Re: [PATCH] ramips: support TP-Link EAP615-Wall
On 29/01/2022 16:03, Sander Vanheule wrote: Hi Stijn, Thanks for the patch, been looking forward to this! On Fri, 2022-01-28 at 00:00 +0200, Stijn Tintel wrote: Add support for the TP-Link EAP615-Wall, an AX1800 Wall Plate WiFi 6 AP. The device is very similar to the TP-Link EAP235-Wall. Hardware: * SoC: MediaTek MT7621AT * RAM: 128MiB * Flash: 16MiB SPI-NOR * Ethernet: 4x GbE * Back: ETH0 (PoE-PD) * Bottom: ETH1, ETH2, ETH3 (PoE-PT) PT > passthrough * WiFi: MT7915E 2.4/5 GHz 2T2R * LEDS: 1x white * Buttons: 1x LED, 1x reset Stock firmware uses a random MAC address for ethernet. OpenWrt uses the MAC address that is on the device label for ethernet and the wireless interfaces. MAC address must not be incremented, as this will cause MAC address conflicts in case you have two devices with consecutive MAC addresses. Instead, different locally administered addresses will be generated automatically, based on the MAC on the label. Installation via stock firmware: * Enable SSH in the TP-Link web interface * SSH to the device * Run `cliclientd stopcs` * Upload the OpenWrt factory image via the TP-Link webinterface Installation via bootloader: * Solder TTL header. Pinout: 1: TX, 2: RX, 3: GND, 4: VCC, with pin 1 closest to ETH1. Baud rate 115200 * Interrupt boot process by holding a key during boot * Boot the OpenWrt initramfs: # tftpboot 0x8400 openwrt-ramips-mt7621-tplink_eap615-wall-v1-initramfs-kernel.bin # bootm * Copy openwrt-ramips-mt7621-tplink_eap615-wall-v1-squashfs-sysupgrade.bin to /tmp and use sysupgrade to install it Thanks to Sander Vanheule for his work on the EAP235-Wall, which made adding support for the EAP615-Wall very easy. Signed-off-by: Stijn Tintel --- .../dts/mt7621_tplink_eap615-wall-v1.dts | 250 ++ target/linux/ramips/image/mt7621.mk | 12 + .../mt7621/base-files/etc/board.d/02_network | 3 +- tools/firmware-utils/patches/999-eap615.patch | 55 4 files changed, 319 insertions(+), 1 deletion(-) create mode 100644 target/linux/ramips/dts/mt7621_tplink_eap615-wall-v1.dts create mode 100644 tools/firmware-utils/patches/999-eap615.patch diff --git a/target/linux/ramips/dts/mt7621_tplink_eap615-wall-v1.dts b/target/linux/ramips/dts/mt7621_tplink_eap615-wall-v1.dts new file mode 100644 index 00..fd5a68973b --- /dev/null +++ b/target/linux/ramips/dts/mt7621_tplink_eap615-wall-v1.dts @@ -0,0 +1,250 @@ +// SPDX-License-Identifier: GPL-2.0-or-later + +#include "mt7621.dtsi" + +#include +#include +#include + +/ { + compatible = "tplink,eap615-wall-v1", "mediatek,mt7621-soc"; + model = "TP-Link EAP615-Wall v1"; + + aliases { + label-mac-device = + led-boot = _status; + led-failsafe = _status; + led-running = _status; + led-upgrade = _status; + }; + + chosen { + bootargs = "console=ttyS0,115200"; + }; + + leds { + compatible = "gpio-leds"; + + led_status: status { + label = "white:status"; + color = ; + function = LED_FUNCTION_STATUS; + gpios = < 12 GPIO_ACTIVE_LOW>; + }; + }; + + keys { + compatible = "gpio-keys"; + + led { + label = "led"; + gpios = < 10 GPIO_ACTIVE_LOW>; + linux,code = ; + }; + + reset { + label = "reset"; + gpios = < 8 GPIO_ACTIVE_LOW>; + linux,code = ; + }; + }; + + gpio-export { + compatible = "gpio-export"; + + poe_passthrough { + gpio-export,name = "poe-passthrough"; + gpio-export,output = <0>; + gpios = < 7 GPIO_ACTIVE_HIGH>; + }; + }; + + ethernet@1e10 { + reg = <0x1e10 0xe000>; + + mac@0 { + phy-mode = "rgmii"; + + fixed-link { + pause; + speed = <1000>; + }; + }; + + mac@1 { + status = "okay"; + + phy-mode = "rgmii"; + + fixed-link { + full-duplex; + pause; + speed = <1000>; + }; + }; This node is labeled as "gmac1" in mt7621.dtsi, so you don't need to redefine /ethernet@1e10/mac@1 here to be able to modify the node. Use {...} like you do with spi0. You can also drop the references to ethernet@1e10 and mac@0, since you don't modify any of their properties. + }; + +}; + + { +
[PATCH] util-linux: package ipcs command
Add a package for util-linux' ipcs command, to show information about System V inter-process communication facilities. Signed-off-by: Stijn Tintel --- package/utils/util-linux/Makefile | 18 ++ 1 file changed, 18 insertions(+) diff --git a/package/utils/util-linux/Makefile b/package/utils/util-linux/Makefile index bf8a67f074..a093cca4ae 100644 --- a/package/utils/util-linux/Makefile +++ b/package/utils/util-linux/Makefile @@ -265,6 +265,18 @@ define Package/hwclock/description hwclock is a tool for accessing the Hardware Clock endef +define Package/ipcs +$(call Package/util-linux/Default) + TITLE:=show information on IPC facilities +endef + +define Package/ipcs/description + ipcs shows information on the inter-process communication facilities for + which the calling process has read access. By default it shows information + about all three resources: shared memory segments, message queues, and + semaphore arrays. +endef + define Package/logger $(call Package/util-linux/Default) TITLE:=a shell command interface to the syslog system log module @@ -689,6 +701,11 @@ define Package/hwclock/install $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/hwclock $(1)/usr/sbin/ endef +define Package/ipcs/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/ipcs $(1)/usr/bin/ +endef + define Package/logger/install $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/logger $(1)/usr/bin/util-linux-logger @@ -841,6 +858,7 @@ $(eval $(call BuildPackage,flock)) $(eval $(call BuildPackage,fstrim)) $(eval $(call BuildPackage,getopt)) $(eval $(call BuildPackage,hwclock)) +$(eval $(call BuildPackage,ipcs)) $(eval $(call BuildPackage,logger)) $(eval $(call BuildPackage,look)) $(eval $(call BuildPackage,losetup)) -- 2.34.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] ramips: support TP-Link EAP615-Wall
Hi Stijn, Thanks for the patch, been looking forward to this! On Fri, 2022-01-28 at 00:00 +0200, Stijn Tintel wrote: > Add support for the TP-Link EAP615-Wall, an AX1800 Wall Plate WiFi 6 AP. > The device is very similar to the TP-Link EAP235-Wall. > > Hardware: > * SoC: MediaTek MT7621AT > * RAM: 128MiB > * Flash: 16MiB SPI-NOR > * Ethernet: 4x GbE > * Back: ETH0 (PoE-PD) > * Bottom: ETH1, ETH2, ETH3 (PoE-PT) PT > passthrough > * WiFi: MT7915E 2.4/5 GHz 2T2R > * LEDS: 1x white > * Buttons: 1x LED, 1x reset > > Stock firmware uses a random MAC address for ethernet. OpenWrt uses the > MAC address that is on the device label for ethernet and the wireless > interfaces. MAC address must not be incremented, as this will cause MAC > address conflicts in case you have two devices with consecutive MAC > addresses. Instead, different locally administered addresses will be > generated automatically, based on the MAC on the label. > > Installation via stock firmware: > * Enable SSH in the TP-Link web interface > * SSH to the device > * Run `cliclientd stopcs` > * Upload the OpenWrt factory image via the TP-Link webinterface > > Installation via bootloader: > * Solder TTL header. Pinout: 1: TX, 2: RX, 3: GND, 4: VCC, with pin 1 > closest to ETH1. Baud rate 115200 > * Interrupt boot process by holding a key during boot > * Boot the OpenWrt initramfs: > # tftpboot 0x8400 > openwrt-ramips-mt7621-tplink_eap615-wall-v1-initramfs-kernel.bin > # bootm > * Copy openwrt-ramips-mt7621-tplink_eap615-wall-v1-squashfs-sysupgrade.bin > to /tmp and use sysupgrade to install it > > Thanks to Sander Vanheule for his work on the EAP235-Wall, which made > adding support for the EAP615-Wall very easy. > > Signed-off-by: Stijn Tintel > --- > .../dts/mt7621_tplink_eap615-wall-v1.dts | 250 ++ > target/linux/ramips/image/mt7621.mk | 12 + > .../mt7621/base-files/etc/board.d/02_network | 3 +- > tools/firmware-utils/patches/999-eap615.patch | 55 > 4 files changed, 319 insertions(+), 1 deletion(-) > create mode 100644 target/linux/ramips/dts/mt7621_tplink_eap615-wall-v1.dts > create mode 100644 tools/firmware-utils/patches/999-eap615.patch > > diff --git a/target/linux/ramips/dts/mt7621_tplink_eap615-wall-v1.dts > b/target/linux/ramips/dts/mt7621_tplink_eap615-wall-v1.dts > new file mode 100644 > index 00..fd5a68973b > --- /dev/null > +++ b/target/linux/ramips/dts/mt7621_tplink_eap615-wall-v1.dts > @@ -0,0 +1,250 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > + > +#include "mt7621.dtsi" > + > +#include > +#include > +#include > + > +/ { > + compatible = "tplink,eap615-wall-v1", "mediatek,mt7621-soc"; > + model = "TP-Link EAP615-Wall v1"; > + > + aliases { > + label-mac-device = > + led-boot = _status; > + led-failsafe = _status; > + led-running = _status; > + led-upgrade = _status; > + }; > + > + chosen { > + bootargs = "console=ttyS0,115200"; > + }; > + > + leds { > + compatible = "gpio-leds"; > + > + led_status: status { > + label = "white:status"; > + color = ; > + function = LED_FUNCTION_STATUS; > + gpios = < 12 GPIO_ACTIVE_LOW>; > + }; > + }; > + > + keys { > + compatible = "gpio-keys"; > + > + led { > + label = "led"; > + gpios = < 10 GPIO_ACTIVE_LOW>; > + linux,code = ; > + }; > + > + reset { > + label = "reset"; > + gpios = < 8 GPIO_ACTIVE_LOW>; > + linux,code = ; > + }; > + }; > + > + gpio-export { > + compatible = "gpio-export"; > + > + poe_passthrough { > + gpio-export,name = "poe-passthrough"; > + gpio-export,output = <0>; > + gpios = < 7 GPIO_ACTIVE_HIGH>; > + }; > + }; > + > + ethernet@1e10 { > + reg = <0x1e10 0xe000>; > + > + mac@0 { > + phy-mode = "rgmii"; > + > + fixed-link { > + pause; > + speed = <1000>; > + }; > + }; > + > + mac@1 { > + status = "okay"; > + > + phy-mode = "rgmii"; > + > + fixed-link { > + full-duplex; > + pause; > + speed = <1000>; > + }; > + }; This node is labeled as "gmac1" in mt7621.dtsi, so you don't need to redefine /ethernet@1e10/mac@1
Re: Re: Pre-install MiniUPnPd on OpenWrt by default
As a follow up I asked in a dev chat: Hi, Is there any process of deciding what to include into OpenWrt builds by default? I sent a letter to devlist "Pre-install MiniUPnPd on OpenWrt by default" but it seems not interesting in the context of devlist which is used mostly for patches. stokito: UPNP of any kind as default is a huge security attack surface stokito: miniupnpd is in the packages feed, and afaik we do not install things from the package feed by default stokito: even OEM's have learned to turn it off or not include it it is also unmaintained, yes but still miniupnpd is supported and all security issues was resolved years ago stokito: UPnP, in and of itself, is a *massive* security issue stokito: there is no such thing as "all security issues resolved years ago" UPNP itself *is* the security issue. The ability for any Application to open a port to the outside is ludicris ok, what about having just a NAT-PMP server which is much simpler and easier to audit? stokito: Any system which allows a device to request an external:internal port mapping without any end-user input is a HORRIBLE IDEA. If you understand enough about networking etc. to use UPnP and/or NAT-PMP "safely" (insofar as that's possible), then you are also capable of building a custom image, or just installing it yourself. it does not need to be, should not need to be, and probably will never be built in by default. stokito: But... You can use Imagebuilder if you don't want to build from source and include miniupnp in your builds stokito: You'll better understand what issues your network might face and can decide for yourself stokito: it's unlikely to happen, due to miniupnpd being in the packages feed, unmaintained, considered a major security risk, we prefer security over convenience, etc stokito: your best bet is to build a custom image with https://sysupgrade.openwrt.org/ I need it from a client point of view i.e. for my application that needs to open a port. The concerns about UPnP safety is a first thing that everybody have and I tried to answer on it here http://lists.openwrt.org/pipermail/openwrt-devel/2022-January/037721.html neggles: can it still do that with iptables/nftables rules ? stokito: like I said, it's unlikely to happen, build a custom image with https://sysupgrade.openwrt.org/ stokito: Why not just Port forward then or just install it yourself? Which is what UPnP does. if you want UPnP, just... install miniupnpd? if you really badly need it baked into the image, as stintel and myself and at least one other have already said in here, use sysupgrade.openwrt.org or the image builder to make a custom image if you are capable of installing and configuring OpenWrt, you are capable of installing and configuring a UPnP daemon Wait... What kind of Application are you making that you want to make UPnP a default in OpenWrt? Malware? Wormable Hello World? I mean... What? Gromish: I am building a p2p program with VoIP capabilities intended for not so experienced users. And I would like it to make it simple to use. That's why I'm interested in having a wider support of NAT-PMP. I wondered that OpenWrt doesn't have it out of the box and in fact this makes my current VoIP programs work slower. stokito: yeah, no, there's a reason why there are no p2p voip applications that anyone actually uses UPnP will not solve your problem you have forgotten about CG-NAT, for one Ok, thank you for your answers. You refined more to me stokito: VoIP is an absolute nightmare at the best of times; just having UPnP present on OpenWrt by default would not make a significant difference to this. even if it was preinstalled, it would *never* be enabled out of the box the other problem with have upnp by default is that at some point someone is going to hold us responsible for their network being hacked and while the licence says "no warranty" ... having to deal with such people is very very very demotivating so no, you're probably not going to convince many of us that including that by default is a good idea So even given that NAT-PMP would be safer than manual port forwarding and allows the use of safer and more reliable programs the OpenWrt is intended only for advanced users that at the same time don't want to use the Internet. Sergey, stokito.com ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel