Packets which are merely forwarded by the router and which are neither
involved in any DNAT/SNAT nor originate locally, are considered INVALID
from a conntrack point of view, causing them to get dropped in the
zone_*_dest_ACCEPT chains, since those only allow stream with state NEW
or UNTRACKED.
Remove the ctstate restriction on dest accept chains to properly pass-
through unrelated 3rd party traffic.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Unify switch configuration on Linksys WRTxx00AC series.
LAN = eth0, WAN = eth1
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
[Álvaro]: also change WAN LEDs
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This reduces the amount of hacks in the makefile code.
Remove the apm821xx code to do the same - it was broken and left both
compressed and uncompressed images in $(BIN_DIR)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Use ubus process signalling instead of 'kill pidof dnsmasq' for
SIGHUP signalling to dnsmasq when ntp says time is valid.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
It could cause crashes with some forms of virtualization, and it is
unlikely to work properly with most systems.
It's safer to just disable it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The generated 'its' is passed to mkimage which expects linux arch
strings rather than the full arch (e.g. mips not mipsel).
It currently works in some cases where LINUX_KARCH == ARCH but
otherwise you get an unknown arch build error.
Signed-off-by: Ian Pozella <Ian.Pozella@imgtec.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
There's a GPIO that can switch between power to USB pins for the
internal MiniPCIe slot or the external USB port.
People are more likely to use the external one so enable it by default.
Existing configurations should be unaffected
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This should hopefully fix build issues where libraries that we ship in
tools/ were accidentally picked up from other places on the system, e.g.
/usr/local
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Is it used by VMware Fusion by default. This allows images to boot
without further config changes in VMware.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Most mac80211 drivers leave the SMPS field in the HT capabilities
uninitialized (unfortunately defaults to static SMPS), which leads to
some devices limiting themselves to single-stream rates in some modes
(mostly mesh and IBSS).
Signed-off-by: Felix Fietkau <nbd@nbd.name>
For 988X, 9980, 9984 CT firmware.
This should allow IBSS + RSN on at least the 988X firmware,
and includes recent stability fixes for all firmware.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This at least makes it harder to hit some txq related
crashes on firmware restart, a potential memory leak,
and some other fixes.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Partition label "linux" prevents the root file system to be mounted at
boot time leading to a kernel panic. After changing it to "firmware",
the 2 uimage partitions "kernel", "rootfs" and squashfs "rootfs_data"
are correctly recognized.
The attached IP175C 10/100 MBit switch cannot connect to a link with
fixed 1000Mbit speed. The correct link speed is 100MBit. The switch
is detected and can be configured via mdio bus and should allow two
separable VLANs to be configured for the 4 available ports.
Signed-off-by: Yo Abe <abe.geel@gmail.com>
[picked from openwrt/PR#330]
Signed-off-by: Mathias Kresin <dev@kresin.me>
This patch adds support for the VoCore VoCore2 and its complementary
"ultimate" dock.
Specifications:
- SoC: MediaTek MT7628AN (580MHz, ramips)
- RAM: 128MB DDR2 166MHz
- Storage: 16MB NOR SPI flash onboard + microSD slot on dock
- Wireless: Built into MT7628AN (mt76) with 1T1R firmware on VoCore2
boards with onboard 1x chip antenna
- Ethernet: 1x100M (port0) on dock, 1x100M (port2) on PCB header
- Dock hardware:
- USB 2.0 socket
- MicroSD socket
- 100Mbps Ethernet x1
- 3.5mm headphone jack (TRRS) connected to Everest Semi ES8388 I2S
DAC/ADC (support WIP)
- Micro USB for power and console (UART2)
Initial installation:
- VoCore2 comes preinstalled with a fork of OpenWrt CC and AP on
SSID "VoCore2"
- Connect to VoCore2 by Ethernet or Wi-Fi
- `ssh root@192.168.1.1` (password is "vocore")
- scp/wget/etc. LEDE sysupgrade.bin to VoCore2
- `sysupgrade -n <your image>.bin` (don't keep old config, as the
original firmware uses Ralink SDK Wi-Fi drivers and not
mt76+mac80211)
- after sysupgrade completes, Wi-Fi will be disabled by default so use
Ethernet or the micro USB console to configure Wi-Fi again
Signed-off-by: Andrew Yong <me@ndoo.sg>
This patch adds support for serial console on Mikrotik RB411 and RB433
series devices.
Signed-off-by: David Varga <duvi@duvinet.hu>
[picked from FS#377]
Signed-off-by: Mathias Kresin <dev@kresin.me>
This causes problem when a FQDN is configured in /etc/config/system. The
domain name will appear twice in reverse DNS.
Next to that, there seems to be a bug in dnsmasq. From the manual page:
--interface-name=<name>,<interface>[/4|/6]
Return a DNS record associating the name with the primary address
on the given interface. This flag specifies an A or AAAA record for the
given name in the same way as an /etc/hosts line, except that the address
is not constant, but taken from the given interface. The interface may be
followed by "/4" or "/6" to specify that only IPv4 or IPv6 addresses
of the interface should be used. If the interface is down, not configured
or non-existent, an empty record is returned. The matching PTR record is
also created, mapping the interface address to the name. More than one name
may be associated with an interface address by repeating the flag; in that
case the first instance is used for the reverse address-to-name mapping.
It does not just create an A/AAAA record for the primary address, it creates
one for all addresses. And what is worse, it seems to actually resolve to the
non-primary address first. This is quite annoying when you use floating IP
addresses (e.g. VRRP), because when the floating IP is on the other device,
SSH failes due to incorrect entry in the known hosts file.
I know that this is not a common setup, but it would be nice if there was an
option to restore the previous behaviour, rather than just forcing this new
feature on everybody.
Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Delete the map-t device when tearing down the map-t interface; as such
there's no conflict when the map-t interface comes up again when trying
to add the map-t device as the map-t device was still present
(Can not add: device 'map-wan6_4' already exists!).
Only call ifdown in teardown for map-e and lw6o4 map interfaces types
in order to suppress the trace "wan6_4 (6652): Interface wan6_4_ not found"
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This reverts the following commits:
fbe522d120278ad007ee863888e44f96daf6352fcfd83555fc
This seems to trigger some mconf bugs when built with all feeds
packages, so I will try to find a less intrusive solution before the
release.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Conditional dependencies use the '(!cond) || dep' syntax, whereas
conditional select uses 'dep if cond'.
Add an extra check to suppress emitting a conditional if an equal
conditional select already exists.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
