[OpenWrt-Devel] Duplicate netifd protocol for l2tp
Hi, Two packages provide the proto l2tp netifd protocol: xl2tpd [1] in the new packages feed, and l2tpv3tun [2] in oldpackages. The config are totally different, the problem is really a name clash. What is the recommended way to deal with name clashes in netifd protocols, without breaking existing user configuration? In this case, using proto l2tpv2 for xl2tpd and proto l2tpv3 for l2tpv3tun would probably be the cleanest, but it would break configuration for anyone using one or the other :) Note that only the l2tpv3tun configuration is documented right now [3]. Thanks, Baptiste [1] https://github.com/openwrt/packages/tree/master/net/xl2tpd [2] http://git.openwrt.org/?p=packages.git;a=tree;f=net/l2tpv3tun [3] http://wiki.openwrt.org/doc/uci/network#protocol.l2tp.l2tp.pseudowire.tunnel pgp9hMf_Bzh2T.pgp Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [OpenWrt] #16348: ramips(HLKRM04) can't scan wifi ap. showed an error
Finally you do it succeed? 2014-07-19 15:54 GMT+08:00 OpenWrt openwrt-devel@lists.openwrt.org: #16348: ramips(HLKRM04) can't scan wifi ap. showed an error --+- Reporter: astankvai@… | Owner: Type: defect | Status: new Priority: high | Milestone: Barrier Breaker (trunk) Component: luci |Version: Trunk Resolution: | Keywords: wifi scan --+- Comment (by ericwong): Duplicate https://dev.openwrt.org/ticket/13171 -- Ticket URL: https://dev.openwrt.org/ticket/16348#comment:5 OpenWrt http://openwrt.org Opensource Wireless Router Technology ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [patch] [package] ca-certificates: create symbolic link for certificate hashes
From: Christian Schoenebeck christian.schoeneb...@gmail.com Date: Sat, 19 Jul 2014 11:14:01 +0200 Subject: ca-certificates: create symbolic link for certificate hashes Implementing add-cert.sh functionality discribed at http://wiki.openwrt.org/doc/howto/wget-ssl-certs into Makefile otherwise you need to create symbolic links for certificate hashes yourself. Signed-off-by: Christian Schoenebeck christian.schoeneb...@gmail.com --- package/system/ca-certificates/Makefile | 13 + 1 file changed, 13 insertions(+) diff --git a/package/system/ca-certificates/Makefile b/package/system/ca-certificates/Makefile index 7f38c86..534c38b 100644 --- a/package/system/ca-certificates/Makefile +++ b/package/system/ca-certificates/Makefile @@ -34,6 +34,19 @@ endef define Package/ca-certificates/install $(INSTALL_DIR) $(1)/etc/ssl/certs $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt $(1)/etc/ssl/certs/ + + OPENSSL=/usr/bin/openssl ; \ + CERTDIR=$(1)/etc/ssl/certs ; \ + if [ -f OPENSSL ]; then \ + for CERTFILE in (ls -1 CERTDIR); do \ + HASH=`OPENSSL x509 -hash -noout -in CERTDIR/CERTFILE` ; \ + SUFFIX=0 ; \ + while [ -h CERTDIR/HASH.SUFFIX ]; do \ + let SUFFIX += 1 ; \ + done ; \ + ln -s CERTFILE CERTDIR/HASH.SUFFIX ; \ + done ; \ + fi endef $(eval $(call BuildPackage,ca-certificates)) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Duplicate netifd protocol for l2tp
Hi Baptiste, thanks for the report. I renamed the xl2tpd netifd protocol to l2tpv2 and kept the l2tpv3 as l2tp as documented in the wiki. Cheers, Steven ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] lantiq xway: generate ramdisk image by default
The installation process on nand-based boards using ubi like the BTHOMEHUBV2B makes use of a ramdisk image, so it makes sense to generate this by default. Signed-off-by: Ben Mulvihill ben.mulvih...@gmail.com --- --- a/target/linux/lantiq/xway/target.mk2014-07-19 14:59:39.691201637 +0200 +++ b/target/linux/lantiq/xway/target.mk2014-07-19 12:40:06.101871732 +0200 @@ -1,7 +1,7 @@ ARCH:=mips SUBTARGET:=xway BOARDNAME:=XWAY -FEATURES:=squashfs atm mips16 nand ubifs +FEATURES:=squashfs atm mips16 nand ubifs ramdisk CPU_TYPE:=34kc CPU_SUBTYPE:=dsp ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] Native compile package options
Some of the packages, apache with DSO, clamav with memory performance options are easier to work with in the native compile arrangement. Is see the http://wiki.openwrt.org/doc/howto/obtain.firmware.sdk but that seems to be specific to one architecture. I'm working with the Raspberry BCM2708 platform. I'm wondering if I should run arch linux on a raspberry pi and then build openwrt native with packages that way? Or is there another way with QEMU emulating the raspberry boot into raspbian to then do native compile? Any help or direction would be much appreciated. Cheers Derek ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [BUG] NAND sysupgrade broke ubifs on Netgear WNDR3700v4/4300.
John, any update on this issue? i strongly believe that the hard-coded wndr4300 string somewhere in the source is the culprit of the problem since the wndr3700v4 board_detection is identified as wndr4300 thus the sysupgrade works for 4300 but not for 3700v4. Regards, -paul On Tue, 2014-06-24 at 23:15 +0200, John Crispin wrote: On 24/06/2014 22:43, Paul Blazejowski wrote: i get The uploaded image file does not contain a supported format. Make sure that you choose the generic image format for your platform. from web interface. this is what i have: -rw-r--r-- 1 diffie diffie 8919040 2014-06-24 15:58 bin/ar71xx/openwrt-ar71xx-nand-wndr3700v4-squashfs-sysupgrade.tar should i push it from shell using sysupgrade script? it will work from shell, i will look into why it fails via webui. thanks! On Tue, 2014-06-24 at 22:32 +0200, John Crispin wrote: On 24/06/2014 22:25, Paul Blazejowski wrote: Hi again, thanks for the tftp fix, flushing just became so much faster and easier. Tested trunk r41336 after your jffs2 fix and the image boots fine, restored my configuration changes, rebooted the router and all changes are saved now. I will post the working dmesg to the ticket at https://dev.openwrt.org/ticket/16840 but it is safe to say that you can close it ;-) now. Sysupgrade image(s) for 3700v4 and 4300 do not work now, guess this is next on the list... i tested 4300 and it works. you need to use the *-ubi-sysupgrade.tar file. Thank you, -paul On Tue, 2014-06-24 at 20:18 +0200, John Crispin wrote: On 24/06/2014 19:05, Paul Blazejowski wrote: John, Yes i use the reset with pin and from there i tftp the original firmware from netgear after that i go to the gui and upload the open-wrt image because the router will not accept the wndr3700v4 image (there's a cosmetic fix for that, i created a patch that someone from the forums has sent months ago to this list but it was never accepted...) https://dev.openwrt.org/ticket/16840 With that patch tftp'ing the openwrt-ar71xx-nand-wndr3700v4-ubi-factory.img works without need to flash the original firmware. If there's another method that can be used to flash the image(s) please let me know i would want to try any alternative ways of flashing and could learn a thing or two in the process as well ;-) Thank you, -paul Hi, i just pushed the V vs v fix and another fix that removes the jffs2 magic. i think this might have been the cause of the problems. please retry with current trunk and let me know if the problem is gone or still there John ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel signature.asc Description: This is a digitally signed message part ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH][packages] tinyproxy: no SysLog and no logging as non root user
From: Christian Schoenebeck christian.schoeneb...@gmail.com Date: Sat, 19 Jul 2014 21:31:04 +0200 Subject: [PATCH][packages] tinyproxy: no SysLog and no logging as non root user 1.) No SysLog possible because keyword misspelled In tinyproxy.conf and tinyproxy.config the parameter is correct spelled with small l 2.) No logging as non root user The default is that tinyproxy deamon run as nobody:nogroup, but they have no permission to /var/log/or any other location. So touch and change permission for logfile during startup Signed-off-by: Christian Schoenebeck christian.schoeneb...@gmail.com --- net/tinyproxy/files/tinyproxy.init | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/net/tinyproxy/files/tinyproxy.init b/net/tinyproxy/files/tinyproxy.init index be7234a..73f38c6 100644 --- a/net/tinyproxy/files/tinyproxy.init +++ b/net/tinyproxy/files/tinyproxy.init @@ -46,7 +46,7 @@ start_proxy() { proxy_string $1 StatFile $CFGFILE proxy_string $1 LogFile $CFGFILE - proxy_flag $1 SysLog $CFGFILE + proxy_flag $1 Syslog $CFGFILE proxy_atom $1 LogLevel $CFGFILE @@ -111,6 +111,10 @@ proxy_string() { config_get _value $SECTION $OPTION [ -z $_value ] _value=$DEFAULT [ -n $_value ] echo ${ALIAS:-${OPTION}} ''$_value'' + [ -n $_value -a $OPTION = LogFile ] { + touch $_value + chmod 666 $_value + } } proxy_flag() { ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [RFC] Fix VLAN on Atheros AR8327N
Commit 40842 reverted the fix for tagged+untagged VLANs on AR8327: https://dev.openwrt.org/changeset/40777 https://dev.openwrt.org/changeset/40842 According to jow, some people experienced some issues on older devices. Can anyone tell me what were those issues? Anyway, that patch modified some parts of the ar8216/ar8236, so I suppose any device with those switches were affected. However, I've modified the patch keeping the ar8216/ar8236 as much untouched as possible. Could anyone test it on those devices? BTW, this works for me on a TP-Link WDR4300 (ar8327). Signed-off-by: Saverio Proto ziopr...@gmail.com Signed-off-by: Álvaro Fernández nolt...@gmail.com --- diff --git a/target/linux/generic/files/drivers/net/phy/ar8216.c b/target/linux/generic/files/drivers/net/phy/ar8216.c index 3846159..9eae624 100644 --- a/target/linux/generic/files/drivers/net/phy/ar8216.c +++ b/target/linux/generic/files/drivers/net/phy/ar8216.c @@ -78,7 +78,7 @@ struct ar8xxx_chip { u32 (*read_port_status)(struct ar8xxx_priv *priv, int port); int (*atu_flush)(struct ar8xxx_priv *priv); void (*vtu_flush)(struct ar8xxx_priv *priv); - void (*vtu_load_vlan)(struct ar8xxx_priv *priv, u32 vid, u32 port_mask); + void (*vtu_load_vlan)(struct ar8xxx_priv *priv, u32 vlan); const struct ar8xxx_mib_desc *mib_decs; unsigned num_mibs; @@ -112,7 +112,12 @@ struct ar8327_led { enum ar8327_led_pattern pattern; }; +struct ar8216_data { + u8 vlan_tagged; +}; + struct ar8327_data { + u8 vlan_tagged[AR8X16_MAX_VLANS]; u32 port0_status; u32 port6_status; @@ -138,6 +143,7 @@ struct ar8xxx_priv { u8 chip_rev; const struct ar8xxx_chip *chip; union { + struct ar8216_data ar8216; struct ar8327_data ar8327; } chip_data; bool initialized; @@ -159,7 +165,6 @@ struct ar8xxx_priv { bool vlan; u16 vlan_id[AR8X16_MAX_VLANS]; u8 vlan_table[AR8X16_MAX_VLANS]; - u8 vlan_tagged; u16 pvid[AR8X16_MAX_PORTS]; /* mirroring */ @@ -641,7 +646,7 @@ ar8216_mangle_rx(struct net_device *dev, struct sk_buff *skb) port = buf[0] 0xf; /* no need to fix up packets coming from a tagged source */ - if (priv-vlan_tagged (1 port)) + if (priv-chip_data.ar8216.vlan_tagged BIT(port)) return; /* lookup port vid from local table, the switch passes an invalid vlan id */ @@ -695,10 +700,13 @@ ar8216_vtu_flush(struct ar8xxx_priv *priv) } static void -ar8216_vtu_load_vlan(struct ar8xxx_priv *priv, u32 vid, u32 port_mask) +ar8216_vtu_load_vlan(struct ar8xxx_priv *priv, u32 vlan) { u32 op; + u32 vid = priv-vlan_id[vlan]; + u32 port_mask = priv-vlan_table[vlan]; + op = AR8216_VTU_OP_LOAD | (vid AR8216_VTU_VID_S); ar8216_vtu_op(priv, op, port_mask); } @@ -1705,12 +1713,16 @@ ar8327_vtu_flush(struct ar8xxx_priv *priv) } static void -ar8327_vtu_load_vlan(struct ar8xxx_priv *priv, u32 vid, u32 port_mask) +ar8327_vtu_load_vlan(struct ar8xxx_priv *priv, u32 vlan) { u32 op; u32 val; int i; + u32 vid = priv-vlan_id[vlan]; + u32 port_mask = priv-vlan_table[vlan]; + u32 tagged = priv-chip_data.ar8327.vlan_tagged[vlan]; + op = AR8327_VTU_FUNC1_OP_LOAD | (vid AR8327_VTU_FUNC1_VID_S); val = AR8327_VTU_FUNC0_VALID | AR8327_VTU_FUNC0_IVL; for (i = 0; i AR8327_NUM_PORTS; i++) { @@ -1720,7 +1732,7 @@ ar8327_vtu_load_vlan(struct ar8xxx_priv *priv, u32 vid, u32 port_mask) mode = AR8327_VTU_FUNC0_EG_MODE_NOT; else if (priv-vlan == 0) mode = AR8327_VTU_FUNC0_EG_MODE_KEEP; - else if (priv-vlan_tagged BIT(i)) + else if (tagged BIT(i)) mode = AR8327_VTU_FUNC0_EG_MODE_TAG; else mode = AR8327_VTU_FUNC0_EG_MODE_UNTAG; @@ -1734,26 +1746,22 @@ static void ar8327_setup_port(struct ar8xxx_priv *priv, int port, u32 egress, u32 ingress, u32 members, u32 pvid) { - u32 t; - u32 mode; + u32 mode, t; + + if (priv-vlan) { + pvid = priv-vlan_id[priv-pvid[port]]; + mode = AR8327_PORT_VLAN1_OUT_MODE_UNMOD; + ingress = AR8216_IN_SECURE; + } else { + pvid = port; + mode = AR8327_PORT_VLAN1_OUT_MODE_UNTOUCH; + ingress = AR8216_IN_PORT_ONLY; + } t = pvid AR8327_PORT_VLAN0_DEF_SVID_S; t |= pvid AR8327_PORT_VLAN0_DEF_CVID_S; priv-write(priv, AR8327_REG_PORT_VLAN0(port), t); - mode = AR8327_PORT_VLAN1_OUT_MODE_UNMOD; - switch (egress) { - case AR8216_OUT_KEEP: - mode = AR8327_PORT_VLAN1_OUT_MODE_UNTOUCH; - break; - case AR8216_OUT_STRIP_VLAN: - mode =
Re: [OpenWrt-Devel] [BUG] NAND sysupgrade broke ubifs on Netgear WNDR3700v4/4300.
Hi, do a cat /tmp/sysinfo/* on the unit please ... John On 19/07/2014 20:52, Paul Blazejowski wrote: John, any update on this issue? i strongly believe that the hard-coded wndr4300 string somewhere in the source is the culprit of the problem since the wndr3700v4 board_detection is identified as wndr4300 thus the sysupgrade works for 4300 but not for 3700v4. Regards, -paul On Tue, 2014-06-24 at 23:15 +0200, John Crispin wrote: On 24/06/2014 22:43, Paul Blazejowski wrote: i get The uploaded image file does not contain a supported format. Make sure that you choose the generic image format for your platform. from web interface. this is what i have: -rw-r--r-- 1 diffie diffie 8919040 2014-06-24 15:58 bin/ar71xx/openwrt-ar71xx-nand-wndr3700v4-squashfs-sysupgrade.tar should i push it from shell using sysupgrade script? it will work from shell, i will look into why it fails via webui. thanks! On Tue, 2014-06-24 at 22:32 +0200, John Crispin wrote: On 24/06/2014 22:25, Paul Blazejowski wrote: Hi again, thanks for the tftp fix, flushing just became so much faster and easier. Tested trunk r41336 after your jffs2 fix and the image boots fine, restored my configuration changes, rebooted the router and all changes are saved now. I will post the working dmesg to the ticket at https://dev.openwrt.org/ticket/16840 but it is safe to say that you can close it ;-) now. Sysupgrade image(s) for 3700v4 and 4300 do not work now, guess this is next on the list... i tested 4300 and it works. you need to use the *-ubi-sysupgrade.tar file. Thank you, -paul On Tue, 2014-06-24 at 20:18 +0200, John Crispin wrote: On 24/06/2014 19:05, Paul Blazejowski wrote: John, Yes i use the reset with pin and from there i tftp the original firmware from netgear after that i go to the gui and upload the open-wrt image because the router will not accept the wndr3700v4 image (there's a cosmetic fix for that, i created a patch that someone from the forums has sent months ago to this list but it was never accepted...) https://dev.openwrt.org/ticket/16840 With that patch tftp'ing the openwrt-ar71xx-nand-wndr3700v4-ubi-factory.img works without need to flash the original firmware. If there's another method that can be used to flash the image(s) please let me know i would want to try any alternative ways of flashing and could learn a thing or two in the process as well ;-) Thank you, -paul Hi, i just pushed the V vs v fix and another fix that removes the jffs2 magic. i think this might have been the cause of the problems. please retry with current trunk and let me know if the problem is gone or still there John ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] OpenWRT IPv6 firewall
Hi, On Fri, Jul 18, 2014 at 04:08:02PM -0700, David Lang wrote: Yes, there will be some attacks that get through and start from the inside, but there are far fewer that get into my network than to get into the network of everyone I share an ISP with. I also don't want these random external users to be eating up my wireless bandwidth hammering uselessly against my devices, even if they will withstand the hammering. In that case, you should ask your *ISP* to install the filter - after all, you wouldn't want them to eat up your WAN bandwidth, no? go do a tcpdump of your WAN interface some time, look at all the attacks that are going on there (especially with an ISP that's not blocking it for you) I'm well aware of all the bullshit that is knocking on my doors all day. Point is, firewalls on the *routers* are not goint to help the laptop that moves around, attaches to a Wifi Hotspot, is hacked there, gets moved back behind your firewall, and starts hacking others from there. And it doesn't help the desktop PC that neglected to do any updates, gets infected by flash/pdf/word exploit, and starts scanning your network, behind the firewall. These things are all so commonplace that the firewall on the router adds dubious value - but at the same time, it breaks stuff. So if you have to decide about something that adds little positive but significant negative, why would you go for enabling it, except for we've done it that way for the last 20 years? And yes, I do agree that too many software and hardware vendors have no clue how to properly secure their systems. Will it help hide them behind a magic firewall, until they get hacked via proxy (there *will* be a hacked machine behind that firewall), or will it help more to expose them, *get* them hacked, raise a big fuzz in the press about, say, printer vendor XYZ being too stupid to get their firmware right, and get it actually *fixed*, instead of having a time bomb in your network? If nothing ever got compromised from network attacks, the malware wouldn't bother trying them. Serves get compromised from network attacks all day. Unfortunately, servers usually sit behind firewalls that permit just those ports that enable the attacks, like php based attack du jour or sip attacks on weak credentials, etc. To turn that argument around: why are bots mailing me infected documents, or trying to lure me into web sites that contain malware if network attacks are so successful? (But anyway - I already stated far upthread that this is one of the threads where people will not listen and stick to their religion anyway. So I should spend my time coding instead) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp3MtiaZYaXj.pgp Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] OpenWRT IPv6 firewall
David == David Lang da...@lang.hm writes: David go do a tcpdump of your WAN interface some time, look at all David the attacks that are going on there (especially with an ISP David that's not blocking it for you) Bear in mind, scanning an IPv6 network is a self-inflicted denial-of-service attack. The universe will end before you finish testing the addresses on *one* /64 network. If someone has your host's globally routable IPv6 address, e.g. from observing your traffic, that's a bit different. But otherwise, unless you advertise your ipv6 address, it's very unlikely anyone is going to guess it. -- Russell Senior, President russ...@personaltelco.net ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel