. Connect the machine running the TFTP
server to the E0 (!) ethernet port of the access point, as it only
tries to pull from the WAN port.
2. Connect to the serial console. Interrupt autobooting by pressing
Enter when prompted.
3. Configure the bootargs and bootcmd for OpenWrt.
$ setenv bootargs_openwrt "setenv bootargs console=ttyMSM0,9600n8"
$ setenv nandboot_openwrt "run bootargs_openwrt; ubi part aos1;
ubi read 0x85000000 kernel; set fdt_high 0x87000000;
bootm 0x85000000"
$ setenv ramboot_openwrt "run bootargs_openwrt;
setenv ipaddr 192.168.1.105; setenv serverip 192.168.1.75;
netget; set fdt_high 0x87000000; bootm"
$ setenv bootcmd "run nandboot_openwrt"
$ saveenv
4. Load OpenWrt into RAM:
$ run ramboot_openwrt
5. After OpenWrt booted, transfer the OpenWrt sysupgrade image to the
/tmp folder on the device. You will need to plug into E1-E3 ports of
the access point to reach OpenWrt, as E0 is the WAN port of the
device.
6. Flash OpenWrt:
$ ubidetach -p /dev/mtd16
$ ubiformat /dev/mtd16
$ sysupgrade -n /tmp/openwrt-sysupgrade.bin
To go back to the stock firmware, simply reset the bootcmd in the
bootloader to the original value:
$ setenv bootcmd "boot"
$ saveenv
Signed-off-by: David Bauer <mail@david-bauer.net>
The Ubiquiti ToughSwitch 5XP is a 5-port PoE Gigabit switch with a single
Fast-Ethernet management port. It supports both 24V passive PoE out on all
five ports.
Flash: 8 MB
RAM: 64 MB
SoC: AR7242
Switch: ar8327
USB: 1x USB 2.0
Ethernet: 5x GbE, 1x FE
Installation of the firmware is possible either via serial + tftpboot or
the factory firmware update function via webinterface.
By default the single Fast-Ethernet port labeled "MGMT" is configured
as the WAN port. Thus access to the device is only possible via the
five switch ports.
Serial: 3v3 115200 8n1
The serial header is located in the lower left corner of the switches PCB:
```
|
|
|
| o
| o RX
| o TX
| o GND
|
|
++ +-++-+ ++ ++ +
+--+ ++ +--++--++--+
```
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
[remove ubnt,sw compatible - fix spelling - wrap commit message -
remove superfluous phy-mode property]
Signed-off-by: David Bauer <mail@david-bauer.net>
This device OOPs during the boot due to broken flash. It can be probably
fixed with `broken-flash-reset` once ramips is on 4.19 kernel.
So disable images for this device until its fixed.
Ref: FS#2695, PR#2483
Signed-off-by: Petr Štetiar <ynezz@true.cz>
With this change the well known jshn library will be used, to build the
json arguments for the ubus sysupgrade method. This is also used in all
other shell program that uses JSON. This commit unifies that.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This activates PIE ASLR support by default when the regular option is
selected.
Size increase on x86/64:
odhcpd-ipv6only Installed-Size: 36821 -> 38216
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This activates PIE ASLR support by default when the regular option is
selected.
Size increase on x86/64:
procd Installed-Size: 44931 -> 47362
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This activates PIE ASLR support by default when the regular option is
selected.
Size increase on x86/64:
ubus Installed-Size: 5602 -> 5950
ubusd Installed-Size: 11643 -> 12119
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This activates PIE ASLR support by default when the regular option is
selected.
This increases the binary size by 39% uncompressed and 21% compressed
on MIPS BE.
old:
33,189 /usr/sbin/uhttpd
23,016 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk
new:
46,212 /usr/sbin/uhttpd
27,979 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
This activates PIE ASLR support by default when the regular option is
selected.
This increases the binary size by 26% uncompressed and 16% compressed
on MIPS BE.
old:
460,933 /usr/sbin/wpad
283,891 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk
new:
584,508 /usr/sbin/wpad
330,281 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
This activates PIE ASLR support by default when the regular option is
selected.
This increases the binary size by 18% uncompressed and 17% compressed
on MIPS BE.
old:
164,261 /usr/sbin/dropbear
85,648 dropbear_2019.78-2_mips_24kc.ipk
new:
194,492 /usr/sbin/dropbear
100,309 dropbear_2019.78-2_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
This activates PIE ASLR support by default when the regular option is
selected.
This increases the binary size by 37% uncompressed and 18% compressed
on MIPS BE.
old:
146,933 /usr/sbin/dnsmasq
101,837 dnsmasq_2.80-14_mips_24kc.ipk
new:
202,020 /usr/sbin/dnsmasq
120,577 dnsmasq_2.80-14_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
This tristate choose allows to select to build only some applications
with PIE enabled. On MIPS binaries are getting about 30% bigger when PIE
is activated for the, which is a huge increase.
Network exposed applications like dnsmasq should then be build with PIE
enabled, but some applications which are normally not parsing data from
the network do not have it activated. The regular option should give a
good trade off between extra flash and RAM memory usage and security.
This changes the default from building no applications with PIE to build
some specifically marked applications with PIE enabled. This option is
only activated for targets with bigger flash and RAM to not consume
extra memory on the very small targets. On SDK builds the Regular option
should always be selected, because some tiny targets share the
applications with big targets and only the images for the tiny targets
should contain the none PIE applications, but the images for the normal
targets should use PIE. The shared packages should always use PIE when
it should be normally activated.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>