When using FullMAC drivers (e.g. brcmfmac) we don't get mgmt frames so
check for banned client in probe request handler won't ever be used.
Since cfg80211 provides us info about STA associating let's put a check
there.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Backport of r47064
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47065 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r47055
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47060 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r47053
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47054 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r47050
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47051 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r47045
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47046 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r47042
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47044 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r47026
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47027 3c298f89-4303-0410-b956-a3cf2f4a3e73
Even though there are not many users left within the OpenWrt tree it seems
this function broke during the kernel 3.18 transition.
Fix it by providing a workdir as required by overlayfs.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Backport of r47015
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47016 3c298f89-4303-0410-b956-a3cf2f4a3e73
The checksum doesn't match the file on mirror2.openwrt.org.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Backport of r47010
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47011 3c298f89-4303-0410-b956-a3cf2f4a3e73
The mips reloc patch introduced new allocations which were done before
add_unformed_module but never freed them in case of an error. A new hook in
Linux 3.19 called module_arch_freeing_init can be used for freeing memory
which were allocated during this init phase.
The problem can be seen when trying to load a module (via busybox insmod)
when it was already loaded.
free -m
for i in `seq 1 100`; do
/sbin/insmod /lib/modules/*/ath9k.ko >& /dev/null
done
free -m
This simple loop would leak ~3.2 MB.
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
Backport of r46247
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47004 3c298f89-4303-0410-b956-a3cf2f4a3e73
Currently, multicast packets from an STA are sent to any according
multicast listener directly through the bridge multicast-to-unicast
feature. Unfortunately, so far this includes the originating STA, too,
resulting in multicast packets being echo'ed back to the originating STA
if it itself is a multicast listener for that group.
This behaviour breaks IPv6 duplicate address detection: An IPv6 Neighbor
Solicitation for IPv6 Duplicate Address Detection is being echo'ed back,
resulting in the host falsely detecting an address collision, which
makes the node unable to claim an IPv6 address and use IPv6 in general.
Mac80211 unfortunately only prevents the echoes for us for multicast
frames. For the multicast frames cast to a unicast destination we'll
need to take care of excluding the originator ourselves.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Backport of r46765
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47003 3c298f89-4303-0410-b956-a3cf2f4a3e73
commit r30917 ("kernel: bypass all netfilter hooks if the sysctls for that
functionality have been disabled - eliminates the overhead of enabling
CONFIG_BRIDGE_NETFILTER in the kernel config") introduced an optimization
which should reduce/eliminate the overhead for traffic send over bridges on
kernels compiled with CONFIG_BRIDGE_NETFILTER=y. But this optimization
breaks the nf_call_iptables per bridge setting which is more fine grained
than the global sysctl net.bridge.bridge-nf-call-iptables setting.
A test reflecting a real world setup was created to identify if this really
eliminates the overhead and if per-bridge nf_call_iptables could be used in
some setups to increase the throughput. A Qualcomm Atheros QCA9558 based
system with one ethernet and an ath9k wifi 3x3 in HT40 mode was used.
Cables from the AP to the wifi station were used to reduce interference
problems during the tests.
The wlan interface was put in one bridge interface called br-wlan. This
bridge usually contains some more wlan interfaces. The eth0 was put in a
second bridge called br-lan. This usually contains some other privileged
wlan or mesh interfaces. Routing was added between br-lan and br-wlan.
Three kernels were tested:
* (default) OpenWrt kernel for this device
* (brfilter-global) OpenWrt kernel with CONFIG_BRIDGE_NETFILTER=y
* (brfilter-local) OpenWrt kernel with CONFIG_BRIDGE_NETFILTER=y and
without 644-bridge_optimize_netfilter_hooks.patch
The changes to the the netfilter settings of the bridge were done via:
* (brfilter-global) /sbin/sysctl -w net.bridge.bridge-nf-call-iptables=1
* (brfilter-lobal) echo 1 > /sys/class/net/br-lan/bridge/nf_call_iptables
and/or echo 1 > /sys/class/net/br-wan/bridge/nf_call_iptables
A station connected to the wlan0 (AP) interface was used to send traffic to
a PC connected via ethernet. iperf with 3 concurrent transmissions was used
to generate the traffic.
| kernel | br-nf-* global | nf-call* iface | download | upload |
|-----------------|----------------|----------------|----------|----------|
| default | 0 | - | 209 | 268 |
| brfilter-global | 0 | - | 185 | 243 |
| brfilter-local | 0 | - | 187 | 243 |
| brfilter-local | 0 | br-lan | 157 | 226 |
| brfilter-local | 0 | br-lan br-wlan | 139 | 161 |
| brfilter-global | 1 | - | 136 | 162 |
Download/upload results in Mibit/s
It can be seen that the patch doesn't eliminate the overhead. It can also
be seen that the throughput of brfilter-global and brfilter-local with
disabled filtering is the roughly the same. Also the throughput for
brfilter-global and brfilter-local for enabled filtering on all bridges is
roughly the same.
But also the brfilter-local throughput is higher when only br-lan requires
the filtering. This setting would not be possible with
644-bridge_optimize_netfilter_hooks.patch applied and thus can only be
compared with brfilter-global and filtering enabled for all interfaces.
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
Backport of r46835
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47002 3c298f89-4303-0410-b956-a3cf2f4a3e73
A call to pskb_may_pull() might reallocate skb->data. Therefore we
should only assign the src-pointer after any potential reallocations.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r46721
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47001 3c298f89-4303-0410-b956-a3cf2f4a3e73
This reverts commit a080e8e1943156168913d0353a2e99d1151102aa.
It did not fix the problem but just hid some symptom. The real issue was
that IGMP/MLD report suppression was not considered for the
multicast-to-unicast feature. A recent netifd which isolates IGMP/MLD
reports between STAs by utilizing AP-isolation and bridge-hairpinning
should have fixed this.
It is perfectly fine to apply multicast-to-unicast to IPv6 Neighbor
Solicitations, too (once that feature is configured correctly).
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r46720
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47000 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: John Crispin <blogic@openwrt.org>
Backport of r46962
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46996 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r46993
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46995 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r46992
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46994 3c298f89-4303-0410-b956-a3cf2f4a3e73
Our ruleset requires kernel support for conntrack state matching, therfore
depend on the require kmod. Fixes#20542.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Backport of r46990
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46991 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Backport of r46986
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46988 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r46985
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46987 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r46904
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46905 3c298f89-4303-0410-b956-a3cf2f4a3e73
This isn't that important due to different NAND driver but keeps DTS and
backports consistent.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Inspired by r46892 (trunk).
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46902 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r46900
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46901 3c298f89-4303-0410-b956-a3cf2f4a3e73
It was accidentally added in r46094.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46849 3c298f89-4303-0410-b956-a3cf2f4a3e73
Split the opkg.conf into three files, to make it easier to support custom
feeds and configs:
* /etc/opkg.conf -> base opkg configuration
* /etc/opkg/distfeeds.conf -> default Openwrt package feeds
* /etc/opkg/customfeeds.conf -> custom package feeds
Of these three, only the base opkg.conf and the customfeeds.conf is marked
as to be kept, so that the distfeeds.conf from the image is always used.
To ease migration, a script is added that moves any feeds from /etc/opkg.conf
to /etc/opkg/customfeeds.conf on first boot.
Also ensure that any keys used for verification are also kept in upgrade.
Backport of r46491.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46848 3c298f89-4303-0410-b956-a3cf2f4a3e73
It was corrupted in r38528. The most obvious symptom is repeated messages like this:
Tue Sep 8 08:25:18 2015 kern.warn kernel: [77141.972226] br-lan: received packet on wlan0 with own address as source address
Signed-off-by: Dmitry Ivanov <dima@ubnt.com>
Backport of r46821
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46822 3c298f89-4303-0410-b956-a3cf2f4a3e73
It also uses different block size just like WGR614 V10.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Backport of r46810
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46812 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r46807
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46808 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: John Crispin <blogic@openwrt.org>
Backport of r46766
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46767 3c298f89-4303-0410-b956-a3cf2f4a3e73
backport of r46737
Add CONFIG_IEEE80211W variable to DRIVER_MAKEOPTS so that 802.11w
support is properly compiled in full variant.
This fixes#20179
Signed-off-by: Janusz Dziemidowicz <rraptorr@nails.eu.org>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46751 3c298f89-4303-0410-b956-a3cf2f4a3e73
backport of r46749
Without this patch adding the wifi device to the bridge may fail
because the bridge is not already configured when the wifi device gets
configured. This patch makes broadcom-wl wait till the bridge is ready.
This fixes#17262
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46750 3c298f89-4303-0410-b956-a3cf2f4a3e73
This also adds one patchset of pending changes that fix support for
multiple interfaces. It was somehow broken.
Driver couldn't correctly match firmware and system interfaces resulting
in not working APs and WARNINGs.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46736 3c298f89-4303-0410-b956-a3cf2f4a3e73
This prepares some place for backporting extra patches.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46735 3c298f89-4303-0410-b956-a3cf2f4a3e73
/etc/uci-defaults/02_network had a typo, making it generate the wrong
network config.
Closes#20407.
Backport of r46727.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46728 3c298f89-4303-0410-b956-a3cf2f4a3e73
Properly treat -ENOSYS as no PHY, else ehci-orion won't work without
generic phy support.
Backport of r46711.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46712 3c298f89-4303-0410-b956-a3cf2f4a3e73
The ipw2x00 drivers assume that the system they are running is little
endian, and access everything in native byte order. When run on a big
endian system, everything breaks apart.
Since fixing this is non trivial on a first glance, disable them for
big endian targets.
Backport of r46708.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46710 3c298f89-4303-0410-b956-a3cf2f4a3e73
Some CFEs seem to misconfigure the mapped memory flash access with
fast read but without a dummy byte, causing all accesses to be prefixed
with 0xff.
This of course breaks reading out the nvram, so do not just move back to
single i/o accessors, but also ensure that the dummy byte is correctly
set.
Backport of r46707.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46709 3c298f89-4303-0410-b956-a3cf2f4a3e73
Thanks Sebastian for spotting it.
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46698 3c298f89-4303-0410-b956-a3cf2f4a3e73
Rafał Miłecki
Felix Fietkau
Jo-Philipp Wich
Steven Barth
Jonas Gorski
Hauke Mehrtens
Imre Kaloz