This allows the network interface naming to be stable, free from any
possible interaction from external USB network devices that might
claim usb* interface names.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This allows the network interface naming to be stable, free from any
possible interaction from external USB network devices that might
claim usb* interface names.
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18509
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This allows the network interface naming to be stable, free from any
possible interaction from external USB network devices that might
claim usb* interface names.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This allows the network interface naming to be stable, free from any
possible interaction from external USB network devices that might
claim usb* interface names.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
ELECOM WRC-X3000GS2 is a 2.4/5 GHz band 11ax (Wi-Fi 6) router, based on
IPQ5018.
Specification:
- SoC : Qualcomm IPQ5018
- RAM : DDR3 256 MiB (Zentel A3T2GF40CBF-HP)
- Flash : SPI-NAND 128 MiB (Macronix MX35UF1G24AD-Z4I)
- WLAN : 2.4/5 GHz 2T2R
- 2.4 GHz : Qualcomm IPQ5018 (SoC)
- 5 GHz : Qualcomm Atheros QCN6102
- Ethernet : 5x 10/100/1000 Mbps
- wan (phy) : Qualcomm IPQ5018 (SoC)
- lan (switch) : Qualcomm Atheros QCA8337
- LEDs/Keys (GPIO): 8x/3x
- UART : through-hole on PCB, 4pins near the barcode
- assignment : 3.3V, TX, RX, NC, GND from the barcode side
- settings : 115200n8
- Power : 12 VDC, 1 A (Max. 11.5W)
Flash instruction using initramfs-factory.bin image:
1. Boot WRC-X3000GS2 normally with router mode
2. Access to the WebUI ("http://192.168.2.1/") on the device and open
the firmware update page ("ファームウェア更新")
3. Select the OpenWrt factory.bin image and click apply ("適用") button
4. Wait ~120 seconds to complete flashing
Switching to the stock firmware:
1. Load the elecom.sh script
. /lib/upgrade/elecom.sh
2. Check the current index of rootfs
bootconfig_rw_index 0:bootconfig rootfs
3. Set the index to inverted value
bootconfig_rw_index 0:bootconfig rootfs <value>
bootconfig_rw_index 0:bootconfig1 rootfs <value>
example:
- step2 returned "0":
bootconfig_rw_index 0:bootconfig rootfs 1
bootconfig_rw_index 0:bootconfig1 rootfs 1
- step2 returned "1":
bootconfig_rw_index 0:bootconfig rootfs 0
bootconfig_rw_index 0:bootconfig1 rootfs 0
4. Reboot
Partition Layout (Stock FW):
0x000000000000-0x000000080000 : "0:SBL1"
0x000000080000-0x000000100000 : "0:MIBIB"
0x000000100000-0x000000140000 : "0:BOOTCONFIG"
0x000000140000-0x000000180000 : "0:BOOTCONFIG1"
0x000000180000-0x000000280000 : "0:QSEE"
0x000000280000-0x000000380000 : "0:QSEE_1"
0x000000380000-0x0000003c0000 : "0:DEVCFG"
0x0000003c0000-0x000000400000 : "0:DEVCFG_1"
0x000000400000-0x000000440000 : "0:CDT"
0x000000440000-0x000000480000 : "0:CDT_1"
0x000000480000-0x000000500000 : "0:APPSBLENV"
0x000000500000-0x000000640000 : "0:APPSBL"
0x000000640000-0x000000780000 : "0:APPSBL_1"
0x000000780000-0x000000880000 : "0:ART"
0x000000880000-0x000000900000 : "0:TRAINING"
0x000000900000-0x000003c40000 : "rootfs"
0x000003c40000-0x000003fc0000 : "Config"
0x000003fc0000-0x000007300000 : "rootfs_1"
0x000007300000-0x000007680000 : "Config_2"
0x000007680000-0x000007b80000 : "Reserved"
0x000007b80000-0x000007c00000 : "FWHEADER"
0x000007c00000-0x000007c80000 : "Factory"
Known Issues:
- All Wi-Fi related peripherals are disabled.
This device has only 256 MiB RAM and it's too few for ath11k. To
prevent OOM when using LuCI or other softwares, disable Wi-Fi related
peripherals in device tree at the moment.
- This device has a Macronix MX35UF1G24AD SPI-NAND chip registered as
oobsize=128 in Linux Kernel. But using BCH8 breaks I/O on the chip
with the following errors, so this support uses BCH4 instead.
root@OpenWrt:~# strings /dev/mtdblock10
[26427.133154] mtdblock: MTD device '0:appsblenv' is NAND, please consider using UBI block devices instead.
[26427.134125] I/O error, dev mtdblock10, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 4 prio class 2
[26427.142240] I/O error, dev mtdblock10, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 3 prio class 2
[26427.151427] I/O error, dev mtdblock10, sector 16 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 2
[26427.160440] I/O error, dev mtdblock10, sector 24 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[26427.169619] I/O error, dev mtdblock10, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[26427.178083] Buffer I/O error on dev mtdblock10, logical block 0, async page read
Notes:
- This device has dual-boot feature and it's managed by the index in the
0:bootconfig and 0:bootconfig1 partitions.
MAC Addresses:
LAN : 38:97:A4:xx:xx:60 (0:APPSBLENV, "eth1addr"/"ethaddr" (text))
WAN : 38:97:A4:xx:xx:63 (0:APPSBLENV, "eth0addr" (text))
2.4 GHz: 38:97:A4:xx:xx:61 (0:APPSBLENV, "wifi0" (text))
5 GHz : 38:97:A4:xx:xx:62 (0:APPSBLENV, "wifi1" (text))
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18543
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add support for ELECOM WRC-X3000GS2 to update "bootdelay" variable
configured as "0" by default when sysupgrade.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18543
Signed-off-by: Robert Marko <robimarko@gmail.com>
Changes: https://github.com/u-boot/u-boot/compare/v2025.01...v2025.04
Drop patch 100-rockchip-add-FriendlyElec-NanoPi-R3S.patch. U-Boot
upstream now supports this board.
Tested on Radxa ROCK 5B+.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The TP-link Deco X80-5G is a AX WIFI router with a single 1G (LAN) and 1 2.5G (WAN) port with a built in Quectel 5G modem.
Specifications:
Architecture ARMv8-A (aarch64 Cortex A53, 4 cores)
Vendor Qualcomm
Bootloader U-Boot (2016)
System-On-Chip Qualcomm IPQ8074A (Networking Pro 1210 platform)
CPU/Speed 2.2GHZ
Flash-Chip ESMT F59D1G81MB-45TI 1G-bit NAND
Flash MB 128MB (1Gbit)
RAM-chip 2* ESMT M15T4G16256A-DEBG2G 2Gb DDR3L (32bit)
RAM MB 512MB (4Gbit)
WLan System-On-Chip (5g) Qualcomm QCN5054
WLan Front end modules (5g) 8* Qorvo QPF4588
WLAN (5G) A/N/AC/AX
WLAN Antenna (int) 8* (4 shared with 2.5G)
WLan System-On-Chip (2.4G) Qualcomm QCN5024
WLan Front end modules (2.4G) 4* Skyworks SKY85340-11
WLAN (2.4G) B/G/N/AX
WLAN Antenna (int) 4* (shared with 5g)
Eithernet-phy (1Gbit) Qualcomm (Atheros) AR8033-AL1A
Ethernet (1Gbit) 1*
Eithernet-phy (2.5Gbit) Qualcomm QCA8081
Ethernet (2.5Gbit) 1*
Switch Embedded in the SOC?
Serial 1.8v 8n1 (testpoints)
Modem System-On-Chip Qualcomm 5G RG50xQ (Snapdragon X55 platform)
5G modem capability 5000Mbps down 900Mbps up
5G modem bands N1/N3/N5/N7/N8/N20/N28/N38/N40/N41/N77/N78/N79
4G modem capability 4.5G LTE-Advanced Pro (Cat20 down 2Gbps) (Cat18 up 200Mbps)
4G modem FDD bands B1/B3/B5/B7/B8/B18/B19/B20/B26/B28
4G modem TDD bands B34/B38/B39/B40/B41/B42/B43
Modem antenna (int) 8* (5G/4G use)
Modem antenna (ext) 2* SMA connectors (5G/4G use)
SIM type 1* Nano SIM
Telephony 1* POTS RJ11
(see wiki for more info:)
https://openwrt.org/inbox/toh/tp-link/x80-5g_v1
Notes:
Installation Instructions:
Between antennas 7 and 8 on the PCB with the RGB harness there are three test pads labelled TP1 TP2 and TP3 connections are as follows:
|TP2|-- RX
|TP1|-- TX
|TP3|-- GND
RX requires an external pullup to operate somewhere around 5 K ohm but your luck may vary the Uart is 1.8v
Set a static IP and set up a tftpserver and terminal.
power the router and quickly type the magic string “tpl” and press enter to break into u-boot
in the shell set the environment variables to enable tftp booting
setenv ipaddr (routerIP)
setenv serverip (server IP)
load you initramfs:
tftpboot 0x44000000 (serverIP):openwrt-qualcommax-ipq807x-tplink_x80-5g-initramfs-uImage.itb
boot your initramfs
bootm
upload your factory image to /tmp
format and install the factory image:
ubiformat /dev/mtd12 -y -f /tmp/openwrt-qualcommax-ipq807x-tplink_x80-5g-squashfs-factory.ubi
Note as this device swaps root partitions upon update your boot partition may be set as mtd13
Update script to mount factory tplink partition's for MAC recovery and device data.
Capture Labelmac from Factory_data partition.
Patch LAN from Labelmac.
Patch ART from Labelmac.
Set GPIO to make modem operational from boot.
GPIO fan tables work like the stock device with three fan maps high active idle with a top fan speed of 6800 RPM.
High temp 70 deg speeds 6-8
Active temp 50 deg speeds 2-5
low temp 25 degree speed 0-1
Signed-off-by: jonathan brophy <professor_jonny@hotmail.com>
Link: https://github.com/openwrt/openwrt/pull/16329
Signed-off-by: Robert Marko <robimarko@gmail.com>
Prevent flashing truncated or otherwise corrupted uImage.FIT images
by verifying checksums and hashes of all sub-images before flashing
using the newly packaged fit_check_sign tool.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Introduce special handling for return code 74 (EBADMSG) of
platform_check_image which will mark the image as broken and hence
not allow the user to override the check using the --force option.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
APK is currently broken when built with GCC15 and LTO as it will then hang
indefinitevely on the package/install step.
Luckily, upstream was able to find the issue and fix it, so lets backport
the fix as GCC15 is the default compiler on Fedora 42(And soon more distros)
Link: https://github.com/openwrt/openwrt/pull/18549
Signed-off-by: Robert Marko <robimarko@gmail.com>
The Xiaomi MiWiFi 3A wireless router has a similar system architecture as the Xiaomi Mi 4A router, which is already officially supported by OpenWrt.
Product website: https://www.mi.com/miwifi3a
Device specification
--------------------
SoC: MT7628AN MIPS_24KEc @ 580 MHz 2.4G-bgn 2x2
WiFi: MT7612EN 5G-an, ac 80 MHz 2T2R
Flash: 16 MB
DRAM: 64 MB
Switch: MT7628AN (integrated in SoC)
Ethernet: 1 x 10 /100 Mbps
USB: None
Antennas: 2 x 2,4 GHz and 2 x 5 GHz (all are external and non-detachable)
LEDs: blue/red/amber
Buttons: Reset
Serial: 115200,8n1
MAC addresses as verified by OEM firmware:
------------------------------------------
use address source
LAN *:DD factory 0x28
WAN *:DD factory 0x28
2g *:DE factory 0x4
5g *:DF factory 0x8004
OEM firmware uses VLAN's to create the network interface for WAN and LAN.
Bootloader info:
----------------
The stock bootloader uses a "Dual ROM Partition System".
OS1 is a deep copy of OS2.
The bootloader starts OS2 by default.
To force start OS1 it is needed to set "flag_try_sys2_failed=1".
How to install:
---------------
1- Use OpenWRTInvasion to gain Telnet, SSH and FTP access: https://github.com/acecilia/OpenWRTInvasion
[IP: 192.168.31.1 | Username: root | Password: root | FTP-Port: 21]
2- Connect to router using telnet or ssh.
3- Backup all partitions. Use command "dd if=/dev/mtd0 of=/tmp/mtd0". Copy /tmp/mtd0 to computer using ftp.
4- Copy openwrt-ramips-mt76x8-xiaomi_miwifi-3a-squashfs-sysupgrade.bin to /tmp in router using ftp.
5- Enable UART access and change start image to OS1.
nvram set uart_en=1
nvram set flag_last_success=1
nvram set boot_wait=on
nvram set flag_try_sys2_failed=1
nvram commit
6- Erase OS1 & OS2 and install OpenWrt
mtd erase OS1
mtd erase OS2
mtd -r write /tmp/openwrt-ramips-mt76x8-xiaomi_miwifi-3a-squashfs-sysupgrade.bin OS1
Credits:
--------
This PR is based on the work of Zehao Zhang (Github: @ZZH-Finalize) that he had published in the PR: #15698
Signed-off-by: Olgun Demir <olgun.demir@mail.com.tr>
Link: https://github.com/openwrt/openwrt/pull/18427
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
If SYS_statmount/SYS_listmount is not provided by the libc,
util-linux will fall back to __NR_statmount/__NR_listmount from the
kernel UAPI headers.
However it is not guaranteed that these symbols are actually visible in
mount-api-utils.
Include linux/unistd.h which provides syscall numbers.
While this header is specific to Linux, the code is already using
linux/mount.h.
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/18539
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some ISPs require the client ID to be set in the DHCP and DHCPv6
requests. OpenWrt sets the client id for IPv6 but not for IPv4 by
default.
Align this behavior between DHCPv4 and DHCPv6.
ISPs that require this measure are Deutsche Glasfaser as well as some
Entega connections.
Signed-off-by: David Bauer <mail@david-bauer.net>
Add support for GL.iNET (AX3000) B3000.
Speficiations:
* SoC: Qualcomm IPQ5018 (64-bit dual-core ARM Cortex-A53 @ 1.0Ghz)
* Memory: Winbond W634GU6NQB-11 (512 MiB DDR3-933)
* Serial Port: 3v3 TTL 115200n8
* Wi-Fi: IPQ5018 (2x2 2.4 Ghz 802.11b/g/n/ax)
* Wi-Fi: QCN6102 (2x2:2 5 Ghz 802.11an/ac/ax)
* Ethernet: IPQ5018 integrated virtual switch connected to an external
QCA8337 switch (3 Ports 10/100/1000 GBASE-T)
* Flash: Winbond W25N01GWZEIG (128 MiB)
* LEDs: 1x single-color blue LED (GPIO 24 Active High)
1x single-color white LED (GPIO 23 Active High)
* Buttons: 1x Reset (GPIO 27 Active Low)
Flash Instructions:
*** The .img files are now universal ! ***
Openwrt --> openwrt-qualcommax-ipq50xx-glinet_gl-b3000-squashfs-factory.img
GL.iNet OEM --> openwrt-b3000-4.5.18-0731-1722397535.img
Either file can be flashed, in any of the available upgrade options, in both Firmwares.
Pick a file .. pick a method .. and SEND IT !!
Signed-off-by: Scott Mercer <TheRootEd24@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17903
Signed-off-by: Robert Marko <robimarko@gmail.com>
The nvram file is generic for all stm32 boards, add a symlink for
STM32MP157C-DK2 and the SCMI variant.
Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Link: https://github.com/openwrt/openwrt/pull/18119
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add entry for STM32MP157C-DK2 and the SCMI variant.
Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Link: https://github.com/openwrt/openwrt/pull/18119
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add entry for STM32MP157C-DK2 and the SCMI variant.
Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Link: https://github.com/openwrt/openwrt/pull/18119
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add entry for STM32MP157C-DK2 and the SCMI variant.
Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Link: https://github.com/openwrt/openwrt/pull/18119
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add backport patch that fixes ath12k regdomain parsing failure in
6GHz band triggered by the latest regdb/board-2.bin update.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
Link: https://github.com/openwrt/openwrt/pull/18512
Signed-off-by: Robert Marko <robimarko@gmail.com>
Previous commits missed some refreshing
Signed-off-by: Mantas Pucka <mantas@8devices.com>
Link: https://github.com/openwrt/openwrt/pull/18512
Signed-off-by: Robert Marko <robimarko@gmail.com>
During envtools conversion to the generic uboot-tools package, a syncconfig
call was added to the configure step which was previously not there.
We received multiple spourious reports that now envtools were failing to
build [1], but it was not reproducible.
However, it seems that this could easily be reproduced on MacOS 15 and
somehow that syncconfig call is breaking build by Makefile.autoconf not
being executed and thus no "include/config.h" is generated.
So, since this call was not previously there and U-Boot will actually do
syncconfig on its own when needed lets drop it.
[1] 293d5f1366 (commitcomment-154347516)
Link: https://github.com/openwrt/openwrt/pull/18515
Signed-off-by: Robert Marko <robimarko@gmail.com>
Look for OPENWRT_VERBOSE and pass it down to the U-Boot so we actually
get verbose build info when needed for debugging.
Link: https://github.com/openwrt/openwrt/pull/18515
Signed-off-by: Robert Marko <robimarko@gmail.com>
Fix an issue where NCM interface initialization fails because of wrong
modem manufacturer detection.
gcom call returns an output with Windows-style line breaks (containing \r)
what makes awk call return empty or malformed manufacturer name. Changing
awk RS variable to handle both \n and \r\n as line break fixes this issue.
Fixes#17448 and #17998 GitHub issues.
Signed-off-by: Jakub Łabuz <jakub@labuz.dev>
Link: https://github.com/openwrt/openwrt/pull/18460
Signed-off-by: Robert Marko <robimarko@gmail.com>
Update uboot-ath79 package to v2025.04 for ath79 devices.
Additionally, new "CONFIG_NO_NET" option was introduced and replaced
disabled CONFIG_NET option ("# CONFIG_NET is not set"). So replace
that old options in the NEC Aterm devices as well.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18475
Signed-off-by: Robert Marko <robimarko@gmail.com>
The submenu of two diag modules is missing, fix it.
Fixes: 65de1e0 ("kernel: add missing symbols for lxc")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Link: https://github.com/openwrt/openwrt/pull/18480
Signed-off-by: Robert Marko <robimarko@gmail.com>
updated 200-ubus_dns.patch
all remaining patches not required
Changelog for version 2.91 - https://thekelleys.org.uk/dnsmasq/CHANGELOG
version 2.91
Fix spurious "resource limit exceeded messages". Thanks to
Dominik Derigs for the bug report.
Fix out-of-bounds heap read in order_qsort().
We only need to order two server records on the ->serial field.
Literal address records are smaller and don't have
this field and don't need to be ordered on it.
To actually provoke this bug seems to need the same server-literal
to be repeated twice, e.g., --address=/a/1.1.1.1 --address-/a/1.1.1.1
which is clearly rare in the wild, but if it did exist it could
provoke a SIGSEGV. Thanks to Daniel Rhea for fuzzing this one.
Fix buffer overflow when configured lease-change script name
is too long.
Thanks to Daniel Rhea for finding this one.
Improve behaviour in the face of non-responsive upstream TCP DNS
servers. Without shorter timeouts, clients are blocked for too long
and fail with their own timeouts.
Set --fast-dns-retries by default when doing DNSSEC. A single
downstream query can trigger many upstream queries. On an
unreliable network, there may not be enough downstream retries
to ensure that all these queries complete.
Improve behaviour in the face of truncated answers to queries
for DNSSEC records. Getting these answers by TCP doesn't now
involve a faked truncated answer to the downstream client to
force it to move to TCP. This improves performance and robustness
in the face of broken clients which can't fall back to TCP.
No longer remove data from truncated upstream answers. If an
upstream replies with a truncated answer, but the answer has some
RRs included, return those RRs, rather than returning and
empty answer.
Fix handling of EDNS0 UDP packet sizes.
When talking upstream we always add a pseudo header, and set the
UDP packet size to --edns-packet-max. Answering queries from
downstream, we get the answer (either from upstream or local
data) If local data won't fit the advertised size (or 512 if
there's not an EDNS0 header) return truncated. If upstream
returns truncated, do likewise. If upstream is OK, but the
answer is too big for downstream, truncate the answer.
Modify the behaviour of --synth-domain for IPv6.
When deriving a domain name from an IPv6 address, an address
such as 1234:: would become 1234--.example.com, which is
not legal in IDNA2008. Stop using the :: compression method,
so 1234:: becomes
1234-0000-0000-0000-0000-0000-0000-0000.example.com
Fix broken dhcp-relay on *BSD. Thanks to Harold for finding
this problem.
Add --dhcp-option-pxe config. This acts almost exactly like
--dhcp-option except that the defined option is only sent when
replying to PXE clients. More importantly, these options are sent
in reply PXE clients when dnsmasq in acting in PXE proxy mode. In
PXE proxy mode, the set of options sent is defined by the PXE standard
and the normal set of options is not sent. This config allows arbitrary
options in PXE-proxy replies. A typical use-case is to send option
175 to iPXE. Thanks to Jason Berry for finding the requirement for
this.
Support PXE proxy-DHCP and DHCP-relay at the same time.
When using PXE proxy-DHCP, dnsmasq supplies PXE information to
the client, which also talks to another "normal" DHCP server
for address allocation and similar. The normal DHCP server may
be on the local network, but it may also be remote, and accessed via
a DHCP relay. This change allows dnsmasq to act as both a
PXE proxy-DHCP server AND a DHCP relay for the same network.
Fix erroneous "DNSSEC validated" state with non-DNSSEC
upstream servers. Thanks to Dominik Derigs for the bug report.
Handle queries with EDNS client subnet fields better. If dnsmasq
is configured to add an EDNS client subnet to a query, it is careful
to suppress use of the cache, since a cached answer may not be valid
for a query with a different client subnet. Extend this behaviour
to queries which arrive a dnsmasq already carrying an EDNS client
subnet.
Handle DS queries to auth zones. When dnsmasq is configured to
act as an authoritative server and has an authoritative zone
configured, and receives a query for that zone _as_forwarder_
it answers the query directly rather than forwarding it. This
doesn't affect the answer, but it saves dnsmasq forwarding the
query to the recursor upstream, which then bounces it back to dnsmasq
in auth mode. The exception should be when the query is for the root
of zone, for a DS RR. The answer to that has to come from the parent,
via the recursor, and will typically be a proof-of-non-existence
since dnsmasq doesn't support signed zones. This patch suppresses
local answers and forces forwarding to the upstream recursor for such
queries. It stops breakage when a DNSSEC validating client makes
queries to dnsmasq acting as forwarder for a zone for which it is
authoritative.
Implement "DNS-0x20 encoding", for extra protection against
reply-spoof attacks. Since DNS queries are case-insensitive,
it's possible to randomly flip the case of letters in a query
and still get the correct answer back.
This adds an extra dimension for a cache-poisoning attacker
to guess when sending replies in-the-blind since it's expected
that the legitimate answer will have the same pattern of upper
and lower case as the query, so any replies which don't can be
ignored as malicious. The amount of extra entropy clearly depends
on the number of a-z and A-Z characters in the query, and this
implementation puts a hard limit of 32 bits to make resource
allocation easy. This about doubles entropy over the standard
random ID and random port combination. This technique can interact
badly with rare broken DNS servers which don't preserve the case
of the query in their reply. The first time a reply is returned
which matches the query in all respects except case, a warning
will be logged. In this release, 0x020-encoding is default-off
and must be explicitly enabled with --do-0x20-encoding. In future
releases it may default on. You can avoid a future release
changing the behaviour of an installation with --no-x20-encode.
Fix a long-standing problem when two queries which are identical
in every repect _except_ case, get combined by dnsmasq. If
dnsmasq gets eg, two queries for example.com and Example.com
in quick succession it will get the answer for example.com from
upstream and send that answer to both requestors. This means that
the query for Example.com will get an answer for example.com, and
in the modern DNS, that answer may not be accepted.
Signed-off-by: Rudy Andram <rmandrad@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18357
Signed-off-by: Robert Marko <robimarko@gmail.com>
Update ca-certificates to version 20241223
* Update Mozilla certificate authority bundle to version 2.70.
The following certificate authorities were added (+):
+ Telekom Security TLS ECC Root 2020
+ Telekom Security TLS RSA Root 2023
+ FIRMAPROFESIONAL CA ROOT-A WEB
+ TWCA CYBER Root CA
+ SecureSign Root CA12
+ SecureSign Root CA14
+ SecureSign Root CA15
The following certificate authorities were removed (-):
- Security Communication Root CA (closes: #1063093)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/18468
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, ls-rcw package is being included in the individual
profile DEVICE_PACKAGES but using the feature that allows skipping their
inclusion in the end image package list if prefixed with a tilde(~) which
was added in:
377b66990b ("build: introduce support to declare skip package")
But it not added to Image Builder so currently trying to build layerscape
device images in Image Builder will fail with:
ERROR: '~ls-rcw' is not a valid world dependency, format is name(@tag)([<>~=]version)
So, instead of having to rely on support for skipping package installation
and declaring the ls-rcw package in DEVICE_PACKAGES lets select it when
layerscape/armv7 target is selected.
Fixes: #18411
Link: https://github.com/openwrt/openwrt/pull/18462
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, ls-ddr-phy package is being included in the individual
profile DEVICE_PACKAGES but using the feature that allows skipping their
inclusion in the end image package list if prefixed with a tilde(~) which
was added in:
377b66990b ("build: introduce support to declare skip package")
But it not added to Image Builder so currently trying to build layerscape
device images in Image Builder will fail with:
ERROR: '~ls-ddr-phy' is not a valid world dependency, format is name(@tag)([<>~=]version)
So, instead of having to rely on support for skipping package installation
and declaring the ls-ddr-phy package in DEVICE_PACKAGES lets select it when
layerscape/armv8_64b target is selected.
Fixes: #18412
Link: https://github.com/openwrt/openwrt/pull/18462
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, ls-dpl package is being included in the individual
profile DEVICE_PACKAGES but using the feature that allows skipping their
inclusion in the end image package list if prefixed with a tilde(~) which
was added in:
377b66990b ("build: introduce support to declare skip package")
But it not added to Image Builder so currently trying to build layerscape
device images in Image Builder will fail with:
ERROR: '~ls-dpl' is not a valid world dependency, format is name(@tag)([<>~=]version)
So, instead of having to rely on support for skipping package installation
and declaring the ls-dpl package in DEVICE_PACKAGES lets select it when
layerscape/armv8_64b target is selected.
Fixes: #18412
Link: https://github.com/openwrt/openwrt/pull/18462
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, ls-mc package is being included in the individual
profile DEVICE_PACKAGES but using the feature that allows skipping their
inclusion in the end image package list if prefixed with a tilde(~) which
was added in:
377b66990b ("build: introduce support to declare skip package")
But it not added to Image Builder so currently trying to build layerscape
device images in Image Builder will fail with:
ERROR: '~ls-mc' is not a valid world dependency, format is name(@tag)([<>~=]version)
So, instead of having to rely on support for skipping package installation
and declaring the ls-mc package in DEVICE_PACKAGES lets select it when
layerscape/armv8_64b target is selected.
Fixes: #18412
Link: https://github.com/openwrt/openwrt/pull/18462
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, fman-ucode package is being included in the individual
profile DEVICE_PACKAGES but using the feature that allows skipping their
inclusion in the end image package list if prefixed with a tilde(~) which
was added in:
377b66990b ("build: introduce support to declare skip package")
But it not added to Image Builder so currently trying to build layerscape
device images in Image Builder will fail with:
ERROR: '~fman-ucode' is not a valid world dependency, format is name(@tag)([<>~=]version)
So, instead of having to rely on support for skipping package installation
and declaring the fman-ucode package in DEVICE_PACKAGES lets select it when
layerscape/armv8_64b target is selected.
Fixes: #18412
Link: https://github.com/openwrt/openwrt/pull/18462
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, tfa-layerscape packages are being included in the individual
profile DEVICE_PACKAGES but using the feature that allows skipping their
inclusion in the end image package list if prefixed with a tilde(~) which
was added in:
377b66990b ("build: introduce support to declare skip package")
But it not added to Image Builder so currently trying to build layerscape
device images in Image Builder will fail with:
ERROR: '~trusted-firmware-a-ls1012a-frdm' is not a valid world dependency, format is name(@tag)([<>~=]version)
So, instead of having to rely on support for skipping package installation
and declaring the individual TFA packages in DEVICE_PACKAGES we can just
do what other targets do and set BUILD_DEVICES so that TFA packages are
automatically set.
Fixes: #18412
Link: https://github.com/openwrt/openwrt/pull/18462
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, bcm63xx-cfe is being installed into kernel build dir, however
that does not work for Image Builder as only certain artifacts from kernel
build dir are included in Image Builder.
So, simply install bcm63xx-cfe into image staging dir so its artifacts can
be used in Image Builder as well.
Fixes: #18408Fixes: #18409
Link: https://github.com/openwrt/openwrt/pull/18463
Signed-off-by: Robert Marko <robimarko@gmail.com>
The Radxa ROCK 4SE[1] is a single board computer using the Rockchip
RK3399-T.
Hardware
--------
- Dual-core Cortex-A72 and quad-core Cortex-A53 CPU
- Mali-T860MP4 GPU
- LPDDR4 4GB RAM
- M.2 M Key slot (PCIe 2.1 x4)
- eMMC connector
- microSD card slot
- Wi-Fi 5 (not supported)
- Gigabit Ethernet with PoE support (additional PoE HAT required)
- USB 3.0 Type-A OTG port
- USB 3.0 Type-A HOST port
- 2x USB 2.0 Type-A HOST ports
- USB Type-C power port (5V only)
- 40 Pin GPIO header
[1] https://radxa.com/products/rock4/4se
Installation
------------
Uncompress the OpenWrt sysupgrade and write it to the micro SD card or
internal eMMC using dd.
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/17554
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The Radxa ROCK 4C+[1] is a single board computer with dual HDMI using
the Rockchip RK3399-T.
Hardware
--------
- Dual-core Cortex-A72 and quad-core Cortex-A53 CPU
- Mali-T860MP4 GPU
- LPDDR4 4GB RAM
- eMMC connector
- microSD card slot
- Wi-Fi 5 (not supported)
- Gigabit Ethernet with PoE support (additional PoE HAT required)
- USB 3.0 Type-A OTG port
- USB 3.0 Type-A HOST port
- 2x USB 2.0 Type-A HOST ports
- USB Type-C power port (5V only)
- 40 Pin GPIO header
[1] https://radxa.com/products/rock4/4cp
Installation
------------
Uncompress the OpenWrt sysupgrade and write it to the micro SD card or
internal eMMC using dd.
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/17554
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit adds support for Mercusys MR80X(EU) v3 router.
Device specification:
- SoC: Mediatek MT7981b, Cortex-A53, 64-bit
- RAM: 512MB
- Flash: SPI NAND GigaDevice GD5F1GQ5UEYIGY (128 MB)
- Ethernet: 4x 100/1000 Mbps LAN1,LAN2,LAN3 & WAN
- Wireless: 2.4GHz (802.11 b/g/n/ax)
- Wireless: 5GHz (802.11 a/n/ac/ax)
- LEDs: 1 orange and 1 green status LEDs, 4 green gpio-controlled LEDs
on ethernet ports
- Buttons: 1 (Reset)
- Bootloader: Main U-Boot - U-Boot 2022.01-rc4. Additionally, both UBI
slots contain "seconduboot" (also U-Boot 2022.01-rc4)
Installation (UART):
- Place OpenWrt initramfs-kernel image on tftp server with IP 192.168.1.2
- Attach UART, switch on the router and interrupt the boot process by
pressing 'Ctrl-C'.
- Set the uboot environment for startup.
setenv tp_boot_idx 0; setenv bootcmd bootm 0x46000000; saveenv
If the bootarg is set to boot from ubi1, also change it to ubi0.
- Load and run OpenWrt initramfs image.
setenv serverip 192.168.1.2; setenv ipaddr 192.168.1.1; tftpboot initramfs-kernel.bin; bootm
- Browse IP 192.168.1.1, upload the 'sysupgrade' image and do upgrade.
Recovery:
- Press Reset button and power on the router.
- Navigate to U-Boot recovery web server (http://192.168.1.1/) and
upload the OEM firmware.
Stock layout:
0x000000000000-0x000000200000 : "boot"
0x000000200000-0x000000300000 : "u-boot-env"
0x000000300000-0x000003500000 : "ubi0"
0x000003500000-0x000006700000 : "ubi1"
0x000006700000-0x000006f00000 : "userconfig"
0x000006f00000-0x000007300000 : "tp_data"
ubi0/ubi1 format:
U-Boot at boot checks that all volumes are in place:
+-------------------------------+
| Volume Name: uboot Vol ID: 0|
| Volume Name: kernel Vol ID: 1|
| Volume Name: rootfs Vol ID: 2|
+-------------------------------+
MAC addresses:
+---------+-------------------+-----------+
| | MAC | Algorithm |
+---------+-------------------+-----------+
| label | 94:0C:xx:xx:xx:12 | label |
| WAN | 94:0C:xx:xx:xx:13 | label+1 |
| LAN | 94:0C:xx:xx:xx:12 | label |
| WLAN 2g | 94:0C:xx:xx:xx:11 | label-1 |
| WLAN 5g | 94:0C:xx:xx:xx:10 | label-2 |
+---------+-------------------+-----------+
label MAC address was found in UBI partition "tp_data", file
"default-mac".
Signed-off-by: Schneider Azima <Schneider-Azima12@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18181
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some ath12k radios can take long time to initialize and register a
phy. This can cause netifd to fail to detect them during initial scan.
To address this issue, a hotplug script has been added to retry
configuration once they have registered their phy.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
Link: https://github.com/openwrt/openwrt/pull/18459
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add patches to enable QCN9274 radios that support both 5GHz and 6GHz
bands.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
Link: https://github.com/openwrt/openwrt/pull/18459
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
In board-2.bin available at linux-firmare regdb is stored with
board-id=255. This change is needed to properly use it.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
Link: https://github.com/openwrt/openwrt/pull/18459
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
lldpd can send several hardware inventory TLV fields. Extend the init
script to provide these when the existing flag 'lldpmed_no_inventory' is
disabled. Five new methods provide default values for some of them,
taken from /etc/os-release and /etc/board.json.
There is no homogeneous method to determine the hardware serial number,
so it can be provided manually, as can asset ID.
Note: properties >= 32 characters are truncated at send time (by lldpd),
and some (Cisco) equipment displays junk after strings >= 32 characters.
So truncate to 31.
Tested on: 24.10.0 (known compatible with 22 and 23 also)
===
Example
===
The following lldpd config lines:
configure inventory hardware-revision "v0"
configure inventory software-revision "r28427-6df0e3d02a"
configure inventory firmware-revision "OpenWrt 24.10.0"
configure inventory serial-number "ABCDEF-123456"
configure inventory manufacturer "glinet"
configure inventory model "GL.iNet GL-MT6000"
# 32 characters:
configure inventory asset "abcdefghijklmnopqrstuvwxyz 12345"
Produce the following TLV (decoded by Wireshark):
Telecommunications Industry Association TR-41 Committee - Inventory - Hardware Revision
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0000 0110 = TLV Length: 6
Organization Unique Code: 00:12:bb (Telecommunications Industry Association TR-41 Committee)
Media Subtype: Inventory - Hardware Revision (0x05)
Hardware Revision: v0
Telecommunications Industry Association TR-41 Committee - Inventory - Firmware Revision
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0001 0011 = TLV Length: 19
Organization Unique Code: 00:12:bb (Telecommunications Industry Association TR-41 Committee)
Media Subtype: Inventory - Firmware Revision (0x06)
Firmware Revision: OpenWrt 24.10.0
Telecommunications Industry Association TR-41 Committee - Inventory - Software Revision
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0001 0101 = TLV Length: 21
Organization Unique Code: 00:12:bb (Telecommunications Industry Association TR-41 Committee)
Media Subtype: Inventory - Software Revision (0x07)
Software Revision: r28427-6df0e3d02a
Telecommunications Industry Association TR-41 Committee - Inventory - Serial Number
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0001 0100 = TLV Length: 20
Organization Unique Code: 00:12:bb (Telecommunications Industry Association TR-41 Committee)
Media Subtype: Inventory - Serial Number (0x08)
Serial Number: ABCDEF-123456
Telecommunications Industry Association TR-41 Committee - Inventory - Manufacturer Name
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0000 1010 = TLV Length: 10
Organization Unique Code: 00:12:bb (Telecommunications Industry Association TR-41 Committee)
Media Subtype: Inventory - Manufacturer Name (0x09)
Manufacturer Name: glinet
Telecommunications Industry Association TR-41 Committee - Inventory - Model Name
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0001 0101 = TLV Length: 21
Organization Unique Code: 00:12:bb (Telecommunications Industry Association TR-41 Committee)
Media Subtype: Inventory - Model Name (0x0a)
Model Name: GL.iNet GL-MT6000
Telecommunications Industry Association TR-41 Committee - Inventory - Asset ID
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0010 0011 = TLV Length: 35
Organization Unique Code: 00:12:bb (Telecommunications Industry Association TR-41 Committee)
Media Subtype: Inventory - Asset ID (0x0b)
Asset ID: abcdefghijklmnopqrstuvwxyz 1234
The Cisco DUT displays:
Hardware Revision: v0
Firmware Revision: OpenWrt 24.10.0
Software Revision: r28427-6df0e3d02a
Serial Number: ABCDEF-123456
Manufacturer Name: glinet
Model Name: GL.iNet GL-MT6000
Asset ID: abcdefghijklmnopqrstuvwxyz 1234
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18354
Signed-off-by: Robert Marko <robimarko@gmail.com>
