Re: [OpenWrt-Devel] [PATCH 1/3] toolchain/gcc: add GCC 8.1.0
> I believe the actual fix is in this commit: > https://github.com/gcc-mirror/gcc/commit/3fa2798aa887d141d86985240f03e2f3809e7e62 > > I believe the actual underlying issue is described at the end of > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58139 Should I send a v2 and add this explaination? ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 4/5] net: ethernet: mediatek: fix error handling inside mtk_mdio_init
From: Sean Wang Return -ENODEV if the MDIO bus is disabled in the device tree. Signed-off-by: Sean Wang Acked-by: John Crispin Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller --- .../ramips/files-4.14/drivers/net/ethernet/mediatek/mdio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mdio.c b/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mdio.c index 06f217af10..e2e79e185f 100644 --- a/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mdio.c +++ b/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mdio.c @@ -217,7 +217,7 @@ int fe_mdio_init(struct fe_priv *priv) } if (!of_device_is_available(mii_np)) { - ret = 0; + ret = -ENODEV; goto err_put_node; } -- 2.17.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 2/5] net: ethernet: mediatek: use devm_mdiobus_alloc instead of mdiobus_alloc inside mtk_mdio_init
From: Sean Wang a lot of parts in the driver uses devm_* APIs to gain benefits from the device resource management, so devm_mdiobus_alloc is also used instead of mdiobus_alloc to have more elegant code flow. Using common code provided by the devm_* helps to 1) have simplified the code flow as [1] says 2) decrease the risk of incorrect error handling by human 3) only a few drivers used it since it was proposed on linux 3.16, so just hope to promote for this. Ref: [1] https://patchwork.ozlabs.org/patch/344093/ Signed-off-by: Sean Wang Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller --- .../drivers/net/ethernet/mediatek/mdio.c | 21 ++- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mdio.c b/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mdio.c index bdfdf7a432..06f217af10 100644 --- a/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mdio.c +++ b/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mdio.c @@ -202,7 +202,7 @@ static struct fe_phy phy_ralink = { int fe_mdio_init(struct fe_priv *priv) { struct device_node *mii_np; - int err; + int ret; if (!priv->soc->mdio_read || !priv->soc->mdio_write) return 0; @@ -217,13 +217,13 @@ int fe_mdio_init(struct fe_priv *priv) } if (!of_device_is_available(mii_np)) { - err = 0; + ret = 0; goto err_put_node; } - priv->mii_bus = mdiobus_alloc(); + priv->mii_bus = devm_mdiobus_alloc(priv->dev); if (!priv->mii_bus) { - err = -ENOMEM; + ret = -ENOMEM; goto err_put_node; } @@ -235,18 +235,11 @@ int fe_mdio_init(struct fe_priv *priv) priv->mii_bus->parent = priv->dev; snprintf(priv->mii_bus->id, MII_BUS_ID_SIZE, "%s", mii_np->name); - err = of_mdiobus_register(priv->mii_bus, mii_np); - if (err) - goto err_free_bus; + ret = of_mdiobus_register(priv->mii_bus, mii_np); - return 0; - -err_free_bus: - kfree(priv->mii_bus); err_put_node: of_node_put(mii_np); - priv->mii_bus = NULL; - return err; + return ret; } void fe_mdio_cleanup(struct fe_priv *priv) @@ -255,6 +248,4 @@ void fe_mdio_cleanup(struct fe_priv *priv) return; mdiobus_unregister(priv->mii_bus); - of_node_put(priv->mii_bus->dev.of_node); - kfree(priv->mii_bus); } -- 2.17.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 5/5] net: ethernet: mediatek: enhance with avoiding superfluous assignment inside mtk_get_ethtool_stats
From: Sean Wang data_src is unchanged inside the loop, so this patch moves the assignment to outside the loop to avoid unnecessarily assignment Signed-off-by: Sean Wang Signed-off-by: David S. Miller --- .../ramips/files-4.14/drivers/net/ethernet/mediatek/ethtool.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/ethtool.c b/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/ethtool.c index 5732c28536..edadf4fc30 100644 --- a/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/ethtool.c +++ b/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/ethtool.c @@ -192,8 +192,9 @@ static void fe_get_ethtool_stats(struct net_device *dev, } } + data_src = >tx_bytes; + do { - data_src = >tx_bytes; data_dst = data; start = u64_stats_fetch_begin_irq(>syncp); -- 2.17.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 3/5] ramips: ethernet: Use lightweight locking in two places
Slightly more efficient. Backport of: e3e9652a43207561eaec6085a8272fe11b283286 Signed-off-by: Rosen Penev --- .../drivers/net/ethernet/mediatek/mtk_eth_soc.c | 11 --- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mtk_eth_soc.c index 6999635ad7..76ad00136d 100644 --- a/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mtk_eth_soc.c +++ b/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mtk_eth_soc.c @@ -156,13 +156,11 @@ static inline void fe_int_enable(u32 mask) static inline void fe_hw_set_macaddr(struct fe_priv *priv, unsigned char *mac) { - unsigned long flags; - - spin_lock_irqsave(>page_lock, flags); + spin_lock_bh(>page_lock); fe_w32((mac[0] << 8) | mac[1], FE_GDMA1_MAC_ADRH); fe_w32((mac[2] << 24) | (mac[3] << 16) | (mac[4] << 8) | mac[5], FE_GDMA1_MAC_ADRL); - spin_unlock_irqrestore(>page_lock, flags); + spin_unlock_bh(>page_lock); } static int fe_set_mac_address(struct net_device *dev, void *p) @@ -1273,7 +1271,6 @@ static int fe_open(struct net_device *dev) static int fe_stop(struct net_device *dev) { struct fe_priv *priv = netdev_priv(dev); - unsigned long flags; int i; netif_tx_disable(dev); @@ -1283,12 +1280,12 @@ static int fe_stop(struct net_device *dev) if (priv->phy) priv->phy->stop(priv); - spin_lock_irqsave(>page_lock, flags); + spin_lock_bh(>page_lock); fe_reg_w32(fe_reg_r32(FE_REG_PDMA_GLO_CFG) & ~(FE_TX_WB_DDONE | FE_RX_DMA_EN | FE_TX_DMA_EN), FE_REG_PDMA_GLO_CFG); - spin_unlock_irqrestore(>page_lock, flags); + spin_unlock_bh(>page_lock); /* wait dma stop */ for (i = 0; i < 10; i++) { -- 2.17.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 1/5] ramips: ethernet: Switch to of_device_get_match_data
Slight cleanup and avoids a temporary variable. Based on upstream commit. Signed-off-by: Rosen Penev --- .../files-4.14/drivers/net/ethernet/mediatek/mtk_eth_soc.c| 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mtk_eth_soc.c index a5704b0f1b..6999635ad7 100644 --- a/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mtk_eth_soc.c +++ b/target/linux/ramips/files-4.14/drivers/net/ethernet/mediatek/mtk_eth_soc.c @@ -1523,7 +1523,6 @@ static void fe_pending_work(struct work_struct *work) static int fe_probe(struct platform_device *pdev) { struct resource *res = platform_get_resource(pdev, IORESOURCE_MEM, 0); - const struct of_device_id *match; struct fe_soc_data *soc; struct net_device *netdev; struct fe_priv *priv; @@ -1532,8 +1531,7 @@ static int fe_probe(struct platform_device *pdev) device_reset(>dev); - match = of_match_device(of_fe_match, >dev); - soc = (struct fe_soc_data *)match->data; + soc = of_device_get_match_data(>dev); if (soc->reg_table) fe_reg_table = soc->reg_table; -- 2.17.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH 2/3] ARM: dts: Att Vitesse G5e switch to the Gemini SQ201
Hi Linus, On Wed, Jul 4, 2018 at 9:21 PM Linus Walleij wrote: > This adds the Vitesse G5e ethernet switch to the Square > One Itian SQ201 router device tree. > > Signed-off-by: Linus Walleij Thanks for your patch! > --- a/arch/arm/boot/dts/gemini-sq201.dts > +++ b/arch/arm/boot/dts/gemini-sq201.dts > @@ -20,7 +20,7 @@ > }; > > chosen { > - bootargs = "console=ttyS0,115200n8"; > + bootargs = "console=ttyS0,115200n8 root=/dev/sda1 rw > rootwait"; > stdout-path = > }; The above hunk looks unrelated. Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH 3/3] ARM: dts: Add devicetree for Storlink/Storm SL93512R
On Wed, Jul 04, 2018 at 09:17:59PM +0200, Linus Walleij wrote: > The Storlink Gemini324 EV-Board also known as Storm > Semiconductor SL93512R_BRD is ground zero for the Gemini > devices. We add a device tree so we can support it, it > turns out to be pretty trivial. > > Signed-off-by: Linus Walleij > --- > arch/arm/boot/dts/Makefile| 1 + > arch/arm/boot/dts/gemini-sl93512r.dts | 325 ++ > 2 files changed, 326 insertions(+) > create mode 100644 arch/arm/boot/dts/gemini-sl93512r.dts > > diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile > index 37a3de760d40..a10ef98c6d75 100644 > --- a/arch/arm/boot/dts/Makefile > +++ b/arch/arm/boot/dts/Makefile > @@ -200,6 +200,7 @@ dtb-$(CONFIG_ARCH_GEMINI) += \ > gemini-dlink-dns-313.dtb \ > gemini-nas4220b.dtb \ > gemini-rut1xx.dtb \ > + gemini-sl93512r.dtb \ > gemini-sq201.dtb \ > gemini-wbd111.dtb \ > gemini-wbd222.dtb > diff --git a/arch/arm/boot/dts/gemini-sl93512r.dts > b/arch/arm/boot/dts/gemini-sl93512r.dts > new file mode 100644 > index ..6160538bbb54 > --- /dev/null > +++ b/arch/arm/boot/dts/gemini-sl93512r.dts > @@ -0,0 +1,325 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * Device Tree file for the Storm Semiconductor SL93512R_BRD > + * Gemini reference design, also initially called > + * "Gemini324 EV-Board" before Storm acquired Storlink Semiconductor. > + * The series were later acquired by Cortina Systems. > + */ > + > +/dts-v1/; > + > +#include "gemini.dtsi" > +#include > + > +/ { > + model = "Storlink Semiconductor Gemini324 EV-Board / Storm > Semiconductor SL93512R_BRD"; > + compatible = "storlink,gemini324", "storm,sl93512r", "cortina,gemini"; > + #address-cells = <1>; > + #size-cells = <1>; > + > + memory@0 { > + /* 64 MB Samsung K4H511638B */ > + device_type = "memory"; > + reg = <0x 0x400>; > + }; > + > + chosen { > + bootargs = "console=ttyS0,19200n8 root=/dev/sda1 rw rootwait"; > + stdout-path = Hi Linus You should put the baud rate as part of the stdout-patch, not in bootargs. > + mdio0: ethernet-phy { mdio0: mdio > + compatible = "virtual,mdio-gpio"; > + /* Uses MDC and MDIO */ > + gpios = < 22 GPIO_ACTIVE_HIGH>, /* MDC */ > + < 21 GPIO_ACTIVE_HIGH>; /* MDIO */ > + #address-cells = <1>; > + #size-cells = <0>; > + > + /* This is a Marvell 88E ethernet transciever */ > + phy0: ethernet-phy@1 { > + reg = <1>; > + device_type = "ethernet-phy"; No device_type please. > + }; > + }; > + > + spi { > + compatible = "spi-gpio"; > + #address-cells = <1>; > + #size-cells = <0>; > + /* Check pin collisions */ > + gpio-sck = < 28 GPIO_ACTIVE_HIGH>; > + gpio-miso = < 30 GPIO_ACTIVE_HIGH>; > + gpio-mosi = < 29 GPIO_ACTIVE_HIGH>; > + cs-gpios = < 31 GPIO_ACTIVE_HIGH>; > + num-chipselects = <1>; > + > + switch@0 { > + compatible = "vitesse,vsc7385"; > + reg = <0>; > + /* Specified for 2.5 MHz or below */ > + spi-max-frequency = <250>; > + gpio-controller; > + #gpio-cells = <2>; > + > + ports { > + #address-cells = <1>; > + #size-cells = <0>; > + > + port@0 { > + reg = <0>; > + label = "lan1"; > + }; > + port@1 { > + reg = <1>; > + label = "lan2"; > + }; > + port@2 { > + reg = <2>; > + label = "lan3"; > + }; > + port@3 { > + reg = <3>; > + label = "lan4"; > + }; > + vsc: port@6 { > + reg = <6>; > + label = "cpu"; > + ethernet = <>; > + phy-mode = "rgmii"; > + fixed-link { > + speed = <1000>; > + full-duplex; > + pause; > + }; > + }; > +
Re: [OpenWrt-Devel] [PATCH 1/3] ARM: dts: Add WAN ethernet port to the SQ201
On Wed, Jul 04, 2018 at 09:17:57PM +0200, Linus Walleij wrote: > This sets up the ethernet interface and PHY for the > WAN ethernet port which uses a Marvell PHY. > > Signed-off-by: Linus Walleij > --- > arch/arm/boot/dts/gemini-sq201.dts | 85 ++ > 1 file changed, 85 insertions(+) > > diff --git a/arch/arm/boot/dts/gemini-sq201.dts > b/arch/arm/boot/dts/gemini-sq201.dts > index e5cf9d1a98cd..2706b86e06f1 100644 > --- a/arch/arm/boot/dts/gemini-sq201.dts > +++ b/arch/arm/boot/dts/gemini-sq201.dts > @@ -55,6 +55,21 @@ > }; > }; > > + mdio0: ethernet-phy { Hi Linus mdio0: mdio - This node is not an ethernet phy, it is an mdio bus. > + compatible = "virtual,mdio-gpio"; > + /* Uses MDC and MDIO */ > + gpios = < 22 GPIO_ACTIVE_HIGH>, /* MDC */ > + < 21 GPIO_ACTIVE_HIGH>; /* MDIO */ > + #address-cells = <1>; > + #size-cells = <0>; > + > + /* This is a Marvell 88E ethernet transciever */ > + phy0: ethernet-phy@1 { > + reg = <1>; > + device_type = "ethernet-phy"; device_type is not needed, and not part of the binding in Documentation/devicetree/bindings/net/phy.txt Andrew ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH 2/2] iwinfo: nl80211: add survey.
I wanted to add this info too. See previous emails: "iwinfo: add channel survey" I think you are making the survey for all channels? My attention was only a survey for the used channel. On 03.07.2018 15:32, Daniel Danzberger wrote: > Signed-off-by: Daniel Danzberger > --- > include/iwinfo.h | 11 > iwinfo_nl80211.c | 69 > 2 files changed, 80 insertions(+) > > diff --git a/include/iwinfo.h b/include/iwinfo.h > index 4111205..49ee7f0 100644 > --- a/include/iwinfo.h > +++ b/include/iwinfo.h > @@ -128,6 +128,16 @@ struct iwinfo_assoclist_entry { > uint32_t thr; > }; > > +struct iwinfo_survey_entry { > + uint64_t active_time; > + uint64_t busy_time; > + uint64_t busy_time_ext; > + uint64_t rxtime; > + uint64_t txtime; > + uint32_t mhz; > + uint8_t noise; > +}; > + > struct iwinfo_txpwrlist_entry { > uint8_t dbm; > uint16_t mw; > @@ -223,6 +233,7 @@ struct iwinfo_ops { > int (*scanlist)(const char *, char *, int *); > int (*freqlist)(const char *, char *, int *); > int (*countrylist)(const char *, char *, int *); > + int (*survey)(const char *, char *, int *); > int (*lookup_phy)(const char *, char *); > void (*close)(void); > }; > diff --git a/iwinfo_nl80211.c b/iwinfo_nl80211.c > index 0e0206b..71465b5 100644 > --- a/iwinfo_nl80211.c > +++ b/iwinfo_nl80211.c > @@ -1678,6 +1678,59 @@ static void nl80211_parse_rateinfo(struct nlattr **ri, > re->is_40mhz = (re->mhz == 40); > } > > +static int nl80211_get_survey_cb(struct nl_msg *msg, void *arg) > +{ > + struct nl80211_array_buf *arr = arg; > + struct iwinfo_survey_entry *e = arr->buf; > + struct nlattr **attr = nl80211_parse(msg); > + struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; > + int rc; > + > + static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { > + [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, > + [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, > + [NL80211_SURVEY_INFO_TIME] = { .type = NLA_U64 }, > + [NL80211_SURVEY_INFO_TIME_BUSY] = { .type = NLA_U64 }, > + [NL80211_SURVEY_INFO_TIME_EXT_BUSY] = { .type = NLA_U64 }, > + [NL80211_SURVEY_INFO_TIME_RX] = { .type = NLA_U64 }, > + [NL80211_SURVEY_INFO_TIME_TX] = { .type = NLA_U64 }, > + }; > + > + rc = nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, > + attr[NL80211_ATTR_SURVEY_INFO], > + survey_policy); > + if (rc) > + return NL_SKIP; > + > + /* advance to end of array */ > + e += arr->count; > + memset(e, 0, sizeof(*e)); > + > + if (sinfo[NL80211_SURVEY_INFO_FREQUENCY]) > + e->mhz = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); > + > +if (sinfo[NL80211_SURVEY_INFO_NOISE]) > + e->noise = nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); > + > +if (sinfo[NL80211_SURVEY_INFO_TIME]) > + e->active_time = nla_get_u64(sinfo[NL80211_SURVEY_INFO_TIME]); > + > +if (sinfo[NL80211_SURVEY_INFO_TIME_BUSY]) > + e->busy_time = > nla_get_u64(sinfo[NL80211_SURVEY_INFO_TIME_BUSY]); > + > +if (sinfo[NL80211_SURVEY_INFO_TIME_EXT_BUSY]) > +e->busy_time_ext = > nla_get_u64(sinfo[NL80211_SURVEY_INFO_TIME_EXT_BUSY]); > + > +if (sinfo[NL80211_SURVEY_INFO_TIME_RX]) > +e->rxtime = nla_get_u64(sinfo[NL80211_SURVEY_INFO_TIME_RX]); > + > +if (sinfo[NL80211_SURVEY_INFO_TIME_TX]) > + e->txtime = nla_get_u64(sinfo[NL80211_SURVEY_INFO_TIME_TX]); > + > + arr->count++; > + return NL_SKIP; > +} > + > static int nl80211_get_assoclist_cb(struct nl_msg *msg, void *arg) > { > struct nl80211_array_buf *arr = arg; > @@ -1812,6 +1865,21 @@ static int nl80211_get_assoclist_cb(struct nl_msg > *msg, void *arg) > return NL_SKIP; > } > > +static int nl80211_get_survey(const char *ifname, char *buf, int *len) > +{ > + struct nl80211_array_buf arr = { .buf = buf, .count = 0 }; > + int rc; > + > + rc = nl80211_request(ifname, NL80211_CMD_GET_SURVEY, > + NLM_F_DUMP, nl80211_get_survey_cb, ); > + if (!rc) > + *len = (arr.count * sizeof(struct iwinfo_survey_entry)); > + else > + *len = 0; > + > + return 0; > +} > + > static int nl80211_get_assoclist(const char *ifname, char *buf, int *len) > { > DIR *d; > @@ -2862,6 +2930,7 @@ const struct iwinfo_ops nl80211_ops = { > .scanlist = nl80211_get_scanlist, > .freqlist = nl80211_get_freqlist, > .countrylist = nl80211_get_countrylist, > + .survey = nl80211_get_survey, > .lookup_phy = nl80211_lookup_phyname, > .close= nl80211_close > }; ___
Re: [OpenWrt-Devel] [RFC] toolchain: gcc: drop 850-use_shared_libgcc.patch
On 2018-07-04 21:53, Felix Fietkau wrote: > On 2018-06-25 07:30, Yousong Zhou wrote: >> A link error was encountered when invoking "gccgo -static hello.go" to test a >> fix for gccgo [1]. The linker cannot find reference to _Unwind_Resume which >> is >> defined in libgcc_eh.a and from the "gccgo -v" and "gccgo -dumpspecs" >> output, I >> found the issue was caused by libgcc_spec being patched by the said patch >> >> The patch was originally introduced for linaro-gcc 4.5 in 2011 commit >> 23e18c9 ("gcc-linaro: fix the libgcc spec to default to using the shared >> libgcc"). It should be not needed now as the libgcc_spec logic of since >> at least gcc 5.5.0 already takes that into account >> >> %{static|static-libgcc:-lgcc >> -lgcc_eh}%{!static:%{!static-libgcc:%{!shared-libgcc:-lgcc --as-needed >> -lgcc_s --no-as-needed}%{shared-libgcc:-lgcc_s%{!shared: -lgcc > Won't this link in libgcc by default unless -shared-libgcc is passed? > I think last time I looked into this, this caused some extra bloat to > creep into every single compiled binary. > Maybe you could compare binaries before and after this change to make > sure that is no longer the case. I just ran that test. With that patch applied, it seems that every single executable gets bigger by a considerable amount. - Felix ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [RFC] toolchain: gcc: drop 850-use_shared_libgcc.patch
On 2018-06-25 07:30, Yousong Zhou wrote: > A link error was encountered when invoking "gccgo -static hello.go" to test a > fix for gccgo [1]. The linker cannot find reference to _Unwind_Resume which > is > defined in libgcc_eh.a and from the "gccgo -v" and "gccgo -dumpspecs" output, > I > found the issue was caused by libgcc_spec being patched by the said patch > > The patch was originally introduced for linaro-gcc 4.5 in 2011 commit > 23e18c9 ("gcc-linaro: fix the libgcc spec to default to using the shared > libgcc"). It should be not needed now as the libgcc_spec logic of since > at least gcc 5.5.0 already takes that into account > > %{static|static-libgcc:-lgcc > -lgcc_eh}%{!static:%{!static-libgcc:%{!shared-libgcc:-lgcc --as-needed > -lgcc_s --no-as-needed}%{shared-libgcc:-lgcc_s%{!shared: -lgcc Won't this link in libgcc by default unless -shared-libgcc is passed? I think last time I looked into this, this caused some extra bloat to creep into every single compiled binary. Maybe you could compare binaries before and after this change to make sure that is no longer the case. - Felix ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH 1/3] toolchain/gcc: add GCC 8.1.0
On 2018-06-21 17:08, wong.syr...@gmail.com wrote: > From: Syrone Wong > > Changes compared to GCC 7.x > > 001-revert_register_mode_search.patch dropped > > The commit guards comparison via maybe_gt(), while > 001-revert_register_mode_search.patch simply ignore > "GET_MODE_SIZE (mode) > GET_MODE_SIZE (found_mode)", the powerpc issue might > be fixed, I'm not pretty sure. > > upstream commit: > https://github.com/gcc-mirror/gcc/commit/52acb7aee19f4bb33e76819907eff343bf4f42e8 I believe the actual fix is in this commit: https://github.com/gcc-mirror/gcc/commit/3fa2798aa887d141d86985240f03e2f3809e7e62 I believe the actual underlying issue is described at the end of https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58139 So ACK from me on removing 001-revert_register_mode_search.patch - Felix ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 3/3] ARM: dts: Add devicetree for Storlink/Storm SL93512R
The Storlink Gemini324 EV-Board also known as Storm Semiconductor SL93512R_BRD is ground zero for the Gemini devices. We add a device tree so we can support it, it turns out to be pretty trivial. Signed-off-by: Linus Walleij --- arch/arm/boot/dts/Makefile| 1 + arch/arm/boot/dts/gemini-sl93512r.dts | 325 ++ 2 files changed, 326 insertions(+) create mode 100644 arch/arm/boot/dts/gemini-sl93512r.dts diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile index 37a3de760d40..a10ef98c6d75 100644 --- a/arch/arm/boot/dts/Makefile +++ b/arch/arm/boot/dts/Makefile @@ -200,6 +200,7 @@ dtb-$(CONFIG_ARCH_GEMINI) += \ gemini-dlink-dns-313.dtb \ gemini-nas4220b.dtb \ gemini-rut1xx.dtb \ + gemini-sl93512r.dtb \ gemini-sq201.dtb \ gemini-wbd111.dtb \ gemini-wbd222.dtb diff --git a/arch/arm/boot/dts/gemini-sl93512r.dts b/arch/arm/boot/dts/gemini-sl93512r.dts new file mode 100644 index ..6160538bbb54 --- /dev/null +++ b/arch/arm/boot/dts/gemini-sl93512r.dts @@ -0,0 +1,325 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Device Tree file for the Storm Semiconductor SL93512R_BRD + * Gemini reference design, also initially called + * "Gemini324 EV-Board" before Storm acquired Storlink Semiconductor. + * The series were later acquired by Cortina Systems. + */ + +/dts-v1/; + +#include "gemini.dtsi" +#include + +/ { + model = "Storlink Semiconductor Gemini324 EV-Board / Storm Semiconductor SL93512R_BRD"; + compatible = "storlink,gemini324", "storm,sl93512r", "cortina,gemini"; + #address-cells = <1>; + #size-cells = <1>; + + memory@0 { + /* 64 MB Samsung K4H511638B */ + device_type = "memory"; + reg = <0x 0x400>; + }; + + chosen { + bootargs = "console=ttyS0,19200n8 root=/dev/sda1 rw rootwait"; + stdout-path = + }; + + gpio_keys { + compatible = "gpio-keys"; + + button-wps { + debounce-interval = <50>; + wakeup-source; + linux,code = ; + label = "WPS"; + /* Conflict with NAND flash */ + gpios = < 17 GPIO_ACTIVE_LOW>; + }; + + button-setup { + debounce-interval = <50>; + wakeup-source; + linux,code = ; + label = "factory reset"; + /* Conflict with NAND flash */ + gpios = < 18 GPIO_ACTIVE_LOW>; + }; + }; + + leds { + compatible = "gpio-leds"; + led-green-harddisk { + label = "sq201:green:harddisk"; + /* Conflict with LCD (no problem) */ + gpios = < 16 GPIO_ACTIVE_LOW>; + default-state = "off"; + linux,default-trigger = "disk-activity"; + }; + led-green-wireless { + label = "sq201:green:wireless"; + /* Conflict with NAND flash CE0 (no problem) */ + gpios = < 17 GPIO_ACTIVE_LOW>; + default-state = "on"; + linux,default-trigger = "heartbeat"; + }; + }; + + mdio0: ethernet-phy { + compatible = "virtual,mdio-gpio"; + /* Uses MDC and MDIO */ + gpios = < 22 GPIO_ACTIVE_HIGH>, /* MDC */ + < 21 GPIO_ACTIVE_HIGH>; /* MDIO */ + #address-cells = <1>; + #size-cells = <0>; + + /* This is a Marvell 88E ethernet transciever */ + phy0: ethernet-phy@1 { + reg = <1>; + device_type = "ethernet-phy"; + }; + }; + + spi { + compatible = "spi-gpio"; + #address-cells = <1>; + #size-cells = <0>; + /* Check pin collisions */ + gpio-sck = < 28 GPIO_ACTIVE_HIGH>; + gpio-miso = < 30 GPIO_ACTIVE_HIGH>; + gpio-mosi = < 29 GPIO_ACTIVE_HIGH>; + cs-gpios = < 31 GPIO_ACTIVE_HIGH>; + num-chipselects = <1>; + + switch@0 { + compatible = "vitesse,vsc7385"; + reg = <0>; + /* Specified for 2.5 MHz or below */ + spi-max-frequency = <250>; + gpio-controller; + #gpio-cells = <2>; + + ports { + #address-cells = <1>; + #size-cells = <0>; + + port@0 { + reg = <0>; +
[OpenWrt-Devel] [PATCH 2/3] ARM: dts: Att Vitesse G5e switch to the Gemini SQ201
This adds the Vitesse G5e ethernet switch to the Square One Itian SQ201 router device tree. Signed-off-by: Linus Walleij --- arch/arm/boot/dts/gemini-sq201.dts | 75 +- 1 file changed, 73 insertions(+), 2 deletions(-) diff --git a/arch/arm/boot/dts/gemini-sq201.dts b/arch/arm/boot/dts/gemini-sq201.dts index 2706b86e06f1..830c167012a0 100644 --- a/arch/arm/boot/dts/gemini-sq201.dts +++ b/arch/arm/boot/dts/gemini-sq201.dts @@ -20,7 +20,7 @@ }; chosen { - bootargs = "console=ttyS0,115200n8"; + bootargs = "console=ttyS0,115200n8 root=/dev/sda1 rw rootwait"; stdout-path = }; @@ -70,6 +70,61 @@ }; }; + spi { + compatible = "spi-gpio"; + #address-cells = <1>; + #size-cells = <0>; + /* Check pin collisions */ + gpio-sck = < 28 GPIO_ACTIVE_HIGH>; + gpio-miso = < 30 GPIO_ACTIVE_HIGH>; + gpio-mosi = < 29 GPIO_ACTIVE_HIGH>; + cs-gpios = < 31 GPIO_ACTIVE_HIGH>; + num-chipselects = <1>; + + switch@0 { + compatible = "vitesse,vsc7395"; + reg = <0>; + /* Specified for 2.5 MHz or below */ + spi-max-frequency = <250>; + gpio-controller; + #gpio-cells = <2>; + + ports { + #address-cells = <1>; + #size-cells = <0>; + + port@0 { + reg = <0>; + label = "lan1"; + }; + port@1 { + reg = <1>; + label = "lan2"; + }; + port@2 { + reg = <2>; + label = "lan3"; + }; + port@3 { + reg = <3>; + label = "lan4"; + }; + vsc: port@6 { + reg = <6>; + label = "cpu"; + ethernet = <>; + phy-mode = "rgmii"; + fixed-link { + speed = <1000>; + full-duplex; + pause; + }; + }; + }; + }; + }; + + soc { flash@3000 { /* @@ -135,6 +190,16 @@ "gpio0kgrp"; }; }; + /* +* gpio0dgrp cover lines used by the SPI +* to the Vitesse G5x chip. +*/ + gpio1_default_pins: pinctrl-gpio1 { + mux { + function = "gpio1"; + groups = "gpio1dgrp"; + }; + }; pinctrl-gmii { mux { function = "gmii"; @@ -205,6 +270,11 @@ pinctrl-0 = <_default_pins>; }; + gpio1: gpio@4e00 { + pinctrl-names = "default"; + pinctrl-0 = <_default_pins>; + }; + pci@5000 { status = "okay"; interrupt-map-mask = <0xf800 0 0 7>; @@ -235,7 +305,8 @@ phy-handle = <>; }; ethernet-port@1 { - /* Used for the Vitesse G5 chip, add later */ + phy-mode = "rgmii"; + phy-handle = <>; }; }; -- 2.17.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 1/3] ARM: dts: Add WAN ethernet port to the SQ201
This sets up the ethernet interface and PHY for the WAN ethernet port which uses a Marvell PHY. Signed-off-by: Linus Walleij --- arch/arm/boot/dts/gemini-sq201.dts | 85 ++ 1 file changed, 85 insertions(+) diff --git a/arch/arm/boot/dts/gemini-sq201.dts b/arch/arm/boot/dts/gemini-sq201.dts index e5cf9d1a98cd..2706b86e06f1 100644 --- a/arch/arm/boot/dts/gemini-sq201.dts +++ b/arch/arm/boot/dts/gemini-sq201.dts @@ -55,6 +55,21 @@ }; }; + mdio0: ethernet-phy { + compatible = "virtual,mdio-gpio"; + /* Uses MDC and MDIO */ + gpios = < 22 GPIO_ACTIVE_HIGH>, /* MDC */ + < 21 GPIO_ACTIVE_HIGH>; /* MDIO */ + #address-cells = <1>; + #size-cells = <0>; + + /* This is a Marvell 88E ethernet transciever */ + phy0: ethernet-phy@1 { + reg = <1>; + device_type = "ethernet-phy"; + }; + }; + soc { flash@3000 { /* @@ -108,6 +123,7 @@ /* * gpio0fgrp cover line 18 used by reset button * gpio0ggrp cover line 20 used by info LED +* gpio0hgrp cover line 21, 22 used by MDIO for Marvell PHY * gpio0kgrp cover line 31 used by USB LED */ gpio0_default_pins: pinctrl-gpio0 { @@ -115,9 +131,66 @@ function = "gpio0"; groups = "gpio0fgrp", "gpio0ggrp", + "gpio0hgrp", "gpio0kgrp"; }; }; + pinctrl-gmii { + mux { + function = "gmii"; + groups = "gmii_gmac0_grp", "gmii_gmac1_grp"; + }; + /* Settings come from memory dump in PLATO */ + conf0 { + pins = "V8 GMAC0 RXDV"; + skew-delay = <0>; + }; + conf1 { + pins = "Y7 GMAC0 RXC"; + skew-delay = <15>; + }; + conf2 { + pins = "T8 GMAC0 TXEN"; + skew-delay = <7>; + }; + conf3 { + pins = "U8 GMAC0 TXC"; + skew-delay = <10>; + }; + conf4 { + pins = "T10 GMAC1 RXDV"; + skew-delay = <7>; + }; + conf5 { + pins = "Y11 GMAC1 RXC"; + skew-delay = <8>; + }; + conf6 { + pins = "W11 GMAC1 TXEN"; + skew-delay = <7>; + }; + conf7 { + pins = "V11 GMAC1 TXC"; + skew-delay = <5>; + }; + conf8 { + /* The data lines all have default skew */ + pins = "W8 GMAC0 RXD0", "V9 GMAC0 RXD1", + "Y8 GMAC0 RXD2", "U9 GMAC0 RXD3", + "T7 GMAC0 TXD0", "U6 GMAC0 TXD1", + "V7 GMAC0 TXD2", "U7 GMAC0 TXD3", + "Y12 GMAC1 RXD0", "V12 GMAC1 RXD1", + "T11 GMAC1 RXD2", "W12 GMAC1 RXD3", + "U10 GMAC1 TXD0", "Y10
Re: [OpenWrt-Devel] uhttpd: add configurable client Cache-Control http header
Florian Eckert wrote: > I am working with luci-ng. And i have problems with caching > with the following Browser Edge, Internet-Explorer and Firefox. > Chrome is working fine. If the javascript or html files have > changed on the system for example on sysupgrade then the new > files will not get loaded from uhttpd server. The browsers > always used the cached version and not the new version from > uhttpd. > > To fix this tell the uhttpd to send the header Cache-Control > no-cache on file download. This header tells the browser to > always check if the file has changed on the server. If the file > has not changed then the server send a 302 status header. The > status header 302 tells the browser to load the file from the > browser cache because nothing has changed. On the other side if > the file has changed then the browser will deliver the new one. That _seems_ like an exceptionally big hammer. I just made all my code request js files with ?ver= version suffixes, so that only the right versions were cached. Cheers, Karl P signature.html Description: OpenPGP Digital Signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 1/2] services/uhttpd: add -o option for Cache-Control header no-cache
If uhttpd is started with the option -o then Cache-Control header is send with option no-cache to client. This option will instruct the client software (browser) do not cache the content. I have seen some problem with luci-ng with the Browsers Edge, IE and Firefox. They will not load the new files even the file content has changed. If I set this option then all browser will load the new file from uhttpd. This works with the Etag header feature. Signed-off-by: Florian Eckert --- ...ble-to-send-Cache-Control-header-no_cache.patch | 43 ++ 1 file changed, 43 insertions(+) create mode 100644 package/network/services/uhttpd/patches/0001-make-uhttpd-configurable-to-send-Cache-Control-header-no_cache.patch diff --git a/package/network/services/uhttpd/patches/0001-make-uhttpd-configurable-to-send-Cache-Control-header-no_cache.patch b/package/network/services/uhttpd/patches/0001-make-uhttpd-configurable-to-send-Cache-Control-header-no_cache.patch new file mode 100644 index 00..4c40abd2ac --- /dev/null +++ b/package/network/services/uhttpd/patches/0001-make-uhttpd-configurable-to-send-Cache-Control-header-no_cache.patch @@ -0,0 +1,43 @@ +--- a/file.c b/file.c +@@ -339,6 +339,8 @@ static void uh_file_response_ok_hdrs(str + ustream_printf(cl->us, "ETag: %s\r\n", uh_file_mktag(s, buf, sizeof(buf))); + ustream_printf(cl->us, "Last-Modified: %s\r\n", + uh_file_unix2date(s->st_mtime, buf, sizeof(buf))); ++ if(conf.no_cache) ++ ustream_printf(cl->us, "Cache-Control: %s\r\n", "no-cache"); + } + ustream_printf(cl->us, "Date: %s\r\n", + uh_file_unix2date(time(NULL), buf, sizeof(buf))); +--- a/main.c b/main.c +@@ -232,7 +232,7 @@ int main(int argc, char **argv) + init_defaults_pre(); + signal(SIGPIPE, SIG_IGN); + +- while ((ch = getopt(argc, argv, "A:aC:c:Dd:E:fh:H:I:i:K:k:L:l:m:N:n:p:qRr:Ss:T:t:U:u:Xx:y:")) != -1) { ++ while ((ch = getopt(argc, argv, "A:aC:c:Dd:E:fh:H:I:i:K:k:L:l:m:N:n:op:qRr:Ss:T:t:U:u:Xx:y:")) != -1) { + switch(ch) { + #ifdef HAVE_TLS + case 'C': +@@ -311,6 +311,10 @@ int main(int argc, char **argv) + conf.rfc1918_filter = 1; + break; + ++ case 'o': ++ conf.no_cache = 1; ++ break; ++ + case 'n': + conf.max_script_requests = atoi(optarg); + break; +--- a/uhttpd.h b/uhttpd.h +@@ -77,6 +77,7 @@ struct config { + int ubus_noauth; + int ubus_cors; + int cgi_prefix_len; ++ int no_cache; + struct list_head cgi_alias; + }; + -- 2.11.0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] uhttpd: add configurable client Cache-Control http header
I am working with luci-ng. And i have problems with caching with the following Browser Edge, Internet-Explorer and Firefox. Chrome is working fine. If the javascript or html files have changed on the system for example on sysupgrade then the new files will not get loaded from uhttpd server. The browsers always used the cached version and not the new version from uhttpd. To fix this tell the uhttpd to send the header Cache-Control no-cache on file download. This header tells the browser to always check if the file has changed on the server. If the file has not changed then the server send a 302 status header. The status header 302 tells the browser to load the file from the browser cache because nothing has changed. On the other side if the file has changed then the browser will deliver the new one. This makes following patches deprecated http://lists.infradead.org/pipermail/openwrt-devel/2018-July/013098.html http://lists.infradead.org/pipermail/openwrt-devel/2018-July/013097.html ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH 2/2] services/uhttpd: Make new uhttpd no_cache option configurable over uci
Make Cache-Control header no-cache configurable with uci. If the option is not specified (default) then the Cache-Control header no-cache is not send to the client. Signed-off-by: Florian Eckert --- package/network/services/uhttpd/files/uhttpd.init | 1 + 1 file changed, 1 insertion(+) diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init index 47270bcc15..aff24b5219 100755 --- a/package/network/services/uhttpd/files/uhttpd.init +++ b/package/network/services/uhttpd/files/uhttpd.init @@ -127,6 +127,7 @@ start_instance() append_bool "$cfg" no_symlinks "-S" 0 append_bool "$cfg" no_dirlists "-D" 0 append_bool "$cfg" rfc1918_filter "-R" 0 + append_bool "$cfg" no_cache "-o" 0 config_get alias_list "$cfg" alias for alias in $alias_list; do -- 2.11.0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] WDR4900v1 remove dt node for absent hw crypto.
The WDR4900v1 uses the P1040 SoC, so the device tree pulls in the definition for the related P1010 SoC. However, the P1040 lacks the CAAM/SEC4 hardware crypto accelerator which the P1010 device tree defines. If left defined, this causes the CAAM drivers (if present) to attempt to use the non-existent device, making various crypto-related operations (e.g. macsec and ipsec) fail. This commit overrides the incorrect dt node definition in the included file. See also: - https://bugs.openwrt.org/index.php?do=details_id=1262 - https://community.nxp.com/thread/338432#comment-474107 Signed-off-by: Tim Small --- .../files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts | 24 ++ 1 file changed, 24 insertions(+) diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts index c2444936b7..bde5eb9575 100644 --- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts +++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/tl-wdr4900-v1.dts @@ -236,3 +236,27 @@ }; /include/ "fsl/p1010si-post.dtsi" + +/* + * The TL-WDR4900 v1 uses the NXP (Freescale) P1014 SoC which is closely + * related to the P1010. + * + * NXP QP1010FS.pdf "QorIQ P1010 and P1014 Communications Processors" + * datasheet states that the P1014 does not include the accelerated crypto + * module (CAAM/SEC4) which is present in the P1010. + * + * NXP Appliation Note AN4938 Rev. 2 implies that some P1014 may contain the + * SEC4 module, but states that SoCs with System Version Register values + * 0x80F10110 or 0x80F10120 do not have the security feature. + * + * All v1.3 TL-WDR4900 tested have SVR == 0x80F10110 which AN4938 describes + * as: core rev 1.0, "P1014 (without security)". + * + * The SVR value is reported by uboot on the serial console. + */ + +/ { + soc: soc@ffe0 { + /delete-node/ crypto@3; /* Pulled in by p1010si-post */ + }; +}; -- 2.11.0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] Fix broken crypto ops on TP-Link TL-WDR4900 18.06-RC1
I hit unexplained errors when trying to use macsec on a TL-WDR4900v1 with 18.06-RC1, which I tracked down to an incorrect device tree definition for HW crypto acceleration which is missing on the TC-WDR4900v1. The following patch removes the incorrect device tree node. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] mediatek: Add support for the UniElec U7623-02
Hi Pavel, On Tue, Jul 3, 2018 at 8:20 PM, Pavel Ivanov wrote: > Hi, Kristian ! > In your instructions for the firmware U7623-02, you write about > repartitioning emmc (tftpboot $ {loadaddr} ). > Sorry, i do not understand where I should take the mbr file? You need to create the mbr yourself. I have attached the small script I use to create the mbr for my device. The only thing you need to do is to set SECTORS to the number of sectors on your device (the value in the script is correct for the 8GB eMMC). You might also want to change the location of OUTFILE, as the script creates a (temporary) file of the same size as the eMMC on your U7623. I tried to wrap my head around ptgen, so that the mbr can be created during the build, but I didn't quite manage to get the partitions aligned the way I want to. I will give it another go this week, so that we can remove, or at least simplify, this step :) BR, Kristian create_u7623_mbr.sh Description: application/shellscript ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] firewall3: make reject types selectable by user
On 07/04/2018 01:39 AM, Alin Năstac wrote: On Tue, Jul 3, 2018 at 11:32 PM Philip Prindeville wrote: On Jul 3, 2018, at 3:22 PM, Alin Năstac wrote: On Tue, Jul 3, 2018 at 6:39 PM Philip Prindeville wrote: Aren’t all inbound SYNs unsolicited by definition? Is there a danger of reflection attacks? Not all inbound SYNs are unsolicited. Take for instance active mode FTP transfers where the client resides on the LAN . In this case the FTP data connection is initiated from the WAN, but it is solicited by the FTP control connection initiated from the LAN. I don't think it matters that much what error code firewall returns for these unsolicited inbound SYNs, but this RFC makes adm-prohibitited code a must. I would have thought that dropping them would be better, since it avoids reflection attacks. Whether you want to silently drop or reject unauthorized connection attempts is a matter of local policy. Besides, in order for a reflection attack against your LAN to succeed, the source IP address of rejected packets must be part of the LAN prefix. This can be easily prevented, either by enabling rpfilter or just by adding a firewall rule when the LAN prefix is statically allocated (the usual IPv4 case). On Jul 2, 2018, at 9:29 AM, Alin Nastac wrote: From: Alin Nastac RFC 6092 recommends in section 3.3.1 that an IPv6 CPE must respond to unsolicited inbound SYNs with an ICMPv6 Destination Unreachable error code 1 (Communication with destination administratively prohibited). Signed-off-by: Alin Nastac --- defaults.c | 21 - options.h | 2 ++ 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/defaults.c b/defaults.c index 11fbf0d..6565ca2 100644 --- a/defaults.c +++ b/defaults.c @@ -41,6 +41,8 @@ const struct fw3_option fw3_flag_opts[] = { FW3_OPT("output", target, defaults, policy_output), FW3_OPT("drop_invalid",bool, defaults, drop_invalid), +FW3_OPT("tcp_reset_rejects", bool, defaults, tcp_reset_rejects), +FW3_OPT("admin_prohib_rejects",bool, defaults, admin_prohib_rejects), FW3_OPT("syn_flood", bool, defaults, syn_flood), FW3_OPT("synflood_protect",bool, defaults, syn_flood), @@ -113,6 +115,7 @@ fw3_load_defaults(struct fw3_state *state, struct uci_package *p) defs->syn_flood_rate.rate = 25; defs->syn_flood_rate.burst = 50; +defs->tcp_reset_rejects= true; defs->tcp_syncookies = true; defs->tcp_window_scaling = true; defs->custom_chains= true; @@ -276,14 +279,22 @@ fw3_print_default_head_rules(struct fw3_ipt_handle *handle, fw3_ipt_rule_append(r, "INPUT"); } -r = fw3_ipt_rule_create(handle, , NULL, NULL, NULL, NULL); -fw3_ipt_rule_target(r, "REJECT"); -fw3_ipt_rule_addarg(r, false, "--reject-with", "tcp-reset"); -fw3_ipt_rule_append(r, "reject"); +if (defs->tcp_reset_rejects) +{ +r = fw3_ipt_rule_create(handle, , NULL, NULL, NULL, NULL); +fw3_ipt_rule_target(r, "REJECT"); +fw3_ipt_rule_addarg(r, false, "--reject-with", "tcp-reset"); +fw3_ipt_rule_append(r, "reject"); +} r = fw3_ipt_rule_new(handle); fw3_ipt_rule_target(r, "REJECT"); -fw3_ipt_rule_addarg(r, false, "--reject-with", "port-unreach"); +fw3_ipt_rule_addarg(r, false, "--reject-with", +defs->admin_prohib_rejects ? +(handle->family == FW3_FAMILY_V6 ? +"adm-prohibited" : +"admin-prohib") : +"port-unreach"); fw3_ipt_rule_append(r, "reject"); break; diff --git a/options.h b/options.h index 08fecf6..e3ba99c 100644 --- a/options.h +++ b/options.h @@ -276,6 +276,8 @@ struct fw3_defaults enum fw3_flag policy_forward; bool drop_invalid; +bool tcp_reset_rejects; +bool admin_prohib_rejects; bool syn_flood; struct fw3_limit syn_flood_rate; -- 2.7.4 This could spawn a side topic: for all firewall block types would it be useful to have a two tier response that is easily configurable for each rule or as a global default. That is _overt_ rejection on the first counter per time, and then _covert_ drop after that for maybe 4x cool off period. An honest address (DNS zone update) error would quickly resolve itself while failing connections properly rather than longer time outs. An attack flood would not generate amplified noise. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel